ngfcti-phishing-urls
Get phishing URLs from NGFCTI service.
ngfcti-phishing-urls [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [raw=t]
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use d(day), mon(month) time unit. For example,
1dmeans data from 1 day earlier. if not specified, the time is set based on 'from' - from=yyyyMMddHHmmss
- Start date of range. yyyyMMdd format. if not specified, it is set to current date.
- to=yyyyMMddHHmmss
- End date of range. yyyyMMdd format. if not specified, it is set to current date.
- raw=t
- If 't' is specified, output the JSON data to the
rawfield.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| tlp_name | String | TLP Name | e.g. green |
| url | String | Malware URL | |
| guid | String | GUID | |
| stix_id | String | STIX ID | |
| created | Date | Created | |
| updated | Date | Updated | |
| raw | String | Raw data | Only if raw=t |