Today I was in need for fun and so I started adding a new API call which allows to check if a domain is malicious or not. The check avoids to hit the database at all but just queries the search index. The results I got are quite surprising. Take a look at it considering that code 409 means ‘Object already exists’ while code 410 means ‘Object does not exist’.
Let’s start with a benign domain not tracked by TIP.
buffer@alnitak ~ $ time wget http://xxxx.xxxx.xx/api/check/domain/test@@it/
HTTP request sent, awaiting response… 410 GONE
2010-07-22 17:46:58 ERROR 410: GONE.
real 0m0.017s
user 0m0.001s
sys 0m0.001s
Now let’s move to a malicious domain tracked by TIP.
buffer@alnitak ~ $ time wget http://xxxx.xxxx.xx/api/check/domain/hazelpay@@ru/
HTTP request sent, awaiting response… 409 CONFLICT
2010-07-22 17:47:07 ERROR 409: CONFLICT.
real 0m0.022s
user 0m0.000s
sys 0m0.002s