From a2deddd20ad38c61b591b9c7a4fbb33c071e27c2 Mon Sep 17 00:00:00 2001
From: gethvi <gethvi@tauri.one>
Date: Thu, 14 Dec 2023 15:47:54 +0100
Subject: [PATCH] FIX: Removes discontinued feeds and bots.

---
 CHANGELOG.md                                  |   3 +
 docs/user/feeds.md                            | 161 ----
 intelmq/bots/parsers/netlab_360/__init__.py   |   0
 intelmq/bots/parsers/netlab_360/parser.py     |  70 --
 intelmq/bots/parsers/sucuri/__init__.py       |   0
 intelmq/bots/parsers/sucuri/parser.py         |  71 --
 intelmq/bots/parsers/webinspektor/__init__.py |   0
 intelmq/bots/parsers/webinspektor/parser.py   |  60 --
 intelmq/etc/feeds.yaml                        |  91 ---
 intelmq/lib/upgrades.py                       |  56 +-
 .../tests/bots/parsers/netlab_360/__init__.py |   0
 intelmq/tests/bots/parsers/netlab_360/dga.txt |   9 -
 .../bots/parsers/netlab_360/dga.txt.license   |   2 -
 .../tests/bots/parsers/netlab_360/hajime.txt  |   1 -
 .../parsers/netlab_360/hajime.txt.license     |   2 -
 .../bots/parsers/netlab_360/magnitude.txt     |   4 -
 .../parsers/netlab_360/magnitude.txt.license  |   2 -
 .../tests/bots/parsers/netlab_360/mirai.txt   |   1 -
 .../bots/parsers/netlab_360/mirai.txt.license |   2 -
 .../bots/parsers/netlab_360/test_parser.py    | 148 ----
 intelmq/tests/bots/parsers/sucuri/__init__.py |   0
 .../bots/parsers/sucuri/test_sucuri.data      | 764 ------------------
 .../parsers/sucuri/test_sucuri.data.license   |   2 -
 .../tests/bots/parsers/sucuri/test_sucuri.py  |  66 --
 .../bots/parsers/webinspektor/__init__.py     |   0
 .../webinspektor/test_webinspektor.data       | 582 -------------
 .../test_webinspektor.data.license            |   2 -
 .../parsers/webinspektor/test_webinspektor.py |  69 --
 intelmq/tests/lib/test_upgrades.py            |  29 +
 29 files changed, 87 insertions(+), 2110 deletions(-)
 delete mode 100644 intelmq/bots/parsers/netlab_360/__init__.py
 delete mode 100644 intelmq/bots/parsers/netlab_360/parser.py
 delete mode 100644 intelmq/bots/parsers/sucuri/__init__.py
 delete mode 100644 intelmq/bots/parsers/sucuri/parser.py
 delete mode 100644 intelmq/bots/parsers/webinspektor/__init__.py
 delete mode 100644 intelmq/bots/parsers/webinspektor/parser.py
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/__init__.py
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/dga.txt
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/dga.txt.license
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/hajime.txt
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/hajime.txt.license
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/magnitude.txt
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/magnitude.txt.license
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/mirai.txt
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/mirai.txt.license
 delete mode 100644 intelmq/tests/bots/parsers/netlab_360/test_parser.py
 delete mode 100644 intelmq/tests/bots/parsers/sucuri/__init__.py
 delete mode 100644 intelmq/tests/bots/parsers/sucuri/test_sucuri.data
 delete mode 100644 intelmq/tests/bots/parsers/sucuri/test_sucuri.data.license
 delete mode 100644 intelmq/tests/bots/parsers/sucuri/test_sucuri.py
 delete mode 100644 intelmq/tests/bots/parsers/webinspektor/__init__.py
 delete mode 100644 intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data
 delete mode 100644 intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data.license
 delete mode 100644 intelmq/tests/bots/parsers/webinspektor/test_webinspektor.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38a140f6e..9eea08993 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -63,6 +63,9 @@
   - Minor fixes/improvements and some refactoring (see also above: *Core*...).
 
 #### Parsers
+  - `intelmq.bots.parsers.netlab_360.parser`: Removed as the feed is discontinued. (#2442 by Filip Pokorný)
+  - `intelmq.bots.parsers.webinspektor.parser`: Removed as the feed is discontinued. (#2442 by Filip Pokorný)
+  - `intelmq.bots.parsers.sucuri.parser`: Removed as the feed is discontinued. (#2442 by Filip Pokorný)
 
 #### Experts
 - `intelmq.bots.experts.jinja` (PR#2417 by Mikk Margus Möll):
diff --git a/docs/user/feeds.md b/docs/user/feeds.md
index 8224336d8..06c67fb46 100644
--- a/docs/user/feeds.md
+++ b/docs/user/feeds.md
@@ -1899,101 +1899,6 @@ module: intelmq.bots.parsers.microsoft.parser_ctip
 ---
 
 
-## Netlab 360
-
-### DGA
-
-This feed lists DGA family, Domain, Start and end of valid time(UTC) of a number of DGA families.
-
-**Public:** yes
-
-**Revision:** 2018-01-20
-
-**Documentation:** <http://data.netlab.360.com/dga>
-
-
-**Collector configuration**
-
-```yaml
-module: intelmq.bots.collectors.http.collector_http
-parameters:
-  http_url: http://data.netlab.360.com/feeds/dga/dga.txt
-  name: DGA
-  provider: Netlab 360
-  rate_limit: 3600
-```
-
-**Parser configuration**
-
-```yaml
-module: intelmq.bots.parsers.netlab_360.parser
-```
-
----
-
-
-### Hajime Scanner
-
-This feed lists IP address for know Hajime bots network. These IPs data are obtained by joining the DHT network and interacting with the Hajime node
-
-**Public:** yes
-
-**Revision:** 2019-08-01
-
-**Documentation:** <https://data.netlab.360.com/hajime/>
-
-
-**Collector configuration**
-
-```yaml
-module: intelmq.bots.collectors.http.collector_http
-parameters:
-  http_url: https://data.netlab.360.com/feeds/hajime-scanner/bot.list
-  name: Hajime Scanner
-  provider: Netlab 360
-  rate_limit: 3600
-```
-
-**Parser configuration**
-
-```yaml
-module: intelmq.bots.parsers.netlab_360.parser
-```
-
----
-
-
-### Magnitude EK
-
-This feed lists FQDN and possibly the URL used by Magnitude Exploit Kit. Information also includes the IP address used for the domain and last time seen.
-
-**Public:** yes
-
-**Revision:** 2018-01-20
-
-**Documentation:** <http://data.netlab.360.com/ek>
-
-
-**Collector configuration**
-
-```yaml
-module: intelmq.bots.collectors.http.collector_http
-parameters:
-  http_url: http://data.netlab.360.com/feeds/ek/magnitude.txt
-  name: Magnitude EK
-  provider: Netlab 360
-  rate_limit: 3600
-```
-
-**Parser configuration**
-
-```yaml
-module: intelmq.bots.parsers.netlab_360.parser
-```
-
----
-
-
 ## OpenPhish
 
 ### Premium Feed
@@ -2495,41 +2400,6 @@ module: intelmq.bots.parsers.github_feed
 ---
 
 
-## Sucuri
-
-### Hidden IFrames
-
-Latest hidden iframes identified on compromised web sites.
-
-**Public:** yes
-
-**Revision:** 2018-01-28
-
-**Documentation:** <http://labs.sucuri.net/?malware>
-
-**Additional Information:** Please note that the parser only extracts the hidden iframes  and the conditional redirects, not the encoded javascript.
-
-
-**Collector configuration**
-
-```yaml
-module: intelmq.bots.collectors.http.collector_http
-parameters:
-  http_url: http://labs.sucuri.net/?malware
-  name: Hidden IFrames
-  provider: Sucuri
-  rate_limit: 86400
-```
-
-**Parser configuration**
-
-```yaml
-module: intelmq.bots.parsers.sucuri.parser
-```
-
----
-
-
 ## Surbl
 
 ### Malicious Domains
@@ -2917,37 +2787,6 @@ parameters:
 ---
 
 
-## WebInspektor
-
-### Unsafe sites
-
-Latest detected unsafe sites.
-
-**Public:** yes
-
-**Revision:** 2018-03-09
-
-
-**Collector configuration**
-
-```yaml
-module: intelmq.bots.collectors.http.collector_http
-parameters:
-  http_url: https://app.webinspector.com/public/recent_detections/
-  name: Unsafe sites
-  provider: WebInspektor
-  rate_limit: 60
-```
-
-**Parser configuration**
-
-```yaml
-module: intelmq.bots.parsers.webinspektor.parser
-```
-
----
-
-
 ## ZoneH
 
 ### Defacements
diff --git a/intelmq/bots/parsers/netlab_360/__init__.py b/intelmq/bots/parsers/netlab_360/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/bots/parsers/netlab_360/parser.py b/intelmq/bots/parsers/netlab_360/parser.py
deleted file mode 100644
index 04017e942..000000000
--- a/intelmq/bots/parsers/netlab_360/parser.py
+++ /dev/null
@@ -1,70 +0,0 @@
-# SPDX-FileCopyrightText: 2016 jgedeon120
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-""" IntelMQ parser for Netlab 360 data feeds. """
-
-from intelmq.lib.bot import ParserBot
-from intelmq.lib.harmonization import DateTime
-
-
-class Netlab360ParserBot(ParserBot):
-    """Parse the Netlab 360 DGA, Hajime, Magnitude and Mirai feeds"""
-    DGA_FEED = {'http://data.netlab.360.com/feeds/dga/dga.txt',
-                'https://data.netlab.360.com/feeds/dga/dga.txt'}
-    MAGNITUDE_FEED = {'http://data.netlab.360.com/feeds/ek/magnitude.txt',
-                      'https://data.netlab.360.com/feeds/ek/magnitude.txt'}
-    MIRAI_SCANNER_FEED = {'http://data.netlab.360.com/feeds/mirai-scanner/scanner.list',
-                          'https://data.netlab.360.com/feeds/mirai-scanner/scanner.list'}
-    HAJIME_SCANNER_FEED = {'http://data.netlab.360.com/feeds/hajime-scanner/bot.list',
-                           'https://data.netlab.360.com/feeds/hajime-scanner/bot.list'}
-
-    def parse_line(self, line, report):
-        if line.startswith('#') or not line.strip():
-            self.tempdata.append(line)
-
-        else:
-            value = line.split('\t')
-            event = self.new_event(report)
-            event.add('classification.identifier', value[0].lower())
-            event.add('raw', line)
-
-            if report['feed.url'] in Netlab360ParserBot.DGA_FEED:
-                event.add('source.fqdn', value[1])
-                # DGA Feed format is
-                # DGA family, Domain, Start and end of valid time(UTC)
-
-                event.add('time.source', value[2] + ' UTC')
-                if event['time.source'] > event['time.observation']:
-                    event.change('time.source', event['time.observation'])
-                event.add('classification.type', 'c2-server')
-                event.add('event_description.url', 'http://data.netlab.360.com/dga')
-
-            elif report['feed.url'] in Netlab360ParserBot.MAGNITUDE_FEED:
-                event.add('time.source', DateTime.from_timestamp(int(value[1])))
-                event.add('source.ip', value[2])
-                # ignore ips as fqdns
-                event.add('source.fqdn', value[3], raise_failure=False)
-                if value[4] != 'N/A':
-                    event.add('source.url', value[4])
-                event.add('classification.type', 'exploit')
-                event.add('event_description.url', 'http://data.netlab.360.com/ek')
-            elif report['feed.url'] in Netlab360ParserBot.MIRAI_SCANNER_FEED:
-                event.add('time.source', value[0] + ' UTC')
-                event.add('source.ip', value[1].replace('sip=', ''))
-                event.add('destination.port', value[2].replace('dport=', ''))
-                event.add('classification.type', 'scanner')
-                event.add('classification.identifier', 'mirai', overwrite=True)
-            elif report['feed.url'] in Netlab360ParserBot.HAJIME_SCANNER_FEED:
-                event.add('time.source', value[0] + 'T00:00:00 UTC')
-                event.add('source.ip', value[1].replace('ip=', ''))
-                event.add('classification.type', 'scanner')
-                event.add('classification.identifier', 'hajime', overwrite=True)
-            else:
-                raise ValueError('Unknown data feed %s.' % report['feed.url'])
-
-            yield event
-
-
-BOT = Netlab360ParserBot
diff --git a/intelmq/bots/parsers/sucuri/__init__.py b/intelmq/bots/parsers/sucuri/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/bots/parsers/sucuri/parser.py b/intelmq/bots/parsers/sucuri/parser.py
deleted file mode 100644
index 2a2bae951..000000000
--- a/intelmq/bots/parsers/sucuri/parser.py
+++ /dev/null
@@ -1,71 +0,0 @@
-# SPDX-FileCopyrightText: 2018 dargen3
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-"""
-Only parses hidden iframes and conditional redirections, not Encoded javascript.
-"""
-import re
-from html.parser import HTMLParser
-
-from intelmq.lib import utils
-from intelmq.lib.bot import ParserBot
-
-
-class MyHTMLParser(HTMLParser):
-
-    lsData = ""
-
-    def handle_data(self, data):
-        self.lsData = data
-
-
-parser = MyHTMLParser()
-remove_comments = re.compile(r"<!--.*?-->", re.DOTALL)
-
-
-class SucuriParserBot(ParserBot):
-    """Parse the Sucuri Malware Hidden Iframes and Conditional redirections feeds"""
-    def process(self):
-        report = self.receive_message()
-        raw_report = utils.base64_decode(report["raw"])  # decoding
-        report_list = [row.strip() for row in raw_report.splitlines()]
-        index = 0
-        actual_line = report_list[index]
-        while parser.lsData != "Hidden iframes":  # displacement to target table
-            index += 1
-            actual_line = report_list[index]
-            parser.feed(actual_line)
-        while actual_line[:8] != "</tbody>":  # scrabing table data
-            index += 1
-            raw_actual_line = report_list[index]
-            actual_line = remove_comments.sub("", raw_actual_line).replace('&#46;', '.')
-            if actual_line[:2] == "<t":
-                event = self.new_event(report)  # making new event
-                parser.feed(actual_line)
-                event.add("source.url", parser.lsData)
-                event.add("classification.type", "blacklist")
-                event.add("classification.identifier", "hidden-iframe")
-                event.add("raw", raw_actual_line)
-                self.send_message(event)
-        while parser.lsData != "Conditional redirections":  # displacement to target table
-            index += 1
-            actual_line = report_list[index]
-            parser.feed(actual_line)
-        while actual_line[:8] != "</tbody>":  # scrabing table data
-            index += 1
-            raw_actual_line = report_list[index]
-            actual_line = remove_comments.sub("", raw_actual_line).replace('&#46;', '.')
-            if actual_line[:2] == "<t":
-                event = self.new_event(report)  # making new event
-                parser.feed(actual_line)
-                event.add("source.url", parser.lsData)
-                event.add("classification.type", "blacklist")
-                event.add("classification.identifier", "conditional-redirection")
-                event.add("raw", raw_actual_line)
-                self.send_message(event)
-        self.acknowledge_message()
-
-
-BOT = SucuriParserBot
diff --git a/intelmq/bots/parsers/webinspektor/__init__.py b/intelmq/bots/parsers/webinspektor/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/bots/parsers/webinspektor/parser.py b/intelmq/bots/parsers/webinspektor/parser.py
deleted file mode 100644
index 81f4ba038..000000000
--- a/intelmq/bots/parsers/webinspektor/parser.py
+++ /dev/null
@@ -1,60 +0,0 @@
-# SPDX-FileCopyrightText: 2018 dargen3
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-from html.parser import HTMLParser
-
-from intelmq.lib import utils
-from intelmq.lib.bot import ParserBot
-
-
-class MyHTMLParser(HTMLParser):
-
-    lsData = ""
-
-    def handle_data(self, data):
-        self.lsData = data
-
-    def handle_starttag(self, tag, attrs):
-        self.lsCSP = False  # boolean if attrs item is ('class', 'susp-row')
-        if attrs == [('class', 'susp-row')]:
-            self.lsCSP = True
-
-
-parser = MyHTMLParser()
-
-
-class WebinspektorParserBot(ParserBot):
-    """Parse the Web Inspektor"""
-    def process(self):
-        report = self.receive_message()
-        raw_report = utils.base64_decode(report["raw"])
-        report_list = [row.strip() for row in raw_report.splitlines()]
-        index = 0
-        while parser.lsData != "Details":
-            index += 1
-            parser.feed(report_list[index])
-        while report_list[index] != "</table>":
-            index += 1
-            parser.feed(report_list[index])
-            if parser.lsCSP:
-                index += 1
-                parser.feed(report_list[index])
-                event = self.new_event(report)
-                raw_url_line = report_list[index]
-                event.add("source.url", parser.lsData)
-                event.add("classification.type", "blacklist")
-                index += 1
-                parser.feed(report_list[index])
-                event.add("classification.identifier", parser.lsData)
-                event.add("classification.taxonomy", "other")
-                index += 1
-                parser.feed(report_list[index])
-                event.add("time.source", parser.lsData)
-                event.add("raw", raw_url_line + report_list[index])
-                self.send_message(event)
-        self.acknowledge_message()
-
-
-BOT = WebinspektorParserBot
diff --git a/intelmq/etc/feeds.yaml b/intelmq/etc/feeds.yaml
index f87c9509f..258e91c1f 100644
--- a/intelmq/etc/feeds.yaml
+++ b/intelmq/etc/feeds.yaml
@@ -29,42 +29,6 @@ providers:
       revision: 2022-11-15
       documentation: https://viriback.com/
       public: true
-  WebInspektor:
-    Unsafe sites:
-      description: Latest detected unsafe sites.
-      additional_information:
-      bots:
-        collector:
-          module: intelmq.bots.collectors.http.collector_http
-          parameters:
-            http_url: https://app.webinspector.com/public/recent_detections/
-            rate_limit: 60
-            name: __FEED__
-            provider: __PROVIDER__
-        parser:
-          module: intelmq.bots.parsers.webinspektor.parser
-          parameters:
-      revision: 2018-03-09
-      documentation:
-      public: true
-  Sucuri:
-    Hidden IFrames:
-      description: Latest hidden iframes identified on compromised web sites.
-      additional_information: Please note that the parser only extracts the hidden iframes  and the conditional redirects, not the encoded javascript.
-      bots:
-        collector:
-          module: intelmq.bots.collectors.http.collector_http
-          parameters:
-            http_url: http://labs.sucuri.net/?malware
-            rate_limit: 86400
-            name: __FEED__
-            provider: __PROVIDER__
-        parser:
-          module: intelmq.bots.parsers.sucuri.parser
-          parameters:
-      revision: 2018-01-28
-      documentation: http://labs.sucuri.net/?malware
-      public: true
   Surbl:
     Malicious Domains:
       description: Detected malicious domains. Note that you have to opened up Sponsored Datafeed Service (SDS) access to the SURBL data via rsync for your IP address.
@@ -170,61 +134,6 @@ providers:
       revision: 2018-02-06
       documentation: https://www.openphish.com/phishing_feeds.html
       public: false
-  Netlab 360:
-    Magnitude EK:
-      description: 'This feed lists FQDN and possibly the URL used by Magnitude Exploit
-        Kit. Information also includes the IP address used for the domain and last
-        time seen.'
-      additional_information:
-      bots:
-        collector:
-          module: intelmq.bots.collectors.http.collector_http
-          parameters:
-            http_url: http://data.netlab.360.com/feeds/ek/magnitude.txt
-            rate_limit: 3600
-            name: __FEED__
-            provider: __PROVIDER__
-        parser:
-          module: intelmq.bots.parsers.netlab_360.parser
-          parameters:
-      revision: 2018-01-20
-      documentation: http://data.netlab.360.com/ek
-      public: true
-    DGA:
-      description: 'This feed lists DGA family, Domain, Start and end of valid time(UTC)
-        of a number of DGA families.'
-      additional_information:
-      bots:
-        collector:
-          module: intelmq.bots.collectors.http.collector_http
-          parameters:
-            http_url: http://data.netlab.360.com/feeds/dga/dga.txt
-            rate_limit: 3600
-            name: __FEED__
-            provider: __PROVIDER__
-        parser:
-          module: intelmq.bots.parsers.netlab_360.parser
-          parameters:
-      revision: 2018-01-20
-      documentation: http://data.netlab.360.com/dga
-      public: true
-    Hajime Scanner:
-      description: 'This feed lists IP address for know Hajime bots network. These IPs data are obtained by joining the DHT network and interacting with the Hajime node'
-      additional_information:
-      bots:
-        collector:
-          module: intelmq.bots.collectors.http.collector_http
-          parameters:
-            http_url: https://data.netlab.360.com/feeds/hajime-scanner/bot.list
-            rate_limit: 3600
-            name: __FEED__
-            provider: __PROVIDER__
-        parser:
-          module: intelmq.bots.parsers.netlab_360.parser
-          parameters:
-      revision: 2019-08-01
-      documentation: https://data.netlab.360.com/hajime/
-      public: true
   Abuse.ch:
     Feodo Tracker:
       description: 'List of botnet Command & Control servers (C&Cs) tracked by Feodo Tracker, associated with Dridex and Emotet (aka Heodo).'
diff --git a/intelmq/lib/upgrades.py b/intelmq/lib/upgrades.py
index 7391e3c18..70b6a8de3 100644
--- a/intelmq/lib/upgrades.py
+++ b/intelmq/lib/upgrades.py
@@ -40,6 +40,7 @@
            'v310_shadowserver_feednames',
            'v320_update_turris_greylist_url',
            'v322_url_replacement',
+           'v322_removed_feeds_and_bots'
            ]
 
 
@@ -898,6 +899,59 @@ def v322_url_replacement(configuration, harmonization, dry_run, **kwargs):
     return changed, configuration, harmonization
 
 
+def v322_removed_feeds_and_bots(configuration, harmonization, dry_run, **kwargs):
+    """
+    Discontinued feeds and bots detection
+    """
+
+    messages = []
+    discontinued_bots = []
+
+    discontinued_bots_modules = [
+        "intelmq.bots.parsers.netlab_360.parser",
+        "intelmq.bots.parsers.webinspektor.parser",
+        "intelmq.bots.parsers.sucuri.parser"
+    ]
+
+    discontinued_feeds = []
+
+    discontinued_feeds_urls = [
+        'http://data.netlab.360.com/feeds/dga/dga.txt',
+        'https://data.netlab.360.com/feeds/dga/dga.txt',
+        'http://data.netlab.360.com/feeds/ek/magnitude.txt',
+        'https://data.netlab.360.com/feeds/ek/magnitude.txt',
+        'http://data.netlab.360.com/feeds/hajime-scanner/bot.list',
+        'https://data.netlab.360.com/feeds/hajime-scanner/bot.list',
+        'http://labs.sucuri.net/?malware',
+        'https://app.webinspector.com/public/recent_detections/'
+    ]
+
+    for bot_id, bot in configuration.items():
+
+        if bot_id == 'global':
+            continue
+
+        if bot["module"] in discontinued_bots_modules:
+            discontinued_bots.append(bot_id)
+
+        elif bot["module"] == "intelmq.bots.collectors.http.collector":
+            url: str = bot["parameters"].get("http_url", "")
+
+            if url in discontinued_feeds_urls:
+                discontinued_feeds.append(bot_id)
+
+    if discontinued_bots:
+        messages.append(f"Found discontinued bots: {', '.join(discontinued_bots)}")
+
+    if discontinued_feeds:
+        messages.append(f"Found discontinued feeds collected by bots: {', '.join(discontinued_feeds)}")
+
+    if messages:
+        messages.append("Remove the affected bots from the configuration.")
+
+    return '\n'.join(messages) if messages else None, configuration, harmonization
+
+
 UPGRADES = OrderedDict([
     ((1, 0, 0, 'dev7'), (v100_dev7_modify_syntax,)),
     ((1, 1, 0), (v110_shadowserver_feednames, v110_deprecations)),
@@ -924,7 +978,7 @@ def v322_url_replacement(configuration, harmonization, dry_run, **kwargs):
     ((3, 0, 2), ()),
     ((3, 1, 0), (v310_feed_changes, v310_shadowserver_feednames)),
     ((3, 2, 0), (v320_update_turris_greylist_url,)),
-    ((3, 2, 2), (v322_url_replacement, )),
+    ((3, 2, 2), (v322_url_replacement, v322_removed_feeds_and_bots)),
 ])
 
 ALWAYS = (harmonization,)
diff --git a/intelmq/tests/bots/parsers/netlab_360/__init__.py b/intelmq/tests/bots/parsers/netlab_360/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/tests/bots/parsers/netlab_360/dga.txt b/intelmq/tests/bots/parsers/netlab_360/dga.txt
deleted file mode 100644
index 77ad87fa1..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/dga.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-# DGA Domain List
-# The list contains four columns:
-#       DGA family, Domian, Start and end of valid time(UTC)
-#
-# Feed Provided By: netlab 360
-# netlab@360.cn
-
-suppobox	difficultdress.net	2016-11-12 11:58:56	2016-11-13 00:04:15
-foobar	example.com	2018-01-01 00:00:00	2030-05-04 00:08:08
diff --git a/intelmq/tests/bots/parsers/netlab_360/dga.txt.license b/intelmq/tests/bots/parsers/netlab_360/dga.txt.license
deleted file mode 100644
index 6dbb12384..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/dga.txt.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2016 jgedeon120
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/netlab_360/hajime.txt b/intelmq/tests/bots/parsers/netlab_360/hajime.txt
deleted file mode 100644
index d4391473c..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/hajime.txt
+++ /dev/null
@@ -1 +0,0 @@
-2017-09-11	ip=192.0.2.45
diff --git a/intelmq/tests/bots/parsers/netlab_360/hajime.txt.license b/intelmq/tests/bots/parsers/netlab_360/hajime.txt.license
deleted file mode 100644
index f8f131c2c..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/hajime.txt.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2019 Sebastian Wagner
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/netlab_360/magnitude.txt b/intelmq/tests/bots/parsers/netlab_360/magnitude.txt
deleted file mode 100644
index 819aef892..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/magnitude.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-# Feed Provided By: netlab 360
-# netlab@360.cn
-
-Magnitude	1478946665	178.32.227.12	3ebo08o4ct0f6n2336.insides.party	http://3ebo08o4ct0f6n2336.insides.party/d97cc5cfab47e305536690a9987115ac
diff --git a/intelmq/tests/bots/parsers/netlab_360/magnitude.txt.license b/intelmq/tests/bots/parsers/netlab_360/magnitude.txt.license
deleted file mode 100644
index 6dbb12384..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/magnitude.txt.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2016 jgedeon120
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/netlab_360/mirai.txt b/intelmq/tests/bots/parsers/netlab_360/mirai.txt
deleted file mode 100644
index a3300cdf8..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/mirai.txt
+++ /dev/null
@@ -1 +0,0 @@
-2016-08-01 12:46:01	sip=109.86.182.249	dport=23
diff --git a/intelmq/tests/bots/parsers/netlab_360/mirai.txt.license b/intelmq/tests/bots/parsers/netlab_360/mirai.txt.license
deleted file mode 100644
index 40a7f8c61..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/mirai.txt.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2017 navtej
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/netlab_360/test_parser.py b/intelmq/tests/bots/parsers/netlab_360/test_parser.py
deleted file mode 100644
index ad87f5675..000000000
--- a/intelmq/tests/bots/parsers/netlab_360/test_parser.py
+++ /dev/null
@@ -1,148 +0,0 @@
-# SPDX-FileCopyrightText: 2016 jgedeon120
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-
-import os
-import unittest
-
-import intelmq.lib.test as test
-import intelmq.lib.utils as utils
-
-from intelmq.bots.parsers.netlab_360.parser import Netlab360ParserBot
-
-with open(os.path.join(os.path.dirname(__file__), 'dga.txt')) as handle:
-    DGA_FILE = handle.read()
-
-with open(os.path.join(os.path.dirname(__file__), 'magnitude.txt')) as handle:
-    MAGNITUDE_FILE = handle.read()
-
-with open(os.path.join(os.path.dirname(__file__), 'mirai.txt')) as handle:
-    MIRAI_FILE = handle.read()
-
-with open(os.path.join(os.path.dirname(__file__), 'hajime.txt')) as handle:
-    HAJIME_FILE = handle.read()
-
-
-DGA_REPORT = {'feed.name': 'Netlab 360 DGA',
-              'feed.url': 'http://data.netlab.360.com/feeds/dga/dga.txt',
-              '__type': 'Report',
-              'time.observation': '2018-01-01T00:00:00+00:00',
-              'raw': utils.base64_encode(DGA_FILE),
-             }
-
-DGA_EVENT0 = {'feed.name': 'Netlab 360 DGA',
-              'feed.url': 'http://data.netlab.360.com/feeds/dga/dga.txt',
-              '__type': 'Event',
-              'time.observation': '2018-01-01T00:00:00+00:00',
-              #'time.source': '2016-11-13T00:04:15+00:00',
-              'time.source': '2016-11-12T11:58:56+00:00',
-              'source.fqdn': 'difficultdress.net',
-              'classification.type': 'c2-server',
-              'classification.identifier': 'suppobox',
-              'event_description.url': 'http://data.netlab.360.com/dga',
-              'raw': 'c3VwcG9ib3gJZGlmZmljdWx0ZHJlc3MubmV0CTIwMTYtMTEtMTIgMTE6NTg6NTYJMjAxNi0xMS0xMyAwMDowNDoxNQ==',
-             }
-DGA_EVENT1 = {'feed.name': 'Netlab 360 DGA',
-              'feed.url': 'http://data.netlab.360.com/feeds/dga/dga.txt',
-              '__type': 'Event',
-              'time.observation': '2018-01-01T00:00:00+00:00',
-              'time.source': '2018-01-01T00:00:00+00:00',
-              'source.fqdn': 'example.com',
-              'classification.type': 'c2-server',
-              'classification.identifier': 'foobar',
-              'event_description.url': 'http://data.netlab.360.com/dga',
-              'raw': 'Zm9vYmFyCWV4YW1wbGUuY29tCTIwMTgtMDEtMDEgMDA6MDA6MDAJMjAzMC0wNS0wNCAwMDowODowOA==',
-             }
-
-MAGNITUDE_REPORT = {'feed.name': 'Netlab 360 Magnitude',
-                    'feed.url': 'http://data.netlab.360.com/feeds/ek/magnitude.txt',
-                    '__type': 'Report',
-                    'time.observation': '2016-01-01T00:00:00+00:00',
-                    'raw': utils.base64_encode(MAGNITUDE_FILE)
-                   }
-
-MAGNITUDE_EVENTS = {'feed.name': 'Netlab 360 Magnitude',
-                    'feed.url': 'http://data.netlab.360.com/feeds/ek/magnitude.txt',
-                    '__type': 'Event',
-                    'time.observation': '2016-01-01T00:00:00+00:00',
-                    'time.source': '2016-11-12T10:31:05+00:00',
-                    'source.fqdn': '3ebo08o4ct0f6n2336.insides.party',
-                    'source.ip': '178.32.227.12',
-                    'source.url': 'http://3ebo08o4ct0f6n2336.insides.party/d97cc5cfab47e305536690a9987115ac',
-                    'classification.type': 'exploit',
-                    'classification.identifier': 'magnitude',
-                    'event_description.url': 'http://data.netlab.360.com/ek',
-                    'raw': 'TWFnbml0dWRlCTE0Nzg5NDY2NjUJMTc4LjMyLjIyNy4xMgkzZWJvMDhvNGN0MGY2bjIzMzYuaW5zaWRlcy5wYXJ0eQlodHRwOi8vM2VibzA4bzRjdDBmNm4yMzM2Lmluc2lkZXMucGFydHkvZDk3Y2M1Y2ZhYjQ3ZTMwNTUzNjY5MGE5OTg3MTE1YWM='
-                   }
-
-MIRAI_REPORT = {'feed.name': 'Netlab 360 Mirai Scanner',
-                    'feed.url': 'http://data.netlab.360.com/feeds/mirai-scanner/scanner.list',
-                    '__type': 'Report',
-                    'time.observation': '2016-01-01T00:00:00+00:00',
-                    'raw': utils.base64_encode(MIRAI_FILE)
-                   }
-
-MIRAI_EVENTS = {'feed.name': 'Netlab 360 Mirai Scanner',
-                    'feed.url': 'http://data.netlab.360.com/feeds/mirai-scanner/scanner.list',
-                    '__type': 'Event',
-                    'destination.port': 23,
-                    'time.observation': '2016-01-01T00:00:00+00:00',
-                    'time.source': '2016-08-01T12:46:01+00:00',
-                    'source.ip': '109.86.182.249',
-                    'classification.type': 'scanner',
-                    'classification.identifier': 'mirai',
-                    'raw': 'MjAxNi0wOC0wMSAxMjo0NjowMQlzaXA9MTA5Ljg2LjE4Mi4yNDkJZHBvcnQ9MjM=',
-                   }
-HAJIME_REPORT = {'feed.name': 'Netlab 360 Hajime Scanner',
-                 'feed.url': 'https://data.netlab.360.com/feeds/hajime-scanner/bot.list',
-                 '__type': 'Report',
-                 'time.observation': '2016-01-01T00:00:00+00:00',
-                 'raw': utils.base64_encode(HAJIME_FILE)
-                 }
-
-HAJIME_EVENTS = {'feed.name': 'Netlab 360 Hajime Scanner',
-                 'feed.url': 'https://data.netlab.360.com/feeds/hajime-scanner/bot.list',
-                 '__type': 'Event',
-                 'time.observation': '2016-01-01T00:00:00+00:00',
-                 'time.source': '2017-09-11T00:00:00+00:00',
-                 'source.ip': '192.0.2.45',
-                 'classification.type': 'scanner',
-                 'classification.identifier': 'hajime',
-                 'raw': 'MjAxNy0wOS0xMQlpcD0xOTIuMC4yLjQ1',
-                   }
-
-
-class TestNetlab360ParserBot(test.BotTestCase, unittest.TestCase):
-    """ A TestCase for Netlab360ParserBot with DGA and Magnitude feeds. """
-
-    @classmethod
-    def set_bot(cls):
-        cls.bot_reference = Netlab360ParserBot
-        cls.default_input_message = DGA_REPORT
-
-    def test_DGA(self):
-        self.run_bot()
-        self.assertMessageEqual(0, DGA_EVENT0)
-        # the time is in the future here
-        self.assertMessageEqual(1, DGA_EVENT1)
-
-    def test_magnitude(self):
-        self.input_message = MAGNITUDE_REPORT
-        self.run_bot()
-        self.assertMessageEqual(0, MAGNITUDE_EVENTS)
-
-    def test_mirai(self):
-        self.input_message = MIRAI_REPORT
-        self.run_bot()
-        self.assertMessageEqual(0, MIRAI_EVENTS)
-
-    def test_hajime(self):
-        self.input_message = HAJIME_REPORT
-        self.run_bot()
-        self.assertMessageEqual(0, HAJIME_EVENTS)
-
-
-if __name__ == '__main__':  # pragma: no cover
-    unittest.main()
diff --git a/intelmq/tests/bots/parsers/sucuri/__init__.py b/intelmq/tests/bots/parsers/sucuri/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/tests/bots/parsers/sucuri/test_sucuri.data b/intelmq/tests/bots/parsers/sucuri/test_sucuri.data
deleted file mode 100644
index eff8ae7f3..000000000
--- a/intelmq/tests/bots/parsers/sucuri/test_sucuri.data
+++ /dev/null
@@ -1,764 +0,0 @@
-<!DOCTYPE html>
-
-<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US" prefix="og: http://ogp.me/ns#">
-<head profile="http://gmpg.org/xfn/11">
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Sucuri Research - Website Monitoring, Recovery and Protection</title>
-    <meta name="description" content="Protect your website from hackers with our Website Firewall (WAF) or clean your site with our Website AntiVirus including website malware and blacklist removal." />
-    <meta name="keywords" content="website security, malware removal, hack removal, ddos protection, website protection, WordPress hacked, joomla hacked, hack recover, sucuri, securi, waf, WordPress security" />
-    <meta name="robots" content="noodp,noydir" />
-
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <link rel="canonical" href="https://sucuri.net/" />
-
-    <link rel="stylesheet" href="//sucuri.net/style.css?v=20151105" type="text/css" />
-    <link rel="stylesheet" href="/labs.css?v=20151105" type="text/css" />
-    <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.6.2/css/font-awesome.min.css" type="text/css" />
-
-    <link rel='stylesheet' id='googleFonts-css' href='//fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic&#038;ver=3.9.1' type='text/css' media='all' />
-
-    <script type='text/javascript' src='//sucuri.net/js/jquery-1.11.3.min.js'></script>
-
-    <link rel="Shortcut Icon" href="https://sucuri.net/favicon.ico" type="image/x-icon" />
-    
-        <link rel="alternate home" type="application/atom+xml" title="Sucuri Research Labs Atom feed" href="/?notes&rss=atom" />
-    <link rel="alternate home" type="application/rss+xml" title="Sucuri Research Labs RSS 2.0 feed" href="/?notes&rss=rss2"/>
-    <link rel="alternate home" type="application/rss+xml" title="Sucuri Research Labs RSS 1.0 feed" href="/?notes&rss=rss1"/>
-    
-    <meta name="twitter:card" content="summary" />
-    <meta name="twitter:site" content="@sucurilabs" />
-    <meta property="fb:admins" content="106976436017527" />
-    <meta property="fb:app_id" content="129097357114488" />
-    <meta name="twitter:url" property="og:url" content="https://sucuri.net" />
-    <meta name="twitter:title" property="og:title" content="Sucuri Security" />
-    <meta name="twitter:description" property="og:description" content="Protect your website from hackers with our Website Firewall (WAF) or clean your site with our Website AntiVirus including website malware and blacklist removal." />
-    <meta name="twitter:image" property="og:image" content="http://labs.sucuri.net/images/LabsBlogPost_Twitter.jpg" />
-    <meta property="og:site_name" content="Sucuri Security" />
-    <meta property="og:type" content="website" />
-    <meta property="og:locale" content="en_us" />
-
-	<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8">
-
-  <!-- start Mixpanel -->
-<script type="text/javascript">
-(function(f,b){if(!b.__SV){var a,e,i,g;window.mixpanel=b;b._i=[];b.init=function(a,e,d){function f(b,h){var a=h.split(".");2==a.length&&(b=b[a[0]],h=a[1]);b[h]=function(){b.push([h].concat(Array.prototype.slice.call(arguments,0)))}}var c=b;"undefined"!==typeof d?c=b[d]=[]:d="mixpanel";c.people=c.people||[];c.toString=function(b){var a="mixpanel";"mixpanel"!==d&&(a+="."+d);b||(a+=" (stub)");return a};c.people.toString=function(){return c.toString(1)+".people (stub)"};i="disable track track_pageview track_links track_forms register register_once alias unregister identify name_tag set_config people.set people.set_once people.increment people.append people.track_charge people.clear_charges people.delete_user".split(" ");
-for(g=0;g<i.length;g++)f(c,i[g]);b._i.push([a,e,d])};b.__SV=1.2;a=f.createElement("script");a.type="text/javascript";a.async=!0;a.src="//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js";e=f.getElementsByTagName("script")[0];e.parentNode.insertBefore(a,e)}})(document,window.mixpanel||[]);
-mixpanel.init("c59343135653bd9019d29f1db79e348b");
-</script>
-<!-- end Mixpanel -->
-  <script>
-     (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-     (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-      m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-     })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
-
-     ga('create', 'UA-4077922-18', 'auto');
-     ga('require', 'linker');
-     ga('linker:autoLink', ['ddecode.com', 'unmaskparasites.com', 'urlfind.org']);
-     ga('send', 'pageview');
-  </script>
-  </head>
-
-
-<body class="page page-template-default header-image sidebar-content">
-        <div id="header">
-    <div class="container">
-      <div class="row">
-
-                <i id="toggle-main-menu-mobile"></i>
-        <!-- <i id="toggle-user-menu-mobile"></i> -->
-
-        <div class="c-lg-2 sucuri-logo">
-          <a href="https://sucuri.net/" title="Sucuri Security" class="mp-sucuri-logo"></a>
-                </div>
-
-        <div id="mp-top-nav" class="top-nav-wrapper">
-          <div class="c-lg-3 nav-bar pro-sol">
-            <ul class="nav">
-              <li class="dropdown">
-                <a href="https://sucuri.net/website-antivirus/signup" class="mp-products-button">Products</a>
-                <div class="inner-nav-bar prod">
-                        <i class="pointer"></i>
-                        <ul>
-                          <li>
-                      <a href="https://sucuri.net/website-antivirus/" class="mp-website-antivirus">Website AntiVirus</a>
-                          </li>
-                          <li>
-                      <a class="right-firewall-malwareprevention mp-website-firewall" href="https://sucuri.net/website-firewall">Website Firewall </a>
-                          </li>
-                          <li>
-                      <a class="right-antivirus-cleanup  mp-website-enterprise" href="https://sucuri.net/custom/enterprise/">Enterprise Solutions</a>
-                          </li>
-                          <li>
-                      <a class="right-antivirus-cleanup  mp-website-agency" href="https://sucuri.net/custom/agency/">Agency Solutions</a>
-                          </li>
-                        </ul>
-                      </div>
-              </li>
-              <li class="dropdown">
-                <a href="https://sucuri.net/website-antivirus/signup" class="mp-solutions-button">Solutions</a>
-                <div class="inner-nav-bar sol">
-                          <i class="pointer"></i>
-                          <ul>
-                            <li>
-                      <a href="https://sucuri.net/website-antivirus/malware-removal" class="mp-clean-hacks">Clean Hacks</a>
-                            </li>
-                            <li>
-                      <a href="https://sucuri.net/website-antivirus/blacklist-removal-and-repair" class="mp-remove-blacklist">Remove Blacklist</a>
-                            </li>
-                            <li>
-                      <a href="https://sucuri.net/website-firewall/stop-website-attacks-and-hacks" class="mp-stop-hacks">Stop Hack Attempts</a>
-                            </li>
-                            <li>
-                      <a href="https://sucuri.net/website-firewall/ddos-protection" class="mp-stop-ddos">Stop DDoS Attack</a>
-                            </li>
-                    <li>
-                      <a href="https://sucuri.net/website-antivirus/" class="mp-complete-security">Complete Security</a>
-                    </li>
-                          </ul>
-                        </div>
-              </li>
-            </ul>
-                    </div>
-
-          <div class="c-lg-3 nav-bar ua-lg">
-            <ul class="nav">
-              <li class="dropdown">
-                <a href="#" class="mp-under-attack-button u-attack">Under Attack?</a>
-                <div class="inner-nav-bar ua">
-                            <i class="pointer"></i>
-                  <a class="mp-under-attack-malware-removal" href="https://sucuri.net/website-security/malware-removal">
-                    <p class="lead">Clean Hacked Site</p>
-                    <p>My site has malware, is Blacklisted or Hacked</p>
-                  </a>
-                  <a class="mp-under-attack-ddos-protection" href="https://sucuri.net/website-security/ddos-protection">
-                    <p class="lead">Protect My Site</p>
-                    <p>My site is under Attack (ie: DDoS, Brute force)</p>
-                  </a>
-                </div>
-                                    </li>
-              <li class="dropdown"><a href="https://dashboard.sucuri.net/login" class="login mp-login-btn">Login</a></li>
-                                </ul>
-                            </div>
-
-          <div class="phone">
-            <a href="tel:+1–888–873–0817">1&ndash;888&ndash;873&ndash;0817</a> 
-                </div>
-
-          <div class="header-social">
-            <ul class="list-inline">
-              <li class="list-inline-item"><a class="p-ft-social-fb" href="https://www.facebook.com/SucuriSecurity" target="_blank"><i class="social-icon facebook"></i></a></li>
-              <li class="list-inline-item"><a class="p-ft-social-tw" href="http://twitter.com/sucurisecurity" target="_blank"><i class="social-icon twitter"></i></a></li>
-              <li class="list-inline-item"><a class="p-ft-social-ig" href="https://www.instagram.com/sucurisecurity/" target="_blank"><i class="social-icon instagram"></i></a></li>
-            </ul>
-            </div>
-        </div>
-        <!-- top-nav-wrapper -->
-                </div>
-      <!-- row -->
-                </div>
-    <!-- container -->
-            </div>
-  <!-- header -->
-
-            <div class="misc">
-                <a href="https://sucuri.net/">Home</a>
-                <a href="https://sucuri.net/customers">Testimonials</a>
-                <a href="https://sucuri.net/company/">Company</a>
-                <a href="https://support.sucuri.net/support/?new">Support</a>
-                <span>1&ndash;888&ndash;873&ndash;0817</span>
-            </div>
-        </div>
-
-        <div class="user-menu-mobile">
-            <a href="https://sucuri.net/website-antivirus/signup" class="pricing">PRICING</a>
-            <a href="https://support.sucuri.net/support/?new">SUPPORT</a>
-            <a href="https://dashboard.sucuri.net/login" class="login">LOGIN</a>
-        </div>
-
-<div class="sub-header labs-page" id="sub-header">
-    <a  href="/"><i class="fa fa-home"></i> <span>Home</span></a><a  href="/?notes"><i class="fa fa-sticky-note"></i> <span>Notes</span></a><a class="active" href="/?malware"><i class="fa fa-bug"></i> <span>Malware</span></a><a  href="/?malwaredb"><i class="fa fa-tags"></i> <span>Signatures</span></a><a  href="/?about"><i class="fa fa-question"></i> <span>About</span></a></div>
-
-<div class="new-design">
-    
-    <div class="container">
-        <div class="row">
-            
-<div class="box">
-    <h2><a href="/?malware">Latest Malware Entries (24 hrs)</a></h2>
-
-<form method="get" action="/?malware">
-    <input type="hidden" name="malware" value="" />
-    <label>Archives:
-        <select name="entry" onchange="(function(t){var v=t.options[t.selectedIndex].value;window.location=t.form.action+(''==v?'':'&entry='+v);})(this);">
-            <option value="">Latest</option>
-                        <option value="2017-02-27">2017-02-27</option>
-                        <option value="2016-09-20">2016-09-20</option>
-                        <option value="2016-08-08">2016-08-08</option>
-                        <option value="2016-07-06">2016-07-06</option>
-                        <option value="2016-06-24">2016-06-24</option>
-                        <option value="2016-06-01">2016-06-01</option>
-                        <option value="2016-05-30">2016-05-30</option>
-                        <option value="2016-05-17">2016-05-17</option>
-                        <option value="2016-05-12">2016-05-12</option>
-                        <option value="2016-05-10">2016-05-10</option>
-                        <option value="2016-05-09">2016-05-09</option>
-                        <option value="2015-09-22">2015-09-22</option>
-                        <option value="2015-09-03">2015-09-03</option>
-                        <option value="2015-08-12">2015-08-12</option>
-                        <option value="2015-08-11">2015-08-11</option>
-                        <option value="2015-01-14">2015-01-14</option>
-                        <option value="2014-12-04">2014-12-04</option>
-                        <option value="2014-10-18">2014-10-18</option>
-                        <option value="2014-06-18">2014-06-18</option>
-                        <option value="2014-06-02">2014-06-02</option>
-                        <option value="2014-05-23">2014-05-23</option>
-                        <option value="2014-05-08">2014-05-08</option>
-                        <option value="2014-04-29">2014-04-29</option>
-                        <option value="2014-04-20">2014-04-20</option>
-                        <option value="2014-04-09">2014-04-09</option>
-                        <option value="2014-03-26">2014-03-26</option>
-                        <option value="2014-03-18">2014-03-18</option>
-                        <option value="2014-03-14">2014-03-14</option>
-                        <option value="2014-03-05">2014-03-05</option>
-                        <option value="2014-02-24">2014-02-24</option>
-                        <option value="2014-02-06">2014-02-06</option>
-                        <option value="2014-01-30">2014-01-30</option>
-                        <option value="2014-01-22">2014-01-22</option>
-                        <option value="2014-01-19">2014-01-19</option>
-                        <option value="2014-01-03">2014-01-03</option>
-                        <option value="2013-12-30">2013-12-30</option>
-                        <option value="2013-12-29">2013-12-29</option>
-                        <option value="2013-12-25">2013-12-25</option>
-                        <option value="2013-12-19">2013-12-19</option>
-                        <option value="2013-12-17">2013-12-17</option>
-                        <option value="2013-12-11">2013-12-11</option>
-                        <option value="2013-12-10">2013-12-10</option>
-                        <option value="2013-12-08">2013-12-08</option>
-                        <option value="2013-12-05">2013-12-05</option>
-                        <option value="2013-12-03">2013-12-03</option>
-                        <option value="2013-12-01">2013-12-01</option>
-                        <option value="2013-11-30">2013-11-30</option>
-                        <option value="2013-11-26">2013-11-26</option>
-                        <option value="2013-11-23">2013-11-23</option>
-                        <option value="2013-11-20">2013-11-20</option>
-                        <option value="2013-11-14">2013-11-14</option>
-                        <option value="2013-11-07">2013-11-07</option>
-                        <option value="2013-11-06">2013-11-06</option>
-                        <option value="2013-11-04">2013-11-04</option>
-                        <option value="2013-10-30">2013-10-30</option>
-                        <option value="2013-10-24">2013-10-24</option>
-                        <option value="2013-10-21">2013-10-21</option>
-                        <option value="2013-10-19">2013-10-19</option>
-                        <option value="2013-10-16">2013-10-16</option>
-                        <option value="2013-10-15">2013-10-15</option>
-                        <option value="2013-10-14">2013-10-14</option>
-                        <option value="2013-10-12">2013-10-12</option>
-                        <option value="2013-10-09">2013-10-09</option>
-                        <option value="2013-10-07">2013-10-07</option>
-                        <option value="2013-10-05">2013-10-05</option>
-                        <option value="2013-10-03">2013-10-03</option>
-                        <option value="2013-10-01">2013-10-01</option>
-                        <option value="2013-09-29">2013-09-29</option>
-                        <option value="2013-09-28">2013-09-28</option>
-                        <option value="2013-09-26">2013-09-26</option>
-                        <option value="2013-09-24">2013-09-24</option>
-                        <option value="2013-09-23">2013-09-23</option>
-                        <option value="2013-09-18">2013-09-18</option>
-                        <option value="2013-09-17">2013-09-17</option>
-                        <option value="2013-09-15">2013-09-15</option>
-                        <option value="2013-09-12">2013-09-12</option>
-                        <option value="2013-09-10">2013-09-10</option>
-                        <option value="2013-09-09">2013-09-09</option>
-                        <option value="2013-09-07">2013-09-07</option>
-                        <option value="2013-09-04">2013-09-04</option>
-                        <option value="2013-09-03">2013-09-03</option>
-                        <option value="2013-09-01">2013-09-01</option>
-                        <option value="2013-08-30">2013-08-30</option>
-                        <option value="2013-08-29">2013-08-29</option>
-                        <option value="2013-08-26">2013-08-26</option>
-                        <option value="2013-08-25">2013-08-25</option>
-                        <option value="2013-08-22">2013-08-22</option>
-                        <option value="2013-08-20">2013-08-20</option>
-                        <option value="2013-08-18">2013-08-18</option>
-                        <option value="2013-08-15">2013-08-15</option>
-                        <option value="2013-08-14">2013-08-14</option>
-                        <option value="2013-08-13">2013-08-13</option>
-                        <option value="2013-08-12">2013-08-12</option>
-                        <option value="2013-08-11">2013-08-11</option>
-                        <option value="2013-08-10">2013-08-10</option>
-                        <option value="2013-08-08">2013-08-08</option>
-                        <option value="2013-08-07">2013-08-07</option>
-                        <option value="2013-08-05">2013-08-05</option>
-                        <option value="2013-08-04">2013-08-04</option>
-                        <option value="2013-08-01">2013-08-01</option>
-                        <option value="2013-07-29">2013-07-29</option>
-                        <option value="2013-07-25">2013-07-25</option>
-                        <option value="2013-07-24">2013-07-24</option>
-                        <option value="2013-07-23">2013-07-23</option>
-                        <option value="2013-07-22">2013-07-22</option>
-                        <option value="2013-07-21">2013-07-21</option>
-                        <option value="2013-07-17">2013-07-17</option>
-                        <option value="2013-07-15">2013-07-15</option>
-                        <option value="2013-07-14">2013-07-14</option>
-                        <option value="2013-07-10">2013-07-10</option>
-                        <option value="2013-07-09">2013-07-09</option>
-                        <option value="2013-07-08">2013-07-08</option>
-                        <option value="2013-07-07">2013-07-07</option>
-                        <option value="2013-07-03">2013-07-03</option>
-                        <option value="2013-07-01">2013-07-01</option>
-                        <option value="2013-06-27">2013-06-27</option>
-                        <option value="2013-06-26">2013-06-26</option>
-                        <option value="2013-06-23">2013-06-23</option>
-                        <option value="2013-06-19">2013-06-19</option>
-                        <option value="2013-06-18">2013-06-18</option>
-                        <option value="2013-06-16">2013-06-16</option>
-                        <option value="2013-06-13">2013-06-13</option>
-                        <option value="2013-06-11">2013-06-11</option>
-                        <option value="2013-06-05">2013-06-05</option>
-                        <option value="2013-06-04">2013-06-04</option>
-                        <option value="2013-06-03">2013-06-03</option>
-                        <option value="2013-06-02">2013-06-02</option>
-                        <option value="2013-05-30">2013-05-30</option>
-                        <option value="2013-05-27">2013-05-27</option>
-                        <option value="2013-05-26">2013-05-26</option>
-                        <option value="2013-05-22">2013-05-22</option>
-                        <option value="2013-05-19">2013-05-19</option>
-                        <option value="2013-05-15">2013-05-15</option>
-                        <option value="2013-05-14">2013-05-14</option>
-                        <option value="2013-05-13">2013-05-13</option>
-                        <option value="2013-05-12">2013-05-12</option>
-                        <option value="2013-05-07">2013-05-07</option>
-                        <option value="2013-05-02">2013-05-02</option>
-                        <option value="2013-05-01">2013-05-01</option>
-                        <option value="2013-04-29">2013-04-29</option>
-                        <option value="2013-04-28">2013-04-28</option>
-                        <option value="2013-04-25">2013-04-25</option>
-                        <option value="2013-04-24">2013-04-24</option>
-                        <option value="2013-04-17">2013-04-17</option>
-                        <option value="2013-04-16">2013-04-16</option>
-                        <option value="2013-04-14">2013-04-14</option>
-                        <option value="2013-04-10">2013-04-10</option>
-                        <option value="2013-04-08">2013-04-08</option>
-                        <option value="2013-04-07">2013-04-07</option>
-                        <option value="2013-04-04">2013-04-04</option>
-                        <option value="2013-04-03">2013-04-03</option>
-                        <option value="2013-04-02">2013-04-02</option>
-                        <option value="2013-03-31">2013-03-31</option>
-                        <option value="2013-03-28">2013-03-28</option>
-                        <option value="2013-03-26">2013-03-26</option>
-                        <option value="2013-03-21">2013-03-21</option>
-                        <option value="2013-03-19">2013-03-19</option>
-                        <option value="2013-03-18">2013-03-18</option>
-                        <option value="2013-03-17">2013-03-17</option>
-                        <option value="2013-03-14">2013-03-14</option>
-                        <option value="2013-03-13">2013-03-13</option>
-                        <option value="2013-03-11">2013-03-11</option>
-                        <option value="2013-03-07">2013-03-07</option>
-                        <option value="2013-03-06">2013-03-06</option>
-                        <option value="2013-03-04">2013-03-04</option>
-                        <option value="2013-03-02">2013-03-02</option>
-                        <option value="2013-03-01">2013-03-01</option>
-                        <option value="2013-02-27">2013-02-27</option>
-                        <option value="2013-02-26">2013-02-26</option>
-                        <option value="2013-02-25">2013-02-25</option>
-                        <option value="2013-02-24">2013-02-24</option>
-                        <option value="2013-02-23">2013-02-23</option>
-                        <option value="2013-02-21">2013-02-21</option>
-                        <option value="2013-02-20">2013-02-20</option>
-                        <option value="2013-02-19">2013-02-19</option>
-                        <option value="2013-02-17">2013-02-17</option>
-                        <option value="2013-02-14">2013-02-14</option>
-                        <option value="2013-02-12">2013-02-12</option>
-                        <option value="2013-02-11">2013-02-11</option>
-                        <option value="2013-02-10">2013-02-10</option>
-                        <option value="2013-02-07">2013-02-07</option>
-                        <option value="2013-02-06">2013-02-06</option>
-                        <option value="2013-02-05">2013-02-05</option>
-                        <option value="2013-02-04">2013-02-04</option>
-                        <option value="2013-02-03">2013-02-03</option>
-                        <option value="2013-01-31">2013-01-31</option>
-                        <option value="2013-01-30">2013-01-30</option>
-                        <option value="2013-01-29">2013-01-29</option>
-                        <option value="2013-01-28">2013-01-28</option>
-                        <option value="2013-01-27">2013-01-27</option>
-                        <option value="2013-01-24">2013-01-24</option>
-                        <option value="2013-01-23">2013-01-23</option>
-                        <option value="2013-01-22">2013-01-22</option>
-                        <option value="2013-01-21">2013-01-21</option>
-                        <option value="2013-01-20">2013-01-20</option>
-                        <option value="2013-01-17">2013-01-17</option>
-                        <option value="2013-01-16">2013-01-16</option>
-                        <option value="2013-01-15">2013-01-15</option>
-                        <option value="2013-01-14">2013-01-14</option>
-                        <option value="2013-01-13">2013-01-13</option>
-                        <option value="2013-01-10">2013-01-10</option>
-                        <option value="2013-01-08">2013-01-08</option>
-                        <option value="2013-01-07">2013-01-07</option>
-                        <option value="2013-01-06">2013-01-06</option>
-                        <option value="2013-01-03">2013-01-03</option>
-                        <option value="2013-01-02">2013-01-02</option>
-                        <option value="2013-01-01">2013-01-01</option>
-                        <option value="2012-12-30">2012-12-30</option>
-                        <option value="2012-12-27">2012-12-27</option>
-                        <option value="2012-12-26">2012-12-26</option>
-                        <option value="2012-12-25">2012-12-25</option>
-                        <option value="2012-12-19">2012-12-19</option>
-                        <option value="2012-12-18">2012-12-18</option>
-                        <option value="2012-12-17">2012-12-17</option>
-                        <option value="2012-12-16">2012-12-16</option>
-                        <option value="2012-12-14">2012-12-14</option>
-                        <option value="2012-12-13">2012-12-13</option>
-                        <option value="2012-12-12">2012-12-12</option>
-                        <option value="2012-12-11">2012-12-11</option>
-                        <option value="2012-12-10">2012-12-10</option>
-                        <option value="2012-12-09">2012-12-09</option>
-                        <option value="2012-12-06">2012-12-06</option>
-                        <option value="2012-12-05">2012-12-05</option>
-                        <option value="2012-12-04">2012-12-04</option>
-                        <option value="2012-12-03">2012-12-03</option>
-                        <option value="2012-12-02">2012-12-02</option>
-                        <option value="2012-12-01">2012-12-01</option>
-                        <option value="2012-11-29">2012-11-29</option>
-                        <option value="2012-11-28">2012-11-28</option>
-                        <option value="2012-11-27">2012-11-27</option>
-                        <option value="2012-11-25">2012-11-25</option>
-                        <option value="2012-11-24">2012-11-24</option>
-                        <option value="2012-11-23">2012-11-23</option>
-                        <option value="2012-11-22">2012-11-22</option>
-                        <option value="2012-11-21">2012-11-21</option>
-                        <option value="2012-11-20">2012-11-20</option>
-                        <option value="2012-11-19">2012-11-19</option>
-                        <option value="2012-11-18">2012-11-18</option>
-                        <option value="2012-11-17">2012-11-17</option>
-                        <option value="2012-11-15">2012-11-15</option>
-                        <option value="2012-11-14">2012-11-14</option>
-                        <option value="2012-11-12">2012-11-12</option>
-                        <option value="2012-11-11">2012-11-11</option>
-                        <option value="2012-11-08">2012-11-08</option>
-                        <option value="2012-11-07">2012-11-07</option>
-                        <option value="2012-11-06">2012-11-06</option>
-                        <option value="2012-11-05">2012-11-05</option>
-                        <option value="2012-11-04">2012-11-04</option>
-                        <option value="2012-11-03">2012-11-03</option>
-                        <option value="2012-11-02">2012-11-02</option>
-                        <option value="2012-11-01">2012-11-01</option>
-                        <option value="2012-10-31">2012-10-31</option>
-                        <option value="2012-10-30">2012-10-30</option>
-                        <option value="2012-10-29">2012-10-29</option>
-                        <option value="2012-10-28">2012-10-28</option>
-                        <option value="2012-10-26">2012-10-26</option>
-                        <option value="2012-10-25">2012-10-25</option>
-                        <option value="2012-10-24">2012-10-24</option>
-                        <option value="2012-10-23">2012-10-23</option>
-                        <option value="2012-10-22">2012-10-22</option>
-                        <option value="2012-10-21">2012-10-21</option>
-                        <option value="2012-10-20">2012-10-20</option>
-                        <option value="2012-10-19">2012-10-19</option>
-                        <option value="2012-10-18">2012-10-18</option>
-                        <option value="2012-10-17">2012-10-17</option>
-                        <option value="2012-10-16">2012-10-16</option>
-                        <option value="2012-10-15">2012-10-15</option>
-                        <option value="2012-10-14">2012-10-14</option>
-                        <option value="2012-10-13">2012-10-13</option>
-                        <option value="2012-10-12">2012-10-12</option>
-                        <option value="2012-10-11">2012-10-11</option>
-                        <option value="2012-10-10">2012-10-10</option>
-                        <option value="2012-10-09">2012-10-09</option>
-                        <option value="2012-10-08">2012-10-08</option>
-                        <option value="2012-10-07">2012-10-07</option>
-                        <option value="2012-10-06">2012-10-06</option>
-                        <option value="2012-10-05">2012-10-05</option>
-                        <option value="2012-10-04">2012-10-04</option>
-                        <option value="2012-10-03">2012-10-03</option>
-                        <option value="2012-10-02">2012-10-02</option>
-                        <option value="2012-10-01">2012-10-01</option>
-                        <option value="2012-09-30">2012-09-30</option>
-                        <option value="2012-09-29">2012-09-29</option>
-                        <option value="2012-09-28">2012-09-28</option>
-                        <option value="2012-09-27">2012-09-27</option>
-                        <option value="2012-09-26">2012-09-26</option>
-                        <option value="2012-09-25">2012-09-25</option>
-                        <option value="2012-09-24">2012-09-24</option>
-                        <option value="2012-09-23">2012-09-23</option>
-                        <option value="2012-09-22">2012-09-22</option>
-                        <option value="2012-09-21">2012-09-21</option>
-                        <option value="2012-09-20">2012-09-20</option>
-                        <option value="2012-09-19">2012-09-19</option>
-                        <option value="2012-09-18">2012-09-18</option>
-                        <option value="2012-09-17">2012-09-17</option>
-                        <option value="2012-09-16">2012-09-16</option>
-                        <option value="2012-09-15">2012-09-15</option>
-                        <option value="2012-09-13">2012-09-13</option>
-                        <option value="2012-09-12">2012-09-12</option>
-                        <option value="2012-09-11">2012-09-11</option>
-                        <option value="2012-09-10">2012-09-10</option>
-                        <option value="2012-09-09">2012-09-09</option>
-                        <option value="2012-09-08">2012-09-08</option>
-                        <option value="2012-09-07">2012-09-07</option>
-                        <option value="2012-09-06">2012-09-06</option>
-                        <option value="2012-09-05">2012-09-05</option>
-                        <option value="2012-09-04">2012-09-04</option>
-                        <option value="2012-09-03">2012-09-03</option>
-                        <option value="2012-09-02">2012-09-02</option>
-                        <option value="2012-09-01">2012-09-01</option>
-                        <option value="2012-08-30">2012-08-30</option>
-                        <option value="2012-08-29">2012-08-29</option>
-                        <option value="2012-08-28">2012-08-28</option>
-                        <option value="2012-08-27">2012-08-27</option>
-                        <option value="2012-08-26">2012-08-26</option>
-                        <option value="2012-08-25">2012-08-25</option>
-                        <option value="2012-08-24">2012-08-24</option>
-                        <option value="2012-08-23">2012-08-23</option>
-                        <option value="2012-08-22">2012-08-22</option>
-                        <option value="2012-08-21">2012-08-21</option>
-                        <option value="2012-08-20">2012-08-20</option>
-                        <option value="2012-08-19">2012-08-19</option>
-                        <option value="2012-08-18">2012-08-18</option>
-                        <option value="2012-08-17">2012-08-17</option>
-                        <option value="2012-08-16">2012-08-16</option>
-                        <option value="2012-08-15">2012-08-15</option>
-                        <option value="2012-08-14">2012-08-14</option>
-                        <option value="2012-08-13">2012-08-13</option>
-                        <option value="2012-08-12">2012-08-12</option>
-                        <option value="2012-08-11">2012-08-11</option>
-                        <option value="2012-08-10">2012-08-10</option>
-                        <option value="2012-08-09">2012-08-09</option>
-                        <option value="2012-08-08">2012-08-08</option>
-                        <option value="2012-08-07">2012-08-07</option>
-                        <option value="2012-08-06">2012-08-06</option>
-                        <option value="2012-08-05">2012-08-05</option>
-                        <option value="2012-08-04">2012-08-04</option>
-                        <option value="2012-08-03">2012-08-03</option>
-                        <option value="2012-08-02">2012-08-02</option>
-                        <option value="2012-08-01">2012-08-01</option>
-                        <option value="2012-07-31">2012-07-31</option>
-                        <option value="2012-07-30">2012-07-30</option>
-                        <option value="2012-07-29">2012-07-29</option>
-                        <option value="2012-07-28">2012-07-28</option>
-                        <option value="2012-07-27">2012-07-27</option>
-                        <option value="2012-07-26">2012-07-26</option>
-                        <option value="2012-07-25">2012-07-25</option>
-                        <option value="2012-07-24">2012-07-24</option>
-                        <option value="2012-07-23">2012-07-23</option>
-                        <option value="2012-07-22">2012-07-22</option>
-                        <option value="2012-07-21">2012-07-21</option>
-                        <option value="2012-07-20">2012-07-20</option>
-                        <option value="2012-07-19">2012-07-19</option>
-                        <option value="2012-07-18">2012-07-18</option>
-                        <option value="2012-07-17">2012-07-17</option>
-                        <option value="2012-07-16">2012-07-16</option>
-                        <option value="2012-07-15">2012-07-15</option>
-                        <option value="2012-07-14">2012-07-14</option>
-                        <option value="2012-07-12">2012-07-12</option>
-                        <option value="2012-07-11">2012-07-11</option>
-                        <option value="2012-07-10">2012-07-10</option>
-                        <option value="2012-07-09">2012-07-09</option>
-                        <option value="2012-07-08">2012-07-08</option>
-                        <option value="2012-07-07">2012-07-07</option>
-                        <option value="2012-07-06">2012-07-06</option>
-                        <option value="2012-07-05">2012-07-05</option>
-                        <option value="2012-07-04">2012-07-04</option>
-                        <option value="2012-07-03">2012-07-03</option>
-                        <option value="2012-07-02">2012-07-02</option>
-                        <option value="2012-07-01">2012-07-01</option>
-                        <option value="2012-06-30">2012-06-30</option>
-                        <option value="2012-06-29">2012-06-29</option>
-                        <option value="2012-06-28">2012-06-28</option>
-                        <option value="2012-06-27">2012-06-27</option>
-                        <option value="2012-06-26">2012-06-26</option>
-                        <option value="2012-06-25">2012-06-25</option>
-                        <option value="2012-06-24">2012-06-24</option>
-                        <option value="2012-06-23">2012-06-23</option>
-                        <option value="2012-06-22">2012-06-22</option>
-                        <option value="2012-06-21">2012-06-21</option>
-                        <option value="2012-06-20">2012-06-20</option>
-                        <option value="2012-06-19">2012-06-19</option>
-                        <option value="2012-06-18">2012-06-18</option>
-                        <option value="2012-06-17">2012-06-17</option>
-                        <option value="2012-06-16">2012-06-16</option>
-                        <option value="2012-06-15">2012-06-15</option>
-                        <option value="2012-06-14">2012-06-14</option>
-                        <option value="2012-06-13">2012-06-13</option>
-                        <option value="2012-06-12">2012-06-12</option>
-                        <option value="2012-06-11">2012-06-11</option>
-                        <option value="2012-06-10">2012-06-10</option>
-                        <option value="2012-06-09">2012-06-09</option>
-                        <option value="2012-06-08">2012-06-08</option>
-                        <option value="2012-06-07">2012-06-07</option>
-                        <option value="2012-06-06">2012-06-06</option>
-                        <option value="2012-06-05">2012-06-05</option>
-                        <option value="2012-06-04">2012-06-04</option>
-                        <option value="2012-06-03">2012-06-03</option>
-                        <option value="2012-06-02">2012-06-02</option>
-                        <option value="2012-06-01">2012-06-01</option>
-                        <option value="2012-05-31">2012-05-31</option>
-                        <option value="2012-05-30">2012-05-30</option>
-                        <option value="2012-05-29">2012-05-29</option>
-                        <option value="2012-05-28">2012-05-28</option>
-                        <option value="2012-05-27">2012-05-27</option>
-                        <option value="2012-05-26">2012-05-26</option>
-                        <option value="2012-05-25">2012-05-25</option>
-                        <option value="2012-05-24">2012-05-24</option>
-                        <option value="2012-05-23">2012-05-23</option>
-                        <option value="2012-05-22">2012-05-22</option>
-                        <option value="2012-05-21">2012-05-21</option>
-                        <option value="2012-05-20">2012-05-20</option>
-                    </select>
-    </label>
-</form>
-<div class="reg-faqfull">
-<p>We separate the data in three categories: Iframes, redirections and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.</p>
-
-<h4>Hidden iframes</h4>
-<p>
-Latest hidden iframes our scanner have identified on compromised web sites.
-
-<table class="gptable mwtable table"><thead><tr><th># of sites infected</th><th>Type</th><th>Malware / Domains</th></tr></thead><tbody><tr><td>55</td><td><a href="/?type=iframe">iframe</a></td><td><span><a href="/?details=poseyhumane.org">http://poseyhumane&#4<!-- sucuri -->6;org<!-- sucuri -->/stats&<!--sucuri-->#46;php</a></span></td></tr>
-<tr><td>6</td><td><a href="/?type=iframe">iframe</a></td><td><span><a href="/?details=zumobtr.ru">http://zumobtr&#46;ru/gat<!-- sucuri -->e&#46<!-- sucuri -->;php?f=<!--sucuri-->1041671</a></span></td></tr>
-</tbody><tfoot><tr><td></td><td></td><td><i>Limited view (40 rows)... Only the top entries being displayed.</i></td></tr></tfoot></table></p>
-
-
-<h4>Conditional redirections</h4>
-<p>
-Conditional redirections we have detected (based on user agents or referers).
-<table class="gptable mwtable table"><thead><tr><th># of sites infected</th><th>Type</th><th>Malware / Domains</th></tr></thead><tbody><tr><td>9</td><td><a href="/?type=redirections">redirections</a></td><td><span><a href="/?details=goodhotwebmart.in">http://goo<!-- sucuri -->dhotw<!-- sucuri -->ebmart&<!--sucuri-->#46;in/</a></span></td></tr>
-<tr><td>6</td><td><a href="/?type=redirections">redirections</a></td><td><span><a href="/?details=mpzbearing.in">http://www&#46<!-- sucuri -->;mpzb<!-- sucuri -->earing&<!--sucuri-->#46;in/</a></span></td></tr>
-<tr><td>5</td><td><a href="/?type=redirections">redirections</a></td><td><span><a href="/?details=portal-d.pw">http://por<!-- sucuri -->tal-d<!-- sucuri -->&#46;pw<!--sucuri-->/XcTyTp</a></span></td></tr>
-</tbody><tfoot><tr><td></td><td></td><td><i>Limited view (40 rows)... Only the top entries being displayed.</i></td></tr></tfoot></table></p>
-
-<h4>Encoded javascript</h4>
-<p>
-Encoded javascript (redirecting to blackhole and other exploit kits) or to build
-a remote call.
-<table class="gptable mwtable table"><thead><tr><th># of sites infected</th><th>Type</th><th>Malware / Domains</th></tr></thead><tbody><tr><td>12</td><td><a href="/?type=javascript">javascript</a></td><td><span><a href="/?details=div-class-container.ru">http://div-class-container&#46;ru/m/&quot;: var a910ab1=[855,915,955,960,973,887,970,971,976,963,956<!-- sucuri -->,916&<!-- sucuri -->#46;&#4<!--sucuri-->6;&#46;</a></span></td></tr>
-<tr><td>22</td><td><a href="/?type=javascript">javascript</a></td><td><span>&lt;script&gt;var b=&quot;red&quot;;c=&quot;mod&quot;;function setCookie&#40;a,b,c){var d=new Date;d&#46;setTime&#40;d&#46;getTime&#40;)+60*c&#46;&#46;&#46;</span></td></tr>
-</tbody><tfoot><tr><td></td><td></td><td><i>Limited view (40 rows)... Only the top entries being displayed.</i></td></tr></tfoot></table>
-</p>
-
-
-</div>
-
-
-
-</div>
-                       </div>
-        </div>
-    </div>
-    
-<footer id="n-footer">
-   <div id="mp-footer" class="container">
-     <div class="row">
-        <div class="c-lg-12">
-            <div class="c-lg-2 c-md-2">
-                <div class="footer-products">
-                    <div class="footer-heading">
-                        <p>Products</p>
-                    </div>
-                    <div class="footer-menu">
-                        <ul class="list-block list-unstyled">
-                            <li class="list-block-item"><a class="mp-ft-prod-wf" href="https://sucuri.net/website-firewall/">Website Firewall</a></li>
-                            <li class="list-block-item"><a class="mp-ft-prod-av" href="https://sucuri.net/website-antivirus/">Website Antivirus</a></li>
-                            <li class="list-block-item"><a class="mp-ft-prod-bp" href="https://sucuri.net/website-backups/">Website Backups</a></li>
-                            <li class="list-block-item"><a class="mp-ft-prod-wps" href="https://sucuri.net/wordpress-security/">WordPress Security</a></li>
-                            <li class="list-block-item"><a class="mp-ft-prod-ent" href="https://sucuri.net/custom/enterprise/">Enterprise Services</a></li>
-                        </ul>
-                    </div>
-                </div>
-            </div>
-            <div class="c-lg-2 c-md-2">
-                <div class="footer-solutions">
-                    <div class="footer-heading">
-                        <p>Solutions</p>
-                    </div>
-                    <div class="footer-menu">
-                        <ul class="list-block list-unstyled">
-                            <li class="list-block-item"><a class="mp-ft-sol-ddos" href="https://sucuri.net/website-firewall/ddos-protection">DDoS Protection</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sol-scan" href="https://sucuri.net/website-antivirus/malware-scanning-and-detection">Malware Detection</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sol-removal" href="https://sucuri.net/website-antivirus/malware-removal">Malware Removal</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sol-prevent" href="https://sucuri.net/website-firewall/stop-website-attacks-and-hacks">Malware Prevention</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sol-blacklist" href="https://sucuri.net/website-antivirus/blacklist-removal-and-repair">Blacklist Removal</a></li>
-                        </ul>
-                    </div>
-                </div>
-            </div>
-            <div class="c-lg-2 c-md-2">
-                <div class="footer-support">
-                    <div class="footer-heading">
-                        <p>Support</p>
-                    </div>
-                    <div class="footer-menu">
-                        <ul class="list-block list-unstyled">
-                            <li class="list-block-item"><a class="mp-ft-sup-blog" href="http://blog.sucuri.net/">Blog</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sup-kb" href="http://kb.sucuri.net/">Knowledge Base</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sup-sc" href="http://sitecheck.sucuri.net/">SiteCheck</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sup-lab" href="http://labs.sucuri.net/">Research Labs</a></li>
-                            <li class="list-block-item"><a class="mp-ft-sup-faq" href="https://sucuri.net/faq">FAQ</a></li>
-                        </ul>
-                    </div>
-                </div>
-            </div>
-            <div class="c-lg-2 c-md-2">
-                <div class="footer-support">
-                    <div class="footer-heading">
-                        <p>Company</p>
-                    </div>
-                    <div class="footer-menu">
-                        <ul class="list-block list-unstyled">
-                            <li class="list-block-item"><a class="mp-ft-comp-about" href="https://sucuri.net/company">About</a></li>
-                            <li class="list-block-item"><a class="mp-ft-comp-media" href="https://sucuri.net/company/media">Media</a></li>
-                            <li class="list-block-item"><a class="mp-ft-comp-events" href="https://sucuri.net/company/events">Events</a></li>
-                            <li class="list-block-item"><a class="mp-ft-comp-employment" href="https://sucuri.net/company/employment">Employment</a></li>
-                            <li class="list-block-item"><a class="mp-ft-comp-contact" href="https://sucuri.net/company/contact-us">Contact</a></li>
-                            <li class="list-block-item"><a class="mp-ft-comp-testimonials" href="https://sucuri.net/customers/">Testimonials</a></li>
-                        </ul>
-                    </div>
-                </div>
-            </div>
-
-            <div class="c-lg-4 c-md-4 text-center">
-                <div class="footer-social-icons">
-                    <ul class="list-inline">
-                        <li class="list-inline-item"><a class="p-ft-social-fb" href="https://www.facebook.com/SucuriSecurity" target="_blank"><i class="social-icon facebook"></i></a></li>
-                        <li class="list-inline-item"><a class="p-ft-social-tw" href="http://twitter.com/sucurisecurity" target="_blank"><i class="social-icon twitter"></i></a></li>
-                        <li class="list-inline-item"><a class="p-ft-social-ld" href="https://www.linkedin.com/company/899487" target="_blank"><i class="social-icon linkedin"></i></a></li>
-                        <li class="list-inline-item"><a class="p-ft-social-ig" href="https://www.instagram.com/sucurisecurity/" target="_blank"><i class="social-icon instagram"></i></a></li>
-                    </ul>
-                </div>
-                <div>
-                    <p><a href="http://dashboard.sucuri.net/login/" class="btn login mp-ft-login">Customer Login</a></p>
-                </div>
-                <div class="footer-logo-wrapper">
-                    <a href="https://sucuri.net/" class="footer-logo"></a>
-                </div>
-            </div>
-        </div>
-
-            <div class="c-lg-12 footer-b">
-                <hr>
-                <div class="c-lg-8 c-md-8">
-                    <ul class="list-inline unstyled-list">
-                        <li class="list-inline-item"><a class="mp-ft-copyright-terms" href="https://sucuri.net/terms-of-service">Terms of Use</a></li>
-                        <li class="list-inline-item"><a class="mp-ft-copyright-priv" href="https://sucuri.net/privacy-policy">Privacy Policy</a></li>
-                        <li class="list-inline-item"><a class="mp-ft-copyright-faq" href="https://sucuri.net/faq">Frequently Asked Questions</a></li>
-                    </ul>
-                </div>
-                <div class="c-lg-4 c-md-4 copyright text-center">
-                    <p>© 2018 Sucuri Inc. All rights reserved.</p>
-                </div>
-            </div>
-        </div>
-        <!-- /.row -->
-   </div>
-   <!-- /.container -->
- </footer>
-
-
-<iframe
- width="0"   height="0" src="https://affl.sucuri.net/?affl=8fedd13cfe82ba6b5fd4a93876cc2065&noredir&trid=labssite">
-</iframe>
-
-<script src="//sucuri.net/js/script.js"></script>
- </body>
- </html>
-
diff --git a/intelmq/tests/bots/parsers/sucuri/test_sucuri.data.license b/intelmq/tests/bots/parsers/sucuri/test_sucuri.data.license
deleted file mode 100644
index 6a0d1638c..000000000
--- a/intelmq/tests/bots/parsers/sucuri/test_sucuri.data.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2018 dargen3
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/sucuri/test_sucuri.py b/intelmq/tests/bots/parsers/sucuri/test_sucuri.py
deleted file mode 100644
index bd8cd5a8c..000000000
--- a/intelmq/tests/bots/parsers/sucuri/test_sucuri.py
+++ /dev/null
@@ -1,66 +0,0 @@
-# SPDX-FileCopyrightText: 2018 dargen3
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-import codecs
-import os
-import unittest
-
-import intelmq.lib.test as test
-from intelmq.bots.parsers.sucuri.parser import SucuriParserBot
-from intelmq.lib import utils
-
-with codecs.open(os.path.join(os.path.dirname(__file__), 'test_sucuri.data'), encoding='UTF-8') as handle:
-    REPORT_DATA = handle.read()
-    REPORT_DATA_SPLIT = REPORT_DATA.splitlines()
-
-REPORT = {"__type": "Report",
-          "feed.name": "Sucuri Hidden Iframes",
-          "feed.url": "http://labs.sucuri.net/?malware",
-          "raw": utils.base64_encode(REPORT_DATA),
-          "time.observation": "2018-01-22T14:38:24+00:00",
-          }
-EVENT1 = {"__type": "Event",
-          "classification.identifier": "hidden-iframe",
-          "classification.type": "blacklist",
-          "feed.name": "Sucuri Hidden Iframes",
-          "feed.url": "http://labs.sucuri.net/?malware",
-          "raw": utils.base64_encode(REPORT_DATA_SPLIT[616]),
-          "source.url": "http://poseyhumane.org/stats.php",
-          "time.observation": "2018-01-24T14:23:34+00:00",
-          }
-EVENT2 = {"classification.identifier": "hidden-iframe",
-          "feed.url": "http://labs.sucuri.net/?malware",
-          "time.observation": "2018-01-24T15:58:48+00:00",
-          "__type": "Event",
-          "feed.name": "Sucuri Hidden Iframes",
-          "source.url": "http://zumobtr.ru/gate.php?f=1041671",
-          "raw": utils.base64_encode(REPORT_DATA_SPLIT[617]),
-          "classification.type": "blacklist",
-          }
-EVENT3 = {'__type': 'Event',
-          'classification.identifier': 'conditional-redirection',
-          'classification.type': 'blacklist',
-          'feed.name': 'Sucuri Hidden Iframes',
-          'feed.url': 'http://labs.sucuri.net/?malware',
-          "raw": utils.base64_encode(REPORT_DATA_SPLIT[624]),
-          'source.url': 'http://goodhotwebmart.in/',
-          }
-
-
-class TestSucuriParserBot(test.BotTestCase, unittest.TestCase):
-
-    @classmethod
-    def set_bot(cls):
-        cls.bot_reference = SucuriParserBot
-        cls.default_input_message = REPORT
-
-    def test_event(self):
-        self.run_bot()
-        self.assertMessageEqual(0, EVENT1)
-        self.assertMessageEqual(1, EVENT2)
-        self.assertMessageEqual(2, EVENT3)
-
-if __name__ == '__main__':  # pragma: no cover
-    unittest.main()
diff --git a/intelmq/tests/bots/parsers/webinspektor/__init__.py b/intelmq/tests/bots/parsers/webinspektor/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data b/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data
deleted file mode 100644
index a42584c18..000000000
--- a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data
+++ /dev/null
@@ -1,582 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-      <title>Recent Malware Detection by Web Inspector | Malware and Blacklisted Sites List</title>
-  <meta name="description" content="WebInspector blacklist monitoring is an automated, daily check. Web Inspector recent detections lists sites which host malicious, suspicious content and malware files."/>
-  <meta name="keywords" content="malware effected sites, host malicious, suspicious content detection,website inspector, site inspector, malware inspector, site blacklist checker, check search engine blocks"/>
-
-    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
-    <meta http-equiv="content-language" content="en-us">
-    <link href="http://app.webinspector.com/favicon.ico" rel="icon" type="image/x-icon" />
-    <link href="http://app.webinspector.com/favicon.ico" rel="shortcut icon" type="image/x-icon" />
-    <link href="http://app.webinspector.com/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
-    <link rel="canonical"  href="https://app.webinspector.com" />
-    <link rel="alternate" href="https://app.webinspector.com" hreflang="en-us" />
-    <link href="/assets/application-eec6e22c6d243e0eb81585d6e78d50d5.css" media="screen" rel="stylesheet" type="text/css" />
-    <script src="/assets/application-8a32489ca49a3dfa26b88de8747c29f0.js" type="text/javascript"></script>
-    <script type="text/javascript">
-  var _gaq = _gaq || [];
-  _gaq.push(['_setAccount', 'UA-1245640-66']);
-  _gaq.push(['_setDomainName', 'webinspector.com']);
-  _gaq.push( ['_trackPageview', document.URL.replace(new RegExp('^' + document.location.protocol + '\/\/'), '').replace(new RegExp('^' + document.location.host), '').replace(new RegExp(/key[0-9]{1,3}sk[0-9]{1,3}=[^&]*|/g), '').replace(new RegExp(/&{2,999}/g), '&').replace(new RegExp(/\?&/g), '?').replace(new RegExp(/&$/), '').replace(new RegExp(/\?$/), '')]);
-
-  (function() {
-    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
-    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
-    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
-  })();
-</script>
-
-    
-      <script type='text/javascript'>
-    $(document).ready(function() {
-      page_list_form();
-    });
-  </script>
-
-  </head>
-
-  <body>
-    <div id="container">
-      <div id="main">
-
-        
-<div id="header">
-
-  <div id="header-cont">
-    <div class="logo">
-      <a href="http://www.webinspector.com" target="_blank"></a>
-    </div>
-
-    <div class="header-text">
-
-      <p>
-        <a href="http://www.webinspector.com/livechat/chatpopup.html">Chat with us Now</a> |
-        Call us: 1-888-266-6361 | 
-        <a href="http://www.webinspector.com/callback.php">Request a Callback</a> | 
-        <a href="http://www.webinspector.com/email_us.php">Email Us</a>
-      </p>
-
-      <ul class="nav">
-        <li><a href="http://www.webinspector.com">Home</a></li>
-        <li ><a href="/online_scan">Online Scan</a></li>        
-        <li ><a href="/detection_technologies">Detection Technologies</a></li>
-        <li class="active"><a href="/recent_detections">Recent Detections</a></li>
-        <li ><a href="/login">Login</a></li>
-      </ul>
-
-    </div>
-  </div>
-</div>
-
-<div id="ribbon"></div>
-
-
-
-
-        <div id="content">
-
-          <h1>Unsafe sites</h1>
-<p>
-  This list contains some of websites which host malicious, suspicious content and malware files. It is updated every  60 mins.
-  These sites were checked in the last  24 hours.
-</p>
-<p>You may search website reports detected in the last  30 days.</p>
-<div id="main_info" class="help-msg" style="display: none"></div><div id="main_error" class="red-alert" style="display: none"></div>
-<form accept-charset="UTF-8" action="/public/reports/show_website" class="report-filter-form" method="get"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /></div>
-  <input id="is_captcha" name="is_captcha" type="hidden" value="1" />
-    <input class="text" id="report-filter" name="site" onFocus="this.value = &#x27;&#x27;" type="text" value="Search website..." />
-  <input class="submit-bt" id="add-site" name="commit" type="submit" value="Search" />
-</form><form accept-charset="UTF-8" action="/public/recent_detections" id="search" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="3yGNgM3R7miwS8Tgh176oavLdn66FcJQBH/uLECfAgY=" /></div>
-  <select id="risk" name="risk" onChange="this.form.submit();"><option value="-1">Show all entries</option>
-<option value="2">High Risk entries</option>
-<option value="3" selected="selected">Suspicious entries</option></select>
-</form>    <div id="detections">
-      <table class="sites-list" cellpadding="0" cellspacing="0">
-  <tr>
-    <th>Unsafe Site</th>
-    <th>Result</th>
-    <th>Last Detected At</th>
-    <th>Details</th>
-  </tr>
-    <tr class="susp-row">
-      <td><span>https://cummins.inhance.io</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:44:30 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=https%3A%2F%2Fcummins.inhance.io">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://naclkuso.myweb.hinet.net</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:12:00 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fnaclkuso.myweb.hinet.net">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://wapmobi.sextgem.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:11:46 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwapmobi.sextgem.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://momentum.co.cr</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:11:29 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fmomentum.co.cr">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://warning-2jusz4.stream</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:11:26 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwarning-2jusz4.stream">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.bhejacry.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:11:07 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.bhejacry.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.circuit-projects.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:09:15 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.circuit-projects.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span><a href="javascript:;" onclick="show_link('38993673');">http://www.coolangattafootballclub.com.a ...</a><div id="link_38993673" style="display: none;" title="URL">http://www.coolangattafootballclub.com.au</div></span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:08:20 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.coolangattafootballclub.com.au">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://drbarbarajames.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:07:50 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fdrbarbarajames.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://larklands.net</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:07:40 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Flarklands.net">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://m2jbdistribuidora.com.br</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:07:35 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fm2jbdistribuidora.com.br">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://maven-aviation.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:07:21 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fmaven-aviation.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://authprwz.info</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:07:19 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fauthprwz.info">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://monksstores.co.za</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:59 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fmonksstores.co.za">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span><a href="javascript:;" onclick="show_link('18361366');">http://atendimento-seguro.comunicadoimpo ...</a><div id="link_18361366" style="display: none;" title="URL">http://atendimento-seguro.comunicadoimportante.co</div></span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:58 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fatendimento-seguro.comunicadoimportante.co">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://nluxbambla.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:52 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fnluxbambla.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://arubtrading.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:34 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Farubtrading.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span><a href="javascript:;" onclick="show_link('18361367');">http://autoupdatenoreply61893124792830in ...</a><div id="link_18361367" style="display: none;" title="URL">http://autoupdatenoreply61893124792830indexphi.mississauga-junkcar.com</div></span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:23 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fautoupdatenoreply61893124792830indexphi.mississauga-junkcar.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://atendimento.acess.mobi</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:22 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fatendimento.acess.mobi">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span><a href="javascript:;" onclick="show_link('38149864');">http://capitale-one-bank-login-secured.e ...</a><div id="link_38149864" style="display: none;" title="URL">http://capitale-one-bank-login-secured.edukasys.com</div></span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:22 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcapitale-one-bank-login-secured.edukasys.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://black.pk</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:20 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fblack.pk">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://asharna.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:19 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fasharna.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://niyiijaola.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:07 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fniyiijaola.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://autosegurancabrasil.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:06:02 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fautosegurancabrasil.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://celebritygruop.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:57 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcelebritygruop.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://caananlimited.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:52 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcaananlimited.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://banzaiwaterslides.net</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:51 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fbanzaiwaterslides.net">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://beelinecg.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:50 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fbeelinecg.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://bethmdesign.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:35 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fbethmdesign.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://carlisassuranceameli24h.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:31 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcarlisassuranceameli24h.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://capev-ven.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:27 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcapev-ven.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://chicken2go.co.uk</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:20 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fchicken2go.co.uk">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.appearantly.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:19 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.appearantly.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://wembleyproductions.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:12 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwembleyproductions.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://consultbm.co.za</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:05:00 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fconsultbm.co.za">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.almanarahalelmeya.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:58 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.almanarahalelmeya.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.agencia.larue.com.br</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:44 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.agencia.larue.com.br">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.bycod.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:37 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.bycod.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://conduceseguro.gob.mx</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:32 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fconduceseguro.gob.mx">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://dofficepro.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:31 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fdofficepro.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.capa.com.br</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:29 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.capa.com.br">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://estudiokgo.com.ar</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:23 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Festudiokgo.com.ar">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.andrewrobertsllc.info</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:19 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.andrewrobertsllc.info">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span><a href="javascript:;" onclick="show_link('37590654');">http://dmpbmzbmtr8c40a.jonesnewsletter.c ...</a><div id="link_37590654" style="display: none;" title="URL">http://dmpbmzbmtr8c40a.jonesnewsletter.com</div></span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:04:04 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fdmpbmzbmtr8c40a.jonesnewsletter.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://farmaciasm3.cl</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:38 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Ffarmaciasm3.cl">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://devv-c0nfr1m.verifikasion1.ga</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:33 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fdevv-c0nfr1m.verifikasion1.ga">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://fbkepo.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:27 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Ffbkepo.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.cleartaxsupport.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:24 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.cleartaxsupport.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://www.delbox.com.br</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:21 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fwww.delbox.com.br">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-    <tr class="susp-row">
-      <td><span>http://cwaustralia.com</span></td>
-      <td>Suspicious</td>
-      <td>2018-02-13 08:03:15 UTC</td>
-      <td>
-        <a href="/public/reports/show_website?result=3&amp;site=http%3A%2F%2Fcwaustralia.com">Suspicious pages were found on this site.</a>
-        <br>
-      </td>
-    </tr>
-</table>
-<div id ='pagination'>  
-  <div class="pagination ajax"><span class="previous_page disabled"><span class="prev">&lsaquo;</span></span> <em class="current">1</em> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=2&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;" rel="next">2</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=3&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">3</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=4&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">4</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=5&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">5</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=6&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">6</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=7&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">7</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=8&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">8</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=9&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">9</a> <span class="gap">&hellip;</span> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=16&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">16</a> <a href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=17&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;">17</a> <a class="next_page" href="#" onclick="$.ajax({url: &#x27;/public/recent_detections?page=2&#x27;, dataType: &#x27;script&#x27;, type: &#x27;post&#x27;});; return false;" rel="next"><span class="next">&rsaquo;</span></a></div>
-</div>
-
-    </div>
-    
-
-<form accept-charset="UTF-8" action="/public/recent_detections" class="page-list" id="form_list790" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="3yGNgM3R7miwS8Tgh176oavLdn66FcJQBH/uLECfAgY=" /></div>
-  <input type='hidden' name='id' value=''>
-  Display
-  <select class="page-list" id="list790" name="list"><option value="10">10 items per page</option>
-<option value="20">20 items per page</option>
-<option value="30">30 items per page</option>
-<option value="40">40 items per page</option>
-<option value="50" selected="selected">50 items per page</option></select>
-</form>
-
-
-
-        </div> <!-- End of Content -->
-      </div> <!-- End of Main -->
-    </div> <!-- End of Container -->
-
-    <div id="footer">
-      &copy; Comodo Security Solutions, Inc. 2018. All rights reserved.<br />
-      <a href="http://www.webinspector.com/faq.php" target="_blank">FAQ</a> | <a href="https://support.comodo.com/" target="_blank">Support</a>
-    </div>
-  </body>
-</html>
-
diff --git a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data.license b/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data.license
deleted file mode 100644
index 6a0d1638c..000000000
--- a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.data.license
+++ /dev/null
@@ -1,2 +0,0 @@
-SPDX-FileCopyrightText: 2018 dargen3
-SPDX-License-Identifier: AGPL-3.0-or-later
diff --git a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.py b/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.py
deleted file mode 100644
index 7e71c7b24..000000000
--- a/intelmq/tests/bots/parsers/webinspektor/test_webinspektor.py
+++ /dev/null
@@ -1,69 +0,0 @@
-# SPDX-FileCopyrightText: 2018 dargen3
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# -*- coding: utf-8 -*-
-import os
-import unittest
-
-import intelmq.lib.test as test
-from intelmq.bots.parsers.webinspektor.parser import WebinspektorParserBot
-from intelmq.lib import utils
-
-with open(os.path.join(os.path.dirname(__file__), 'test_webinspektor.data')) as handle:
-    REPORT_DATA = handle.read()
-    REPORT_DATA_SPLIT = REPORT_DATA.splitlines()
-
-REPORT = {"__type": "Report",
-          "feed.name": "Webinspektor",
-          "feed.url": "https://app.webinspector.com/public/recent_detections",
-          "raw": utils.base64_encode(REPORT_DATA),
-          "time.observation": "2018-01-22T14:38:24+00:00",
-          }
-EVENT1 = {"raw": utils.base64_encode(REPORT_DATA_SPLIT[102].strip() + REPORT_DATA_SPLIT[104].strip()),
-          "__type": "Event",
-          "time.observation": "2018-01-22T14:38:24+00:00",
-          "feed.url": "https://app.webinspector.com/public/recent_detections",
-          "source.url": "https://cummins.inhance.io",
-          "classification.taxonomy": "other",
-          "classification.type": "blacklist",
-          "classification.identifier": "Suspicious",
-          "time.source": "2018-02-13T08:44:30+00:00",
-          "feed.name": "Webinspektor"}
-EVENT2 = {"raw": utils.base64_encode(REPORT_DATA_SPLIT[111].strip() + REPORT_DATA_SPLIT[113].strip()),
-          "__type": "Event",
-          "time.observation": "2018-01-22T14:38:24+00:00",
-          "feed.url": "https://app.webinspector.com/public/recent_detections",
-          "source.url": "http://naclkuso.myweb.hinet.net",
-          "classification.taxonomy": "other",
-          "classification.type": "blacklist",
-          "classification.identifier": "Suspicious",
-          "time.source": "2018-02-13T08:12:00+00:00",
-          "feed.name": "Webinspektor"}
-EVENT3 = {"raw": utils.base64_encode(REPORT_DATA_SPLIT[120].strip() + REPORT_DATA_SPLIT[122].strip()),
-          "__type": "Event",
-          "time.observation": "2018-01-22T14:38:24+00:00",
-          "feed.url": "https://app.webinspector.com/public/recent_detections",
-          "source.url": "http://wapmobi.sextgem.com",
-          "classification.taxonomy": "other",
-          "classification.identifier": "Suspicious",
-          "time.source": "2018-02-13T08:11:46+00:00",
-          "classification.type": "blacklist",
-          "feed.name": "Webinspektor"}
-
-
-class TestWebinspektorParserBot(test.BotTestCase, unittest.TestCase):
-
-    @classmethod
-    def set_bot(cls):
-        cls.bot_reference = WebinspektorParserBot
-        cls.default_input_message = REPORT
-
-    def test_event(self):
-        self.run_bot()
-        self.assertMessageEqual(0, EVENT1)
-        self.assertMessageEqual(1, EVENT2)
-        self.assertMessageEqual(2, EVENT3)
-
-if __name__ == '__main__':  # pragma: no cover
-    unittest.main()
diff --git a/intelmq/tests/lib/test_upgrades.py b/intelmq/tests/lib/test_upgrades.py
index dfdfdca0a..9d34ab39e 100644
--- a/intelmq/tests/lib/test_upgrades.py
+++ b/intelmq/tests/lib/test_upgrades.py
@@ -574,6 +574,30 @@
     },
 }
 
+V322_DISCONTINUED_BOTS_AND_FEEDS_IN = {
+    "global": {},
+    "sucuri-parser": {
+        "module": "intelmq.bots.parsers.sucuri.parser"
+    },
+    "webinspektor-parser": {
+        "module": "intelmq.bots.parsers.webinspektor.parser"
+    },
+    "netlab360-parser": {
+        "module": "intelmq.bots.parsers.netlab_360.parser"
+    },
+    "sucuri-collector": {
+        "module": "intelmq.bots.collectors.http.collector",
+        "parameters": {
+            "http_url": "http://labs.sucuri.net/?malware"
+        }
+    }
+}
+
+V322_DISCONTINUED_BOTS_AND_FEEDS_OUT = """\
+Found discontinued bots: sucuri-parser, webinspektor-parser, netlab360-parser
+Found discontinued feeds collected by bots: sucuri-collector
+Remove the affected bots from the configuration."""
+
 
 def generate_function(function):
     def test_function(self):
@@ -795,6 +819,11 @@ def test_v322_url_replacement(self):
         self.assertTrue(result[0])
         self.assertEqual(V322_URL2FQN_OUT, result[1])
 
+    def test_v322_removed_feeds_and_bots(self):
+        """ Test v322_removed_feeds_and_bots """
+        result = upgrades.v322_removed_feeds_and_bots(V322_DISCONTINUED_BOTS_AND_FEEDS_IN, {}, False)
+        self.assertEqual(V322_DISCONTINUED_BOTS_AND_FEEDS_OUT, result[0])
+
 
 for name in upgrades.__all__:
     setattr(TestUpgradeLib, 'test_function_%s' % name,