I see a list of url that might be a endpoint of exploit, does anybody knows how to monitor connections to those url from your LAN? Is it efficient to setup such defense? And where can I download the list of Pegasus servers?
I think the urls in that repo are just short url services. You need to provide IOC (indicators of compromise) files in a specific format and it will check any short urls to expand them out and compare against the provided list.
https://oasis-open.github.io/cti-documentation/stix/intro