Sponsored by..

Thursday, 26 January 2012

Some malware sites to block 26/1/12

Some more malware sites to block, being used in current spam runs to distribute the blackhole exploit kit. Block the domains and IPs if you can.

Eonix, Canada
173.213.93.203
clostescape.com

Zerigo, US
173.248.190.37
chilleloot.com

Colo4Dallas, US
174.136.0.87
chillegraph.com
chilleline.com

Ixvar, Canada
174.142.247.164
clostery.com

Hostforweb, US
205.234.187.6
sulusient.com

Networld Internet, US
207.210.96.45
clostehold.com
72.249.126.223
chillemap.com

Confluence Networks, BVI
208.91.197.27 (parked)
closteyard.com

Endurance International, US
209.59.220.57
closteland.com
closterange.com
209.59.220.65
sulusity.com
209.59.220.202
chillency.com
209.59.221.158
closteation.com

Nuclear Fallout Enterprises, US
66.150.164.192
chilletect.com
74.91.119.202
sulusality.com

Linode, US
69.164.199.231
chillepay.com
96.126.96.123
chillechart.com
96.126.102.252
sulusium.com

Not resolving
chillebucks.com
chillecash.com
chillefunds.com
chillestruct.com
sulusius.com
sulusize.com

3 comments:

Peter said...

Good day:

Thank you so much for your time, and the blog.

Do you send abuse reports to the data centers managing the IP addresses of the malware, hacking, etc. you post?

Thank you.

Conrad Longmore said...

Sometimes yes.. sometimes no. Sometimes you know that the host will act very quickly, but in some cases you know that the host knows full well what is going on (i.e. a Black Hat outfit). There there are all those in between..

Peter said...

Hi Conrad:

The reason I ask is based on our own snitching - http://www.dynamicnet.net/2011/08/security-snitching/

And I was curious from two standpoints, if there was snitching going on (which I believe is a good thing as it relates to abuse reports), and how that was working for you.

In terms of the data centers listed, we've had reasonable results with the following:

Colo4Dallas, US
Hostforweb, US

Two US providers that have been hit and miss have been:

Endurance International, US
Linode, US

With Linode being more responsive than Endurance International but still not as responsive say as others.

Since I normally know a company by their abuse email, I don't know if I have experience with the other data centers listed (the ones I did know by company is either their company name is a part of their domain name such as colo4dallas or just by the amount of reports we send out).

Thank you again for your time, and good work.