I analysed over 1500 sites hosted in the Crissic IP address range (report here [csv]) and many sites were already marked as being malicious by Google, and some other sites obviously follow the same naming pattern and must be considered as malicious.
Malware is hosted on the following IPs:
167.160.165.38 [VT report]
167.160.165.39 [VT report]
167.160.165.158 [VT report]
167.160.165.159 [VT report]
167.160.165.171 [VT report]
167.160.165.172 [VT report]
167.160.165.214 [VT report]
167.160.165.215 [VT report]
167.160.166.66 [VT report]
167.160.166.67 [VT report]
167.160.166.68 [VT report]
Given the concentration of active malicious servers in 167.160.165.0/24 and 167.160.166.0/24 then I would recommend blocking you traffic to those ranges at least temporarily, despite there being legitimate sites in that range. You might choose to block the entire /19 of course, I will leave you to look at the evidence.
The following domains are being used to spread malware (new domains are being added all the time, blocking these may not be effective):
everydayfifth.biz
everydayfirst.biz
everydayfour.biz
everydaysecond.biz
everydaythird.biz
fantybrady.biz
fantybrown.biz
fantycelly.biz
fantyverko.biz
filterblowfred.biz
filterbrickpont.biz
filterglowpred.biz
filtersendcheck.biz
filtersongpreg.biz
fivejobtoday.biz
fivemegapack.biz
fourmegapack.biz
fridaynight1.biz
fridaynight2.biz
fridaynight3.biz
fridaynight4.biz
fridaynight5.biz
fridaynight6.biz
fridaynight7.biz
fridaynight8.biz
fridaynight9.biz
mondayworkfive.biz
mondayworkfour.biz
mondayworkone.biz
mondayworkseven.biz
mondayworksix.biz
mondayworkthree.biz
mondayworktwo.biz
ninemonthjet.biz
onemegapack.biz
secondmonthjet.biz
sevenjobtoday.biz
sixjobtoday.biz
sixmonthjet.biz
sundayfiveticket.biz
sundayfourticket.biz
sundaysixticket.biz
sundaytwoticket.biz
thirdmonthjet.biz
threemegapack.biz
tuesdaymorningfive.biz
tuesdaymorningfour.biz
tuesdaymorningone.biz
tuesdaymorningseven.biz
tuesdaymorningsix.biz
tuesdaymorningthree.biz
tuesdaymorningtwo.biz
twomegapack.biz
wednesdayfifthjob.biz
wednesdayfirstjob.biz
wednesdaysecondjob.biz
wednesdaythirdjob.biz
zerojobtoday.biz
zoneclickjohny.biz
zoneclickporno.biz
zoneclicksex.biz
zoneclickwindow.biz
babydomainscoolsxenons.com
babynamescoolsxenons.com
domainscoolsxenons.com
namescoolsxenons24.com
namesthecoolsxenons.com
nyparvermoligh.eu
robbulerolrom.eu
rurecranparro.eu
sitgoottinbab.eu
talonegahadti.eu
tertsinrowofthem.eu
usethethedttalhat.eu
watehorohar.eu
mvabsolutezeronotice.info
mvanchusaofficinalis.info
mvappealscourtcontrols.info
mvcalldownroister.info
mvcellulosicairforce.info
mvdaccrualairforce.info
mvdangraecumtekki.info
mvdcercidiumdeluge.info
mvdfamilytheophrastaceae.info
mvjacquemierssign.info
mvlongtimecetotalcontrol.info
mvmarasmustekkinotice.info
mvmolluskfamilynotice.info
mvpinnatifidamericancontrols.info
georgwitlhelmfriedrichhegel.us
onomustculusintercostalis.us
pearhatwthorn.us
toponytmkamarupan.us
vagabotndagetoil.us
No comments:
Post a Comment