Some more malware sites to block, being used in current spam runs to distribute the blackhole exploit kit. Block the domains and IPs if you can.
Eonix, Canada
173.213.93.203
clostescape.com
Zerigo, US
173.248.190.37
chilleloot.com
Colo4Dallas, US
174.136.0.87
chillegraph.com
chilleline.com
Ixvar, Canada
174.142.247.164
clostery.com
Hostforweb, US
205.234.187.6
sulusient.com
Networld Internet, US
207.210.96.45
clostehold.com
72.249.126.223
chillemap.com
Confluence Networks, BVI
208.91.197.27 (parked)
closteyard.com
Endurance International, US
209.59.220.57
closteland.com
closterange.com
209.59.220.65
sulusity.com
209.59.220.202
chillency.com
209.59.221.158
closteation.com
Nuclear Fallout Enterprises, US
66.150.164.192
chilletect.com
74.91.119.202
sulusality.com
Linode, US
69.164.199.231
chillepay.com
96.126.96.123
chillechart.com
96.126.102.252
sulusium.com
Not resolving
chillebucks.com
chillecash.com
chillefunds.com
chillestruct.com
sulusius.com
sulusize.com
3 comments:
Good day:
Thank you so much for your time, and the blog.
Do you send abuse reports to the data centers managing the IP addresses of the malware, hacking, etc. you post?
Thank you.
Sometimes yes.. sometimes no. Sometimes you know that the host will act very quickly, but in some cases you know that the host knows full well what is going on (i.e. a Black Hat outfit). There there are all those in between..
Hi Conrad:
The reason I ask is based on our own snitching - http://www.dynamicnet.net/2011/08/security-snitching/
And I was curious from two standpoints, if there was snitching going on (which I believe is a good thing as it relates to abuse reports), and how that was working for you.
In terms of the data centers listed, we've had reasonable results with the following:
Colo4Dallas, US
Hostforweb, US
Two US providers that have been hit and miss have been:
Endurance International, US
Linode, US
With Linode being more responsive than Endurance International but still not as responsive say as others.
Since I normally know a company by their abuse email, I don't know if I have experience with the other data centers listed (the ones I did know by company is either their company name is a part of their domain name such as colo4dallas or just by the amount of reports we send out).
Thank you again for your time, and good work.
Post a Comment