nOtHINK

"dubium sapientiae initium"

• Home
• Malware network activity
  • DNS network traffic
  • IRC network traffic
  • HTTP network traffic
• Honeypot
  • Statistics
  • SSH honeypot
  • Malicious binaries collected
  • Last threats (daily)
• Misc
  • Blacklist
  • Spam
  • Viruswatch
• FAQ

Malware and services blacklist

With my honeypot I can provide three blacklists (updated every day and in text format) containing all IP addresses and domains relative to 'Command&Control' server. You can import it into your firewall and proxy to block all traffic relative to them. Warning: some domains may be false positives. Legitimate sites but contacted by some malware. Could be a solution to filter by TLD.

Malware DNS network traffic (name) : list

Malware IRC network traffic (IP address) : list

Malware DNS network traffic (IP address) : list

Furthermore the SSH and VoIP blacklists (updated every day and in text format) contains IP addresses of hosts which tried to bruteforce into my honeypot (located in Italy) using the SSH protocol.

SSH attackers (IP address) : last 24 hours, last week, all time

VoIP attackers (IP address) : last 24 hours, last week, all time