<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: threatstop-blocklists

Bad Domain of the Week: D-D-Don't mess with ddd[.]com

 

The website ddd[.]com claims to be a domain registrant and manager, and even if it is - we definitely wouldn't trust this one. Our Security Research team came across this domain while reviewing customer logs, and saw an unusual amount of communications blocked from this domain.

Read More

Share this:

Yet Another Legitimate Scanner Testing User Patience?

When an IP is in a number of blocklists and it tries to make over 20 Million (yes, you read that right!) connection attempts with our customer devices, it definitely catches our attention. This is exactly what the IP address 89.248.165[.]118 did. Just Memorial Day morning showed around 30K hits in our customer logs from this IP.

Read More

Share this:

Darkside RANSOMWARE Group domains fotoeuropa[.]ro and catsdegree[.]com

This week our Security Research team noticed loads of blocked traffic between ThreatSTOP customer machines and domains recently associated with DarkSide ransomware - the malware behind the Colonial Pipeline shutdown that forced the company to pay $5 million in ransom. The domains - fotoeuropa[.]ro and catsdegree[.]com – logged an accumulative 3.8 million blocked communication attempts in our systems over the last week alone. Almost nothing makes us happier than potential victims saved from malicious threat actors and cyberattack disasters. 

Read More

Share this:

Are your Network Communications ITAR and OFAC Compliant?

Many organizations are subject to government regulations such as ITAR or OFAC that prohibit any dealings with certain foreign nations. Others have countries that they will not do business with for reasons of corporate policy - because of rampant piracy or fraud for example. However with the Internet, what matters isn't always where another computer is located, at least not from the domain name it reports or the place a user fills in as its contact address. This means that, wittingly or unwittingly, devices in any organization may be connecting with other machines in locations that they are legally forbidden to have any communication with.

Read More

Share this:

Bad IP of the Week: ThreatSTOP Blocks 2M+ Connections from Russian IP

Over the weekend, a Russian IP known to be malicious by a variety of threat intelligence vendors tried to communicate with our customers' networks over 2 million times. The IP is known to be malicious by DShield, CINS Army, AbuseIPDB, IPSum and Collective Intelligence. Malicious activity from this IP was also reported on Alienvault's Open Threat Exchange by two additional sources - the Louisiana Cyber Investigators Alliance (LCIA) who caught this IP using their honeypot, and the Internet Storm Center.

Read More

Share this:

From Russia with Love: Selectel hosting some busy, bad IP addresses

In the past week we saw a massive surge in hits on customer logs coming from the IP 45.146.165[.]11. Our security research team checked it out, and found that it has been the launch pad for abnormally large amounts of traffic trying to reach customer machines. On one customer network alone they got over 2 million hits.

Read More

Share this:

ThreatSTOP announces first IPv6 feed

We are making available our first IP v6 feed – the v6 full bogons – as a technology demonstration. It uses the exact same DNS distribution method as our standard IP v4 lists and thus demonstrates clearly that our mechanism is IP v6 compliant.

Read More

Share this:

IP Reputation and the Limits of Metaphors

Our fellow security professionals at Damballa have written a pretty good explanation of IP reputation and the benefits of applying it. Since our business at ThreatSTOP is to provide IP reputation perhaps we should ask them to write more copy... However, while the article, as a whole is good, there are a few places where I think it could be improved.

Read More

Share this:

Blocking the ZeuS Botnet(s)

The ZeuS Botnet got into the news last week with the announcement that it had led to significant financial losses in the UK, however it (or rather they since there are many botnets running the same trojan) is an infection that has been studied by a number of malware researchers.

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter