Hosts: Malicious Domain

Created on 3 Jul 2020  路  15Comments  路  Source: StevenBlack/hosts

Source ->
https://any.run/report/17a985739661607e0816f06f3d57f9e06a2247cc3a56b5723071f1512de67b85/2397884b-e191-4108-a351-f6dad7f62e5b

IoC ->
vnsylgycmultlwcjnie.eu
joodfbnm.eu

picture scafroglia93

Most helpful comment

Fuck me. Thanks Dan @dnmTX.

My ad-hoc list is overdue for an automated pass anyway.

It's decided. I'm not accepting any more domain dumps. Or maybe I'll accept PRs only, where helpful contributors can properly vet them in a separate thread, detached from issues here.

picture StevenBlack on 19 Jul 2020
🚀1 👍1

All 15 comments

taken from infected pc

joodfbnm29.eu
joodfbnm27.eu
nbrwer27.eu
joodfbnm26.eu
nbrwer26.eu
joodfbnm25.eu
nbrwer25.eu
joodfbnm24.eu
nbrwer24.eu
joodfbnm23.eu
nbrwer23.eu
joodfbnm22.eu
nbrwer22.eu
joodfbnm21.eu
nbrwer21.eu
joodfbnm20.eu
nbrwer20.eu
joodfbnm19.eu
nbrwer19.eu
joodfbnm18.eu
nbrwer18.eu
joodfbnm17.eu
nbrwer17.eu
joodfbnm16.eu
nbrwer16.eu
joodfbnm15.eu
nbrwer15.eu
joodfbnm14.eu
nbrwer14.eu
joodfbnm13.eu
nbrwer13.eu
joodfbnm12.eu
nbrwer12.eu
joodfbnm11.eu
nbrwer11.eu
joodfbnm10.eu
nbrwer10.eu
joodfbnm9.eu
nbrwer9.eu
joodfbnm8.eu
nbrwer8.eu
joodfbnm7.eu
nbrwer7.eu
joodfbnm6.eu
joodfbnm4.eu
nbrwer4.eu
joodfbnm3.eu
nbrwer3.eu
joodfbnm2.eu
nbrwer2.eu
joodfbnm1.eu
nbrwer1.eu
syqydecuupkgikseyxi.eu
pfpvstgcjnxrji.eu
tgujfowebwfglrilnu.eu
sfkkxudmge.eu
xeixtnolvuuwmwy.eu
veidlqdwstqpgrmbs.eu
knkykjvd.eu
cdmgqqdqjwlo.eu
vmfmkxlxyr.eu
bjvbcpwryhtjotxcpur.eu
grxugvrwynyeyh.eu
ilwxedddvolepx.eu
lddskuvswkildob.eu
uvegqgicmwcoywd.eu
emippbnbphyloo.eu
yvxjsixn.eu
shsvveir.eu
vnsylgycmultlwcjnie.eu
nbrwer.eu
joodfbnm.eu

scafroglia93 picture scafroglia93 on 7 Jul 2020

emippbnbphyloao.eu

scafroglia93 picture scafroglia93 on 7 Jul 2020

@scafroglia93 i just went trough the report from your first post. If you don't mind enlighten me where exactly did you see all those domains there.

dnmTX picture dnmTX on 7 Jul 2020

They are malicious domains that come from an infected vps of mine that I use to take the domains to be blocked
They can be useful to anyone

scafroglia93 picture scafroglia93 on 7 Jul 2020

And how did you come to find those domains? Can you post a link or something? Kind of curious about the source.

dnmTX picture dnmTX on 7 Jul 2020

The vps that I use exploits the log generated by nextdns for this I managed to steal exactly the domains that are used as C2

scafroglia93 picture scafroglia93 on 7 Jul 2020

Thanks @scafroglia93 馃憤 I...honestly feel much safer now,knowing that such a high level network security researcher got our backs here.
Keep posting that nonsense 馃憤 馃憤 馃憤

dnmTX picture dnmTX on 7 Jul 2020

https://www.virustotal.com/gui/file/a21313d83fb43f4bcdaa0b2cbe350bb511dd52a7ebd81690dfa62c7e027a70ac/detection

scafroglia93 picture scafroglia93 on 7 Jul 2020

I'm done here !

dnmTX picture dnmTX on 7 Jul 2020

@romaincointepas would probably be happy to add this to nextdns/metadata's Threat Intelligence feed.

CyanoTex picture CyanoTex on 9 Jul 2020

Thanks Lorenzo @scafroglia93. I've added these, grudgingly, in commit 337e5ada.

I want to focus on being an aggregator, which is time-consuming enough.

I'm going to stop accepting domain dumps because this isn't sustainable. It befalls on me to curate a large number of domains that aren't of my own provenance. Randos on the Internet then come to me to adjudicate why their so-called "legitimate" domain is being blocked. It sucks. You should see my email inbox, daily.

In the future please submit domain dumps to one of our many curators who are are dialed to do this kind of work, long term. Because maintaining quality is work.

Closing.

StevenBlack picture StevenBlack on 18 Jul 2020

Steve @StevenBlack just FYI. Most(if not all) of the domains from the second post are dead.

dnmTX picture dnmTX on 19 Jul 2020

Fuck me. Thanks Dan @dnmTX.

My ad-hoc list is overdue for an automated pass anyway.

It's decided. I'm not accepting any more domain dumps. Or maybe I'll accept PRs only, where helpful contributors can properly vet them in a separate thread, detached from issues here.

StevenBlack picture StevenBlack on 19 Jul 2020
🚀1 👍1

My ad-hoc list is overdue for an automated pass anyway

I was thinking to suggest that considering the flood of domains lately that no one knows anything about...i just..didn't want to look like...too negative so let's leave it at that.

Or maybe I'll accept PRs only, where helpful contributors can properly vet them in a separate thread, detached from issues here

Steve @StevenBlack without any context provided,how could you vet anything? And let me give you the latest example:

Thanks for this Brew @beerisgood.
Do you have any documentation on why we should include each of these hosts? Where do these come from?
And the reply is:
I got all of these on different streaming sites and they open itself and are real annoying.

If anyone is OK with that context to vet anything...well...i'd say good luck and good riddance

dnmTX picture dnmTX on 19 Jul 2020

By way of example Dan @dnmTX, I've often added domains from popups I observe during web browsing. That's ok, that's the point of this project, but I'm aware of the domains I add, and the reasons why.

What irritates me are issues that say little more than "Domains to block" followed by a list of domains, with no context provided. I'm done with that. I'm going to push back on those.

What's most bugging me is, I've been too permissive. My ad-hoc list has become everyone's ad-hoc list, and it has become an add-only bucket, which is what I seek to avoid among all our sources.

I think we're generally on the right track, just need to be smarter with how we handle incoming.

StevenBlack picture StevenBlack on 19 Jul 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mikhoul picture mikhoul  路  3Comments
Sego1234 picture Sego1234  路  3Comments
bigdargon picture bigdargon  路  3Comments
CyanoTex picture CyanoTex  路  3Comments
onmyouji picture onmyouji  路  3Comments