Ponmocup DNSBL feed

drewsaur

Does anybody know what's happened to this DNSBL 'Malicious2' feed:

http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv

?

It's been reporting as down for several weeks now.

Gertjan

@drewsaur

xxx.dyndns.org so a free host name.
Still, the storage isn't free probably - and as soon as such a list get references by, for example, pfBlockerng, which in turn gets used by #diot# that actually try to update the list every hours, the guy that puts the list in place gets slammed with a big bill to pay as the list downloading generated a lot of traffic.

If he was hosting himself the file on a NAS locally, maybe he got fed up by having all it's bandwidth being eaten away by the xxx thousands of pfBlocker instances trying to download the list a ll the time.

As most of these lists are collected, created, hosted and maintain for free, but some one has to pay finally, list can 'go away' like this.

Anyway, these are just some reasons. Many others exist.

fireodo

@drewsaur said in Ponmocup DNSBL feed:

It's been reporting as down for several weeks now.

You can use this list:

https://iplists.firehol.org/?ipset=firehol_webclient

as the original feed is included for 100%

(source: https://iplists.firehol.org/?ipset=dyndns_ponmocup )

drewsaur

@fireodo said in Ponmocup DNSBL feed:

@drewsaur said in Ponmocup DNSBL feed:

It's been reporting as down for several weeks now.

You can use this list:

https://iplists.firehol.org/?ipset=firehol_webclient

as the original feed is included for 100%

(source: https://iplists.firehol.org/?ipset=dyndns_ponmocup )

Thanks, but...that is not a DNSBL feed, it's an IP blacklist feed, so that leaves me a bit confused?

drewsaur

@fireodo for reference, here is the last known version of that file in the Internet Archive:

"timestamp","ip","http_host","url","port","application","tag","redirect_target","category"
"2024-04-21 12:00:36","192.99.161.26","www.aca-uccle.be","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.aca-uccle.be","redirect-to-malware"
"2024-04-21 12:00:56","77.111.240.50","www.destrangers.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.destrangers.org","redirect-to-malware"
"2024-04-21 12:01:10","200.170.151.200","afag.com.br","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","afag.com.br","redirect-to-malware"
"2024-04-21 12:01:35","52.71.57.184","avicennaglobal.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:01:51","3.130.204.160","bcrwd.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:01:56","72.172.132.43","blackcanyoncoffee.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","blackcanyoncoffee.com","redirect-to-malware"
"2024-04-21 12:02:00","213.186.33.18","blog.autourdeminuit.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","blog.autourdeminuit.com","redirect-to-malware"
"2024-04-21 12:02:01","78.47.71.170","bluewingz.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","bluewingz.com","redirect-to-malware"
"2024-04-21 12:02:26","79.124.76.10","cdcookingbook.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","cdcookingbook.com","redirect-to-malware"
"2024-04-21 12:03:03","3.130.204.160","desifucker.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:03:07","69.61.26.162","d-math1.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","d-math1.com","redirect-to-malware"
"2024-04-21 12:03:24","79.124.76.10","eniaktesting.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","eniaktesting.com","redirect-to-malware"
"2024-04-21 12:04:28","173.254.30.178","harlawacademy.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","harlawacademy.org","redirect-to-malware"
"2024-04-21 12:05:02","206.188.193.120","janeece.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","virtualmapping.org","redirect-to-malware"
"2024-04-21 12:05:22","82.118.24.217","kw-dl.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","kw-dl.com","redirect-to-malware"
"2024-04-21 12:05:28","94.130.190.96","laserme.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.domainkompetenz.de","redirect-to-malware"
"2024-04-21 12:06:32","54.153.111.129","ncpo.cc","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","ncpo.cc","redirect-to-malware"
"2024-04-21 12:06:38","3.130.253.23","nitpl.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:06:52","3.130.253.23","optipaint.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:07:05","213.186.33.19","pileus.fr","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","pileus.fr","redirect-to-malware"
"2024-04-21 12:07:07","69.30.245.146","pmmilrec.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","pmmilrec.com","redirect-to-malware"
"2024-04-21 12:07:09","199.67.250.59","police.moraga.ca.us","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","jesusonlynet.org","redirect-to-malware"
"2024-04-21 12:08:00","3.130.253.23","rollingonline.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:08:31","94.152.142.140","stw-eu.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","stw-eu.com","redirect-to-malware"
"2024-04-21 12:08:38","52.86.6.113","swchan.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:09:21","3.130.253.23","trasalud.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:09:34","72.167.78.221","watchourvideo.net","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","formedtouch.com","redirect-to-malware"
"2024-04-21 12:09:38","18.119.154.66","webdesignfm.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
"2024-04-21 12:10:38","203.174.34.49","www.apmc.com.hk","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","capitalinformer.com","redirect-to-malware"
"2024-04-21 12:11:45","217.160.0.240","www.bodasexclusivas.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","compass.automotiveeventregistration.com","redirect-to-malware"
"2024-04-21 12:14:51","104.21.11.31","www.economistas.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","economistas.es","redirect-to-malware"
"2024-04-21 12:15:20","31.11.36.8","www.farmasanmodababy.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.farmasanmodababy.com","redirect-to-malware"
"2024-04-21 12:16:28","64.70.19.52","www.geoffwhite.ws","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.geoffwhite.ws","redirect-to-malware"
"2024-04-21 12:17:10","217.76.132.246","www.hostal3soles.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","besidesdream.com","redirect-to-malware"
"2024-04-21 12:20:05","217.160.0.152","www.log-in-verlag.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.log-in-verlag.de","redirect-to-malware"
"2024-04-21 12:20:13","122.201.84.241","www.loxsavvy.com.au","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.loxsavvy.com.au","redirect-to-malware"
"2024-04-21 12:20:43","85.13.140.101","www.mazus-art.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","allintercom.net","redirect-to-malware"
"2024-04-21 12:21:51","173.209.47.104","www.mywoom.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","virtualmapping.org","redirect-to-malware"
"2024-04-21 12:24:14","217.160.0.225","www.rollershop.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.rollershop.de","redirect-to-malware"
"2024-04-21 12:24:44","162.255.166.188","www.sdfbd.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.sdfbd.org","redirect-to-malware"
"2024-04-21 12:26:32","74.208.236.248","www.therapiehyperbare.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","tagipur.mrsstyleseeker.com","redirect-to-malware"
"2024-04-21 12:26:40","66.96.149.32","www.timelessimagesmi.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","abusalewm.exceltoner.com","redirect-to-malware"
"2024-04-21 12:28:48","144.76.45.43","www.zoeblitzer-natursteine.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","besidesdream.com","redirect-to-malware"

fireodo

@drewsaur said in Ponmocup DNSBL feed:

here is the last known version of that file in the Internet Archive:

Maybe if you dig you find someone who still maintain that list ...

PS. I've done a intensive search but I couldn't find a list with domains ...

drewsaur

@fireodo thanks