Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ponmocup DNSBL feed

    Scheduled Pinned Locked Moved pfBlockerNG
    7 Posts 3 Posters 487 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      drewsaur
      last edited by

      Does anybody know what's happened to this DNSBL 'Malicious2' feed:

      http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv

      ?

      It's been reporting as down for several weeks now.

      GertjanG fireodoF 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @drewsaur
        last edited by

        @drewsaur

        xxx.dyndns.org so a free host name.
        Still, the storage isn't free probably - and as soon as such a list get references by, for example, pfBlockerng, which in turn gets used by #diot# that actually try to update the list every hours, the guy that puts the list in place gets slammed with a big bill to pay as the list downloading generated a lot of traffic.

        If he was hosting himself the file on a NAS locally, maybe he got fed up by having all it's bandwidth being eaten away by the xxx thousands of pfBlocker instances trying to download the list a ll the time.

        As most of these lists are collected, created, hosted and maintain for free, but some one has to pay finally, list can 'go away' like this.

        Anyway, these are just some reasons. Many others exist.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • fireodoF
          fireodo @drewsaur
          last edited by fireodo

          @drewsaur said in Ponmocup DNSBL feed:

          It's been reporting as down for several weeks now.

          You can use this list:

          https://iplists.firehol.org/?ipset=firehol_webclient
          

          as the original feed is included for 100%

          (source: https://iplists.firehol.org/?ipset=dyndns_ponmocup )

          Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
          SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
          pfsense 2.8.0 CE
          Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

          D 2 Replies Last reply Reply Quote 0
          • D
            drewsaur @fireodo
            last edited by

            @fireodo said in Ponmocup DNSBL feed:

            @drewsaur said in Ponmocup DNSBL feed:

            It's been reporting as down for several weeks now.

            You can use this list:

            https://iplists.firehol.org/?ipset=firehol_webclient
            

            as the original feed is included for 100%

            (source: https://iplists.firehol.org/?ipset=dyndns_ponmocup )

            Thanks, but...that is not a DNSBL feed, it's an IP blacklist feed, so that leaves me a bit confused?

            1 Reply Last reply Reply Quote 0
            • D
              drewsaur @fireodo
              last edited by

              @fireodo for reference, here is the last known version of that file in the Internet Archive:

              "timestamp","ip","http_host","url","port","application","tag","redirect_target","category"
              "2024-04-21 12:00:36","192.99.161.26","www.aca-uccle.be","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.aca-uccle.be","redirect-to-malware"
              "2024-04-21 12:00:56","77.111.240.50","www.destrangers.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.destrangers.org","redirect-to-malware"
              "2024-04-21 12:01:10","200.170.151.200","afag.com.br","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","afag.com.br","redirect-to-malware"
              "2024-04-21 12:01:35","52.71.57.184","avicennaglobal.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:01:51","3.130.204.160","bcrwd.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:01:56","72.172.132.43","blackcanyoncoffee.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","blackcanyoncoffee.com","redirect-to-malware"
              "2024-04-21 12:02:00","213.186.33.18","blog.autourdeminuit.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","blog.autourdeminuit.com","redirect-to-malware"
              "2024-04-21 12:02:01","78.47.71.170","bluewingz.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","bluewingz.com","redirect-to-malware"
              "2024-04-21 12:02:26","79.124.76.10","cdcookingbook.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","cdcookingbook.com","redirect-to-malware"
              "2024-04-21 12:03:03","3.130.204.160","desifucker.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:03:07","69.61.26.162","d-math1.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","d-math1.com","redirect-to-malware"
              "2024-04-21 12:03:24","79.124.76.10","eniaktesting.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","eniaktesting.com","redirect-to-malware"
              "2024-04-21 12:04:28","173.254.30.178","harlawacademy.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","harlawacademy.org","redirect-to-malware"
              "2024-04-21 12:05:02","206.188.193.120","janeece.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","virtualmapping.org","redirect-to-malware"
              "2024-04-21 12:05:22","82.118.24.217","kw-dl.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","kw-dl.com","redirect-to-malware"
              "2024-04-21 12:05:28","94.130.190.96","laserme.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.domainkompetenz.de","redirect-to-malware"
              "2024-04-21 12:06:32","54.153.111.129","ncpo.cc","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","ncpo.cc","redirect-to-malware"
              "2024-04-21 12:06:38","3.130.253.23","nitpl.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:06:52","3.130.253.23","optipaint.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:07:05","213.186.33.19","pileus.fr","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","pileus.fr","redirect-to-malware"
              "2024-04-21 12:07:07","69.30.245.146","pmmilrec.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","pmmilrec.com","redirect-to-malware"
              "2024-04-21 12:07:09","199.67.250.59","police.moraga.ca.us","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","jesusonlynet.org","redirect-to-malware"
              "2024-04-21 12:08:00","3.130.253.23","rollingonline.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:08:31","94.152.142.140","stw-eu.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","stw-eu.com","redirect-to-malware"
              "2024-04-21 12:08:38","52.86.6.113","swchan.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:09:21","3.130.253.23","trasalud.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:09:34","72.167.78.221","watchourvideo.net","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","formedtouch.com","redirect-to-malware"
              "2024-04-21 12:09:38","18.119.154.66","webdesignfm.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.hugedomains.com","redirect-to-malware"
              "2024-04-21 12:10:38","203.174.34.49","www.apmc.com.hk","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","capitalinformer.com","redirect-to-malware"
              "2024-04-21 12:11:45","217.160.0.240","www.bodasexclusivas.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","compass.automotiveeventregistration.com","redirect-to-malware"
              "2024-04-21 12:14:51","104.21.11.31","www.economistas.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","economistas.es","redirect-to-malware"
              "2024-04-21 12:15:20","31.11.36.8","www.farmasanmodababy.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.farmasanmodababy.com","redirect-to-malware"
              "2024-04-21 12:16:28","64.70.19.52","www.geoffwhite.ws","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.geoffwhite.ws","redirect-to-malware"
              "2024-04-21 12:17:10","217.76.132.246","www.hostal3soles.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","besidesdream.com","redirect-to-malware"
              "2024-04-21 12:20:05","217.160.0.152","www.log-in-verlag.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.log-in-verlag.de","redirect-to-malware"
              "2024-04-21 12:20:13","122.201.84.241","www.loxsavvy.com.au","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.loxsavvy.com.au","redirect-to-malware"
              "2024-04-21 12:20:43","85.13.140.101","www.mazus-art.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","allintercom.net","redirect-to-malware"
              "2024-04-21 12:21:51","173.209.47.104","www.mywoom.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","virtualmapping.org","redirect-to-malware"
              "2024-04-21 12:24:14","217.160.0.225","www.rollershop.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.rollershop.de","redirect-to-malware"
              "2024-04-21 12:24:44","162.255.166.188","www.sdfbd.org","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","www.sdfbd.org","redirect-to-malware"
              "2024-04-21 12:26:32","74.208.236.248","www.therapiehyperbare.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","tagipur.mrsstyleseeker.com","redirect-to-malware"
              "2024-04-21 12:26:40","66.96.149.32","www.timelessimagesmi.com","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","abusalewm.exceltoner.com","redirect-to-malware"
              "2024-04-21 12:28:48","144.76.45.43","www.zoeblitzer-natursteine.de","/","80","http","htaccess-infected-webserver-leads-to-zuponcic","besidesdream.com","redirect-to-malware"

              fireodoF 1 Reply Last reply Reply Quote 0
              • fireodoF
                fireodo @drewsaur
                last edited by fireodo

                @drewsaur said in Ponmocup DNSBL feed:

                here is the last known version of that file in the Internet Archive:

                Maybe if you dig you find someone who still maintain that list ...

                PS. I've done a intensive search but I couldn't find a list with domains ... 😞

                Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                pfsense 2.8.0 CE
                Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                D 1 Reply Last reply Reply Quote 0
                • D
                  drewsaur @fireodo
                  last edited by

                  @fireodo thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.