Snort mailing list archives
Re: Blacklist DNS Alert
From: Mustafa Qasim <alajal () gmail com>
Date: Wed, 22 May 2013 22:58:09 +0500
It's looks more like Potentially Unwanted Application (PUA) or Adware category. However it doesn't have any positive or legitimate web presence/history. It's safe to block it. Anyone can use AWS infrastructure to host malicious content like people do setup launchpads using free webhsoting and dynamicdns providers. www.scumware.org/report/d1js21szq85hyn.cloudfront.net https://www.virustotal.com/en/domain/d1js21szq85hyn.cloudfront.net/information/ Thanks On Wed, May 22, 2013 at 10:39 PM, Josh Bitto <jbitto () onlineschool ca> wrote:
I'm getting this alert on my IPS from my DNS server (internal IP) out to this particular IP address. [1:26554:1] BLACKLIST DNS request for known malware domain d1js21szq85hyn.cloudfront.net - Win.Adware.BProtector Does anyone know if could be a false positive? I've tried looking to see if this domain is blacklisted...it looks like it's from amazon. It shows the source as my DNS server so I'm trying to determine the possibilities that may have caused this trigger to happen. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- *Mustafa Qasim*
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Blacklist DNS Alert Josh Bitto (May 22)
- Re: Blacklist DNS Alert Mustafa Qasim (May 22)