Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blacklist DNS Alert

From: Mustafa Qasim <alajal () gmail com>
Date: Wed, 22 May 2013 22:58:09 +0500
It's looks more like Potentially Unwanted Application (PUA) or Adware
category. However it doesn't have any positive or legitimate web
presence/history. It's safe to block it. Anyone can use AWS infrastructure
to host malicious content like people do setup launchpads using free
webhsoting and dynamicdns providers.

www.scumware.org/report/d1js21szq85hyn.cloudfront.net
https://www.virustotal.com/en/domain/d1js21szq85hyn.cloudfront.net/information/

Thanks

On Wed, May 22, 2013 at 10:39 PM, Josh Bitto <jbitto () onlineschool ca> wrote:


I'm getting this alert on my IPS from my DNS server (internal IP) out to
this particular IP address.

[1:26554:1] BLACKLIST DNS request for known malware domain
d1js21szq85hyn.cloudfront.net - Win.Adware.BProtector

Does anyone know if could be a false positive? I've tried looking to see
if this domain is blacklisted...it looks like it's from amazon. It shows
the source as my DNS server so I'm trying to determine the possibilities
that may have caused this trigger to happen.



------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!





-- 
*Mustafa Qasim*

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: