Own your DNS

DNS is a control plane of the Internet

No more ads, no more malware and more privacy if you own your DNS and enable DNS Security.

Free DNS Firewall (RPZ) feeds for registered users:

  • Malware Domain Blocklist by RiskAnalytics
  • Notracking - no more ads, tracking and other virtual garbage
  • PhishTank - phishing domains and IPs
  • etc

Powered by ioc2rpz

2019-10-31 New DNS Firewall feed! dga-360.ioc2rpz.net

Today we have exciting news. A new DNS Firewall feed was added to the ioc2rpz community. Right now it is running in the test mode so there could be some changes.

dga-360.ioc2rpz - contains DGA domains generated by these malware families: Bamital, Banjori, Blackhole, Ccleaner, Chinad, Conficker, Cryptolocker, Dircrypt, Dyre, Emotet, Enviserv, Feodo, Fobber Gameover, Gspy, Locky, Madmax, Matsnu, Mirai, Murofet, Mydoom, Mecurs, Nymaim, Omexo, Padcrypt, Proslikefan, Pykspa, Qadars, Ramnit, Ranbyus, Rovnix, Shifu, Shiotob, Simda, Suppobox, Symmi, Tempedreve, Tinba, Tinynuke, Tofsee, Vawtrak, Vidro, Virut, Xshellghost.
The feed is powered by Netlab 360 (http://data.netlab.360.com/dga/) data.

DGA domains are used as rendezvous points for Command and Control. Malware can generate thousands domains using a defined algorithm. Even if C&C botnet was already taken down it is important to monitor the domains because they can be reused by other malware as well as your network still can be infected.

The feed currently contains about 1.2 million domains so please check if your DNS server is able to handle it.

In total on ioc2rpz community you can get 7 security feeds and 4 whitelists.

What is ioc2rpz community?

ioc2rpz community is a portal which provides free of charge DNS Firewall (or Response Policy Zone) feeds. The DNS Firewall feeds are based on publicly available threat intelligence(TI). The TI feeds are maintained by 3rd party communities or companies and only a limited number of indicatores were whitelisted. We are not validating the TI feeds on false positives.

DNS Firewall feeds provided "as-is". They may contain false positives.

If you have any questions, comments, proposals or want to provide any feedback please contact us.

What is DNS Firewall?

DNS Firewall or DNS Response Policy Zones is a DNS server feature that allows to overlay custom information on top of the global DNS to provide alternate responses to DNS queries.
The prime motivation for creating this feature was to protect users from badness on the Internet related to known-malicious global identifiers such as host names, domain names, IP addresses, or nameservers.
Criminals tend to keep using the same identifiers until they are taken away from them. Unfortunately, the Internet security industry's ability to take down criminal infrastructure at domain registries, hosting providers or ISPs is not timely enough to be effective.
Using DNS Firewall, a network or DNS administrator can implement their own protection policies base based on reputation feeds from security service providers on a near-real-time basis.
More information available at dnsrpz.info

Supported by
* - wasn't tested with ioc2rpz.

Available DNS Firewall feeds

News | ioc2rpz technology | Terms & conditions | Sponsorship | Contact us

Sign up

I accept the terms and conditions. Creating...Create

Sign in

Signing in...Sign in Forgot password?

Email confirmation


Restore password


Change password