2019-10-31 New DNS Firewall feed! dga-360.ioc2rpz.net

Today we have exciting news. A new DNS Firewall feed was added to the ioc2rpz community. Right now it is running in the test mode so there could be some changes.

dga-360.ioc2rpz - contains DGA domains generated by these malware families: Bamital, Banjori, Blackhole, Ccleaner, Chinad, Conficker, Cryptolocker, Dircrypt, Dyre, Emotet, Enviserv, Feodo, Fobber Gameover, Gspy, Locky, Madmax, Matsnu, Mirai, Murofet, Mydoom, Mecurs, Nymaim, Omexo, Padcrypt, Proslikefan, Pykspa, Qadars, Ramnit, Ranbyus, Rovnix, Shifu, Shiotob, Simda, Suppobox, Symmi, Tempedreve, Tinba, Tinynuke, Tofsee, Vawtrak, Vidro, Virut, Xshellghost.
The feed is powered by Netlab 360 (http://data.netlab.360.com/dga/) data.

DGA domains are used as rendezvous points for Command and Control. Malware can generate thousands domains using a defined algorithm. Even if C&C botnet was already taken down it is important to monitor the domains because they can be reused by other malware as well as your network still can be infected.

The feed currently contains about 1.2 million domains so please check if your DNS server is able to handle it.

In total on ioc2rpz community you can get 7 security feeds and 4 whitelists.

2019-09-26 New feature - community whitelist

The community whitelist is used to remediate false positives in other feeds. Of course you can use own whitelist on your DNS server but it is a bit less convenient. You can add and remove own indicators as well as vote for indicators submitted by other community users.

To apply the whitelist you can use the following feeds:
  • whitelist.ioc2rpz - verified whitelist. Domain based
  • whitelist-ip.ioc2rpz - verified whitelist. IP based
  • whitelist-raw.ioc2rpz - raw whitelist (positive votes). Domain based.
  • whitelist-raw-ip.ioc2rpz - raw whitelist (positive votes). IP based.
The feeds are updated every 30 minutes.

2019-09-25 New DNS Firewall feed - doh.ioc2rpz

If you protect your network on DNS you must block communications to any 3rd party DNS server your applications or devices may use. Vice versa your DNS Firewall will be useless. The feed contains publicly available DNS over HTTPs (DoH) servers and canary domains.

2019-09-24 New DNS Firewall feed - bogons-ipv4.ioc2rpz

A bogon prefix is a route that should never appear in the Internet routing table. The RPZ feed includes IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user.
The RPZ is generated from IPv4 bogon feed by Team Cymru (https://www.team-cymru.com/bogon-reference.html).

2019-08-01 Welcome to the ioc2rpz community!

What is ioc2rpz community?

ioc2rpz community is a portal which provides free of charge DNS Firewall (or Response Policy Zone) feeds. The DNS Firewall feeds are based on publicly available threat intelligence(TI). The TI feeds are maintained by 3rd party communities or companies and only a limited number of indicatores were whitelisted. We are not validating the TI feeds on false positives.

DNS Firewall feeds provided "as-is". They may contain false positives.

If you have any questions, comments, proposals or want to provide any feedback please contact us.

News | ioc2rpz technology | Terms & conditions | Sponsorship | Contact us

Sign up

I accept the terms and conditions. Creating...Create

Sign in

Signing in...Sign in Forgot password?

Email confirmation

Confirming...Confirm

Restore password

Confirming...Confirm

Change password

Confirming...Confirm