Strongarm Domain Feed Updates: May 2016

May 17, 2016 | By

Strongarm now automatically blackholes domains from three new feeds:

  1. Malc0de: This source contains a list of domains known to be hosting malicious binaries during the past 30 days. This list currently contains over 250 domains and is updated daily.
  2. Indicators from Fidelis: These high-confidence indicators are from Fidelis Cybersecurity blog posts and FTAs. This list currently contains 52 unique domains.
  3. Ponmocup IOCs from Fox-IT: Similar to the indicators from Fidelis, these high-confidence indicators from Fox-IT focus on tracking the Ponmocup botnet. This list currently contains 53 unique domains.

These three sources add to our growing list of data feeds. We are always looking for ways to increase the quantity and quality of domains blocked by Strongarm. Please contact us if you have feeds you’d like to see added to Strongarm.

Additionally, we removed the OpenPhish data feed which tracked phishing sites. Although we recognize phishing as an important security problem, we reached this decision for a few reasons:

  1. The domains added led to a high number of false positives which led to interrupting business operations by blocking services people rely on (like Google Drive, Office 365, and Dropbox).
  2. Blocking these domains via DNS fails to improve security for Strongarm users while negatively impacting their business operations. Ideally, the malicious URLs would be blocked via a properly configured web proxy.

If protection from phishing is important to you (and your business), please let us know. We would love to work with you on this problem!

These new data feeds are available to all current Strongarm users. You can view, configure, and search your domain feeds at any time by logging into your account.

If you have any questions, or would like to suggest additional sources of domains, please contact us!