Listas de bloqueo de direcciones IP y URL maliciosas

Varias organizaciones mantienen y publican listas de bloqueo gratuitas de direcciones IP y URL de sistemas y redes sospechosas de actividades maliciosas en línea.

Algunas de estas listas tienen restricciones de uso:

• Artists Against 419: Lists fraudulent websites
• ATLAS from Arbor Networks: Registration required by contacting Arbor
• Blackweb Project: Optimized for Squid
• CLEAN-MX Realtime Database: XML output available
• CriticalStack Intel Marketplace: Registration required; optimized for Bro
• CYMRU Bogon List
• DShield Blocklist
• FireHOL IP Lists: Combines several blocklists from other sources
• Google Safe Browsing API: Programmatic access; restrictions apply
• hpHosts File: Limited automation on request
• Malc0de Database
• Malware Domain Blocklist: Free for non-commercial use
• MalwareDomainList.com Hosts List
• Malware Patrol's Malware Block Lists: Free for non-commercial use
• MalwareURL List: Commercial service; free licensing options may be available
• OpenPhish: Phishing sites; free for non-commercial use
• PhishTank Phish Archive: Query database via API
• Project Honey Pot's Directory of Malicious IPs: Registration required to view more than 25 IPs
• Risk Discovery: Programmatic access, based on HoneyPy data
• Scumware.org
• Shadowserver IP and URL Reports: Registration and approval required
• StrictBlockPAllebone
• URLhaus: Programmatic access available
• VoIP Blacklist: Specific to VoIP abusers
• www.BlockList.de

Sitios web potencialmente maliciosos

Varias organizaciones ofrecen herramientas en línea gratuitas para buscar un sitio web potencialmente malicioso. Algunas de estas herramientas brindan información histórica; otros examinan la URL en tiempo real para identificar amenazas:

• AbuseIPDB: Provides reputation data about the IP address or hostname
• Auth0 Signals: Checks IP address reputation; supports API
• BrightCloud URL/IP Lookup: Presents historical reputation data about the website
• CheckPhish: Checks whether the URL is a fraudulent site
• CyberGordon: Look up the website (and other observables) across several services
• Desenmascara.me: Flags websites suspected of selling counterfeit products
• Email Blocklist Checker: Checks the domain name or IP address against email blocklists (email address required, opts into marketing).
• FileScan.io: Examines the URL in real time
• FortiGuard lookup: Displays the URL's history and category
• Google Safe Browsing: Look up the website's current status
• hashdd: Provides historical data about IPs, URLs, etc.
• IBM X-Force Exchange: Provides historical data about IPs, URLs, etc.
• IPQualityScore: Presents a risk ranking for the IP address
• Joe Sandbox URL Analyzer: Examines the URL in real time
• Ironscales Fake Login URL Scanner: Examines the URL for signs of phishing
• Is It Hacked: Performs several checks in real time and consults some blacklists
• IsItPhishing: Assesses the specified URL in real-time
• Kaspersky Threat Intel Portal: Looks up the IP, URL, or domain in a blacklist
• Norton Safe Web: Presents historical reputation data about the website
• Palo Alto Networks URL Filtering: Looks up the URL in a blacklist
• PhishTank: Looks up the URL in its database of known phishing websites
• PolySwarm: Uses several services to examine the website or look up the URL
• Malware Domain List: Looks up recently-reported malicious websites
• MalwareURL: Looks up the URL in its historical list of malicious websites
• McAfee Site Lookup: Checks URL reputation in various McAfee lists
• MxToolbox: Queries multiple reputational sources for information about the IP or domain
• Open Threat Exchange: Presents diverse threat intelligence data from AlienVault
• PassiveTotal: Presents passive DNS and other threat intelligence data
• Pulsedive: Presents historical data and queries for additional information
• Quttera ThreatSign: Scans the specified URL for the presence of malware
• Scamadviser: Checks whether the website is likely a shopping scam
• SecurityTrails: Provides current and historical domain or system data
• Sucuri SiteCheck: Scans the URL for malware in real-time and looks it up in several blacklists
• Talos Reputation Lookup: Presents historical reputation data about the website
• Trend Micro Site Safety Center: Presents historical reputation data about the website
• ThreatSTOP Check IoC: Looks up the UP or domain in a blacklist (requires your email address)
• urlscan.io: Examines the URL in real time and displays the requests it issues to render the page
• URLVoid and IPVoid: Looks up the URL or IP across several services
• VirusTotal: Looks up the URL in several databases of malicious sites
• ThreatMiner: Presents diverse threat intelligence data
• WebPulse Site Review: Looks up the website in BlueCoat's database
• Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques
• zveloLive: Looks up the website in its database of categories

Sandboxes y servicios de análisis de malware automatizado

Las herramientas de análisis de malware automatizadas, como los entornos limitados de análisis, ahorran tiempo y ayudan con la clasificación durante la respuesta a incidentes y las investigaciones forenses. Proporcionan una descripción general de las capacidades del espécimen, de modo que los analistas puedan decidir dónde centrar sus esfuerzos de seguimiento.

• AMAaaS (Android files)
• Any.run (free version)
• Binary Guard True Bare Metal
• Intezer Analyze (Community Edition)
• IRIS-H (focuses on document files)
• CAPE Sandbox
• Comodo Valkyrie
• Detux Sandbox (Linux binaries)
• FileScan.IO (static analysis and emulation)
• Gatewatcher Intelligence
• Hatching Triage (Individual and researcher licenses)
• Hybrid Analysis
• InQuest Labs Deep File Inspection
• Joe Sandbox Cloud (Community Edition)
• Manalyzer (static analysis)
• sandbox.pikker.ee
• SandBlast Analysis
• SecondWrite (free version)
• SNDBOX
• ThreatConnect
• ThreatZone
• VirusTotal
• Yomi

Fuente: Zeltser