Ever set up a multi/handler and get an odd IP hitting it? Probably forgot about it as internet chatter? Think again, you might have just been caught
AV Tracker - http://avtracker.info/ is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other “Submit-your-malware-here” drop boxes use.
Peter Kleissner and his team provide
- ranges that the hosts use
- a dynamic text file with the IP addresses listed if you want to add it to some auto updating block list
- a line by line IPTABLES block config
- and even C code to add into your binary to make sure it doesn’t talk out from one of those addresses (I could be reading it wrong, still a beginner in C)
The team has been criticized a lot by AV vendors, enough so the took down the site in January of this year. But it came back June 5th.
I use this site to help me know when the Incident Responders are on to me for my pen testing jobs. I do not wish to get in the debate of how a tool could be used.