Sleuthing tool - links to bookmark

General Topics
1

Hi malware fighters,

Nice page with links here: http://www.anti-malvertising.com/sleuthing-tools-resources

Some of the ones I use: http://safeweb.norton.com/

http://linkscanner.explabs.com/linkscanner/default.aspx

http://anubis.iseclab.org/

http://www.mywot.com/

http://www.mywot.com/en/scorecard/reclassify.url.trendmicro.com

http://online.drweb.com/

http://www.robtex.com/ and specifically
http://www.robtex.com/ip/xxx.xxxx.xxxx.xxxx.html#blacklists

pol

2

Thanks for the extra links. I have used robtex.com quite a few times on these forums.

3

What have you used robotex for CharleyO, I had a look at the site and nothing special that isn’t in a number of other sites ?

4

While it is true that you might find the same information elsewhere, I started using robtex (not robotex) several years ago to discover where the IP addresses lead to and why/what else was linked to such IP addresses.

Here are a few recent examples of my usage of the site on this forum.

http://forum.avast.com/index.php?topic=42709.msg374880#msg374880

http://forum.avast.com/index.php?topic=52658.msg446336#msg446336

http://forum.avast.com/index.php?topic=41695.msg349652#msg349652

http://forum.avast.com/index.php?topic=38204.msg320225#msg320225

Edited to correct typos.

5

Hi CharleyO,

Yes it is a Swiss Army Knife Internet tool, also interesting is what comes under the tab blacklists

For lop dot com (this does not come whitelisted no way nowhere but further info per blacklist on robtex

blocklist link status description
not whitelisted
white.uribl.com link
green
bl.deadbeef.com
in.dnsbl.org
ex.dnsbl.org
zebl.zoneedit.com
bulk.rhs.mailpolice.com link
porn.rhs.mailpolice.com link
fraud.rhs.mailpolice.com link
block.rhs.mailpolice.com link
dynamic.rhs.mailpolice.com link
adv.rhs.mailpolice.com link
webmail.rhs.mailpolice.com link
rddn.dnsbl.net.au
postmaster.rfc-ignorant.org link
dsn.rfc-ignorant.org link
abuse.rfc-ignorant.org link
whois.rfc-ignorant.org link
bogusmx.rfc-ignorant.org link
badconf.rhsbl.sorbs.net
nomail.rhsbl.sorbs.net
rhsbl.ahbl.org
dnsbl.cyberlogic.net
jwrh.dnsbl.net.au
dnsrbl.swinog.ch link
black.uribl.com link
grey.uribl.com link
red.uribl.com link
multi.uribl.com link
multi.surbl.org link
dyndns.rbl.jp

and search on like here one of the links above: mailpolice

k.uribl.com linkgrey.uribl.com linkred.uribl.com linkmulti.uribl.com linkmulti.surbl.org linkdyndns.rbl.jp

really versatile, and by origin Dutch I guess,

pol

P.S. And CharleyO, thank you for this sleuthing tool link: = http://www.malwareurl.com/listing.php?domain=verymalicious.com - really nice find, my friend,

Damian

6

You are welcome, Polonus. :slight_smile:

It is now on my speed dial in Opera so that it is easy to get to for future use. :smiley: