(krebsonsecurity.com)

115 points jtbayly | 2 comments | 08 Nov 25 16:25 UTC | HN request time: 0.4s | source

Show context

arcfour ◴[08 Nov 25 18:14 UTC] No.45858689[source]▶

If an automated service is pulling the top 100 domains from CF and naively trusting them, why can't it also pull the categorization information that's right there and make sure none of the categories are "Malware"??? Who would write something like that? It's absolutely believable that the top 100 domains could contain malware domains...because of the nature of botnets and malware.

That's PEBCAK.

replies(3): >>45858802 #>>45859456 #>>45859833 #

1. charcircuit ◴[08 Nov 25 19:55 UTC] No.45859456[source]▶

>>45858689 #

Why not include them? What's wrong with have the most resolved domain being the top domain. I think it's interesting to know the actual most resolved domain, than the top of some editorialized list.

replies(1): >>45861758 #

2. arcfour ◴[09 Nov 25 00:43 UTC] No.45861758[source]▶

>>45859456 (TP) #

As discussed in the article, threat actors are using a botnet to game the system by repeatedly issuing queries for the domains; the list is intended to represent the top 100 domains resolved by legitimate users (and legitimate bots, I assume), not just "who can make the most queries to CloudFlare for a domain".

↑

Cloudflare scrubs Aisuru botnet from top domains list