uBlock/Adblock Filter for NSA

Status
Not open for further replies.
A

antreas

Thread author
uBlock/Adblock filters to block NSA known servers from Shadow Brokers dump.

Code:
! Adblock the NSA.
! List of servers from Matt Swann on Twitter
! If you have uBlock Origin installed, open the page
! chrome://ublock0/content/dashboard.html#1p-filters.html
! and paste these filters on it.
||bgl1dr1-a-fixed.sancharnet.in
||bgl1pp1-a-fixed.sancharnet.in
||bj02.cww.com
||butt-head.mos.ru
||dcproxy1.thrunet.com
||dmn2.bjpeu.edu.cn
||dns2.net1.it
||doors.co.kr
||enterprise.telesat.com.co
||eol1.egyptonline.com
||fw433.npic.ac.cn
||gambero3.cs.tin.it
||gate.technopolis.kirov.ru
||hakuba.janis.or.jp
||imms1.macau.ctm.net
||indy.fjmu.edu.cn
||jur.unn.ac.ru
||kacstserv.kacst.edu.sa
||kacstserv.kacst.edu.sa
||known.counsellor.gov.cn
||kserv.krldysh.ru
||laleh.itrc.ac.ir
||m0-s.san.ru
||mail-gw.jbic.go.jp
||mail.bangla.net
||mail.edi.edu.cn
||mail.hallym.ac.kr
||mail.hangzhouit.gov.cn
||mail.hz.zh.cn
||mail.imamu.edu.sa
||mail.interq.or.jp
||mail.ioc.ac.ru
||mail.issas.ac.cn
||mail.pmo.ac.cn
||mail.siom.ac.cn
||mail.tropmet.res.in
||mail.tsinghua.edu.cn
||mail.zzu.edu.cn
||mail1.371.net
||mailgate.sbell.com.cn
||mailgw.thtf.com.cn
||mailhub.minaffet.gov.rw
||mails.cneic.com.cn
||mailscan3.cau.ctm.net
||mailsrv02.macau.ctm.net
||mailsvra.macau.ctm.net
||mbi3.kuicr.kyoto-u.ac.jp
||mcd-su-2.mos.ru
||metcoc5cm.clarent.com
||mipsa.ciae.ac.cn
||mn.mn.co.cu
||most.cob.net.ba
||mpkhi-bk.multi.net.pk
||msgstore2.pldtprv.net
||mtccsun.imtech.ernet.in
||mx1.freemail.ne.jp
||n02.unternehmen.com
||nd11mx1-a-fixed.sancharnet.in
||ndl1mc1-a-fixed.sancharnet.in
||ndl1mx1-a-fixed.sancharnet.in
||ndl1pp1-a-fixed.sancharnet.in
||no1.unternehemen.com
||no3.unternehmen.org
||ns.cac.com.cn
||ns.huawei.com.cn
||ns.nint.ac.cn
||ns1.2911.net
||ns1.multi.net.pk
||ns2.rosprint.ru
||ns2.xidian.edu.cn
||opcwdns.opcw.nl
||opserver01.iti.net.pk
||orange.npix.net
||orion.platino.gov.ve
||outweb.nudt.edu.cn
||pdns.nudt.edu.cn
||petra.nic.gov.jo
||pop.net21pk.com
||post.netchina.com.cn
||postbox.mos.ru
||public2.zz.ha.cn
||rayo.pereira.multi.net.co
||sea.net.edu.cn
||sea.net.edu.cn
||sedesol.sedesol.gob.mx
||segob.gob.mx
||sky.kies.co.kr
||smmu-ipv6.smmu.edu.cn
||smtp.2911.net
||smtp.macau.ctm.net
||sonatns.sonatrach.dz
||sparc.nour.net.sa
||sps01.office.ctm.net
||sunhe.jinr.ru
||sussi.cressoft.com.pk
||tx.micro.net.pk
||ultra2.tsinghua.edu.cn
||unk.vver.kiae.rr
||unknown.counsellor.gov.cn
||voyager1.telesat.com.co
||web-ccfr.tsinghua.edu.cn
||webnetra.entelnet.bo
||webserv.mos.ru
||ws.xjb.ac.cn
||www.caramail.com
||www.siom.ac.cn
||www21.counsellor.gov.cn
||www21.counsellor.gov.cn
 
Last edited by a moderator:
5

509322

Thread author
Understand what is meant by a "staging server".

From Techopedia.com:

"A staging server is a type of server that is used to test a software, website or service in a production-similar environment before being set live. It is part of a staging environment or staging site, where it serves as a temporary hosting and testing server for any new software or websites."

Blocking those URLs is probably only a short-term counter-measure since NSA will likely change the servers\URLs now that the details have been leaked.

Although, it does look like an opportunity to practice creation of a custom uBlock URL block list - so one way or another you can get something out of it.
 

RedTeam

Level 1
Verified
Oct 28, 2016
19
Shadow Brokers leak was from mid 2013. I really doubt any of these servers are still online. I doubt the NSA is that stupid.

If the Shadow Brokers honestly have more NSA exploits they need to release them. No one is paying money upfront with no proof.

 

Andytay70

Level 15
Verified
Top Poster
Well-known
Jul 6, 2015
737
NSA & M$ are best buddies so blocking the NSA is pointless!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top