What are the most fruitful ways through which I can report ip address for hacking to the authorities?

330    Asked by Amitraj in SQL Server , Asked on Dec 31, 2021

What is the best way to report an international cyber crime? Is it worth reporting at all?

Answered by Alison Kelly

Below are some tested ways to report ip address for hacking -

If you want to report a dropper (or even second-stage) delivered as part of a drive-by download (even if it initially came from a phish or any other source), please use URLHaus. This site specializes in providing back to the community in several ways, especially if you are a security professional with a Twitter handle involved in malware takedowns. The ability to see the history of the domain, IP, and/or URIs involved is helpful, as is the tagging, overall organization, and links out to VirusTotal, etc. After URLHaus has dealt with the submission and closed the issue, reporting it to Google Safe Browsing Report Badware and Microsoft Windows Defender Security Intelligence are good moves.

If you want to report a C2 Server, check out Shodan's Malware Hunter project.

If you want to report a web skimmer (such as a credential or payment-card stealer), please submit it first to urlscan.io and then to Google Safe Browsing, Bing Delister, Palo Url Filtering, FortiNet WF Ratings, BrightCloud CR, Borderware Domain Lookup, Cisco Talos Reputation, McAfee TrustedSource, and Symantec Site Review. This can definitely include cryptojacking as well as anything that requires user input over the web.

Really any phish should be submitted to Google Safe Browsing Report Phish as well as PhishTank and Microsoft. Listing it with PhishTank gets it listed with OpenDNS and into the Cisco ecosystem.

If you want to report an EK, DoS/DDoS source, or fumbler, I would suggest leveraging a commercial Threat Intelligence Platform (TIP), such as Anomali ThreatStream or RecordedFuture. There used to be EK Hunter resources, but they are down now and I do not know why -- maybe because EKs just aren't as popular as they used to be. If you don't have a TIP, use your upstream provider, or perhaps the X-Force Exchange. If you want to report beaconing, botnets, or C2 Connect, it might be best to go directly to the abuse handlers for the IP space and the domain name registration, if not checking the domain directly on their website(s) for security and abuse contacts. When all else fails, this probably should work!



Your Answer

Interviews

Parent Categories