nGran, LLC

Granular Network Security Solutions

nGran is a data security consulting  firm specializing in End-Point protection from and blocking solutions for malicious websites, user data privacy protection, security awareness training, networking, and security services to the Banking and Financial Services Industries.
nGrans principals have successfully designed and implemented secure network implementations for seven of the largest global trading firms, the largest mortgage security underwriter, the largest futures and options trading firm along with other commercial banking and insurance firms.

Providing internet security to clients around the world.

nGran products and services secure a variety
of clients, from Large Banks and Financial
Services corporations
to small, private companies.

Find out what we can do for you:

> Malware Behavior Testing
Web Application Intrusion Prevention
> Cyber-Security Weakness Assessment
> Security Awareness Training
> Website Redirection Notifications

Malicious Site Repeat Offenders

The Top Ten list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the month of December, 2014 are
shown below along with their major distributions. Included is this list are sites obfuscated by Domain Generation Algorithms (DGA) used to evade detection.
Many of the sites originate from CN or RU and have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers,
Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.

For a more complete listing of repeat offender sites please review the items on the Research page of the nGran website.
1. - from CN.Shenzhen publishes numerous Backdoor threats as well as Injectors, Zeus, and Keyloggers
2. - CN.Jinan a DGA set of sites providing multiple Keyloggers, Zeus derivatives, and other surveillers
3. - from CN.Changsha publishes multiple threats including Backdoors, Keyloggers and Agents
4. - from RU.Moscow provides IPTheft repositories & hacktools
5. - from CN.Hangzhou publishes numerous Injectors, surveillance tools and Infostealers
6. - from US.IL.Chicago publishes Agents, Backdoors, Injectors, and surveillance tools
7. - from US.CA.SanFrancisco publishes Backdoors, Downloaders and Infostealers
8. - from US.VA.Ashburn publishes Keyloggers, Backdoors, Agents and Injectors
9. - from RO publishes Agents, Backdoors, Injectors, and surveillance tools
10. - from CN.Zhongxin publishes Zeus trojans, Agents, Backdoors, and Downloaders

The Malicious Website Problem

The number of malicious sites on the Internet that are either origination or distribution (O&D) points for Malware, Trackware, Phishing, Identity Theft and Spam have increased year by year by a factor of 10 over the past four years, and are projected to rise dramatically in 2015. There are many estimates of cyber attacks per day and the range varies from roughly 100,000 to 2,500,000 attacks and depend on the profile of the site under attack. Sites that are high profile include US and Western European government as well as many commercial banking and financial services sites in those locations. Most attacks are tied to the use of Spyware and according to both Malware Bytes and Sophos, over 92% of those attacks emanate from the Internet. Many threats use stealth techniques to redirect unsuspecting Internet users from legitimate to malicious web sites. In the past two years there has also been a steady increase in attacking small business and consumers in the US and Western European locations. One reason is the lack of protection used when running a web site, especially if the site is "hosted" with weak access controls for personal or small businesses trying to reduce operating costs. According to OWASP, and new to the "Top Ten vulnerabilities" in June of 2013, was operating a web site with known and unpatched vulnerabilities. This state of the Internet is a perfect storm for malicious website operators who continue to exploit unsuspecting users.

To help users combat the glut of malicious sites, we recommend services such as those offered by iBlocklist at or hpHosts at All Internet users should limit their "attack surface" by curtailing their potential connectivity to malicious websites. Users are often redirected to such sites from search engines and other sites with insufficient access controls. Due to these types of problems, nGran currently blocks connectivity to over 20 Million malicious websites even from the smallest platforms.

To further limit their exposure, users should take advantage of online services that check on the status of suspicious Internet domains prior to connections being established. Mozilla has developed plugins for modern browsers, including supported hand-helds, Firefox and IE versions, based on the Web of Trust (WOT). nGran amongst others, contributes findings daily to the WOT database. The plugins are freely available from Mozilla and show abusive websites while warning unsuspecting users prior to establishing connectivity with such sites. It is important for all Internet users to protect themselves with the use of such tools as it will limit their exposure to malicious websites and Malware infections.

Other tools that should be used to reduce end-user attack surfaces include those provided by online blacklist services such as Spamhaus, l2.apews or Site lookups for these services can be found at the following URLs shown below. Naturally if a domain shows to be blacklisted for abusive activity, then it stands to reason that such a site must be avoided until such time as the registered owner corrects that condition. End-users, Hosting Companies and Internet Service Providers must take more proactive roles in responding to malicious web site abuses and protecting their respective computers and identities.

Blended Threats
Threat Research
Prevention, Protection, & Awareness

nGran has added more real time information feeds from industry leaders and links to the Federal Trade Commission (FTC) IDTheft web site to help raise awareness to the growing spyware and identity theft problems in the marketplace. Click on the Alliances link for more information. Also, visit our Research page to see our site threat lists, whitepapers, and products that are currently available.

Finally, we recommend that users contact the Internet Crime Complaint Center (IC3) for their latest information about protecting your PII and means of lodging complaints against malicious websites. IC3 can be contacted at the following link;

This Web site is designed to work best when using version 3.0 or higher of Mozilla Firefox or version 6.0 or higher of Microsoft's® Internet Explorer. nGran, LLC believes that the information posted on this website is accurate as of its publication date; such information is subject to change without notice. nGran is not responsible for any inadvertent errors. All trademarks and registered trademarks are property of their respective owners. Copyright 2002-2015, nGran, LLC. All rights reserved.