nGran, LLC

Granular Network Security Solutions

nGran is a data security consulting  firm specializing in End-Point protection from and blocking solutions for malicious websites, user data privacy protection, security awareness training, networking, and security services to our clientele.

Providing internet security to clients around the world.

nGran secures a variety of clients,
from Fortune 2000 Corporations
to small, private companies.

Find out what we can do for you:

> Malicious Website Blocking Solutions
Web Application Intrusion Prevention
> Privacy Impact Assessments
> Security Awareness Training
> Website Redirection Notifications

Malicious Site Repeat Offenders

The Top Ten list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the month of September, 2014 are
shown below along with their major distributions. The sites originate mostly from CN and have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers, Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.

For a more complete listing of repeat offender sites please review the items on the Research page of the nGran website.
1. - from CN.Shenzhen publishes numerous Backdoor threats as well as Injectors, Zeus, and Keyloggers
2. - US.OR.Boardman provides multiple Keyloggers, Zeus derivatives, and other surveillers
3. - from CN publishes numerous Zeus, Backdoors, surveillance tools and Infostealers
4. - from HK provides IPTheft repositories & hacktools
5. - from CN publishes numerous Backdoors, Keyloggers, Injectors and Agent threats
6. - from CN.Taiyuan & Wuhan publishes multiple threats including Backdoors, Keyloggers and Agents
7. - from CN.Beijing publishes Backdoors, Downloaders and Chindo hacktools
8. - from CN.Chengdu publishes Keyloggers, Backdoors, Agents and Injectors
9. - from NL.Amsterdam publishes Agents, Backdoors, Injectors, and surveillance tools
10. - from US.MA.Cambridge publishes Agents, Backdoors, and Krypt Trojans

The Malicious Website Problem

The number of malicious sites on the Internet that are either origination or distribution (O&D) points for Malware, Trackware, Phishing, Identity Theft and Spam have increased year by year by a factor of 10 over the past three years, and continue to rise dramatically in 2014. There are many estimates of cyber attacks per day and the range varies from roughly 500 to 100,000 attacks and depend on the profile of the site under attack. Sites that are high profile include US and Western European government as well as many commercial sites in those locations. Most attacks are tied to the use of Malware and according to both Kaspersky Lab and Sophos, over 86% of those attacks emanate from the Internet. Many threats use stealth techniques to redirect unsuspecting Internet users from legitimate to malicious web sites. In the past two years there has also been a steady increase in attacking small business and consumers in the US and Western European locations. One reason is the lack of protection used when running a web site, whether it be "hosted" for personal or small businesses trying to reduce operating costs. According to OWASP, and new to the "Top Ten vulnerabilities" in June of 2013, was operating a web site with known and unpatched vulnerabilities. This state of the Internet is a perfect storm for malicious website operators who continue to exploit unsuspecting users.

To help users combat the glut of malicious sites, we recommend services such as those offered by or All Internet users should limit their "attack surface" by curtailing connectivity to malicious websites. To further limit their exposure, users should take advantage of online services to check on the status of suspicious Internet domains. Mozilla has developed plugins for modern browsers, including supported hand-helds, Firefox and IE versions, based on the Web of Trust (WOT). These plugins are freely available from Mozilla and show abusive websites while warning unsuspecting users prior to establishing connectivity with such sites. It is important for all Internet users to protect themselves with the use of such tools as it will limit their exposure to malicious websites and Malware infections.

Other tools that should be used to reduce end-user attack surfaces include those provided by online blacklist services. These services can be found at the following URLs shown below. Naturally if a domain shows to be blacklisted for abusive activity, then it stands to reason that such a site must be avoided until such time as the registered owner corrects that condition. End-users and Internet Service Providers must take more proactive roles in responding to malicious web site abuses and protecting their respective computers.

Blended Threats
Threat Research
Prevention, Protection, & Awareness

nGran has added more real time information feeds from industry leaders and links to the Federal Trade Commission (FTC) IDTheft web site to help raise awareness to the growing spyware and identity theft problems in the marketplace. Click on the Alliances link for more information. Also, visit our Research page to see our site threat lists, whitepapers, and products that are currently available.

Finally, we recommend that users contact the Internet Crime Complaint Center (IC3) for their latest information about protecting your PII and means of lodging complaints against malicious websites. IC3 can be contacted at the following link;

This Web site is designed to work best when using version 3.0 or higher of Mozilla Firefox or version 6.0 or higher of Microsoft's® Internet Explorer. nGran, LLC believes that the information posted on this website is accurate as of its publication date; such information is subject to change without notice. nGran is not responsible for any inadvertent errors. All trademarks and registered trademarks are property of their respective owners. Copyright 2002-2014, nGran, LLC. All rights reserved.