Feed

List Update

Posted on September 14th, 2016 in New Domains,Removed Domains by dglosser

Since our stats update from last month, we have added 3711 domains to the list and removed 8104. More Locky and Cerber ransomware has surfaced over the past few days. We will add these domains to our list as we find them and as they are submitted to us. If you have a domain to submit, email us at malwar4edom9ains@gm7ail.com (remove all numbers) with evidence of malicious activity found.

Malware Domains

More Ransomware Domains Added

Posted on September 8th, 2016 in New Domains,ransomware by Adam Shinn

We’ve added another batch of locky ransomware downloaders to the list. Please update to the latest list from one of our mirrors. Many thanks to the community for all the hard work.

Malware Domains

Scam Pages Added to List

Posted on August 26th, 2016 in malspam,New Domains by Adam Shinn

Hundreds of scam pages were added to our list in today’s update. These pages had a live chat support system (suspected to be run by a chatbot) and would ask the user to call for support in fixing the computer errors. Each of these pages were targeting different operating systems and antivirus programs.

Thank you for using Malware Domains.

More Domains Added and Removed

Posted on August 19th, 2016 in New Domains,Removed Domains by Adam Shinn

Added 2265 domains to our list and removed 5938 since our last update. New ransomware variants have been spotted and the domains we found distributing the malware have been blocked. Thank you for using Malware Domains.

List Update

Posted on August 2nd, 2016 in New Domains,Removed Domains by Adam Shinn

Another update of our current running list:

We have added another 1425 domains to our list and have removed 1442 domains since our last update.

Many thanks to all who are contributing to this list. Together we are able to stop many forms of malware such as ransomware, vawtrak, pony, dridex, and phishing campaigns.

Keep fighting the good fight.

Malware Domains

List Update

Posted on July 21st, 2016 in New Domains,Removed Domains by Adam Shinn

Quick update to our list:

We have added 2260 domains and removed 3761 domains since our last post. Many of these domains are phishing pages and hosting malicious downloads.

We are experiencing issues with a few of our mirrors. We are working to resolve this soon. A list of our current mirrors is available on the ‘mirrors’ tab at the top of the page.

Thank you for using Malware Domains.

This Week’s Update

Posted on July 7th, 2016 in New Domains,Removed Domains by Adam Shinn

Over the past week we’ve added 1532 domains to our list and have removed 2400. There has been an increase in user submissions as well. We have been able to verify many of these submissions and block malicious content because of it. Thanks to everyone who have submitted domains to us.

Malware Domains

Weekly List Update

Posted on June 29th, 2016 in locky,New Domains,ransomware,Removed Domains by Adam Shinn

We’ve added 692 domains to the list over the past week. We have seen new variants of ransomware being distributed and more domains downloading locky. These domains are being added to our list as we find them and as others submit them to us. Thank you for using Malware Domains.

Another List Update

Posted on June 22nd, 2016 in New Domains,Removed Domains by Adam Shinn

Over the past two weeks we added 3196 domains to our list and removed 978. Another wave of locky ransomware has surfaced and some new ransomware variants have also popped up. Thanks to the community for sending in submissions. We couldn’t do this without you.

Keeping fighting the good fight.

Malware Domains

Report on Fast Flux ZBot Network

Posted on June 10th, 2016 in Domain News,fastflux,News by Adam Shinn

We’d like to let you know about a report on the crimeware using a fast flux ZBot network.

“A commercially driven fast flux network is facilitating criminal activity such as malware, spam bots, ransomware, carder sites and more…Often, new domains join this botnet only a few days or at most, weeks apart. Some domain names have remained associated with the network for months or years. Parts of the botnet use frequently changing DNS NS records as well as DNS A records. This is generally regarded as “double flux” activity — another layer in hiding the network.”

You can read the full report here: ow.ly/pGEG3012Pe0