Feed

This week’s updates

Posted on July 21st, 2014 in New Domains by dglosser

Added about 500 domains (malvertising, fake virus alerts and other maliciousness). Sources include www.mwsl.org.cn, safebrowsing.clients.google.com, app.webinspector.com and others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Recent Updates: smokeloader, shylock domains added

Posted on July 13th, 2014 in New Domains by dglosser

7/09   – 441 domains added
7/12 – 226 domains added

Sources include www.mwsl.org.cn, malwareurls.joxeankoret.com, gist.github.com/jedisct1,stopmalvertising.com and others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

6445 domains removed

Posted on July 6th, 2014 in New Domains by dglosser

List recertification – 6445 domains removed (this may be why some of the files were out-of-sync). Please update your blocklists.

mirror2 down for maintenance

Posted on July 5th, 2014 in New Domains by dglosser

mirror2 is down for maintenance. Please use one of our other mirrors. We expect mirror2 to be back up by tomorrow morning

no-ip malware domains

Posted on July 2nd, 2014 in New Domains by dglosser

http://mirror1.malwaredomains.com/files/Microsoft-Botnet-domains-no-ip.zip

Lenny from netcowboy.dk extracted the list of  over 22,000 dynamic dns domains listed in microsoft’s court order.  and made it available to us. Thanks again Lenny!

 

 

Recent Updates

Posted on July 1st, 2014 in New Domains by dglosser

Added 295 domains on 6/24 and 320 domains on 6/27. Please update your blocklists and follow the terms of use

270 Domains (Etumbot, phishing, tds, fragus, redkit)

Posted on June 23rd, 2014 in New Domains by dglosser

Added 161 domains on 6/18 and 106 domains on 6/22. Sources include app.webinspector.com, www.arbornetworks.com, safebrowsing.google.com amd others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

237 domains added

Posted on June 17th, 2014 in New Domains by dglosser

Added 237 domains from vrt-blog.snort.org, labs.sucuri.net, gist.github.com and others    (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

cryptolocker, cryptowall, putter panda, nuclear domains

Posted on June 13th, 2014 in New Domains by dglosser

Added over 200 domains associated with Nuclear EK. Putter Panda, Cryptolocker, Cryptowall… Sources include blogs.cisco.com, gist.github.com, www.crowdstrike.com   (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Putter Panda Domains Wanted

Posted on June 11th, 2014 in New Domains by dglosser

Great report by Crowdstrike on Panda Putter. We’ll be extracting domains from this report, but you may not wish to wait that long (and send us your list!)