Feed

MoneyMule, Redkit, phishing domains…

Posted on June 30th, 2013 in exploit,malspam,malvertising,MoneyMule,New Domains by dglosser

Added 184 domains associated with MoneyMule, Redkit, phishing, neutrino, etc.  Sources:malwareurls.joxeankoret.com, siteinspector.comodo.com, urlquery.net and others (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Advance Fee Scam, BH Exploit, Rogue Domains

Posted on December 25th, 2011 in fraud,MoneyMule,New Domains,rogue antivirus,spam,Trojans by dglosser

Added Domains associated with Advance Fee Scams, Black Hole Exploit, Money Mule, PDF Exploits, etc.  Sources include boiler-rooms.org, jsunpack.jeek.org, www.malwaredomainlist.com, xylibox.blogspot.com and others

(every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Big Update – android malware, bhexploitkit, malspam domains

Posted on November 28th, 2011 in malspam,malvertising,MoneyMule,New Domains,zeus by dglosser

Added 156 domains associated with “LockEmAll”, Malspam, Seus, BH Exploit Kit, Android Malware and more…. Sources include blog.dynamoo.com, malc0de.com, www3.malekal.com, xylibox.blogspot.com… Every source is  listed in the domains.txt file)…

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

DNS Sinkhole 10/14 Update: 129 New Domains

Posted on October 15th, 2011 in exploit,malspam,malvertising,MoneyMule,New Domains by dglosser

Added 129 domains associated with RBN, moneymule, malspam and other malicious activity you don’t want on your personal computer or network. Sources: www.emergingthreats.net, blog.dynamoo.com, labs.m86security.com and others

(Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Forgery, scam, phishing domains

Posted on September 12th, 2011 in iframes,MoneyMule,New Domains,Phishing,Trojans,zeus by dglosser

Added almost 200 domains associated with scams, frauds, phishing, as well as the usual zeus and malicious domains. Sources include zeustracker.abuse.ch, spamhaus.org, vxvault.siri-urz.net.. (Every source is  listed in the domains.txt file)

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Drivebys, fast flux, botnet, moneymule, etc…

Posted on August 23rd, 2011 in fastflux,MoneyMule,New Domains,Phishing,Spyeye,Trojans,zeus by dglosser

A large update a few days ago which I forgot to add… Over 300 zeus, moneymule, botnet  domains…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

zeus, rogues, spyeye, artro, fake job domains…

Posted on August 14th, 2011 in malvertising,MoneyMule,New Domains,rogue antivirus,Spyeye,Trojans,zeus by dglosser

251 domains associated with fake job offers, zeus, fake av, etc. Sources include amada.abuse.ch, blog.dynamoo.com, safebrowsing.google.com, tristatelogic.com  (Every source is  listed in the domains.txt file).

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

168 New Domains Added

Posted on July 12th, 2011 in asprox,exploit,MoneyMule,New Domains,RBN,rogue antivirus by dglosser

168 new domains associated with BH Exploit, fake job offers,moneymule, rbn and more. Sources include doc.emergingthreats.net, amada.abuse.ch, ddanchev.blogspot.com, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file).


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

June 21 Update

Posted on June 22nd, 2011 in exploit,MoneyMule,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 328 domains (too many to list individually) associated with exploits, moneymule scams, rogue security, scams and other badness. Sources include www.tristatelogic.com, www.spamhaus.org, www.scamfraudalert.com and others.

More Rogue Security, Zeus, Spyeye, RBN Domains

Posted on June 11th, 2011 in exploit,MoneyMule,New Domains,RBN,rogue antivirus,Spyeye,Trojans,zeus by dglosser

210 SpyEye, RBN,  Zeus, TDSS, bot, exploit domains. Original sources include doc.emergingthreats.net, www.malwaredomainlist.com, www.threatexpert.com (Every source is  listed in the domains.txt file):

0c7k29 .co .cc 8c1b65893ccba911b4d0aa593a8a926f .vplaylink .info
active-scan .com al1-xscript0s .com
askredpoleq .com alfacleanwin .com
b4lry1 .co .cc alghazitractors .com
bestaudia7 .com assbrotherhood .ru
bmetalvs .com bharathiyagurukulam .com
bnavs .com boards .soapcentral .com
bnavsgroup .com buqajoqunely .com
bnavsonline .com cigivasepuxy .com
bnavsxp .com cizubejiwoma .com
bo8l1a .co .cc cleanscanpro .com
ccjava-l0ad .com coldhardcash4us .com
cibabewytyl .com complete-art-group-ltd .com
ciquqamod .com complete-art-uk .net
cknovt .com condor-llc-uk .net
cleartraf .ru condorllc-uk .com
clnovt .com crackrapidshare .net
crackshare .net crackserialkeys .net
cwnovt .com damskezimnibundy .cz
de-kadegroup .cc defender-sdvup .in
defender-tmp .in fapyrypumumuva .com
depotex .com fitevejetety .com
derlsplay .com fosimoxexora .com
dirnaster .com fuhocogupyneko .com
diverthigh .com gexopetoqoco .com
docrealtor .com ghavspacquiao .com
docweds .com google-analitycs .cz .cc
evelismag .info hermes .divinusdeus .net
ewa .kz huzatifizama .com
fabviolu .com hyviwysoqizege .com
fajomowiqy .com ideaidiosyncratic .info
famopaips .com isoftwaretvdownloads .com
fephgobd .com isoftwaretvstations .com
ffickibo .com itunesdownloadstore .com
figumsin .com jexelabexomeco .com
filmome .com jukebox-download-new .com
fugalike .com jukebox-new-download .com
fullkeygen .net juxukupyzemi .com
fuqikabyko .com jynogobefukor .com
gestaded .com kiqevinarelo .com
ghavs .com lejicolyxudy .com
ghavsgroup .com lugecunecaxez .com
ghavsinc .com moxopurarite .com
ghavsonline .com mupesatupukyqi .com
ghavsxp .com net-jaghori .webphoto .ir
h4g5kjhbk3h .com newflash1news .com
howtotws .cz .cc newflash2news .com
iproshare .vv .cc newflash3news .com
itraf .in newflash4news .com
jagbibiv .cn newflash5news .com
joyawpan .com newflash6news .com
juqesumycuz .com newflash7news .com
karbrrbrr .co .cc newflash8news .com
khumemit .cn newflash9news .com
krasava .cz .cc newplayer-downloads .com
lakersavsxp .com newsatellite-tv-forpc .com
lakersnavs .com notimexonline .com
lecuvubaja .com official-2010-version .com
mao .kz official-antivirus .com
marquee8 .co .cc official-online-download .com
mazafaka .w2c .ru official-pdf-2010 .com
mijokoquvon .com official-pdf-download .com
musclescan .com official-pdf-pro .com
mybnavs .com official-pdf2010 .com
myghavs .com official-pdfdownload .com
newbnavs .com official-version-2011 .com
newghavs .com officialbirthcertificates .org
newpdf9 .com officialbirthforms .org
noo .kz officialgreencard .org
nurulicovy .com officialimmigration .org
ohbl .in officialmarriagerecords .org
opera24 .ru officialpdf-2010 .com
overtn .com pacquiaoavs .com
patchcrack .net philippine-embassy .ir
pavahikexu .com piwetyzififa .com
picvance .com pobazepukatyc .com
pyduhomyc .com qibahovybicu .com
q27vqa .co .cc quakearena32 .ru
q714 .co .cc repavukoqipez .com
quickbroom .com rodmi4e .dlinkddns .com
qupasebyve .com ropeqeginora .com
realtraf .ru rs-323-service .ru
s106 .cz .cc ru .coolnuff .com
sisawylum .com rukizypufygejy .com
slmaat .com ryqytobogociw .com
solaraterm .com shadowoperations .co .cc
synduk .ru skyline-antique .com
tarakan2011 .ru skyline-ltd .net
thebnavs .com socawycerumyxi .com
theghavs .com spider-se0rch .com
ultimawin .com squadroshield .co .cc
vanhold .com tedowyhubal .com
vgsinfo .com tesipohycuco .com
vinuko .de thesurfrack .com
w2c .ru topnglchecker .co .be
wap-files .mobi united-trans .org
warez4me .ru vudehebaviwod .com
warez72 .ru vuvodiguqewuxe .com
warez75 .ru wacumohuqos .com
webfrogs .ru wascosafaries .com
woxoqehed .com wepomagidysaky .com
yamarsian .in xedycekycimohu .com
zaqewoqake .com ya-toptal-tvoyu-dushu .com
zdravnadzor .ru zagohitapuzog .com
zlen .ru zearch-lntr0duct10n .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…