Feed

List Update

Posted on April 25th, 2016 in dridex,New Domains,Phishing,ransomware,Removed Domains by Adam Shinn

The Malware Domains List has been posted for today. Last week we added 1,604 new domains to the list and removed 171.
Most were phishing domains, but Dridex and Ransomware were top contenders.

Thank you for using Malware Domains.

New Domains and Ransomware

Posted on November 6th, 2015 in New Domains,Phishing,ransomware by Adam Shinn

We added 570 new domains to our blacklist since 11/05. We found that a few of these domains would download a .src file and install ransomware onto the machine. Make sure to keep backups of your files just in case you do find yourself fighting ransomware.

Thank you for using Malware Domains.

Another Day, Another Malicious Domain

Posted on November 4th, 2015 in New Domains,Phishing,Removed Domains by Adam Shinn

We have updated our list once again with another 460 domains since 10/28. Of these domains, we found some that would bring up a webpage alerting of a system crash with a tech support number to call. While these sites were amusing, some of them were dangerous as they would try to download software to “fix” your machine. No thanks!

340 New Domains

Posted on October 15th, 2015 in New Domains,Phishing by Adam Shinn

Added 340 new domains to the Malware Domains blacklist. We found one site that had multiple folders with resources to create phishing pages for paypal, gmail, and other popular websites.

Thank you for using Malware Domains.

Fat Finger Urls

Posted on October 13th, 2015 in New Domains,Phishing by Adam Shinn

We have added 366 new domains to our blacklist since 10/7.
We noticed that a majority of these domains are fat finger urls. These urls have slight misspellings of commonly used domains to prey on user errors. When visiting these domains, we would often land on default parking pages. Yet every so often we would get redirected to a survey or malicious download. This has led to the conclusion that these domains are trying to avoid detection by redirecting to their default parking pages. Be careful out there.

Apple and PayPal Info-Stealers

Posted on October 6th, 2015 in New Domains,Phishing by Adam Shinn

Since 10/2 we uploaded another 159 domains. We found that some of these domains were targeted specifically at apple and paypal accounts.

These domains tried to mask as support pages to recover passwords to a user accounts. In researching these domains, we realized that they were after a lot more than just helping you recover your password.

Here’s a screenshot from one of the info-stealer sites:

phishfriday2

As always, be careful and thank you for using Malware Domains.

 

multibanker, dnsamplification, malvertising domains

Posted on September 16th, 2013 in malspam,malvertising,New Domains,Phishing by dglosser

Added 174 domains associated with phishing, multibanker, dnsamplification, malvertising  and other badness. Sources: virustracker.info, threattrack.tumblr.com, labs.sucuri.net (all are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

150+ Malvertising Domains

Posted on September 14th, 2013 in malvertising,New Domains,Phishing by dglosser

Added over 150 domains associated with malicious advertising and malicious ad banners. Please update your blocklists and follow our terms of use

bhek, dnsamplification, sutratds, trojan domains

Posted on August 5th, 2013 in BH Exploit Kit,exploit,iframes,New Domains,Phishing,Trojans by dglosser

A small but important update of domains associated with DNS Amplification, SutraTDS, BHEK, phishing domains and other badness.  Sources: blog.dynamoo.com, dnsamplificationattacks.blogspot.com, safeweb.norton.com, www.mwis.ru, etc. (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

multibanker, phishing, rogues…

Posted on July 15th, 2013 in malspam,malvertising,New Domains,Phishing,Trojans by dglosser

Added 161 domains associated with rogue antivirus/security/software, phishing, malvertising, etc. Sources include: labs.umbrella.com, virustracker.info, www.phishtank.com(all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.