Feed

5/27 Update – 334 domains

Posted on May 27th, 2013 in iframes,malspam,malvertising,New Domains,rogue antivirus by dglosser

Better late than never – added 334 domains on 5/27.  Fake Flash Player, Rogue, iframes,  malspam, c2 etc from siteinspector.comodo.com, threattrack.tumblr.com, urlquery.net and others  (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Redkit, Carberp, facebook scam domains

Posted on May 22nd, 2013 in malspam,malvertising,New Domains,rogue antivirus by dglosser

Added 171 Redkit, Carberp, malspam, malicious domains. Sources include urlquery.net, siteinspector.comodo.com, blog.dynamoo.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Ransomware Domains: iestats .cc, emstats .su, ehistats .su, e-protections .su

Posted on May 17th, 2013 in rogue antivirus by dglosser

The Internet Storm Center has listed several “Ransomware” Domains (iestats .cc, emstats .su, ehistats .su, e-protections .su). We’ll be adding it to our blocklist here but you shouldn’t wait.

Several Sept Updates

Posted on September 16th, 2012 in 0day,BH Exploit Kit,malspam,malvertising,New Domains,rogue antivirus by dglosser

Been so busy updating the malware blocklists forgot to update the blog. Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc.   all sources are listed in our domain.txt file.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

java exploit domains, rouge antivirus, malspam domains…

Posted on September 8th, 2012 in 0day,BH Exploit Kit,malspam,New Domains,rogue antivirus by dglosser

Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include www.emergingthreats.net, www.google.com/safebrowsing, blog.dynamoo.com  (all sources are listed in our domain.txt file.)
* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Java Exploit domains, trojans, rogues

Posted on July 25th, 2012 in exploit,New Domains,rogue antivirus by dglosser

A small but important update containing domains associated with Java exploits, rogue antivirus. trojans,  and other malicious domains you don’t want visiting your computer or network. Sources include www.mwis.ru, www.malwaredomainlist.com, and urlquery.net (all sources are listed in our domain.txt file.)

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.  We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Two updates: runforestrun, iceix, rogues, malvertising, malspam domains…

Posted on June 25th, 2012 in 0day,malvertising,New Domains,rogue antivirus,spam by dglosser

Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include www.malwaredomainlist.com, isc.sans.org, hosts-file.net and many more (all sources are listed in our domain.txt file.)
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE.
* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Vulnerabilityqueerprocessbrittleness

Posted on June 19th, 2012 in 0day,rogue antivirus by dglosser

The Internet Storm Center lists a bunch of fake antivirus domai Several are already part of our list; we’ll be adding the rest in tonight’s update.   Would appreciate it if someone points us to a publicly available full list….

bhexploitkit, htaccess, iframes, trojans…

Posted on May 4th, 2012 in iframes,New Domains,rogue antivirus,Trojans by dglosser

Added 11o domains associated with htaccess redirects, malicious iframes, trojans, etc. sources include www.malwaredomainlist.com, safebrowsing.clients.google.com, jsunpack.jeek.org Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

Fake-AV, exploit, malvertising domains

Posted on April 21st, 2012 in malvertising,New Domains,rogue antivirus,Trojans,zlob by dglosser

Added 124 domains associated with rogue/fake AV, malvertising, exploits, etc. Sources include hosts-file.net, www.emergingthreats.net, www.urlvoid.com
(all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…