Feed

Huge Update: Over 1200 Domains (Bedep, Dyre, Phishing)

Posted on April 25th, 2015 in New Domains by dglosser

A huge update with 1219 domains added.  Many phishing domains from openphish but also some Bedep and Dyre  domains (from arbornetworks virustotal) and some  flagged by google safebrowsing. (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

sofacy, kins, tinba, russiandoll domains

Posted on April 21st, 2015 in New Domains by dglosser

Added 358 domains associated with sofacy, kins, tinba, russiandoll  and other badness which may be used as an IOC my monitoring your server logs. Sources include pwc.blogs.com, google safebrowsing, spamhaus and others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

243 New Domains

Posted on April 19th, 2015 in New Domains by dglosser

Added 243 domains from joewein, zeustracker, cybertracker, vxvault and other sources containing domains associated with zeus, Andromeda  and other badness your browser or your users computers connecting to or from. Please update your blocklists and follow our terms of use.

Palevo, phishing, and other malicious domains

Posted on April 17th, 2015 in New Domains by dglosser

Added 180 domains (Palevo C&C, phishing, and other malicious badness) from phishtank, openphish, joxeankoret and others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

cryptowall domains (phishing, malspam, trojan, zeus too)

Posted on April 14th, 2015 in New Domains by dglosser

Added 258 domains (cryptowall, and some zeus, malicious spam, phishing, and other malicious domains). Sources include malwareurls.joxeankoret.com, www.mwsl.org.cn, threatexpert, and others (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

244 new domains added (phishing, tinba, dyreza, attack pages)

Posted on April 13th, 2015 in New Domains by dglosser

added 244 new domains (attack pages, phishing, tinba) from google safebrowsing, virustotal, phishtank and others. (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Request: List of Skype-grabbers and Skype-Resolver domains

Posted on April 12th, 2015 in New Domains by dglosser

I’ve been asked if we have a list of domains of Skype-grabbers and Skype-Resolvers… Unfortunately we do not but are willing to republish (with credit) or aggregate  these domains.

Update: Thanks to Lenny at netcowboy.dk, We just uploaded a list of 53 skype resolvers here

Please email me at mal2waredomains2@3gmail3.com (remove all numbers) if you can help. Thanks

 

malvertising, phishing domains

Posted on April 11th, 2015 in New Domains by dglosser

Added 100 domains associated with malicious ads and phising. (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

snowshoe, rokso, attack pages

Posted on April 9th, 2015 in New Domains by dglosser

Added 430 domains from spamhaus and google safebrowsing (attack pages, rokso, snowshoe, etc). Please update your blocklists and follow our terms of use.

cutwail, dyre, zeus, snowshoe domains

Posted on April 7th, 2015 in New Domains by dglosser

Recently addedover 800 new domains from gist.github.com, spamhaus.org and google safebrowsing (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.