Feed

2500+ Domains Delisted

Posted on December 30th, 2012 in Removed Domains by dglosser

Over 2500 domains have been delisted. The full list is here:

http://mirror1.malwaredomains.com/files/removed-domains-20121229.txt

 

 

bhexploitkit, scam, bredolab, malicious iframes…

Posted on December 29th, 2012 in exploit,iframes,New Domains by dglosser

Added over 230 domains associated with bredolab, black hole exploit kit, coolexploitkit, nuclearexploitkit, etc. Sources include www.mwis.ru, safebrowsing.clients.google.com, urlquery.net (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Huge Update – almost 1000 domains (!)

Posted on December 26th, 2012 in New Domains by dglosser

Added almost 1000 malicious spam domains from dynamoo’s blog.

Large Update – almost 300 domains

Posted on December 23rd, 2012 in iframes,malspam,New Domains by dglosser

Added almost 300 domains associated with malicious spam, harmful “safebrowsing” domains, iframes and redirections. Source include safebrowsing.clients.google.com, labs.sucuri.net, blog.dynamoo.com  (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Lots of Malspam Domains

Posted on December 21st, 2012 in New Domains by dglosser

Added over 150 domains, mainly malicious spam domains from blog.dynamoo.com.

New Mirror

Posted on December 17th, 2012 in mirror by dglosser

http://malwaredomains.lehigh.edu/

New Mirror – will set up vhost soon. Please test and let us know if you have any questions Thanks

 

citadel, zeus, harmful domains

Posted on December 16th, 2012 in New Domains by dglosser

Added 189 domains associated with citadel, zeus and other badness. Sources include zeustracker.abuse.ch, www.spamhaus.org, www.malwaredomainlist.com, safeweb.norton.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Dec 13 Update: 247 kelihos, runforestrun domains

Posted on December 14th, 2012 in New Domains by dglosser

247 domains (kelihos, runforestrun and others) were added. Sources include www.abuse.ch, malwaremustdie.blogspot.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

142 malspam, iframe, joomla exploit, malicious domains

Posted on December 11th, 2012 in 0day,exploit,iframes,malspam,New Domains by dglosser

Added 142 domains associated with malspam, iframe/joomla exploit. Sources include safebrowsing.clients.google.com, blog.dynamoo.com, labs.sucuri.net (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Joomla (and WordPress) Bulk Exploit ongoing

Posted on December 10th, 2012 in 0day by dglosser

Sans reports that there is an ongoing bulk Joomla and WordPress exploit, complete with iframes pointing to Fake AV.

If anyone has seen a published list of the FQDN’s involved in this, please let us know so we can add those domains here.

Update: The issues with the zone files seem to have been resolved and some of the domains used in this exploit have been added to the blocklist