Feed

SutraTDS, malspam, malvertising domains

Posted on May 30th, 2013 in malspam,malvertising,New Domains by dglosser

Added 121 domains associated with SutraTDS, malicious spam, malicious banner ads. Sources include www.google.com/safebrowsing/diagnostic, vxvault.siri-urz.net, threattrack.tumblr.com   (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

5/27 Update – 334 domains

Posted on May 27th, 2013 in iframes,malspam,malvertising,New Domains,rogue antivirus by dglosser

Better late than never – added 334 domains on 5/27.  Fake Flash Player, Rogue, iframes,  malspam, c2 etc from siteinspector.comodo.com, threattrack.tumblr.com, urlquery.net and others  (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Small update – 73 malicious domains

Posted on May 25th, 2013 in malvertising,New Domains by dglosser

Added 73 malicious domains from siteinspector.comodo.com and safebrowsing.clients.google.com.

Pushdo DGA

Posted on May 25th, 2013 in Domain News by dglosser

Info on the Pushdo DGA:

Unveiling The Latest Variant of Pushdo
Mv20: A case study on the new Pushdo-DGA
Info on the Pushdo DGA:
If anyone has the full list, please let us know and we’ll link to it.

Using DNS Logs As a Security Information Source

Posted on May 24th, 2013 in News by dglosser

Using DNS Logs As a Security Information Source :

http://www.petri.co.il/dns-security-information-source.htm

 

Redkit, Carberp, facebook scam domains

Posted on May 22nd, 2013 in malspam,malvertising,New Domains,rogue antivirus by dglosser

Added 171 Redkit, Carberp, malspam, malicious domains. Sources include urlquery.net, siteinspector.comodo.com, blog.dynamoo.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Resources for Hacked Sites

Posted on May 22nd, 2013 in General Security,Off Topic by dglosser

Some nice resources on what to do if your site was hacked:

If you find a nice (noncommercial preferred) resources, let us know and we’ll add it to our list

 

147 pushdo,malvertising,maliciousjs, iframe domains added

Posted on May 19th, 2013 in New Domains by dglosser

Added 147 domains associated with malicious javascript, iframes, pushdo, etc. Sources include safebrowsing.clients.google.com, sucuri.net, www.secureworks.com  (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Ransomware Domains: iestats .cc, emstats .su, ehistats .su, e-protections .su

Posted on May 17th, 2013 in rogue antivirus by dglosser

The Internet Storm Center has listed several “Ransomware” Domains (iestats .cc, emstats .su, ehistats .su, e-protections .su). We’ll be adding it to our blocklist here but you shouldn’t wait.

SutraTDS, iframe, malvertising,malspam domains

Posted on May 17th, 2013 in New Domains by dglosser

Added 111 SutraTDS, iframe, malvertising, malspam domains from blog.dynamoo.com, urlquery.net, and some private sources. (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads