Feed

spam404.com

Posted on October 29th, 2013 in New Domains by dglosser

Interesting new resource: http://www.spam404.com.  From the author:

We are mainly blacklisting websites that are tricking users into completing offers by advertising content that is very desirable but the website doesn’t actually have the content and it is just to make the end user complete an offer. From our intense research these kind of websites are not getting enough attention in terms of blacklisting and we are the only website to offer such a blacklist for these kind of websites but we believe it is in the best interests of all internet users to have these kind of websites blacklisted.
We are also blacklisting other abusive websites including phishing and get rich quick scams.
Their blacklist is located here.

 

Tools and Standards for Cyber Threat Intelligence Projects

Posted on October 24th, 2013 in New Domains,News,Off Topic by dglosser

A new whitepaper by SANs:

Tools and Standards for Cyber Threat Intelligence Projects

Interesting reading, especially Page 11 :)

update.microsoft.com.nsatc.net

Posted on October 23rd, 2013 in New Domains by dglosser

We are in the process of removing update.microsoft.com. nsatc. net from our files as we’ve received reports that it is causing issues with windowsupdate.

It’s listed in: http://www.webroot.com/blog/2013/10/21/u-k-users-targeted-fake-confirming-sky-offer-themed-malware-serving-emails/ as a “Related C&C server domains”

We’ve reached out to webroot for further detail.  Please remove update.microsoft.com. nsatc. net from your blocklists.

 

 

This is a first

Posted on October 22nd, 2013 in Off Topic by dglosser

We’ve been threatened with a lawsuit… because we have NOT listed a website!

 

Some Ransomwear Domains

Posted on October 21st, 2013 in New Domains by dglosser

Looking into some “FBI” Ransomwear Domains… Will add to blacklist tonight but if anyone has more information, please let us know

d8668 [.] com
k2310 [.] com
a7274 [.] com
e4203 [.] com
f5273 [.] com
z6629 [.] com
r0172 [.] com
k8381 [.] com
d2349 [.] com
x6875 [.] com
r7808 [.] com
i8679 [.] com
k2310 [.] com
x8512 [.] com
u4985 [.] com
y4281 [.] com
x7762 [.] com
a2559 [.] com
v8096 [.] com
r0172 [.] com

 

zeus, sweetorange, malspam, domains

Posted on October 19th, 2013 in New Domains by dglosser

Added 100 domains on 10/18 and 121 on 10/16  associated with Zeus, sweetorange, malicous spam, etc. Sources include urlquery.net (what happened to them – their domain was updated yesterday and their website is down today..?),  blog.dynamoo.com, zeustracker.abuse.ch and others..  Please update your blocklists and follow our terms of use.

BHEK, napolar, dnsamplification,cookiebomb domains

Posted on October 14th, 2013 in New Domains by dglosser

Added domains associated with a variety of badness (cookiebomb, zeus dropzone, win32/napolar, etc) you want to keep off your corporate or home network.  Sources include www.welivesecurity.com, zeustracker.abuse.ch, dnsamplificationattacks.blogspot.com(All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Oct 6 and Oct 11 Updates – 385 domains

Posted on October 12th, 2013 in New Domains by dglosser

Oct 6th and 11th updates – over 385 domains. (All domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

October Updates: 260+ domains

Posted on October 5th, 2013 in New Domains by dglosser

Two updates so far this month, a total of over 260 domains. Please update your blocklists and follow our terms of use.