Feed

149 new domains (exploitkit, redkit, multibanker,etc)

Posted on September 30th, 2013 in exploit,malspam,malvertising,New Domains,Trojans by dglosser

Added 149 new domains (exploitkit, redkit, multibanker,etc) from app.webinspector.com, vxvault.siri-urz.net, blog.dynamoo.com and other sources (all are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

100+ zeus, malvertising, DNS Amplification domains

Posted on September 26th, 2013 in New Domains by dglosser

Added 107 domains associated with DNSAmplification, malvertising, zeus, phishing and other badware you won’t want on your network or loading in your browser. Sources include dnsamplificationattacks.blogspot.com, dnsamplificationattacks.blogspot.com, zeustracker.abuse.ch… Please update your blocklists and follow our terms of use.

BHEKv2, Neutrino, keyboy malvertising domains…

Posted on June 11th, 2013 in BH Exploit Kit,iframes,malspam,malvertising,New Domains,Trojans by dglosser

Added 107 new domains from a variety of sources… BHEKv2, malspam, keyboy, Neutrino, malicious banner ads, android trojan domains, and all sorts of badness originally cited at blog.dynamoo.com, community.rapid7.com, urlquery.net, www.emergingthreats.net and others (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE. Users and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

330 domains added (malspam, bhek…)

Posted on March 13th, 2013 in BH Exploit Kit,malspam,New Domains by dglosser

Added 330 new Black Hole, malspam, malicious domains. Sources: riskanalytics.com, riskanalytics.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads

Sinowal,Sirefef, redkit domains, blackhole, downadup domains

Posted on October 5th, 2012 in BH Exploit Kit,New Domains,trojan,zeus by dglosser

Added 151 domains associated with down adup, blackhole exploits, red kit, sinowal, etc. Sources include www.threatexpert.com, www.mwis.ru,
safebrowsing.clients.google.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

zeroaccess, malspam, blackhole exploit domains

Posted on June 17th, 2012 in BH Exploit Kit,malspam,New Domains,Phishing,Trojans by dglosser

Added domains associated with bh exploits, malicious spam, zeroaccess and other trojans. Sources include labs.sucuri.net, hosts-file.net, blog.dynamoo.com. Please update your blocklists/sinkhole and follow our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

BH Exploit, citadel, malspam, Tinba domains…

Posted on June 4th, 2012 in BH Exploit Kit,exploit,iframes,malspam,New Domains by dglosser

Added over 140 domains associated with Tinba,pornmocup, back hold exploits, etc. Sources include exposure.iseclab.org, c-apture.blogspot.com, hosts-file.net, www.malware-control.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

BH Exploit Kit, malvertising, cridex domains

Posted on May 17th, 2012 in BH Exploit Kit,malvertising,New Domains,Trojans,zeus by dglosser

Added almost 150 domains associated with Black Hole Exploits, malvertising, cridex, etc. Sources:www.mwis.ru, zeustracker.abuse.ch, exposure.iseclab.org and several others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

HUGE Update: Ramnit and Redret malspam domains

Posted on January 14th, 2012 in BH Exploit Kit,malspam,New Domains,Trojans by dglosser

Ramnit is Zeus-like malware with rootkit capabilities. Seculert has a nice write-up about a  financial variant which is steals Facebook credentials.   According to Contiago, samples are being spread via Blackhole exploit kit.

We’ve added over 200 Ramnit domains (thanks Kevin). As a bonus, 29 more “Redret” malspam  domains from dynamoo have also been added to our malware blacklist. Please update your blocklists/sinkhole  and please review our Terms of Use.