The 14 most dangerous websites in the world

Posted on July 17th, 2013 in Domain News by dglosser

Article is a few months old but someone just sent it to us:

14 Most Dangerous Websites in The World:


If anyone has similar articles or research, please send it to us & we’ll collect and aggregate the info.

Some extremely popular platforms are listed, so use at your own risk!!!


61 Domains – Blackhole Exploit Kit Suspended

Posted on June 29th, 2013 in Domain News,General Security by dglosser

Malware Must Die reports the suspension of 61 Domains Associated with the Blackhold Exploit kit.  Great News!

If you are tracking domains in your sinkhole, you may wish to add these domains to your own sinkhole.

Pushdo DGA

Posted on May 25th, 2013 in Domain News by dglosser

Info on the Pushdo DGA:

Unveiling The Latest Variant of Pushdo
Mv20: A case study on the new Pushdo-DGA
Info on the Pushdo DGA:
If anyone has the full list, please let us know and we’ll link to it.

21,000 (!) JS/RunForestRun/PseudoRandom Domains

Posted on November 21st, 2012 in Domain News by dglosser

The algorithm for creating Pseudo Random RunForestRun domains has been published by malwarereports.blogspot.com. Full list of domains (21000!) is located here.

Analyzing DNS Logs Using Splunk

Posted on July 7th, 2012 in Domain News,News by dglosser

Interesting article on Analyzing DNS Logs Using Splunk and being able to identify if  splunk sees a DNS lookup for a known bad domain name.

Again, if you use our data as this article does, do not pull the zone file more than once every 12 hours or you will be banned.  Better yet, check to see if the file has changed first (such as via a wget option) BEFORE pulling the zone file. And please DONATE if you consider the list useful.  A years worth of donations does not even equal one month’s hosting and infrastructure costs and we are not sure how much longer we can continue to pay these expenses out-of-pocket.

Article here: http://www.stratumsecurity.com/2012/07/03/splunk-security/


Log DNS queries and the client that requested it: It’s been said that DNS is the linchpin of the Internet. It’s arguably the most basic and under appreciated human-to-technology interface. It’s no different for malware. When you suspect that a device has been compromised on your network, it’s important to be able to see what the suspected device has been up to. The DNS logs of a compromised machine will quickly allow responders to identify other machines that may also be infected.

Virustotal and DNS-BH Malware Domain Blocklist

Posted on June 26th, 2012 in Domain News by dglosser

We are proud to announce that virustotal has integrated our list into their URL scanning engine.


Since we don’t store full URLS, it’s in the “additional information” field. Thanks to the good folks at virustotal for making this happen!


Delisted and Relisted Domains

Posted on June 8th, 2012 in Domain News,immortal,relisted by dglosser

Thanks to our volunteers, we have some scripts which will help to delist domains in a more timely manner as well as check domains previously delisted to see if they are once again misbehaving.

This last update added almost 75 domains, many of which were previously delisted.



More Flame Domains

Posted on June 4th, 2012 in Domain News by dglosser


More information about flamer. The graphic lists about 20 or so additional domains.


Looking for volunteers and donations

Posted on May 27th, 2012 in Domain News by dglosser

Looking for volunteers to help us maintain the blocklist.    Things like  writing  perl programs (cygwin compatable) to compare the blocklist to google’s safebrowsing database, etc .  No compensation except authorship credit as well as knowing that you work will help in the neverending fight against malware.

If you consider this blocklist useful, please consider donating money or sponsoring the list.