Feed

Big Update: 280 domains

Posted on July 31st, 2013 in iframes,malspam,malvertising,New Domains by dglosser

Added 280 domains (iframes, malspam, multibanker, Ramnit, redkit etc from blog.dynamoo.com, malc0de.com, urlquery.net, virustracker.info ((all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
* twitter page: https://twitter.com/malwaredomains
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

116 suspicious, malicious domains

Posted on February 4th, 2013 in malspam,New Domains by dglosser

Added 116 domains from blog.dynamoo.com, www.dshield.org, vxvault.siri-urz.net and others (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Several Sept Updates

Posted on September 16th, 2012 in 0day,BH Exploit Kit,malspam,malvertising,New Domains,rogue antivirus by dglosser

Been so busy updating the malware blocklists forgot to update the blog. Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc.   all sources are listed in our domain.txt file.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

DNS-BH Updates: 7.19 and 7.21

Posted on July 22nd, 2012 in BH Exploit Kit,iframes,New Domains by dglosser

Been remiss about mentioning updates on 7.19 and 7.21..   Please update your blocklists/sinkhole and follow our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

htaccessredirects, luckycat, malspam,palevo, rogues…

Posted on April 5th, 2012 in malspam,malvertising,New Domains,rogue antivirus,Trojans,zeus by dglosser

Added almost 300 domains associated with zeus, rogues, palevo, htaccess redirects, etc. Sources include dynamoo.com, fireeye.com, research.zscaler.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

bankpatch, blackenergy, htaccess redirects…

Posted on March 22nd, 2012 in iframes,malvertising,New Domains,rogue antivirus,Trojans,zeus,zlob by dglosser

Add over 190 domains associated with iframes, malicious javascripts, htaccess redirects, malvertising, etc. Sources include sucuri.net, safebrowsing.clients.google.com, iseclab.org and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Incognito, malspam, purplehaze domains

Posted on February 3rd, 2012 in exploit,malspam,Trojans,zeus by dglosser

Added 138 malicious domains associated with purple haze, Incognito, malspam, zeus, msupdater, etc. Sources include exposure.iseclab.org, zeustracker.abuse.ch, blog.dynamoo.com (every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

iframe,sqli,cybercriminal domains

Posted on December 3rd, 2011 in 0day,iframes,New Domains,Spyeye,Trojans,zeus by dglosser

A small but important update containing domains associated with iframes, cybercriminals, zeus, and our friend lilupophilupop . com.   Sources include malc0de.com, safebrowsing.google.com, www.spamhaus.org (Every source is  listed in the domains.txt file)…

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Black Hole, Cridex, Drivebys, Trojan Domains

Posted on November 24th, 2011 in Spyeye,Trojans by dglosser

Add domains associated with Cridex, trojans, drive-bys. malicious javascript and more. Sources include www.securityhome.eu, www.spamhaus.org, malc0de.com

Every source is  listed in the domains.txt file)…

Remember, the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

black hole exploitkit, zeroaccess & other harmful domains

Posted on November 5th, 2011 in iframes,malvertising,New Domains,Trojans by dglosser

Added 118 domains associated with the Black Hole Exploit Kit, Zero Access, and other risky and harmful domains. Sources: www.malwareurl.com, zeustracker.abuse.ch, vxvault.siri-urz.net and others   (Every source is  listed in the domains.txt file)


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…