DNS-BH – Malware Domain Blocklist

Added almost 150 domains associated with Black Hole Exploits, malvertising, cridex, etc. Sources:www.mwis.ru, zeustracker.abuse.ch, exposure.iseclab.org and several others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources:www.mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.net (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

Had server issues on the blog site so this is a few days late..  Added a couple of dozen malvertising, zeus, palevo and other harmful domains on 4/27.

Too many users are STILL pointing to the main (blog) site for the zone files and are causing server issues…

PLEASE update your scripts to pull from one of the download mirrors or your site will be BANNED

Added 124 domains associated with rogue/fake AV, malvertising, exploits, etc. Sources include hosts-file.net, www.emergingthreats.net, www.urlvoid.com
(all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

We added our friends nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s  Q1 report on the top bad hosts.  To round things out,  we also added domains flagged by  sucuri  as having malicious javascript or iframes.

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

Added over 250 domains linked to flashback, phishing, malvertising, etc. Sources include www.threatexpert.com, private correspondence, contagiodump.blogspot.com and others. Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

Added 193 malicious domains associated with trojan-ransom, malvertising, flashback, etc. Sources include exposure.iseclab.org, blog.eset.com, news.drweb.com (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

Added almost 300 domains associated with zeus, rogues, palevo, htaccess redirects, etc. Sources include dynamoo.com, fireeye.com, research.zscaler.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

Added over 200 domains associated with malspam, black hole exploits, botnets and other badness. Sources include malwareurl.com, google.co.uk, zeustracker.abuse.ch.  Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Please download files from one our our download mirrors