trojan/ransom, flashback,bhexploit domains
Added 193 malicious domains associated with trojan-ransom, malvertising, flashback, etc. Sources include exposure.iseclab.org, blog.eset.com, news.drweb.com (all sources are listed in our domain.txt file.)
Urgent Block: nikjju.com and best-antiviruu.de.lv
Sucuri is reporting a new Mass SQL Injection campaign. Sites are infected with the following javascript:
<script src= http://nikjju . com/r.php ></script>
which redirects to Fake/Rogue AV sites such as best-antiviruu. de. lv
Please add these sites to your blocklists and sinkholes ASAP.
htaccessredirects, luckycat, malspam,palevo, rogues…
Added almost 300 domains associated with zeus, rogues, palevo, htaccess redirects, etc. Sources include dynamoo.com, fireeye.com, research.zscaler.com and others (all sources are listed in our domain.txt file.)
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details.
* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs. * These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. * Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”! * Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar. * Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…bankpatch, blackenergy, htaccess redirects…
Add over 190 domains associated with iframes, malicious javascripts, htaccess redirects, malvertising, etc. Sources include sucuri.net, safebrowsing.clients.google.com, iseclab.org and others (all sources are listed in our domain.txt file.)
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details.
* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs. * These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. * Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”! * Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar. * Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…BH-DNS Update: 200+ Domains Added
Added over 200 domains associated with Palevo, Fake AV,BPhoster, htaccess redirects, etc. Sources include zeustracker, xylibox, abuse.ch (every source is listed in the domains.txt file)
Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.
* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs. * These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. * Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! * Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar. * Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…bhexploit, htaccess redirects, Incognito, PDF exploits…
Added 119 domains listed on xylibox.blogspot.com, malekal.com, exposure.iseclab.org and others (every source is listed in the domains.txt file). Please update your DNS blocklist/malware sinkhole and follow our Terms of Use.
fastflux, malicious javascript, and spyeye… oh my
Added 129 domains associated with malicious javascript, spyeye, pdf exploits, etc. Sources: www3.malekal.com/pdf.txt, exposure.iseclab.org, sucuri.net and other s(every source is listed in the domains.txt file). Please update your blocklists/sinkhole and follow our Terms of Use.
Another Huge Update: 220+ Ramnit, Rogue, Zbot Domains
Added over 220 domains associated with zbot-bgz, rogue, ramnit and other badness. Sources include contagiodump.blogspot.com (thanks Kevin), www.sophos.com. Please update your blocklists/sinkhole according to our Terms of Use.
Jan 12 Update: 92 Domains
Added 92 domains associated with Alureon Trojan, rogue/fake AV, fastflux botnet, etc. Sources include zeustracker.abuse.ch, www.spamhaus.org, www.emergingthreats.net, amada.abuse.ch/blocklist.php?download=proactivelistings
(every source is listed in the domains.txt file)
Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL,
fakehdd, malicious javascript, malspam, TDL/TDSSC&C
added about a hundred domains associated with TDL/TDSSC&C, rogue, fake HDD and other maliciousness. Sources include xylibox.blogspot.com, www.threatexpert.com, sucuri.net and others
(every source is listed in the domains.txt file)
Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…