New Domains Added 9.21.15

Posted on September 21st, 2015 in New Domains by Adam Shinn

Added 63 new domains including many phishing scams and malicious sites.

Added New Domains 9.17.15

Posted on September 17th, 2015 in New Domains by Adam Shinn

Added 93 new domains including phishing sites, attack pages, and sites with malicious content. Thank you for using Malware Domains.

Added New Domains 9.16.15

Posted on September 16th, 2015 in New Domains by Adam Shinn

92 new domains have been added including phishing domains, attack pages and sites with malicious content.

New Domains Added 9.15.15

Posted on September 15th, 2015 in New Domains by Adam Shinn

Added 123 new domains. Please update to the current list.

Added New Domains 9.14.15

Posted on September 14th, 2015 in New Domains by dglosser

Added 41 new domains including some that have been hosting malware or have recently distributed malware to visitors of the sites.

Added New Domains 9.11.2015

Posted on September 11th, 2015 in New Domains by Adam Shinn

Added 250 new domains. Please update to the latest list and adhere to the terms of use.

Fixed Zone File

Posted on September 9th, 2015 in New Domains by Adam Shinn

We were alerted this morning to a BIND zone file not loading correctly. This was due to duplicate entries within the zone file. This has since been fixed. Please update to the latest files from one of our mirrors here.

If you have any other issues with the zone file or any other files, please email malw8aredoma6ins3@gmail.co6m (remove all the numbers from the email address).

Added New Domains

Posted on August 27th, 2015 in New Domains by Adam Shinn

Added 127 new domains since 08.25.2015


Detecting Dynamic DNS Domains in Splunk

Posted on August 8th, 2015 in New Domains by dglosser

From http://blogs.splunk.com/2015/08/04/detecting-dynamic-dns-domains-in-splunk:

Name a security breach or sample of malware in the last five years and you will come across a fairly common denominator: the malware (or the method of data exfiltration) used a “Dynamic DNS” hostname to connect to the Internet….

The use of dynamic DNS providers for malicious purposes is extremely wide spread. OpenDNS Security Labs reported that over 56% of subdomains on some DDNS providers were malicious.  Similarly, Cisco reported that dynamic DNS linked websites were 19% more likely to be malicious than other websites. The question is not “does the threat exist?” but rather, how does a defender detect these domains or mitigate them?

One idea is to create a lookup table by using a great blog post by OpenDNS from 2015 that discusses the top 20 most malicious dynamic DNS providers. Another option is downloading all known dynamic DNS providers (provided by www.malware-domains.com). This list is much more comprehensive than the “top 20”, but it may increase your false positives as it is a substantially larger list. This zip requires some modifications to turn into a lookup table, but you can find scripts on github to help you automate the process…….

Please let us know of any Dynamic DNS Domains not on the list and we’ll add them.


Recent Updates

Posted on July 5th, 2015 in New Domains by dglosser

Added 270  Domains on 7/3 and 7/5.  Please update your blocklists and follow our terms of use.