DNS-BH - Malware Domain Blocklist

sql injection, htaccess, maliciousjs domains

dglosser — Mon, 14 May 2012 03:46:14 +0000

Added domains associated with htaccess redirection, sql injection, iframes, etc. Please update your blocklists/sinkhole and follow our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

Domain Delistings

dglosser — Wed, 09 May 2012 18:35:20 +0000

over 1559 domains were revaluated, 1507 were removed, 30 were added to our “immortal” domain list.

The list of the removed domains can be found here: http://mirror1.malwaredomains.com/files/removed-domains-20120507.txt

The list of “the immortals” can be found here: http://mirror1.malwaredomains.com/files/immortal_domains.txt
Also, northcities.org has been delisted and will be removed on the next update.

Exploit Domains, iframes, malvertising

dglosser — Sun, 06 May 2012 11:29:59 +0000

Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources:www.mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.net (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!

* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

bhexploitkit, htaccess, iframes, trojans…

dglosser — Sat, 05 May 2012 00:53:04 +0000

Added 11o domains associated with htaccess redirects, malicious iframes, trojans, etc. sources include www.malwaredomainlist.com, safebrowsing.clients.google.com, jsunpack.jeek.org Please update your blocklists/sinkhole and follow our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

Site Delistings

dglosser — Wed, 02 May 2012 19:06:00 +0000

radioinkconvergence.com, thespiritualguides.com, careconnectbyesco.com, thespiritualguides.com have been delisted and will be removed on the next update

Site Delisting: kollshi.com

dglosser — Mon, 30 Apr 2012 12:45:22 +0000

kollshi.com has been delisted and will be removed on the next update

malvertising,malicious js, bugat domains

dglosser — Sun, 29 Apr 2012 16:48:22 +0000

Added 137 domains associated with google safebrowsing, malvertising, malicious javascript, etc. Sources include exposure.iseclab.org, safebrowsing.clients.google.com, stopmalvertising.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!

* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

sqli: Block Njukol -dot – com

dglosser — Sun, 29 Apr 2012 16:32:52 +0000

We received a report that there’s a sqli injection going on with njukol . com/ r.php. Please check your web sites and add this to your block or shun list. Original Source: http://ilion.blog47.fc2.com/

Check your download scripts ASAP

dglosser — Sun, 29 Apr 2012 15:03:19 +0000

Check your download scripts ASAP….

Too many users are STILL pointing to the main www site for the zone files, which have not been here for MONTHS…

PLEASE update your scripts to pull from one of the download mirrors. DO NOT point to the www (blog) site as there is nothing to download.

Small Update – 4/27

dglosser — Sat, 28 Apr 2012 14:59:23 +0000

Had server issues on the blog site so this is a few days late.. Added a couple of dozen malvertising, zeus, palevo and other harmful domains on 4/27.

Too many users are STILL pointing to the main (blog) site for the zone files and are causing server issues…

PLEASE update your scripts to pull from one of the download mirrors or your site will be BANNED