Added New Domains

Posted on August 27th, 2015 in New Domains by Adam Shinn

Added 127 new domains since 08.25.2015


Domain Recert – 08.20.15

Posted on August 20th, 2015 in immortal,Removed Domains by Adam Shinn

Delisted 139 domains which can be found here:

Added 20 domains to the ‘immortal’ list which can be found here. This list is now up to 4039 entries.

Detecting Dynamic DNS Domains in Splunk

Posted on August 8th, 2015 in New Domains by dglosser

From http://blogs.splunk.com/2015/08/04/detecting-dynamic-dns-domains-in-splunk:

Name a security breach or sample of malware in the last five years and you will come across a fairly common denominator: the malware (or the method of data exfiltration) used a “Dynamic DNS” hostname to connect to the Internet….

The use of dynamic DNS providers for malicious purposes is extremely wide spread. OpenDNS Security Labs reported that over 56% of subdomains on some DDNS providers were malicious.  Similarly, Cisco reported that dynamic DNS linked websites were 19% more likely to be malicious than other websites. The question is not “does the threat exist?” but rather, how does a defender detect these domains or mitigate them?

One idea is to create a lookup table by using a great blog post by OpenDNS from 2015 that discusses the top 20 most malicious dynamic DNS providers. Another option is downloading all known dynamic DNS providers (provided by www.malware-domains.com). This list is much more comprehensive than the “top 20”, but it may increase your false positives as it is a substantially larger list. This zip requires some modifications to turn into a lookup table, but you can find scripts on github to help you automate the process…….

Please let us know of any Dynamic DNS Domains not on the list and we’ll add them.


Recent Updates

Posted on July 5th, 2015 in New Domains by dglosser

Added 270  Domains on 7/3 and 7/5.  Please update your blocklists and follow our terms of use.


Immortal Malware Domains

Posted on July 3rd, 2015 in New Domains by dglosser

“Immortal” Malware Domains are those which were identified as malicious anywhere between 90 and 360 days ago. but according to google safebrowsing, are still actively involved in badness. Some of these domains have been on the DNS-BH List for YEARS.

We also added about 70 new domains to our list of long-lived “immortal” malware domains.  The list is up to 4022 entries.

The list of “the immortals: immortal_domains.txt

Note: this list is incorporated in the main list, there is no need to download both lists if you already download any zone files.


List Recert: Over 3100 Domains Delisted

Posted on July 2nd, 2015 in New Domains by dglosser

We’ve delisted over 3100 domains. The list of removed domains can be found here


Mistake fixed – update your blocklists

Posted on June 10th, 2015 in New Domains by dglosser

Last night’s update had an incorrect listing, please update your blocklists ASAP. Thanks

Recent Updates

Posted on June 8th, 2015 in New Domains by dglosser

6/4 – 216 domains
6/7 – 158 domains
Domains included: cryptowall, njrat, password stealers, andromeda, etc.

Please update you blocklists and follow our terms of use

List Revalidation: 6417 Domains Delisted

Posted on May 31st, 2015 in New Domains by dglosser

We’ve delisted 6417 domains and added 235 domains to the “immortals” list. Note that the “immortal”, or very long-live malware domains,  are already listed in the main list, it’s just that those domains have been flagged multiple times as malicious. Some of the domains on the “immortals” list were originally flagged as far back as 2009!
List of immortal domains is here.
List of removed domains can be found here

Recent Updates

Posted on May 28th, 2015 in New Domains by dglosser

5/15 – 230 Domains
5/21 – 135 Domains
5/25 – 104 Domains

Please update your blocklists and follow our terms of use