We just checked some server statistics… Started fresh for 2012… How is it possible for 17.51 MB of files to be downloaded in 2012 and the day isn’t over yet???
Unfortunately, we are forced to continue to ban IP addresses which for whatever reason continue to abuse our download servers.
Hosting costs money. Please contribute whatever you can.
We want to make you aware that we have the following lists:
- Free/bulk Domain registrars: bulk_registrars.txt
- Dynamic DNS Providers: dynamic_dns.txt
- Free Web Hosts: freewebhosts.txt
The domains listed in each of these files are NOT included in the DNS-BH Blocklists.
It’s up to you if you wish to block, track, or allow access to these domains.
From the Internet Storm Center, please block the following domains:
- czredret . ru
- curedret . ru
- ctredret . ru
- crredret . ru
- bzredret . ru
- byredret . ru
- bxredret . ru
- bwredret . ru
- bvredret . ru
- bsredret . ru
- bpredret . ru
- boredret . ru
- blredret . ru
- bkredret . ru
- biredret . ru
- bhredret . ru
- bgredret . ru
- bfredret . ru,
- beredret . ru
- bdredret . ru
- bcredret . ru
- bbredret . ru
- aredret . ru
- apredret . ru
- amredret . ru
- alredret . ru
- akredret . ru
- ajredret . ru
- airedret . ru
- ahredret . ru
- agredret . ru
- afredret . ru
- aeredret . ru
- adredret . ru
- acredret . ru
- abredret . ru
- aaredret . ru
and be on the lookout for more domains containing the string “redret” (hmmm I wonder if adbblock or mywot can handle regex..).
We just finished recertification of 237 long-lived, “immortal” malware domains.
These are domains which continue to actively serve malware for months if not years.
Some of these domains have been active here for more than two years.
Of those 237 domains, 34, or less than 15% were removed.
That means that over 85% of these long-lived domains are truly “bulletproof”, and have remained actively malicious for over two years.
The list of those few removed domains is here: removed-domains-20111112.txt
List of these “immortals” is here: immortal_domains.txt
Of the 740 domains which were re-certified, 653 Domains have been removed.
88 of those domains, which were originally listed over six months ago, were STILL actively associated with malware.
These domains were added to our list of long-lived, “immortal” malware domains.
List of removed domains is available here:
List of “immortal domains” here.
Also, a clearification – permission is granted if you wish to use these lists for INTERNAL use only at your organization or company.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need. – abusers will be banned!
We also have a mirror with compressed files dedicated for academic research, people who contribute and support malwaredomains, other non-profit activities. Please contact us for details.
We’ve been maintaining lists of Bulk Registrars, Dynamic DNS Providers, and URL Shorteners..
We just added a new list of “unverified” URL Shorteners here: url_shorteners-unverified.txt
We’ll be going through the URLs and adding them to the main list once they have been verified. If anyone wishes to help in this effort, please let us know
DNS Sinkhole Parser Script Update
For those using Guy Bruneau’s DNS Sinkhole ISO, there’s a new sinkhole parser script available.
The new script contains new lists which were not part of the original list.