Feed

Nov 25 Update: 233 New Domains

Posted on November 26th, 2012 in malspam,New Domains by dglosser

Added 223 suspicious, harmful domains originally referenced in  www.malwaredomainlist.com, safebrowsing.clients.google.com, blog.dynamoo.com and others. (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Big Update – 286 Domains

Posted on November 6th, 2012 in malspam,New Domains,zeus by dglosser

Added 286 domains from zeustracker.abuse.ch, www.urlvoid.com, www.dshield.org, safebrowisng.clients.google.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

downadup, iframes, torpig malicious spam domains added

Posted on October 8th, 2012 in BH Exploit Kit,iframes,malspam,New Domains by dglosser

Added 167 domains associated with iframe injection, malspam, torpig, DownAdUp, etc. sources include www.threatexpert.com, labs.sucuri.net, blog.dynamoo.com (all sources are listed in our domains.txt file.) Please update your blocklists and follow our terms of use

Sinowal,Sirefef, redkit domains, blackhole, downadup domains

Posted on October 5th, 2012 in BH Exploit Kit,New Domains,trojan,zeus by dglosser

Added 151 domains associated with down adup, blackhole exploits, red kit, sinowal, etc. Sources include www.threatexpert.com, www.mwis.ru,
safebrowsing.clients.google.com (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Huge Update: 250+ Domains…

Posted on October 2nd, 2012 in iframes,malspam,New Domains by dglosser

Added over 250 domains — iframes, malicious spam, attack sites, etc . Sources: blog.dynamoo.com, safebrowsing.clients.google.com, blog.sucuri.net. etc. (all sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Several Sept Updates

Posted on September 16th, 2012 in 0day,BH Exploit Kit,malspam,malvertising,New Domains,rogue antivirus by dglosser

Been so busy updating the malware blocklists forgot to update the blog. Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc.   all sources are listed in our domain.txt file.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

java exploit domains, rouge antivirus, malspam domains…

Posted on September 8th, 2012 in 0day,BH Exploit Kit,malspam,New Domains,rogue antivirus by dglosser

Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include www.emergingthreats.net, www.google.com/safebrowsing, blog.dynamoo.com  (all sources are listed in our domain.txt file.)
* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

Two updates

Posted on September 3rd, 2012 in 0day,BH Exploit Kit,New Domains by dglosser

Been so busy updating the malware blocklists forgot to update the blog. Updates on August 29th and Sept 1st contained domains associated with the Java 0-day, Black Hole Exploits, and other malicious domains you don’t want visiting your desktops or network. Sources include safebrowsing.clients.google.com, www.scumware.org, blog.dynamoo.com and others (all sources are listed in our domain.txt file.)

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains

Posted on August 28th, 2012 in 0day,BH Exploit Kit,exploit,New Domains by dglosser

Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, www.spamhaus.org  (all sources are listed in our domain.txt file.)

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

RunForestRun DGA Update

Posted on July 26th, 2012 in 0day,New Domains by dglosser

http://blog.unmaskparasites.com/2012/07/26/runforestrun-now-encrypts-legitimate-js-files/

RunForestRun has changed the domain generating algorithm (DGA),  and now uses waw.pl subdomains (instead of .ru) in malicious URLs.

Update: the full list of predicted domains is here:  http://pastebin.com/8tfexYE3

« Previous PageNext Page »