Feed

Nitro, malspam, risky domains…

Posted on September 23rd, 2012 in exploit,fastflux,malspam,New Domains,Trojans,zeus by dglosser

Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, www.symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net (all sources are listed in our domain.txt file.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

 

malvertising, malicious javascript, trojans…

Posted on June 13th, 2012 in exploit,malvertising,New Domains,Trojans,zeus by dglosser

Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include www.xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

BH Exploit Kit, malvertising, cridex domains

Posted on May 17th, 2012 in BH Exploit Kit,malvertising,New Domains,Trojans,zeus by dglosser

Added almost 150 domains associated with Black Hole Exploits, malvertising, cridex, etc. Sources:www.mwis.ru, zeustracker.abuse.ch, exposure.iseclab.org and several others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Exploit Domains, iframes, malvertising

Posted on May 6th, 2012 in BH Exploit Kit,exploit,iframes,malvertising,New Domains,zeus by dglosser

Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources:www.mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.net (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Small Update – 4/27

Posted on April 28th, 2012 in malvertising,New Domains,Trojans,zeus by dglosser

Had server issues on the blog site so this is a few days late..  Added a couple of dozen malvertising, zeus, palevo and other harmful domains on 4/27.

Too many users are STILL pointing to the main (blog) site for the zone files and are causing server issues…

PLEASE update your scripts to pull from one of the download mirrors or your site will be BANNED

 

 

 

BH-DNS Update: 125 New Domains

Posted on April 15th, 2012 in exploit,New Domains,Trojans,zeus by dglosser

Added 125 new domains associated with scams, trojans, mebroot, etc. Sources include exposure.iseclab.org, threatexpert.com, www.malwareurl.com (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

142 trojan, malspam, carberp domains added

Posted on April 8th, 2012 in malspam,New Domains,Trojans,zeus by dglosser

Added 142 domains associated with police-trojan, malicious spam, TDL3/TDSS and other nastiness. Sources include www.trendmicro.com, spamalysis.wordpress.com, sucuri.net.

Please update your blocklists/sinkhole  (only once or twice per day!!) and follow  our Terms of Use.

Reminder: the main site does not contain any zone files.   Please download files from one our our download mirrors

150+ trojan, spyeye, worm, malicious domains

Posted on March 31st, 2012 in exploit,New Domains,Spyeye,Trojans,zeus by dglosser

Added over 150 malicious domains associated with trojans, droppers, spyeye, etc. Sources include threatexpert.com, www.sophos.com, safebrowsing.google.com, exposure.iseclab.org, amada.abuse.ch (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
exposure.iseclab.org/malware_domains.txt

bankpatch, blackenergy, htaccess redirects…

Posted on March 22nd, 2012 in iframes,malvertising,New Domains,rogue antivirus,Trojans,zeus,zlob by dglosser

Add over 190 domains associated with iframes, malicious javascripts, htaccess redirects, malvertising, etc. Sources include sucuri.net, safebrowsing.clients.google.com, iseclab.org and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Carberp, IceX, malvertising, sinowal domains

Posted on February 19th, 2012 in exploit,iframes,malspam,malvertising,New Domains,Trojans,zeus by dglosser

109 new domains added.  Associated with Carberp, IceX, malvertising, sinowal, Zeus, etc. Sources: zeustracker.abuse.ch, spamhaus.org, urlquery.net, google safebrowsing and other (every source is  listed in the domains.txt file)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use the “wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

 

Please give it a try and let us know…