PDA

View Full Version : Malware Domain Blocklist updated...



AplusWebMaster
2010-03-11, 04:38
FYI...

DNS-BH – Malware Domain Blocklist
- http://www.malwaredomains.com/

- http://www.malwaredomains.com/wordpress/?page_id=2
"The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

This list is also available in AdBlock and ISA Format..."

To install the AdblockPlus extension in Firefox, click here:
- https://addons.mozilla.org/en-US/firefox/addon/1865

- http://www.youtube.com/watch?v=oNvb2SjVjjI

Blocking malicious sites with Adblock Plus
- http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
"... another layer of protection..."
Scroll down to: "... click here to subscribe to the list in Adblock Plus..." and click on the link - click OK to the popup for "Add subscription" - done.

:fear:

AplusWebMaster
2012-04-16, 15:40
FYI...

BH-DNS Update: 125 New Domains
- http://www.malwaredomains.com/wordpress/?p=2603
April 15th, 2012 - "Added 125 new domains associated with scams, trojans, mebroot, etc. Sources include exposure.iseclab.org, threatexpert.com, malwareurl.com..."

:fear:

AplusWebMaster
2012-04-19, 18:56
FYI...

hostexploit.com top bad hosts – 2012 Q1
- http://www.malwaredomains.com/wordpress/?p=2612
April 18th, 2012 - "We added our 'friends' nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s Q1 report on the top bad hosts*. To round things out, we also added domains flagged by sucuri as having malicious javascript or iframes..."
* http://hostexploit.com/
___

Top 3 AS listed at Hostexploit:

Diagnostic page for AS16138 (INTERIA.PL)
- http://google.com/safebrowsing/diagnostic?site=AS:16138
"... 1580 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-19... Over the past 90 days, we found 21 site(s) on this network.. that appeared to function as intermediaries for the infection of 25 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 22 site(s), including... that infected 28 other site(s)..."
> http://sitevet.com/db/asn/AS16138

Diagnostic page for AS47583 (HOSTING)
- http://google.com/safebrowsing/diagnostic?site=AS:47583
"... 1303 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-18... Over the past 90 days, we found 110 site(s) on this network... that appeared to function as intermediaries for the infection of 934 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 151 site(s)... that infected 1164 other site(s)..."
> http://sitevet.com/db/asn/AS47583

Diagnostic page for AS33182 (DIMENOC)
- http://google.com/safebrowsing/diagnostic?site=AS:33182
"... 1966 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-19... Over the past 90 days, we found 44 site(s)... that appeared to function as intermediaries for the infection of 65 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 87 site(s)... that infected 160 other site(s)..."
> http://sitevet.com/db/asn/AS33182

:fear::fear:

AplusWebMaster
2012-04-22, 16:30
FYI...

Fake-AV, exploit, malvertising domains
- http://www.malwaredomains.com/wordpress/?p=2616
April 21st, 2012 - "Added 124 domains associated with rogue/fake AV, malvertising, exploits, etc. Sources include hosts-file.net, emergingthreats.net, urlvoid.com..."

:fear:

AplusWebMaster
2012-04-29, 18:15
FYI...

Small Update – 4/27
- http://www.malwaredomains.com/wordpress/?p=2635
April 28th, 2012 - "... Added a couple of dozen malvertising, zeus, palevo and other harmful domains on 4/27..."

:fear:

AplusWebMaster
2012-05-01, 15:05
FYI...

malvertising, malicious js, bugat domains
- http://www.malwaredomains.com/wordpress/?p=2653
April 29th, 2012 - "Added 137 domains associated with google safebrowsing, malvertising, malicious javascript, etc. Sources include exposure.iseclab.org, safebrowsing.clients.google.com, stopmalvertising.com and others..."

:fear::fear:

AplusWebMaster
2012-05-06, 05:56
FYI...

bhexploitkit, htaccess, iframes, trojans...
- http://www.malwaredomains.com/wordpress/?p=2660
May 4th, 2012 - "Added 110 domains associated with htaccess redirects, malicious iframes, trojans, etc. sources include malwaredomainlist.com, safebrowsing.clients.google.com, jsunpack.jeek.org..."

:fear::fear:

AplusWebMaster
2012-05-08, 15:04
FYI...

Exploit Domains, iframes, malvertising
- http://www.malwaredomains.com/wordpress/?p=2663
May 6th, 2012 - "Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources: mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.ne..."

:fear: :spider:

AplusWebMaster
2012-05-15, 13:47
FYI...

sql injection, htaccess, malicious js domains
- http://www.malwaredomains.com/wordpress/?p=2673
May 13th, 2012 - "Added domains associated with htaccess redirection, sql injection, iframes, etc..."

:fear:

AplusWebMaster
2012-05-18, 18:46
FYI...

BH Exploit Kit, malvertising, cridex domains
- http://www.malwaredomains.com/wordpress/?p=2676
May 17th, 2012 - "Added almost 150 domains associated with Black Hole Exploits, malvertising, cridex, etc. Sources: mwis.ru, zeustracker.abuse.ch, exposure.iseclab.org and several others..."

:fear:

AplusWebMaster
2012-05-22, 15:14
FYI...

htaccess redirects, malicious javascript, trojans
- http://www.malwaredomains.com/wordpress/?p=2684
May 22nd, 2012 - "Added 137 domains associated with htaccess redirects, malvertising, iframes, trojans, etc. Sources: exposure.iseclab.org, threatexpert.com, zeustracker, sucuri.net, and others..."

:fear::fear:

AplusWebMaster
2012-05-27, 06:15
FYI...

Java Exploits, malicious advertising, SutraTDS
- http://www.malwaredomains.com/wordpress/?p=2691
May 26th, 2012 - "Added over 100 domains associated with malvertising, java exploits, htaccess redirects. Sources include hosts-file.net, mwis.ru, sucuri.net..."

:fear:

AplusWebMaster
2012-06-02, 06:40
FYI...

Flamer, htaccess, botnet, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2705
June 1st, 2012 - "Added over 140 malicious domains associated with flamer, htaccess redirects, malspam etc. Sources include spamhaus.org, malwareurl.com, malware-control.com and many others..."

:fear::fear:

AplusWebMaster
2012-06-05, 16:31
FYI...

BH Exploit, citadel, malspam, Tinba domains...
- http://www.malwaredomains.com/wordpress/?p=2714
June 4th, 2012 - "Added over 140 domains associated with Tinba, pornmocup, back hold exploits, etc. Sources include exposure.iseclab.org, c-apture.blogspot.com, hosts-file.net, malware-control.com and others..."

:fear::fear:

AplusWebMaster
2012-06-14, 14:55
FYI...

malvertising, malicious javascript, trojans...
- http://www.malwaredomains.com/wordpress/?p=2732
June 13th, 2012 - "Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."

:fear::fear:

AplusWebMaster
2012-06-18, 14:12
FYI...

zeroaccess, malspam, blackhole exploit domains
- http://www.malwaredomains.com/wordpress/?p=2735
June 17th, 2012 - "Added domains associated with bh exploits, malicious spam, zeroaccess and other trojans. Sources include labs.sucuri.net, hosts-file.net, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2012-06-26, 03:38
FYI...

runforestrun, iceix, rogues, malvertising, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2749
June 25th, 2012 - "Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include malwaredomainlist.com, isc.sans.org, hosts-file.net and many more..."

:fear::fear:

AplusWebMaster
2012-06-27, 17:00
FYI...

Runforestrun update
- http://www.malwaredomains.com/wordpress/?p=2758
June 26th, 2012 - "Old versions of Plesk store passwords in clear text
-> http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/
There is a remote SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those passwords.
-> http://kb.parallels.com/en/113321
Combine these two together and what do you get, malware of course.
Plesk Vulnerability Leading to Malware
>> http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html
Runforestrun and Pseudo Random Domains
- http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
Run, Forest! (Update) – block 95.211.27.206
- https://isc.sans.edu/diary/Run+Forest+Update+/13561
We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block."

:fear::fear:

AplusWebMaster
2012-06-29, 06:33
FYI...

BH Exploit Kit, Run Forest Run, fariet domains
- http://www.malwaredomains.com/wordpress/?p=2760
June 28th, 2012 - "A small but important update with some fariet, run forest run, bh exploit kit domains. Sources include blog.eset.com, microsoft.com, blog.urlvoid.com and others..."

:fear:

AplusWebMaster
2012-07-05, 16:09
FYI...

iframes, Pontoeb, scam domains
- http://www.malwaredomains.com/wordpress/?p=2771
July 4th, 2012 - "Added over 100 domains associated with Pontoeb, scams, malicious iframes, etc. Sources: spamhaus.org, vxvault.siri-urz.net, sucuri.net and others..."

:fear:

AplusWebMaster
2012-07-10, 16:26
FYI...

246 malicious domains added...
- http://www.malwaredomains.com/wordpress/?p=2783
July 10th, 2012 - "A very large update consisting of 246 domains associated with malvertising, iframes, black hole exploits, etc. Sources include malwaredomainlist.com, sucuri.net, dynamoo.com..."

:fear::fear::spider:

AplusWebMaster
2012-07-14, 05:40
FYI...

RunForestRun, malspam, malvertising Domains
- http://www.malwaredomains.com/wordpress/?p=2788
July 12th, 2012 - "Added 150 domains (runforestrun, malspam, malvertising)."

:fear:

AplusWebMaster
2012-07-17, 04:16
FYI...

Relisted Domains ...
- http://www.malwaredomains.com/wordpress/?p=2791
July 16th, 2012 - "Just went through a bunch of older domains and relisted almost 50 of them. Or do the bad guys wait and “lay low” with their domain until “the coast is clear” and once google safebrowsing delists them, they once again use the domain to serve up malware (Whack-a-Mole)? Do they have google APIs and check daily to see if their domain is delisted?... It’s like fast-flux except the time frame is months instead of minutes.:

:fear: :sad:

AplusWebMaster
2012-07-24, 06:44
FYI...

DNS-BH Updates: 7.19 and 7.21
- http://www.malwaredomains.com/wordpress/?p=2794
July 22nd, 2012 - "Been remiss about mentioning updates on 7.19 and 7.21. Please update your blocklists/sinkhole..."

:fear::fear:

AplusWebMaster
2012-07-25, 01:21
FYI...

IntelliDownload (stopmalvertising.com)
- http://www.malwaredomains.com/wordpress/?p=2797
July 23rd, 2012 - "... article about IntelliDownload*...
* http://stopmalvertising.com/malware-reports/intellidownload-hijacks-ads-and-spies-on-your-internet-browsing.html
Jul 20, 2012 - "... it doesn’t disclose that it will hijack advertisements on several major websites and replace them with ads from oadsrv .com, scrape your Facebook data, spy on your browser session and report every move you make on the web back to chango .com ..."

Please study the domains listed in the article and take appropriate action (the domains have -not- yet been added to this blocklist)."

:fear: :mad:

AplusWebMaster
2012-07-26, 15:28
FYI...

Java Exploit domains, trojans, rogues
- http://www.malwaredomains.com/wordpress/?p=2800
July 25th, 2012 - "A small but important update containing domains associated with Java exploits, rogue antivirus, trojans, and other malicious domains you don’t want visiting your computer or network. Sources include mwis.ru, malwaredomainlist.com, and urlquery.net..."
___

- https://blogs.technet.com/b/mmpc/archive/2012/07/25/how-to-protect-yourself-from-java-based-malware.aspx?Redirected=true
25 Jul 2012 - "The last few months we have seen a drastic increase in Java-based malware abusing the CVE-2012-0507* AtomicReferenceArray type-confusion vulnerability. In addition to that, a few weeks ago, a new Java vulnerability was found (CVE-2012-1723)**; it is also a type-confusion vulnerability. The attack abusing this new vulnerability is also very active... The most effective measure against these vulnerabilities is -updating- your Java installation. To check the version of JRE your browser is running, visit following link:
http://www.java.com/en/download/installed.jsp ..."

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0507 - 10.0 (HIGH)
** http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1723 - 10.0 (HIGH)

:fear:

AplusWebMaster
2012-07-27, 00:49
FYI...

RunForestRun DGA Update (update your Domain Blocklist) ...
- http://www.malwaredomains.com/wordpress/?p=2805
July 26th, 2012 in 0day, New Domains
> http://blog.unmaskparasites.com/2012/07/26/runforestrun-now-encrypts-legitimate-js-files/
26 Jul 12 - "... a quick recap of the RunForestRun attack: It began in mid-June and infected many servers with Plesk Panel since then. Hackers used Plesk’s File Manager to inject malicious code (mainly) at the bottom of .js files..."

"RunForestRun has changed the domain generating algorithm (DGA), and now uses waw.pl subdomains (instead of .ru) in malicious URLs."

:sad: :mad: :fear:

AplusWebMaster
2012-07-29, 18:41
FYI...

RunForestRun DGA Domains
- http://www.malwaredomains.com/wordpress/?p=2811
July 28th, 2012 - "Added over 200 RunForestRun Domains listed at blog.unmaskparasites.com."

:fear::fear:

AplusWebMaster
2012-08-04, 06:14
FYI...

DNS-BH Aug3 Update – relisted domains
- http://www.malwaredomains.com/wordpress/?p=2813
August 3rd, 2012 - "Added 203 domains – domains were at one time delisted but are once again associated with malware..."

:fear::fear:

AplusWebMaster
2012-08-09, 19:21
FYI...

Domains and IPs to Block ASAP
- http://www.malwaredomains.com/wordpress/?p=2825
August 9th, 2012 in 0day, sql injection - "Two posts from the Internet Storm Center:
> https://isc.sans.edu/diary.html?storyid=13864
SQL Injection Lilupophilupop style – Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog*.
> https://isc.sans.edu/diary.html?storyid=13861
Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block those IP addresses ..."

* http://blog.dynamoo.com/2012/08/more-malware-sites-to-block-on.html

:fear: :mad::mad:

AplusWebMaster
2012-08-13, 22:12
FYI...

More sites to block...
- http://blog.dynamoo.com/2012/08/even-more-malware-sites-to-block-on.html
13 August 2012 - "More evil sites to block on 194.28.115.150 (Specialist ISP*) following on from these:
idi42nga .rr.nu, kprud89entia .rr.nu, hin66gof .rr.nu, iste03dengi .rr.nu, hing30emplo .rr.nu,
ize84dso .rr.nu, ind42icat .rr.nu, lack33andw .rr.nu"
* http://blog.dynamoo.com/2012/08/yet-more-malware-sites-to-block-on.html
10 August 2012 - "... blocking access to 91.211.200.0/22 and 194.28.112.0/22 (Specialist ISP) plus -all- .rr.nu domains would be even better."

> http://blog.dynamoo.com/2012/08/scan-from-xerox-workcentre-pro-spam.html
13 August 2012 - "..."46.51.218.71 (Amazon, Ireland)
71.89.140.153 (Cloudaccess.net, US)
203.80.16.81 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem..."

Something evil on 178.63.195.128/26
- http://blog.dynamoo.com/2012/08/something-evil-on-1786319512826.html
13 August 2012 - "The IP address range 178.63.195.128/26 nominally belongs to grey hat host Hetzner in Germany, although it has been reallocated to a registrant in Israel. This block recently came up as the source for a ZeroAccess infection picked up from 178.63.195.170. A look at the 178.63.195.128/26 range (178.63.195.128 - 178.63.195.191) shows several suspicious websites with domains apparently generated by DoItQuick (more info here*). Most of the domains are too new to have any reputation, although given the live distribution of malware and the randomly chosen names then they are unlikely to be doing anything nice... quite a lot of suspect sites have recently been moved from this range to point at 127.0.0.1 instead, a common trick when malcious domains needs to be pointed somewhere else quickly.
The registrant for this block is:
inetnum: 178.63.195.128 - 178.63.195.191
address: RUSSIAN FEDERATION
178.63.195.163...
178.63.195.167...
178.63.195.168...
178.63.195.170...
178.63.195.171..."
* https://krebsonsecurity.com/2012/07/service-secures-domains-for-black-deeds/

:mad::mad::mad:

AplusWebMaster
2012-08-14, 17:47
FYI...

"Federal Tax" spam...
- http://blog.dynamoo.com/2012/08/federal-tax-spam-wireframegleeinfo.html
14 August 2012 - "... tax-themed spam leads to malware...

Date: Tue, 14 Aug 2012 15:21:33 +0200
From: "Internal Revenue Service" [alerts@irs.gov]
Subject: Rejected Federal Tax transfer
Your Tax payment (ID: 38969777924999), recently sent from your checking account was returned by the The Electronic Federal Tax Payment System.
Rejected Tax transaction
Tax Transaction ID: 38969777924999
Return Reason See details in the report below
Tax Transaction Report tax_report_38969777924999.doc (Microsoft Word Document) ...

... malicious payload... hosted on 78.87.123.114 (CYTA, Greece) which has been seen several times lately and should be blocked if you can."
___

"We can not charge your credit card" spam...
- http://blog.dynamoo.com/2012/08/we-can-not-charge-your-credit-card-spam.html
14 August 2012 - "... spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware...

Date: Tue, 14 Aug 2012 05:26:05 +0200
From: "ups" [mail@ups.com]
Subject: We can not charge your credit card
Attachments: Amazon_Invoice.htm
Your Account | Help
Your credit card was blocked.
We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible...

The attachment Amazon_Invoice.htm is malicious and it attempts to download a malicious script... hosted on the following IPs (which have all been used for malware distribution several times):
190.120.228.92
199.71.212.78
203.80.16.81 ..."

:mad::mad:

AplusWebMaster
2012-08-24, 00:56
FYI...

Outgoing network traffic & Malicious Activity
- http://www.malwaredomains.com/wordpress/?p=2831
August 23rd, 2012 - "SANs* has a nice write-up about analyzing outgoing network traffic to identify malicious activity. They list a bunch of ip blocklists and IP reputation sources.
(We’ve also had two updates since the last post**, busy at $Jobs...)"

* https://isc.sans.edu/diary.html?storyid=13963#comment

** http://www.malwaredomains.com/wordpress/?p=2829
August 14th, 2012

Also see: http://www.malwaredomainlist.com/mdl.php

Latest update: August 23, 2012 2:50 AM
- http://mirror2.malwaredomains.com/files/

:fear::fear:

AplusWebMaster
2012-08-28, 14:57
FYI...

DNS-BH Update – 104 new domains
- http://www.malwaredomains.com/wordpress/?p=2833
August 27th, 2012 - "Added 104 new domains from hosts-file.net, safebrowsing.clients.google.com, avgthreatlabs.com and others..."

:fear:

AplusWebMaster
2012-08-29, 15:53
FYI...

Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains
- http://www.malwaredomains.com/wordpress/?p=2837
August 28th, 2012 - "Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, spamhaus.org..."

:fear::fear:

AplusWebMaster
2012-09-03, 23:30
FYI...

Java 0-day, Black Hole Exploits, and other malicious domains...
- http://www.malwaredomains.com/wordpress/?p=2843
September 3rd, 2012 - "... Updates on August 29th and Sept 1st contained domains associated with the Java 0-day, Black Hole Exploits, and other malicious domains (another today @ 1:12 PM*)... Sources include safebrowsing.clients.google.com, scumware.org, blog.dynamoo.com and others..."
* http://mirror2.malwaredomains.com/files/

:fear:

AplusWebMaster
2012-09-09, 18:48
FYI...

java exploit domains, rouge antivirus, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2852
September 8th, 2012 - "Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include emergingthreats.net, google.com/safebrowsing, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2012-09-17, 14:11
FYI...

Several Sept Updates
- http://www.malwaredomains.com/wordpress/?p=2862
September 16th, 2012 - "... Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc. All sources are listed in our domain.txt file*..."
* http://dns-bh.sagadc.org/domains.txt

:fear::fear:

AplusWebMaster
2012-09-24, 14:18
FYI...

Nitro, malspam, risky domains ...
- http://www.malwaredomains.com/wordpress/?p=2866
September 23rd, 2012 - "Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net..."

:fear::fear:

AplusWebMaster
2012-09-26, 01:47
FYI...

Site delistings - Blocklist correction ...
- http://www.malwaredomains.com/wordpress/?p=2871
September 25th, 2012 - "artconcoction.com has been delisted and will be removed on the next update. There is also a (big) mistake in the zone file, don’t wait for an update on our end; please -remove- safebrowsing.clients.google.com* from your zone files ASAP."

* NOTE to AdBlock Plus users: Un-check it in the AdBlock Plus Filter Preference listing.

:fear::fear:

AplusWebMaster
2012-09-27, 18:39
FYI...

malvertising, Black Hole Exploit Kit domains
- http://www.malwaredomains.com/wordpress/?p=2873
September 26th, 2012 - "Added a bunch of domains associated with exploit kits, malvertising, and other badness. Sources include binrand.com, mwis.ru, vxvault.siri-urz.net..."

:fear::fear:

AplusWebMaster
2012-09-29, 20:51
FYI...

140 exploit, driveby, malicious domains
- http://www.malwaredomains.com/wordpress/?p=2876
September 28th, 2012 - "Added 140 domains associated with drivebys, exploits, etc. Sources include wepawet.iseclab.org, urlvoid.com, sucuri.net, and others..."

:fear:

AplusWebMaster
2012-10-04, 03:56
FYI...

250+ Domains...
- http://www.malwaredomains.com/wordpress/?p=2880
October 2nd, 2012 - "Added over 250 domains — iframes, malicious spam, attack sites, etc. Sources: blog.dynamoo.com, safebrowsing.clients.google.com, blog.sucuri.net. etc..."

:fear::fear:

AplusWebMaster
2012-10-07, 23:28
FYI...

Sinowal, Sirefef, redkit domains, blackhole, downadup domains
- http://www.malwaredomains.com/wordpress/?p=2885
October 5th, 2012 - "Added 151 domains associated with down adup, blackhole exploits, red kit, sinowal, etc. Sources include threatexpert.com, mwis.ru, safebrowsing.clients.google.com..."

:fear::fear:

AplusWebMaster
2012-10-10, 05:09
FYI...

downadup, iframes, torpig malicious spam domains added
- http://www.malwaredomains.com/wordpress/?p=2889
October 8th, 2012 - "Added 167 domains associated with iframe injection, malspam, torpig, DownAdUp, etc. Sources include threatexpert.com, labs.sucuri.net, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2012-10-15, 06:28
FYI...

work-at-home scam, kuluoz, trojan domains
- http://www.malwaredomains.com/wordpress/?p=2895
October 12th, 2012 - "A bunch of work-at-home, fraud, scam domains added in addition to the usual black hole exploit kit, trojan, and other malicious domains. Sources include malwareurl.com, emergingthreats.net, malwaredomainlist.com..."

:fear:

AplusWebMaster
2012-11-04, 18:25
FYI...

176 new domains added
- http://www.malwaredomains.com/wordpress/?p=2905
November 3rd, 2012 - "... Added 176 new domains associated with malspam, malicious redirections, exploits, etc. Sources include hosts-file.net, safebrowsing.clients.google.com, blog.dynamoo.com..."

:fear:

AplusWebMaster
2012-11-06, 22:15
FYI...

Big Update – 286 Domains
- http://www.malwaredomains.com/wordpress/?p=2909
November 6th, 2012 - "Added 286 domains from zeustracker.abuse.ch, urlvoid.com, dshield.org, safebrowisng.clients.google.com..."

:fear: :fear:

AplusWebMaster
2012-11-12, 03:26
FYI...

113 new domains added
- http://www.malwaredomains.com/wordpress/?p=2914
November 10th, 2012 - "Added 113 new domains (onescan,malspam, pharma) listed at blog.dynamoo.com, dshield.org, support.clean-mx.com and others..."

:fear:

AplusWebMaster
2012-11-14, 14:11
FYI...

156 New Rogue, Unsafe, Suspicious Domains
- http://www.malwaredomains.com/wordpress/?p=2919
November 12th, 2012 - "Added 156 new domains from dshield.org, hosts-file.net, urlvoid.com and other sources..."

:fear:

AplusWebMaster
2012-11-18, 03:13
FYI...

127 New Malicious Domains
- http://www.malwaredomains.com/wordpress/?p=2921
November 17th, 2012 - "Added 127 new malicious domains from wepawet.iseclab.org, dshield.org, vxvault.siri-urz.net and others..."

:fear:

AplusWebMaster
2012-11-21, 14:50
FYI...

Big Update: 211 Serenity Exploit Kit, Malspam, Malicious Domains
- http://www.malwaredomains.com/wordpress/?p=2925
November 20th, 2012 - "Added 211 domains associated with Serenity Exploit Kit, malicious spam,etc from dshield.org, blog.dynamoo.com, malwaremustdie.blogspot.com..."

21,000 (!) JS/RunForestRun/PseudoRandom Domains
- http://www.malwaredomains.com/wordpress/?p=2929
November 21st, 2012 - "The algorithm for creating Pseudo Random RunForestRun domains has been published by malwarereports.blogspot.com (http://malwarereports.blogspot.com) . Full list of domains (21000!) is located here*."
* http://pastebin.com/k3k7ibvJ

:fear::fear:

AplusWebMaster
2012-11-24, 13:46
FYI...

DNS-BH - Malware Domain Blocklist
Another big update: 207 domains
- 1 day ago
> received from RSS feed
"207 domains added (iframes, htaccess redirections and other harmful domains) from malwaremustdie.blogspot.com, dshield.org, labs.sucuri.net, etc..."
(Cannot access site - "under constant attack" [DDoS] ...)
Mirror site still available for updates dtd. Nov 22, 2012...

:mad::fear:

AplusWebMaster
2012-11-26, 14:27
FYI...

Nov 25 Update: 233 New Domains
> received from RSS feed
"Added 223 suspicious, harmful domains originally referenced in malwaredomainlist.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."
(Cannot access site - "under constant attack" [DDoS] ...)
"The server at malwaredomains.com is taking too long to respond."
Mirror site still available for updates dtd. Nov 25, 2012...

:fear::fear:

AplusWebMaster
2012-11-29, 02:19
FYI...

Another large update – 187 domains
- http://www.malwaredomains.com/?p=2941
November 28th, 2012 - "Add -187- exploit kit, malicious, koobface domains originally listed on ddanchev.blogspot.com, avgthreatlabs.com, dshield.org and other sources..."

:fear:

AplusWebMaster
2012-12-02, 17:53
FYI...

exploit special – over 240 domains added
- http://www.malwaredomains.com/?p=2945
December 2nd, 2012 - "Added over 240 domains flagged as coolexploitkit, Nuclearexploitkit, bhexploitkit along with the usual array of malicious domains originally listed at mwis.ru, kahusecurity.com, malwaredomainlist.com..."

:fear::fear:

AplusWebMaster
2012-12-06, 16:29
FYI...

malspam, zeus, iceix domains
- http://www.malwaredomains.com/?p=2949
December 5th, 2012 - "Added -116- domains associated with malspam. zeus, iceix, etc. Sources: malwaredomainlist.com, blog.dynamoo.com, vxvault.siri-urz.net and others..."

:fear::fear:

AplusWebMaster
2012-12-11, 03:29
FYI...

Over 320 Domains Added
- http://www.malwaredomains.com/?p=2952
December 9th, 2012 - "Added over -320- Domains. Please update your blocklists..."

Joomla (and WordPress) Bulk Exploit ongoing
- http://www.malwaredomains.com/?p=2955
December 10th, 2012 - "Sans reports* that there is an ongoing bulk Joomla and WordPress exploit, complete with iframes pointing to Fake AV. If anyone has seen a published list of the FQDN’s involved in this, please let us know so we can add those domains here."
* https://isc.sans.edu/diary.html?storyid=14677
Last Updated: 2012-12-10 23:17:33 UTC - "... reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. We'll get to the downloaded in a second, but the interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. We'd like PCAPs or weblogs if you're seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website). The IFRAMES seem to have rapidly changing FQDN's* that it is using but the common element is /nightend.cgi?8. Two of the bad IPs that seem to be frequent offenders are 78.157.192.72 and 108.174.52.38. Ultimately it pulls FakeAV software to do it's badness. Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis. If you have weblogs (particularly verbose ones), I would be interested in seeing them..."
* Fully Qualified Domain Name

Joomla sites misused to deploy malware
- http://h-online.com/-1766841
12 Dec 2012 - "... Joomla site administrators should be sure to check whether they installed the Joomla Content Editor at some point in the past; if they have, they should update it to the current version JCE 2.3.1*. Those who have found an old version should also check any JavaScript files for suspicious iFrames. A quick overview is available via the
find . -print0 -name \*.js | xargs -0 grep -i iframe
command line instruction. This instruction doesn't cover variants in which the iFrame tag is assembled at a later stage via script code, but none of the infected sites that are known to heise Security include such variants. The injected PHP backdoor can often be found at /images/stories/story.php."
* http://www.joomlacontenteditor.net/news/item/jce-231-released

:fear: :mad:

AplusWebMaster
2012-12-12, 14:47
FYI...

142 malspam, iframe, joomla exploit, malicious domains
- http://www.malwaredomains.com/?p=2963
December 11th, 2012 - "Added -142- domains associated with malspam, iframe/joomla exploit. Sources include safebrowsing.clients.google.com, blog.dynamoo.com, labs.sucuri.net..."

:fear:

AplusWebMaster
2012-12-17, 05:14
FYI...

247 kelihos, runforestrun domains
- http://www.malwaredomains.com/?p=2972
December 14th, 2012 - "247 domains (kelihos, runforestrun and others) were added. Sources include abuse.ch, malwaremustdie.blogspot.com..."
___

citadel, zeus, harmful domains
- http://www.malwaredomains.com/?p=2979
December 16th, 2012 - "Added -189- domains associated with citadel, zeus and other badness. Sources include zeustracker.abuse.ch, spamhaus.org, malwaredomainlist.com, safeweb.norton.com..."

:fear:

AplusWebMaster
2012-12-24, 04:39
FYI...

Lots of Malspam Domains
- http://www.malwaredomains.com/?p=2982
December 21st, 2012 - "Added over 150 domains, mainly malicious spam domains from blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2012-12-25, 16:20
FYI...

Large Update – almost 300 domains
- http://www.malwaredomains.com/?p=2986
December 23rd, 2012 - "Added almost -300- domains associated with malicious spam, harmful “safebrowsing” domains, iframes and redirections. Sources include safebrowsing.clients.google.com, labs.sucuri.net, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2012-12-28, 12:59
FYI...

Huge Update – almost 1000 domains (!)
- http://www.malwaredomains.com/?p=2992
December 26th, 2012 - "Added almost 1000 malicious spam domains from dynamoo’s blog*..."
* http://blog.dynamoo.com/

:fear::fear::fear:

AplusWebMaster
2012-12-29, 23:54
FYI...

bhexploitkit, scam, bredolab, malicious iframes
- http://www.malwaredomains.com/?p=2995
December 29th, 2012 - "Added over -230- domains associated with bredolab, blackhole exploit kit, coolexploitkit, nuclearexploitkit, etc. Sources include mwis.ru, safebrowsing.clients.google.com, urlquery.net..."

:fear::fear:

AplusWebMaster
2013-01-04, 05:56
FYI...

Lots of malspam and other harmful domains
- http://www.malwaredomains.com/?p=3009
January 2nd, 2013 - "Added 318 domains, mainly from dynamoo.com and safebrowsing.clients.google.com..."

:fear:

AplusWebMaster
2013-01-06, 18:21
FYI...

Lots of malspam domains
- http://www.malwaredomains.com/?p=3012
January 5th, 2013 - "Added over -120- domains, mainly malicious spam listed blog.dynamoo.com and other harmful domains listed at vxvault.siri-urz.net and other reputable web sites..."

:fear::fear:

AplusWebMaster
2013-01-10, 05:35
FYI...

iframes, redirections, other harmful domains
- http://www.malwaredomains.com/?p=3017
January 8th, 2013 - "Added 185 domains associated with iframes, htaccess redirects, etc..."

:fear:

AplusWebMaster
2013-01-11, 22:33
FYI...

TinyBanker, moneymule, exploit domains
- http://www.malwaredomains.com/?p=3021
January 10th, 2013 - "Added over -200- malicious domains (exploit, moneymule, tiny banker, etc) originally listed at ddanchev.blogspot.com, virustracker.info, hosts-file.net, and others..."

:fear::fear:

AplusWebMaster
2013-01-14, 16:38
FYI...

bamital, zeroaccess, malspam domains
- http://www.malwaredomains.com/?p=3025
January 12th, 2013 - "Added -440- domains associated with zeroaccess, bamital and malicious spam from virustracker.info and blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2013-01-17, 07:02
FYI...

Over 360 domains added
- http://www.malwaredomains.com/?p=3028
January 15th, 2013 - "Over 360 domains added, mainly multibanker and domains flagged by google safebrowsing..."

:fear::fear:

AplusWebMaster
2013-01-18, 23:30
FYI...

gameover zeus domains
- http://www.malwaredomains.com/?p=3032
January 17th, 2013 - "Added -275- domains, mainly zeus_gameover domains from virustracker.info..."

:fear::fear:

AplusWebMaster
2013-01-27, 14:26
FYI...

Three Updates – January 18, 20 & 25th…
- http://www.malwaredomains.com/?p=3036
January 26th, 2013 - "Been late on updating this blog. The update on January 18 was -239- domains. January 20th’s update was -233- domains, and the update on January 25th was of -269- domains..."

:fear::fear: :sad:

AplusWebMaster
2013-02-04, 07:29
FYI...

iframes, malspam, zbot, g01pack, malvertising domains
- http://www.malwaredomains.com/?p=3051
February 3rd, 2013 - "Added 150+ domains associated with g01pack, malvertising, zbot, spyeye, malspam, etc. Sources include blog.dynamoo.com, urlquery.net, scumware.org and others..."

:fear:

AplusWebMaster
2013-02-06, 09:32
FYI...

116 suspicious, malicious domains
- http://www.malwaredomains.com/?p=3058
February 4th, 2013 - "Added 116 domains from blog.dynamoo.com, dshield.org, vxvault.siri-urz.net and others..."

:fear:

AplusWebMaster
2013-02-12, 21:26
FYI...

Feb 6, 8, 10 updates
- http://www.malwaredomains.com/?p=3064
February 12th, 2013 - "Feb 6 – 171 new domains added, Feb 8 – 146 new domains added, Feb 10 – 202 new domains added..."

:fear::fear::fear:

AplusWebMaster
2013-02-16, 06:40
FYI...

225 Malspam Domains
- http://www.malwaredomains.com/?p=3069
February 13th, 2013 - "Added 225 malicious spam domains from Dynamoo’s awesome blog ( http://blog.dynamoo.com/ )..."

:fear:

AplusWebMaster
2013-02-17, 19:07
FYI...

175 new domains
- http://www.malwaredomains.com/?p=3073
February 16th, 2013 - "Added 175 new domains from blog.dynamoo.com, riskanalytics.com, and safebrowsing.clients.google.com..."

:fear:

AplusWebMaster
2013-02-20, 06:49
FYI...

CritXPack, zeus, expiro domains
- http://www.malwaredomains.com/?p=3079
February 19th, 2013 - "Added 190+ domains associated with zeus/gameover, expiro_z, CritXPack and other badness. Sources include virustracker.info, hosts-file.net, blog.dynamoo.com and others..."

:fear:

AplusWebMaster
2013-02-23, 12:28
FYI...

Malicious iframe domains
- http://www.malwaredomains.com/?p=3087
February 22nd, 2013 - "... two important updates –363- domains added on 2/20 and another -220- added on 2/21 (lots of the malicious iframe domains)..."

:fear::fear:

AplusWebMaster
2013-02-28, 11:39
FYI...

146 domains added
- http://www.malwaredomains.com/?p=3094
February 26th, 2013 - "Added 146 domains from malwarepatrol.net, malwareurls.joxeankoret.com, virustracker.info and other sources..."

:fear::fear:

AplusWebMaster
2013-03-03, 00:59
FYI...

apt, infostealer, zeus domains added
- http://www.malwaredomains.com/?p=3097
March 1st, 2013 - "Added 200+ domains associated with infostealer/shiz, zeus/gameover, apt domains from mandiant’s intel report. Sources include virustracker.info, intelreport.mandiant.com and others..."

:fear::fear:

AplusWebMaster
2013-03-07, 15:09
FYI...

230 comment-crew, iframes, bhek domains added
- http://www.malwaredomains.com/?p=3104
March 6th, 2013 - "Added 230 comment crew, iframes, bhek, malspam domains. Sources include blog.dynamoo.com, labs.sucuri.net, symantec.com..."

:fear:

AplusWebMaster
2013-03-09, 16:41
FYI...

175+ kelihos and trojan domains
- http://www.malwaredomains.com/?p=3108
March 8th, 2013 - "Added over 175 domains associated with kelihos and other trojans... we added the ones still flagged as malicious by google safebrowsing. Sources: lavasoft.com, deependresearch.org, symantec.com..."

:fear::fear:

AplusWebMaster
2013-03-12, 15:19
FYI...

100+ cridex domains added
- http://www.malwaredomains.com/?p=3112
March 11th, 2013 - "Added about 100 cridex domains and another 50 or so associated with other badness. Sources include malwaredomainlist.com, gfisoftware.tumblr.com*, safebrowsing.clients.google.com, blog.dynamoo.com..."

* SPAM screenshots/IPs/URLs to be blocked: http://gfisoftware.tumblr.com/

:fear::fear:

AplusWebMaster
2013-03-13, 14:58
FYI...

330 domains added (malspam, bhek…)
- http://www.malwaredomains.com/?p=3118
March 13th, 2013 - "Added -330- new Black Hole, malspam, malicious domains. Sources: riskanalytics.com, riskanalytics.com..."

:fear:

AplusWebMaster
2013-03-16, 05:17
FYI...

132 BHEK, APT1, Exploit Domains Added
- http://www.malwaredomains.com/?p=3127
March 15th, 2013 - "Added -132- BHEK, APT1, Exploit domains. Sources include zeustracker.abuse.ch, mwis.ru, safebrowsing.clients.google.com and others..."

:fear:

AplusWebMaster
2013-03-19, 03:53
FYI...

citadel, ru:8080, travnet domains...
- http://www.malwaredomains.com/?p=3131
March 18th, 2013 - "Added -159- citadel, ru:8080, travnet domains. Sources: blog.dynamoo.com, blogs.mcafee.com, surfright.nl..."

:fear:

AplusWebMaster
2013-03-22, 01:22
FYI...

277 domains added
- http://www.malwaredomains.com/?p=3134
March 21st, 2013 - "Added 277 malspam, phishing and other harmful domains. Sources: riskanalytics.com, safebrowsing.clients.google.com, blog.dynamoo.com and others ..."

:fear:

AplusWebMaster
2013-03-25, 15:03
FYI...

apt, citadel, malspam, redirection domains
- http://www.malwaredomains.com/?p=3137
March 24th, 2013 - "Added 200+ domains associated with apt, citadel, malspam, and htaccess redirection. Sources include spamhaus.org, scumware.org, labs.sucuri.net and others..."

:fear:

AplusWebMaster
2013-03-29, 15:04
FYI...

Added 175 BHEK, APT, Malspam domains
- http://www.malwaredomains.com/?p=3141
March 28th, 2013 - "Added 175 domains associated with APTs, Malspam, BHEK, etc. Sources: vxvault.siri-urz.net, safebrowsing.clients.google.com, blog.dynamoo.com…"

:fear:

AplusWebMaster
2013-03-31, 09:44
FYI...

Added 235 malvertising, malspam, suspicious domains
- http://www.malwaredomains.com/?p=3144
March 30th, 2013 - "Added 235 malvertising, malspam, suspicious domains. Sources: safebrowsing.clients.google.com, blog.dynamoo.com, wepawet.cs.ucsb.edu..."

:fear::fear:

AplusWebMaster
2013-04-02, 14:54
FYI...

Huge update – 3000 Zeus domains
- http://www.malwaredomains.com/?p=3153
April 2nd, 2013 - "Added 3000+ ZeuS_Gameover domains listed at virustracker.info. Please update your blocklist..."

:fear::fear:

AplusWebMaster
2013-04-06, 16:18
FYI...

487 domains added
- http://www.malwaredomains.com/?p=3158
April 5th, 2013 - "... added 487 new domains from malwareurls.joxeankoret.com and emergingthreats.net..."

:fear:

AplusWebMaster
2013-04-10, 16:11
FYI...

malspam, bhek domains
- http://www.malwaredomains.com/?p=3161
April 8th, 2013 - "101 malspam, malicious & bhek domains added..."

:fear::fear:

AplusWebMaster
2013-04-14, 01:28
FYI...

citadel, drive-by, Krypt, malvertising, malspam domains…
- http://www.malwaredomains.com/?p=3164
April 12th, 2013 - "Added 102 domains associated with Trojan-Krypt, zeus, malspam, malvertising, citadel… Sources include blog.dynamoo.com, hosts-file.net, mwis.ru and many others..."

:fear:

AplusWebMaster
2013-04-18, 06:37
FYI...

Two Updates – 218 New Domains
- http://www.malwaredomains.com/?p=3168
April 16th, 2013 - "Two updates added -218- iframe, redirections, malspam, malvertising domains. Sources: safebrowsing.clients.google.com, labs.sucuri.net, vxvault.siri-urz.net and others..."

:fear::fear:

AplusWebMaster
2013-04-24, 09:19
FYI...

Added 400+ domains (4/18 & 4/21). New update in progress.
- http://www.malwaredomains.com/?p=3175
April 22nd, 2013 - "Added 400+ domains 4/18 and 4/21 updates..."

:fear:

AplusWebMaster
2013-04-26, 14:03
FYI...

iframes, kelihos, malvertising domains
- http://www.malwaredomains.com/?p=3178
April 25th, 2013 - "Added 121 iframes, kelihos, malvertising, redirection domains from blog.dynamoo.com, labs.sucuri.net..."

:fear:

AplusWebMaster
2013-05-04, 00:02
FYI...

Over 550 Domains added
- http://www.malwaredomains.com/?p=3187
May 2nd, 2013 - "... Added 98 domains on 4/26 , 218 domains on 4/27, and 235 domains on 4/30. Malspam, Malvertising, Cdorked, etc..."

:fear::fear:

AplusWebMaster
2013-05-05, 15:23
FYI...

155 Zeus, malspam, NAIKON.A domains
- http://www.malwaredomains.com/?p=3191
May 4th, 2013 - "Added 155 domains associated with malicious spam, Zeus, Naikon.A, malicious advertising banners. Sources include zeustracker.abuse.ch, blog.dynamoo.com, blog.trendmicro.com..."

:fear::fear:

AplusWebMaster
2013-05-08, 11:55
FYI...

174 Zeus, Mariposa, Harmful Domains
- http://www.malwaredomains.com/?p=3196
May 5th, 2013 - "Added 174 Zeus, Mariposa, safebrowsing domains. Sources: zeustracker.abuse.ch, labs.alienvault.com, ics-cert.us-cert.gov and others..."

:fear::fear:

AplusWebMaster
2013-05-13, 13:30
FYI...

malspam, iframe, typosquatting, malvertising domains
- http://www.malwaredomains.com/?p=3204
May 10th, 2013 - "... 98 rogue, malspam, typosquatting, malvertising domains. Sources: isc.sans.edu, blog.dynamoo.com, urlquery.net, blog.sucuri.net..."

:fear:

AplusWebMaster
2013-05-14, 15:27
FYI...

Added 167 malspam, iframe, redkit domains
- http://www.malwaredomains.com/?p=3210
May 11th, 2013 - "Added 167 Red Kit, Malicious Spam, iframe domains. Sources include
dynamoo.com (of course), urlquery.net, siteinspector.comodo.com..."

:fear:

AplusWebMaster
2013-05-16, 15:52
FYI...

279 Zeus domains added
- http://www.malwaredomains.com/?p=3214
May 14th, 2013 - "Added 279 Zeus domains from zeustracker.abuse.ch..."

:fear::fear:

AplusWebMaster
2013-05-17, 19:23
FYI...

SutraTDS, iframe, malvertising,malspam domains
- http://www.malwaredomains.com/?p=3217
May 17th, 2013 - "Added -111- SutraTDS, iframe, malvertising, malspam domains from blog.dynamoo.com, urlquery.net, and some private sources..."

:fear:

AplusWebMaster
2013-05-21, 03:17
FYI...

147 pushdo, malvertising, malicious js, iframe domains added
- http://www.malwaredomains.com/?p=3222
May 19th, 2013 - "Added 147 domains associated with malicious javascript, iframes, pushdo, etc. Sources include safebrowsing.clients.google.com, sucuri.net, secureworks.com..."

:fear:

AplusWebMaster
2013-05-24, 12:09
FYI...

Redkit, Carberp, facebook scam domains
- http://www.malwaredomains.com/?p=3233
May 22nd, 2013 - "Added 171 Redkit, Carberp, malspam, malicious domains. Sources include urlquery.net, siteinspector.comodo.com, blog.dynamoo.com..."

:fear:

AplusWebMaster
2013-05-26, 15:46
FYI...

73 malicious domains ...
- http://www.malwaredomains.com/?p=3245
May 25th, 2013 - "Added 73 malicious domains from siteinspector.comodo.com and safebrowsing.clients.google.com..."

:fear:

AplusWebMaster
2013-05-31, 02:59
FYI...

334 domains added ...
- http://www.malwaredomains.com/?p=3249
May 27th, 2013 - "... added 334 domains on 5/27. Fake Flash Player, Rogue, iframes, malspam, c2 etc from siteinspector.comodo.com, threattrack.tumblr.com, urlquery.net and others..."

:fear:

AplusWebMaster
2013-06-01, 19:36
FYI...

SutraTDS, malspam, malvertising domains
- http://www.malwaredomains.com/?p=3253
May 30th, 2013 - "Added 121 domains associated with SutraTDS, malicious spam, malicious banner ads. Sources include www.google.com/safebrowsing/diagnostic, vxvault.siri-urz.net, threattrack.tumblr.com..."

:fear:

AplusWebMaster
2013-06-06, 13:51
FYI...

redkit, iframe, citadel domains
- http://www.malwaredomains.com/?p=3257
June 4th, 2013 - "Added 80 domains (botnet, citadel, redkit, iframe) from deependresearch.org, siteinspector.comodo.com, malwaremustdie.blogspot.com..."

:fear::fear:

AplusWebMaster
2013-06-08, 16:45
FYI...

iframes, malvertising, medfos, net-traveler domains
- http://www.malwaredomains.com/?p=3263
June 7th, 2013 - "Added domains associated with iframes, scrinject, zeus, malvertising, medfos, net-traveler. Sources include hosts-file.net, siteinspector.comodo.com, emergingthreats.net, scumware.org and several others..."

:fear:

AplusWebMaster
2013-06-13, 06:16
FYI...

BHEKv2, Neutrino, keyboy malvertising domains…
- http://www.malwaredomains.com/?p=3273
June 11th, 2013 - "Added 107 new domains from a variety of sources… BHEKv2, malspam, keyboy, Neutrino, malicious banner ads, android trojan domains, and all sorts of badness originally cited at blog.dynamoo.com, community.rapid7.com, urlquery.net, emergingthreats.net and others..."

:fear:

AplusWebMaster
2013-06-15, 05:53
FYI...

bhek, malvertising, phishing domains
- http://www.malwaredomains.com/?p=3277
June 13th, 2013 - "100+ harmful domains associated with phishing, malvertising, BHEK. Sources: safebrowsing.clients.google.com, malwaregroup.com, phishtank.com..."

:fear:

AplusWebMaster
2013-06-19, 02:41
FYI...

124 iframe, malspam, citadel domains
- http://www.malwaredomains.com/?p=3285
June 16th, 2013 - "124 iframe, malspam, citadel and other harmful domains added from blog.dynamoo.com, zeustracker.abuse.ch, emergingthreats.net and other sources..."

:fear:

AplusWebMaster
2013-06-21, 14:24
FYI...

278 domains (multibanker, ramnit, sinowal…)
- http://www.malwaredomains.com/?p=3288
June 20th, 2013 - "Added 278 domains (multibanker, ramnit, sinowal, styx, malicious spam, etc) from virustracker.info, blog.dynamoo.com, safebrowsing.clients.google.com and others..."

:fear::fear:

AplusWebMaster
2013-06-28, 03:09
FYI...

citadel, zeus, styx, iframe domains
- http://www.malwaredomains.com/?p=3293
June 26th, 2013 - "Huge update of -282- domains associated with Zeus, Citadel, Styx, malicious redirections, iframes, and other badness you don’t want on your network or home computer. Sources: labs.sucuri.net, siteinspector.comodo.com, malwaregroup.com, zeustracker.abuse.ch..."

:fear::fear:

AplusWebMaster
2013-06-29, 20:34
FYI...

Malicious Spam, Phishing, Multibanker, Malicious Advertising Domains…
- http://www.malwaredomains.com/?p=3298
June 28th, 2013 - "Added 114 domains associated with Phishing, Malicious Ad Banners, sinowal, multibanker, MalSpam, and other badness from blog.dynamoo.com, safebrowsing.clients.google.com, virustracker.info, phishtank.com..."

Suspension - 61 unique domains used by Blackhole Exploit Kit ("closest" type) Crime Group operated on 80.78.247.114 ...
- http://malwaremustdie.blogspot.com/2013/06/suspension-of-61-unique-domains-used-by.html
June 28, 2013 - "... evidence as per recorded in URLQuery records below:
http://urlquery.net/report.php?id=3356618
http://urlquery.net/report.php?id=3356579
http://urlquery.net/report.php?id=3355901
http://urlquery.net/report.php?id=3352167
http://urlquery.net/report.php?id=3332078 ..."

:fear::fear:

AplusWebMaster
2013-07-02, 15:02
FYI...

MoneyMule, Redkit, phishing domains…
- http://www.malwaredomains.com/?p=3305
June 30th, 2013 - "Added -184- domains associated with MoneyMule, Redkit, phishing, neutrino, etc. Sources: malwareurls.joxeankoret.com, siteinspector.comodo.com, urlquery.net and others..."

:fear::fear:

AplusWebMaster
2013-07-04, 04:15
FYI...

iframes, malicious javascript, malvertising, redirects
- http://www.malwaredomains.com/?p=3309
July 2nd, 2013 - "Added -137- malicious domains (iframes, malicious js, malvertising, malspam, etc) from labs.sucuri.net, blog.dynamoo.com, safebrowsing.clients.google.com and others..."

:fear::fear:

AplusWebMaster
2013-07-05, 13:54
FYI...

Malspam, Malvertising, redkit domains
- http://www.malwaredomains.com/?p=3314
July 4th, 2013 - "Added 140+ Malspam, Malvertising, redkit and other malicious domains. Sources include emergingthreats.net, safebrowsing.clients.google.com, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2013-07-08, 13:22
FYI...

Betabot, Citadel, RedKit, TDS Domains…
- http://www.malwaredomains.com/?p=3318
July 7th, 2013 - "Added domains associated with Betabot, Citadel, SutraTDS, RedKit, iframes. Sources include malwareurls.joxeankoret.com, malc0de.com, vxvault.siri-urz.net, exposedbotnets.com..."

:fear:

AplusWebMaster
2013-07-11, 14:32
FYI...

citadel, critx, iframe, malicious js domains..
- http://www.malwaredomains.com/?p=3322
July 10th, 2013 - "Added 255 domains associated with malicious javascript, citadel, critx, iframe and other malicious and unsafe activity..."

:fear::fear:

AplusWebMaster
2013-07-14, 03:44
FYI...

153 domains added
- http://www.malwaredomains.com/?p=3325
July 12th, 2013 - "153 domains added from blog.dynamoo.com, malwareurls.joxeankoret.com, urlquery.net and others..."

:fear:

AplusWebMaster
2013-07-16, 14:55
FYI...

multibanker, phishing, rogues…
- http://www.malwaredomains.com/?p=3329
July 15th, 2013 - "Added 161 domains associated with rogue antivirus/security/software, phishing, malvertising, etc. Sources include: labs.umbrella.com, virustracker.info, phishtank.com..."

:fear::fear:

AplusWebMaster
2013-07-25, 00:02
FYI...

styx, citadel, W32.Sality domains
- http://www.malwaredomains.com/?p=3337
July 23rd, 2013 - "Added 120+ domains (W32.Sality, citadel, bhek, styx, etc) from labs.sucuri.net, safebrowsing.clients.google.com, zeustracker.abuse.ch, etc..."

:fear::fear:

AplusWebMaster
2013-07-28, 00:02
FYI...

andromeda, cookiebomb, semra, redkit, pony, iframes…
- http://www.malwaredomains.com/?p=3341
July 26th, 2013 - "Added domains associated with zeus, semra, redkit, pony, andromeda, cookiebomb domains. Sources include: vxvault.siri-urz.net, urlquery.net, cybercrime-tracker.net..."

:fear::fear:

AplusWebMaster
2013-07-30, 14:12
FYI...

malspam, exploit, phishing domains
- http://www.malwaredomains.com/?p=3345
July 28th, 2013 - "Lots (192) of malicious spam domains from dynamoo.com and other sources..."

:fear::fear:

AplusWebMaster
2013-08-01, 17:35
FYI...

Big Update: 280 domains
- http://www.malwaredomains.com/?p=3359
July 31st, 2013 - "Added 280 domains - iframes, malspam, multibanker, Ramnit, redkit etc from blog.dynamoo.com, malc0de.com, urlquery.net, virustracker.info..."

:fear::fear:

AplusWebMaster
2013-08-11, 14:49
FYI...

iframes, multibanker, steelrat domains added
- http://www.malwaredomains.com/?p=3371
August 6th, 2013 - "Added almost 200 domains associated with multibanker, iframes, steelrat, ramnit, etc..."

bhek, dnsamplification, sutratds, trojan domains
- http://www.malwaredomains.com/?p=3367
August 5th, 2013 - "A small but important update of domains associated with DNS Amplification, SutraTDS, BHEK, phishing domains and other badness. Sources: blog.dynamoo.com, dnsamplificationattacks.blogspot.com, safeweb.norton.com, mwis.ru, etc..."

:fear::fear:

AplusWebMaster
2013-08-13, 03:06
FYI...

malicious spam, malicious banners…
- http://www.malwaredomains.com/?p=3375
August 12th, 2013 - "Added 105 domains (malicious spam, malicious banners, other badness). Sources: threattrack.tumblr.com, safebrowsing.clients.google.com, blog.webroot.com, blog.dynamoo.com..."

:fear::fear:

AplusWebMaster
2013-08-18, 06:34
FYI...

Aug 13 Update- 261 Domains; Aug 15 Update: 110 Domains
- http://www.malwaredomains.com/?p=3379
August 17th, 2013 - "Added 261 Domains on Aug 13 and another 110 on Aug 15…"

:fear::fear:

AplusWebMaster
2013-08-19, 14:00
FYI...

269 Domains (cookiebomb, iframes, redkit, etc)
- http://www.malwaredomains.com/?p=3382
August 17th, 2013 - "Added 269 domains associated with iframes, downadup, cookie bomb, redkit, malspam, etc. Sources include dynamoo.com, urlquery.net, threatexpert.com and others..."

:fear::fear:

AplusWebMaster
2013-08-22, 13:50
FYI...

iframes, redirections, malicious javascript
- http://www.malwaredomains.com/?p=3386
August 20th, 2013 - "Added 200+ domains associated with iframes, malicious javascript, htaccess redirections, rogue pharmacies, etc. Sources: app.webinspector.com, labs.sucuri.net, thenewfr0ntier.blogspot.com and others..."

:fear::fear:

AplusWebMaster
2013-08-29, 15:36
FYI...

8/23 & 8/25 updates – 190 domains
- http://www.malwaredomains.com/?p=3390
August 26th, 2013 - "Updates on 8/23 and 8/25 — 190 new domains..."

:fear::fear:

AplusWebMaster
2013-08-31, 19:42
FYI...

140 unsafe, malspam, malvertising domains added
- http://www.malwaredomains.com/?p=3394
August 29th, 2013 - "Added 140 domains associated with malvertising (malicious ad banners) and other badness. Sources: safebrowsing.clients.google.com, blog.dynamoo.com, app.webinspector.com and others..."

:fear:

AplusWebMaster
2013-09-08, 08:05
FYI...

94 new domains
- http://www.malwaredomains.com/?p=3398
September 6th, 2013 - "Added 94 new domains. Sorry for the delay in posting..."

:fear:

AplusWebMaster
2013-09-11, 14:02
FYI...

malvertising, malspam – 160 Domains
- http://www.malwaredomains.com/?p=3403
September 9th, 2013 - "Added 160 malspam and malvertising domains from blog.dynamoo.com and bluecoat.com ..."

:fear::fear:

AplusWebMaster
2013-09-14, 11:29
FYI...

malvertising, zeus, unsafe domains
- http://www.malwaredomains.com/?p=3408
September 11th, 2013 - "Added 151 domains from zeustracker.abuse.ch, app.webinspector.com and other sources..."

:fear::fear:

AplusWebMaster
2013-09-15, 18:52
FYI...

150+ Malvertising Domains
- http://www.malwaredomains.com/?p=3411
September 14th, 2013 - "Added over 150 domains associated with malicious advertising and malicious ad banners..."

:fear::fear:

AplusWebMaster
2013-09-20, 12:24
FYI...

phishing. iframes. malvertising. malicious js
- http://www.malwaredomains.com/?p=3417
September 18th, 2013 - "Added 134 domains associated with malicious javascript, malicious iframes, phishing, malicious banners, etc. Sources include: labs.sucuri.net, phishtank.com, app.webinspector.com..."

multibanker, dnsamplification, malvertising domains
- http://www.malwaredomains.com/?p=3414
September 16th, 2013 - "Added 174 domains associated with phishing, multibanker, dnsamplification, malvertising and other badness. Sources: virustracker.info, threattrack.tumblr.com, labs.sucuri.net..."

:fear::fear:

AplusWebMaster
2013-09-22, 17:43
FYI...

Huge Update… over 200 malspam & iframe domains
- http://www.malwaredomains.com/?p=3423
September 21st, 2013 - "Added -240- malicious (malspame, iframe) domains from ddanchev.blogspot.com, blog.dynamoo.com, and other sources..."

:fear::fear:

AplusWebMaster
2013-09-26, 06:10
FYI...

Malicious Redirects, iframes, botnet domains…
- http://www.malwaredomains.com/?p=3427
September 23rd, 2013 - "Added 115 domains – malicious redirections, c&c, iframes, trojans and other badness. Sources include exposedbotnets.com, fireeye.com, urlquery.net..."

:fear::fear:

AplusWebMaster
2013-09-28, 20:37
FYI...

100+ zeus, malvertising, DNS Amplification domains
- http://www.malwaredomains.com/?p=3430
September 26th, 2013 - "Added 107 domains associated with DNSAmplification, malvertising, zeus, phishing and other badware you won’t want on your network or loading in your browser. Sources include dnsamplificationattacks.blogspot.com, zeustracker.abuse.ch..."
___

- https://zeustracker.abuse.ch/blocklist.php?download=badips

:fear:

AplusWebMaster
2013-09-29, 16:41
FYI...

Big Update: 229 domains (icefog, XtremeRAT, malvertising, etc)
- http://www.malwaredomains.com/?p=3433
September 28th, 2013 - "Added 229 domains (icefog, RAT, malspam, malvertising, etc). Sources include: blog.dynamoo.com, infosecdailydigest.com, fireeye.com..."

:fear::fear:

AplusWebMaster
2013-10-02, 06:29
FYI...

149 new domains (exploitkit, redkit, multibanker,etc)
- http://www.malwaredomains.com/?p=3436
September 30th, 2013 - "Added 149 new domains (exploitkit, redkit, multibanker,etc) from app.webinspector.com, vxvault.siri-urz.net, blog.dynamoo.com and other sources..."

:fear:

AplusWebMaster
2013-10-06, 05:58
FYI...

October Updates: 260+ domains
- http://www.malwaredomains.com/?p=3438
October 5th, 2013 - "Two updates so far this month, a total of over 260 domains..."

:fear::fear:

AplusWebMaster
2013-10-13, 14:01
FYI...

Oct 6 and Oct 11 Updates – 385 domains
- http://www.malwaredomains.com/?p=3440
October 12th, 2013 - "Oct 6th and 11th updates – over 385 domains..."

:fear:

AplusWebMaster
2013-10-17, 04:45
FYI...

BHEK, napolar, dnsamplification, cookiebomb domains
- http://www.malwaredomains.com/?p=3443
October 14th, 2013 - "Added domains associated with a variety of badness (cookiebomb, zeus dropzone, win32/napolar, etc) you want to keep off your corporate or home network. Sources include welivesecurity.com, zeustracker.abuse.ch, dnsamplificationattacks.blogspot.com..."

:fear::fear:

AplusWebMaster
2013-10-19, 22:23
FYI...

zeus, sweetorange, malspam domains
- http://www.malwaredomains.com/?p=3445
October 19th, 2013 - "Added -100- domains on 10/18 and -121- on 10/16 associated with Zeus, sweetorange, malicous spam, etc. Sources include urlquery.net, blog.dynamoo.com, zeustracker.abuse.ch and others..."

:fear::fear:

AplusWebMaster
2013-11-10, 17:12
FYI...

November Updates – Over 1100 malicious domains
- http://www.malwaredomains.com/?p=3467
November 10th, 2013 - "... We’ve added over 1100 malicious domains this month..."
(More info at the URL above.)

:fear::fear:

AplusWebMaster
2013-11-16, 16:14
FYI...

betabot, iframes, malvertising, Capha domains
- http://www.malwaredomains.com/?p=3470
November 14th, 2013 - "Added -242- domains on 11/12 and -253- domains on 11/14 (betabot, iframes, malvertising, Capha, etc) from fireeye.com, google.com/safebrowsing, quttera.com, labs.sucuri.net and others..."

:fear::fear:

AplusWebMaster
2013-11-17, 16:37
FYI...

254 New Domains + Updated Dynamic DNS List
- http://www.malwaredomains.com/?p=3472
November 16th, 2013 - "Add -254- domains (malvertising, betabot, Capha and other maliciousness) from hosts-file.net, blog.dynamoo.com, exposedbotnets.com and others..."

:fear:

AplusWebMaster
2013-11-24, 11:10
FYI...

iframe, ransom, zeus domains
- http://www.malwaredomains.com/?p=3476
November 20th, 2013 - "Added 117 domains associated with cookiebomb, iframe, ransom, zeus, etc. Sources include zeustracker.abuse.ch, webroot.com, safeweb.norton.com..."

:fear:

AplusWebMaster
2013-11-25, 08:47
FYI...

272 New Domains (malvertising, zeus, ransomware,Caphaw…)
- http://www.malwaredomains.com/?p=3479
November 23rd, 2013 - "272 new domains added (Caphaw, g01pack, Citadel, malvertising, zeus, ransomware), and other badness you don’t want anywhere in your network or within your browser..."

:fear::fear:

AplusWebMaster
2013-11-29, 06:19
FYI...

190 domains added
- http://www.malwaredomains.com/?p=3483
November 25th, 2013 - "Added 190 domains (zeus, google safebrowsing, etc)..."

:fear:

AplusWebMaster
2013-11-30, 22:04
FYI...

zeus, neutrino, google safebrowsing domains
- http://www.malwaredomains.com/?p=3486
November 30th, 2013 - "Added -171- domains flagged as zeus, neutrino, and google safebrowsing. Sources include zeustracker.abuse.ch, urlquery.net, google.com/safebrowsing..."

:fear:

AplusWebMaster
2013-12-09, 02:44
FYI...

December Updates
- http://www.malwaredomains.com/?p=3491
December 7th, 2013
12/01 – delisted over 7600 domains
12/04 – added 245 domains
12/06 – added 352 domains

:fear::fear::fear:

AplusWebMaster
2013-12-15, 01:02
FYI...

Dec 8 & 12th updates
- http://www.malwaredomains.com/?p=3494
December 14th, 2013
"Dec 8 – added 259 domains
Dec 12 – added 993 (!) domains
Malspam, k3chang, myweb, malspam, zeus, etc. Sources: app.webinspector.com, zeustracker.abuse.ch, blog.dynamoo.com, etc..."

:fear::fear:

AplusWebMaster
2013-12-20, 19:11
FYI...

Dec 15 & Dec 19 Updates
- http://www.malwaredomains.com/?p=3497
December 20th, 2013
"Dec 15 – added 178 domains;
Dec 19 – Added 137 domains (botnet, scam, malspam, malvertising, iframes). Sources: app.webinspector.com, blog.dynamoo.com, quttera.com, safebrowsing.clients.google.com and others..."

:fear::fear:

AplusWebMaster
2013-12-31, 17:00
FYI...

Dec Updates – Added 300+ domains
- http://www.malwaredomains.com/?p=3501
December 31, 2013
12/22 – added 87 domains
12/25 – added 245 domains
12/28 – added 56 domains ...
___

- http://www.malwaredomains.com/?p=3504
January 1st, 2014 - "Delisted 9290 domains. Please update your blocklists..."

:fear: :fear:

AplusWebMaster
2014-01-05, 02:55
FYI...

zeus, malvertising, sutratds domains
- http://www.malwaredomains.com/?p=3507
January 4th, 2014 - "Added 140+ domains associated with malvertising, zeus, SutraTDS, and other maliciousness. Sources include nictasoft.com, twitter.com/malekal_morte, exposedbotnets.com and others..."


:fear::fear:

AplusWebMaster
2014-01-08, 02:18
FYI...

citadel, botnet, scam, malvertising, magnitude domains
- http://www.malwaredomains.com/?p=3510
January 6th, 2014 - "Added -266- domains associated with malvertising, scams, botnets, magnitude exploit kit, etc. Sources include spamhaus.org, aa419.org, scamfraudalert.org, blog.fox-it.com..."

:fear::fear:

AplusWebMaster
2014-01-13, 06:30
FYI...

140+ malvertising & malspam domans
- http://www.malwaredomains.com/?p=3514
January 11th, 2014 - "Added over 140 domains, the majoring associated with malicious spam and malicious ad banners..."

:fear::fear:

AplusWebMaster
2014-01-19, 16:51
FYI...

malicious spam domains
- http://www.malwaredomains.com/?p=3517
January 17th, 2014 - "... late on this update. Added domains mainly associated with botnet-spam and malspam..."

:fear:

AplusWebMaster
2014-01-20, 04:50
FYI...

158 malicious domains
- http://www.malwaredomains.com/?p=3519
January 18th, 2014 - "Added 158 malicious (phishing, crypolocker, etc) domains. Sources include: google.com/safebrowsing, db.aa419.org, malwareurls.joxeankoret.com..."

:fear::fear:

AplusWebMaster
2014-01-21, 12:26
FYI...

botnet, winlock, malspam, botnet domains
- http://www.malwaredomains.com/?p=3521
January 21st, 2014 - "Added -108- domains associated with botnet, winlock, malspam, botnets and other maliciousness. Sources include malwareurls.joxeankoret.com, urlquery.net, exposedbotnets.com ..."

:fear::fear:

AplusWebMaster
2014-01-23, 02:21
FYI...

Adding Sinkholed Domains to the List
- http://www.malwaredomains.com/?p=3523
January 22nd, 2014 - "We’ve received several requests to add domains already-sinkholed to this list. We’ve also received other requests to remove a domain as it’s already sinkholed. We’d appreciate any thoughts* on the matter. Thanks."
* http://www.malwaredomains.com/?page_id=13

:scratch:

AplusWebMaster
2014-01-25, 10:36
FYI...

250+ malvertising and malspam domains
- http://www.malwaredomains.com/?p=3529
January 24th, 2014 - "Added over -250- malvertising and malspam domains..."

:fear::fear:

AplusWebMaster
2014-02-02, 16:49
FYI...

430 domains ...
- http://www.malwaredomains.com/?p=3532
February 1st, 2014 - "Added -430- domains from the usual great sources (malwareurls.joxeankoret.com, zeustracker.abuse.ch, blog.dynamoo.com, etc.) These domains are associated with exploit kits, zeus, redkit, iframes, etc – nothing you’d want your browser to access..."

:fear::fear:

AplusWebMaster
2014-02-05, 02:20
FYI...

437 Domains ...
- http://www.malwaredomains.com/?p=3536
February 3rd, 2014 - "Another big update, -437- domains. Sources include: spamhaus.org, malwareurls.joxeankoret.com, nictasoft.com..."

:fear:

AplusWebMaster
2014-02-08, 16:37
FYI...

200+ browserlock/ransomware domains added
- http://www.malwaredomains.com/?p=3540
February 6th, 2014 - "Added over 400 domains in total… Over 200 were associated with browserlock, ransomware, browlock, etc..."

:fear::fear:

AplusWebMaster
2014-02-11, 14:15
FYI...

ransonware, malicious js, linkup domains
- http://www.malwaredomains.com/?p=3543
February 10th, 2014 - "Huge update of over -550- domains associated with linkup, iframes, malicious javascript, ransonware, etc. Sources include malwaredomainlist.com, totalhash.com, labs.sucuri.net, malwr.com, joxeankoret.com and others..."

:fear::fear:

AplusWebMaster
2014-02-15, 18:43
FYI...

341 new domains (cryptolocker, asprox, carto, jackPOS, etc)
- http://www.malwaredomains.com/?p=3545
February 13th, 2014 - "Added -341- new domains (cryptolocker, asprox, carto, jackPOS, etc). While some of the domains and C&C servers may have been taken down or sinkholed, adding these domains to your internal DNS server resolving to your own web server will help you identify which of your clients are infected on your local network. Sources include blog.dynamoo.com, community.emc.com, malwareurls.joxeankoret.com, rebsnippets.blogspot.com..."

:fear::fear:

AplusWebMaster
2014-02-17, 17:01
FYI...

341 New Domains…
- http://www.malwaredomains.com/?p=3549
February 17th, 2014 - "Added -341- new domains. Please update your blocklist..."

:fear::fear:

AplusWebMaster
2014-02-21, 06:42
FYI...

ru8080, Neutrino, Malvertising, AnglerEK domains
- http://www.malwaredomains.com/?p=3551
February 20th, 2014 - "Added -294- domains (malspam, malvertising, Angler Exploit Kit, ru 8080, etc) domains on 2/17 and 2/19. Sources include app.webinspector.com, blog.dynamoo.com, webroot.com..."

:fear::fear:

AplusWebMaster
2014-03-01, 06:04
FYI...

Botnet spam, Zeus, BHEK, iframes…
- http://www.malwaredomains.com/?p=3557
February 27th, 2014 - "Added 200 domains on 2/22 and 2/24 associated with Black Hole Exploit Kit, Botnet Spam, malicious iframes, etc..."

:fear:

AplusWebMaster
2014-03-17, 03:08
FYI...

March Updates
- http://www.malwaredomains.com/?p=3559
March 16th, 2014
March 2 – 86 domains
March 5 – 65 domains
March 9 – 400 domains
March 15 - 195 domains
March 16 – delisted 5206 domains...

:fear:

AplusWebMaster
2014-04-14, 12:03
FYI...

MDB Updates ...
- http://www.malwaredomains.com/?p=3567
April 13th, 2014 - "Been a little behind on posting updates due to HeartBleed. There have been several updates this week (4/11 & 4/13), please updates your blocklists..."

:fear:

AplusWebMaster
2014-04-25, 06:28
FYI...

April updates ...
- http://www.malwaredomains.com/?p=3570
April 23rd, 2014
4/16 = 232 domains
4/20 = 155 domains
4/22 = 301 domains

:fear:

AplusWebMaster
2014-04-30, 12:46
FYI...

Darkcomet, Poisonivy, DGA domains…
- http://www.malwaredomains.com/?p=3572
April 29th, 2014 - "Added over -700- domains associated with njrat, darkcomet, poisonivy, fake flash installers, and other badness. Sources include gist.github.com/jedisct1, malwareconfig.com, dynamoo.com ..."

:fear::fear:

AplusWebMaster
2014-05-11, 15:49
FYI...

May Updates
- http://www.malwaredomains.com/?p=3575
May 11th, 2014
"5/2 – almost 400 domains
5/8 – 247 domains ..."

:fear:

AplusWebMaster
2014-05-15, 08:19
FYI...

Fake flash, botnet, malspam domains
- http://www.malwaredomains.com/?p=3577
May 14th, 2014 - "Added 247 domains associated with malicious spam, fake flash, botnets. Sources include google.com/safebrowsing, zeustracker.abuse.ch, spamhaus.org and others..."
___

malspam, zeus, botnet domains…
- http://www.malwaredomains.com/?p=3581
May 15th, 2014 - "Added 179 domains (malspam, zeus, botnet,poisonivy, etc). Sources include malwareconfig.com, blog.dynamoo.com and others..."

:fear:

AplusWebMaster
2014-05-23, 10:10
FYI...

260 domains added (poisonivy, darkcomet, cryptolocker, etc)
- http://www.malwaredomains.com/?p=3584
May 20th, 2014 - "Added 260 domains sourced from blog.dynamoo.com, www.spamhaus.org, malwareconfig.com..."

:fear:

AplusWebMaster
2014-05-26, 19:34
FYI...

Big Update – 486 domains
- http://www.malwaredomains.com/?p=3588
May 24th, 2014 - "Added -486- domains (darkcomet, poisonivy, njrat, etc) sourced from sophos.com, mwsl.org.cn, malwareconfig.com and others.."

:fear::fear:

AplusWebMaster
2014-06-07, 12:32
FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3591
June 6th, 2014
5-30 – 335 domains
6-3 - 168 domains
6-6 – 610 domains
___

mirror1 maintenace
- http://www.malwaredomains.com/?p=3594
June 8th, 2014 - "Update: maintenance is completed."
"Maintenance is being performed on mirror1. It may be sporadically offline or out-of-sync with the other mirrors. We anticipate mirror1 will be fully up-and-running this evening."
___

Almost 4000 domains delisted
- http://www.malwaredomains.com/?p=3598
June 8th, 2014 - "Almost 4000 domains have been delisted – please update your blocklists"

:fear:

AplusWebMaster
2014-06-15, 15:31
FYI...

cryptolocker, cryptowall, putter panda, nuclear domains
- http://www.malwaredomains.com/?p=3606
June 13th, 2014 - "Added over 200 domains associated with Nuclear EK. Putter Panda, Cryptolocker, Cryptowall… Sources include blogs.cisco.com, gist.github.com, crowdstrike.com..."

:fear: :spider:

AplusWebMaster
2014-06-19, 11:51
FYI...

237 domains added
- http://www.malwaredomains.com/?p=3609
June 17th, 2014 - "Added 237 domains from vrt-blog.snort.org, labs.sucuri.net, gist.github.com and others..."

:fear:

AplusWebMaster
2014-06-23, 16:21
FYI...

270 Domains (Etumbot, phishing, tds, fragus, redkit)
- http://www.malwaredomains.com/?p=3612
June 23rd, 2014 - "Added 161 domains on 6/18 and 106 domains on 6/22. Sources include app.webinspector.com, arbornetworks.com, safebrowsing.google.com amd others..."

:fear:

AplusWebMaster
2014-07-04, 18:22
FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3617
July 1st, 2014 - "Added 295 domains on 6/24 and 320 domains on 6/27. Please update your blocklists..."
___

mirror2 down for maintenance
- http://www.malwaredomains.com/?p=3624
July 5th, 2014 - "mirror2 is down for maintenance. Please use one of our other mirrors..."

:fear::fear:

AplusWebMaster
2014-07-06, 16:37
FYI...

6445 domains removed
- http://www.malwaredomains.com/?p=3626
July 6th, 2014 - "List recertification – 6445 domains removed (this may be why some of the files were out-of-sync). Please update your blocklists..."

:fear:

AplusWebMaster
2014-07-13, 16:51
FYI...

Recent Updates: smokeloader, shylock domains added
- http://www.malwaredomains.com/?p=3629
July 13th, 2014
7/09 – 441 domains added
7/12 – 226 domains added
Sources include mwsl.org.cn, malwareurls.joxeankoret.com, gist.github.com/jedisct1, stopmalvertising.com and others...

:fear:

AplusWebMaster
2014-07-22, 14:33
FYI...

This week’s updates
- http://www.malwaredomains.com/?p=3632
July 21st, 2014 - "Added about -500- domains (malvertising, fake virus alerts and other maliciousness). Sources include mwsl.org.cn, safebrowsing.clients.google.com, app.webinspector.com and others..."

:fear::fear:

AplusWebMaster
2014-07-29, 13:03
FYI...

malvertising, fiesta, magnitude, zegost domains
- http://www.malwaredomains.com/?p=3639
July 28th, 2014 - "Added domains associated with Rig EK, Fiesta EK, zegost.b, Nuclear EK, malvertising, and other badness. Sources: malware-traffic-analysis.net, isc.sans.org, google.com/safebrowsing, sitecheck.sucuri.net and others..."

:fear::fear:

AplusWebMaster
2014-08-24, 12:51
FYI...

3500 Domains Removed
- http://www.malwaredomains.com/?p=3642
August 23rd, 2014 - "3500 domains have been removed. Please update your files."

:fear:

AplusWebMaster
2014-08-27, 11:29
FYI...

160 New Domains
- http://www.malwaredomains.com/?p=3644
August 25th, 2014 - "Added 160 new domains flagged as malicious from mwsl.org.cn, yandex.com, and safebrowsing.clients.google.com..."

:fear:

AplusWebMaster
2014-08-31, 13:50
FYI...

MDB updates - 8/26, 8/30
- http://www.malwaredomains.com/?p=3647
August 30th, 2014
8/26 – 383 domains
8/30 – 239 domains (including backoff domains)

:fear:

AplusWebMaster
2014-09-09, 16:38
FYI...

MDB - Recent Updates
- http://www.malwaredomains.com/?p=3650
September 8th, 2014
9/3 – 170 domains
9/6 – 412 domains
Please update your blocklists...

:fear:

AplusWebMaster
2014-09-15, 04:29
FYI...

9/8 and 9/12 Updates
- http://www.malwaredomains.com/?p=3655
September 13th, 2014 - "Added -258- domains on 9/8 and -348- on 9/12 (malvertising, zeus, phishing etc). Sources include mwsl.org.cn, blog.dynamoo.com and others..."

:fear::fear:

AplusWebMaster
2014-09-22, 13:00
FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3659
September 20th, 2014 - "Added domains on 9/15 and 9/19 from blog.malwarebytes.org, safebrowsing.google.com, app.webinspector.com and others..."

:fear:

AplusWebMaster
2014-09-24, 14:21
FYI...

249 domains (goz, luxnet, poisonivy, blackshades) added
- http://www.malwaredomains.com/?p=3661
September 23rd, 2014 - "Added -249- domains (goz, luxnet, poisonivy, blackshades, etc) added. Sources include osint.bambenekconsulting.com, mwsl.org.cn, malwareconfig.com and others..."

:fear:

AplusWebMaster
2014-09-27, 04:15
FYI...

Huge Update – 1789 Domains
- http://www.malwaredomains.com/?p=3663
September 25th, 2014 - "... -1789- domains were added two days ago. Sources: www.spamhaus.org, safebrowsing.google.com, osint.bambenekconsulting.com..."

:fear:

AplusWebMaster
2014-10-05, 09:23
FYI...

This weeks updates
- http://www.malwaredomains.com/?p=3665
October 4th, 2014 - "9/27 –221- Domains, 10/3 –120- Domains. Sources include: malware-traffic-analysis.net, mwsl.org.cn, feodotracker.abuse.ch, cybercrime-tracker.net..."

:fear:

AplusWebMaster
2014-10-13, 17:40
FYI...

Site Delistings
- http://www.malwaredomains.com/?p=3667
October 10th, 2014 - "... too many false positives and we’ve rolled back the last update. Please update your blocklists ASAP..."

:fear:

AplusWebMaster
2014-10-19, 07:16
FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3670
October 17th, 2014
10/13 – 64 domains
10/14 – 195 domains
10/17 – 187 domains
Sources: malwareurls.joxeankoret.com, blog.dynamoo.com, spamhaus.org, app.webinspector.com, cybercrime-tracker.net and others ...

:fear: :mad:

AplusWebMaster
2014-10-22, 15:36
FYI...

384 New Domains
- http://www.malwaredomains.com/?p=3673
October 20th, 2014 - "Added -384- domains from safebrowsing.clients.google.com, osint.bambenekconsulting.com, sandbox.1d4.us, cybertracker.malwarehunterteam.com and others..."

- http://mirror1.malwaredomains.com/files/

:fear:

AplusWebMaster
2014-10-26, 11:30
FYI...

10/23 update: 422 Domains
- http://www.malwaredomains.com/?p=3675
October 24th, 2014 - "Added 422 domains from mwsl.org.cn, pwnedlist, sophos.com and others..."

:fear:

AplusWebMaster
2014-10-28, 02:03
FYI...

Another Big Update: 502 Domains
- http://www.malwaredomains.com/?p=3677
October 26th, 2014 - "Added 502 domains from pwnedlist, nictasoft.com, virustotal.com and others..."

:fear:

AplusWebMaster
2014-10-30, 10:42
FYI...

313 New domains added
- http://www.malwaredomains.com/?p=3683
October 28th, 2014 - "Added 313 domains from mwsl.org.cn, spamhaus.org and others..."

:fear:

AplusWebMaster
2014-10-30, 23:25
FYI...

False Positive removed
- http://www.malwaredomains.com/?p=3687
October 30th, 2014 - "Please update your blocklist, we’ve corrected and removed a false positive (netflix)..."

- http://mirror1.malwaredomains.com/files/

:fear::fear:

AplusWebMaster
2014-11-02, 09:16
FYI...

Recent Updates – almost 1000 domains added
- http://www.malwaredomains.com/?p=3692
November 1st, 2014
10/29 – 650 domains added
10/31 – 359 domains added
Sources: spamhaus.org, blog.malwarebytes.org, pwc.blogs.com, malwareurls.joxeankoret.com., mwsl.org and others...

- http://mirror1.malwaredomains.com/files/

:fear::fear:

AplusWebMaster
2014-11-04, 15:07
FYI...

tinba, zeus, goz domains added
- http://www.malwaredomains.com/?p=3694
November 3rd, 2014 - "Added 104 domains (tinba, goz, etc) from zeustracker, trendmicro, bambenekconsulting and others..."

- http://mirror1.malwaredomains.com/files/

:fear::fear:

AplusWebMaster
2014-11-07, 14:38
FYI...

rogue pharmacy, fake support and other malicious domains
- http://www.malwaredomains.com/?p=3696
November 5th, 2014 - "Added -133- domains (fake support pages, fake pharmacy pages, malware) from spam404.com, safeweb.norton.com, hosts-file.net and others..."

- http://mirror1.malwaredomains.com/files/

:fear:

AplusWebMaster
2014-11-08, 16:25
FYI...

359 New Domains
- http://www.malwaredomains.com/?p=3698
November 6th, 2014 - "Added 359 new malicious domains. Sources: mwsl.org.cn, malwareurls.joxeankoret.com..."

- http://mirror1.malwaredomains.com/files/
8-Nov-2014 01:09

:fear:

AplusWebMaster
2014-11-10, 05:16
FYI...

CritX, rovnix, GOZ, wirelurker domains
- http://www.malwaredomains.com/?p=3705
November 9th, 2014 - "Added 119 domains associated with WireLurker, GOZ, CritX, Rovnix and others. Sources include malwareurls.joxeankoret.com, blog.malwarebytes.org, paloaltonetworks.com..."

- http://mirror1.malwaredomains.com/files/
9-Nov-2014 16:26

:fear:

AplusWebMaster
2014-11-12, 10:27
FYI...

181 new domains – njrat, fake jobs, malspam
- http://www.malwaredomains.com/?p=3707
Nov 10, 2014 - "Added -181- domains associated with fake jobs, malicious spam, njrat, and other badness. Sources: cybertracker.malwarehunterteam.com, malwareurls.joxeankoret.com, threatglass.com and others..."
___

One Million Conficker DGA Domains …
- http://www.malwaredomains.com/?p=3709
Nov 12, 2014 - "We know Conficker/Downadup is years old, but the sad truth is that many organizations still have machines vulnerable to Conficker. We’ve uploaded Conficker/Downadup A-B-C-D DGA domains for November 2014… Over a million of them(!), called conficker_201411xx.zip (Zip file format only). These domains are NOT added any master list. The files are NOT “set it and forget it”… They need to be cleaned up a bit (for example, of any comments). As with any of our lists, use at your own risk (in this case, especially the risk of false positives or blowing up your DNS server). Sources:
- http://net.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
- https://www.alienvault.com/open-threat-exchange/blog/detecting-malware-domains-by-syntax-heuristics ..."

- http://mirror1.malwaredomains.com/files/
11-Nov-2014 17:15

Conficker Online Check: http://four.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/

:fear:

AplusWebMaster
2014-11-16, 07:49
FYI...

485 New Domains (darkhotel, kins, angler, njRat, H-worm)
- http://www.malwaredomains.com/?p=3719
Nov 15th, 2014
Update 11/10 – 162 New Domains
Update 11/14 – 323 New Domains
darkhotel, kins, angler, njRat, H-worm, fake flash
Sources: threatglass.com, mwsl.org.cn, malwarehunterteam.com...

- http://mirror1.malwaredomains.com/files/
___

Huge Update: 1108 Domains
- http://www.malwaredomains.com/?p=3722
Nov 16, 2014 - "This week’s “haul” was a total of 1412 domains.
Last night, we added angler, fiesta, kein, simda, zeus and other types of badness you don’t want visiting your computer or corporate network.
1108 domains... added from pwnedlist, joxeankoret, zeustracker, threatexpert and others..."

:fear:

AplusWebMaster
2014-11-23, 15:44
FYI...

915 new malicious domains
- http://www.malwaredomains.com/?p=3726
Nov 20, 2014 - "Added 915 domains (zeus, cryptorbit, atrax and other malicious domains), including some onion domains from emergingthreats, virustotal, virustracker.info and other sources..."

> http://mirror1.malwaredomains.com/files/

650 Domains added, 2184 for the week
- http://www.malwaredomains.com/?p=3729
Nov 23, 2014 - "Weekly total: 2184 domains added. 650 of them were added yesterday (onionduke, cryptolocker, and other potentially harmful and malicious domains you don’t want your browser visiting or your systems querying). Sources: pwnedlist, threatglass.com, sensorstechforum.com and others..."

:fear::fear:

AplusWebMaster
2014-11-26, 17:22
FYI...

826 New Domains
- http://www.malwaredomains.com/?p=3731
Nov 24, 2014 - "Added -826- New Domains from labs.sucuri.net. zeustracker, pwnedlist and others..."


:fear::fear: