FYI...

Over 1200 Domains (Bedep, Dyre, Phishing)
- http://www.malwaredomains.com/?p=3875
April 25th, 2015 - "A huge update with -1219- domains added. Many phishing domains from openphish but also some Bedep and Dyre domains (from arbornetworks virustotal) and some flagged by google safebrowsing..."

:fear::fear:

FYI...

598 VBS Trojan, pharma, Andromeda, exploit domains
- http://www.malwaredomains.com/?p=3878
April 27th, 2015 - "Added -598- vbs.trojan.downloader. script.exploit. Andromeda. Pharma Spam domains from dwm.cc, joewein, spamhaus.org and others..."

:fear::fear:

FYI...

Over 630 domains added
- http://www.malwaredomains.com/?p=3885
May 1st, 2015 - "Added over 630 pharma spam, fraud, phishing domains from dynamoo.com, joewein, spamhaus and others..."

:fear::fear:

FYI...

458 Domains Added
- http://www.malwaredomains.com/?p=3887
May 2nd, 2015 - "Added 458 domains reported by google, joewein, openphish and other sources as malicious, fraud, spam or other badness..."

:fear::fear:

FYI...

209 domains added
- http://www.malwaredomains.com/?p=3892
May 8th, 2015 - "209 domains added (pharma spam, phishing, malspam, etc) from openphish, phishtank, spamhaus and others..."

:fear:

FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3894
May 12th, 2015 - "Added -198- domains on 5/8 and 187 domains on 5/11. Sources include joxeankoret, spamhaus, safeweb, and safebrowsing..."

:fear:

FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3896
May 28, 2015
5/15 – 230 Domains
5/21 – 135 Domains
5/25 – 104 Domains

:fear::fear:

FYI...

Recent Updates
- http://www.malwaredomains.com/?p=3902
June 8th, 2015
6/4 – 216 domains
6/7 – 158 domains
"Domains included: cryptowall, njrat, password stealers, andromeda, etc."

:fear::fear:

FYI...

Immortal Malware Domains
- http://www.malwaredomains.com/?p=3909
July 3rd, 2015 - "'Immortal' Malware Domains are those which were identified as malicious anywhere between 90 and 360 days ago, but according to google safebrowsing, are -still- actively involved in badness. Some of these domains have been on the DNS-BH List for YEARS. We also added about 70 new domains to our list of long-lived “immortal” malware domains. The list is up to 4022 entries...
Note: this list is incorporated in the main list..."
- Latest updates: http://mirror1.malwaredomains.com/files/
05-Jul-2015 15:17
___

Recent Updates
- http://www.malwaredomains.com/?p=3911
July 5th, 2015 - "Added 270 Domains on 7/3 and 7/5. Please update your blocklists..."

:fear:

FYI...

Detecting Dynamic DNS Domains in Splunk
- http://www.malwaredomains.com/?p=3914
Aug 8th, 2015 - "From:
- http://blogs.splunk.com/2015/08/04/detecting-dynamic-dns-domains-in-splunk:
'Name a security breach or sample of malware in the last five years and you will come across a fairly common denominator: the malware (or the method of data exfiltration) used a “Dynamic DNS” hostname to connect to the Internet... The use of dynamic DNS providers for -malicious- purposes is extremely wide spread. OpenDNS Security Labs reported that over 56% of subdomains on some DDNS providers were malicious. Similarly, Cisco reported that dynamic DNS linked websites were 19% more likely to be malicious than other websites...'

Please let us know of any Dynamic DNS Domains not on the list and we’ll add them."

:fear::fear:

FYI...

Added 127 new domains
- http://www.malwaredomains.com/?p=3920
August 27th, 2015 - "Added 127 new domains since 08.25.2015."

:fear:

FYI..

Added New Domains 9.11.2015
- http://www.malwaredomains.com/?p=3930
Sep 11th, 2015 - "Added 250 new domains. Please update to the latest list..."

:fear:

FYI...

Added 41 New Domains
- http://www.malwaredomains.com/?p=3932
Sep 14th, 2015 - "Added 41 new domains including some that have been hosting malware or have recently distributed malware to visitors of the sites."
___

Added 123 new domains
- http://www.malwaredomains.com/?p=3934
Sep 15th, 2015 - "Added 123 new domains. Please update to the current list."
___

Added 92 New Domains
- http://www.malwaredomains.com/?p=3936
Sep 16th, 2015 - "92 new domains have been added including phishing domains, attack pages and sites with malicious content."
___

Added 63 New Domains
- http://www.malwaredomains.com/?p=3940
Sep 21st, 2015 - "Added 63 new domains including many phishing scams and malicious sites."

:fear::fear:

FYI...

Added Domains & Fixed Zone File
- http://www.malwaredomains.com/?p=3942
Sep 25th, 2015 - "On 9/24 there were some domains in the spywardomains .zone file that were not loading correctly. A new set of files have been uploaded with the offending domains removed... We have also added -135- new domains since 9/24. We’ve noticed an increase in phishing attacks recently. There have been full campaigns aimed at gaining Facebook account information. We suggest being extra careful when logging onto social media and utilizing of our blacklist to help mitigate these attacks..."

:fear::fear::fear:

FYI...

Added 112 domains - 13 AMEX fake sites
- http://www.malwaredomains.com/?p=3944
Oct 1, 2015 - "Today we added -112- domains. 13 of which are -fake- American Express websites. The info-stealer sites appear to look official:
> http://www.malwaredomains.com/wp-content/uploads/2015/10/AE-Phish.png "

:fear::fear:

FYI...

Apple and PayPal Info-Stealers
- http://www.malwaredomains.com/?p=3949
Oct 6, 2015 - "Since 10/2 we uploaded another -159- domains. We found that some of these domains were targeted specifically at apple and paypal accounts. These domains tried to mask as support pages to recover passwords to a user accounts. In researching these domains, we realized that they were after a lot more than just helping you recover your password. Here’s a screenshot from one of the info-stealer sites:
> http://www.malwaredomains.com/wp-content/uploads/2015/10/phishfriday2.png ..."


:fear::fear:

FYI...

366 new domains ...
- http://www.malwaredomains.com/?p=3956
Oct 13th, 2015 - "We have added -366- new domains to our blacklist since 10/7. We noticed that a majority of these domains are 'fat finger urls'. These urls have slight misspellings of commonly used domains to prey on user errors. When visiting these domains, we would often land on 'default parking pages'. Yet every so often we would get -redirected- to a survey or malicious download. This has led to the conclusion that these domains are trying to avoid detection by redirecting to their default parking pages..."

Latest: http://mirror1.malwaredomains.com/files/
13-Oct-2015 21:22

:fear::fear:

FYI...

340 New Domains
- http://www.malwaredomains.com/?p=3960
Oct 15, 2015 - "Added -340- new domains to the Malware Domains blacklist. We found one site that had multiple folders with resources to create phishing pages for paypal, gmail, and other popular websites..."

Latest: http://mirror1.malwaredomains.com/files/
15-Oct-2015 21:21

:fear::fear:

FYI...

89 Domains Added
- http://www.malwaredomains.com/?p=3962
Oct 16, 2015 - "Added -89- new domains to the blacklist. Some of the domains we saw posed as OS updates that turned out to be phishing pages or malicious downloads..."

Latest: http://mirror1.malwaredomains.com/files/
16-Oct-2015 20:53

:fear:

FYI...

242 Domains Added
- http://www.malwaredomains.com/?p=3964
Oct 19, 2015

Latest: http://mirror1.malwaredomains.com/files/
19-Oct-2015 21:51


:fear:

FYI...

456 malicious domains added
- http://www.malwaredomains.com/?p=3972
Oct 27, 2015 - "We’ve added -456- malicious domains and delisted -77- domains since 10/20..."

Latest: http://mirror1.malwaredomains.com/files/
27-Oct-2015 21:48

:fear::fear:

FYI...

Another Day, Another Malicious Domain
- http://www.malwaredomains.com/?p=3975
Nov 4, 2015 - "We have updated our list once again with another -460- domains since 10/28. Of these domains, we found some that would bring up a webpage alerting of a system crash with a tech support number to call. While these sites were amusing, some of them were -dangerous- as they would try to download software to “fix” your machine. No thanks!"

Latest: http://mirror1.malwaredomains.com/files/
04-Nov-2015 21:40

:fear::fear:

FYI...

New Domains and Ransomware
- http://www.malwaredomains.com/?p=3977
Nov 6, 2015 - "We added -570- new domains to our blacklist since 11/05. We found that a few of these domains would download an .src file and install ransomware onto the machine. Make sure to keep backups of your files just in case you do find yourself fighting ransomware."

:fear::fear:

FYI...

558 Domains Added
- http://www.malwaredomains.com/?p=3979
Nov 10, 2015 - "We’ve added -558- domains to our blacklist since 11/07. We’ve also delisted 109 domains as they have been cleaned of malicious activity..."

:fear::fear:

FYI...

New Domains and a School of Phishing Pages
- http://www.malwaredomains.com/?p=3984
Nov 18, 2015 - "We’ve added 851 domains since 11/10. We’ve also removed 51 domains from our blacklist. We found a compromised site with an index full of phishing pages along with the resources to create other phishing pages as well. Blocking this site not only stops the active phishing pages, but it also give us insight into how these pages are crafted..."

:fear::fear:

FYI...

751 New Domains ...
- http://www.malwaredomains.com/?p=3990
Nov 25, 2015 - "We’ve added -751- domains since 11/19..."

:fear::fear:

FYI...

Added 561 domains...
- http://www.malwaredomains.com/?p=3993
Dec 4, 2015 - "We’ve added -561- domains and removed 19 domains from our list since 11/26. A lot of the domains that we added led to fake virus pages and a few of them downloaded variants of Dridex."

:fear::fear:

FYI...

New Domains and TeslaCrypt
- http://www.malwaredomains.com/?p=3995
Dec 18, 2015 - "We’ve added -1560- domains to our blacklist since 12/5. We also removed 745 domains due to a source shutting down their service. We have verified many of these domains to be clean, yet some of them have -still- come up malicious. In other news, TeslaCrypt has been on the rise recently and we have been able to add multiple domains either hosting or pointing to TelsaCrypt..."

:fear::fear:

FYI...

Incorrectly Blocked Domain
- http://www.malwaredomains.com/?p=4002
Jan 15, 2016 - "We accidentally blocked the site ‘s.ytimg.com’ as part of an AnglerEK indicator. This was in -error- as this site is used by youtube.com to display content properly. As of 15:10 UTC 2016/01/15, this domain has been -removed- from our blacklist..."

> http://mirror1.malwaredomains.com/files/
Currrent...

:fear::fear:

FYI...

Malware Domain Blocklist
- http://www.malwaredomains.com/?p=4009
Apr 25th, 2016 - "... Last week we added 1,604 -new- domains to the list and removed 171. Most were phishing domains, but Dridex and Ransomware were top contenders..."

> http://mirror1.malwaredomains.com/files/
___

50 New Ransomware Domains Added
- http://www.malwaredomains.com/?p=4017
April 28th, 2016 - "We added 50 new Locky ransomware domains to the list today. Please update to the latest list..."

> http://mirror1.malwaredomains.com/files/
28-Apr-2016 21:37

:fear::fear:

FYI...

MDB Updates ...
- http://www.malwaredomains.com/?p=4019
May 4th, 2016 - "Last week we added -457- new domains to the list and removed 9. We saw another wave of Locky ransomware and Dridex over this past week..."

> http://mirror1.malwaredomains.com/files/
Latest 04-May-2016 21:48

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4029
May 10th, 2016 - "This past week we added -1561- domains to the list and removed 6. Once again, a lot of these domains are hosting Locky ransomware..."

Latest: http://mirror1.malwaredomains.com/files/
10-May-2016 22:16

:fear::fear::fear:

FYI...

MDB updated
- http://www.malwaredomains.com/?p=4032
May 18th, 2016 - "Added -1402- domains to the list and removed 1129 this past week. Many of these domains were phishing scams and fake virus pages..."

Latest: http://mirror1.malwaredomains.com/files/
18-May-2016 21:49

:fear::fear:

FYI...

MDB updated - More Ransomware
- http://www.malwaredomains.com/?p=4034
May 27, 2016 - "Last week we added -571- domains to the list and removed 14. We found Locky ransomware and noticed another wave of Cerber ransomware going around. Distribution of the ransomware usually comes through a malicious doc or javascript file which calls out to a compromised domain hosting the ransomware. These malicious attachments are being sent in spam emails..."

Latest: http://mirror1.malwaredomains.com/files/
31-May-2016 21:33

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4037
June 2nd, 2016 - "Last week (5/22-5/28) we added -1852- domains to the list. 336 domains were removed. 223 of these domains were Locky ransomware downloads or C&C servers contacted by Locky ransomware. 155 domains were a part of a Kraken botnet..."

- http://mirror1.malwaredomains.com/files/
Latest: 02-Jun-2016 21:33

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4039
June 7, 2016 - "We have been working to clean our list of outdated and cleaned domains. Last week alone we removed 4461 domains from our list and added -1453- ..."

- http://mirror1.malwaredomains.com/files/
Latest: 10-Jun-2016 22:04

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4045
June 22, 2016 - "Over the past two weeks we added -3196- domains to our list and removed 978. Another wave of locky ransomware has surfaced and some new ransomware variants have also popped up..."

- http://mirror1.malwaredomains.com/files/
Latest: 23-Jun-2016 21:52

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4047
June 29, 2016 - "We’ve added -692- domains to the list over the past week. We have seen new variants of ransomware being distributed and more domains downloading locky. These domains are being added to our list as we find them and as others submit them to us..."

Latest: http://mirror1.malwaredomains.com/files/
29-Jun-2016 17:34

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4049
July 7, 2016 - "Over the past week we’ve added -1532- domains to our list and have removed 2400. There has been an increase in user submissions as well. We have been able to verify many of these submissions and block malicious content because of it. Thanks to everyone who have submitted domains to us..."

Latest: http://mirror1.malwaredomains.com/files/
08-Jul-2016 21:51

:fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4054
July 21, 2016 - "We have added -2260- domains and removed 3761 domains since our last post. Many of these domains are phishing pages and hosting malicious downloads..."

Latest: http://mirror1.malwaredomains.com/files/
21-Jul-2016 21:35

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4056
Aug 2, 2016 - "... We have added another -1425- domains to our list and have removed 1442 domains since our last update. Many thanks to all who are contributing to this list. Together we are able to stop many forms of malware such as ransomware, vawtrak, pony, dridex, and phishing campaigns..."

Latest: http://mirror1.malwaredomains.com/files/
02-Aug-2016 21:53

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4061
Aug 19, 2016 - "Added -2265- domains to our list and removed 5938 since our last update. New -ransomware- variants have been spotted and the domains we found distributing the malware have been blocked..."

Latest: http://mirror1.malwaredomains.com/files/
18-Aug-2016 21:44

:fear::fear:

FYI...

Scam Pages Added to List
- http://www.malwaredomains.com/?p=4064
Aug 26, 2016 - "Hundreds of scam pages were added to our list in today’s update. These pages had a live chat support system (suspected to be run by a chatbot) and would ask the user to call for support in fixing the computer errors. Each of these pages were targeting different operating systems and antivirus programs..."

Latest: http://mirror1.malwaredomains.com/files/
26-Aug-2016 21:38
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions

:fear::fear:

FYI...

More Ransomware Domains Added
- http://www.malwaredomains.com/?p=4066
Sep 8, 2016 - "We’ve added another batch of locky ransomware downloaders to the list. Please update to the latest list from one of our mirrors. Many thanks to the community..."

Latest: http://mirror1.malwaredomains.com/files/
08-Sep-2016 21:42
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4068
Sep 14, 2016 - "Since our stats update from last month, we have added -3711- domains to the list and removed 8104. More Locky and Cerber ransomware has surfaced over the past few days. We will add these domains to our list as we find them and as they are submitted to us..."

Latest: http://mirror1.malwaredomains.com/files/
13-Sep-2016 21:49
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4070
Oct 11, 2016 - "Since last month’s update, we have added -2085- domains to the list. We have also removed 8428 domains from the list. Many of the domains that have been added are a part of ransomware campaigns. If you find a malicious domain, please submit it to us and we will add it to the list."

Latest: http://mirror1.malwaredomains.com/files/
10-Oct-2016 21:34
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4072
Nov 8, 2016 - "Since our last update, we have added -3764- domains to the list and removed 6788. Locky ransomware campaigns ebbed and flowed over the past month. Newer variants of this ransomware have changed file extensions used for encrypted files. Thanks to the community for submitting domains and helping keep the list clean."

Latest: http://mirror1.malwaredomains.com/files/
10-Nov-2016 22:37
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions#type_other

:fear:

FYI...

MDB update - Added Ransomware Domains
- http://www.malwaredomains.com/?p=4074
Nov 22, 2016 - "We added over 100 domains to the list seen distributing ransomware. Please update to the latest list via one of our mirrors. We have also seen an increase in domains submitted by the community. Thanks to everyone who has sent in their findings."

Latest: http://mirror1.malwaredomains.com/files/
22-Nov-2016 21:04
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions#type_other

:fear::fear:

FYI...

MDB update - more Ransomware domains
- http://www.malwaredomains.com/?p=4076
Dec 21, 2016 - "Over the past month we have added -2934- domains to our list and removed 3898. 1140 of these domains contain Locky ransomware payloads. Many of these domains are -compromised- sites hosting the payloads unwittingly. If you are the webmaster of one of these sites, please remove the malicious content and send us an email so we can remove the domain from our list..."

Latest: http://mirror1.malwaredomains.com/files/
03-Jan-2017 23:14
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions#type_other

:fear::fear:

FYI...

Trouble with one of our mirrors
- http://www.malwaredomains.com/?p=4080
Jan 9, 2017 - "mirror1.malwaredomains.com has been unstable over the weekend. GT500.org staff is working to migrate the site (including the mirrors graciously provided for the security community) to a new server. If you’re having trouble fetching BHDNS files, please try another mirror..."

> http://mirror2.malwaredomains.com/files/

> http://mirror4.malwaredomains.com/files/
___

Fixed: http://mirror1.malwaredomains.com/files/
Latest update: 11-Jan-2017 16:02

:fear::fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4084
Feb 6, 2017 - "Our list is currently at 17,534 malicious domains. Thanks to everyone who has submitted domains to our list. If your domain is no longer malicious, please contact us at malwar1edomain3s@gm2ail.c9om for removal (remove all numbers).
Mirror 1 is fully operational again..."
___

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions#type_other

:fear::fear:

FYI...

MDB updates ...
- http://www.malwaredomains.com/?p=4086
Mar 2, 2017 - "We were notified that our justdomains and domains.txt files had some inconsistencies with the domains listed. These domains were either old entires that needed removed or had been removed from one list and not the other...
Our current list is at 19,207 malicious domains. We have seen an increase in user submitted domains over the past month. Thanks to those who have submitted their findings."

Malware Domains - Subscribe in AdblockPlus:
> https://adblockplus.org/en/subscriptions#type_other
___

False positive on login.yahoo.com
- http://www.malwaredomains.com/?p=4082
June 21, 2017 - "On June 19th, a well-known anti-phishing partner listed a URL which was legitimately part of Yahoo, in error. We promptly removed the listing from our own database as soon as we noticed it. We have several automated processes that should have stopped this from happening at all. We’ve updated those processes and are currently reviewing them for further improvements to reduce the likelihood of major false positives of this nature.
Third parties that aggregate and report on our feeds should have already cleared the Yahoo URL, though certain website privacy plugins appear to be using third-party data that hasn’t updated yet. We remain committed to providing a high-integrity data feed, and apologize for any inconvenience caused."

:fear::fear::fear: