Skip to content

Latest commit

 

History

History
68 lines (58 loc) · 2.02 KB

Malware.md

File metadata and controls

68 lines (58 loc) · 2.02 KB

Malware Domains

The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

Malware

Malware and spyware blocklist.

Domain Name

  • Website
  • http://www.malwaredomains.com/
  • Source
  • http://mirror2.malwaredomains.com/files/domains.txt
  • Data
  • Domain Name
  • Format
  • Text
  • API/Token
  • None
  • Status
  • Ok
  • Comments
  • No comment
Sample Output of IntelMQ
{
  "classification": {
    "type": "malware"
  },
  "event_description": {
    "text": "phishing"
  },
  "source": {
    "fqdn": "amazon.co.uk.security-check.ga"
  },
  "time": {
    "source": "2016-05-27T00:00:00+00:00",
    "observation": "2016-07-07T13:30:14+00:00"
  },
  "raw": "CQlhbWF6b24uY28udWsuc2VjdXJpdHktY2hlY2suZ2EJcGhpc2hpbmcJb3BlbnBoaXNoLmNvbQkyMDE2MDUyNwkyMDE2MDEwOA==",
  "feed": {
    "url": "http://mirror2.malwaredomains.com/files/domains.txt",
    "accuracy": 100.0,
    "name": "MalwareDomains"
  }
}

There's only Domain information in in http://mirror2.malwaredomains.com/files/domains.txt. It looks like:

##  if you do not accept these terms, then do not use this information.
##  for noncommercial use only. using this information indicates you agree to be bound by these terms.
##  nextvalidation  domain  type    original_reference-why_it_was_listed
##  notice  notice  duplication is not permitted  #=comment
        amazon.co.uk.security-check.ga  phishing    openphish.com   20160527    20160108
        autosegurancabrasil.com phishing    openphish.com   20160527    20160108
        christianmensfellowshipsoftball.org phishing    openphish.com   20160527    20160108
        dadossolicitado-antendimento.sad879.mobi    phishing    openphish.com   20160527    20160108
        hitnrun.com.my  phishing    openphish.com   20160527    20160108