http://mirror1.malwaredomains.com/files/domains.txt
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
Malware Domains feeds provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. (It’s OK to use this list on an internal DNS server for which you are not charging).
Listing of domains that are known to be used to propagate malware and spyware
The Malware Domain feed API is found on github at
https://github.com/dnif/enrich-malwaredomains
- ACCESS DNIF CONTAINER VIA SSH : Click To Know How
$cd /dnif/CnxxxxxxxxxxxxV8/enrichment_plugins/
git clone https://github.com/dnif/enrich-malwaredomains.git malwaredomains
| Fields | Description |
|---|---|
| EvtType | An Domain |
| EvtName | The IOC |
| IntelRef | Feed Name |
| IntelRefURL | Feed URL |
| ThreatType | DNIF Feed Identification Name |
An example of API feed output
{'EvtType': 'DOMAIN',
'EvtName': 'ybobvntcrub.pw',
'AddFields':{
'IntelRefURL': ['spamhaus.org'],
'ThreatType': ['botnet'],
'IntelRef': ['MALWAREDOMAINS']}}