https://github.com/stamparm/blackbook

Blackbook of malware domains
https://github.com/stamparm/blackbook

domains intrusion-detection malware-detection network-forensics network-monitoring security threats

Last synced: 5 months ago
JSON representation

Blackbook of malware domains

• Host: GitHub
• URL: https://github.com/stamparm/blackbook
• Owner: stamparm
• Created: 2018-10-29T14:26:35.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2025-06-12T18:43:24.000Z (about 1 year ago)
• Last Synced: 2025-06-28T12:45:45.112Z (12 months ago)
• Topics: domains, intrusion-detection, malware-detection, network-forensics, network-monitoring, security, threats
• Homepage:
• Size: 3.42 MB
• Stars: 255
• Watchers: 16
• Forks: 44
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
![Logo](https://i.imgur.com/Nji9ubM.jpg)

[![License](https://img.shields.io/badge/license-Public_domain-red.svg)](https://wiki.creativecommons.org/wiki/Public_domain)

**blackbook** is a historical (black)list of malicious domains created as part of the periodic automated heuristic check (i.e. WHOIS, HTTP, etc.) of newly reported entries from public lists of malicious URLs (currently [CyberCrime](https://cybercrime-tracker.net/), [URLhaus](https://urlhaus.abuse.ch/), [ScumBots](https://twitter.com/scumbots), [Benkow](http://benkow.cc/passwords.php) and [ViriBack](http://tracker.viriback.com/)). Main goal is listing those that are/were malware **dedicated** (e.g. C&C) - thus, excluding compromised sites. It is supposed to be used for detection of malware beaconing infected clients by inspection of associated DNS traffic, with significant reduce of false-positives.

![Example](https://i.imgur.com/FN8r3um.png)

Up-to-date detailed CSV list of domains can be found [here](blackbook.csv), while the raw TXT version can be found [here](https://raw.githubusercontent.com/stamparm/blackbook/master/blackbook.txt).