SpyEye Tracker provides blocklists which can be used to identify infected hosts in your network or block access to SpyEye Command&Control servers which are known to SpyEye Tracker. The SpyEye blocklist is available in different formats. The blocklist is generated as soon as you hit the 'download' link. Please be sure that you don't query the blocklist more than once every 5 minutes. If you reach the limit your IP address will be automatically blocked for 24 hours.
The SpyEye domain blocklist contains all domains which are currently being tracked on SpyEye Tracker. The blocklist contains domains which are currently online aswell as all domains which are offline at this time. You can use this list to block the access to the listed domains on your web proxy, your firewall or even on your DNS server. Just click on the link below to generate an up-to-date blocklist in text-format:
The SpyEye IP blocklist contains all ip addresses (IPv4) which are currently being tracked on the SpyEye Tracker. Please note that this lists also contains all A records of all SpyEye domains tracked in SpyEye Tracker. You can use this list to block the access to the listed ip addresses on your web proxy, your firewall or even on your DNS server. Just click on the link below to generate an up-to-date blocklist in text-format:
The IP blocklist for Squid includes all SpyEye IPs and domain names. Please note that this blocklist does not contain the A records of the SpyEye domains tracked by SpyEye tracker. The blocklist is a text file in the Squid format and can be used to block well known SpyEye C&Cs using Squid Webproxy:
The IP blocklist for iptables includes all SpyEye IPs. Please note that this lists also contains all A records of all SpyEye domains tracked in SpyEye Tracker. The blocklist is a bash script which will add a DROP rule to your iptables to drop traffic from well known SpyEye C&Cs:
The domain blocklist for Windows includes all SpyEye domains. The blocklist is a text file in the Windows Host-file format which points the SpyEye domains to localhost (127.0.0.1):
The combined blocklist for unix can by copied to /etc/hosts.deny to block bad traffic from and to malicious SpyEye C&C servers:
You can also download the general blocklists (domain + ip blocklist) via HTTP using the links below.