SpyEye Tracker :: Blocklist

SpyEye Tracker provides blocklists which can be used to identify infected hosts in your network or block access to SpyEye Command&Control servers which are known to SpyEye Tracker. The SpyEye blocklist is available in different formats. The blocklist is generated as soon as you hit the 'download' link. Please be sure that you don't query the blocklist more than once every 5 minutes. If you reach the limit your IP address will be automatically blocked for 24 hours.

General Blocklists

SpyEye domain blocklist

The SpyEye domain blocklist contains all domains which are currently being tracked on SpyEye Tracker. The blocklist contains domains which are currently online aswell as all domains which are offline at this time. You can use this list to block the access to the listed domains on your web proxy, your firewall or even on your DNS server. Just click on the link below to generate an up-to-date blocklist in text-format:

download download SpyEye domain blocklist

SpyEye IP blocklist

The SpyEye IP blocklist contains all ip addresses (IPv4) which are currently being tracked on the SpyEye Tracker. Please note that this lists also contains all A records of all SpyEye domains tracked in SpyEye Tracker. You can use this list to block the access to the listed ip addresses on your web proxy, your firewall or even on your DNS server. Just click on the link below to generate an up-to-date blocklist in text-format:

download download SpyEye IP blocklist

Special Blocklists

SpyEye combined blocklist for Squid

The IP blocklist for Squid includes all SpyEye IPs and domain names. Please note that this blocklist does not contain the A records of the SpyEye domains tracked by SpyEye tracker. The blocklist is a text file in the Squid format and can be used to block well known SpyEye C&Cs using Squid Webproxy:

download download SpyEye combined blocklist for Squid

SpyEye IP blocklist for iptables

The IP blocklist for iptables includes all SpyEye IPs. Please note that this lists also contains all A records of all SpyEye domains tracked in SpyEye Tracker. The blocklist is a bash script which will add a DROP rule to your iptables to drop traffic from well known SpyEye C&Cs:

download download SpyEye IP blocklist for iptables

SpyEye domain blocklist for Windows (Hosts-File)

The domain blocklist for Windows includes all SpyEye domains. The blocklist is a text file in the Windows Host-file format which points the SpyEye domains to localhost (127.0.0.1):

download download SpyEye domain blocklist for Windows

SpyEye combined blocklist for unix (hosts.deny)

The combined blocklist for unix can by copied to /etc/hosts.deny to block bad traffic from and to malicious SpyEye C&C servers:

download download SpyEye combined blocklist for Unix (Hosts.deny)

Non-SSL Blocklists

You can also download the general blocklists (domain + ip blocklist) via HTTP using the links below.

download download SpyEye domain blocklist via HTTP

download download SpyEye IP blocklist via HTTP