Anti-Bot protects you from visiting bot spreading websites

Martin Brinkmann
Jan 28, 2013
Updated • Mar 11, 2013
Software, Windows software

Depending on the web browser you use, its version, settings, extensions and plugins installed, it is sometimes enough to visit  a website to become a victim of a successful malware attack.  There are a couple of things that you can do to protect your system and yourself, including making sure that everything is always up to date and that you have at least one security suite installed on your system that may catch the attack before it is executed successfully.

Mirage Anti-Bot is a free program for the Windows operating system that will add a blacklist of websites, domains and IP addresses to the Windows hosts file to block connection attempts to these sites automatically when they occur.

The program uses information provided by which maintains a database of known malware related websites. It should be clear that the protection is not 100% as the list does not contain all known or future malware domains and sites yet. It does however take care of popular sites used to spread malware.

If you are using a service to automatically blacklist sites using the hosts file, you may want to check if is already included. If that is the cause, there is not really a need to run Anti-Bot in addition to the other program. If you do not use any program yet, Anti-Bot may be a good start.

mirage anti-bot screenshot

To add information to the hosts file install Anti-Bot on your system, run it with administrative privileges - and not after installation using the check box - and click on the update button to download the latest site list and update the hosts file with it.

Note: Security software may block Anti-Bot from adding the information to the hosts file. This is for instance the case when you run Bitdefender Internet Security 2013 on your system which blocks any attempt of the program to manipulate the hosts file. The only option here is to disable Bitdefender's protection for the time being, run the program, update the hosts file, and enable the protection again once the process has been completed.

You can check if the hosts file has been edited by opening C:\Windows\System32\drivers\etc\hosts in a plain text editor such as Notepad. All domains are redirected to

You can exit the program afterwards as it is only needed to update the hosts file. You may want to run it regularly though to work with the latest data set.

I recommend you enable the logging of connection attempts to sites that are automatically blocked in the program settings.


If your resident anti-malware solution does not block bot-related websites then you may want to use the program to add protection to it using your system's hosts file and the block list. While it won't keep everything out, it includes many popular attack domains.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Patrick said on January 31, 2013 at 12:08 am

    @Transcontinental, I updated to the Beta version and have no problem now!!!
    Panama Patrick

  2. Transcontinental said on January 29, 2013 at 11:08 pm

    Anti-Bot also protects from the Palevo C&C Domains and, while there is also a dedicated page for Palevo Tracker ( ), unfortunately it seems there is no dedicated HOSTS file. All I found was a domain list ( ) which because of its non HOSTS format cannot be downloaded via HostsMan.

    I had to download it apart and add a leading (or or 0) to every line, which is cumbersome even if the list is excessively small (48 entries at this time). I have no idea of the dynamism of this list and, being unable to have it be checked with HostsMan, I’ve set a rule on to alert me if/when the list would change.

  3. Patrick said on January 29, 2013 at 10:15 pm

    @Transcontinental: My Hostman update will not allow any webpages using https: I get an error, when I drop the ‘s’ as http: Hostman accepts that webpage but when downloading the Host file from those locations get error message …failed . failed.
    Any ideas as to why https: is not allowed?

    1. Transcontinental said on January 29, 2013 at 10:57 pm

      Patrick, I have no idea at this time why HostsMan on your system refuses above mentioned https urls. I have both links accepted here.
      When you added those https in HostsMan’s ‘Manage Update Sources’, have you checked the link via ‘Edit…’ and ‘Test Connection/Test’ ? It should work for https and refuse http, bacause the page is https only …

      I’ll think about it. This is odd. If anyone has an idea …

      1. Transcontinental said on January 30, 2013 at 12:36 pm

        @Patrick, maybe is the issue related to HostsMan v3.2.73 ? I am running HostsMan 4.0.88 Beta 9, though the latest beta is HostsMan 4.0.90 Beta 10 (but I dislike latest output).
        HostsMan 4.0.88 Beta 9 is really keen, much faster than v. 3.2.73. I’m not a beta fanatic but moods are made to be trespassed sometimes, here I think is a valid opportunity, IMO.
        Perhaps will the https issue be resolved with 4.88.9 or 4.0.90 Beta 10.

      2. Patrick said on January 29, 2013 at 11:36 pm

        @Transcontinental: I hit the edit button and got the message: a big red X Protocol (:https” not supported.
        I am using HostsMan v3.2.73 (latest stable)
        if I take the ‘s’ out of the https then it passes Edit test but when updating I get the following:
        – SpyEye Tracker blocklist… check failed.

        Strange, anyone can help?

  4. Jim said on January 29, 2013 at 9:49 pm

    I read that having a large hosts file could significantly degrade network performance because the system scans the hosts file during each transaction. Is that true?

    1. Transcontinental said on January 29, 2013 at 11:20 pm

      I’ve been told large HOSTS file issues could occur when the DNS Client service was running. I’ve set this service to disabled 10 years ago and never had to switch it back on. Never understood the pertinence of that service …
      Otherwise, depends what “large” is. I have a 60,000 items’ HOSTS file, but I don’t know how things would run with 10x more. I think that the DNS Client Service closed should prevail in demonstrating that the issue is the port rather than the file size….

  5. Renee said on January 29, 2013 at 6:05 pm

    maybe someone “not so lazy” instruct us how to add to HostsMan those 3 blocklist from (ZeuS, SpyEye, Palevo – which links) and if it is redundant having Malaware domain list .

  6. Transcontinental said on January 29, 2013 at 5:58 pm

    If you’re managing a HOSTS file by yourself and/or use HostsMan as it’s manager application, following links for direct download (works fine in HostsMan’s source ) :

    SpyEye Tracker blocklist :
    ZeuS Tracker blocklist :

    More info for tracking lists :
    SpyEye Tracker :
    ZeuS Tracker :

    1. Martin Brinkmann said on January 29, 2013 at 7:56 pm

      Thanks, great info.

  7. Bill said on January 29, 2013 at 2:35 am

    I quit using HostsMan because of problems but I see Two whole years later, it’s
    finally been updated. Thanks.

  8. jay said on January 28, 2013 at 11:55 pm

    Spybot search and destroy does this too

  9. Morely Dotes said on January 28, 2013 at 8:38 pm

    And for the lazy who want the MVPS hosts file and others as well, Abelhadigital’s Hostsman does great job.

  10. Bill said on January 28, 2013 at 7:33 pm

    For the not-so-lazy:

  11. PixelWizard said on January 28, 2013 at 7:30 pm

    There does not seem to be any way to download the Mirage Anti-Bot software. Can’t get past this page …there’s no download button or link, etc.

    Is it just me? I tried the page in 3 different browsers.

    1. Martin Brinkmann said on January 28, 2013 at 8:17 pm

      I had no issues with the latest version of Firefox after I did enable JavaScript.

      1. PixelWizard said on January 28, 2013 at 8:24 pm

        Oh. Thank you.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.