Feed

spyeye, pheonix, palevo, blackhole exploit kit domains

Posted on February 13th, 2011 in gumblar,iframes,New Domains,Spyeye,Trojans,zeus by dglosser

Malicious domains associated with blackhole exploit kit, palevo, gumblar, spyeye and other exploits. Sources include honeywhales.com, honeywhales.com, stopmalvertising.com (Every source is always listed in the domains.txt file):

0did .co .cc 1iuhebritur .com
0r9h .co .cc 24thehshsdw .com
1gov .co .cc 3ffhi5uehbg .com
2gov .co .cc 4oihtgfgklnld .com
asfirey .com 5dshhgodhgi .com
autoklad .net 7hrtheg8deg .com
axstat .com 9f348hthgsf .com
banage .ru ajirfqradve .com
bevelli .com antispamverification .com
bgnt .net asfiuweof .co .cc
bki1 .co .cc automaticyaran .com
bki3 .co .cc av-updates .cw .cm
brempinok .com banjalucke-ljepotice .ru
cityjas .info bnet .doesntexist .org
clicklive .info booblegum22 .co .cc
codelive .info browsewriter .in
cupit-dom .com cheburash .ind .in
d1-eniro .com cl-whitelist .com
datayakoz .info clickweekend .info
disdarred .info co-co-co-co .cz .cc
dlm3 .co .cc diveintoaccessibility .org
dlm7 .co .cc facebook-surprise-jnsd .tk
eiub4ugbud .com facebook-surprise-ness .tk
elgeriofey .com findweekend .info
erubf .info foxypredators .com
flylive .info golontsaver1 .com
g-oogl-e .com gotbigbooty .org
gdsg .co .cc gube2qome8 .cz .cc
geodemy .com hotgallerygirls4u .com
goneblast .com hotvalentin .info
h4rthrt .co .cc houseaskme .info
hca-media .com hw9 .hostseguro .com
hotupdate .ru jebena .ananikolic .su
hujn .co .cc kirmayerlaw .com
hushstar .net lolallvolume .com
inkstock .gr makeitmove .com .au
jastrade .info mandoguard4 .com
jpg7 .cz .cc nawidakhgar .com
kaddos .ru nepalembassy .pk
ko6l .co .cc no-email-spam .com
kolhat .pl odemuamodve .com
kotofey .com ohjvnkvodve .com
lmagehost .com parislemarais .com
loanlove .info pcactivitydebugger .com
locodap .co .cc pcprecautionscenter .com
loveloan .info pcprotectionservant .com
magicbed .co .kr pyxovirginia .in
makliop .biz resortsinitaly .com
mixvide .info sagehillweb .com
naga2013 .co .cc satel25nbr .co .cc
naga2014 .co .cc sgtbcollege .org
nero .gol .ge silnopernul .co .cc
onmimay .com starmediainfo .in
pardokkate .com statick-dns .com
pay-clicks .ru storage-reportcenter678 .net
popatube .info storage-spectrgrover677 .net
pornero .info storageistorg-basdan678 .com
prodriver .ru supermovieshow .in
pushot .com swaytindel .com
reflerman .com systemtasksoptimizer .com
sb .uz t43hotorhe .com
seastats .com teamauctions .com
shljapa .com tuqidig5 .co .cc
t6ryt56 .info update-win-soft .ipq .co
trquebec .in urcdw .zavoddebila .com
vwi8 .co .cc v5881 .vozenet .com
vwi9 .co .cc valentincredit .info
web-der .com valentinsource .info
webfamba .in veodejtikkkaa .in
webzadel .in videospartyh .info
wildprize .com virgilguard1 .com
wodied .net vivaxmotos .com
wudcmb .net weekendbest .info
yaholove .info wellcomedowqa .co .cc
yahoone .info xeydvpyxvtacr .in
yakozbuy .info yahodigital .info
yakozwin .info yakozcool .info
youtube .me .uk zanzabaros .com
zxstats .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

gumblar, neosploit, mebroot and other malicious domains

Posted on February 10th, 2011 in exploit,gumblar,New Domains,rogue antivirus,Spyeye,Trojans by dglosser

132 malicious sites and domains to add to your blocklist or malware shunlist. Sources include viralerts.com, securehomenetworks.blogspot.com, safebrowsing.google.com (Every source is always listed in the domains.txt file):

67i56y .co .cc 05584b4eff1eaa28 .com
abcfghfadve .com 37bf278f43c6b010 .com
abcfgqfadve .com 3c386b38174d842c .com
akyoma .com 4033da9724eed79f .com
edgeopia .in 43284729394324324 .com
fajowe .ovh .org 4db3fbcf385b84a7 .com
fnyoga .biz 5831c81cfa6ca6a7 .com
foto-retuse .cz 5dcf361c821fd9f0482504a16ff03351 .net
fotoris .co .kr 633f197ada10ea81 .com
gfgytsygytn .com 764061ff508d4a4c .com
ghgfh65 .co .cc 7c9954a76eeca202 .com
glermitfatr .com 7fd61bb596fa4277 .com
gnci-ict .com 826ccb84c37c7dc1 .com
hag-eng .co .il 87932748973284 .com
homejasm .info 880265094dc14384 .com
homewindowz .net 8f36492f1cbd9183 .com
ifcil .fr 9daa449337f8adeb .com
jasminsite .info 9f7a30252e13d39d .com
jasmwin .info a11cddb7a03a076f .com
jghkqhkjytn .com a709d8c6a44be227 .com
kingsoftus .com aa0131c1c816119d .com
klliker .info abda114debec233b .com
live2cam .ru fashionnails1 .com
loanvideo .info ff-traditions .com
lovecodi .com invincible72 .com
marinada8 .com jasmincredit .info
modulosnovs .com jgw .webspace .heihachi-hosting .net
mp3car .ru kinderfeestjesinfriesland .nl
musicjasm .info kiralikasansorizmir .com
n-able .in kiropraktoren .eu
nakedbi .com krutikservers .com
new-friha .cz .cc mariosflyingpizzaclearlake .com
obckqbkoytn .com marketingjasm .info
ocdqdyqodve .com marketvideo .info
moviezzzonline .com
orleisll .biz myrtesjordao .sites .uol .com .br
oxnard .la nakoncu .superhost .pl
oxxxi .com networkjasmin .info
pakptc .com new-softdriver .tk
pccar .ru newbrandlabel .ru
pixelvideo .info orkut .krovatka .su
pohuy .ws parraxaxa1972 .sites .uol .com .br
qualitysuper .nu reihstagf .ind .in
rhysen .in sakhg34fhelpweb .co .cc
sda2a .ipq .co sandrahyczy .sites .uol .com .br
shoremill .com scdqdyqsytn .com
showkurve .de sghpbepsytn .com
sis-street .com showdevelopment .com
skipolice .in shreeramrealestate .com
thpkmlnuzc .ru smallcap360 .com
topjasm .info smart2group .com
ts-webmail .com tas-seaplane .com
unfortineg .com testdataonline .in
wastedsh .info thetotalmedia .in
wholefiles .in traffic-analytics .net
wwwfulldata .in trustgeobiz .com
xengine .ru tunisianowar .ru
xivee .com turkeyinworld .ru
xload .ipq .co udewpfwuytn .com
zaduheljtw .ru www30 .websamba .com
zaebiz .eu xn--fct5gx28h9gs .tw
zxsoftpromo .ru xxvideogold .co .cc

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

NeoSploit, FastFlux, Zeus, MoneyMule Domains

Posted on February 8th, 2011 in exploit,fastflux,gumblar,iframes,MoneyMule,New Domains,NewSploit,rogue antivirus,zeus by dglosser

Something for everyone…  Neosploit. Gumblar, fastflux, rogue, phoenix, money mule, zeus, and more…

Sources include securehomenetworks.blogspot.com, ddanchev.blogspot.com (Welcome Back), blog.unmaskparasites.com, zeustracker.abuse.ch (Every source is always listed in the domains.txt file)

13grandferi .ru 2cbefb47060e6bc9 .com
329902034111 .com 349832409002394 .com
32gdjfkivcf .co .cc adolftsboyarinove .narod2 .ru
32tsdgseg .co .cc alwayskl2 .dyndns-home .com
4star-solutions .cc antibreakingsystem .com
acoon-groupllc .cc antivirussystem2011corp .com
acoongroup-llc .co arphis-goldgroup .cc
addaxonahacko .info arphisgoldgroup-inc .co
adscomplete .info asassis .sites .uol .com .br
aimic-groupllc .cc b16f0f08c55e9cc5 .com
alice .it b7bb5832b25c7869 .com
amina-groupco .co barracuda-antivirus .com
amina-groupinc .cc c5667d150fe0b41b .com
aminaorg .cc carlosfalavina .sites .uol .com .br
amstelone3 .biz cef1cef16e9471c9 .com
araccldta .net cefd9f37178eb5e4 .com
asystem .sk componentsprotector .com
bbs2 .mapeak .com daniilgrkrutoyzu .narod2 .ru
bonutilite .in dd79e9f502426e84 .com
browndrives .com digitalfilessite .in
browserdl .com diligence-groupinc .cc
buyvideo .info dvdstreamclipsluwl .co .cc
casinojasm .info e395368c52b40e2a .com
checkoutlook .info eder_rogerio .sites .uol .com .br
citygates .biz eef795a4eddaf1e7bd79212acc9dde16 .net
cocoongroup-llc .hk ef0a5ecbf42d83ed .com
consolemato .com elsden-groupinc .hk
curery-best .in engineering-design .org
diligence-group .co escorialescorial .com
dsjkslnew .com evgeniyayaiardankinyae .narod2 .ru
eejewels .co extratopupgrade .ru
englishrescue .com f532f7f478af8e7a .com
espmexusa .ru f598f03740695a8d .com
essalundahl .com facebook-surprise-cvsa .tk
ethesis .org facebook-surprise-cvsd .tk
filegroup-llc .co facebook-surprise-cvsf .tk
filvorks .com facebook-surprise-cvsg .tk
finestplugin .in facebook-surprise-cvsh .tk
firstola .net facebook-surprise-cvsi .tk
freminoust .com facebook-surprise-cvso .tk
gabtijtgytn .com facebook-surprise-cvsp .tk
gharibola .ru facebook-surprise-cvsq .tk
gotoessaved .rr .nu facebook-surprise-cvsr .tk
gotquesaved .rr .nu facebook-surprise-cvss .tk
goturssaved .rr .nu facebook-surprise-cvst .tk
greyzzsecure3 .com facebook-surprise-cvsu .tk
hirodomain .com facebook-surprise-cvsw .tk
im-sysgroup .co facebook-surprise-cvsy .tk
incogroup-usa .co fc03ec727f8861ef .com
kliikers .info fd06366c338dc774 .com
lbm-groupinc .co fe59294ea5f6f07c .com
lbmgroupco .cc feeder .next-time-feed .org
lcd-finance .cc filerestingplace .in
ledurbano .com getdigitalvideo .in
lookasaudio .com gleichfalls-groupinc .co
mallow-group .cc hardpower-holder .rr .nu
mijn-roedel .be hryyyymerwireless .net
minka .com .pe i-compass-group .co
money-visualuk .cc icr01 .appbundler .net
movenestecobra .ru imsystems-group .cc
muffsave9 .com lidiyadmvitinskiyvm .narod2 .ru
mukertvaros .hu lifeinsurancequestions .info
newufuq .com longhui .yhnetwork .cn
ntstats .com mail .privacycop .co .kr
oneboy .ru mallow-groupinc .co
pegasltdunion .cc michaelesgroup-usa .co
peruvianfood .com modulesadvanced .pro .br
psgtech72 .com moneyvisual-llc .co
radiumuk-ltd .cc moonlightw .mireene .com
randomlegend .net ozarkcreationsandantiques .com
rerodvix .info physis-groupllc .cc
safesecurenow .com physisgroup-llc .co
santorini-fin .cc pinfold-groupinc .co
savvyladies .net prazer2008 .sites .uol .com .br
scanavtool .com rajeshwariinfosys .com
snaretrack .biz rameshwartiles .com
stile-groupllc .cc redisco-groupinc .hk
studioingconti .it safe-securitymaster .rr .nu
techadvinc .cc savescan-foryou .rr .nu
traxchexfree .ru scanersolutionse .rr .nu
usgroup-amina .co schneller-groupinc .co
usgroup-reign .co schwartz-brothers .cc
virgilguard10 .com secure-softwaremanager .com
virgilguard2 .com securityguardprep .com
virgilguard3 .com silversun-groupuk .co
virgilguard4 .com silversungroup-inc .cc
virgilguard5 .com simple-network-checker .rr .nu
virgilguard6 .com stepanyggorokhovshchk .narod2 .ru
virgilguard7 .com studyincolorado .com
virgilguard8 .com terminal-service .net
virgilguard9 .com update .ip-ntwk .com
werodvix .info yqaireciye .linkpc .net
wizu .webd .pl

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

179 New Malicious Domains

Posted on February 6th, 2011 in exploit,gumblar,New Domains,rogue antivirus by dglosser

179 new malicious sites associated with gumblar, backdoors, moneymule, rogue security. Sources include securehomenetworks.blogspot.com, blog.unmaskparasites.com,
www.cyber-ta.org (Every source is always listed in the domains.txt file)

4yurin .net 0b95e3b26f61814ccfff14732cf677f0 .info
accuratefiles .com 0f5587ea64f31c07a5c8c4e2d772a9c3 .info
ad-clear .com 20fe6f701bb9958ea8f21b5ed059c8e5 .info
antalyapress .com 2665ca51e64ed43371806fb58d939201 .info
antalyarally .com 2a68e7fae7692079eea9d03e9fdf0c19 .info
aus-finance .cc 2c6fafb275abdbe9ab914749d72c61e4 .info
aus-fininc .cc 39c2624ef781533934fd27b0b2cc537d .info
chargerz1970 .com 3d23e5816b59a22f52e7c7e9c2f0744c .info
chicor23 .com 4bab612b800ae4f788c5a14806f532c8 .info
cores-group .cc 4f2a5f41bf5e31b4701fe34191271e0d .info
couksns .cc 52c9d58f42d3ff15b1581fe7bc71c0cb .info
cushyhost .com 793266ef7c7b5b17429e9b6c689cb979 .info
dc06 .arabsh .com 7f7fb7020e658a93c9e1641cc474acfc .info
dc10 .arabsh .com 85c8e547c1c857d0b0ab9676736c3152 .info
decadnt .com 87d53fbc27630e53a7ca13b7242defb3 .info
detkasupe .co .cc 87f9197b3e6d886b72c1eb2d7af9e5e7 .info
directit .info 8c46a1cf0f8dcc3695862e6fef0fec18 .info
dret1q .cz .cc 8f5eff3f24fbea5a500ba9974779f6e6 .info
eftpsystem .com 98bde9f1137db98765508578349694a2 .info
egrfucgo .co .cc beckmenvineyards .com
elsoplongt .com best-onlysentinel .rr .nu
et-treska .com bredgar-groupllc .cc
farline-fin .co bredgargroup-llc .co
fawgh3 .cz .cc c34caefa7dabc50ce543000f24bce605 .info
filebox .me c48d93ee3ae1a2eadf5ec711616c248c .info
fintec-ltd .cc carport-diagnose .de
fintec-uk .co casinoantalya .com
forexinvest4 .com cesis-groupllc .cc
freshversion .biz cesisgroup-llc .cc
gazuem .co .cc coresgroup-inc .co
goo .gl craft-groupnet .cc
hhk57ryy .co .cc d5403e5622841dd806915a4de67dd9f8 .info
juzmksab .co .cc da9341709e53ad11d84c6284eda86043 .info
koilorio .com dangerousteens .com
lcd-fin .co dca3eeefdd8929d4bdf515a9089dd8f6 .info
liveonair .net descarga-total .com
lulango .com duncroft-group-inc .cc
macrotech-uk .co eac932138dbfdce39966aa07d36b3361 .info
macrotechinc .cc ebde6cc774abc92ea899dac57371454f .info
marfygroup .cc emule-security .net
mkbrothers .com f01cd3f7b4095b172df8ea9551943339 .info
mopar443 .com farline-fininc .cc
moparcars .net fc281189368041da24696fd4e1114cef .info
mypromofile .info fcccd8966e123fe9833b40b08db0ac18 .info
noble-works .net freezdec-ru .1gb .ru
nowtostream .in goodivelensay .org
onedatadirect .in googleantivirusonline12010 .co .cc
pc-privacy .co .kr journey-financial .cc
pixforfree .net monsterbux .ax3 .net
portal .maipu .cl oliver-sonsinc .cc
portalunse .com .ar online-solutionsllc .cc
prestoni .in powersonic .com .br
primobit .com privacyhidden .co .kr
privacyme .co .kr privacykeep .co .kr
productism .com privacyright .co .kr
qoqefa6 .co .cc productionguy .com
quadportal .co .cc productprotection .co .cc
quvvrvvrz .co .cc progi-gamesmail .ucoz .ru
qvwbu .info project-rainbowcrack .com
r32fgsh .co .cc protectinfo .co .kr
radium-group .cc quattropetroli .it
rapidcult .co .cc radiorocks .kiev .ua
rapidname .co .cc rarecontrol .co .cc
realrate .co .cc royalthelmas-group-llc .cc
rightvalue .co .cc safeprivacy .co .kr
ru .brans .pl sandiesangster .org
rxthz .info santorini-finance .co
sacex .net securityboan .co .kr
saiset .org server220 .uppit .com
sakarya-vho .org serviceeffect .co .cc
saldt .info shecanseeyou .info
salesian .net sikodil .si .ohost .de
smartbing .info smartconsultant .co .tz
solutionsltd .cc smartdomain .co .cc
speedklicker .de softwaremini .co .cc
spris .com sonyericsson .lua .pl
spspn .ca strongdomain .co .cc
statkeys .co .cc sunrisepr-groupltd .cc
sxtinc .com sweetpornobabes .com
taboo .za .pl systemusers .co .cc
techadv-inc .cc techouse-group .cc
tenxx .in totallicence .co .cc
ukccons .cc uktech-groupllc .cc
ukgroup-cesis .co varioguarderonline .com
verodvix .info video-girls4you .co .cc
vgomjkug .co .cc videofreeplay .fileave .com
vofcpa .com videos3 .fileave .com
yes-groupllc .cc windowsstar .co .cc
yesgroup-llc .co wormsdestroyer .com
zsitedu .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Big Update: 210 Domains

Posted on February 2nd, 2011 in exploit,gumblar,New Domains by dglosser

Finally finished shoveling outside, here’s a large update of 210 domains associated with artro, gumblar, rbn, torpig and other exploits. Source include www3.malekal.com, securehomenetworks.blogspot.com, honeywhales.com, blog.unmaskparasites.com (Every source is always listed in the domains.txt file):

021bpbj .com 8kweekly4you .com
114bds .com adobe-codec-v01 .xe .cx
333fg444 .ru advancedwebanalytic .com
3qss .co .cc ahe5ha5eh .co .cc
a2ztours .com allbooster .co .cc
aeqoo .info ampamozart .com
analyseco .com analyticgoogle .com
ava1 .cz .cc anmo123456 .com
bval .cz .cc barbersaver7 .com
celhw .info basicgoal .co .cc
cits-yn .com benefits188 .com
cpmu .net bestredirect .co .cc
dd8f .co .cc blatotazx .cz .cc
dfkell .co .cc busypack .co .cc
drmn .co .cc charlie2 .cz .cc
dxuum .info coolfusioncode .in
dxvhv .info coolleader .co .cc
fbbqu .info cpuwork .co .cc
fdfa .co .cc cs-ww .tomsk .ru
ffsua .info cxetyggdemai .oueb .eu
ffusi .info defendercall .co .cc
ftskursk .ru dualplan .co .cc
gaks .cz .cc dvdstreamclipsjips .co .cc
galv .cz .cc eachbell .co .cc
gasdu .info eahre5h .co .cc
gdfbi .net easygoogle .info
gdkegang .com ecit-india .com
gencom .be edirneotokiralama .com
gfkmr .info egrocoffeetr .com
gsmlab .com enginemode .co .cc
gzhqtjk .com ergosoftware .co .cc
gzjkhy .com eriflsaovdvdsa .co .cc
hand-band .ru eyaeyeheh5 .co .cc
htyf .net firyefoqibapir .linkpc .net
hy2yuan .com freeviewbooks .tk
iaogp .info g4ehe5h .co .cc
ideg .ru gameaskme .info
imgj .cz .cc garching .filmonline .biz
imovina .ba ghjhmjggthr .com
incomltd .com govorunlimiteds .info
jhdf .co .cc govorunprojekt .com
jivqg .info guanmingsj .com
johealey .com halifaxshelanu .com
jolk .cz .cc hgshowlife .com
jzion .cn highsierrabassplayer .com
k-shog .com home-loan-broker .co .uk
kairosa .com homequrantutor .com
kanika .ru hotelsatabdi .com
kyosoft .net hugo .blue-tomato .com
l-n-a .co .uk hvsat6 .freehostia .com
lginq .info illuso .hosting .paran .com
lljj .co .cc immo-bulgaria .de
minair .net indochito .biz
mlois .info infoisland .co .kr
mp3-muza .pl infoportal .ax3 .net
mrmix .se internetravel .ru
myxsq .com isan .clubs .chula .ac .th
myyay .info jackrussell .net .pl
nhwod .info jassportfolio .se
nimsaa .com jdownloaderitalia .netsons .org
ntiyj .info jobforjobless .com
oklk .co .cc jstiankai .com
oneindia .biz jwdassociates .com
opgupta .org kadikoyanaokulu .info
plkof .info kamiennaturalny .eu
plnvp .info kathridred .cz .cc
pzzzg .info laintrius .cz .cc
qazvinsms .ir lakas-elado .extra .hu
rg1n .co .cc leadingsystem .co .cc
rncafe .com legaleecher .net
rucvi .info lifebing .info
ruki .cz .cc lxuewei520 .com
scanlabs .ws maverickxz .cz .cc
sdebut .com mcdpoaqmuno .com
sgger .co .cc mechaischool .com
shui8 .info morebeep .co .cc
ss1f .co .cc motor-bike .pl
ss5f .co .cc nimaabedi .webphoto .ir
ss6f .co .cc nissan .n32 .ru
swx0 .co .cc ox .arcade-hq .com
szfcy .net pcconsulting .co .cc
tlijs .info philonlinespace .in
tnda .cz .cc plugininternet .co .cc
tuduvids .com puertoplatarental .com
tv51 .net puppetpalace .nl
tyjkrj .com root .ns1 .minair .net
ujdn .co .cc scanlation .net
vbgom .info shjmcblsthr .com
vdlwr .info shop-lucky .com
vljpi .info storebing .info
vmmit .info superdansoftware .in
w1w2 .co .cc thestartsoftware .in
wgjca .info tialmeida .com
wkhng .info univers-eco .fr
womrb .info vgitservices .co .in
wsx0 .co .cc victimz1 .no-ip .info
xnpcjd .com vspmindia .org
xsw1 .co .cc wantaimica .com
xueday .com wvrlixud .co .cc
ychxfw .com xmas-carnival .com
zhchga .com xmastrade .com
zmfse .info xngh2 .htmi2 .com
zpeure .com yahoocode .info
zrfvd .info yahoolink .info
zzmv .co .cc yahootop .inf

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

iframe, gumblar, rogue and other malicious domains

Posted on January 26th, 2011 in exploit,gumblar,iframes,New Domains,rogue antivirus,Trojans,zeus by dglosser

Malicious domains associated with zeus, rogue security, gumblar and other nastiness. Sources include securehomenetworks.blogspot.com, blog.unmaskparasites.com, www.shadowserver.org (Every source is always listed in the domains.txt file):

5srak .info 08nigbmwk43i01y6 .com
artspirit .us 0vibd7viihxrtpyu .com
bambula .tv 100animalsexvideosfree .net
bbzfc .info 10k1txdk35mt02xx .com
bctjd .info 1ky4owcrh7ziwukm .com
bcwhp .info 1spmt1xfmumz2isf .com
bdc .com .sg 1vvzq5t3kwfiwzmt .com
becoupon .com 1xvodqv3mtxp9dyy .com
bezlic2a .net 2332kxifxiynpznr .com
bjpwn .info 235inmya16h6kiob .com
bluejam .ru 2b20k27wuid0znfi .com
charg12 .in 2kkh3naw5kinmzcw .com
chm0k .info 343 .boolans .com
copewa2 .co .cc 3t98o01vi52i16v1 .com
ctronn .info 3yzfra70yk08b95r .com
dayb .co .cc 4w1ripmfrp4rbp34 .com
djhvb .info 4xszq0f9dwg2oxcp .com
dkaxp .info 53ia49772x7r16ks .com
edzaxo .info 57ne196zfx73884i .com
fermcom .com 5kv6ni27e3iauu9b .com
forele4 .co .cc adsforadsense .co .cc
frllb .info all-invite .org
fsint .info balkanpropertyservices .co .uk
fuqidi9 .co .cc balmoralservices .org
gogless .net basketknife .com
govnjuk .info bearspawbakery .com
hackera .ru bestcablemedia .in
hamds .info bestfilesfree .in
hztbe .info besthome104 .com
idiotlink .net bestsecurity-foru .rr .nu
iwzox .info bigspiderwomen .com
jiutw .info bizzre-free-videonia .co .cc
jiwre .info bud-gjjzx .serveftp .com
kehivi1 .co .cc ccatalunya .com
kkkqqq007 .com chek-pc2010 .co .cc
la2onix .ru crotopmodels .com
lqahh .info daodao123 .info
lqyjv .info datanetsweb .in
nrtsaz .co .cc diendanvinatex .com
nygav .info dieta-doleta .ru
nyiyh .info ehukujykodayre .publicvm .com
ololoshka .org erotismaszaszxxx .sytes .net
oneddos .cz .cc esportydiueiisa .hpg .com .br
otrezc .info expololol1 .com
pgkqy .info facebook-surprise-nhsa .tk
pgmog .info firstpower-checker .com
postsamart .in fletcher9837 .ws
qemevu4 .co .cc fr .update .ip-ntwk .com
redir .ec gazgaped778 .com
rggzs .com goodghtsafe .rr .nu
roogy .info hotdvdmedia .in
rouek .info hqvideoonlinefree .com
site .ru iculemyebomo .linkpc .net
slyflag .ru inohoniokijys .publicvm .com
sokets .in internationalvolunteerdirectory .org
sqof .info interviewbuy .ru
telki-best .ru personal-scan-4u .in
thewalter .net pics170-hosting .redirectme .net
tiweva6 .co .cc pics279-host .redirectme .net
tofdhf .ru povulohezexuw .dyndns-web .com
tpjt .info protechstorage .in
twwwb .info qvrnezubr .co .cc
twyuj .info rantrafrout .com
uaerup .com realemotions .ru
vdjiv .info realporno .bladi .cz .cc
vegkn .info safe-antivirchecker .com
vezmb .info satel12vc .co .cc
winsoft1 .com saud4 .markaz-royal .net
wvx1 .in smartavscanonline .com
xlnyz .info soft-projectsi .rr .nu
xmhce .info sofyaechbutylinyshch .narod2 .ru
xmkam .info stellappkolomiytsevyo .narod2 .ru
xxxmpegu .info supergjgjgjgjgjgjg .com
yaxoso3 .co .cc tigals .ifrance .com
zbanrn .info trueeox-safe .in
zefuta9 .co .cc trustzoneforyou .in
zoneij .com ulitugaeqad .linkpc .net
ztvoy .info us2-network .nocreditcard .com
zulte .info videos85-pics .redirectme .net
zusrq .info zama4y .ebana .ru .preview .ihc .ru
zxekm .info zeroce8 .co .cc

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


gumblar, artro, zeus domains

Posted on January 23rd, 2011 in exploit,fastflux,gumblar,iframes,New Domains,rogue antivirus,zeus by dglosser

Domains associated with gumblar, zeus, drive-by’s, rogues, etc… Sources include viralerts.com, safebrowsing.google.com, blog.unmaskparasites.com (Every source is always listed in the domains.txt file):

0879 .in 0313879956 .kt .io
09cd .co .kr 1websitedesign .net
2312 .in 3010928 .02 .com .tw
3453 .in 3tnoongfed .com
4534 .in adsensestat .com
6452 .in africabusinessintelligence .com
770304123 .cn afrique-solidarite .org
9879 .in alabbascement .com
abda3y .com almadinah-almunawrah .info
aceedan .com altogiro .ind .br
addomains .ru amour-sexo .com
aerocean .in anamaithaperng .com
air-bt .ru anandayogaa .org
aireuregio .de aqua-tectum .hu
al3shaq .com argo-japan .com
am4u .kr automobileandtransport .com
arakasa .com bangsaenpost .com
asly .net belaflex .ind .br
asteam .fr belaruskabel .ru
at1 .it best-clansite .de
binaryweb .com besteshoponline .com
blythe .la bizcardcolor .com
cattww .com booblegum19 .co .cc
chartinfo .net buypartylights .com
cipayroll .com c2cservices .co .in
clickping .org cargoogle .info
d9668 .cz .cc casamango .freehostia .com
de73b .cz .cc clientdatafiles .in
devalex .in coches-online .com
dishicage .net dasad41da4safasdasd21 .biz
erlkvv .net .in datagoogle .info
essoptes .com digitalloadsoftware .in
ewela .co .kr donjanhealth .com
fivecross .in dvdstreamvideosxyd .co .cc
gazacham .ps gclubdiary .com
ggo-team .com ghjpovqgdbs .com
hdcbljevga .ru glasgosurvine .com
hugilis .cz .cc google-analytisc .co .cc
introgagu .com iesnaretrack .biz
iranjoc .com kaisserz-awe .net .in
kz3gq1 .in kjgfdkghkg .co .cc
loveaz .biz mfgjhhimdbs .com
moveit .pt muslimhands .org .sd
mrpc .com .au nextdoorfiles .in
ndcasle .com rezidencia .com
ockonr .com searchdead .org
oddwsw .co .cc searchtasty .org
offscreen .com staticpaper .nl
oiwdd .co .cc stersboy777 .in
pojdue .co .cc trakyareklam .net
ro521 .com triskell-productions .com
sabnorway .com tubamarket .com
sdlls .ru tube-heaven .co .cc
srmvx .com .br urlprotect .co .cc
t3onyghop .com uzunkopru .org
unexpo .org vallyofwonder .com
vodbd .org verificaresite .lx .ro
wantedh2o .at visitorseerdt .co .cc
weblam .net voozioapple .in
webteste .com weightsoft .in
wid .com .pl workuscnm .cafe24 .com
wunubigs .com xenoncenter .com
xomcui .com yusungtech .co .kr
yanagi .co .kr zubaidas .com .pk
zanfo .it zuiddorpe .net

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Gumblar Domains

Posted on September 12th, 2010 in Domain News,gumblar by dglosser

Unmask Parasites has  updated their list of Gumblar Zombie URLs. We’ve asked for permission to include  it as a separate file in BIND and MS zone format while we integrate them into our blocklists.  But you should check out the massive list of over 1300 urls yourself .

Update from Unmask Parasites:

… most of them don’t contain those Gumblar script now. I maintain this list mostly as a reference so that webmasters of sites with Gumblat zombie URLs could locate and remove them, and webmasters of infected sites where hackers inject links to those zombie script could search for domain names specified in Google’s diagnostic pages (they contain some historical data) and find my list and clean up instructions.

Almost 200 New Malicious Domains

Posted on August 7th, 2010 in exploit,gumblar,New Domains by dglosser

Sources include blog.dynamoo.com, blog.unmaskparasites.com, trojanedbinaries.com:

87jonsonfd .com advanced-def .com
about-joga .ru advanceddefender .org
ad-parking .net antiviractive .com
adsnet .biz best-scanner-2010 .net
advdefender .com best-scanner-2010 .org
ajhsfget .com brick-layer888 .com
antispybox .com creatives-labs .com
antispymega .com cyber-deployment .com
antispymv .com directbinary .com
antispynew .com first-online-scanner .com
antispysp .com first-online-scanner .net
antispyutil .com first-online-scanner .org
antivirback .com gosrmecalodnl38 .com
asdagj .com gosrmecalonl16 .com
avmirror .com gosrmecalonl20 .com
bbcxq .com gosrmecalonl21 .com
beza .tu2 .ru gosrmecalonl3 .com
bravqwer .com gosrmecalonl30 .com
breenders .com gosrmecalonl4 .com
c3metrics .net gosrmecalonl5 .com
chinese-way .com gosrmecalonl8 .com
dkeh38oz .com gosrmecalonl9 .com
evdoilsdus .com gosrmedicalonl1 .com
fd1a234sa .com gosrmedicalonl10 .com
freead .name gosrmedicalonl11 .com
fuchroot .com gosrmedicalonl13 .com
gasredbox .com gosrmedicalonl14 .com
getadvdef .com gosrmedicalonl16 .com
goadvdef .com gosrmedicalonl17 .com
goadvdef2 .com gosrmedicalonl18 .com
hhsdgbes .com gosrmedicalonl19 .com
huisko .cn gosrmedicalonl2 .com
ilui45iu7 .com gosrmedicalonl20 .com
iuysdjerh .com gosrmedicalonl3 .com
jkhasels .com gosrmedicalonl5 .com
jkhteqa .com gosrmedicalonl6 .com
kaljv63s .com gosrmedicalonl7 .com
kdy7rsxa .com gosrmedicalonl9 .com
kipyatok .cn irrationalsdv3 .info
kljdskrza .com kavascansecurity .com
lkfjfuisdh .com nameservice-worldwide .com
lkhysayte .com profithobby .net
lokisko .cn rebornendkit .cn
lovinezer .com s-powerlink .com
mdmasege .com safe3etfejwqf .com
mybar .us scanner2010 .com
pogodanet .cn scanner2010 .net
qsfgyee .com scanner2010 .org
rmbtoor .com scannerglobal .com
s0cksps .com scannerglobal .net
sadahesz .com shoppingsurat .com
sadangez .com showdevelopment .com
sadkajt357 .com silivrirehberim .com
safniiyew .com sinsaengtech .com
sakjgeyq .com smartflower .sitemaps .co .kr
salkjyhx .com solinges .com .ar
sfahdasjw .com speedydecorators .co .uk
shoba .in spis-imion .waa .pl
shop-weto .com squirrelbird .net
sitec-med .com super-scanner .net
sjb653xz .com super-scanner .org
skzart .com swineflu-articles .com
smtech .in tallestbuildingslist .com
sobo .in tcsdivisions .com
stonet .ru teh-g .webphoto .ir
supanaphom .com tekirdagdaemlak .com
surbhisoft .com terminal-service .net
svemo .de testpagina2 .webdesign-idej .nl
svo-stroy .ru thechimborazo .com
sweethost .org theflyingpoodles .com
sweweb .org tietkiem .thuonghuyenbooks .vn
tacsw .or .kr tne .tourskorea .com
tamiltouch .com totalflowers .ro
tejasindia .com tottaldomain .cn
tem97 .org tunikproducts .com
tomo7e .com twowildgirls .net
toolbarcom .org ugurkargonakliyat .com
tourcentr .com uznai-pravdu-ru .1gb .ru
tvindc .com uzunkopru-meb .gov .tr
urotex .com vazkreseniehristovo .org
valleyseve .de versaillesstudio .com
vankami .net viamediasolutions .com
vasaikar .org vidaabundanteheredia .pablohost .com
vasiad .org video-conferencing-tips .com
videofetes .com vikinginfotech .com
vipsocks .cn villadepinto .com
vivazaxo .com vinhhuyhotel .com
vizlefx .com volunteer-scan .com
walnut .la wap .soundsuggestion .com
wcfdubai .com wapika .sitefr .info
wdggtwegww .com waydomains .typicaldesign .net
webantispy .com webproductsthatmakeyourich .com
webdogs .nl wepro-fashions .com
webimyo .net wittyvideos .com
wilstose .co .cc wolfsclassiccarrent .nl
wolfshop .pl worldofmakemoney .com
youth4bjp .in xenoncenter .com
zealups .com 0-0-0-0-0-0-0-0-0-0-0-0-0-50-0-0-0-0-0-0-0-0-0-0-0-0-0 .info

The malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

Huge Update: Over 200 Domains

Posted on August 4th, 2010 in gumblar,New Domains,Trojans,zeus by dglosser

Over 200 domains associated with seomalware, malspam, zeus, gumblar have been added. Sources include safebrowsing.clients.google.com, blog.unmaskparasites.com, research.zscaler.com:

021web .com .cn 1000sweeties .com
4safe .in a2construction .net
69poses4u .com acccinternational .com
800816 .com .cn adobeactivation .net
88456 .pp .ru almightybusiness .co .in
92mimi4 .cn alpine-balloon-challenge .ch
acani .in angel-lux-tube .com
apmebf .com animaltechlabs .com
artsimone .ch apexconsultancy .com
asgardr .fr apogeecleaning .com
atstatec .com april-snow .co .kr
baabbeesss .com arak .webphoto .ir
bamyazilim .com artoflivingfaridabad .org
bandikots .com ax-118 .webphoto .ir
basacbake .com bajchatka .proste .pl
bb4msg .com bloccorlando .org
be2tv .com brookewhitemedia .com
beachhub .info browserdomain .in
bemcoindia .com cavaliersales .com
best-selik .ru classicgamingcruises .com
billingcxn .com dangerousteens .com
bodegaspa .com devision-sharks .ru
brenz .pl duzeykursmerkezi .com
cafedeaiai .com enjoy-party .info
chudachok9 .ru enlaceseducativos .com .ar
coastia .com eventosmaderoview .com .ar
combatant .cz excel-consultants .in
deryam .biz freepetcaretips .com
dwefsd .com fu0ckpisingebonun .com
enceny .com geocartablog .com
ereei .info getamodification .com
eyesites .co .uk google-analyze .org
ezeldizi .biz greenlandaviation .com
fffest .co .cc guppypetshop .com
fl-bbb .org hiphopplanet .ca
freeguard .biz hitthegroove .com
g1rlyuoung .com imapkolkata .com
gere-okon .ru infoprodukbisnis .com
gmentp .com joaillerieliban .com
grouseinn .com kakalfoundation .org
gumdang .or .kr koilman .inodea .co .kr
horasan .bel .tr komita-mentoring .com
ianes .com krainaseriali .jun .pl
illoul .net mascotsunlimited .com
incornew .net mattlinwyman .com
infinitech .in minisearch .co .kr
intzvill .com more-movie-tube .info
ip33033 .com movie-tube-portal .info
ixeajki .cn needservices .org
ixnitor .com nesc-mauritius .org
juststaff .com newpartyworld .com
lisac2009 .info ns10-wistee .fr
lkem .info our-children .net
loinfo .ovh .org peche-cote-azur .com
lykqug .cn printinstant .com
m08b .com radiantspl .com
m5rj .net rajeshagarwal .org
malmo-arena .se randomlegend .net
megayear .net rangpacknmove .com
metds .org rattanaburihos .com
mingegypt .com ravirajgrroup .com
moshiko .net reflexoterapiemasaj-vacuum .ro
mt .ru repair .ivyro .net
musicmufta .com replicawatchesnow .com
my-lg070 .net revistabaron .com .ar
naijapress .com roaroiet .doae .go .th
naturesiam .com robertomilanomoreomglol .info
ngl .kr rondoniainfoco .com
nkphcoop .com rostechnoimport .ru
nt02 .co .in rsequitytips .com
obaduk .com rtohomecenter .com
plustecpk .com russiancommunications .com
rad-data .net rvconsultancy .com
ragero .ru rxgenerics .net
razmatazz .net s216344386 .online .de
rijagt .dk sahrudayarajagiri .org
rstechies .com salinasenterprise .com
rts-me .com saludonline .ok .pe
rtv .lx .ro santoshada .net
sa-m .com sarvodayachildcare .com
saba-ac .com scanlation .net
sagri .org sdcenter .inkoreahost .com
samarago .ru sebastiangora-photography .com
sanahr .com selixsolutions .com
se-group .de sheenachohan .com
seoshell .com shindobat-zama .jp
sepahan-e .com shinwoori .tourskorea .com
sexpot .co .kr shriodeeducationsoc .com
sgs .co .kr smewnoibolvan .ru
sho0oq .com stateder .co .cc
smetask-op .ru sweetpornobabes .com
sp .sk thelemoncity .com
spider-eg .com theshinhwa .com
sragenlor .com transconttgn .com
t-e-clive .com travelersnote .co .kr
timoton .com ubaipropertysociety .ae
tomitt .com update-ff .co .cc
vyshnya .pp .ua update-java3 .com
web898 .net webmovedesigns .com
wemsg .com weirdalliance .net
wwwsarkozy .eu whiteagngo .com
xin3721 .com youngsweat .com
ymcakorea .org ypufubegopem .mynetav .org
zeroclan .net