Feed

Nitro, malspam, risky domains…

Posted on September 23rd, 2012 in exploit,fastflux,malspam,New Domains,Trojans,zeus by dglosser

Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, www.symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net (all sources are listed in our domain.txt file.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be bannedUse wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

 

 

BPhoster, Zeus, Fast Flux…

Posted on January 25th, 2012 in fastflux,New Domains,zeus by dglosser

Added 101 domains associated with BPHoster, Zeus, Fast Flux, Hiloti, iceIX. Sources include amada.abuse.ch, exposure.iseclab.org, www.emergingthreats.net (every source is  listed in the domains.txt file). Please update your blocklists/sinkhole  and review our Terms of Use.

SQLi, Fastflux Botnet, Dirt Jumper and more

Posted on October 25th, 2011 in fastflux,New Domains,RBN,rogue antivirus,Spyeye,sql injection,zeus by dglosser

Added 210 domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, www.malwareurl.com and others

(Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Drivebys, fast flux, botnet, moneymule, etc…

Posted on August 23rd, 2011 in fastflux,MoneyMule,New Domains,Phishing,Spyeye,Trojans,zeus by dglosser

A large update a few days ago which I forgot to add… Over 300 zeus, moneymule, botnet  domains…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

DNS-BH Mar 19 Update: artro, palevo, bulletproof, rogue domains

Posted on March 19th, 2011 in exploit,fastflux,New Domains,rogue antivirus,Trojans,zeus by dglosser

A bunch of rogue, zeus, artro, palevo, and bulletproof domains. Sources include amada.abuse.ch, support.clean-mx.de, www.malwaredomainlist.com (Every source is always listed in the domains.txt file):

banage .ru boostxpantivirus .com
9o78 .cz .cc carahackfacebook .com
bulkbin .cn fortesteng123223 .com
pmr2 .co .cc inspectantivirus .com
psdtrp .com jtievgonpznzpbpp .com
web4kz .com liverscanantivir .com
avblast .net meuantivirusdown .com
missspan .in novoantiviruspro .com
pantamat .is peruse-antivirus .com
topksa .info realloungecentral .in
zveno-x .net seuantivirusfree .com
djtikvah .com survey-antivirus .com
glenninyx .in televisionfree .co .tv
luckycash .ru update99 .poche .ce .ms
maroder .info virtualsafetylab .com
paytraff .biz xpantivirustools .com
photopath .in xpantivirusvirus .com
poboltaem .lv antivirscantoolxp .com
povertyba .in bone-scan-antivir .com
rogueroad .ru colourscanantivir .com
udodelig .com maisantivirusscan .com
zeosleep .org xpantivirusclient .com
cs2gameme .com xpantivirusengine .com
gimigimi1 .com antivirscanspeedxp .com
hoghley .co .be antivirscantoolsxp .com
mysimash .info antiviruscrusaders .com
snapadoos .com installxpantivirus .com
thenetdata .in integrityantivirus .com
neonpage .co .cc livreantivirussoft .com
phones4wow .com meesheephotography .com
rjmvcdld .co .cc meuantivirusgratis .com
sop3sa7nop .com todosantivirusfree .com
tatu7g4ano .com xpantivirusreviews .com
textilprom .com xpantivirusupdates .com
urcmfedl .co .cc xpantivirusvendors .com
diqunoj44 .co .cc xpdesktopantivirus .com
dmpcrepairs .net antivirscanenginexp .com
koprowsko .ce .ms antivirscanimagesxp .com
sl0rd .codzs .com boundaryscanantivir .com
bigtopstudios .cn deep-antivirus-scan .com
ibmantivirus .com deep-scan-antivirus .com
xp-antivirus .com fast-malware-scan .co .cc
zapantivirus .com scrutinizeantivirus .com
antivirusdown .com xpantivirussolution .com
antivirusmeds .com antivir-scan-tool-xp .com
coolantivirus .com antivirscanenginesxp .com
fifa2012terra .com bomantivirusdownload .com
mainantivirus .com investigateantivirus .com
missantivirus .com windows-xp-antivirus .com
republikainfo .com advancedscanantivirus .com
syssupportctr .net antivir-scan-tools-xp .com
antivirussites .com best-antivirus-scan .co .cc
inolimpwetrust .com fast-antivirus-2011 .cw .cm
jsojonhjvhvtus .com fast-antivirus-scan .co .cc
ninja .ibedyou2 .com youtube .makingfaces .com .au
scan-antivirus .com antivirscancomputersxp .com
studyantivirus .com antivirscandocumentsxp .com
worldantivirus .com dl .fast-malware-scan .co .cc
grizzli-counter .com advanced-scan-antivirus .com
antivir-scan-xp .com antivir-scan-engines-xp .com
bonescanantivir .com antivirscandefinitionxp .com
peruseantivirus .com testtestforfhj111998 .com .tw
safexpantivirus .com antivirscancorporationxp .com
surveyantivirus .com antivirscancorporationxp .net
tunexpantivirus .com vcuehlunbhpltsbcwpkspxnq .com
xpantivirusscan .com antivirscantechnologiesxp .com
antivirus-survey .com cg79wo20kl92doowfn01oqpo9mdieowv5tyj .com
bomantivirusfree .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Bullet Proof Domains, SpyEye, fast flux and other malicious domains

Posted on March 8th, 2011 in bulletproof,exploit,fastflux,New Domains,Spyeye,zeus by dglosser

Bullet Proof SpyEye Domains, fast flux C&C, and other malicious domains. Sources include blog.sucuri.net, securehomenetworks.blogspot.com, www.sacour.cn & others (Every source is always listed in the domains.txt file):

8785 .in 90fd78b9078bd0g .com
8931 .in achilleine .co .cc
aa0025 .co .cc achillodynia .co .cc
ac .qvoz .info achitophel .co .cc
achilleid .co .cc achlamydeae .co .cc
achillize .co .cc achlorophyllous .co .cc
achime .co .cc achloropsia .co .cc
achinese .co .cc antivirusscannerguide .com
achingly .co .cc antivirusscannermaintenance .com
achmetha .co .cc antivirusscannermanufacturers .com
acholic .co .cc berfry43bgrbf .vv .cc
acholoe .co .cc bigtitzsarena .com
acholuria .co .cc canarvanexpertmedia .net
acholuric .co .cc canarvanpointmedia .net
admin-z1 .com cometrymywork .info
agamaris .vv .cc d34ghqarfrgad .com
andromath .vv .cc dontstop21523510 .com
avstartpc .com doselfprotection .com
bbazzas .com dxuxpusopmqpofs .net
bestboy-link .in expireddomaingains .com
besten-link .in fashion-report .ru
bg3u4g .net fastprotection-soft .net
bliaetxv .cz .cc fenom-guardianre .rr .nu
bradenso .info fullstandartofprotection .net
burifym .cz .cc g243gtdsgsdg .vv .cc
checksoftos .in g2hhfadh4ehfdh .co .cc
defendaor .in g2hsjgjgfj .co .cc
dersedrprd .com generalabbrialgroup-ltd .net
dianaath .cz .cc glkgj5j4rshdfhj .vv .cc
erofreex .info goodcy-clear .rr .nu
famontare80 .net goodku-clear .rr .nu
foprccz .vv .cc gqgqhfdjdh .co .cc
freedom-av .com gs34grsgdg .vv .cc
freepornii .com gsdg3gsdgsdg .vv .cc
gb3hnh3nf .co .cc gsg3gsdgsxgsdg .vv .cc
ghomath .cz .cc gwsg3gsgdsgd .vv .cc
gidvbmvm .co .cc haitunwan .txmh .net
gsdg2g32 .co .cc hgerwhu45 .co .cc
ironsum .ru hrh45jftjfj .co .cc
keleghma .vv .cc indigomantisop .com
kestiny .com jfgdhdfhsdfh .vv .cc
kudwda .ru jfgjfr5jdfj .vv .cc
l2-x .com jghrt9frgtr9 .com
lopaset .co .cc just-perfectprotection .in
mildtune .ru manalmeena .cz .cc
miltonmoon .com masiniunelte .eu
miraswyn .cz .cc metalkiolpe .com
mmspicture .ru micirugiaencolombia .com
mvrxihvr .co .cc mkgk5jswhgfnxg .vv .cc
newdivase .info nalmethris .vv .cc
nkeldx .info pds .adncommerce .com
nkeldy .info profi-softusin .cz .cc
nkeldz .info proring-safe .in
nuarius .cz .cc protectionforyousi .rr .nu
oofhx .info redalpacadatabaseexperts .net
oofhz .info redalpacadirectdatabase .net
poooilha .info redalpacadynamicdatabase .net
poooilhb .info redalpacaexpertdatabase .net
poooilhc .info safenetwork-foryou .com
protectav .com saturnosistema .com .br
securedify .in savedeve-soft .rr .nu
siranaya .vv .cc saveonly-sentinel .com
startpcav .com savesecurity-foryou .com
tdsdivase .info savesecurityforyou .com
tdspoint .com scan-direction .net
theshop .su scan-projectsi .cz .cc
tvwnzim .co .cc servicios-fisicos2 .info
verygoodav .net sikiispornosex .net
vistamenu .com smart-scanforu .uni .cc
vvdnftmz .co .cc srryyspqjxyvq .biz
vvtvnit .co .cc startavclub .com
wheelcars .ru testonlyforfhj3355591 .com .tw
yuyu87 .com topnetworkguard .com
zpidesa .info trafficconverter .net
zpidesb .info triptowercustomhosting .net
zpidesc .info verifiedconnect .in
zpidesd .info yrganosserx122108 .net
zpidese .info

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Bulletproof Domains, Moneymule Domains, Exploit Domains, iframes and more…

Exploit domains, bulletproof domains, Moneymule Domains, Palevo Domains…
Sources include amada.abuse.ch, hphosts.blogspot.com, www.malwaredomainlist.com, support.clean-mx.de (Every source is always listed in the domains.txt file):

4565 .in 2g2gsdfhfh .co .cc
5673 .in allforyouonline .com
770304123 .com antiivirusgoe .com
9us .org antiquee-corp .info
acmedecor .ru antistresser .com
ademudmadve .com antivirusemail .com
adheadies .com aramategroup-int .info
anysnare .us art-marketllc .cc
apniscmvoe .ru artmarket-llc .net
av .babypin .net banjalucke-ljepotice .ru
av2011 .co .cc banner-stats .org
bebookfunk .com chriseden73 .free .fr
bevelli .com chronos-network .com
bmjdr .free .fr directsecuresite .com
ciss .cz .cc fourth-ukltd .net
dgp .cc fourthgroup-ltd .cc
dkandskm .com freeinfosociety .com
evnagivu .in g23ghshdfshj .co .cc
evnvu .in geg2gsxhsh .co .cc
f5v9w .com greekweddings .biz
fj43 .co .cc gsg23gsdhsh .co .cc
gamersite .eu gsg32gasegsh .co .cc
gghkqkkgytn .com hbaehanfznjfh .co .cc
guitarheroe .es helby-groupltd .biz
hd-56 .com highsecuritydirect .com
hitchouston .com hy-brasil .mhwang .com
hosgeffer .co .cc irc .ekizmedia .com
hotupdates .ru jejushinshin .co .kr
inetwork .by .ru junaidandzia .com
inf0z .com .ua karlasantoscaentano .com
iranblog .com knives .mahtarep .net
jiayifan .cn kssa .peasoul .com
jocelrolex .net mails .lebadv .com
kadds .ru marchingbaby .com
kamasut .net nudedancegirls .co .cc
karma2you .net officialsecuredsite .com
kghkqkkkdve .com oyunyoneticisi .com
koralda .com pickeklosarske .ru
landriver44 .ru qead-groupllc .net
mailforw .org query-google .com
maislex .net rolemodelstreetteam .invasioncrew .com
mix-plus .co .kr schwartzbrothersant-corp .com
odile-marco .com sdh4hsfhjfdjhsdf .co .cc
onlydev .fr securedirectsite .com
p0teha .com .ua securedsitedirect .com
pc-cheats .de securelive .co .kr
playerbox .in servicio-fisico .info
poqwwrr .com sexy-serbian-girls .info
pushot .com shopmovieproduction .cn
qead-llc .biz squitgroup-llc .net
radiosci .info taruntextiles .com
rignorell .info throne-groupllc .cc
sc2wc .info thronegroup-llc .co
send29931 .cn tinassanservice-groupllc .cc
sfgytdysytn .com tinassanserviceant-antteam .net
signafrica .com tinujeemoatoc .linkpc .net
sinip .es unfaimos .land .ru
stepworth .com update-drivers .in
svjazinet .ru us-acoongroup .net
throne-uk .at vintage-groupco .biz
twilattice .in vintagegroup-inc .com
uuquhc .ru west-view-art .cc
vdsvps .in westview-art .net
weirden .com worldofart-ltd .info
yujinshan .cn zccz .interfree .it
zhirok .net zemondocooler .com
zkasbo .ru

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

NeoSploit, FastFlux, Zeus, MoneyMule Domains

Posted on February 8th, 2011 in exploit,fastflux,gumblar,iframes,MoneyMule,New Domains,NewSploit,rogue antivirus,zeus by dglosser

Something for everyone…  Neosploit. Gumblar, fastflux, rogue, phoenix, money mule, zeus, and more…

Sources include securehomenetworks.blogspot.com, ddanchev.blogspot.com (Welcome Back), blog.unmaskparasites.com, zeustracker.abuse.ch (Every source is always listed in the domains.txt file)

13grandferi .ru 2cbefb47060e6bc9 .com
329902034111 .com 349832409002394 .com
32gdjfkivcf .co .cc adolftsboyarinove .narod2 .ru
32tsdgseg .co .cc alwayskl2 .dyndns-home .com
4star-solutions .cc antibreakingsystem .com
acoon-groupllc .cc antivirussystem2011corp .com
acoongroup-llc .co arphis-goldgroup .cc
addaxonahacko .info arphisgoldgroup-inc .co
adscomplete .info asassis .sites .uol .com .br
aimic-groupllc .cc b16f0f08c55e9cc5 .com
alice .it b7bb5832b25c7869 .com
amina-groupco .co barracuda-antivirus .com
amina-groupinc .cc c5667d150fe0b41b .com
aminaorg .cc carlosfalavina .sites .uol .com .br
amstelone3 .biz cef1cef16e9471c9 .com
araccldta .net cefd9f37178eb5e4 .com
asystem .sk componentsprotector .com
bbs2 .mapeak .com daniilgrkrutoyzu .narod2 .ru
bonutilite .in dd79e9f502426e84 .com
browndrives .com digitalfilessite .in
browserdl .com diligence-groupinc .cc
buyvideo .info dvdstreamclipsluwl .co .cc
casinojasm .info e395368c52b40e2a .com
checkoutlook .info eder_rogerio .sites .uol .com .br
citygates .biz eef795a4eddaf1e7bd79212acc9dde16 .net
cocoongroup-llc .hk ef0a5ecbf42d83ed .com
consolemato .com elsden-groupinc .hk
curery-best .in engineering-design .org
diligence-group .co escorialescorial .com
dsjkslnew .com evgeniyayaiardankinyae .narod2 .ru
eejewels .co extratopupgrade .ru
englishrescue .com f532f7f478af8e7a .com
espmexusa .ru f598f03740695a8d .com
essalundahl .com facebook-surprise-cvsa .tk
ethesis .org facebook-surprise-cvsd .tk
filegroup-llc .co facebook-surprise-cvsf .tk
filvorks .com facebook-surprise-cvsg .tk
finestplugin .in facebook-surprise-cvsh .tk
firstola .net facebook-surprise-cvsi .tk
freminoust .com facebook-surprise-cvso .tk
gabtijtgytn .com facebook-surprise-cvsp .tk
gharibola .ru facebook-surprise-cvsq .tk
gotoessaved .rr .nu facebook-surprise-cvsr .tk
gotquesaved .rr .nu facebook-surprise-cvss .tk
goturssaved .rr .nu facebook-surprise-cvst .tk
greyzzsecure3 .com facebook-surprise-cvsu .tk
hirodomain .com facebook-surprise-cvsw .tk
im-sysgroup .co facebook-surprise-cvsy .tk
incogroup-usa .co fc03ec727f8861ef .com
kliikers .info fd06366c338dc774 .com
lbm-groupinc .co fe59294ea5f6f07c .com
lbmgroupco .cc feeder .next-time-feed .org
lcd-finance .cc filerestingplace .in
ledurbano .com getdigitalvideo .in
lookasaudio .com gleichfalls-groupinc .co
mallow-group .cc hardpower-holder .rr .nu
mijn-roedel .be hryyyymerwireless .net
minka .com .pe i-compass-group .co
money-visualuk .cc icr01 .appbundler .net
movenestecobra .ru imsystems-group .cc
muffsave9 .com lidiyadmvitinskiyvm .narod2 .ru
mukertvaros .hu lifeinsurancequestions .info
newufuq .com longhui .yhnetwork .cn
ntstats .com mail .privacycop .co .kr
oneboy .ru mallow-groupinc .co
pegasltdunion .cc michaelesgroup-usa .co
peruvianfood .com modulesadvanced .pro .br
psgtech72 .com moneyvisual-llc .co
radiumuk-ltd .cc moonlightw .mireene .com
randomlegend .net ozarkcreationsandantiques .com
rerodvix .info physis-groupllc .cc
safesecurenow .com physisgroup-llc .co
santorini-fin .cc pinfold-groupinc .co
savvyladies .net prazer2008 .sites .uol .com .br
scanavtool .com rajeshwariinfosys .com
snaretrack .biz rameshwartiles .com
stile-groupllc .cc redisco-groupinc .hk
studioingconti .it safe-securitymaster .rr .nu
techadvinc .cc savescan-foryou .rr .nu
traxchexfree .ru scanersolutionse .rr .nu
usgroup-amina .co schneller-groupinc .co
usgroup-reign .co schwartz-brothers .cc
virgilguard10 .com secure-softwaremanager .com
virgilguard2 .com securityguardprep .com
virgilguard3 .com silversun-groupuk .co
virgilguard4 .com silversungroup-inc .cc
virgilguard5 .com simple-network-checker .rr .nu
virgilguard6 .com stepanyggorokhovshchk .narod2 .ru
virgilguard7 .com studyincolorado .com
virgilguard8 .com terminal-service .net
virgilguard9 .com update .ip-ntwk .com
werodvix .info yqaireciye .linkpc .net
wizu .webd .pl

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

gumblar, artro, zeus domains

Posted on January 23rd, 2011 in exploit,fastflux,gumblar,iframes,New Domains,rogue antivirus,zeus by dglosser

Domains associated with gumblar, zeus, drive-by’s, rogues, etc… Sources include viralerts.com, safebrowsing.google.com, blog.unmaskparasites.com (Every source is always listed in the domains.txt file):

0879 .in 0313879956 .kt .io
09cd .co .kr 1websitedesign .net
2312 .in 3010928 .02 .com .tw
3453 .in 3tnoongfed .com
4534 .in adsensestat .com
6452 .in africabusinessintelligence .com
770304123 .cn afrique-solidarite .org
9879 .in alabbascement .com
abda3y .com almadinah-almunawrah .info
aceedan .com altogiro .ind .br
addomains .ru amour-sexo .com
aerocean .in anamaithaperng .com
air-bt .ru anandayogaa .org
aireuregio .de aqua-tectum .hu
al3shaq .com argo-japan .com
am4u .kr automobileandtransport .com
arakasa .com bangsaenpost .com
asly .net belaflex .ind .br
asteam .fr belaruskabel .ru
at1 .it best-clansite .de
binaryweb .com besteshoponline .com
blythe .la bizcardcolor .com
cattww .com booblegum19 .co .cc
chartinfo .net buypartylights .com
cipayroll .com c2cservices .co .in
clickping .org cargoogle .info
d9668 .cz .cc casamango .freehostia .com
de73b .cz .cc clientdatafiles .in
devalex .in coches-online .com
dishicage .net dasad41da4safasdasd21 .biz
erlkvv .net .in datagoogle .info
essoptes .com digitalloadsoftware .in
ewela .co .kr donjanhealth .com
fivecross .in dvdstreamvideosxyd .co .cc
gazacham .ps gclubdiary .com
ggo-team .com ghjpovqgdbs .com
hdcbljevga .ru glasgosurvine .com
hugilis .cz .cc google-analytisc .co .cc
introgagu .com iesnaretrack .biz
iranjoc .com kaisserz-awe .net .in
kz3gq1 .in kjgfdkghkg .co .cc
loveaz .biz mfgjhhimdbs .com
moveit .pt muslimhands .org .sd
mrpc .com .au nextdoorfiles .in
ndcasle .com rezidencia .com
ockonr .com searchdead .org
oddwsw .co .cc searchtasty .org
offscreen .com staticpaper .nl
oiwdd .co .cc stersboy777 .in
pojdue .co .cc trakyareklam .net
ro521 .com triskell-productions .com
sabnorway .com tubamarket .com
sdlls .ru tube-heaven .co .cc
srmvx .com .br urlprotect .co .cc
t3onyghop .com uzunkopru .org
unexpo .org vallyofwonder .com
vodbd .org verificaresite .lx .ro
wantedh2o .at visitorseerdt .co .cc
weblam .net voozioapple .in
webteste .com weightsoft .in
wid .com .pl workuscnm .cafe24 .com
wunubigs .com xenoncenter .com
xomcui .com yusungtech .co .kr
yanagi .co .kr zubaidas .com .pk
zanfo .it zuiddorpe .net

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

artro, fastflux,phishing,torping domains…

Posted on January 20th, 2011 in exploit,fastflux,New Domains,Phishing,rogue antivirus,Trojans by dglosser

165 new domains associated with torpig, rogue antivirus, phishing, fastflux, and other badness. Sources include atlas.arbor.net, abuse.ch, vxvault.siri-urz.net (Every source is always listed in the domains.txt file):

ffup .ru ginadesi .com
aksix .com indisk .co .kr
cz889 .com justtambo .in
hx681 .com litypist .com
iseyh .com lorikhgj .com
mdcoc .net migrader .com
stepsk .ru mydynatri .in
aferup .com ohanerri .com
astped .com pantomer .com
baza-33 .ru pastephe .com
bidspa .com phidhony .com
cerpoo .com sterebay .com
chmok .info vanderab .com
cutped .com venonite .com
daiehu .com asperfals .com
exteth .com avast-russ .ru
goapoo .com cuapowoam .com
jikped .com girlsexe .info
jorped .com girlsexq .info
laarup .com medz4less .net
menteu .com supertable .in
oisrup .com tooniland .com
opluck .com vofib-oxyx .ru
outped .com webtvfiles .in
ovatic .com wobersnam .com
padrup .com gilbertblab .in
pempoo .com hotnewsite .net
podfer .com imoveistrp .com
pourid .com movietoplay .in
pukfer .com mozpancast .com
qutped .com recofmuayt .com
silrup .com b4ido .comze .com
tivped .com chewedboots .com
todped .com chjfeggcdbs .com
xetpoo .com chudno .mcdir .ru
alyseko .com diamldnddbs .com
arcuard .com freemail4me .net
assaygo .com gizprotect1 .com
baullka .com jabsrjtjdbs .com
baza-123 .ru kataburglary .in
bylinve .com porntubehunt .com
cadeniu .com prodefence .co .kr
celkage .com proprotect .co .kr
cinding .com rockinhookup .com
colzann .com empiremailing .com
crucity .com everymovieplus .in
dashite .com hdstreamxporn .net
dsionhu .com loadfilesworld .in
erinari .com operaupdates .info
furthmu .com solidleader .co .cc
golos-33 .ru tamdownload7 .info
jaseyou .com bestfilesseason .in
laughro .com booknameserver .com
maketags .in aaracccobrancas .com
meadeci .com komustopxvideos .com
mokaped .com picasso .xuilo .cz .cc
molvinc .com pornuxa .xuilo .cz .cc
opporfo .com cordillerablanca .org
pastail .com smallspiderwomen .com
pizdos .info uumwebergnesiz .co .cc
sadirvi .com imagestorageplace .com
slypepi .com gdfgdfgdgdfgdfg .in .ua
stomoha .com wire-fedwire-info .com
vibrage .com dvdstreamvidsrxa .co .cc
virtest .com gjj-ltayo .serveirc .com
wangluc .com topsecuritydefense .com
wornnig .com hrf-rklyo .servegame .com
wylmark .com save-securityscanner .com
zoaearb .com adakhukanalinfo .narod2 .ru
argoscoc .com host81-tube .redirectme .net
canympet .com karinafmamelintl .narod2 .ru
chianthe .com flash43-tube .3utilities .com
chokyman .com milenaesdurkinbsh .narod2 .ru
clichast .com tube74-videos .servepics .com
cornalif .com vitaliymtslapinel .narod2 .ru
dinewsie .com alisayuivoronkovyy .narod2 .ru
emiatici .com vladimirbsvalievpe .narod2 .ru
fastupp .info removemyemailaddressplease .com
fecterry .com vladimiroyaburkinyum .narod2 .ru
feriytal .com konstantinbdkruteleve .narod2 .ru
flakawni .com makareebesfamilnovyab .narod2 .ru
formuria .com valentinalykuzminykhkh .narod2 .ru
gettanum .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…