Feed

Bulletproof Zeus, cybercrime, rogue security domains…

Posted on March 25th, 2011 in bulletproof,exploit,iframes,rogue antivirus,Trojans,zeus by dglosser

164 domains associated with Zeus (Bulletproof, drivebys), rogue antivirus ,  crybercrime and other badness. Sources include blog.sucuri.net, vxvault.siri-urz.net, www.malwaredomainlist.com (Every source is always listed in the domains.txt file):

2367 .in 3dglases-panasonic-tv .com
315uu .com 4jifnizd2w .cz .cc
3ara3a .com afteranyxxx .sytes .net
4324 .in amatricespornofrance .com
4meganet .com anoonoribujyo .linkpc .net
aabubwtathr .com antibiotics-shop .com
basicpills .com antivirusfreesmartrend .com
bestdatatool .in antivirushard .com
bhiii .co .cc antivirusmysmartrend .com
bhjjj .co .cc antivirussoftcentral .com
bhkkk .co .cc antivirussullinger .com
bhlll .co .cc antivirusullinger .com
bhmmm .co .cc antivirusxpeasy .com
bhnnn .co .cc bahiaautopecas .com .br
bhrrr .co .cc best-fast-scan .cx .cc
bigimotopast .ru billing-script .com
bufordsoft .com cacajose .sites .uol .com .br
cahodofo .com checkmeman .co .cc
carder .su dvdsoftwarestore .in
corlod7i .cz .cc eoficina .e .telefonica .net
creaps .net fedwire-reports .com .p8 .hostingprod .com
deniq .ru flyingshoestrade .com
dn3r .co .cc generic-ed-pharmacy .com
fathone .com getbackupandrunning .com
fojurus .cz .cc google-stats48 .info
freegoldsun .biz google-stats49 .info
freerttnews .com gsdha3whfh .vv .cc
freshcomp .ir hhwwswjpj .org .in
ftzo .co .cc ideal-solution .org
fuzzybean .com iolcarvalho .sites .uol .com .br
fygdzlil .co .cc issueantivirus .com
g2lr .co .cc jhda4jgdsjg .cz .cc
gabaqlygthr .com jkqlzsftofoiivx .com
getrxpills .com juniocsilva .sites .uol .com .br
gigasoftware .ru lareaddablehis .com
gjijpqhgvmt .com lessthenaminutehandle .com
greensinkod .com likeropslypwood .com
hatememan .com looseantivirus .com
iusav .com lynx-newmedia .in
izdonhesyn .com modulos2011 .hpg .com .br
jeqtzjte .co .cc mt-canete .sites .uol .com .br
jjijpohjvmt .com multi-stats .info
kagrinn .cz .cc mymagicstore .co .cc
kv5r .co .cc myscanantivirus .com
luster-adv .com nossasfotos00862 .com .sapo .pt
macroers .com online-guest .info
malathris .cz .cc ounvdlgyvrsksnkl .com
marbit .com premiumfreeantivirus .com
mediamarkinc .in pro-data-consult .in
miatxvsmthr .com releaseantivirus .com
mullador .cz .cc roleplaysanctuary .co .cc
music-cubtan .tk rttnewsantivirus .com
nwey .info salamandra-lll .cz .cc
obsh .co .cc scanantivirussearchmyfiles .com
qwsqws3 .co .cc scansearchmyfiles .com
ru-php .ru searchmyfilescanantivirus .com
rutrahxxx .ru securitylkins .com
shaliron .cz .cc seeantivirus .com
sol-stats .info shershenzhalit .ru
soretag .ru sholdrowfronap .com
sstatewin .org simplehircantivir .myfw .us
sukonah .in siquiero .com .uy
sunnmy .net sohsnowhowable .com
te7j .co .cc stream .myunire .com
tikrons0 .org sukiblyadi .name
tmdxcrlu .co .cc sullingersoft .com
to-bay .com supplyantivirus .com
topsale2 .ru system-scanner-jess .co .cc
topupdate .ru thepackplace .in
topupdaters .ru thescanantivirus .com
urwwtrnn .co .cc traffichere .dyndns-blog .com
uvbs .co .cc uiatxgsuvmt .com
vicewo .com upinsmokelala .ru
video-write .in vaccinescan .co .kr
woqaguw .co .cc video .shilysha .in
wphf .co .cc voiceiancef .com
xkrmwkdy .co .cc webantivirussoft .com
xts-pay .ru webfreeantivirus .com
y3qa .co .cc webscanantivirus .com
ypolois .cz .cc weiss-cannon .de
yuyu98 .com xclipshostre .co .cc
z3co .co .cc xz .8345netmarketing .info
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Bullet Proof Domains, SpyEye, fast flux and other malicious domains

Posted on March 8th, 2011 in bulletproof,exploit,fastflux,New Domains,Spyeye,zeus by dglosser

Bullet Proof SpyEye Domains, fast flux C&C, and other malicious domains. Sources include blog.sucuri.net, securehomenetworks.blogspot.com, www.sacour.cn & others (Every source is always listed in the domains.txt file):

8785 .in 90fd78b9078bd0g .com
8931 .in achilleine .co .cc
aa0025 .co .cc achillodynia .co .cc
ac .qvoz .info achitophel .co .cc
achilleid .co .cc achlamydeae .co .cc
achillize .co .cc achlorophyllous .co .cc
achime .co .cc achloropsia .co .cc
achinese .co .cc antivirusscannerguide .com
achingly .co .cc antivirusscannermaintenance .com
achmetha .co .cc antivirusscannermanufacturers .com
acholic .co .cc berfry43bgrbf .vv .cc
acholoe .co .cc bigtitzsarena .com
acholuria .co .cc canarvanexpertmedia .net
acholuric .co .cc canarvanpointmedia .net
admin-z1 .com cometrymywork .info
agamaris .vv .cc d34ghqarfrgad .com
andromath .vv .cc dontstop21523510 .com
avstartpc .com doselfprotection .com
bbazzas .com dxuxpusopmqpofs .net
bestboy-link .in expireddomaingains .com
besten-link .in fashion-report .ru
bg3u4g .net fastprotection-soft .net
bliaetxv .cz .cc fenom-guardianre .rr .nu
bradenso .info fullstandartofprotection .net
burifym .cz .cc g243gtdsgsdg .vv .cc
checksoftos .in g2hhfadh4ehfdh .co .cc
defendaor .in g2hsjgjgfj .co .cc
dersedrprd .com generalabbrialgroup-ltd .net
dianaath .cz .cc glkgj5j4rshdfhj .vv .cc
erofreex .info goodcy-clear .rr .nu
famontare80 .net goodku-clear .rr .nu
foprccz .vv .cc gqgqhfdjdh .co .cc
freedom-av .com gs34grsgdg .vv .cc
freepornii .com gsdg3gsdgsdg .vv .cc
gb3hnh3nf .co .cc gsg3gsdgsxgsdg .vv .cc
ghomath .cz .cc gwsg3gsgdsgd .vv .cc
gidvbmvm .co .cc haitunwan .txmh .net
gsdg2g32 .co .cc hgerwhu45 .co .cc
ironsum .ru hrh45jftjfj .co .cc
keleghma .vv .cc indigomantisop .com
kestiny .com jfgdhdfhsdfh .vv .cc
kudwda .ru jfgjfr5jdfj .vv .cc
l2-x .com jghrt9frgtr9 .com
lopaset .co .cc just-perfectprotection .in
mildtune .ru manalmeena .cz .cc
miltonmoon .com masiniunelte .eu
miraswyn .cz .cc metalkiolpe .com
mmspicture .ru micirugiaencolombia .com
mvrxihvr .co .cc mkgk5jswhgfnxg .vv .cc
newdivase .info nalmethris .vv .cc
nkeldx .info pds .adncommerce .com
nkeldy .info profi-softusin .cz .cc
nkeldz .info proring-safe .in
nuarius .cz .cc protectionforyousi .rr .nu
oofhx .info redalpacadatabaseexperts .net
oofhz .info redalpacadirectdatabase .net
poooilha .info redalpacadynamicdatabase .net
poooilhb .info redalpacaexpertdatabase .net
poooilhc .info safenetwork-foryou .com
protectav .com saturnosistema .com .br
securedify .in savedeve-soft .rr .nu
siranaya .vv .cc saveonly-sentinel .com
startpcav .com savesecurity-foryou .com
tdsdivase .info savesecurityforyou .com
tdspoint .com scan-direction .net
theshop .su scan-projectsi .cz .cc
tvwnzim .co .cc servicios-fisicos2 .info
verygoodav .net sikiispornosex .net
vistamenu .com smart-scanforu .uni .cc
vvdnftmz .co .cc srryyspqjxyvq .biz
vvtvnit .co .cc startavclub .com
wheelcars .ru testonlyforfhj3355591 .com .tw
yuyu87 .com topnetworkguard .com
zpidesa .info trafficconverter .net
zpidesb .info triptowercustomhosting .net
zpidesc .info verifiedconnect .in
zpidesd .info yrganosserx122108 .net
zpidese .info
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

240 New bulletproof, zeus, c&c, exploit domains

Posted on September 23rd, 2010 in bulletproof,exploit,New Domains,Trojans,zeus by dglosser

Note: as discussed in an earlier post,  entries  in the zone file containing an underscore have the line appended with “check-names ignore;};”  Please let us know asap if you encounter any issues

zeus domains, exploit domains, c&c domains,  bulletproof and otherwise  domains categorized as malicious by amada.abuse.ch, vxvault.siri-urz.net, www3.malekal.com and others (the source for each entry is always in the domains.txt file):

10babbleset .net abodeflash-vol51 .co .cc
14centixo .net alimonyforces .com
21blogpedia .net allartsonline .com
22roota .net analitycscook .com
28rifftune .net analitycscord .com
2way2010 .info analitycscrack .com
34050690693 .com analitycscredit .com
399hansotar .com analitycscrime .com
985465 .net analitycscry .com
allnetart .com analitycscup .com
ankravsrc .lv animalsexporn .in
antispybase .com antimalwaresecurity .net
antispybase .net antispyprogtool .com
antispyeye .com antispywarepc .com
antispyeye .net antispywarepc .net
antispywork .net antispywareprog .net
artph .com antivirprime .net
atsopanol .com antizooxxx .co .cc
autoandarts .com artcooldesign .com
av-fox .net artrockdisplay .com
avfortress .com artscarparts .com
balancview .org artscraftsstudio .com
bastocks .com artsgallerysite .com
bauhath .com asiaartsonline .com
bbonusworld .com auctionhouseart .com
bcdfinder .com barcalys-trial .com
bdemkrhbfds .com barcalys-trial2 .com
besthomfdok .com bestartcenter .com
bfscooby .com bestartsnews .com
bigbendarts .com bestbodyarts .net
bigpoolarts .com bestcityarts .com
bigroadarts .com bestmalearts .com
bka .im bestmultiarts .com
bloglabel .net bgroundplatt .com
boundtube .net bigartsdirect .com
bourgum .com binuser .fileave .com
braineurons .com blackbeautyart .com
bricesearch .org botanicalgardenart .com
burrova .com brainboxonline .net
buyexplaine .com brightsphere .net
carheavens .ru casinosgoldscashs .ru
catbodyart .com casinosgoldsgames .ru
cazino-game .com centralasiaarts .com
ceonter .com cheapcyberarts .com
ceryxlt .com doctor5antivirus .com
cip-soft .com dvdfirmwareupdates .com
crazymasya .com dynamicnetwork .ru
cybernis .com ede76c .reggieprotector10 .com
durnosy .com goldspowersbetss .ru
dyr .medicnz .ru greatsokdfite .com
fastlouprim .com host66-flash .servehttp .com
forsett .com hottesttubemovies .com
forthemore .com ipchecker911 .com
froot .nl jeybicufuic .serveftp .net
gfguhsdig .com jipiqunimujumeja .scrapper-site .net
gnomsmotor .ru joinmediafiles .com
grings3 .cz .cc keygen .serdb01 .com
herrrtisof .com microantivirus-2009 .com
hhehshe .co .cc msnsolution .nicaze .net
imnet .us mysamsungapps .net
inlovebot .com net-master55 .co .cc
isoburn .in onl-for-fils .org
jadesquadg .com orygecpizdat .info
jetmember .net potterspoultry .co .uk
jhasrte .in proposta .hotmail .ru
jimkey .in realloungecentral .com
jmlklgjxt .in red-tube-video .net
jttjurop .in scaner-ac1 .cz .cc
junefreeporn .in scaner-acer .cz .cc
kirixi .in scaner-bcdercdc .cz .cc
kiwmvqjv .in scaner-bcderrwe .cz .cc
kjmrxjlx .in scaner-bcderrwesf .cz .cc
kjsagtsadt .in scaner-bcdgdffrs .cz .cc
kmqwe .in scaner-cio .cz .cc
kurva .kilu .de scaner-clouds .cz .cc
lejimer .co .cc scaner-coast .cz .cc
liruna .com scaner-demon .cz .cc
medicnz .ru scaner-dir .cz .cc
mmmbsbt .co .cc scaner-dro .cz .cc
mollpointer .com scaner-ear .cz .cc
monaco-auto .com scaner-eclips .cz .cc
moykamin .com scaner-eee .cz .cc
mygabfly .net scaner-end .cz .cc
myqopp .info scaner-enter .cz .cc
outgtrf .in scaner-idea .cz .cc
pokagih .co .cc scaner-internet .cz .cc
searchannoyed .org
qoppstore .info searchchatup .org
scaner-do .cz .cc searchcloudy .com
scaner-e .cz .cc searchclumsy .com
scaner-ed .cz .cc searchcolossal .com
scaner-ex .cz .cc searchendrun .org
scaner-i .cz .cc searchfertile .com
scaner-ip .cz .cc searchfierce .com
sdehaacsfds .com searchinhard .org
searchandsx .org searchinhure .org
searchangry .org searchinzone .org
searchbent .org searchlouinc .org
searchcold .com searchpieups .org
searchdirty .com searchpotinc .org
searchdisup .org searchreturup .org
searchdull .com searchsiminc .org
searchdusty .com searchtensup .org
searcheager .com searchtiesup .org
searchequal .com searchuserbar .org
searchinatl .org stable-defense33 .co .cc
searchinpat .org stable-defense40 .co .cc
searchjolly .com supermovieinfo .com
searchporit .org themoviecontent .com
searchsutes .org thereisnoss .biz
searchwilup .org tqpnqvebjkovok .net
sogston .com trafficforalz .org
supermcun .com truemediawork .com
supersocine .com trustedantivirus .com
tisheedesh .com unitedwestandmow .net
tro0l .com updatepcprotection .com
twitloop .com updatesdownloads .com
uilenowst .com updatespatchinfo .com
xhaito .com websextrasbetss .ru
zexxcom .com yourmovieupdates .com
The malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…