Feed

Malvertisers, Zeus, BH Exploit Domains…

Posted on November 21st, 2011 in malvertising,New Domains,RBN,Trojans,zeus by dglosser

Malicious domains associated with trojans, backdoors, BH  Exploit Kit, RBN malvertisments were added. Sources include www.malwareurl.com, xylibox.blogspot.com, scrapbook.zscaler.com, malc0de.com

SQLi, Fastflux Botnet, Dirt Jumper and more

Posted on October 25th, 2011 in fastflux,New Domains,RBN,rogue antivirus,Spyeye,sql injection,zeus by dglosser

Added 210 domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, www.malwareurl.com and others

(Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

spyeye,zeus,rbn,scam domains

Posted on October 22nd, 2011 in fraud,malvertising,New Domains,Phishing,RBN,Trojans,zeus by dglosser

Added 206 domains associated with rbn, zeus, botnets, etc. Sources:blog.dynamoo.com, www.emergingthreats.net, zeustracker.abuse.ch and many others (Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

180 New TDL3/TDSS Botnet, cycbot, exploit, rogue domains

Posted on July 18th, 2011 in exploit,New Domains,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 180 domains associated with fake security/scareware, rbn, TDSS/TDL3, TDSS4 etc. Sources include securehomenetworks.blogspot.com, scrapbook.zscaler.com, blog.eset.com and others (Every source is  listed in the domains.txt file).

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


exploit, gbot, rbn, worms… 195 New Domains to Block

Posted on July 16th, 2011 in exploit,RBN,Trojans by dglosser

195 New malicious Domains associated with exploits, rbn, gbot and other badness  to add to your shun or blacklist.  Sources include www.malwareblacklist.com, support.clean-mx.de, securehomenetworks.blogspot.com, riskanalytics.com, safebrowsing.google.com (Every source is  listed in the domains.txt file).

As mentioned in the previous post, one of these domains is cw . cm, which means there will be some overlap in our blocklist until we finish cleaning up the individual entries.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

168 New Domains Added

Posted on July 12th, 2011 in asprox,exploit,MoneyMule,New Domains,RBN,rogue antivirus by dglosser

168 new domains associated with BH Exploit, fake job offers,moneymule, rbn and more. Sources include doc.emergingthreats.net, amada.abuse.ch, ddanchev.blogspot.com, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file).


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

June 21 Update

Posted on June 22nd, 2011 in exploit,MoneyMule,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 328 domains (too many to list individually) associated with exploits, moneymule scams, rogue security, scams and other badness. Sources include www.tristatelogic.com, www.spamhaus.org, www.scamfraudalert.com and others.

Malvertising, rbn, rogue, sql injection domains

Posted on June 17th, 2011 in exploit,New Domains,RBN,rogue antivirus,sql injection,Trojans,zeus by dglosser

Added over 200 domains associated with malvertising, Rogue/fake security, sql injection, etc. Sources include blog.dynamoo.com, community.websense.com, research.zscaler.com (Every source is  listed in the domains.txt file):

azetuair .cc 77-platform .net
baooe0 .com badodybeqyk .com
baooe1 .com bestbanners1 .in
baooe2 .com bestbanners2 .in
bazagg .cz .cc bestbanners3 .in
bedioger .com bestbanners4 .in
bhbdzmjy .co .tv bestbanners5 .in
bookaros .com bestbanners6 .in
bookarra .com bestbanners7 .in
bookdolo .com bestbanners8 .in
bookfula .com bestbanners9 .in
bookgusa .com bocikivihepiqa .com
bookmonn .com bunizywytyg .com
bookmono .com clanthefallen .com
bookmylo .com creditsofast .com
bookpolo .com dead-melpomene .com
booksgou .com ecxajgff .co .tv
booksoco .com eddddbzm .co .tv
bookvivi .com enukunaziha .com
bookvoxy .com eqezifebawe .com
bookzoul .com farelfusion .com
bookzula .com fkejoten .co .tv
bqhfvvdn .co .tv gb-offerlist .com
c8s2 .com greenhopengo .com
cbneehtm .co .tv hamobamaduro .com
ccjayplh .co .tv hepotevena .com
cjr001 .com herovidacege .com
dbonis .com high-webtraffic .com
demivee .in hocxhnrl .co .tv
divinemeb .com hydezerirevy .com
drber0 .com hydyfiliduzun .com
drber1 .com ibyfolyzijym .com
drber2 .com itzqmiip .co .tv
drber3 .com jawynuvejeqini .com
drber4 .com jazafibyho .com
drber5 .com jiqixylexut .com
drber6 .com jujbytqe .co .tv
drber7 .com jyviziwopakisy .com
drber8 .com keepitunreal .in
drber9 .com kolifixewitiq .com
dzedshuw .co .tv kovejyvymuzi .com
efidaxamo .com lajogitytudaxo .com
erdvjn1 .com linuxbanners1 .in
erdvjn2 .com linuxbanners4 .in
erdvjn6 .com linuxbanners5 .in
erdvjn8 .com linuxbanners6 .in
erdvjn9 .com linuxbanners7 .in
erlvn0 .com lucuhojivinu .com
erlvn1 .com mediabulker .com
erlvn2 .com mehyqibugyluf .com
erlvn3 .com mentorcentral .com
erlvn4 .com mentorcentral .net
erlvn5 .com milotynabojavo .com
erlvn6 .com mipituhamys .com
erlvn7 .com misyneqewetypo .com
erlvn8 .com msor72-gate1 .vv .cc
erlvn9 .com mzpupkqo .co .tv
f10 .xl .cx neddhilr .co .tv
f8d3 .net okvmodps .co .tv
findclear .org orrick-media .eu
findstiff .org pacugegyfeheka .com
h94 .org pboysxaj .co .tv
hurdana .cx .cc pijynazerud .com
lawujocot .com pivysegocide .com
legse .co .cc premium-support-2011 .com
macbanners .in premiumsupport2011 .com
mediawork .com qbzaqmse .co .tv
nopirekuz .com rblvsbht .co .tv
paybal .com rowxhoai .co .tv
q9z4 .com rvcxwsmt .co .tv
qubmoviez .com sbzjrszn .co .tv
rappour .in scoregaskets .com
replity .in searchcruel .org
ripplig .in searchgrubby .org
s9w3 .com smartsecuritybox .com
s9w3 .net sositawidapezi .com
sgsge0 .com sweetnovelty .com
sgsge2 .com tesonugixamys .com
sgsge3 .com testosploitron .cx .cc
sgsge4 .com thingortwo .com
sgsge5 .com tikytudububy .com
sgsge6 .com traffic-dc .com
sgsge7 .com trjmytqlnhyovlpv .com
sgsge8 .com vakatesumuhor .com
sgsge9 .com vusysogirebymy .com
sharkpork .com vuvamewakoq .com
smrbr0 .com vyzaraputifyb .com
smrbr3 .com wamikopyzoqah .com
smrbr8 .com wekabamysugamy .com
smrbr9 .com windowsbanners .in
t9i2 .org wkrfgzoc .co .tv
t9i3 .com wkydwlkk .co .tv
t9i3 .org xazofeberus .com
tuartma .in xfrfrwjd .co .tv
uev1 .co .cc xipagymofi .com
uralgaz .ru xisebozenaj .com
uxuvoxogy .com xnnblhid .co .tv
videoskk .org zarqqasx .co .tv
y8r5 .com zhkeinzr .co .tv
yjybocore .com zonsolemonito .com
zapppo1 .org zzxfyrru .co .tv
zyfovubyv .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

More Rogue Security, Zeus, Spyeye, RBN Domains

Posted on June 11th, 2011 in exploit,MoneyMule,New Domains,RBN,rogue antivirus,Spyeye,Trojans,zeus by dglosser

210 SpyEye, RBN,  Zeus, TDSS, bot, exploit domains. Original sources include doc.emergingthreats.net, www.malwaredomainlist.com, www.threatexpert.com (Every source is  listed in the domains.txt file):

0c7k29 .co .cc 8c1b65893ccba911b4d0aa593a8a926f .vplaylink .info
active-scan .com al1-xscript0s .com
askredpoleq .com alfacleanwin .com
b4lry1 .co .cc alghazitractors .com
bestaudia7 .com assbrotherhood .ru
bmetalvs .com bharathiyagurukulam .com
bnavs .com boards .soapcentral .com
bnavsgroup .com buqajoqunely .com
bnavsonline .com cigivasepuxy .com
bnavsxp .com cizubejiwoma .com
bo8l1a .co .cc cleanscanpro .com
ccjava-l0ad .com coldhardcash4us .com
cibabewytyl .com complete-art-group-ltd .com
ciquqamod .com complete-art-uk .net
cknovt .com condor-llc-uk .net
cleartraf .ru condorllc-uk .com
clnovt .com crackrapidshare .net
crackshare .net crackserialkeys .net
cwnovt .com damskezimnibundy .cz
de-kadegroup .cc defender-sdvup .in
defender-tmp .in fapyrypumumuva .com
depotex .com fitevejetety .com
derlsplay .com fosimoxexora .com
dirnaster .com fuhocogupyneko .com
diverthigh .com gexopetoqoco .com
docrealtor .com ghavspacquiao .com
docweds .com google-analitycs .cz .cc
evelismag .info hermes .divinusdeus .net
ewa .kz huzatifizama .com
fabviolu .com hyviwysoqizege .com
fajomowiqy .com ideaidiosyncratic .info
famopaips .com isoftwaretvdownloads .com
fephgobd .com isoftwaretvstations .com
ffickibo .com itunesdownloadstore .com
figumsin .com jexelabexomeco .com
filmome .com jukebox-download-new .com
fugalike .com jukebox-new-download .com
fullkeygen .net juxukupyzemi .com
fuqikabyko .com jynogobefukor .com
gestaded .com kiqevinarelo .com
ghavs .com lejicolyxudy .com
ghavsgroup .com lugecunecaxez .com
ghavsinc .com moxopurarite .com
ghavsonline .com mupesatupukyqi .com
ghavsxp .com net-jaghori .webphoto .ir
h4g5kjhbk3h .com newflash1news .com
howtotws .cz .cc newflash2news .com
iproshare .vv .cc newflash3news .com
itraf .in newflash4news .com
jagbibiv .cn newflash5news .com
joyawpan .com newflash6news .com
juqesumycuz .com newflash7news .com
karbrrbrr .co .cc newflash8news .com
khumemit .cn newflash9news .com
krasava .cz .cc newplayer-downloads .com
lakersavsxp .com newsatellite-tv-forpc .com
lakersnavs .com notimexonline .com
lecuvubaja .com official-2010-version .com
mao .kz official-antivirus .com
marquee8 .co .cc official-online-download .com
mazafaka .w2c .ru official-pdf-2010 .com
mijokoquvon .com official-pdf-download .com
musclescan .com official-pdf-pro .com
mybnavs .com official-pdf2010 .com
myghavs .com official-pdfdownload .com
newbnavs .com official-version-2011 .com
newghavs .com officialbirthcertificates .org
newpdf9 .com officialbirthforms .org
noo .kz officialgreencard .org
nurulicovy .com officialimmigration .org
ohbl .in officialmarriagerecords .org
opera24 .ru officialpdf-2010 .com
overtn .com pacquiaoavs .com
patchcrack .net philippine-embassy .ir
pavahikexu .com piwetyzififa .com
picvance .com pobazepukatyc .com
pyduhomyc .com qibahovybicu .com
q27vqa .co .cc quakearena32 .ru
q714 .co .cc repavukoqipez .com
quickbroom .com rodmi4e .dlinkddns .com
qupasebyve .com ropeqeginora .com
realtraf .ru rs-323-service .ru
s106 .cz .cc ru .coolnuff .com
sisawylum .com rukizypufygejy .com
slmaat .com ryqytobogociw .com
solaraterm .com shadowoperations .co .cc
synduk .ru skyline-antique .com
tarakan2011 .ru skyline-ltd .net
thebnavs .com socawycerumyxi .com
theghavs .com spider-se0rch .com
ultimawin .com squadroshield .co .cc
vanhold .com tedowyhubal .com
vgsinfo .com tesipohycuco .com
vinuko .de thesurfrack .com
w2c .ru topnglchecker .co .be
wap-files .mobi united-trans .org
warez4me .ru vudehebaviwod .com
warez72 .ru vuvodiguqewuxe .com
warez75 .ru wacumohuqos .com
webfrogs .ru wascosafaries .com
woxoqehed .com wepomagidysaky .com
yamarsian .in xedycekycimohu .com
zaqewoqake .com ya-toptal-tvoyu-dushu .com
zdravnadzor .ru zagohitapuzog .com
zlen .ru zearch-lntr0duct10n .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Exploits, iframes, moneymules, rbn, rogue, zeus domains

Posted on May 30th, 2011 in exploit,iframes,MoneyMule,New Domains,RBN,rogue antivirus,Trojans,zeus by dglosser

A little bit for everyone… domains associated with zeus, money mules, rogue security, rbn, zeus, exploits &  trojans. Sources include www.tristatelogic.com, www.threatexpert.com, securehomenetwork.blogspot.com (Every source is  listed in the domains.txt file):

4t7uxaxrg8 .co .be 98dfgr994883798df .com
74l8w .co .cc allston-groupsec .cc
aa2535245 .com arztpraxis-schaefer .de
atca-inc .com bands-groupsvc .com
atcanetworks .net bandsgroup-inc .net
bafihamuxav .com bisyvoqyxymyqi .com
bands-inc .com centrimedicitoscani .it
bandsgroupnet .cc developgroupinc .net
bapyrejecak .com evolvingsysinc .net
barribuza .com ewloidydytgba .co .be
beazenrad .cz .cc eyesecurr327458 .net
beefcake .jino .ru fairbankhouston .cz .cc
c0re .us galleogroupnet .net
ccfjuyut .bee .pl giant-groupinc .com
cnl-groupsvc .com guidopietro .com .ar
cnl-inc .com homeofficeteam .com
cnlgroup-inc .cc imperial-groupinc .com
cnlgroupnet .net imperial-groupsvc .net
cordanrad .cz .cc imperialgroupco .com
cosainse .com infotech-groupco .net
cruelbox .info infotech-groupinc .com
dehozykato .com infotechgroup-inc .com
develop-inc .com keepclean-cvsid .cz .cc
dsnextgen .com lady-gaga-romance .com
evolving-inc .com ladygagaromance .net
execon .kz ladygagaromance .org
firimasa .net ladygagaromancefilms .com
fojexojup .com ladygagaromancetips .com
foo .com lastnightphoto .net
fs8g78f8dduf .com loading-v-045 .cz .cc
fujoresaw .com loading-v-506 .cz .cc
galleo-inc .com lolitasexmovies .com
giant-groupco .net magnet-groupinc .cc
giant-groupnet .cc mexigawarynode .com
giantgroupinc .com myfreewebspase .info
host-groupsvc .net neframeofwork .com
hostgroup-inc .com netmarket-inc .com
hostgroupinc .com netmarkettech .net
hostgroupnet .cc novaris-groupllc .tw
ict-groupco .com novaris-grouporg .cc
ict-groupsvc .net novarisgroupmain .tw
ictgroupinc .com nymemuhoseran .com
ictgroupnet .cc ofsrtndmcxcsoexq .org
inkmoduledso .com online–access .com
jacumegekij .com online–products .com
johunyniv .com online-2011-version .com
juqupybocuto .com online-antivirus-protection-reviews .com
jvc-inc .com online-downloads-2010 .com
jvcgroupnet .net online-football-channel .com
kaliberdapod .net online-new-version .com
leducivudadyj .com online-tv-access .com
lopiuy .com online-tv-access .net
marihuqavigyt .com online-tv-on-pc .com
mercy-inc .com online-tv-on-your-pc .com
mercygroupnet .net online-vital-records .com
myspeezo .ce .ms online-web-download .com
narod-photo .ru online10flash .com
nastymomvids .com online11flash .com
nicynajomypy .com perseus-groupfine .tw
nixecynuho .com perseus-groupinc .tw
o18j38 .co .cc perseusgroupllc .cc
on3news .ru protest-west2011 .co .cc
on4news .ru ricogodobekax .com
on5news .com savvi-investments .com
on5news .ru scanner-ant-iv-xp .com
on6news .com scanner-win-protection .com
on6news .ru scanner-win-stuff-protection .com
on7news .ru scannerantbiteivxp .com
on8news .com scanneranthillsivxp .com
on8news .ru scannerantivirsoft .com
on9news .ru scannerantivirsoftdrink .com
online10news .com scannerantivirsoftdrinks .com
online10news .ru scannerantivirsoftlanding .com
podojykofogu .com scannerantivirsoftrock .com
pornopet .com scannerantivirsoftspot .com
pozefybop .com scannerantlionivxp .com
pranza .com scannerprotectiondogsfree .com
qazomequguca .com scannerprotectionofficesfree .com
qozohyhobuci .com scannerprotectionwin .com
rapekids .com scannerprotectionxp .com
sanstag .com scannerwingamesprotection .com
scannerantiv .com scannerwinprotection .com
serpbe .net sexteachervids .com
tun4atta .in simplychasinasis .com
usbirthforms .org smackbitches .hostding .com
usfoodstamps .org solarisgroupinc .com
usi-groupinc .net solarisgroupnet .net
usigroup-inc .com symihyceqemexo .com
usigroupinc .com tomiya .sites .uol .com .br
usigroupnet .cc track .upsclients .org
usvaforms .org ultra-gamesdownload .com
utorant .com ultragames-download .com
utorint .com unlimited-downloadcenter .com
utorrint .com unlimited-mediaaccess .com
uzldzzzeo3 .co .be unlimitedconsole-games .com
vaforms .org unlimiteddownloadcenter .com
vallesoft .com unlimiteddownloadnetwork .com
vital-groupco .cc unlimiteddownloads-center .com
vital-groupco .tw unlimitedgame-downloads .com
vtbew .info unlimitedgames-downloads .com
weriloxoro .com unlimitedmedia-access .com
wu2d .com unlimitedmultimedia-access .com
xymasehyfi .com us-legalforms .org
z9r2 .com us-vital-records .com
z9r4 .com usmarriagerecords .info
zao1 .cz .cc vancouver2010-olympicsonline .com
zepa6hr6jk .co .be victorymarketing .info
zfdim0u06t .co .be vital-groupinc .tw
zoo4arab .net

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…