Feed

RBN, Rogue, koobface domains

Posted on May 25th, 2011 in koobface,New Domains,RBN,rogue antivirus by dglosser

330 domains associated with RBN, rogue/fake AV and other maliciousness were added. Sources include emergingthreats.net, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file):

afiveless .com americanpoloavs .com
aievb .com analyticgoogle .net
antispyst .com avsblcamericanstatecan .com
antispyst .net avsblcksplayoffs .com
avblckscan .com avsdixieland .com
aveesca .co .cc avsgreenscangroup .com
avgreenscan .com avsgreenscaninc .com
avkok .com avsgreenscanonline .com
avkokxp .com avsgreenspassword .com
avless .com avslessgroup .com
avoffxp .com avsoffxpgroup .com
avoops .com avsoffxpinning .com
avs-jazz .com avsoffxponline .com
avs-jive .com avsxpoffgroup .com
avs-music .com avsxpoffonline .com
avs-swing .com basydiduwahaw .com
avsa-daisy .com beachpoloavs .com
avsblckscan .com betakywaxekof .com
avsbluescan .com bigoxefyfaluh .com
avsdon .com bipakypusiby .com
avsgo .com bozygawunefi .com
avsgreencan .com bucoqypynynej .com
avskok .com cajikohinele .com
avskokepub .com cheappoloavs .com
avsless .com computerplaces .info
avslessinc .com cuneqyqetyroj .com
avslessnail .com custompoloavs .com
avsll .com cynyhafyzetov .com
avsllgroup .com dadesignlive .com
avsoffxp .com deletevsgreenscan .com
avssorry .com diwamajucovy .com
avsxpoff .com dytebyhekaqa .com
avxpoff .com eyeavsexamine .com
babisotot .com eyeavsscanonline .com
bakubuniho .com eyeavstaylor .com
baxivenom .com eyereaderavs .com
betavs .com eyereaderavsxp .com
betavsgroup .com eyescannerav .com
bikepoloavs .com eyescanneravs .com
blowavs .com eyescanneravsgroup .com
bnetns .ru eyescanneravxp .com
boxisosypi .com fifotojylahe .com
bytypupecex .com filteringlavs .com
cacirowec .com fohohovugoredo .com
cagolasevaj .com gasavsonline .com
califepro .com gavorydigejizy .com
capurasaf .com gilebifabusexa .com
cilybodyd .com giwomylywokof .com
cudokopipi .com globalpoloavs .com
cygogonabeq .com hawaiipoloavs .com
danoduc .wo .tc hebypudukotih .com
dihisalyh .com inningavsxpoff .com
dowemawema .com inningvsoffxp .com
eacvb .com jojevijehajyx .com
eievb .com jywujodocivine .com
eonvb .com kilumixefiki .com
epubvskok .com lakersscanneravs .com
eyeabscan .com lessavsonline .com
eyeavscan .com llanorthwestern .com
eyeavsscan .com logapacquiao .com
eyeavssee .com logavsonline .com
fakovuhuju .com lutheranantivirxp .com
foqadobyve .com lutherantivirxp .com
fyhykubux .com lysocoharogyg .com
gasavs .com lywicoxyvuby .com
gasavsgroup .com m00vable-fiesta .com
gasicekymas .com myavsblckscan .com
geduhijykes .com myavsgreenscan .com
gidewuboler .com myeyeavsscan .com
gilodivere .com myeyescanneravs .com
goinprivate .com mywinantivirusxp .com
h3456345 .cn nabubymepicizu .com
hifoqaxinaj .com newavsblckscan .com
hupnb .com newavsgreenscan .com
jocusacegir .com newavspridewin .com
jukecoruvut .com neweyeavsscan .com
kesykijigut .com neweyescanneravs .com
kyqegovujug .com nodihykyhopyz .com
lessavs .com nupecehededave .com
lessavsinc .com pacquiaologavs .com
lettervs .com passportantivirusxp .com
lidvb .com passwordavsgreenscan .com
llavsonline .com passwordvsgreenscan .com
logafive .com pipugodupexug .com
logav .com playoffsvsblckscan .com
logavs .com poreavsgroup .com
logavsgroup .com poreavsonline .com
logavsmanny .com premiumantivirusfreescan .com
loseavs .com premiumfreescan .com
luqotazih .com pulirutugeqaf .com
mannyavs .com punanufawenyk .com
mannybetavs .com qikawykytapysy .com
mavsloidol .com qixaxyrujuqici .com
mecaqyvupi .com qukocacilogoti .com
mezibehab .com qyfimeluxeqok .com
mufobapix .com recabikixyse .com
myavsboom .com rinepigelowot .com
myavsdam .com rugabujotidil .com
myavsoffxp .com ruvahekamefan .com
myavsxpoff .com seiningcarno .co .cc
mybetavs .com sixihyqecyfuku .com
mygasavs .com snailessavs .com
mygolavs .com sonycojaqowik .com
myllavs .com syfurojoxereku .com
mylogavs .com tayloravsscan .com
myporeavs .com tedowuveqakej .com
mywinavs .com theantivscanfree .com
ncaaavs .com theavsblckscan .com
newavsboom .com theavsgreenscan .com
newavsdam .com theavsoffxp .com
newavsll .com theavspridewin .com
newavsoffxp .com theavsxpoff .com
newavsxpoff .com theeyeavsscan .com
newbetavs .com thewinantivirxp .com
newgasavs .com tinocusebawu .com
newgolavs .com tsunepspatiz .co .cc
newlessavs .com tumevamusytoc .com
newllavs .com turezidejuzok .com
newlogavs .com tutupeqyrar .com
newporeavs .com tycalinumijotu .com
newwinavs .com tytunajilac .com
nihedimes .com vadyrokufubu .com
nupnb .com vefyqylepahuga .com
oilavs .com vekoxarotucev .com
owavb .com vepizujefewa .com
piavb .com video-playerpro .com
polossavs .com vikitarurepuq .com
poqacelufeq .com viraltraffic-guide .com
poreafigure .com virustest01 .cz .cc
poreav .com vivasidasaves .com
potasajic .com voice-ip-download .com
puvepydilaj .com voip-2010-download .com
qatijoxuna .com voip-2010-new-download .com
qovukezur .com voip-2011-version .com
ranamujesu .com voip-access-now .com
rhpavsxpoff .com voip-new-online-download .com
rhpvsxpoff .com voip-official-download .com
ronadosim .com vovyjaryguwu .com
rsravs .com vywobohexinipa .com
salysymyp .com waginujiwoha .com
savicypacy .com watch-football-tv-live .com
seekartists .com watch-hd-movies-online .com
semuvajako .com watch-hockey-online .net
sobudajib .com watch-hockeyonline .com
taxhiking .com watch-live-2010-football .com
theavsboom .com watch-online-basketball .com
theavsdam .com watch-online-boxing .com
thebetavs .com watch-sports-network .com
thegasavs .com watch-superbowl-online .com
thegolavs .com watch-ufc-live .com
thelessavs .com watch-ufc-online .com
thelogavs .com watchonline-football .com
togizypad .com website-support .ru
tuwifotiju .com wedytatuxug .com
vehepumac .com wenomepodipiby .com
virafix .com wiqesidavevod .com
vkodewol .cn wirybidyzufij .com
vsefurug .cn xeruraxagum .com
vtuyocew .cn xifuzakotyk .com
wetyotix .cn ximeqeteporaco .com
wihoraqite .com xisohyrydily .com
wupnb .com xynixucujeduru .com
xajizukoxo .com zizudadidura .com
yupbn .com zizyhaqizod .com
zyejanag .cn zymaqamusowibu .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Phishing domains, fake codecs, rogue security sites to block

Posted on November 15th, 2008 in fake codecs,New Domains,Phishing,RBN,rogue antivirus,sql injection by dglosser

Phishing sites,  fake security sites, rogue antivirus domains, and other domains you don’t want visiting your network or computers. Sources include www.abuse.ch, ddanchev.blogspot.com, blog.trendmicro.com, www.malwaredomainlist.com, and others:

07load .us filmstvouty .info
mtdl .tk google-analystic .net
ltdl .tk google-analyze .com
3876373tr .org 1federalreservebank .com
3traff .cn asecurevillage .com
4-seacher .ru mmcounter .com
aaqarkznvb .com 1securitycenter .com
absolutepatience .com naszza-klasa .cn
aglobaltoolbar .com onlyiesettings .com
antinameserv .com antispyware-xp2009 .com
panelstop .cn antispywarexp-2009 .com
pavelmoous .ru popokimoki .com
tkdl .tk productthere .ru
as-xp2009 .com reservpptppp20 .ru
traff .asia reservpptppp7777 .ru
asweatpage .com securefileshredder2009 .com
asxpnames .com securefilesshred .com
mangust32 .cn securefilesshredder .com
av-pro-2009 .com antivirus-freescan .com
av-pro2009 .com topregistrydoctor2008 .com
axa1 .cn autosellergroup .com
axa3 .cn treasurydepartment .net
beshragos .com ultraantivirus2009 .com
burimilol .net us-bankconnect .net
busyhere .ru us-bankers .com
citibank .nm .ru us-bankers .net
cosmo6766 .ru us-securebanking .net
cosmo9998 .ru usbanker .org
d3m0n .jino-net .ru usbanksecurities .net
ddtfff .ru usfedreserve .net
dtdl .tk virus-labs2009 .com
fdic-secure .org virusremover2008plus .com
fdicbanks .net walers .tk
fdicorp .org websafenotice .com
fed-reserve .com win-system-support .com
fed-reserve .net fedreservesystem .com
ygvtf .com youtube .watch .hotru

Contact us if you want to help us keep the Malware Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Malware Blocklist Update Sept 07

Posted on September 7th, 2008 in asprox,fake codecs,New Domains,RBN,rogue antivirus,sql injection by dglosser

Over 20 new domains to block. Sources: sandnet.emergingthreats.net, www.siteadvisor.com, malwaredatabase.net, and others.

0scan .com malafikarubik .ru
1480et258 .com pxyj .com .cn
9u9u9 .cn securityscannersite .com
bokee .com ugm-records .de
cdm1djeni .com videotubezone .com
dr-mickel .de win-xp-antivir-hqscanner .com
vwsc .ru xiaxia12l .com
ibyebecd .com xp-protections .com
jiayimarket .com xp-registration .com
jic2 .ru xp2008-protect .com
lloydsterm .com zonephp .com
ssa387 .cn dsfswweas .com

Contact us if you want to help us keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/filesBOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Rogue antivirus, asprox, rbn domains: add to blocklist

Posted on August 17th, 2008 in asprox,New Domains,RBN,rogue antivirus,sql injection by dglosser

Rogue antivirus, asprox, rbn domains to add to your blocklist. Sources:
blogs.zdnet.com, rbnexploit.blogspot.com, safeweb.norton.com, and others:

3gigabytes .com googlecomaolcomyahoocomaboutcom .net
3njx .ru guagaga .net
ujnc .ru hirza .net
a814 .cn i56web .org
acs86 .com idolhotels .com
okcd .ru jckxjcux .com
adwarealert .com a-nahui-vse-zaebalo-v-pizdu .com
nbh3 .ru mgconstrucoes .com
bcus2 .ru adware-download .com
bluexzz .cn windows-scanner2009 .com
paiuuag .net byronadvertising .eu
cb3f .ru antivirus-2009-pro .com
ccuuuag .biz pizdos .net
cnld .ru registryupdate .org
cv34 .co .uk scforum .info
db23 .co .uk stopgeorgia .info
ewwxbhdh .com stopgeorgia .ru
favoredtube .com toksikoza .net
givuifib .com google-analysis .com
ohueli .net vavscan .com
killgay .com yandexshit .com
yuku .com worknssrv .cn

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

Huge 500 domain update

Posted on March 29th, 2008 in New Domains,RBN by dglosser

Added over 500 domains from webhelper’s coolwebsearch list. Too many to list here, view the updates here.

Defense in Depth: IP and Netblock Blocking

Posted on March 25th, 2008 in Domain News,RBN by dglosser

A single solution will never catch all spyware and malware. A layered, defense-in-depth approach is needed. This includes antivirus/antispyware protection, proxy servers, domain blocking via blackhole-DNS, and blocking by IP addresses and netblock.
Blocking by IP address or netblock is a compliment to any domain or url-based blocklist*. Here is the story of one ISP who blocked known RBN netblocks.

Here are a few IP lists to consider:

If you know of any other high-quality lists, please contact us and we’ll summarize.

* Yes, we understand that some valid sites may be blocked. Any blocklist needs to be frequently-updated to reduce  the blocking of legit sites….

80 New Malware Domains to Block

Posted on March 15th, 2008 in fake codecs,New Domains,RBN,rogue antivirus by dglosser

80 new domains associated with malware, from various sources:

01478963.com 0339106262.co.jp
3000tvchannels.net 360-share-music.com
360share.cn 360share.net
360sharepro.com acrobat8download.com
acrobatdownload-ib.com ad-zero.com
adobe-reader-it.com adobeacrobatpack.com
adobeacrobatreader-8.com adobepack.com
adultmoviesmembersarea.com adwarepro.com
adwarepro.org alguiennoteadmite.com
alm7tas.64mb.org antivirus-ib.com
antivirus-panda-suite.com archive.easydownloadsoft.com
arqtxthost.extra.hu arquivos.pop3.ru
assuntosnow.extra.hu awnn-efvz.com
bankdiyed.cn bimoo.com.cn
blase.tu1.ru build-myspace.com
caiyi8.com carlosassociacao.com
cash-point.co.kr cash5678.com
cashbagmoll.com cashengines.com
cashslinger.com ce.83195900.cn
centerkras-tv.biz cevapcic.eu
cybertvpartner.com dvd-codec.com
free-download-center.com free-satellite-network.com
free-spybot.com gogo52o.com
hamakarin.ch interactivebrands.com
intrich.com kh4l3d.net
kit.net kv8.info
maxyouripod.com mcafee-antivirus-2007.com
mcafee-suite.com mcafeebundle.com
mcafeepack.com mizane.com
mp3downloading.com mybil1.com
mybil2.com mybil3.com
mybil4.com mybil5.com
mybil6.com mybil7.com
mybil8.com mybil9.com
netmp3downloads.com panda-2008.com
panda-anti-virus.com panda-antivirus-2008.com
pandaantivirus-2008.com pandaantivirus2008.com
pandasecurity2008.com sexoffender-registry.com
sqmnoopt.com themusicsmembersarea.com
unifi5h.com xingaide8.cn

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format