Feed

Domain Removal: vadino.com

Posted on October 31st, 2008 in Removed Domains by dglosser

vadino.com has been removed.  Please update your blocklists ASAP.

About 100 malicious domains to block…

Posted on October 26th, 2008 in asprox,Domain News,New Domains,rogue antivirus,sql injection by dglosser

Sources: s3cwatch.wordpress.com, www.malwaredomainlist.com, www.abuse.ch, www.threatexpert.com, www.matchent.com, and others:

09init .eu cleaner2009pro .com
1config .tw antimalwaresuite2009 .com
1parse .in momocortes .com
22cmd .jp ninonem .com
jmlrmg .com online-scan .net
24conf .mobi online-virus-scanning .com
25cat .tk regect .mobi
25user .tv alisiosanguera .com .cn
2share .asia s-avir2009-buy .com
32reg .be s-avirus2009 .com
39icmp .gs sa-vir2009-buy .com
47mode .name sani .cn
4aspssl .cc securebbb .com
6700 .cn 22ewrowieu210205 .com
6secure .gs sslput7 .gs
7ipsec .mobi st37 .name
81dns .ru cndatingforyou6 .cn
8netcfg .tv touchnfeel .kr
93vbs .tk tubity .com
loadnew .com unerixs .com
siteid9 .cc univnext .cn
appid1 .be updatingwindows .com
bberimc .com urgentnews30 .cn
berjke .ru urgentnews31 .cn
binrye .com datingforyou6 .cn
cache6 .in verynicejob .info
cbp7t .cn virus-scan-online .com
cl-amg-63 .com wbh-provider .com
repluy .com database-virus .com
client7 .tk whywelive-success4 .cn
wepykot .com windowsvistasoft .com
tmp68 .ws winxpdownloadcenter .cn
usssr .cn workpartnners .info
datinrelax8 .cn world-widinnovation .com
fgienrsi .com worldbakers .com
go-iascan .com worldsecret .ws
go-scan-pro .com woshow11 .cn
goscanpc .com xpas-2009 .com
grand-sale4 .com zmonstergov .cn
hit32 .jp zslogs .info
ia-free-scanner .com zsoforoms .cn
ia-install-pro .com zworksoftware .cn
ia-scan-now .com internet-antivirus-2008 .com
ia-scan-pro .com internetquarantinesite .com
ia-scanner-pc .com datingfromsms3 .cn
ia-scanner-pro .com datingsmsvideo9 .cn
ia-scannerpro .com datingweekend4 .cn
ia-scanpro .com datingweekend5 .cn
ia-stat-ia .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

More domains to block..

Posted on October 21st, 2008 in asprox,New Domains,rogue antivirus,sql injection by dglosser

sql injection, trojans, warezov, rogue antivirus, fake porntube domains.
Sources: www.f-secure.com,  www.malwaredomainlist.com, www.abuse.ch, and others:

bbexe .com peterharris .com .au
s3rvak .com planet-bitch .de
sh-cap .net porttw .mob
rid54 .eu regionaliste2008 .la
strazny .cz rhenjqljvty .org
tid84 .mobi do-make-progress .com
do-powerscan .com ronin08 .cn
do-progress .com do-managed-scan .com
do-step-scan .com s800qn .cn
do-stepscan .com safe .com .ve
vrelel .ru scanner-protection .com
utl-jobs .com seowrz .ws
dopower-scan .com domonster-progress .com
dostep-scan .com sitevgb .ru
europalitra .ru spidergame .us
grep .ws srq3h .com
hanrou7 .cn steelrains .info
ias-jobs .org steinbergyasociados .com
korkdevelopers .com stokshot .cn
localhost-2 .com do-power-scan .com
wow088 .com stress-relief-tips .net
me1me .cn superpaylink .com
mp3for-you .com suspendeddomain .cn
nswpower .com tdimc .com .ar
odros .com domonster-scan .com
online-antivirus .net marsdenpilgrimages .com .au
opilired .cn do-monsterscan .com
orchestragruppo70 .it do-monster-progress .com
pcdefender2008 . com xinhuanet .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

80+ domains to block

Posted on October 19th, 2008 in asprox,Domain News,fake codecs,New Domains,sql injection by dglosser

rogue security sites, fake porntube, asprox, and more. Sources: sunbeltblog.blogspot.com, www.threatexpert.com, malwaredatabase.net, and others:

    0query .name ahomepagepark .com
    12cfm .tv asecurenotification .com
    2redir .co .uk brassnuts-brassbolts .com
    30area .ru columnacafenegro .com
    34java .in decomarmolcuenca .es
    4log-in .ru defendmycreditunion .org
    53refer .ru danacompany .ru
    74path .gs ddellywwear .com
    75main .jp easyconsultingltd .com
    a311 .ru fauteuils-massage .fr
    ahleinaks .ru fincaschicote .com
    bordak .izi .su folder7 .be
    ang42 .ru free-6-fuck .info
    apps59 .us freedom2mind .cn
    comtaple .net garagentore-frawia .de
    asembli .com granadapadel .com
    bilbobalbo .biz granjasdongil .com .mx
    bitmaker .us hallenfussballfestival .de
    counthum .info internet-systems .info
    cxdgl .com howtoiexplorer .com
    burjuyam .net ietoolsupdate .com
    chk06 .ru mobilecontact .com
    d3m00n .net momoelectronic .com
    daka .hr moviendola .com
    deltauk .info neisen .ema .lv
    dmatca6 .org netcfg9 .ru
    domain12 .net nitro-zmei .cn
    domain31 .ru noisedetection .cn
    driver95 .ru protectiontoolbars .com
    drudka .info scdesktopicons .com
    ecapeskcab .com whyisdnserror .com
    ejeg .biz lastchronicle .com
    errghr .ru mailzz .net
    irq0 .mn mazahacka .org
    geoteam .sk medialibsms .com
    gerosname .cn jorgelopezdj .com
    gonzoltd .com labelfreak .com
    good412 .com lang42 .ru
    greatzus .net gaudihouse .com
    handballfondi .it jhgpq .com
    iliili .zslogs .info jngrn .biz
    indiborge .tv

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Domain Removals

Posted on October 17th, 2008 in Domain News,Removed Domains by dglosser

The following domains have been delisted:

yuku.com,  yobt.com, yobt.info, yobt.net, yobt.org, yobt.us

Please update your blocklists.

Another 115 domains to block

Posted on October 13th, 2008 in asprox,New Domains,rogue antivirus,sql injection by dglosser

rogue antivirus sites, asprox, trojans, and other nasties. Sources: ddanchev.blogspot.com, ddanchev.blogspot.com, hosts-file.net, and others:

av2010 .net righthandup .org
livesoftsupport .com rocktheads .com
lopiures3713 .com mistikotitatuipologisti .com
servposte .net sabpolies .com
spoti .us sanaltahrip .org
megatradetds0 .com secureclick1 .com
megsrdomain .cn seopharmacy .com
minnesparere .com medicineonlinestore .com
rsspnet .ru simplefreedns .com
mjkm .ru sittinghereona .com
mobposte .net slrvip .com
mode85 .cc smenposte .us
ssl63 .name softwaretitle .com
mypharmshop .com sornor .biz
nameself .com spbpolveni .us
nebattoti .com megantivirus2009 .com
nefrti .com spyware-buy .com
nevpost .com spywareinvader .com
ninjtz .com pcprivacycleanerpro .com
nmli .ru passwordinspector .com
nslposte .net oczyszczaczkomputerza .com
sslid8 .bz online-malwarescanner .com
okla .ru sslpostedll .com
tfsol .org prettyblondywoman .com
sslnet6 .ws sslweb9 .us
sslcom6 .tk startdedicated .com
ospetroglifos .com startwarez .com
page73 .be onine-antivirus-09 .com
stub12 .mobi multibrand-shop .com
suvcnt .com t-online .hu
pctv4me .com onlinexpsecurity .com
pctv4u .com the-format .cn
peposte .us totaltorture .com
pharmacy-eur .com pharmacyeshop .com
trap17 .com reparateurdesysteme .com
picaposte .net trustedpaymenssite .com
pljfo .com uk-web-hosting-services .net
podavanda .cn ultimate-anti-virus .com
popadprovider .com un-secret .com
postecit .com unitycard .net
posteonline .us x-muiste .com
postepsoe .com winupdates-server .com
uzrwvzfe .com vadino .com
prevedmarketing .com vcdrwyia .com
qualitypictures .net videovideoiditenah .com
r2d2adverising .com virtualbambiland .com
regtime .net volchara .cn
reinviadati .us xp-antispyware-2009 .com
traffalo .com xp-as-2009 .com
revohosting .com web-checkout1 .com
uusee .com web-help247 .com
sslput3 .cc xp-antispyware2009 .com
vrtjl .com xpantispyware-2009 .com
vtrs .us yourgamblingzone .com
xuixui .net youpornzztube .com
xxxgra .biz xpas2009 .com
xpprotector .net zappinads .com
yjytuv .net

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Over 90 new domains to add to your blocklists

Posted on October 9th, 2008 in asprox,New Domains,sql injection by dglosser

 A bunch of asprox domains, some trojans, and other nasties. Sources include www.abuse.ch, ddanchev.blogspot.com, www.matchent.com:

    23html .ca fluxmarketing .net
    30plusbill .com fluxnewsletter .net
    34hit .us fluxpay .com
    37id .tv fluxpay .net
    38lang .tk form64 .tk
    47sid .co .uk ftp5 .name
    4stream .tw fulldownloadcrack .info
    6func .gs furely .ru
    7func .ca fuxads .com
    7get .tv gavai-pegc9 .ws
    7hex .in gdi24 .tw
    7stat .in get31 .us
    84type .net giftsforzips .com
    8frame .in go93 .name
    8host .jp gradul .ru
    9hostid .cc grtsg .us
    9store .ca hedym .ru
    acthkqyzex .com hex72 .me
    anti-virus-pro .org hit12 .tv
    antispyalerts .com hiwmjqsn .com
    artella .biz hnjzluwh .com
    baran-eblan .info host15 .tw
    bcrrfwygup .net hosting-4 .ru
    bdydcketn .com hq-pharmacy1 .com
    bestrezult .com hq-pharmacy2 .com
    bestsearch3 .com http76 .bz
    blyapizdets .info ilookgoodpale .com
    c88a .cn inac .com
    cid74 .in internetserviceteam .com
    dnsba .com inviadati .com
    fluxbucks .net jjwky .us
    dsredirection .com joksh .ru
    dsxc .ru justfree .com
    kexlup .ru do-scan-progress .com
    ecotopo .com .au keyclubs .cn
    edatamedic .com klanklan .in
    edgmdxtr .com lipobpolvean .net
    errordigger .com extremeintelligencesoftware .com
    everif4sale .org flucksbucks .net
    everifcyber .org fluxads .net
    everifforsale .com fluxadvertising .net
    extrabilling .com fluxbuck .net
    listaz .ru fluxbucks .com
    fluxbux .com fluxezine .net
    filerd .com easyvideoaccess .com
    flucksbuck .com festplattenreiniger .com
    flucksbuck .net  

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

How you can help to keep the blocklist current

Posted on October 8th, 2008 in New Domains,Removed Domains by dglosser

Many people have asked how they can keep the blocklist current.   Here’s one way you can help:

  1. Download the domains.txt file and open it in a spreadsheet. Make sure each field is in a separate column.
  2. If the first column contains a #, ignore it. That domain has been delisted.
  3. If the sixth column (column F) contains a date, ignore it. That domain has been reverified.
  4. If the fifth column (columnE) contains the URL “www.spywareinfo.com/~merijn/junk/cws_domains.txt” or “www.millersmiles.co.uk” then that domain needs to be reverified as still containing or associated with malware.
  5. Pick a few domains from the third column (column C). DO NOT VISIT THOSE domains!!
  6. Type the domain name in a major search engine (such as www.google.coma/search?q=paypalz.net+malware). See if there are any recent links or mentions by a major antivirus company or sandbox.
  7.  Check the domains against siteadvisor, google safe browsing, linkscanner, trustedsource, and other reputation services. (let me know of your favorites, I’ll post them in a later post).
  8. If you are satified that the domain has been “clean” for at least 2 years, let us know and we’ll delist it. It’s to everyone’s benefit to eliminate false positives or old domains. Thanks!

70 new domains to block: asprox, rogue security domains

Posted on October 4th, 2008 in asprox,fake codecs,sql injection by dglosser

over 70 asprox, rogue security, and other malware sites to add.  Sources: www.matchent.com, www.malwaredomainlist.com, www.siteadvisor.com, and others:

3ntdll .tv drv68 .tk
4driver .cc drv9 .mobi
4object .ws dwnld1 .com
52exe .us e-antiviruspro .com
5netmsg .cc eantivirus-payment .com
5offset .bz nochanceforvirus .com
6domain .bz nocompromaat .com
7driver .be almostgayvideo .com
7import .tv antimalware2009 .com
7ntio .mobi antimalwareguardpro .com
8encode .be antispyware .com
8event .ca bestantivirusscan .com
adwarekiller .net bestdownloadsoft .com
adwrss .com evidenceeraserpro .com
alianzaviva .net ggoocom .com
obj8 .name google-counter .net
oem61 .co .uk pcprivacycleaner .com
ole17 .net pcturbopro .com
pcantispy .com protectdownloads .com
bar-moscow .ru securedownloadcenter .com
html3 .tk spaentri .com
http8 .us spywareguard .com
icmp5 .bz inet9 .name
ide72 .ws meyolev .com
doc62 .name mitroces .com
doc63 .name neopingoo .org
drmyy .cn nesco-online .co .uk
edit7 .us nesco-online .eu
edit84 .in bestguardownload .com
ekerberos .com digipayments-soft .com
en-us3 .us storageguardsoft .com
en-us9 .tw vassariumbig .com
err7 .asia virusremover2008 .com
err83 .mobi zeprod .ru
esthost .eu hit15 .mobi
host8 .asia

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Using the Blocklist? Let us know!

Posted on October 2nd, 2008 in Domain News by dglosser

We have no idea how many companies or institutions are using the dns-bh blocklist. Please let us know if you don’t mind.

If you want to remain anonymous, send us an email from a gmail or other account with something like “we are a public school in chicago”, “we are university in NYC”, or “we are a small company with 200 users in the UK”.  Please include HOW you are utilizing the blocklist – adding to a proxy server,  dns server, etc.

Also,  let us know if you don’t mind if your affiliation is made public.

This is information gathering only – there  are no plans to charge for use of this list (as long as you don’t make money off of it).

Also, please remember that there are hosting and other costs associated with this service. Please donate whatever you can. Thanks.