Feed

370 new malicious domains added

Posted on December 31st, 2008 in fake codecs,New Domains,rogue antivirus,sql injection by dglosser

Many Many new domains, most from Symantec’s writeup of the ms08-067 exploit (Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).):

aaidhe .net amcfussyags .net
aamkn .cn amzohx .ws
abivbwbea .info apaix .ws
aiiflkgcw .cc argvss .info
arolseqnu .ws kjsxwpq .ws
asoidakm .cn kkrxwcjusgu .cn
atnsoiuf .cc knqwdcgow .ws
avweqdcr .cn koaqe .cc
kodzhq .org axaxmhzndcq .cc
barhkuuu .com kqjvmbst .net
bbuftxpskw .cc kufvkkdtpf .net
bdykhlnhak .cc kxujboszjnz .ws
bdzpfiu .biz lagcrxz .cc
bijkyilaugs .cn lawwb .com
bjpmhuk .ws lbdfwrbz .net
ljizrzxu .cc bmmjbsjidmt .com
bzagbiwes .cc lmswntmc .biz
carse .cn lotvecu .com
cauksxf .biz cpeadyepcis .biz
cfhlglxofyz .biz lxhmwparzc .ws
cinsns .cc lyamwnhh .info
ciynbjwm .com mciuomjrsmn .cn
cljivsb .biz mdntwxhj .cn
lplsebah .cn meqyeyggu .cc
cqnxku .ws mfigu .cn
ctmchiae .ws mimdezm .biz
cxjsy .net mkdsine .cn
czkdu .net mmtdsgwfa .net
dbffky .cn mouvmlhz .cc
dgbdjsb .com mozsj .biz
drpifjfxlyl .ws mpqzwlsx .ws
dtosuhc .org msvhmlcmkmh .biz
duahpzq .org mtruba .ws
dwrtwgsm .cn myrmifyuqo .biz
dyjomzyz .com naucgxjtu .ws
earuldx .cn ncwjlti .cn
egqoab .net nertthl .net
egxbsppn .cn nnxqqmdl .info
ehkvku .cn nuxtzd .cn
elivvks .net nxvmztmryie .ws
emxmg .info nybxvgb .net
eobvidij .org nzsrgzmhay .net
erwojl .org oadscrk .org
evqvmwgw .cn oezepyh .info
ewioygq .biz ojrswlg .net
exxkvcz .cc olgjkxih .org
ffaqk .info omqxqptc .ws
fhlwov .net ooudifyw .cn
fitjg .net opkawiqb .cn
fkhbumne .info fknacmvowib .cn
oqsfz .ws fmdsqasqm .net
orvfkx .cc otoajxfn .net
fmgcjv .cn oxeeuikd .net
fpljpuqp .info oyezli .com
pfath .info fsrljjeemkr .info
fthil .cc plsexbnytn .com
ftphtsfuv .net gbmkghqcqy .net
gbgklrka .cc psbdfflh .cn
poplie .cc qfmbqxom .ws
gbxyu .ws qjvtczqu .com
gezjwr .biz qpcizvlvio .biz
gjbwolesl .info qslhoks .cn
glkzckadwu .biz qtcnfvf .biz
gmvhjp .ws gutvjbektzq .com
gsvrglz .cc qzktamrsgu .cn
qtsnk .cn rbhixtifxk .cc
gwtqx .cn hbyzvpeadkb .net
rccoq .net rgievita .ws
hewdw .ws rlrbqpxv .org
hjcxnhtroh .cn rozhtnmoudg .cc
hltowx .com rpsctacalyd .cn
hqjazhyd .com rrmkv .com
hrmirvid .com rtpuqxp .net
hudphigb .org rtztoupc .net
hvagbqmtxp .info satmxnz .ws
idvgqlr .ws sbtalilx .com
ihnvoeprql .biz sdjnaeoh .cc
iidqkzselpr .com sirkqq .org
ijthszjlb .com sjkkfjcx .biz
iklzskqoz .cn sjkxyjqsx .net
iqgnqt .org stmsoxiguz .net
iqrzamxo .ws tdeghkjm .biz
isjjlnv .org tkhnvhmh .biz
iudqzypn .cn tmdoxfcc .org
iyfcmcaj .cn torhobdfzit .cc
jayrocykoj .ws trdfcxclp .org
jffhkvhweds .cn tscmbj .net
jfxcvnnawk .org tuwcuuuj .com
jgrftgunh .org txeixqeh .biz
jguxjs .net uazwqaxlpq .info
jhanljqti .cc ubxxtnzdbij .com
jhvlfdoiyn .biz ucnfehj .org
jjhajbfcdmk .net uekmqqedtfm .com
jkisptknsov .biz uhtmou .ws
jknxcxyg .net uoieg .ws
jlouqrgb .org uttcx .net
jpppffeywn .cc uyhgoiwswn .cc
jradvwa .biz uyvtuutxm .cn
juqsiucfrmi .net vfxifizf .info
jvnzbsyhv .org vupnwmw .biz
jxnyyjyo .net vzqpqlpk .ws
kaonwzkc .info waeqoxlrprp .org
kdcqtamjhdx .ws wdrvyudhg .cc
kgeoaxznfms .biz wediscbpi .org
kihbccvqrz .net whgtdhqg .net
kimonrvh .org wkstxvzr .org
xeeuat .com wmrgzac .info
xhazhbir .biz wnwqphzao .info
xjnyfwt .org wsajx .com
xlrqvoqmsxz .info wskzbakqfvk .org
xqgbn .cn wtngipaynh .info
xwrrxwmo .cc wumvjpbbmse .cc
xxabrkhb .cc wuzunxevor .info
xxmgkcw .cc wwftlwlvm .org
xxxxgvtaa .com xcncp .info
ybbfrznr .info zqked .org
ycceqdmm .cc zsatn .ws
ydxnochqn .org ztgsd .info
ygmwharv .info ztioydng .com
ylnytttckyc .com 2009happytubes .com
yuvudlsdop .cc securedigitalpayments .com
ywhaunsyez .cc ayrgamtwe .com
ywxdggnaaad .org ayrgamtwe .com
zindtsqq .ws baidujkljlxx .cn
zkywmqx .com bayan .com .ua
zoosmv .info bestchristmascard .com
zqekqyq .cn secured-software-order .com
dudu01 .cn blackchristmascard .com
dudu02 .cn christmaslightsnow .com
dudu03 .cn cncn518 .com
dudu04 .cn discountcentre66 .cn
dudu05 .cn discountmedcentre90 .cn
fonzi .info freedownload2009 .com
helinking .cn g00gle-analyze .com
iexujguw .com load-software-dowload .net
kalitebelgesi .com msngk6 .ru
lhaex9edc .com mybesttube .cn
seocom .mobi netsecurityonline .com
bioito .cn netsecurityonline .com
ab92 .net new-med-offer77 .cn
seocom .name nymedcenter30 .cn
seofon .net privatetube2009 .com
alfglesj .info systemprotectiondownloads .com
vvvbw .cn top100image .com
zsenet .com worldwebupdates .com

Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

BlackHole DNS Update: 100 New Domains to Block

Posted on December 29th, 2008 in New Domains,rogue antivirus,sql injection by dglosser

Domains containing exploits, fake antivirus domains, fake e-cards, and other nasties you don’t want visiting you or your user’s browsers. Sources include www.shadowserver.org, isc.sans.org, ilion.blog47.fc2.com, and others:

1ku .cn slllnmb .cn
252623 .cn sllmnmb .cn
517wyt .com sllonmb .cn
633r .com sllpnmb .cn
927 .bigwww .com sllqnmb .cn
abcrot .cn sllrnmb .cn
baiduyuxire .cn sothink1 .cn
baiduyuxirebn .cn sothink10 .cn
buxhere .com sothink2 .cn
c66b .cn sothink3 .cn
c66d .cn sothink4 .cn
c66g .cn sothink5 .cn
cawjb .com sothink6 .cn
wd2a .cn sothink7 .cn
cookie7 .cn sothink8 .cn
cpfthlb .kki .cn sothink9 .cn
cznutchuei .cn spyadvanced .com
dmc .hb .cn spywarecommander .com
dxwyt1 .com spywaredeluxe .com
entmba .com spywareremoversite .com
exgif .com superchristmasday .com
weweif .com superchristmaslights .com
flippibi .com chchina-jinpin .com
foggamtwe .com federalservicesinfo .com
golfinau .com worldvedrcoo .com
h3hs4 .cn wrmfwh .cn
iiegf .com wrmfwl .cn
jcl-0006 .cn wrmfwo .cn
jcl-0007 .cn wrmfwp .cn
justbt1 .cn yourchristmaslights .com
justcctv6 .cn zjz-001 .com
kkkkppp .cn zjz-002 .com
mba .beisen .com zjz-003 .com
mcuve .cn zjz-004 .com
mm .hacker315 .cn zjz-aaa .cn
mysteryfcm .co .uk zjz-bbb .cn
myvirusguardian .com zjz-ccc .cn
netsecuritybureau .com zjz-ddd .cn
ok16899 .cn zjz-eee .cn
pinakola .com zjz-fff .cn
ptxk .com zjz-ggg .cn
sllaqsb .cn sexy-celeb-photos .com
sllbqsb .cn s .ardoshanghai .com
slldqsb .cn zziyuan .com
slleqsb .cn registryadvance .com
sllfqsb .cn registryassistant .com
sllgqsb .cn registrydebug .com
sllhqsb .cn registryfixup .com
slliqsb .cn repocarfinder .com
sllknmb .cn reversednscheck .com
zjz-hhh .cn reverseipsearch .com
zjz-iii .cn

Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Site Delistings

Posted on December 28th, 2008 in Domain News,Removed Domains by dglosser

Over 3000 domains which have been delisted over the years have been moved to a file called “delisted.txt“.

Over 7000 domains from www.webhelper4u .com and  www.spywareinfo .com, which no longer exist,  have been removed. These domains have been moved to a file called “cws-removed-domains.txt

Webhelper’s latest list (http://webhelper4u.net/whmembers/index.htm)  will be uploaded in the next update.

Big Update & Reorganization

Posted on December 26th, 2008 in Domain News by dglosser

The next update will remove all domains referenced bywebhelper4u .com and www.spywareinfo .com as those lists no longer exist.

In addition, sites which have been delisted will be removed from the main domains.txt file and moved to a new “delisted.txt” file.

Then we will load up webhelper’s latest list (http://webhelper4u.net/whmembers/index.htm)

Finally, the list will be resorted the order of which the domains were added.

100+ New Malicious Domains to blackhole

Posted on December 24th, 2008 in asprox,New Domains,Phishing,rogue antivirus,spam by dglosser

Lots of rogue antivirus domains, asprox domains, phishing domains, exploit domains, and other domains you don’t want your users visiting. Sources include malwaredomainlist.com, malwaredatabase.net, safeweb.norton.com, dnsbl.abuse.ch, and others.   We appreciate the service these sites are providing:

00119922 com advertisercash com
18978 com cn adwarecommander com
240av cn adwarepatrol com
6680 cc anotherdnserrorz com
91131 org antiamenazas com
ach org il antispamassistant com
addetect com antispambastion com
adsniffer com antispamgold com
ave2 cn antispyadvanced com
ave3 cn antispyware-scanner-free com
aresdeluxe com antispywarexp com
adwareplatinum com antivirusprogramsite com
adwareremover ws antivirusprotectorsite com
adwaresafety com antiviruswebsite com
adwaretools com aresdownloadnow com
alertspy com av-scan-pc-tools net
bassamtwe com buymsantispyware2009com
bbs abvc cn cheapdecember com
bigsellstaff cn cntotalizator cn
bnmd kz detectiveadvanced com
clrtemp cz detectivehound com
cashpopup net directchristmasgift com
cch2 cn doctoradwarepro com
ccswzx6 cn download-all4free com
ccswzx7 cn download-best-antivirus2010 info
chhuslfffu com livechristmasgift com
clickomania biz fronthomepagez com
dft6s kz msas2009storage com
gfksamtwe com vidzsolution com
kefjwfev cn privacy-care com
korienado com qualitaetips com
lepr info rec bestrevenue net
light-player net rikora com
lite-corp com scan-onlinefreee com
lqir6s2eo com scanonlinefreee com
mega-player net newyearclassmates com
membersphoto com windowsplaeyraddons com
vhxfbwft com thebestantivirus axspace com
msas2009dl com online-spyware-detector com
mtno ru msantispyware2009 com
myspacy biz myprivatetubes09 net
wmpd ru netdigitalsecurity com
netisecurity com pok shopvideofest cn
ttfafa com soft4youupdat org
nvepe ru sp2 information com
uhjnxredc com xhcqxdedc com
wuxiawu com yourdecember com
pop yandex2 cn

Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.  Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Huge Update: Over 350 domains delisted

Posted on December 20th, 2008 in Removed Domains by dglosser

List cleanup continues… 300 domains have been delisted. Please update your files. Diff files are located in the www.malwaredomains.com/files folder.

Site Delisting: www.freedownloadsarchive.com

Posted on December 17th, 2008 in Removed Domains by dglosser

www.freedownloadsarchive.com has been delisted. Please update your blocklists.

54 New domains to block

Posted on December 15th, 2008 in fake codecs,New Domains by dglosser

Sources:www.shadowserver.org, www.malwaredomainlist.com,     safebrowsing.clients.google.com, and others. Includes fake codecs, rogue antispyware, ie7 exploit domains, and other bad stuff you want to shun:

helpdown .cn 384756783900 .cn
ho0k .com 4ourtraff .com
iuwei .com 4s3w .cn
jgkdofjggkjlh .com 517891 .cn
karasing .cn netsecuritytech .com
lianrong .com .cn 6dsoft .cn
lyox-lib .com 7speed .info
mianfei58 .cn akademikerzeitung .ch
zwzj .com antispywerepro .com
obfuscated .name antivirusrapid-scanner .com
egypt-shop .cn b81 .8800 .org
qs-s .nm .ru s0ftvvareportal08 .com
c66f .cn trustedsoftportal2008 .com
c66i .cn s0ftvvareportal .com
ccol365 .com cleansoftportal2009 .com
h3x .info comefood .com
ftalyl .cn securedownloaddirect .com
ffseik .com dirty-boy .cn
dingli .net doubleluck .com .cn
spcounter .info downloads777 .com
ssy1688 .cn opkfgpkogokofdg .net
steoo .com googl-analisys .com
h3x .info gotest2 .iirs .net
uploadeservers .com softportalforfun08 .com
ustechservic .com .cn softportalforfun2008 .com
5traff .cn softvvareportal08 .com
wieyou .com softvvareportal2008 .com
yhgames .com webexperience13 .com


Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

More 0-day exploit domains

Posted on December 11th, 2008 in New Domains by dglosser

shadowserver seems to have the most updated domain list. List seems to be growing, so check their site often. Block those evil domains ASAP!!!























qqqqttrr .cn 09021030408721 .cn
17gamo .com lookfornewsoftware .com
360avva .akvvv .cn zlwrnm1 .cn
baidu-du1 .cn zlwrnm10 .cn
baidu-du2 .cn zlwrnm11 .cn
baidu-du3 .cn zlwrnm12 .cn
baidu-du4 .cn zlwrnm13 .cn
baidu-du5 .cn zlwrnm14 .cn
baidu-du6 .cn zlwrnm15 .cn
baidu-du7 .cn zlwrnm16 .cn
baidu-du8 .cn zlwrnm17 .cn
baidu-du9 .cn zlwrnm18 .cn
bbtu01 .cn zlwrnm19 .cn
bbtu02 .cn zlwrnm2 .cn
bbtu03 .cn zlwrnm20 .cn
bbtu04 .cn zlwrnm3 .cn
bbtu05 .cn zlwrnm4 .cn
bbtu06 .cn zlwrnm5 .cn
bbtu07 .cn zlwrnm6 .cn
fyesn .cn zlwrnm7 .cn
hhhh8886 .cn zlwrnm8 .cn
rrrrrrryyy .cn kukuzhmuku .com

Lots of hostile domains to block

Posted on December 10th, 2008 in New Domains by dglosser

Many domains associated with malware you shouldn’t invite in your network. Some are associated with “0-Day” unpatched microsoft exploits.. Sources include  www.malwaredomainlist.com, xanalysis.blogspot.com, ilion.blog47.fc2.com, www.abuse.ch, and others:

50nb .com zgynkmv .cn
84ws .cn zgynkmt .cn
8e9 .net zx5fxluya .com
ad-adnet .net zssotke .edu .sk
adk2lev .com cc4y7 .cn
adnetserver .net cc4y8 .cn
ameks .net cc4y9 .cn
avse2 .cn celebs4you-online .com
baidu-baidudou1 .cn childrenlaughusual .com
baidu-baidudou2 .cn cre4 .cn
baidu-baidudou3 .cn d425 .cn
baidu-baidudou4 .cn d46g .cn
baidu-baidudou5 .cn d5d3 .cn
baidu-baidudou6 .cn do2a .cn
baidu-baidudou7 .cn doublered .info
baidu-baiduxin1 .cn download-top-software .net
baidu-baiduxin2 .cn downloadforupdates .com
baidu-baiduxin3 .cn dream-ads .eu
baidu-baiduxin4 .cn empresalda .com
baidu-baiduxin6 .cn erabl-pict .com
baidu-baiduxin7 .cn firefox-lab .net
baidu-baiduxin8 .cn gd3w .cn
baidu-baiduxin9 .cn gfdsgf333 .com
baidu-baiduyi .cn gknf21 .net
baidu-baiduzi1 .cn go-go-cash .com
baidu-baiduzi2 .cn googlesyndixation .cn
baidu-baiduzi3 .cn hot-sexpt .com
baidu-baiduzi4 .cn ico6 .cn
baidu-baiduzi5 .cn jha2 .cn
baidu-baiduzi6 .cn jmrlmgg .cn
baidu-baiduzi7 .cn ko109 .cn
baidu-baiduzi8 .cn ko113 .cn
baidu-dudouai1 .cn ko115 .cn
baidu-dudouai10 .cn mekiller .com
baidu-dudouai2 .cn mysy8 .com
baidu-dudouai3 .cn nan7 .cn
baidu-dudouai4 .cn oiuytr .net
baidu-dudouai5 .cn pay-per-install .org
baidu-dudouai6 .cn r43w .cn
baidu-dudouai7 .cn rzenter .cn
baidu-dudouai8 .cn schoolswitzerland .com
baidu-dudouai9 .cn sllwbd1 .cn
bigimagecatalogue .com sllwbd10 .cn
bizcn .com sllwbd2 .cn
buyanydream .biz sllwbd3 .cn
c56f .cn sllwbd4 .cn
cc4y0 .cn sllwbd5 .cn
cc4y1 .cn sllwbd6 .cn
cc4y2 .cn sllwbd7 .cn
cc4y3 .cn sllwbd9 .cn
cc4y4 .cn sllwrnm1 .cn
cc4y5 .cn sllwrnm10 .cn
cc4y6 .cn switzerlandgirl .eu
sllwrnm2 .cn switzerlandpussy .eu
sllwrnm4 .cn vvexe .com
sllwrnm5 .cn wwwwyyyyy .cn
sllwrnm6 .cn zghncsa .cn
sllwrnm7 .cn zghncsb .cn
sllwrnm8 .cn zghncsc .cn
sllwrnm9 .cn zghncsd .cn
zghncsg .cn zghncse .cn
zghncsh .cn zghncsf .cn
zghncsi .cn zghncsx .cn
zghncsj .cn zghncsy .cn
zghncsk .cn zghncsz .cn
zghncsl .cn zgynkma .cn
zghncsm .cn zgynkmb .cn
zghncsn .cn zgynkmc .cn
zghncso .cn zgynkme .cn
zghncsp .cn zgynkmf .cn
zghncsq .cn zgynkmg .cn
zghncsr .cn zgynkmh .cn
zghncss .cn zgynkmi .cn
zghncst .cn zgynkmj .cn
zghncsu .cn zgynkmk .cn
zghncsv .cn zgynkml .cn
zghncsw .cn zgynkmm .cn
zgynkmw .cn zgynkmn .cn
zgynkmx .cn zgynkmo .cn
zgynkmz .cn zgynkmp .cn
zlkon .lv zgynkmq .cn
zoomovies .org zgynkmr .cn

Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…