Feed

List Cleanup: 630 Domains Removed

Posted on July 31st, 2010 in Domain News,Removed Domains by dglosser

630 domains removed, full list of removed domains here.

July 30 Update: 186 new domains

Posted on July 29th, 2010 in gumblar,New Domains,Trojans,zeus by dglosser

sources include honeywhales.com, malwaredomainlist, safebrowsing.google.com:

1k7 .ru magicbed .co .kr
a5s .ru mahjabeenm .com
a6k .ru masihigeet .com
a7f .ru medyasehir .com
a8f .ru mobilisim .mobi
a8h .ru scancamp .co .cc
a8w .ru scandesk .co .cc
a9w .ru stats-serv .net
b3o .ru stifast31 .info
b3w .ru vistumbler .net
b5v .ru 33askday7w2 .com
b5x .ru benignbkk4 .info
b6m .ru goldvegas24 .com
b6n .ru kanarinac .in .rs
b6o .ru khezri-adine .ir
b6r .ru koncertiroda .hu
b8g .ru kortvideohem .se
b8h .ru lupitaarmas .com
b8i .ru mesgurukula .com
smx .nu mhjldsgmfds .com
errr .ws mobileauto1 .com
kbda .in mtravel3biz .com
m201 .de my-dns-stat .net
3data .de scantopia .co .cc
49558 .cn today-newday .cn
k365 .org adcreativecp .com
kb40 .com broken-sound .net
renti .tw diamonddoctor .ru
stire .in last4444best .com
dpeed .com leksakskungen .se
kamli .com marianainigo .com
kashej .dk mayaheritage .com
lagule .at mtqxbadjxasd .com
mymw .info regalachiefs .com
n-age .net scanwizard .co .cc
skyrat .ru sj99asdhy728 .com
19855 .info errekhxzerr .co .cc
bbsr .co .in kittykatjeans .com
burbank .la laufend-helfen .eu
carmup .com marco-behrendt .de
ceberz .net mentissystems .com
ceberz .org regencychurch .org
kcom-m .com sleepstreamer .com
kfcf .co .kr suprem-company .ro
koci .re .kr thetraffics .co .cc
kockoy .com cuckoldtrainer .com
kohyao .net epicsgallery .co .uk
krunop .com hotxtubeonline .com
m-paris .ru miriquidi-coons .de
mashaei .ir secksaygrannay .com
mirjany .ru secret-connect .com
slapfan .in storagedatanet .com
soft32 .com subvencionwest .com
tdsinfo .tk thenewsoftware .com
4shared .com thethoughtzone .net
cxevalo .com updates-online .net
geerrge .com dolphinmobile .co .uk
kult-uur .be google .analytics .tk
lcitsih .biz greatelectronic .com
likeism .org miroengineering .com
mylodka .net secure-checking .com
rcturbo .com vigulardefense5 .com
servqvod .tk ctpatconsultants .com
sexnej .info dandbcorporation .com
sslworld .in diamondlandcasino .ru
2hate4us .com goodgirlsbadguys .com
9999tech .com kadikoyanaokulu .info
kadalcok .net koltaiandor .extra .hu
kontorce .net lesetainsdugraal .com
kytten .co .cc millenniumkids .co .in
lauwaert .net normal-best-tube .com
leadrush .com shloesandrooneys .com
siren114 .com testednewpartner .com
spinparty .pl diamondgreatcasino .ru
sutki-ekb .ru louisianajazzclub .net
vdsconfig .in mikeandtarabruley .com
fxguard .co .cc scolileblajului .lx .ro
gm1online .com herr-bertxy .tripod .com
kandilkoy .com jubailcityplanning .com
lancorner .com jubilantmattresses .com
lordrizzo .com kaplanoyunaletleri .com
maaandhra .com medicalwholesaleran .ru
mallcom .co .kr thecheckingconnect .com
mandarine .net victoryinformation .com
metroeple .com baseballcardcatalog .com
ms-update .net biuramatrymonialne .info
sebo .16tn .com kandkfrenchbulldogs .com
tamesteel .net kiralikasansorizmir .com
bertsinnema .nl sonicomusica .powweb .com
dagama .itkm .ru kasprowicz .polskikosz .pl
kevinkramer .ne limosforhenparties .co .uk
lentdesign .com ronaldneko .dothome .co .kr
maechaem .ac .th shop-hosting-bisingen .de

125 new unsafe domains

Posted on July 27th, 2010 in fastflux,gumblar,New Domains,zeus by dglosser

Sources include safebrowsing.clients.google.com, blog.unmaskparasites.com, atlas.arbor.net:

g12 .ro iranpingpong .ir
t3n .pl j-partner .co .kr
75a .net jetaimesuit .com
6r66 .com johnbennett .com
gemus .pl joy-leports .com
ic-4 .org paymentsint .com
im .ne .kr gadgetsshore .com
shtos .ru gorselankara .com
cit-lm .sk granpiano .com .mx
cjbux .com gratisthumbs .com
fzdqjn .cn gsccleveland .com
g3l .co .in iammaryhamer .com
haggar .cl infograph .com .mx
hoefra .at ismaildundar .com
rxbob .com konmuangdong .com
rxbon .com konyvelesgyor .hu
vv02 .info scan-security .cn
vv03 .info azdanzyeemlak .biz
geco .zc .bz fitdurchphysio .de
hazuse .com folkartist-kr .com
itillc .com galleparadise .com
itmgoch .ru greatrxdecide .com
naveli .com healthplanone .net
omjkit .org jollyspattaya .com
phpqtr .com rxdirectvital .com
ramazan .ir trafic-server .org
antiviru .ru gallery .soss .co .in
dairanet .cn gang .dothome .co .kr
fotoris .com goldenhospital .com
gozites .com hotelsathyam .co .in
hickorys .ca mypharmacylive .com
hopelife .in ponysirindhorn .com
idamusti .dk projectsvalley .com
ipac-bd .org golfpromadeeasy .com
joeburns .eu house-takecare .info
primeart .hu jaquemet-zehnder .ch
testilla .ru najbolja-zabava .com
arena-eg .com placemedsgalore .com
frontflip .se redirect-script .com
goodmann .net 1debtcreditcards .com
happy104 .com blackhollywoodhu .com
joukekorf .nl focusonesthetics .com
ju-bernau .de lacefrontsecrets .com
bali-yama .com pillqualitysight .com
gclub1688 .net activesecuritynet .org
iraqiyoon .net islacontoymexico .info
login-srf .com medicalstockwould .com
shazslair .com xn--ob0bn98bb2ff3e .kr
soul-suply .ru floristeriatorrens .com
avtracker .info gpdiebenhaezerposo .org
earthi0-3d .com greatlakesicecream .com
fromsuperb .com habbo-star .bplaced .net
gold-eshop .com itpackservejapimen .net
grameendev .org robotvacuumreviews .com
howcodec .co .kr free-birthday-party .com
iris2009 .co .kr industrialsurquillo .com
prettysame .com kinderfeest-compleet .nl
xcreenshop .com frenchpharmacyonline .com
zsofia-adam .hu googlevirustemizleme .com
flashback .dp .ua khannavishavkarmasabha .com
funkyclients .nl hindustanrealtyservices .com
huileargane .com graphicmanagementassociates .com
hukrkvartira .ru

164 new domains (zeus, gumblar, iframe, etc)

Posted on July 23rd, 2010 in gumblar,New Domains,Trojans,zeus by dglosser

164 new domains associated with sql injection, gumblar, zeus and other badness. Sources: safebrowsing.clients.google.com, ddanchev.blogspot.com, blog.unmaskparasites.com and others:

a1e1 .net almahdi .webphoto .ir
anishinfoways .us anupamhoteliersltd .com
barakobrama .com b2bdebtcollection .co .uk
casino-you .com b2bdebtrecovery .co .uk
casinodeal .org bayareapeacekeepers .org
casinozbestmy .ru betterlibrariesforpaloalto .com
casinozmybest .ru casinozbestweb .ru
cbx-north .se casinozmy-best .ru
ceferd .com cestoweb .rajzdravi .cz
ceylon-tours .de cheapphotography .org
chatabebek .cz coiffure-claude .com
cinartekstil .net cologne-mohair-dyers .com
cipayroll .com communications .baydem .com
claptones .hu conta-vencedora .pt
compfuture .net countryinsulation .co .uk
cosmoabc .com dayspaxalapa .com
crc .ac .th deutscheshaus .ge
crm4u .co .il diedeutschmeisterin .at
cronbronzvon .net digitalmediaset .com
culturechine .org directpharma .net
daeneung .co .kr divineinnovation .net
dailylaiken .com djcyclesstore .com
damisystem .com doctor-samru .57 .com1 .ru
danielfarina .com dolphinassociates .in
day-sity .ho .ua download-reactor .com
demkarklima .com downloadfreemcafeeantivirus .com
denisen .com .cn ebi-live-chat .net
designetmoi .com elaheh .webphoto .ir
designrj .com elizabethdschafer .com
devman .org energyinfo .com .br
dgiz .de engelbertink-hoveniersbedrijf .nl
dkbc .org englishrescue .com
doctor-jade .ru enutritionhub .com
drakken .com .ar escorialescorial .com
dsc .com .eg exactwatches .com
dsofttech .com exponentialreturns .com
dylanromer .com expresshomecinema .com
elcombra .de extraflowtraff .in
emglabor .de fashiontouch .net
emuna .com .ua felipeycamila .com .ar
enftv .org feltonmachine .com
eng .ru .ac .th freeantivirus31 .com
etqw .hu freebasicantivirus .com
ezgmp .com freeboobsarts .com
fabil .pl guanabaratravel .com
fagfolkfakta .no jeffs-koreskole .dk
fauxtastic .net jubilantetty6 .info
ferozkhan .in knuenglish .co .kr
ferrytopia .com knuenglish .mireene .com
findsens .dk koreaexport .co .kr
freeartstv .com loloohuildifsd .ru
freehitdata .com marketholiday .ru
freereview .in mediaservicesdata .com
freeserials .ws mediavisualarts .com
gagainco .com montemeubles-location .com
gate4ads .info montezuma .spb .ru
greenwatt .co .uk nikrogul .ovh .org
itspitsp .com replicabagcenter .com
jocudaidie .ru replicahandbagscheap .com
joinnow20 .co .cc replicahandbagsite .com
jointo27 .co .cc retailsecurity21 .com
jseuz .tk rytectvo .host .sk
lessown .in wanderlusting .net
lightpalace .net webserivcekota .ru
mediahopes .com webserivcessh .ru
mitroc .com webserivcezub .ru
musiceng .ru webserviceaan .ru
my3gb .com webservicebal .ru
najahsalam .net webservicedevlop .ru
naphi .com webserviceforward .ru
obec .go .th webserviceftp .ru
okport .in webservicekuz .ru
onlink .in webservicelupa .ru
prodin .com .ar webservicenow .ru
ruskodom .ru webservicesbba .ru
searchdead .com webserviceskot .ru
searchdear .com webservicesmulti .ru
searchfunes .org webservicesrob .ru
shirazittc .ir webservicessl .ru
sochi .nov .ru webservicesttt .ru
taxshelf .ru webservicezok .ru
web2host .in webwinkel-klusje .nl

The malware block lists provided here are for free for noncommercial use as part of the fight against malware.Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

152 new domains (artro, gumblar, zeus, etc)

Posted on July 21st, 2010 in exploit,gumblar,trojan,zeus by dglosser

152 new domains (artro, gumblar, zeus, etc). Sources include abuse.ch,
honeywhales.com, malc0de.com, www.freepcsecurity.co.uk:

0815 .ch 3408530458043rotabannergoogle .com
885poiker .info 3gcompanyplc .com
aaqx .ru adservercentral .info
allxscan .tk antivirusavgversionefree .com
aqqx .ru awmobilemechanic .co .uk
aquafino .com barabudd333 .com
atx7 .biz bellicosek8 .info
bb-phones .ru best-tube-time .com
beinfo .in bestcasinozweb .ru
bemoanlyy .info carapuce .eugumblar
browserstat .in carlossalina .com .ar
cardo .dk casio-hodinky .com
ceters .biz centralinmobiliaria .com .ar
choww .in clickjujuy .com .ar
coolutils .com core3023 .programmingshool .com
curseri .ch defenderprotection .in
dehtrader .com deltalloydbusinesscourse .nl
dfrscanner .tk dentalnursenetwork .com
e2dx .com designtrl .km .ua
e6532 .com dnsdnsprovider .com
elt-time .com ecuadorsito .com
everytds .tk fasttopesearch .com
evishop .de feelfree31 .co .cc
ezonemall .com firat33 .fi .funpic .org
fist0 .info folkebladet .dk
flybod .com fuzzyyellowballs .com
foodmp .com galaxymusicarts .com
fvds .ru googlemugl .com
gassra .com greatnaturearts .com
ggdesk .com handbag001 .com
glassbest .com houseofafricaguesthouse .co .za
gtrb .ru igoodmedia .com
gtrfz .biz info-news .name
hanhaho .com intrepidintl .com
hedere .info itg .nrct .go .th
hescius .com kodebazaar .com
hotproud .com koska .sytes .net
iimba .org .il littleartsworld .com
jaftest .com loading .own .cz
jamyx .in login .live .com .nci .uni .cc
malecafe .net lzqxszbdmms .com
mamasun .org magmaessex .co .uk
mejac .com main01 .isa-geek .com
ml512 .com mgxkqsulhkzl .com
newch4u .co .kr newconcurso .info
nike1ot2n .com neweraarts .com
nnam .ru nostalgiaefs3 .info
oodmp .com oemsoftbestseller-1 .ru
pifa .se realpayplus .com
qcma .co .uk realprotection32 .co .cc
runtarius .cc recuperatekj4 .info
sa-ppas12 .com rotabannerutroru234x100x100 .com
safe-web .name secondnaturearts .com
salx .cc seelenbuecher .de
sernv .in socratessavvides .com
sj82hags6 .com statistics-of-world .org
slcore .in stream-online .info
solenet .net swatchclock .in
susiehays .com topbeinahe .com
sxm22 .com traffic-increases .com
topicnine .net traficsource .org
trafcenter .us truestarmedia .com
ttdang .com tubedirect .net
tubezz .org unbreakabletattoo .com
valmarko .lv update-center .net
vaxasa .info vendicious .com
vk-socks .net videozone .yc .cz
wardefer .com visvrienden .nl
wgetsoft .net vkontakte-theme .ru
wmblive .com votrepharma .com
yadr1 .com wangqiao365 .com
yadr2 .com webbonus-gamez .ru
zateba .info webbrainworks .com
zephehooqu .ru xinjiapo123 .cn
zicateam .info yellow-cargo .com
zybr .in yourprotection88 .co .cc

gumblar, rogue, scareware domains

Posted on July 19th, 2010 in 0day,exploit,gumblar,New Domains,rogue antivirus by dglosser

gumblar, rogue, scareware and other harmful domains. Sources: honeywhales.com, www.threatexpert.com, blog.unmaskparasites.com and others:

ad159 .com antispy-defender .com
antispywork .com antivir-product .com
antivirmore .com antivirprime .com
antivirstat .com appstoredemon .com
av-look .com bequeathooh4 .info
bertlicy .com brightspacedehradun .com
booksmeslia .com bronwynjamrok .com
bootch .in bryllupsbyraaet .no
borsalita .ru bsk-spedition .de
boxcar .com buypartylights .com
bradinfo .org buysellferrari .com
cadglobal .ca campus-europe .com
cawwe .com classyartsworld .com
chrysby .com cleanupyoursoft .com
cntvs .com conundrumwth .info
codeconline .com digitaldataplus .com
coe-inc .com digitalpackback .com
cruelstar .net directstraight .com
dfhk .info ehost-services138 .com
eaglediver .com electronicbankdata .com
fglq .info greatladymovies .com
galleryp1 .co .kr guest .worldviewproduction .com
google-stats .ru homovisualarts .com
gysdk .com housebythecemeterythe .moviecoupons .com
hotdf .com imagequest360 .com
inputen .com indiabackwaters .com
kollo .ch kingfinearts .com
maremot .com man-tekconsultinginc .biz
mfjr .info moretoparts .com
middlelist .com mygoodguardian .com
moviemoto .org mytrueguardian .net
mymasters .in phenomenon789v .info
onlyscan .tk pitchblackaudio .pamhuth .com
railuhocal .ru samsgreatarts .com
sexkoq .info scripts .cgispy .com
sh-yz .biz soft-cleaner .com
smartavz .com soft-cleaner .net
ssl-pool .in theelectricarts .com
ushship .com video-files .org
vxplanet .net video-library .org
werh .biz video-sharing .org
xpresdnet .com warezforyou24 .co .cc

The malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

List cleanup: 1135 domains removed

Posted on July 17th, 2010 in Domain News,Removed Domains by dglosser

1135 domains have been removed.  he removed domains are located in the file removed-domains-20100717.txt

Please let us know ASAP if there are any domains which need to be readded.

Important update — koobface, exploit domains

Posted on July 15th, 2010 in 0day,exploit,koobface,New Domains by dglosser

source include isc.sans.org, ddanchev.blogspot.com,x.maldb.com, blog.unmaskparasites.com:

abrie .in oserr .in
agros .in osmac .in
alldh .in ospor .in
alodh .in ossce .in
anrio .in ossio .in
antsd .in ostab .in
aoxtv .in ostac .in
appsd .in ostio .in
aquui .in ostom .in
arrie .in ouned .in
balsd .in purnv .in
barui .in pxdmx .in
bikey .in ragew .in
bkpuo .in rekey .in
bleui .in saled .in
brayx .in sated .in
broyx .in scoos .in
bryhw .in sdali .in
butui .in sdall .in
butuo .in sdayb .in
butyx .in sdaye .in
cated .in sdayo .in
cedhw .in sdene .in
chrie .in sdich .in
chrio .in sdome .in
cirui .in seedw .in
clrio .in smoed .in
cogoo .in soted .in
conuo .in spios .in
conyx .in spkey .in
corie .in sunyx .in
curie .in sydos .in
cusnv .in teaed .in
czkey .in thynv .in
degoo .in ugiyx .in
dennv .in uinei .in
dugoo .in uinge .in
eagoo .in uiren .in
eboyx .in uirin .in
ecrio .in uisap .in
ectuo .in uisee .in
edbal .in uisma .in
edban .in uitem .in
ederc .in uithi .in
ederm .in uityp .in
edger .in uityr .in
edimp .in varyx .in
edois .in veged .in
elrio .in wakey .in
enguo .in whasd .in
eprio .in wimed .in
eqrio .in woonv .in
fakey .in yokey .in
fibnv .in yxial .in
foryx .in yxiam .in
franv .in allxt .com
fraos .in stteop .in
garie .in coparli .com
glouo .in gutyeaz .com
guinv .in hitinto .com
habsd .in pantscow .ru
hecuo .in bizenable .com
hekey .in dyayxsgsv .net
humos .in ktkelzrwqgq .com
hygos .in s3xme1fucan .com
hyrie .in myantivirsplus .org
imbos .in my-antivirsplus .org
ionnv .in rooty .crabdance .com
jamsd .in my-protectonline .org
kykey .in sysprotectonline .org
latuo .in my-antivirus-plus .org
leunv .in my-protect-online .org
linuo .in sys-protectonline .org
liuyx .in fastscanner-online .org
makey .in ilio01ili1 .comappsd .in
moosd .in sandra .prichaonica .com

urgent block: imagehut4 .cn, allxt .com, hitinto .com, 173. 204. 119 . 122

Posted on July 15th, 2010 in 0day,exploit,New Domains by dglosser

From SANs:

We have received some information from one of our readers that the zip file that he received contained a multiple exploit-kit downloader.  He indicated that there are over 120,000 successful downloads of the exe file. They have discovered that IP address 173. 204. 119 . 122 is where the file appears to be hosted at and is being updated with new binaries consistently. The downloader appears to grab a few files with random file names and  have been observed connecting too imagehut4 .cn, allxt .com, hitinto .com.  … all files appear  to run fully under Windows VMWARE and are resistant to detection by many of the common threat programs.

These domains will be added on the next update but you shouldn’t wait..

gumblar, koobface, and other nasty domains

Posted on July 14th, 2010 in gumblar,koobface,New Domains,Trojans by dglosser

Sources include support.clean-mx.de, safeweb.norton.com,blog.unmaskparasites.com, ddanchev.blogspot.com:

gpgp .ws 4info-tools .com
gsv1 .de anvietmedia .com
rks1 .de bangkokfood .com
brusd .in bmplaces .msk .ru
mn2x .com fastradotop .com
naty .org sub .downs .co .kr
nvild .in amriflooring .com
volnv .in apadanagroups .ir
analys .ru bcs-construct .be
avj .co .in musitalentos .com
mbu .ac .th nuklearartist .de
ses99s .cn pds18 .egloos .com
angelas .in averiwarefree .com
bestway .cz bharticouncil .com
blschd .com scrapper-site .net
bookav .net smarttrain .edu .vn
euracom .de video-codec .co .tv
sitasa .com assiouty-group .com
bobscopy .ca bellsdirectory .com
so2alak .com usa-horse-club .org
ttqipai .com aliss .al .funpic .org
anujinfo .com artalepwellness .com
assurline .fr barista-italiano .nl
dong69 .co .kr vot-takie-pirogi .in
kungfu .co .il cams2010 .unlugar .com
lokexawan .cn free-best-movies .com
novostar .com polotele .fileave .com
blackcreekstudios .com
video1you .in gokartsvordirekt .info
zhajinhua .cc ankaragunesnakliyat .com
20iamback .com 0checkingyourtraffic .com
atelieray .com 10checkingyourtraffic .com
bantontan .com 20checkingyourtraffic .com
flvdirect .com 30checkingyourtraffic .com
hiphop .web .id 40checkingyourtraffic .com
masconazo .com 60checkingyourtraffic .com
noplumber .com 70checkingyourtraffic .com
prehastven .in 80checkingyourtraffic .com
tc2000 .com .ar 90checkingyourtraffic .com
areasdm .com .ar clientconfig .passport .net
arekosicki .com themasterscourtestate .com
bellsworld .com thetriumphantministry .com
bestinporn .com suelenmodas .web47 .f1 .k8 .com .br
bestlavori .com yourgooglesuperanalytics .co .cc

The malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…