Feed

RBN, Rogue, koobface domains

Posted on May 25th, 2011 in koobface,New Domains,RBN,rogue antivirus by dglosser

330 domains associated with RBN, rogue/fake AV and other maliciousness were added. Sources include emergingthreats.net, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file):

afiveless .com americanpoloavs .com
aievb .com analyticgoogle .net
antispyst .com avsblcamericanstatecan .com
antispyst .net avsblcksplayoffs .com
avblckscan .com avsdixieland .com
aveesca .co .cc avsgreenscangroup .com
avgreenscan .com avsgreenscaninc .com
avkok .com avsgreenscanonline .com
avkokxp .com avsgreenspassword .com
avless .com avslessgroup .com
avoffxp .com avsoffxpgroup .com
avoops .com avsoffxpinning .com
avs-jazz .com avsoffxponline .com
avs-jive .com avsxpoffgroup .com
avs-music .com avsxpoffonline .com
avs-swing .com basydiduwahaw .com
avsa-daisy .com beachpoloavs .com
avsblckscan .com betakywaxekof .com
avsbluescan .com bigoxefyfaluh .com
avsdon .com bipakypusiby .com
avsgo .com bozygawunefi .com
avsgreencan .com bucoqypynynej .com
avskok .com cajikohinele .com
avskokepub .com cheappoloavs .com
avsless .com computerplaces .info
avslessinc .com cuneqyqetyroj .com
avslessnail .com custompoloavs .com
avsll .com cynyhafyzetov .com
avsllgroup .com dadesignlive .com
avsoffxp .com deletevsgreenscan .com
avssorry .com diwamajucovy .com
avsxpoff .com dytebyhekaqa .com
avxpoff .com eyeavsexamine .com
babisotot .com eyeavsscanonline .com
bakubuniho .com eyeavstaylor .com
baxivenom .com eyereaderavs .com
betavs .com eyereaderavsxp .com
betavsgroup .com eyescannerav .com
bikepoloavs .com eyescanneravs .com
blowavs .com eyescanneravsgroup .com
bnetns .ru eyescanneravxp .com
boxisosypi .com fifotojylahe .com
bytypupecex .com filteringlavs .com
cacirowec .com fohohovugoredo .com
cagolasevaj .com gasavsonline .com
califepro .com gavorydigejizy .com
capurasaf .com gilebifabusexa .com
cilybodyd .com giwomylywokof .com
cudokopipi .com globalpoloavs .com
cygogonabeq .com hawaiipoloavs .com
danoduc .wo .tc hebypudukotih .com
dihisalyh .com inningavsxpoff .com
dowemawema .com inningvsoffxp .com
eacvb .com jojevijehajyx .com
eievb .com jywujodocivine .com
eonvb .com kilumixefiki .com
epubvskok .com lakersscanneravs .com
eyeabscan .com lessavsonline .com
eyeavscan .com llanorthwestern .com
eyeavsscan .com logapacquiao .com
eyeavssee .com logavsonline .com
fakovuhuju .com lutheranantivirxp .com
foqadobyve .com lutherantivirxp .com
fyhykubux .com lysocoharogyg .com
gasavs .com lywicoxyvuby .com
gasavsgroup .com m00vable-fiesta .com
gasicekymas .com myavsblckscan .com
geduhijykes .com myavsgreenscan .com
gidewuboler .com myeyeavsscan .com
gilodivere .com myeyescanneravs .com
goinprivate .com mywinantivirusxp .com
h3456345 .cn nabubymepicizu .com
hifoqaxinaj .com newavsblckscan .com
hupnb .com newavsgreenscan .com
jocusacegir .com newavspridewin .com
jukecoruvut .com neweyeavsscan .com
kesykijigut .com neweyescanneravs .com
kyqegovujug .com nodihykyhopyz .com
lessavs .com nupecehededave .com
lessavsinc .com pacquiaologavs .com
lettervs .com passportantivirusxp .com
lidvb .com passwordavsgreenscan .com
llavsonline .com passwordvsgreenscan .com
logafive .com pipugodupexug .com
logav .com playoffsvsblckscan .com
logavs .com poreavsgroup .com
logavsgroup .com poreavsonline .com
logavsmanny .com premiumantivirusfreescan .com
loseavs .com premiumfreescan .com
luqotazih .com pulirutugeqaf .com
mannyavs .com punanufawenyk .com
mannybetavs .com qikawykytapysy .com
mavsloidol .com qixaxyrujuqici .com
mecaqyvupi .com qukocacilogoti .com
mezibehab .com qyfimeluxeqok .com
mufobapix .com recabikixyse .com
myavsboom .com rinepigelowot .com
myavsdam .com rugabujotidil .com
myavsoffxp .com ruvahekamefan .com
myavsxpoff .com seiningcarno .co .cc
mybetavs .com sixihyqecyfuku .com
mygasavs .com snailessavs .com
mygolavs .com sonycojaqowik .com
myllavs .com syfurojoxereku .com
mylogavs .com tayloravsscan .com
myporeavs .com tedowuveqakej .com
mywinavs .com theantivscanfree .com
ncaaavs .com theavsblckscan .com
newavsboom .com theavsgreenscan .com
newavsdam .com theavsoffxp .com
newavsll .com theavspridewin .com
newavsoffxp .com theavsxpoff .com
newavsxpoff .com theeyeavsscan .com
newbetavs .com thewinantivirxp .com
newgasavs .com tinocusebawu .com
newgolavs .com tsunepspatiz .co .cc
newlessavs .com tumevamusytoc .com
newllavs .com turezidejuzok .com
newlogavs .com tutupeqyrar .com
newporeavs .com tycalinumijotu .com
newwinavs .com tytunajilac .com
nihedimes .com vadyrokufubu .com
nupnb .com vefyqylepahuga .com
oilavs .com vekoxarotucev .com
owavb .com vepizujefewa .com
piavb .com video-playerpro .com
polossavs .com vikitarurepuq .com
poqacelufeq .com viraltraffic-guide .com
poreafigure .com virustest01 .cz .cc
poreav .com vivasidasaves .com
potasajic .com voice-ip-download .com
puvepydilaj .com voip-2010-download .com
qatijoxuna .com voip-2010-new-download .com
qovukezur .com voip-2011-version .com
ranamujesu .com voip-access-now .com
rhpavsxpoff .com voip-new-online-download .com
rhpvsxpoff .com voip-official-download .com
ronadosim .com vovyjaryguwu .com
rsravs .com vywobohexinipa .com
salysymyp .com waginujiwoha .com
savicypacy .com watch-football-tv-live .com
seekartists .com watch-hd-movies-online .com
semuvajako .com watch-hockey-online .net
sobudajib .com watch-hockeyonline .com
taxhiking .com watch-live-2010-football .com
theavsboom .com watch-online-basketball .com
theavsdam .com watch-online-boxing .com
thebetavs .com watch-sports-network .com
thegasavs .com watch-superbowl-online .com
thegolavs .com watch-ufc-live .com
thelessavs .com watch-ufc-online .com
thelogavs .com watchonline-football .com
togizypad .com website-support .ru
tuwifotiju .com wedytatuxug .com
vehepumac .com wenomepodipiby .com
virafix .com wiqesidavevod .com
vkodewol .cn wirybidyzufij .com
vsefurug .cn xeruraxagum .com
vtuyocew .cn xifuzakotyk .com
wetyotix .cn ximeqeteporaco .com
wihoraqite .com xisohyrydily .com
wupnb .com xynixucujeduru .com
xajizukoxo .com zizudadidura .com
yupbn .com zizyhaqizod .com
zyejanag .cn zymaqamusowibu .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Important update — koobface, exploit domains

Posted on July 15th, 2010 in 0day,exploit,koobface,New Domains by dglosser

source include isc.sans.org, ddanchev.blogspot.com,x.maldb.com, blog.unmaskparasites.com:

abrie .in oserr .in
agros .in osmac .in
alldh .in ospor .in
alodh .in ossce .in
anrio .in ossio .in
antsd .in ostab .in
aoxtv .in ostac .in
appsd .in ostio .in
aquui .in ostom .in
arrie .in ouned .in
balsd .in purnv .in
barui .in pxdmx .in
bikey .in ragew .in
bkpuo .in rekey .in
bleui .in saled .in
brayx .in sated .in
broyx .in scoos .in
bryhw .in sdali .in
butui .in sdall .in
butuo .in sdayb .in
butyx .in sdaye .in
cated .in sdayo .in
cedhw .in sdene .in
chrie .in sdich .in
chrio .in sdome .in
cirui .in seedw .in
clrio .in smoed .in
cogoo .in soted .in
conuo .in spios .in
conyx .in spkey .in
corie .in sunyx .in
curie .in sydos .in
cusnv .in teaed .in
czkey .in thynv .in
degoo .in ugiyx .in
dennv .in uinei .in
dugoo .in uinge .in
eagoo .in uiren .in
eboyx .in uirin .in
ecrio .in uisap .in
ectuo .in uisee .in
edbal .in uisma .in
edban .in uitem .in
ederc .in uithi .in
ederm .in uityp .in
edger .in uityr .in
edimp .in varyx .in
edois .in veged .in
elrio .in wakey .in
enguo .in whasd .in
eprio .in wimed .in
eqrio .in woonv .in
fakey .in yokey .in
fibnv .in yxial .in
foryx .in yxiam .in
franv .in allxt .com
fraos .in stteop .in
garie .in coparli .com
glouo .in gutyeaz .com
guinv .in hitinto .com
habsd .in pantscow .ru
hecuo .in bizenable .com
hekey .in dyayxsgsv .net
humos .in ktkelzrwqgq .com
hygos .in s3xme1fucan .com
hyrie .in myantivirsplus .org
imbos .in my-antivirsplus .org
ionnv .in rooty .crabdance .com
jamsd .in my-protectonline .org
kykey .in sysprotectonline .org
latuo .in my-antivirus-plus .org
leunv .in my-protect-online .org
linuo .in sys-protectonline .org
liuyx .in fastscanner-online .org
makey .in ilio01ili1 .comappsd .in
moosd .in sandra .prichaonica .com

gumblar, koobface, and other nasty domains

Posted on July 14th, 2010 in gumblar,koobface,New Domains,Trojans by dglosser

Sources include support.clean-mx.de, safeweb.norton.com,blog.unmaskparasites.com, ddanchev.blogspot.com:

gpgp .ws 4info-tools .com
gsv1 .de anvietmedia .com
rks1 .de bangkokfood .com
brusd .in bmplaces .msk .ru
mn2x .com fastradotop .com
naty .org sub .downs .co .kr
nvild .in amriflooring .com
volnv .in apadanagroups .ir
analys .ru bcs-construct .be
avj .co .in musitalentos .com
mbu .ac .th nuklearartist .de
ses99s .cn pds18 .egloos .com
angelas .in averiwarefree .com
bestway .cz bharticouncil .com
blschd .com scrapper-site .net
bookav .net smarttrain .edu .vn
euracom .de video-codec .co .tv
sitasa .com assiouty-group .com
bobscopy .ca bellsdirectory .com
so2alak .com usa-horse-club .org
ttqipai .com aliss .al .funpic .org
anujinfo .com artalepwellness .com
assurline .fr barista-italiano .nl
dong69 .co .kr vot-takie-pirogi .in
kungfu .co .il cams2010 .unlugar .com
lokexawan .cn free-best-movies .com
novostar .com polotele .fileave .com
blackcreekstudios .com
video1you .in gokartsvordirekt .info
zhajinhua .cc ankaragunesnakliyat .com
20iamback .com 0checkingyourtraffic .com
atelieray .com 10checkingyourtraffic .com
bantontan .com 20checkingyourtraffic .com
flvdirect .com 30checkingyourtraffic .com
hiphop .web .id 40checkingyourtraffic .com
masconazo .com 60checkingyourtraffic .com
noplumber .com 70checkingyourtraffic .com
prehastven .in 80checkingyourtraffic .com
tc2000 .com .ar 90checkingyourtraffic .com
areasdm .com .ar clientconfig .passport .net
arekosicki .com themasterscourtestate .com
bellsworld .com thetriumphantministry .com
bestinporn .com suelenmodas .web47 .f1 .k8 .com .br
bestlavori .com yourgooglesuperanalytics .co .cc

The malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

May 23 Update: koobface,fastflux,zbot,zeus domains

Posted on May 23rd, 2010 in exploit,fastflux,koobface,New Domains,Trojans,zeus,zlob by dglosser

Over 250 new domains associated with zbot, zeus,torpig,neosploit, koobface and other maliciousness. Sources include ddanchev.blogspot.com, atlas.arbor.net/summary/fastflux, www.malc0de.com, zeustracker.abuse.ch:

jjll .ru cribrejist .kz
ijll .ru habibaksa .net
n9uo .com hesneclimi .ru
v3p2 .com hulejsoops .ru
b1xs .com img4453945 .com
irnis .net kh76t .3322 .org
notkey .ru magic-dieta .ru
u678 .info medicinada .com
zipbin .ru nonstopsen .com
123m .info nyfrizymiq .net
illmap .ru petquestion .ru
ledorga .fr powerbarrel .ru
missgin .ru radicalgirl .ru
nearzit .ru redspinster .ru
nettps .net sleepydream .ru
noknack .ru southernpeg .ru
nothill .ru tameconcert .ru
oddbabe .ru tenthprofit .ru
petlips .ru torncurrent .ru
petwife .ru updt334221 .com
radtune .ru validbanner .ru
rareelf .ru av-special .net
tapclip .ru dating-spot .ru
tornmum .ru haveitornot .ru
usetune .ru kghxpwukvif .com
void99 .com like-me-web .com
evilpal .ru mabhkkemvif .com
freeipg .ru mamapapalol .com
kettych .com mondaybubble .ru
lazyloss .ru netgomarket .com
lessjazz .ru obele-chuka .com
lostdeed .ru ohjeugbomlc .com
lovemine .ru oldpresident .ru
mildroom .ru relaxedgrape .ru
miniarms .ru siliconemist .ru
nosypipe .ru skepticalpub .ru
onebeard .ru springarctic .ru
ourriver .ru tenderavatar .ru
pangreed .ru terminalpoem .ru
pinkhack .ru trendsecure .com
radjoker .ru valuablemind .ru
richsign .ru wtopcompany .biz
rmtiw324 .ru xee1aeph2aay .kz
roundpad .ru 1gb-scanner .com
saltysky .ru 2gb-scanner .com
sparemat .ru 2mb-scanner .com
spotsnow .ru 3gb-scanner .com
suavepad .ru 3mb-scanner .com
surechip .ru 4gb-scanner .com
tartshow .ru 4mb-scanner .com
tastysea .ru 5gb-scanner .com
vasttune .ru 5mb-scanner .com
wantdive .ru 6mb-scanner .com
westlips .ru deewaek4heeh .kz
yoursoap .ru fialfyjfvif .com
zerovir .com holasionweb .com
dieta-24 .ru kakleglo2335 .com
hypoload .in novascanner4 .com
indypages .ru red-xxx-tube .net
innerduck .ru shiftupdate .info
juicyfile .ru stellarshower .ru
latevenom .ru ziniomags .com .cn
leakymaid .ru 12netantispy .com
lightword .ru 13netantispy .com
macroarea .ru 14netantispy .com
micmarket .ru 16netantispy .com
microdoor .ru 1anetantispy .com
ministate .ru 1bnetantispy .com
modelprod .ru 2web-antispy .com
mushylion .ru 3web-antispy .com
needtempt .ru 4web-antispy .com
noislant .com 5web-antispy .com
onewinter .ru 6web-antispy .com
pearlpole .ru fastsearch .cz .cc
petsample .ru gaihooxaefap .com
prickheal .ru gigapayfosus .com
priorface .ru ielaithereej .com
rarephone .ru k2onlinesatis .com
rattyduck .ru nethabercilik .com
rawshower .ru politicalpoets .ru
redwriter .ru 1webantivirus .com
robot114 .com 2webantivirus .com
romantube .ru 3webantivirus .com
roundgain .ru 4webantivirus .com
roundhour .ru 5webantivirus .com
roundroad .ru awebantivirus .com
s1system .com awindows-scan .com
scaryloss .ru cwebantivirus .com
secretaxe .ru dwebantivirus .com
shinyrock .ru ewebantivirus .com
shortfeet .ru fivefingers31 .org
slickfilm .ru oldcarsforrent .com
smallbars .ru shiftsoftware .info
softstage .ru ultimatecomfort .ru
soggyzero .ru webpregnantget .com
soreentry .ru 1gig-antivirus .com
soundrisk .ru 20gb-antivirus .com
spellload .ru 2gig-antivirus .com
spicyyear .ru 30gb-antivirus .com
stuckdate .ru 3gig-antivirus .com
stuffstep .ru 40gb-antivirus .com
tangystar .ru 4gig-antivirus .com
telechart .ru 50gb-antivirus .com
validfolk .ru 5gig-antivirus .com
vastdiary .ru 60gb-antivirus .com
videohubb .in bprotectsystem .com
weakimage .ru drugs-prostore .com
wearyyear .ru getdrugs-store .com
worstfuel .ru mypc-services10 .com
wutrinfe .com phpgrinchalina5 .com
yourmoose .ru 8my-antispyware .com
comandav .com navigationquebec .com
iomegaone .com 0web-antispyware .com
labelstare .ru 3web-antispyware .com
lunchscone .ru 7web-antispyware .com
mondayring .ru aweb-antispyware .com
priorsmell .ru img410 .imageshacks .in
roundmaker .ru smartsupersecurity .com
saltyriver .ru webguardyourpc-33p .net
sparechief .ru englishbusinessok .info
spicyledge .ru rs358l32 .rapidshare .com
stallshare .ru securityinternacces .com
subroyalty .ru gestionmunicipal .org .py
tightspace .ru ownload-hosting-free .biz
urbandream .ru 1zabslwvn538n4i5tcjl .com
vastinsect .ru chakra .master-networking .net
vastobject .ru haijeihefoobeekahkohweto .com
wovenshelf .ru

koobface, fastflux, scareware domains to block

Posted on January 1st, 2010 in exploit,fastflux,New Domains,Trojans by dglosser

Sources:     atlas.arbor.net, ddanchev.blogspot.com, safebrowsing.clients.google.com, www.malwaredomainlist.com and others:

2010scannera1 .com antispywareformac .com
ardeana-couture .com antivirustooledit .com
artificial2010 .com antyspyvarescanshop .com
bestparty2009 .com antyvirusinstrument .com
bestparty2010 .com antyvirusserviceblog .com
bestpffers2010 .com armyprotection001 .com
bestyearparty .com armyprotection009 .com
epilot .com armyprotection4 .com
eremovemondo .com attention-scanner .com
freeserials .spb .ru best-antivirus9 .com
homescanstores .com best-wishes-design .com
hter4ree .com bestantispywaresoft .com
hter4req .net bestdiscounts2010 .com
hter4ret .net bestsecuritymall .com
hter4rew .com celebrate-designs .com
linux-rootkit .com celebrate2009year .com
malwaretake .com happy-newyear2010 .com
megascannera .com internetproscanm .com
megasecurityl .com internetproscanq .com
megasecurityp .com internetproscanr .com
megasecurityq .com internetproscanw .com
mstopantivir .com internetproscany .com
nei28 .com lindaagora .150m .com
netantivirus .net malwarescanguide .com
netscapeweb .org mcafeevirusremover .com
njoykorea .com net-download-free .net
not99 .biz newholidaydesigns .com
ns-srv10 .com newyearandsanta .com
oboy25 .cn newyeardesgings .com
onlinegames25 .net ny-federalreservebank .net
onlinewebhits .com online-defense7 .com
orbapou .net online-securtiyv1 .com
os-guard2010 .com online-securtiyv4 .com
owndefender .com online-securtiyv5 .com
partner777 .net onlineantimalwareworld .com
pc-securityv4 .com onlinesecurityn1 .com
pc-securityv6 .com onlinesecurityn2 .com
pc-securityv8 .com onlinesecurityn3 .com
pca .uub .cc onlinesecurityn4 .com
pchomei5 .info onlinesecurityn5 .com
pozemle .cn onlineviruskilla0 .com
qzeo-ad .info onlineviruskilla2 .com
rubber-plant .cn onlineviruskilla4 .com
rulzan .com onlineviruskilla6 .com
safescannern1 .com onlineviruskilla8 .com
scan-spyware2 .com os-guardpro2009 .com
scanfreeonline .com os-guardpro2010 .com
scannetinc .com pc-scanner-2012 .net
scykocn .net personalprotectorv2 .net
securitysofts .net pinballpublishernetwork .com
tcp3 .com publicsecuritygroup .com
ter3awqlvr .com .pl pxcallcentercareersx333 .com
ter3awqlwt .com .pl removevirustoolonline .com
themalwarescan .com santa-christmas2010 .com
topscan2 .com securityonlineforum .net
trojanread .com securitysoftblog .com
ustreasurynet .net snowandchristmas .com
vinfoonline .com spywareremovediretto .com
virus-pcscan .com superprotection3 .com
websafetybox .com theantivirusfree .com
westflashdate .com thebestantispys .com
winguardsite .com thebestantispywarei .com
winscanner18 .com thebestantivirusa .com
y7y66yd .com .pl thebestantivirusb .com
y7y66yg .com .pl thebestantivirusg .com
y7y66yj .com .pl thebestantivirusr .com
y7y66yu .com .pl thecreativevirus .com
yeartiger .cn transportvirustool .com
yourchecksun .com virtualemediasoft .com
z1-scanner .com weststartelecom .com
z6scanner .com winrescueupdate .com
z7scanner .com worldprotection .net
zguard-data .com your-protection8 .com
zguarddata .com

The malware block lists here are provided for free for noncommercial use as part of the fight against malware. Please help to keep this site free! Donate whatever you can, all donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgement, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…