Feed

bankpatch, blackenergy, htaccess redirects…

Posted on March 22nd, 2012 in iframes,malvertising,New Domains,rogue antivirus,Trojans,zeus,zlob by dglosser

Add over 190 domains associated with iframes, malicious javascripts, htaccess redirects, malvertising, etc. Sources include sucuri.net, safebrowsing.clients.google.com, iseclab.org and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Another Huge Update: 220+ Ramnit, Rogue, Zbot Domains

Posted on January 19th, 2012 in New Domains,rogue antivirus,Trojans,zlob by dglosser

Added over 220 domains associated with zbot-bgz, rogue, ramnit and other badness. Sources include contagiodump.blogspot.com (thanks Kevin), www.sophos.com. Please update your blocklists/sinkhole according to our Terms of Use.

zeus, nachaspam, fastflux domains

Posted on December 18th, 2011 in malspam,New Domains,Trojans,zeus,zlob by dglosser

Added domains associated with advance-fee scams, fast-flux botnet, Lockemall, nashaspam, etc. Sources include zeustracker.abuse.ch, www.malwaredomainlist.com, securehomenetworks.blogspot.com, boiler-rooms.org (every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Artro, bestpack, morto, zbot domains

Posted on August 31st, 2011 in exploit,New Domains,Trojans,zeus,zlob by dglosser

Added 240 domains associated with zbot, morto. bestpack, etc. Sources include www.spamhaus.org, www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.asp, www.emergingthreats.net, malwareurl.com

(Every source is  listed in the domains.txt file)…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

zbot, trojans, Ponmocup, drivebys… so it goes

Posted on August 24th, 2011 in New Domains,rogue antivirus,Trojans,zlob by dglosser

192 domains associated with zbot, ponmocup, drivebys, spyeye… Sources include amada.abuse.ch, www.emergingthreats.net, www.malwareurl.com (Every source is  listed in the domains.txt file)…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

,

Moneymule domains, malicious domains, trojans, etc.

Posted on June 6th, 2011 in MoneyMule,New Domains,Trojans,zeus,zlob by dglosser

Added 182 dirty domains from securehomenetworks.blogspot.com, vxvault.siri-urz.net, ddanchev.blogspot.com and others (Every source is  listed in the domains.txt file):

2n6h .co .cc 1glacisgroup-llc .net
3atlanta-uk .com 92cfa9e0 .b8r4 .org
5dali-style .com 983723315nwelle .cz .cc
7lrkvy .co .cc abodefllash .co .cc
aaaholic .com abodeplugin .co .cc
asdaqr15 .com adobecodec-01 .co .tv
atlantaltd-uk .cc adobecodec-02 .co .tv
avgenup .in angielskidlarodzicow .pl
benanshell .cz .cc aprotest-avi2011 .co .cc
bnhapeirud .co .cc atlanta-ltd-uk .net
bqtuhwhm .ce .ms blitznet-groupinc .cc
buzadora .cz .cc chirnsideandren .cx .cc
digibeetlesop .ru clickjacksonville .org
docmoo .ce .ms dalistyle-group .cc
domofro .cz .cc defender-beaxz .in
ecvcallise .co .cc defender-fdjez .in
esscleaner .com defender-nessc .in
ezzo .ce .ms derwoode-group .com
fastscandn-pc .tk derwoode-group .net
flash-02 .co .tv essclean-online .com
flashplugins .net freeopenscanerpo .in
fmoo .ce .ms grandao2010 .qipim .ru
frozyn .info gwgwrhtetretnt .com
gb-offers .com helpmedownload .com
geceeroe .ce .ms hkjhcgaidiiii .com
geelh .ce .ms hot-mp3download .com
gulrva .cz .cc hotmp3-download .com
gxdowzsz .ce .ms hsghyturrerefg .com
hnifuzof .cn hypnosis-guide-pro .com
homerev-sys .com idownload-istore-music .com
homerev2-sys .com idownload-istore .com
hsovolih .cn idownload-store-music .com
i-tvdish .com idownload-tunesmusic .com
infofraud .net image-editor-download .com
it-amira .net immigration-in-us .org
it-serviceltd .be imusic-download .com
itamira-de .com imusic-store-downloads .com
itserv-de .co ketchersode .ce .ms
jahn-siegen .de lasfotosmasnice .com
kade-group .com livesports-network .com
kzqacegd .cz .cc livestreamdirect .com
letbeservice .ru masterart-group .com
macwinsoft .net mobiledownloads-pro .com
markizac .com moonsgootlasynch .co .cc
mcmonnes .ce .ms movie-downloads-direct .com
medi-fix .com movie-downloadsnow .com
mendryltd .com moviedownloads-pro .com
miliardov .com mp3-downloadingnet .com
mnuyspe .co .be mp3download-net .com
mp3-depot .com mp3downloadhq .com
mp3-share .us mp3downloading-net .com
mp3helpdesk .com mp3sectionentitled .com
mscser .ru music-d0wnload-center .com
mstoolkit .com music-idownloads .com
music-folia .com music-istore-downloads .com
myfghavs .com music-moviesnetwork .com
newbiz10news .com music-new-downloads .com
newbiz1cash .com namebuypicture .cn
newbiz1news .com natspot-serve .com
newbiz2news .com newantivirusdownloads .com
newbiz3news .com newest-version-download .com
newbiz4news .com newflash10news .com
newbiz5news .com officesuite-download .com
newbiz6news .com parlen-group-usa .com
newbiz7news .com parlen-groupllc .com
newbiz8news .com parlengroupllc .net
newbiz9news .com protectantivscanfree1 .com
npeyugux .cn quad-it-group .com
palazziogt .ru quinta-groupus .com
phonezero .com .br rextechinnovation .com
quad-groupuk .cc rextechltd-us .com
quinta-llc .net schwendonger .ce .ms
quintagroup .cc searchalphabet .org
raucherhimmel .de special-art-ltd .com
rbomce .com special-art-uk .cc
rextechltd .cc targetmarketgroup-llc .cc
sadone .ce .ms taskmalbbunde .co .cc
searchant .org thebestscannerdha .l2x .eu
searchatom .org tingdjibmar .ce .ms
searchbegan .org traffic-4webmaster .com
sroxcwoa .ce .ms upperblackeddy4 .cz .cc
stillmate .co .cc vci01 .appbundler .net
subdom25 .com virusprotection24 .com
sublime-ltd .net vnsproject-de .cc
tyodi .com von90qr8ft .cz .cc
videocrazy .cx .cc vortex-llc-uk .net
wexct .info vortexllc-uk .com
woedmonn .ce .ms wayuvaga111 .vv .cc
xbx .tw web-fotogallery .be
xhyjl .cn witayeno111 .cz .cc
xmycelebs .co .cc worksappmedia .in
yahbesvyt .com youtubeonline .net

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

<TR><TD>2n6h .co .cc</TD>  <TD>1glacisgroup-llc .net</TD></TR>
<TR><TD>3atlanta-uk .com</TD>  <TD>92cfa9e0 .b8r4 .org</TD></TR>
<TR><TD>5dali-style .com</TD>  <TD>983723315nwelle .cz .cc</TD></TR>
<TR><TD>7lrkvy .co .cc</TD>  <TD>abodefllash .co .cc</TD></TR>
<TR><TD>aaaholic .com</TD>  <TD>abodeplugin .co .cc</TD></TR>
<TR><TD>asdaqr15 .com</TD>  <TD>adobecodec-01 .co .tv</TD></TR>
<TR><TD>atlantaltd-uk .cc</TD>  <TD>adobecodec-02 .co .tv</TD></TR>
<TR><TD>avgenup .in</TD>  <TD>angielskidlarodzicow .pl</TD></TR>
<TR><TD>benanshell .cz .cc</TD>  <TD>aprotest-avi2011 .co .cc</TD></TR>
<TR><TD>bnhapeirud .co .cc</TD>  <TD>atlanta-ltd-uk .net</TD></TR>
<TR><TD>bqtuhwhm .ce .ms</TD>  <TD>blitznet-groupinc .cc</TD></TR>
<TR><TD>buzadora .cz .cc</TD>  <TD>chirnsideandren .cx .cc</TD></TR>
<TR><TD>digibeetlesop .ru</TD>  <TD>clickjacksonville .org</TD></TR>
<TR><TD>docmoo .ce .ms</TD>  <TD>dalistyle-group .cc</TD></TR>
<TR><TD>domofro .cz .cc</TD>  <TD>defender-beaxz .in</TD></TR>
<TR><TD>ecvcallise .co .cc</TD>  <TD>defender-fdjez .in</TD></TR>
<TR><TD>esscleaner .com</TD>  <TD>defender-nessc .in</TD></TR>
<TR><TD>ezzo .ce .ms</TD>  <TD>derwoode-group .com</TD></TR>
<TR><TD>fastscandn-pc .tk</TD>  <TD>derwoode-group .net</TD></TR>
<TR><TD>flash-02 .co .tv</TD>  <TD>essclean-online .com</TD></TR>
<TR><TD>flashplugins .net</TD>  <TD>freeopenscanerpo .in</TD></TR>
<TR><TD>fmoo .ce .ms</TD>  <TD>grandao2010 .qipim .ru</TD></TR>
<TR><TD>frozyn .info</TD>  <TD>gwgwrhtetretnt .com</TD></TR>
<TR><TD>gb-offers .com</TD>  <TD>helpmedownload .com</TD></TR>
<TR><TD>geceeroe .ce .ms</TD>  <TD>hkjhcgaidiiii .com</TD></TR>
<TR><TD>geelh .ce .ms</TD>  <TD>hot-mp3download .com</TD></TR>
<TR><TD>gulrva .cz .cc</TD>  <TD>hotmp3-download .com</TD></TR>
<TR><TD>gxdowzsz .ce .ms</TD>  <TD>hsghyturrerefg .com</TD></TR>
<TR><TD>hnifuzof .cn</TD>  <TD>hypnosis-guide-pro .com</TD></TR>
<TR><TD>homerev-sys .com</TD>  <TD>idownload-istore-music .com</TD></TR>
<TR><TD>homerev2-sys .com</TD>  <TD>idownload-istore .com</TD></TR>
<TR><TD>hsovolih .cn</TD>  <TD>idownload-store-music .com</TD></TR>
<TR><TD>i-tvdish .com</TD>  <TD>idownload-tunesmusic .com</TD></TR>
<TR><TD>infofraud .net</TD>  <TD>image-editor-download .com</TD></TR>
<TR><TD>it-amira .net</TD>  <TD>immigration-in-us .org</TD></TR>
<TR><TD>it-serviceltd .be</TD>  <TD>imusic-download .com</TD></TR>
<TR><TD>itamira-de .com</TD>  <TD>imusic-store-downloads .com</TD></TR>
<TR><TD>itserv-de .co</TD>  <TD>ketchersode .ce .ms</TD></TR>
<TR><TD>jahn-siegen .de</TD>  <TD>lasfotosmasnice .com</TD></TR>
<TR><TD>kade-group .com</TD>  <TD>livesports-network .com</TD></TR>
<TR><TD>kzqacegd .cz .cc</TD>  <TD>livestreamdirect .com</TD></TR>
<TR><TD>letbeservice .ru</TD>  <TD>masterart-group .com</TD></TR>
<TR><TD>macwinsoft .net</TD>  <TD>mobiledownloads-pro .com</TD></TR>
<TR><TD>markizac .com</TD>  <TD>moonsgootlasynch .co .cc</TD></TR>
<TR><TD>mcmonnes .ce .ms</TD>  <TD>movie-downloads-direct .com</TD></TR>
<TR><TD>medi-fix .com</TD>  <TD>movie-downloadsnow .com</TD></TR>
<TR><TD>mendryltd .com</TD>  <TD>moviedownloads-pro .com</TD></TR>
<TR><TD>miliardov .com</TD>  <TD>mp3-downloadingnet .com</TD></TR>
<TR><TD>mnuyspe .co .be</TD>  <TD>mp3download-net .com</TD></TR>
<TR><TD>mp3-depot .com</TD>  <TD>mp3downloadhq .com</TD></TR>
<TR><TD>mp3-share .us</TD>  <TD>mp3downloading-net .com</TD></TR>
<TR><TD>mp3helpdesk .com</TD>  <TD>mp3sectionentitled .com</TD></TR>
<TR><TD>mscser .ru</TD>  <TD>music-d0wnload-center .com</TD></TR>
<TR><TD>mstoolkit .com</TD>  <TD>music-idownloads .com</TD></TR>
<TR><TD>music-folia .com</TD>  <TD>music-istore-downloads .com</TD></TR>
<TR><TD>myfghavs .com</TD>  <TD>music-moviesnetwork .com</TD></TR>
<TR><TD>newbiz10news .com</TD>  <TD>music-new-downloads .com</TD></TR>
<TR><TD>newbiz1cash .com</TD>  <TD>namebuypicture .cn</TD></TR>
<TR><TD>newbiz1news .com</TD>  <TD>natspot-serve .com</TD></TR>
<TR><TD>newbiz2news .com</TD>  <TD>newantivirusdownloads .com</TD></TR>
<TR><TD>newbiz3news .com</TD>  <TD>newest-version-download .com</TD></TR>
<TR><TD>newbiz4news .com</TD>  <TD>newflash10news .com</TD></TR>
<TR><TD>newbiz5news .com</TD>  <TD>officesuite-download .com</TD></TR>
<TR><TD>newbiz6news .com</TD>  <TD>parlen-group-usa .com</TD></TR>
<TR><TD>newbiz7news .com</TD>  <TD>parlen-groupllc .com</TD></TR>
<TR><TD>newbiz8news .com</TD>  <TD>parlengroupllc .net</TD></TR>
<TR><TD>newbiz9news .com</TD>  <TD>protectantivscanfree1 .com</TD></TR>
<TR><TD>npeyugux .cn</TD>  <TD>quad-it-group .com</TD></TR>
<TR><TD>palazziogt .ru</TD>  <TD>quinta-groupus .com</TD></TR>
<TR><TD>phonezero .com .br</TD>  <TD>rextechinnovation .com</TD></TR>
<TR><TD>quad-groupuk .cc</TD>  <TD>rextechltd-us .com</TD></TR>
<TR><TD>quinta-llc .net</TD>  <TD>schwendonger .ce .ms</TD></TR>
<TR><TD>quintagroup .cc</TD>  <TD>searchalphabet .org</TD></TR>
<TR><TD>raucherhimmel .de</TD>  <TD>special-art-ltd .com</TD></TR>
<TR><TD>rbomce .com</TD>  <TD>special-art-uk .cc</TD></TR>
<TR><TD>rextechltd .cc</TD>  <TD>targetmarketgroup-llc .cc</TD></TR>
<TR><TD>sadone .ce .ms</TD>  <TD>taskmalbbunde .co .cc</TD></TR>
<TR><TD>searchant .org</TD>  <TD>thebestscannerdha .l2x .eu</TD></TR>
<TR><TD>searchatom .org</TD>  <TD>tingdjibmar .ce .ms</TD></TR>
<TR><TD>searchbegan .org</TD>  <TD>traffic-4webmaster .com</TD></TR>
<TR><TD>sroxcwoa .ce .ms</TD>  <TD>upperblackeddy4 .cz .cc</TD></TR>
<TR><TD>stillmate .co .cc</TD>  <TD>vci01 .appbundler .net</TD></TR>
<TR><TD>subdom25 .com</TD>  <TD>virusprotection24 .com</TD></TR>
<TR><TD>sublime-ltd .net</TD>  <TD>vnsproject-de .cc</TD></TR>
<TR><TD>tyodi .com</TD>  <TD>von90qr8ft .cz .cc</TD></TR>
<TR><TD>videocrazy .cx .cc</TD>  <TD>vortex-llc-uk .net</TD></TR>
<TR><TD>wexct .info</TD>  <TD>vortexllc-uk .com</TD></TR>
<TR><TD>woedmonn .ce .ms</TD>  <TD>wayuvaga111 .vv .cc</TD></TR>
<TR><TD>xbx .tw</TD>  <TD>web-fotogallery .be</TD></TR>
<TR><TD>xhyjl .cn</TD>  <TD>witayeno111 .cz .cc</TD></TR>
<TR><TD>xmycelebs .co .cc</TD>  <TD>worksappmedia .in</TD></TR>
<TR><TD>yahbesvyt .com</TD>  <TD>youtubeonline .net</TD></TR>

exploit kit, fake av, zeus domains

Posted on April 20th, 2011 in exploit,New Domains,rogue antivirus,zeus by dglosser

Domains associated with rogue/fake av, zeus, brandjackers were added. Sources include amada.abuse.ch, safebrowsing.google.com, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file):

21vokglb .cn 0-0-0-0-0-0-0-0-0-0-0-0-0-55-0-0-0-0-0-0-0-0-0-0-0-0-0 .info
81hja01aala .com businessyahoo .info
altacomputer .info cheapscannerprotectionxp .com
ancamera .com diagnosticscannerprotectionwin .com
antivirvip .com facebook-myspace .cz .cc
apafamaxuhle .org facebook-support .cz .cc
artgoogle .info freeantivirus .3dn .ru
autovaccine .co .kr hjoswzcjp1080tx .com
batqr019k-a .com hnvcflstx1292bdj .com
blogjoker .info hnvcflstx1292bdj .net
bookgoog .info hpvvxzgll1326ubg .com
bybyvysugot .com hqyfilssa1343hnt .com
casinolove .info hqyfilssa1343hnt .net
ccgslb .net ikqzaaghpx1394fl .com
clck .ru ikqzaaghpx1394fl .net
cleancop .co .kr injoy-softscan .net
cubyzawawezy .com just-free-soft14 .com
culuguwydiwy .com just-free-soft15 .net
dieuduongviet .net just-scanprotection .net
divxfreecodec .com justscansoft30 .com
esthisisel .gr justscansoft31 .net
free-porn .cz .cc laststuff-master .net
ghdsah34 .cz .cc laststuffholder .net
googdigital .info lastyour-guard .com
googgames .info mainsoftscanner45 .com
googglle .org mainsoftscanner46 .net
googleyou .info modern-protectav .net
googwin .info monoprotection .com
goptres .co .cc most-popularav .net
ha81naoo0o0 .com my-firstavprotect .com
hop-sing-rot .com my-firstavprotection .net
hop-sing-rot .net my-free-protection26 .com
hop-singrot .com my-free-protection27 .net
hop-singrot .net netrclernaxsecure .com
hope-soft50 .com netstableprotect .com
hope-soft51 .net netwoking-guard-solutions .net
ieshopguide .net network-antivirusprotection .net
incmaters .cz .cc network-diffenderav .net
jg7ifkjh .cz .cc quickscanantivfree .com
jucebuqag .com quickscanantivwin .com
justopensoft .net scan-er-antivn-oew .com
kozugyziqyze .com scanagainantivir .com
kumebyduwuvoc .com scanagainantivirusclient .com
lasthopesoft .net scanagainantivirusprotection .com
lastpc-master .com scanagainantivirusreviews .com
lastpc-master .net scanagainantivirusscan .com
lastpcguard .com scanagainantivirustools .com
lastpcguard .net scanagainantivirusupdates .com
lbje003e .cz .cc scanagainantivirusvirus .com
lololoka .cz .cc scanangryagainantivir .com
mguardlab .net scanangryagainantivirus .com
modes-torm .net scanantbiteivfree .com
modwyn .cz .cc scanantfarmivfree .com
netguardav .net scanantivwcarsin .com
netownsecure .com scanantivwdealerin .com
netrosmsecure .com scanantivwdriversin .com
nettussecure .com scanborsanerantv .com
netupitsecure .com scandanceagainantivir .com
onmuz .com scanguardianerantv .com
oyaeby .cz .cc scanonline-computer .net
paysys .co .kr scanprotectionexpertssoft .com
pepabahaturap .com scanprotectionfiltersoft .com
puldorpond .com scanprotectionkansassoft .com
pulse23 .cz .cc scanprotectiontoolssoft .com
qi56 .co .cc secureonlineweb .su
qodikowyfiv .com top-yourchecker .com
qqhe .com top-yourholder .net
realvaccine .co .kr topcleansentinel .net
relaax .co .cc topdrive-guard .com
rouyangw .com topdrive-master .net
scanantivfree .com topfile-holder .com
sexgoogle .info topfile-keeper .net
sexok .net topinternet-checker .com
supervaccin .com topnetwork-foryou .com
tempviews .cz .cc unificacaodoreal .com .br
topantivir4u .com veqilakazujago .com
topfile-guard .net webwinantivirusxp .com
topfileguard .com winantiagencyxp .com
trx .cz .cc winantivirusnowgophers .com
vaccinecore .com winantivirusnowkovalchuk .com
webtoonroom .com winantivirusnowonline .com
widpia .net winantivirusxponline .com
xeguwywas .com winantivirusxptournament .com
zuxejokyhosu .com zippfree .webng .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


May 23 Update: koobface,fastflux,zbot,zeus domains

Posted on May 23rd, 2010 in exploit,fastflux,koobface,New Domains,Trojans,zeus,zlob by dglosser

Over 250 new domains associated with zbot, zeus,torpig,neosploit, koobface and other maliciousness. Sources include ddanchev.blogspot.com, atlas.arbor.net/summary/fastflux, www.malc0de.com, zeustracker.abuse.ch:

jjll .ru cribrejist .kz
ijll .ru habibaksa .net
n9uo .com hesneclimi .ru
v3p2 .com hulejsoops .ru
b1xs .com img4453945 .com
irnis .net kh76t .3322 .org
notkey .ru magic-dieta .ru
u678 .info medicinada .com
zipbin .ru nonstopsen .com
123m .info nyfrizymiq .net
illmap .ru petquestion .ru
ledorga .fr powerbarrel .ru
missgin .ru radicalgirl .ru
nearzit .ru redspinster .ru
nettps .net sleepydream .ru
noknack .ru southernpeg .ru
nothill .ru tameconcert .ru
oddbabe .ru tenthprofit .ru
petlips .ru torncurrent .ru
petwife .ru updt334221 .com
radtune .ru validbanner .ru
rareelf .ru av-special .net
tapclip .ru dating-spot .ru
tornmum .ru haveitornot .ru
usetune .ru kghxpwukvif .com
void99 .com like-me-web .com
evilpal .ru mabhkkemvif .com
freeipg .ru mamapapalol .com
kettych .com mondaybubble .ru
lazyloss .ru netgomarket .com
lessjazz .ru obele-chuka .com
lostdeed .ru ohjeugbomlc .com
lovemine .ru oldpresident .ru
mildroom .ru relaxedgrape .ru
miniarms .ru siliconemist .ru
nosypipe .ru skepticalpub .ru
onebeard .ru springarctic .ru
ourriver .ru tenderavatar .ru
pangreed .ru terminalpoem .ru
pinkhack .ru trendsecure .com
radjoker .ru valuablemind .ru
richsign .ru wtopcompany .biz
rmtiw324 .ru xee1aeph2aay .kz
roundpad .ru 1gb-scanner .com
saltysky .ru 2gb-scanner .com
sparemat .ru 2mb-scanner .com
spotsnow .ru 3gb-scanner .com
suavepad .ru 3mb-scanner .com
surechip .ru 4gb-scanner .com
tartshow .ru 4mb-scanner .com
tastysea .ru 5gb-scanner .com
vasttune .ru 5mb-scanner .com
wantdive .ru 6mb-scanner .com
westlips .ru deewaek4heeh .kz
yoursoap .ru fialfyjfvif .com
zerovir .com holasionweb .com
dieta-24 .ru kakleglo2335 .com
hypoload .in novascanner4 .com
indypages .ru red-xxx-tube .net
innerduck .ru shiftupdate .info
juicyfile .ru stellarshower .ru
latevenom .ru ziniomags .com .cn
leakymaid .ru 12netantispy .com
lightword .ru 13netantispy .com
macroarea .ru 14netantispy .com
micmarket .ru 16netantispy .com
microdoor .ru 1anetantispy .com
ministate .ru 1bnetantispy .com
modelprod .ru 2web-antispy .com
mushylion .ru 3web-antispy .com
needtempt .ru 4web-antispy .com
noislant .com 5web-antispy .com
onewinter .ru 6web-antispy .com
pearlpole .ru fastsearch .cz .cc
petsample .ru gaihooxaefap .com
prickheal .ru gigapayfosus .com
priorface .ru ielaithereej .com
rarephone .ru k2onlinesatis .com
rattyduck .ru nethabercilik .com
rawshower .ru politicalpoets .ru
redwriter .ru 1webantivirus .com
robot114 .com 2webantivirus .com
romantube .ru 3webantivirus .com
roundgain .ru 4webantivirus .com
roundhour .ru 5webantivirus .com
roundroad .ru awebantivirus .com
s1system .com awindows-scan .com
scaryloss .ru cwebantivirus .com
secretaxe .ru dwebantivirus .com
shinyrock .ru ewebantivirus .com
shortfeet .ru fivefingers31 .org
slickfilm .ru oldcarsforrent .com
smallbars .ru shiftsoftware .info
softstage .ru ultimatecomfort .ru
soggyzero .ru webpregnantget .com
soreentry .ru 1gig-antivirus .com
soundrisk .ru 20gb-antivirus .com
spellload .ru 2gig-antivirus .com
spicyyear .ru 30gb-antivirus .com
stuckdate .ru 3gig-antivirus .com
stuffstep .ru 40gb-antivirus .com
tangystar .ru 4gig-antivirus .com
telechart .ru 50gb-antivirus .com
validfolk .ru 5gig-antivirus .com
vastdiary .ru 60gb-antivirus .com
videohubb .in bprotectsystem .com
weakimage .ru drugs-prostore .com
wearyyear .ru getdrugs-store .com
worstfuel .ru mypc-services10 .com
wutrinfe .com phpgrinchalina5 .com
yourmoose .ru 8my-antispyware .com
comandav .com navigationquebec .com
iomegaone .com 0web-antispyware .com
labelstare .ru 3web-antispyware .com
lunchscone .ru 7web-antispyware .com
mondayring .ru aweb-antispyware .com
priorsmell .ru img410 .imageshacks .in
roundmaker .ru smartsupersecurity .com
saltyriver .ru webguardyourpc-33p .net
sparechief .ru englishbusinessok .info
spicyledge .ru rs358l32 .rapidshare .com
stallshare .ru securityinternacces .com
subroyalty .ru gestionmunicipal .org .py
tightspace .ru ownload-hosting-free .biz
urbandream .ru 1zabslwvn538n4i5tcjl .com
vastinsect .ru chakra .master-networking .net
vastobject .ru haijeihefoobeekahkohweto .com
wovenshelf .ru

koobface, zeus, rogue, exploit domains to blacklist

Posted on December 22nd, 2009 in exploit,New Domains,sql injection,trojan,zeus by dglosser

Sources include www.malwaredomainlist.com and www.tech-linkblog.com:

2live .be 02def53 .netsolhost .com
3chailave .cn 576966 .283168261 .cn
abbottpainting .com aaskereia-online .de
acbid .org abstateverytime .com
achieve21-121 .cn alexandermolloy .blogspot .com
acid4roll .info alexandertech .co .il
acko .gympl .com allinonesecurity0 .com
admin .bbexe .cn amicableresolutionsintl .com
agrico .sk an-ty-flu-service .com
almetal .de annunciationgsk8 .com
antikeep .com antyvirusaccessory .net
antyk .com .au aparthotel-bellehelene .com
anyhimi .cn axe0911 .freesitespace .net
artguide .co .il beautiteen .hostmaniacs .com
artschwartz .com bestsecurityutility .net
babyprintart .com blainblainprinciotta .blogspot .com
back-n-line .com bluesecurityutility .net
badaosoft .net boerne .nordherde .de
bajwa786inc .com bondgrenmerrill .blogspot .com
bbs .fy80 .cn burgesshillfairtradefestival .org
best-scan .biz celatriantafillos .blogspot .com
bezhyn .com chateaudecoisse .com
bigmart .com .np chevicheviaskins .blogspot .com
bitterlicks .com clients .rootsecure .org
boatnews .eu computer-antivirusb1 .cn
bobband .net cosmeticspermanent .net
businesstech .fr createfinancialstability .com
butikk-senter .no crystaknuf .blogspot .com
cdgi-inc .com customsoftwareupdate .cn
cheapitaly .it decomanufacturing .net
chris25project .cn diamondsbydavids .com
cird .ru dickdickmaigue .blogspot .com
clanscissors .com dinar-cs .real-host .ru
cmpmiami .com directmegastock .info
cold-random312 .cn discoverwellnessweekend .com
corsaire .ch distribuidoraderetentores .com .br
creative71 .eu dolcegabbana .djbormand .cn
ctsrmspos .com elkhamlichiwortham .blogspot .com
cwbnewsonline .cn enardemelynn .blogspot .com
darkshop .co .il estimate-good32-021 .cn
dddcc .com estimate-good32021 .cn
deca200 .net estimategood32-021 .cn
defenderav .com estimategood32021 .cn
doli1 .co .il familyhomes4you .com
dr3yfus .uni .cc farmsecurityutility .net
drygy .mooo .com farukfarukpavlica .blogspot .com
economy .rags .ru fast-sys-downloads .info
el-buy .no fiberopticinstrument .com
emolloy .com flinchumjettejette .blogspot .com
eom .it fosbergchuwei .blogspot .com
eriade .com freesecurityutility .net
erlsoft .in freresbethlehem .org
eshreya .com goldenhillsroseville .com
ewezyod .cn goldhavenlibrary .netfirms .com
eyes .by gordimdemel .xpg .com .br
fampir .cn hiceortalortal .blogspot .com
fsubasket .com illuminators .com .au
gate234 .cn instrumentenschmiede .at
getshealth11 .cn irsanirsanfelber .blogspot .com
getusersvideo .com jugendfeuerwehr-zermatt .ch
ghregypt .com kathmandumutual .com
glyk .ch katrienpillier .blogspot .com
goldlave .cn kibbeykiernan .blogspot .com
gowebsolutions .ca kick-assworkouts .co .uk
gratisprogram .no krissondrabattaile .blogspot .com
gwypg .co .uk kwangkwangcarlstead-chavira .blogspot .com
h0stels .cn larosmontenegro .com
hackershell .org letarebeca .150m .com
hemlytool .com louwiedorthea .blogspot .com
himalonline .com lurettarubalcaba .blogspot .com
homecell368 .co .za malware-scaner .info
hotelthier .at marcilmickymicky .blogspot .com
hotflashmovies .cn maximilian-wachmann .at
icelkumbasar .com mcduffyanabela .blogspot .com
ies .bbexe .cn medomedogerberon .blogspot .com
iksadh .co .im mergex .netfirms .com
india-tours .cn miliabiniam .blogspot .com
moneyversionpro .com
josecure .com moriermubeen .blogspot .com
jost .cc msprotectionscan0 .com
jotya .com myfurnitureshop .freehostia .com
justin1 .cn mywantsapp .iwants .com
justin10 .cn nallelyshortland .blogspot .com
justin11 .cn neisercandala .blogspot .com
justin12 .cn nepaaudubonsociety .org
justin13 .cn neworld .tohosting .net
justin14 .cn newsecurityutility .net
justin15 .cn nntpabusenm .tripod .com
justin2 .cn odgaardleruelerue .blogspot .com
justin4 .cn outofcontrolproducts .com
justin5 .cn pandelidismellonie .blogspot .com
kibs .co .za parachabethbeth .blogspot .com
klimskoe .cn privacy-protect .cn
klopfstein .info prointernetdefence2 .com
krejcovi .com rokstadkeaton .blogspot .com
lao7777 .com royaldefensescan .com
lowrysigns .com secsoft-estore .com
lrearn .com security-estore .com
lwddos .cn securityexternaltools .ne
madcmx .mx securityintelligencetools .net
mannardiocese .com securitytoolsediting .net
mgmcr .net securitytoolslisted .net
milantrezur .com securitytoolsprior .net
mir2games .cn securitytoolsuser .net
mm2dc .com securityutilitybelt .net
moi-meme .com .hk securityutilityblog .net
mwiapps .co .cc securityutilitydisc .net
mymobiguard .com securityutilityonline .net
nazmins .com securityutilitys .net
new-proper .cn securityutilityshop .net
nippontrading .se securityutilitystore .net
ntwira .com securityutilitytoday .net
onderwijsnet .be securityutilitytool .net
optimumorg .com pc-scanner .us
pc-scanner .info

The malware blocklists here are provided for free for noncommercial use as part of the fight against malware.

However, it is time to pay hosting and infrastructure costs once again….

Please help to keep this site free! Donate whatever you can, all donations go to infrastructure and hosting costs.

Also, yearly sponsorships are available. Full acknowledgement, an icon, and link back to your site will be placed in the left sidebar.

190 domains to blacklist

Posted on June 3rd, 2009 in New Domains,rogue antivirus,zlob by dglosser

Sources include blackip.ustc.edu.cn,     www.threatexpert.com, www.malwaredomainlist.com, atlas.arbor.net. Fast flux domains, rogue antivirus domains and lots of other harmful domains:

06la .com .cn 5b2c62 .beladen .net
5566dm .cn advanced-virusremover2009 .com
5yttrre .cn adware-2009 .com
65uttt .cn adwareprofessional .com
7te3 .com antivirusonlinescanv2 .com
9mckde3 .cn antivirus-scanner-v1 .com
9xddw2 .cn arsenal-music .ru
anal-toy .org a-searchbest .com
ang-news .ru backs .thewomanizer .net
asmmnation .com best-antivirus-solution .com
backthoud .com bestlitediscover .cn
basdzsdas .com best-security-tools .com
br .xl .cx claremontfinance .org
brommercon .com counteringate .com
brugeni .net directdownloadcenter .net
c3uconnect .com download .official-emule .com
cao360 .vu .cx downloadsoftwareserver .com
cdouidmvif .com exearchstortage .com
com .se1188 .cn exe-file-project .com
coqhecup .cn exe-soft-portal .com
cracks .vg extrememadhouse .com
cuz-i .com fileuploadinto .ru
cvbdohdrgyr .cn filmovifree .com
defstu .com firex-labz .com
deisvop .net first-antivirus .com
deuagjyvif .com flyappraisals .com
easycracks .net foxionserl .com
em-event .info free-sexy-porn-videos .com
endrizi .com fullclickstats .cn
esafetyweb .com gamepaslog .com
fastbrakes .com ghnpacgvif .com
feruchiman .ru gitchigaming .com
fghnjmdgrse .cn google-credi .cn
fireporno .com gurru-turru1 .com
fjtiili .com gurru-turru2 .com
foxbelive .ru harararara .com
foxproff .com hit-inspector .cn
foxxpriv .ru home-intra .com
gjjiigds .cn hosfikurnellixx .cn
gogenscan .com imageempires .com
goooodbill .cn imagescolor .com
gruzovki .ru indigolife .com .au
happy-fxs .com internetotherwise .com
hftiili .be jagfiuyvif .com
hilotavus .com jspipesanddrums .com
hott-rodd .cn litetopseeksite .cn
hotxasib .cn loved-online-tube .com
iiiyhggd .cn macromedla .com
in4st .com malwarebaseupdate .com
in4tk .com mal-waredoc .com
irate4 .com malware-safe .com
jijiiger .cn masuccessguy .com
jizhouhx .com mcdonaldsuck .com
juste .ru middellton .com
karavan .us moltbedesigns .com
killhhh .cn mysidesearch .com
killmayi .cn network .adsmarket .com
koqsuyod .cn new-exe-area .com
kortech .cn nhatquanglan4 .t35 .com
kstdr .be ocu .tripsstart .cn
kx111 .cn official-emule .com
lin-long .com personalcleaner2009 .com
love78 .cn pld .nailimpro .cn
mamj .ru powerball .3june2009 .com
megabot .cn proantivirusscannerv2 .com
miwcmac .com prostmirkost .net
mybr .xl .cx quickstatistic .com
neglite .com readerszone .com
noadware .net sajobelectronics .com
nw .or .kr search-adverts .net
odmarco .com serial .1serials .com
okijihyg .cn showpromooffer .com
outporn .com soft .qwr11mn .cn
pipicom .com streaming-united .com
proxyrent .cn superfuturbiz .com
quest4goa .com superfuturebiz .com
redir3105 .com teenagersporn .net
s0l1ng3n .com tourprovence .net
sn-gzzx .com trafficgateway1 .in
sosiska .org traffic-searches .cn
sotana .su triton-friendlyclub .com
sqwyt .com twinkthewonderkid .com
tdsblog .ru update-flash .com
thenewpic .com updatesoftserver .com
trffc3 .ru updatesoftwareserver .com
tvnameshop .cn videofx4you1 .com
unmarine .info videosdivx .net
usrvzi .ru vifs .traveltravet .cn
uupmeepvej .cn web-programmersportal .com
wee4wee .ws websecurityread .com
wowneo .cn wwwdegrees .info
xzcjiiyw .cn www-msnspaces .net
yuppistar .ru xindalawyer .com
zbbey .com xxxbestvids .info
zljtl8 .com xxx-tube-2009 .com
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…