sqli: Block Njukol -dot – com
We received a report that there’s a sqli injection going on with njukol . com/ r.php. Please check your web sites and add this to your block or shun list. Original Source: http://ilion.blog47.fc2.com/
Domains and IPs to Block ASAP
Two posts from the Internet Storm Center:
SQL Injection Lilupophilupop style –Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog.
Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block those IP addresses
hostexploit.com top bad hosts – 2012 Q1
We added our friends nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s Q1 report on the top bad hosts. To round things out, we also added domains flagged by sucuri as having malicious javascript or iframes.
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details.
* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs. * These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. * Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”! * Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar. * Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…Urgent Block: nikjju.com and best-antiviruu.de.lv
Sucuri is reporting a new Mass SQL Injection campaign. Sites are infected with the following javascript:
<script src= http://nikjju . com/r.php ></script>
which redirects to Fake/Rogue AV sites such as best-antiviruu. de. lv
Please add these sites to your blocklists and sinkholes ASAP.
Urgent Block: lilupophilupop-dot-com (SQL Injection)
SANs is reporting that there’s a SQLi campaign going on right now with the malicious domain lilupophilupop .com being injected into sites running MSSQL.
We will block that domain on the next update but you shouldn’t wait….
Source: http://isc.sans.edu/diary.html?storyid=12127#comment
SQLi, Fastflux Botnet, Dirt Jumper and more
Added 210 domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, www.malwareurl.com and others
(Every source is listed in the domains.txt file)
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
251 new domains: malvertising, zeus v2.0, spyeye, rogues…
251 new domains added. These domains are associated with Zeus v2.0, spyeye, rogue security, malverising, sql injection.. Sources include tristatelogic.com, vxvault.siri-urz.net, www.spamhaus.org… (Every source is listed in the domains.txt file):
0fees .net 1mmjl3l45lkjbdb .ru 19995588 .com abodeflashplayer .co .tv 27cms .eu act1floral .ce .ms 2ok .cz .cc 4r4 .cz .cc agreement52 .com 9f1 .cz .cc ameryvarlaam .ru aloveb .biz asteriadurrand .cz .cc astro-cash .biz avs-america .com atuno .it avs-industry .com avs-carter .com avs-property .com avs-elite .com avs-solutions .com avs-mobile .com avsdelivery .com avs-nevada .com avsindustry .com avs-prime .com avsphotography .com avs-retail .com avswergroup .com avs-tech .com avswerlakers .com avs-thai .com avsweronline .com avs-tract .com dietacaiberry .net avselite .com dirtyrottenwhore .com avslakers .com djevel00 .fileave .com avsretail .com drricardoyepez .org avstract .com esformofset .com avswer .com europole-formations .fr avswerxp .com financialdeposit .com bumbara .co .cc fkfxzhxxqk .cx .cc csmart .co .kr gaufridboris .ru dmzcamp .com giantsoft .co .kr eaevdgg .cz .cc googlestatick1 .cz .cc ebooksit .com googlestatick2 .cz .cc einemenge .info googlestatick3 .cz .cc elpcez .ce .ms googlestatick4 .cz .cc exbii .com gopinathabengt .ru fd5 .cz .cc hanneke37013 .cz .cc flashloads .net hideomechanic .com frankiees .ru hosting161-flash .redirectme .net frankieeus .ru hqxvideofree .com friskyvids .com idatelyfumiu .linkpc .net gamesbaidu .com img105 .herosh .com getwayshop .ru iooodarauisj .cz .cc goleleila .ir ipatoghdl .cz .cc gwynyasser .ru jasoncmeyer .ce .ms gzjianren .com jdfehxrzsbtrbiju .com h7k .in jh99-v5 .cable-modem .org hzcor .ce .ms kamarovoskolkovo .ru hzw .co .be karabasbaraba .ru jcwbqlj .cz .cc kingofpirates .co .cc ji0ns .com klubnika34his .com jsbanners7 .com kosmodromkan .ru jsbanners8 .com lakersvswer .com jwjmusic .cx .cc lcvjooxjnd .cx .cc kangnam .co .kr multimediamodifydata .in kljygsvbfs .in myobfuscate .com kol0 .com mywebspace1 .tld .tc kombek .org needble-for .findhere .org kposjuhnfs .in nowdonload .co .cc kxpeolxi .cz .cc nvhyaghjsd .cz .cc leonidyonah .ru oeuroiuasd .cz .cc lfug .co .cc officialversion .su myavswer .com ojusdtgfrshd .cz .cc myzhuzi .com olasaqyuijuk .linkpc .net newavswer .com online11news .com newinet .co .cc online11news .ru newtubes .in online12flash .com nxmtv .info online12news .com nyoflak .com online12news .ru oboi-msk .ru online13flash .com on10news .com online13news .com on10news .ru online13news .ru on11news .com online14flash .com on11news .ru online14news .com on12news .com online14news .ru on12news .ru online15flash .com on13news .com online15news .com on13news .ru online15news .ru on14news .ru online16flash .com on15news .ru online16news .com on16news .ru online16news .ru on17news .ru online17news .com on18news .ru online17news .ru on19news .ru online18news .com on1news .com online18news .ru on1news .ru online19news .com on20news .ru online19news .ru on2news .com online20news .ru on2news .ru online2flash .com on3news .com online3flash .com online1news .ru online4flash .com online2news .ru online5flash .com online3news .ru online6flash .com online4news .ru online7flash .com online5news .ru online8flash .com online6news .ru online9flash .com online7news .ru onlinehome-writer .com online8news .ru ouiqweghukas .cz .cc online9news .ru parrisherakles .ru openx .net poqlkanbbbba .cz .cc opopop23 .cz .cc qeuirigasdfg .cz .cc promoads .eu qophjgasg .cz .cc qhnfmmpp .co .cc qwechecksystem .com qwea .cz .cc realdyhelp .rr .nu qzgsl .com rjhomesolutions .com shopgetway .ru sajjadiuppiter .ru slolor .cz .cc sextubecentral .com soptnsa .co .cc sexxeschikkaxxx .serveftp .com star99 .info sexyteenage .net stephanos .ru software-avs .com theavswer .com srtjhasthae1 .cz .cc tnbzrkrm .co .cc statpdomwas .cx .cc tomaromain .ru strongmdefense .findhere .org trackups .org svatebniprani .us ubitorent .com tradekerala .com upsclients .com tubedownloader2010 .com upstrack .net tunes-new-online-downloads .com ushcime .com tvmovie-sale .com vaccineu .com tvsportschannel .com webwarper .net tweeter001 .co .cc whitesmoke .com usps .com .trackr04 .com whitesmoke .us viautytdsfs .cz .cc wogehed .cz .cc videospornodetv .com xdnsrv .com vtqssamktp .cx .cc xrtik .ipq .co wait-50-seconds .cz .cc xts-1a .noc .su web-worldmap .com zalsdre .vv .cc whitesmoke .co .il zamhuxnh .cz .cc ydimefanilyju .linkpc .net zeckzer .ce .ms yhonaguecisy .publicvm .com zojozvrm .co .cc
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Please download files from main mirror: http://mirror1.malwaredomains.com/files/
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
Malvertising, rbn, rogue, sql injection domains
Added over 200 domains associated with malvertising, Rogue/fake security, sql injection, etc. Sources include blog.dynamoo.com, community.websense.com, research.zscaler.com (Every source is listed in the domains.txt file):
azetuair .cc 77-platform .net baooe0 .com badodybeqyk .com baooe1 .com bestbanners1 .in baooe2 .com bestbanners2 .in bazagg .cz .cc bestbanners3 .in bedioger .com bestbanners4 .in bhbdzmjy .co .tv bestbanners5 .in bookaros .com bestbanners6 .in bookarra .com bestbanners7 .in bookdolo .com bestbanners8 .in bookfula .com bestbanners9 .in bookgusa .com bocikivihepiqa .com bookmonn .com bunizywytyg .com bookmono .com clanthefallen .com bookmylo .com creditsofast .com bookpolo .com dead-melpomene .com booksgou .com ecxajgff .co .tv booksoco .com eddddbzm .co .tv bookvivi .com enukunaziha .com bookvoxy .com eqezifebawe .com bookzoul .com farelfusion .com bookzula .com fkejoten .co .tv bqhfvvdn .co .tv gb-offerlist .com c8s2 .com greenhopengo .com cbneehtm .co .tv hamobamaduro .com ccjayplh .co .tv hepotevena .com cjr001 .com herovidacege .com dbonis .com high-webtraffic .com demivee .in hocxhnrl .co .tv divinemeb .com hydezerirevy .com drber0 .com hydyfiliduzun .com drber1 .com ibyfolyzijym .com drber2 .com itzqmiip .co .tv drber3 .com jawynuvejeqini .com drber4 .com jazafibyho .com drber5 .com jiqixylexut .com drber6 .com jujbytqe .co .tv drber7 .com jyviziwopakisy .com drber8 .com keepitunreal .in drber9 .com kolifixewitiq .com dzedshuw .co .tv kovejyvymuzi .com efidaxamo .com lajogitytudaxo .com erdvjn1 .com linuxbanners1 .in erdvjn2 .com linuxbanners4 .in erdvjn6 .com linuxbanners5 .in erdvjn8 .com linuxbanners6 .in erdvjn9 .com linuxbanners7 .in erlvn0 .com lucuhojivinu .com erlvn1 .com mediabulker .com erlvn2 .com mehyqibugyluf .com erlvn3 .com mentorcentral .com erlvn4 .com mentorcentral .net erlvn5 .com milotynabojavo .com erlvn6 .com mipituhamys .com erlvn7 .com misyneqewetypo .com erlvn8 .com msor72-gate1 .vv .cc erlvn9 .com mzpupkqo .co .tv f10 .xl .cx neddhilr .co .tv f8d3 .net okvmodps .co .tv findclear .org orrick-media .eu findstiff .org pacugegyfeheka .com h94 .org pboysxaj .co .tv hurdana .cx .cc pijynazerud .com lawujocot .com pivysegocide .com legse .co .cc premium-support-2011 .com macbanners .in premiumsupport2011 .com mediawork .com qbzaqmse .co .tv nopirekuz .com rblvsbht .co .tv paybal .com rowxhoai .co .tv q9z4 .com rvcxwsmt .co .tv qubmoviez .com sbzjrszn .co .tv rappour .in scoregaskets .com replity .in searchcruel .org ripplig .in searchgrubby .org s9w3 .com smartsecuritybox .com s9w3 .net sositawidapezi .com sgsge0 .com sweetnovelty .com sgsge2 .com tesonugixamys .com sgsge3 .com testosploitron .cx .cc sgsge4 .com thingortwo .com sgsge5 .com tikytudububy .com sgsge6 .com traffic-dc .com sgsge7 .com trjmytqlnhyovlpv .com sgsge8 .com vakatesumuhor .com sgsge9 .com vusysogirebymy .com sharkpork .com vuvamewakoq .com smrbr0 .com vyzaraputifyb .com smrbr3 .com wamikopyzoqah .com smrbr8 .com wekabamysugamy .com smrbr9 .com windowsbanners .in t9i2 .org wkrfgzoc .co .tv t9i3 .com wkydwlkk .co .tv t9i3 .org xazofeberus .com tuartma .in xfrfrwjd .co .tv uev1 .co .cc xipagymofi .com uralgaz .ru xisebozenaj .com uxuvoxogy .com xnnblhid .co .tv videoskk .org zarqqasx .co .tv y8r5 .com zhkeinzr .co .tv yjybocore .com zonsolemonito .com zapppo1 .org zzxfyrru .co .tv zyfovubyv .com
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Please download files from main mirror: http://mirror1.malwaredomains.com/files/
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
Zeus, Scareware, and more fake security domains
lots of fake antivirus domains, zeus, scareware domains. Sources include www.sophos.com, securehomenetworks.blogspot.com, hosts-file.net (Every source is listed in the domains.txt file):
06et .cz .cc alolipololi .osa .pl 0tdsgov .co .cc antivirbestscan .com 13tdsgov .co .cc bestnacha-site-r .info 1tdsgov .co .cc bestsoftquestnus .net 22tdsgov .co .cc bestsoftwurass .net 23tdsgov .co .cc beststuff-master .net 7hitaxodupi .com compactscannerprotectionwin .com 99ip .ru compactscannerprotectionxp .com antivirus .cz .cc compactscannerwinprotection .com bivudywigana .com compactscannerxpprotection .com bkzbkzz .co .cc consumer-protection-ant-iv-scan-xp .com bkzblbk .co .cc consumerprotectionantivscanxp .com bndeu0 .com copy-protection-ant-iv-scan-xp .com bndeu1 .com copyprotectionantivscanxp .com bndeu2 .com copyright-protection-ant-iv-scan-xp .com bndeu3 .com copyrightprotectionantivscanxp .com bndeu4 .com desktopscannerantiv .com bndeu5 .com desktopscannerprotectionfast .com bndeu6 .com desktopscannerprotectionfree .com bndeu7 .com desktopscannerprotectionwin .com bndeu8 .com desktopscannerprotectionxp .com bndeu9 .com desktopscannerwinprotection .com ciluvekypomow .com desktopscannerxpprotection .com dinifuxariqi .com dexojovahazyla .com dioasis .com dygydypinynyx .com dltbkbb .co .cc fine-stuffmaster .net dojewoboji .com fine-your-guard .net dulyfarebacuf .com fine-your-keeper .com e82x .cz .cc fine-yourguard .net eadied .net finedrive-guard .com exposedexbfs .com finedriveholder .net fepigixypo .com finedrivekeeper .net fequxukovo .com finefileguard .com gedynehyze .com finepc-holder .com gehotigyry .com finepc-keeper .com govtds30 .co .cc fowyqypacytucy .com guardedily .com gewexyvunokyk .com guardedise .com giftedvices .cz .cc guardedlart .com gocubadywucyle .com guardedmis .com guardforpc-solutions .com gurydivadu .com guardian-lab-soft .com gygipikalyn .com guardian1-forsec .com gyrahakita .com guardiansec-all .com gyricehagupy .com guardrchiticpc .com gyxyqimacik .com guardsuclonpc .net haeied .net guardsuryousepc .com hahecekis .com guarduggisspc .net hahecekis .net intelbackupsrv .su hand-bending .com jackman-consortium .com hijocyragap .com jajypyzuzidepo .com hireremexyd .com jgjs5jfhdkh .vv .cc hitaxodupi .com jijekoramukiw .com hsd4hrehdh .vv .cc kelacofotacafo .com huzomohidid .com lesykywozebyle .com ivonica .com libynozegokido .com jvcprocessos .com llantasdelpacifico .cl jydosucin .com milrphsrqtqpwtwr .org jyluzovunevu .com nsrnyosqqescloh .net kkojjors .net pe-antivirus .cz .cc koduzuwobow .com pifuxevunawewo .com komeriqoxuri .com progressive-avscan .com ku3 .in protection-for-you .net laiaed .net protection-foryou .com lixumokyfo .com protection-foryourt .net lrvou .info protection-foryousa .net luxury-pride .ru protection-foryoute .net moririnejuf .com protection-foryouti .com movawypig .com protection-foryouty .com mpnewsphoto .com protectionforyou .net muhecuxudy .com punemipaqatyc .com muzyzywupece .com quickscanprotectionsoft .com najelijywar .com quickscanprotectionxp .com nakulpi .net quickscansoftprotection .com nezutepazew .com quickscansoftprotectionxp .com nitodocyri .com r-superengine .com posufejez .com r-superengine .net profi-softac .com r-superengine1 .com protect-x .net r-superengine1 .net puhigygapyhi .com r-superengine2 .com pydehenena .com radiationprotectionantivscanxp .com qebinehuh .com requireapriest .com qyqinisope .com rorylexyzabihy .com r8m .us rubidanyxorun .com retro-7-3 .cz .cc rywoxekomecig .com roskmvnsya .co .be salyzubytedotu .com rrrpzrp .co .cc scan-again-antivirus .com rvonrvw .com scan-er-antivnoew .com scanerjaming .com scan-eranti-vn-oew .com scanerlboter .com scan-eranti-vnoew .com scwiiraq .com scan-erantivn-oew .com secureack .com scan-erantivnoew .com secureain .com scan-protection-soft .com seekerfeed .com scanabsolutelyfreeantivxp .com seodp .info scanadamantivfree .com skc8 .cz .cc scanonline-desktop .net tozibapah .com sec-forguard1 .com traffik113 .ru secure-entired1 .com tsgz .info secure-networks-solutions .com twiitter .ru sesokiqufikeg .com userdoptn .com sisygynilulyh .com uykn .cz .cc sosefekesylafy .com variantov .com sozodikuqulec .com vufekihoto .com supecikasagynu .com vupuhuzyniw .com top-security-guard .net vwrwj6 .com top-stuff-guard .com vydidysur .com top-stuffmaster .net wepiminymu .com top-suite-foryou .com wizyvopyla .com vydevelorabik .com womozedabati .com walireqoxyxyt .com xomedefanace .com xezarecupohyv .com y1jl .cz .cc xumakyzolibuhy .com y4xt .cz .cc xygorinazecit .com zavewuzykubo .com zidacofodafur .com zoo-mpeg .com
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.
Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Please download files from main mirror: http://mirror1.malwaredomains.com/files/
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…