Feed

Site Delisting: lovelypackage.com

Posted on February 11th, 2011 in Removed Domains by dglosser

lovelypackage.com has been delisted and will be removed on the next update.

gumblar, neosploit, mebroot and other malicious domains

Posted on February 10th, 2011 in exploit,gumblar,New Domains,rogue antivirus,Spyeye,Trojans by dglosser

132 malicious sites and domains to add to your blocklist or malware shunlist. Sources include viralerts.com, securehomenetworks.blogspot.com, safebrowsing.google.com (Every source is always listed in the domains.txt file):

67i56y .co .cc 05584b4eff1eaa28 .com
abcfghfadve .com 37bf278f43c6b010 .com
abcfgqfadve .com 3c386b38174d842c .com
akyoma .com 4033da9724eed79f .com
edgeopia .in 43284729394324324 .com
fajowe .ovh .org 4db3fbcf385b84a7 .com
fnyoga .biz 5831c81cfa6ca6a7 .com
foto-retuse .cz 5dcf361c821fd9f0482504a16ff03351 .net
fotoris .co .kr 633f197ada10ea81 .com
gfgytsygytn .com 764061ff508d4a4c .com
ghgfh65 .co .cc 7c9954a76eeca202 .com
glermitfatr .com 7fd61bb596fa4277 .com
gnci-ict .com 826ccb84c37c7dc1 .com
hag-eng .co .il 87932748973284 .com
homejasm .info 880265094dc14384 .com
homewindowz .net 8f36492f1cbd9183 .com
ifcil .fr 9daa449337f8adeb .com
jasminsite .info 9f7a30252e13d39d .com
jasmwin .info a11cddb7a03a076f .com
jghkqhkjytn .com a709d8c6a44be227 .com
kingsoftus .com aa0131c1c816119d .com
klliker .info abda114debec233b .com
live2cam .ru fashionnails1 .com
loanvideo .info ff-traditions .com
lovecodi .com invincible72 .com
marinada8 .com jasmincredit .info
modulosnovs .com jgw .webspace .heihachi-hosting .net
mp3car .ru kinderfeestjesinfriesland .nl
musicjasm .info kiralikasansorizmir .com
n-able .in kiropraktoren .eu
nakedbi .com krutikservers .com
new-friha .cz .cc mariosflyingpizzaclearlake .com
obckqbkoytn .com marketingjasm .info
ocdqdyqodve .com marketvideo .info
moviezzzonline .com
orleisll .biz myrtesjordao .sites .uol .com .br
oxnard .la nakoncu .superhost .pl
oxxxi .com networkjasmin .info
pakptc .com new-softdriver .tk
pccar .ru newbrandlabel .ru
pixelvideo .info orkut .krovatka .su
pohuy .ws parraxaxa1972 .sites .uol .com .br
qualitysuper .nu reihstagf .ind .in
rhysen .in sakhg34fhelpweb .co .cc
sda2a .ipq .co sandrahyczy .sites .uol .com .br
shoremill .com scdqdyqsytn .com
showkurve .de sghpbepsytn .com
sis-street .com showdevelopment .com
skipolice .in shreeramrealestate .com
thpkmlnuzc .ru smallcap360 .com
topjasm .info smart2group .com
ts-webmail .com tas-seaplane .com
unfortineg .com testdataonline .in
wastedsh .info thetotalmedia .in
wholefiles .in traffic-analytics .net
wwwfulldata .in trustgeobiz .com
xengine .ru tunisianowar .ru
xivee .com turkeyinworld .ru
xload .ipq .co udewpfwuytn .com
zaduheljtw .ru www30 .websamba .com
zaebiz .eu xn--fct5gx28h9gs .tw
zxsoftpromo .ru xxvideogold .co .cc
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

NeoSploit, FastFlux, Zeus, MoneyMule Domains

Posted on February 8th, 2011 in exploit,fastflux,gumblar,iframes,MoneyMule,New Domains,NewSploit,rogue antivirus,zeus by dglosser

Something for everyone…  Neosploit. Gumblar, fastflux, rogue, phoenix, money mule, zeus, and more…

Sources include securehomenetworks.blogspot.com, ddanchev.blogspot.com (Welcome Back), blog.unmaskparasites.com, zeustracker.abuse.ch (Every source is always listed in the domains.txt file)

13grandferi .ru 2cbefb47060e6bc9 .com
329902034111 .com 349832409002394 .com
32gdjfkivcf .co .cc adolftsboyarinove .narod2 .ru
32tsdgseg .co .cc alwayskl2 .dyndns-home .com
4star-solutions .cc antibreakingsystem .com
acoon-groupllc .cc antivirussystem2011corp .com
acoongroup-llc .co arphis-goldgroup .cc
addaxonahacko .info arphisgoldgroup-inc .co
adscomplete .info asassis .sites .uol .com .br
aimic-groupllc .cc b16f0f08c55e9cc5 .com
alice .it b7bb5832b25c7869 .com
amina-groupco .co barracuda-antivirus .com
amina-groupinc .cc c5667d150fe0b41b .com
aminaorg .cc carlosfalavina .sites .uol .com .br
amstelone3 .biz cef1cef16e9471c9 .com
araccldta .net cefd9f37178eb5e4 .com
asystem .sk componentsprotector .com
bbs2 .mapeak .com daniilgrkrutoyzu .narod2 .ru
bonutilite .in dd79e9f502426e84 .com
browndrives .com digitalfilessite .in
browserdl .com diligence-groupinc .cc
buyvideo .info dvdstreamclipsluwl .co .cc
casinojasm .info e395368c52b40e2a .com
checkoutlook .info eder_rogerio .sites .uol .com .br
citygates .biz eef795a4eddaf1e7bd79212acc9dde16 .net
cocoongroup-llc .hk ef0a5ecbf42d83ed .com
consolemato .com elsden-groupinc .hk
curery-best .in engineering-design .org
diligence-group .co escorialescorial .com
dsjkslnew .com evgeniyayaiardankinyae .narod2 .ru
eejewels .co extratopupgrade .ru
englishrescue .com f532f7f478af8e7a .com
espmexusa .ru f598f03740695a8d .com
essalundahl .com facebook-surprise-cvsa .tk
ethesis .org facebook-surprise-cvsd .tk
filegroup-llc .co facebook-surprise-cvsf .tk
filvorks .com facebook-surprise-cvsg .tk
finestplugin .in facebook-surprise-cvsh .tk
firstola .net facebook-surprise-cvsi .tk
freminoust .com facebook-surprise-cvso .tk
gabtijtgytn .com facebook-surprise-cvsp .tk
gharibola .ru facebook-surprise-cvsq .tk
gotoessaved .rr .nu facebook-surprise-cvsr .tk
gotquesaved .rr .nu facebook-surprise-cvss .tk
goturssaved .rr .nu facebook-surprise-cvst .tk
greyzzsecure3 .com facebook-surprise-cvsu .tk
hirodomain .com facebook-surprise-cvsw .tk
im-sysgroup .co facebook-surprise-cvsy .tk
incogroup-usa .co fc03ec727f8861ef .com
kliikers .info fd06366c338dc774 .com
lbm-groupinc .co fe59294ea5f6f07c .com
lbmgroupco .cc feeder .next-time-feed .org
lcd-finance .cc filerestingplace .in
ledurbano .com getdigitalvideo .in
lookasaudio .com gleichfalls-groupinc .co
mallow-group .cc hardpower-holder .rr .nu
mijn-roedel .be hryyyymerwireless .net
minka .com .pe i-compass-group .co
money-visualuk .cc icr01 .appbundler .net
movenestecobra .ru imsystems-group .cc
muffsave9 .com lidiyadmvitinskiyvm .narod2 .ru
mukertvaros .hu lifeinsurancequestions .info
newufuq .com longhui .yhnetwork .cn
ntstats .com mail .privacycop .co .kr
oneboy .ru mallow-groupinc .co
pegasltdunion .cc michaelesgroup-usa .co
peruvianfood .com modulesadvanced .pro .br
psgtech72 .com moneyvisual-llc .co
radiumuk-ltd .cc moonlightw .mireene .com
randomlegend .net ozarkcreationsandantiques .com
rerodvix .info physis-groupllc .cc
safesecurenow .com physisgroup-llc .co
santorini-fin .cc pinfold-groupinc .co
savvyladies .net prazer2008 .sites .uol .com .br
scanavtool .com rajeshwariinfosys .com
snaretrack .biz rameshwartiles .com
stile-groupllc .cc redisco-groupinc .hk
studioingconti .it safe-securitymaster .rr .nu
techadvinc .cc savescan-foryou .rr .nu
traxchexfree .ru scanersolutionse .rr .nu
usgroup-amina .co schneller-groupinc .co
usgroup-reign .co schwartz-brothers .cc
virgilguard10 .com secure-softwaremanager .com
virgilguard2 .com securityguardprep .com
virgilguard3 .com silversun-groupuk .co
virgilguard4 .com silversungroup-inc .cc
virgilguard5 .com simple-network-checker .rr .nu
virgilguard6 .com stepanyggorokhovshchk .narod2 .ru
virgilguard7 .com studyincolorado .com
virgilguard8 .com terminal-service .net
virgilguard9 .com update .ip-ntwk .com
werodvix .info yqaireciye .linkpc .net
wizu .webd .pl
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Blocking Malware Domains in ISA 2006

Posted on February 7th, 2011 in Domain News by dglosser

Nice post in an MSDN Blog entitled “Blocking Malware Domains in ISA 2006“, which contains detailed instructions on how to use our blocklist with ISA Server 2006.

Site Delisting: marknelson.us

Posted on February 7th, 2011 in Removed Domains by dglosser

marknelson.us has been delisted and will be removed on tonight’s update.

179 New Malicious Domains

Posted on February 6th, 2011 in exploit,gumblar,New Domains,rogue antivirus by dglosser

179 new malicious sites associated with gumblar, backdoors, moneymule, rogue security. Sources include securehomenetworks.blogspot.com, blog.unmaskparasites.com,
www.cyber-ta.org (Every source is always listed in the domains.txt file)

4yurin .net 0b95e3b26f61814ccfff14732cf677f0 .info
accuratefiles .com 0f5587ea64f31c07a5c8c4e2d772a9c3 .info
ad-clear .com 20fe6f701bb9958ea8f21b5ed059c8e5 .info
antalyapress .com 2665ca51e64ed43371806fb58d939201 .info
antalyarally .com 2a68e7fae7692079eea9d03e9fdf0c19 .info
aus-finance .cc 2c6fafb275abdbe9ab914749d72c61e4 .info
aus-fininc .cc 39c2624ef781533934fd27b0b2cc537d .info
chargerz1970 .com 3d23e5816b59a22f52e7c7e9c2f0744c .info
chicor23 .com 4bab612b800ae4f788c5a14806f532c8 .info
cores-group .cc 4f2a5f41bf5e31b4701fe34191271e0d .info
couksns .cc 52c9d58f42d3ff15b1581fe7bc71c0cb .info
cushyhost .com 793266ef7c7b5b17429e9b6c689cb979 .info
dc06 .arabsh .com 7f7fb7020e658a93c9e1641cc474acfc .info
dc10 .arabsh .com 85c8e547c1c857d0b0ab9676736c3152 .info
decadnt .com 87d53fbc27630e53a7ca13b7242defb3 .info
detkasupe .co .cc 87f9197b3e6d886b72c1eb2d7af9e5e7 .info
directit .info 8c46a1cf0f8dcc3695862e6fef0fec18 .info
dret1q .cz .cc 8f5eff3f24fbea5a500ba9974779f6e6 .info
eftpsystem .com 98bde9f1137db98765508578349694a2 .info
egrfucgo .co .cc beckmenvineyards .com
elsoplongt .com best-onlysentinel .rr .nu
et-treska .com bredgar-groupllc .cc
farline-fin .co bredgargroup-llc .co
fawgh3 .cz .cc c34caefa7dabc50ce543000f24bce605 .info
filebox .me c48d93ee3ae1a2eadf5ec711616c248c .info
fintec-ltd .cc carport-diagnose .de
fintec-uk .co casinoantalya .com
forexinvest4 .com cesis-groupllc .cc
freshversion .biz cesisgroup-llc .cc
gazuem .co .cc coresgroup-inc .co
goo .gl craft-groupnet .cc
hhk57ryy .co .cc d5403e5622841dd806915a4de67dd9f8 .info
juzmksab .co .cc da9341709e53ad11d84c6284eda86043 .info
koilorio .com dangerousteens .com
lcd-fin .co dca3eeefdd8929d4bdf515a9089dd8f6 .info
liveonair .net descarga-total .com
lulango .com duncroft-group-inc .cc
macrotech-uk .co eac932138dbfdce39966aa07d36b3361 .info
macrotechinc .cc ebde6cc774abc92ea899dac57371454f .info
marfygroup .cc emule-security .net
mkbrothers .com f01cd3f7b4095b172df8ea9551943339 .info
mopar443 .com farline-fininc .cc
moparcars .net fc281189368041da24696fd4e1114cef .info
mypromofile .info fcccd8966e123fe9833b40b08db0ac18 .info
noble-works .net freezdec-ru .1gb .ru
nowtostream .in goodivelensay .org
onedatadirect .in googleantivirusonline12010 .co .cc
pc-privacy .co .kr journey-financial .cc
pixforfree .net monsterbux .ax3 .net
portal .maipu .cl oliver-sonsinc .cc
portalunse .com .ar online-solutionsllc .cc
prestoni .in powersonic .com .br
primobit .com privacyhidden .co .kr
privacyme .co .kr privacykeep .co .kr
productism .com privacyright .co .kr
qoqefa6 .co .cc productionguy .com
quadportal .co .cc productprotection .co .cc
quvvrvvrz .co .cc progi-gamesmail .ucoz .ru
qvwbu .info project-rainbowcrack .com
r32fgsh .co .cc protectinfo .co .kr
radium-group .cc quattropetroli .it
rapidcult .co .cc radiorocks .kiev .ua
rapidname .co .cc rarecontrol .co .cc
realrate .co .cc royalthelmas-group-llc .cc
rightvalue .co .cc safeprivacy .co .kr
ru .brans .pl sandiesangster .org
rxthz .info santorini-finance .co
sacex .net securityboan .co .kr
saiset .org server220 .uppit .com
sakarya-vho .org serviceeffect .co .cc
saldt .info shecanseeyou .info
salesian .net sikodil .si .ohost .de
smartbing .info smartconsultant .co .tz
solutionsltd .cc smartdomain .co .cc
speedklicker .de softwaremini .co .cc
spris .com sonyericsson .lua .pl
spspn .ca strongdomain .co .cc
statkeys .co .cc sunrisepr-groupltd .cc
sxtinc .com sweetpornobabes .com
taboo .za .pl systemusers .co .cc
techadv-inc .cc techouse-group .cc
tenxx .in totallicence .co .cc
ukccons .cc uktech-groupllc .cc
ukgroup-cesis .co varioguarderonline .com
verodvix .info video-girls4you .co .cc
vgomjkug .co .cc videofreeplay .fileave .com
vofcpa .com videos3 .fileave .com
yes-groupllc .cc windowsstar .co .cc
yesgroup-llc .co wormsdestroyer .com
zsitedu .com
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Site Delisting: carport-diagnose.de

Posted on February 5th, 2011 in Removed Domains by dglosser

carport-diagnose.de has been delisted and will be removed on the next update.

domains.txt file change

Posted on February 4th, 2011 in Domain News by dglosser

We revalidate every domain approximately every four months and delist those which are no longer actively associated with malware.

However, we are some domains which we feel do not have to be re-certified that often. For example, there are 29 domains which were once on the dns-bh malware blacklist but were removed and are now relisted.

There are also several hundred domains which have been serving malware for over a year. We feel that these “repeat offenders” do not have to be checked as often as their only purpose seems to be for malware distribution.

Therefore, starting on the next update we will be using the second column of the domains.txt file to note these domains by including a “revalidation date”  for these domains.  (This column is currently empty.)   That will give us more time to revalidate other domains instead of constantly checking these “immortal domains”.

Big Update: 210 Domains

Posted on February 2nd, 2011 in exploit,gumblar,New Domains by dglosser

Finally finished shoveling outside, here’s a large update of 210 domains associated with artro, gumblar, rbn, torpig and other exploits. Source include www3.malekal.com, securehomenetworks.blogspot.com, honeywhales.com, blog.unmaskparasites.com (Every source is always listed in the domains.txt file):

021bpbj .com 8kweekly4you .com
114bds .com adobe-codec-v01 .xe .cx
333fg444 .ru advancedwebanalytic .com
3qss .co .cc ahe5ha5eh .co .cc
a2ztours .com allbooster .co .cc
aeqoo .info ampamozart .com
analyseco .com analyticgoogle .com
ava1 .cz .cc anmo123456 .com
bval .cz .cc barbersaver7 .com
celhw .info basicgoal .co .cc
cits-yn .com benefits188 .com
cpmu .net bestredirect .co .cc
dd8f .co .cc blatotazx .cz .cc
dfkell .co .cc busypack .co .cc
drmn .co .cc charlie2 .cz .cc
dxuum .info coolfusioncode .in
dxvhv .info coolleader .co .cc
fbbqu .info cpuwork .co .cc
fdfa .co .cc cs-ww .tomsk .ru
ffsua .info cxetyggdemai .oueb .eu
ffusi .info defendercall .co .cc
ftskursk .ru dualplan .co .cc
gaks .cz .cc dvdstreamclipsjips .co .cc
galv .cz .cc eachbell .co .cc
gasdu .info eahre5h .co .cc
gdfbi .net easygoogle .info
gdkegang .com ecit-india .com
gencom .be edirneotokiralama .com
gfkmr .info egrocoffeetr .com
gsmlab .com enginemode .co .cc
gzhqtjk .com ergosoftware .co .cc
gzjkhy .com eriflsaovdvdsa .co .cc
hand-band .ru eyaeyeheh5 .co .cc
htyf .net firyefoqibapir .linkpc .net
hy2yuan .com freeviewbooks .tk
iaogp .info g4ehe5h .co .cc
ideg .ru gameaskme .info
imgj .cz .cc garching .filmonline .biz
imovina .ba ghjhmjggthr .com
incomltd .com govorunlimiteds .info
jhdf .co .cc govorunprojekt .com
jivqg .info guanmingsj .com
johealey .com halifaxshelanu .com
jolk .cz .cc hgshowlife .com
jzion .cn highsierrabassplayer .com
k-shog .com home-loan-broker .co .uk
kairosa .com homequrantutor .com
kanika .ru hotelsatabdi .com
kyosoft .net hugo .blue-tomato .com
l-n-a .co .uk hvsat6 .freehostia .com
lginq .info illuso .hosting .paran .com
lljj .co .cc immo-bulgaria .de
minair .net indochito .biz
mlois .info infoisland .co .kr
mp3-muza .pl infoportal .ax3 .net
mrmix .se internetravel .ru
myxsq .com isan .clubs .chula .ac .th
myyay .info jackrussell .net .pl
nhwod .info jassportfolio .se
nimsaa .com jdownloaderitalia .netsons .org
ntiyj .info jobforjobless .com
oklk .co .cc jstiankai .com
oneindia .biz jwdassociates .com
opgupta .org kadikoyanaokulu .info
plkof .info kamiennaturalny .eu
plnvp .info kathridred .cz .cc
pzzzg .info laintrius .cz .cc
qazvinsms .ir lakas-elado .extra .hu
rg1n .co .cc leadingsystem .co .cc
rncafe .com legaleecher .net
rucvi .info lifebing .info
ruki .cz .cc lxuewei520 .com
scanlabs .ws maverickxz .cz .cc
sdebut .com mcdpoaqmuno .com
sgger .co .cc mechaischool .com
shui8 .info morebeep .co .cc
ss1f .co .cc motor-bike .pl
ss5f .co .cc nimaabedi .webphoto .ir
ss6f .co .cc nissan .n32 .ru
swx0 .co .cc ox .arcade-hq .com
szfcy .net pcconsulting .co .cc
tlijs .info philonlinespace .in
tnda .cz .cc plugininternet .co .cc
tuduvids .com puertoplatarental .com
tv51 .net puppetpalace .nl
tyjkrj .com root .ns1 .minair .net
ujdn .co .cc scanlation .net
vbgom .info shjmcblsthr .com
vdlwr .info shop-lucky .com
vljpi .info storebing .info
vmmit .info superdansoftware .in
w1w2 .co .cc thestartsoftware .in
wgjca .info tialmeida .com
wkhng .info univers-eco .fr
womrb .info vgitservices .co .in
wsx0 .co .cc victimz1 .no-ip .info
xnpcjd .com vspmindia .org
xsw1 .co .cc wantaimica .com
xueday .com wvrlixud .co .cc
ychxfw .com xmas-carnival .com
zhchga .com xmastrade .com
zmfse .info xngh2 .htmi2 .com
zpeure .com yahoocode .info
zrfvd .info yahoolink .info
zzmv .co .cc yahootop .inf
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

« Previous Page