Feed

March 12 Update: Rogues, Trojans, Moneymule,Zeus domains

Posted on March 12th, 2011 in exploit,iframes,malspam,MoneyMule,New Domains,rogue antivirus,zeus by dglosser

Rogue Domains, malspam domains, zeus, exploit domains. Sources include ddanchev.blogspot.com, malwaredomainlist.com, vxvault.siri-urz.net and others (Every source is always listed in the domains.txt file):

3apa3a .tomsk .tw bestsoftcheckerur .rr .nu
aaoutfit .com brasilimoveisdf .com .br
akebxej .co .cc checker-antivir-safe .co .cc
anarazel .cz .cc cmbpupin .sites .uol .com .br
antiviralpro .com cpiresmartins .sites .uol .com .br
apanen .co .cc derwart-group .com
bestgoodmovie .in despachantesolution .com
bigupdate .ru dsysqqkxzekyspjx .biz
bigupdater .ru e-s-c-r-o-w-autos .co .cc
bigupdaters .ru ephes-groupllc .net
bigupdates .ru ephesgroup-llc .biz
bigupdating .ru favorite-softcheker .xe .cx
bigupdatings .ru five-mountain .org
blackmemoso .com fivestarporn .info
dcelok .ce .ms flash135-video .3utilities .com
digitalmind .cn flash226-pics .servehttp .com
diumerfa .tk flash293-hosting .sytes .net
ertlkv .net .in foru-cleanstrong .rr .nu
filesretail .in forucleansimple .rr .nu
fire-cewer .tk frontingviruses .com
first-warez .in ghdsg32hgdf .co .cc
g3u4g .net host258-hosting .servehttp .com
gralbine .cz .cc hybridmediaworks .in
herosh .com hyqidqwzsratgjqp .com
highcliks .co .cc iqioaycapumus .linkpc .net
jabadoce .com ldpgtpjtzvidwm .net
kitoredf .ce .ms lucasnaif .sites .uol .com .br
kmoch .ce .ms meggadistribuidora .sites .uol .com .br
mialedot .ru metamphcrystal .com
miminoprost .net music-clubers .cz .cc
ndawestbr .com ourbestsearch .info
p2pshares .org reporteplatense .com .ar
poserafr07 .info sabcentrosul .sites .uol .com .br
publicvm .com safe-antivirarmy .rr .nu
shwptknk .co .cc safeforsoftor .co .cc
sjhf4gh .net save-suite-foryou .in
social-file .in sdfpkiscrypzrv .com
suhi4hr .net sevg-groupnet .com
superbfile .in softwarekraft .in
tor4ok .com spamreporter .co .cc
toscello .co .cc strong-networkmaster .co .cc
tvmoviefilm .in superhotwarez .in
uzugonop .com thefileformat .in
vfg2 .co .cc totalcitygroup-inc .com
webclever .ru vcardosobonfim .sites .uol .com .br
webtestfiles .in win-antispyw .com
www4lilli .co .cc worldtradegroupllc .com
zlvtwfwl .co .cc ykosqumjwtsqqrrf .com
zopretsqa .ce .ms your24domain .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Site Delisting: 4neurons.com

Posted on March 12th, 2011 in Removed Domains by dglosser

4neurons.com has been delisted and will be removed on the next update.

Site Delistings: gencom.be, dailyniner.com, join2babes.com,z0d.com,filebeam.com

Posted on March 11th, 2011 in Removed Domains by dglosser

gencom.be, dailyniner.com, join2babes.com,z0d.com & filebeam.com have been delisted and will be removed on the next update.

987 domains removed

Posted on March 9th, 2011 in Removed Domains by dglosser

987 domains have been removed and the domain listings reorganized from scratch.

Please let us know if you have any issues.

Bullet Proof Domains, SpyEye, fast flux and other malicious domains

Posted on March 8th, 2011 in bulletproof,exploit,fastflux,New Domains,Spyeye,zeus by dglosser

Bullet Proof SpyEye Domains, fast flux C&C, and other malicious domains. Sources include blog.sucuri.net, securehomenetworks.blogspot.com, www.sacour.cn & others (Every source is always listed in the domains.txt file):

8785 .in 90fd78b9078bd0g .com
8931 .in achilleine .co .cc
aa0025 .co .cc achillodynia .co .cc
ac .qvoz .info achitophel .co .cc
achilleid .co .cc achlamydeae .co .cc
achillize .co .cc achlorophyllous .co .cc
achime .co .cc achloropsia .co .cc
achinese .co .cc antivirusscannerguide .com
achingly .co .cc antivirusscannermaintenance .com
achmetha .co .cc antivirusscannermanufacturers .com
acholic .co .cc berfry43bgrbf .vv .cc
acholoe .co .cc bigtitzsarena .com
acholuria .co .cc canarvanexpertmedia .net
acholuric .co .cc canarvanpointmedia .net
admin-z1 .com cometrymywork .info
agamaris .vv .cc d34ghqarfrgad .com
andromath .vv .cc dontstop21523510 .com
avstartpc .com doselfprotection .com
bbazzas .com dxuxpusopmqpofs .net
bestboy-link .in expireddomaingains .com
besten-link .in fashion-report .ru
bg3u4g .net fastprotection-soft .net
bliaetxv .cz .cc fenom-guardianre .rr .nu
bradenso .info fullstandartofprotection .net
burifym .cz .cc g243gtdsgsdg .vv .cc
checksoftos .in g2hhfadh4ehfdh .co .cc
defendaor .in g2hsjgjgfj .co .cc
dersedrprd .com generalabbrialgroup-ltd .net
dianaath .cz .cc glkgj5j4rshdfhj .vv .cc
erofreex .info goodcy-clear .rr .nu
famontare80 .net goodku-clear .rr .nu
foprccz .vv .cc gqgqhfdjdh .co .cc
freedom-av .com gs34grsgdg .vv .cc
freepornii .com gsdg3gsdgsdg .vv .cc
gb3hnh3nf .co .cc gsg3gsdgsxgsdg .vv .cc
ghomath .cz .cc gwsg3gsgdsgd .vv .cc
gidvbmvm .co .cc haitunwan .txmh .net
gsdg2g32 .co .cc hgerwhu45 .co .cc
ironsum .ru hrh45jftjfj .co .cc
keleghma .vv .cc indigomantisop .com
kestiny .com jfgdhdfhsdfh .vv .cc
kudwda .ru jfgjfr5jdfj .vv .cc
l2-x .com jghrt9frgtr9 .com
lopaset .co .cc just-perfectprotection .in
mildtune .ru manalmeena .cz .cc
miltonmoon .com masiniunelte .eu
miraswyn .cz .cc metalkiolpe .com
mmspicture .ru micirugiaencolombia .com
mvrxihvr .co .cc mkgk5jswhgfnxg .vv .cc
newdivase .info nalmethris .vv .cc
nkeldx .info pds .adncommerce .com
nkeldy .info profi-softusin .cz .cc
nkeldz .info proring-safe .in
nuarius .cz .cc protectionforyousi .rr .nu
oofhx .info redalpacadatabaseexperts .net
oofhz .info redalpacadirectdatabase .net
poooilha .info redalpacadynamicdatabase .net
poooilhb .info redalpacaexpertdatabase .net
poooilhc .info safenetwork-foryou .com
protectav .com saturnosistema .com .br
securedify .in savedeve-soft .rr .nu
siranaya .vv .cc saveonly-sentinel .com
startpcav .com savesecurity-foryou .com
tdsdivase .info savesecurityforyou .com
tdspoint .com scan-direction .net
theshop .su scan-projectsi .cz .cc
tvwnzim .co .cc servicios-fisicos2 .info
verygoodav .net sikiispornosex .net
vistamenu .com smart-scanforu .uni .cc
vvdnftmz .co .cc srryyspqjxyvq .biz
vvtvnit .co .cc startavclub .com
wheelcars .ru testonlyforfhj3355591 .com .tw
yuyu87 .com topnetworkguard .com
zpidesa .info trafficconverter .net
zpidesb .info triptowercustomhosting .net
zpidesc .info verifiedconnect .in
zpidesd .info yrganosserx122108 .net
zpidese .info

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.


Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Please use mirrors

Posted on March 7th, 2011 in Domain News by dglosser

We have two mirrors http://mirror1.malwaredomains.com and http://dns-bh.sagadc.org and will be adding more in the near future.

Please use these mirrors when downloading the blocklist files  to ensure you always have the latest version.

neosploit, blackhole, rogue & exploit domains

Posted on March 4th, 2011 in exploit,fraud,New Domains,rogue antivirus by dglosser

Sources include www.malwaredomainlist.com, support.clean-mx.de, safebrowsing.google.com (Every source is always listed in the domains.txt file):

abrantube .com aabtiziagdw .com
acholer .com adebaqcadbs .com
ahmtube .com admin .privacyinfo .co .kr
airegyptbiz .ru aefcbtdadbs .com
altipesa .com aefswvjagdw .com
amfacepage .com aghfquuagdw .com
arentube .com alpha-consult .net
atesterzi .com antiguard .co .kr
awetry .ce .ms antiivirus-go .com
balfind .com antiprotect .co .kr
beatsbykt .com antivirunrestricted .com
blantube .com antivirusquia .com
boptsg .vv .cc antivirusterra .com
boycetube .com asthmablogtips .cz .cc
bugguardpc .com ballalmeena .cz .cc
bushmtube .com bfgxwqybdbs .com
carsero .com blackcodeseo .com
celpon .co .cc brindemix .com .br
chrtube .com casanostralloret .com
clartube .com ccpredatorspaintball .com
colgot .com cfeaccounting .com
curttube .com childrenpcprotect .com
deytrino .in cleanscan .co .kr
dismfind .com clemowceer .cz .cc
dtmgnwit .co .cc commandantivirus .com
dubbo-nsw .info duncroft-antteam .org
duidrive .in earthymatters .ie
dulitube .com educonsulting .co .uk
ekonek .eu etilerveteriner .com
embotin .com facebook-surprise-njww .tk
exepub9 .com filesonlinecentral .in
expressdoc .ca fordrefym .cz .cc
fj45 .co .cc geopopulation .com
flavabump .com hedgefundconsultancy .com
furerr .com hitantivirus .com
gifyvtmq .co .cc infosecret .co .kr
gistapo .net integrityworks-intl .com
goertyw .cz .cc iphonedevcamp .nl
icodepower .com ispantivirus .com
indeks .edu .pl kidspcprotect .com
infopure .co .kr knightroots .co .uk
kenok .co .cc latest-video-downloads .com
lianade .co .cc legalmediavideo .in
lifestyle .ie lifamyminaylio .linkpc .net
listage .info maisantiviruspro .com
m85853 .com .cn marklovelace .net
mngvmmig .co .cc marx-brothers .mhwang .com
movviee .in meuantivirusfree .com
mtmzvtyq .co .cc mimosa-incgroup .info
n85853 .cn mixedupmarley .com
naf5 .co .cc mmk-solutions .net
nsau .cc moneyvisual-ukllc .com
nvmpngvn .co .cc myguitarheroes .com
peptube .com networkmedical .com .hk
qscan .co .kr ntantivirus .com
seekyjobs .com oghmakus .cz .cc
sina163 .info patrickhickey .eu
surian .co .kr piskapharma .info
terraturf .ca pr-antispy .com
thecud .com .au schastlivieiveselierebyta0003 .com
tubeer .com skiholidays4beginners .com
tubeersi .com sswelder .co .kr
tubeessi .com stmwijtm .co .cc
tubeet .com thordiril .vv .cc
tubeni .com vaccinekiller .com
tuberedt .com vaccinezero .co .kr
tuberene .com video116-flash .sytes .net
tubermer .com virginantivirus .com
ustocn .com .cn vvmmnjnp .co .cc
vamaaarts .com wwwdilli .co .cc
vauzdftjok .ru wwwtiqpit .co .cc
vrotpyluem .ru zommerly .co .cc
yu-san .com


This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Bulletproof Domains, Moneymule Domains, Exploit Domains, iframes and more…

Exploit domains, bulletproof domains, Moneymule Domains, Palevo Domains…
Sources include amada.abuse.ch, hphosts.blogspot.com, www.malwaredomainlist.com, support.clean-mx.de (Every source is always listed in the domains.txt file):

4565 .in 2g2gsdfhfh .co .cc
5673 .in allforyouonline .com
770304123 .com antiivirusgoe .com
9us .org antiquee-corp .info
acmedecor .ru antistresser .com
ademudmadve .com antivirusemail .com
adheadies .com aramategroup-int .info
anysnare .us art-marketllc .cc
apniscmvoe .ru artmarket-llc .net
av .babypin .net banjalucke-ljepotice .ru
av2011 .co .cc banner-stats .org
bebookfunk .com chriseden73 .free .fr
bevelli .com chronos-network .com
bmjdr .free .fr directsecuresite .com
ciss .cz .cc fourth-ukltd .net
dgp .cc fourthgroup-ltd .cc
dkandskm .com freeinfosociety .com
evnagivu .in g23ghshdfshj .co .cc
evnvu .in geg2gsxhsh .co .cc
f5v9w .com greekweddings .biz
fj43 .co .cc gsg23gsdhsh .co .cc
gamersite .eu gsg32gasegsh .co .cc
gghkqkkgytn .com hbaehanfznjfh .co .cc
guitarheroe .es helby-groupltd .biz
hd-56 .com highsecuritydirect .com
hitchouston .com hy-brasil .mhwang .com
hosgeffer .co .cc irc .ekizmedia .com
hotupdates .ru jejushinshin .co .kr
inetwork .by .ru junaidandzia .com
inf0z .com .ua karlasantoscaentano .com
iranblog .com knives .mahtarep .net
jiayifan .cn kssa .peasoul .com
jocelrolex .net mails .lebadv .com
kadds .ru marchingbaby .com
kamasut .net nudedancegirls .co .cc
karma2you .net officialsecuredsite .com
kghkqkkkdve .com oyunyoneticisi .com
koralda .com pickeklosarske .ru
landriver44 .ru qead-groupllc .net
mailforw .org query-google .com
maislex .net rolemodelstreetteam .invasioncrew .com
mix-plus .co .kr schwartzbrothersant-corp .com
odile-marco .com sdh4hsfhjfdjhsdf .co .cc
onlydev .fr securedirectsite .com
p0teha .com .ua securedsitedirect .com
pc-cheats .de securelive .co .kr
playerbox .in servicio-fisico .info
poqwwrr .com sexy-serbian-girls .info
pushot .com shopmovieproduction .cn
qead-llc .biz squitgroup-llc .net
radiosci .info taruntextiles .com
rignorell .info throne-groupllc .cc
sc2wc .info thronegroup-llc .co
send29931 .cn tinassanservice-groupllc .cc
sfgytdysytn .com tinassanserviceant-antteam .net
signafrica .com tinujeemoatoc .linkpc .net
sinip .es unfaimos .land .ru
stepworth .com update-drivers .in
svjazinet .ru us-acoongroup .net
throne-uk .at vintage-groupco .biz
twilattice .in vintagegroup-inc .com
uuquhc .ru west-view-art .cc
vdsvps .in westview-art .net
weirden .com worldofart-ltd .info
yujinshan .cn zccz .interfree .it
zhirok .net zemondocooler .com
zkasbo .ru

This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…