Feed

Over 250 malvertising, flashback, phishing domains

Posted on April 12th, 2012 in exploit,malvertising,New Domains,Phishing,Trojans by dglosser

Added over 250 domains linked to flashback, phishing, malvertising, etc. Sources include www.threatexpert.com, private correspondence, contagiodump.blogspot.com and others. Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

Small but important update

Posted on November 15th, 2011 in iframes,New Domains,Trojans by dglosser

A small but important update… Domains associated with cve-2011-2140, fast-flux botnets, malicious iframes, etc. were added. Sources include blog.sucuri.net, malc0de.com, dasient.com and others. (Every source is  listed in the domains.txt file)… Remember, the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Forgery, scam, phishing domains

Posted on September 12th, 2011 in iframes,MoneyMule,New Domains,Phishing,Trojans,zeus by dglosser

Added almost 200 domains associated with scams, frauds, phishing, as well as the usual zeus and malicious domains. Sources include zeustracker.abuse.ch, spamhaus.org, vxvault.siri-urz.net.. (Every source is  listed in the domains.txt file)

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Site Delisting: bajaao.com

Posted on August 19th, 2011 in Removed Domains by dglosser

bajaao.com has been delisted and will be removed on the next update.

exploit, gbot, rbn, worms… 195 New Domains to Block

Posted on July 16th, 2011 in exploit,RBN,Trojans by dglosser

195 New malicious Domains associated with exploits, rbn, gbot and other badness  to add to your shun or blacklist.  Sources include www.malwareblacklist.com, support.clean-mx.de, securehomenetworks.blogspot.com, riskanalytics.com, safebrowsing.google.com (Every source is  listed in the domains.txt file).

As mentioned in the previous post, one of these domains is cw . cm, which means there will be some overlap in our blocklist until we finish cleaning up the individual entries.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Urgent Block: xwhoisdns [dot] com

Posted on May 20th, 2011 in 0day,New Domains by dglosser

xwhoisdns . com will be added to tonight’s blocklist, but you may wish to add to your blocklist ASAP.

ThreatExpert has more details on this  guy.

134 new domains to block

Posted on March 4th, 2010 in New Domains,Phishing,rogue antivirus,spam,zeus by dglosser

fastflux, zeus, rogue, skype spam domains. Sources include atlas.arbor.net, blogs.paretologic.com, and others:

27gr .co .tv 34jh7alm94 .asia
88810 .cn 873hgf7xx60 .com
953333 .com a2132959 .0lx .net
aprotect .com abouttraffic .net
arraysaw .com acdbxybadve .com
arraysaw .net autoparck .sumy .ua
arshard .com aviavavilons .net
av-command .com blackhistorypeople .com
avcommand .net botproxy2 .twoblocksdown .com
b11335599 .cn businessboard6124 .net
basiscause .com canadauniversitypress .com
brozsearch .com candyshop451 .com
c36996639 .cn contentserver .ru
c58446658 .cn contrsnid .uz .ua
cavally .in didbotta6 .unipv .it
contempt .in draft5sticks4 .net
d92378523 .cn enteri1llisec .in
disea .info findlostcats .com
ebaat .biz flashplayerpluginonline .com
egn14142nn .ws for-sunny-se .com
egygate .info free-screen-capture-software .com
evertrands .com freeanalsextubemovies .com
everybots .com globostep .info
experrior .eu googleanalinics .com
footbal .rv .ua gotnewfriendbook .com
fructik3 .ru groov .uzhgorod .ua:8080
gameshort .ru h10024 .nb .host127-0-0-1 .com
geo95 .com happytreeporno .com
getsup .info homeamateurclips .com
googleinru .in homesitetoo .com
gromz .net hqexgirl .osa .pl
iescrow .ir illegaloffer .ru
j00k877x .cc imobiliariacanela .com .br
kaliuz .com lmaoimages .com
kolaider .net miamiheraldsi .com
kozzz .in nbsolution .com
m2121212 .cn o17070 .nb .host127-0-0-1 .com
m3131313 .cn personalsystemscan .cn
mn8873nb01 .cc plainjapan .com
natos .info playthisfuck .com
nn31415en .in polycounter .com
oast .com pzignbfxspou .info
polevand .com quickmedialinks .com
redondo .ru redriveruk .com
reilka .co .kr salamangzan .com
reilka .kr santacruzinfo .com .br
reilki .co .kr scoregame .info
reilki .kr searchfeature .org
reilki .ne .kr sendspace .repek .or .kr
reilki .or .kr slinkadult .biz
reilko .co .kr softinternational .net
reilko .kr sportgun .pl .ua
reilko .ne .kr stignita .zapto .org
reilkx .or .kr stoptibetcrisis .net
rioner .com storage84030 .org
scanerborn .cn tdsstdstds .org
sendingout .cn theinputonline .com
serdb01 .com thetubeholder .com
shitstream .cn uncutsouthmovies .com
smile .if .ua valentinsss .info
sunqtr .com w1543 .nb .host127-0-0-1 .com
tabs .pl woodfuelwales .com
updategr .org www-myphoto .com
vallesina .tv x21526 .nb .host192-168-1-2 .com
whyviral .com xxxtoywebsitecheap .com
x-drugs .ru yswzrjkpsp .com
zeroday .cc

lots of fraud, scam, moneymule domains to blacklist

Posted on February 23rd, 2010 in fastflux,New Domains,Phishing by dglosser

Mostly money-mule, fraud, scam domains added. Also some fast-flux and other malicious domains as well,.

See wikipedia or  f-secure for more information about money mules. Sources include www.malwareurl.com, malc0de.com, and atlas.arbor.net:

70-music .com 3000channelsplus .com
90-music .com alldigitalchannels .com
allmoviesnow .net americanautobargains .com
anti-scamco .net arequipalinda .com
aqaqaqaq .com ares-downloadnow .com
avchecker123 .com aresdownloadnow .com
bear-groupco .ws aresgalaxydownloads .com
bear-groupinc .ws autobargainsnetwork .com
bizelitt .com better-fitness .com
chaujoi .cn bloggingforsuccess .com
djbormand .cn britishsupport .net
dvdxpremium .com citizen-groupco .tw
dvdxultra .com citizen-groupco .ws
e58z .cn citizen-groupsvc .tw
elenailyina .com citizengroupinc .ws
emoore .info classic-groupco .ws
excel-groupco .tw classic-groupsvc .tw
expertbucks .com classicgroupinc .ws
fcrazy .com download .haozip .com
fivejet .com excel-groupinc .tw
fivewjet .com excel-groupinc .ws
fobsl .cn excel-groupsvc .ws
forum .d99q .cn explosioncash .com
fviejet .com file0129 .iwillhavesexygirls .com
gatemx1 .com financial-groupco .tw
gerdas .cz financial-groupco .ws
gethotgames .com financial-groupinc .tw
getpcmovies .com financial-groupsvc .ws
gidrasil .cn firewallprotector .com
goldenmac .cn free-limewire-now .com
greatan .cn getdownloadmovies .com
greenpl .com getlivebasketballtv .com
guardcom getlivefootballtv .com
hadser .cz getlivesoccertv .com
hoploawq .com globalunitrack .com
hotmusicfast .com hypnoticacolectiva .com
i-pspaccess .com imoviedownloads .net
info-bill .com internetdownloadstore .com
isoftwaretv .com kamarilloskukarekas .com
itvdownload .com magicrevenue .com
jioyfu .cz maglavais .ath .cx
jjotqkhqymp .info mahjongmuseum .com
jvoamkvyxv .info market-vision .tw
k-litetk .com market-visioninc .ws
kazz .com maxpaidsurveys .com
khalej .cn measure-groupco .tw
liulanqi .cc measure-groupco .ws
lojasdiko .com measure-groupinc .tw
love2coffee .cn measure-groupinc .ws
mail2book .in medfinanceflow .com
maniyakat .cn miamicaraccessories .com
masterpsp .com millennium-groupco .tw
me-1 .info millennium-groupinc .ws
mevsimevsim .com millennium-groupsvc .tw
moviesforpc .com millennium-groupsvc .ws
moviewiz .net monstersoftware .info
mp3review .biz moviedownloadaccess .com
mypspcenter .com moviedownloadreview .biz
mywarworld .cn moviedownloadsnow .net
nautiqa .com .sg musicplayer-downloads .com
neswbrand .com musicplayercenter .com
nit99 .biz myzunedownload .com
nmalodbp .com netpaidshopping .com
nvbgfy .cz newmovieflicks .com
order-info .com noltvoqmhoce .info
pasder .cz nuris-groupco .tw
pedersii .net nuris-groupco .ws
playtodayss .net nuris-groupinc .tw
proadware .com nuris-groupinc .ws
r7n7 .com patrickcadona .com
rep1030 .co .uk pmxjpigimsdv .info
rep1030 .me .uk qooglesearch .com
rep1031 .co .uk render-groupco .tw
rep1032 .co .uk render-groupco .ws
rep1041 .co .uk render-groupinc .tw
rep1041 .me .uk ricksmusicstore .com
rep1042 .co .uk secure .info-bill .com
rep1042 .me .uk secure .order-info .com
rep1043 .co .uk server .modulo03 .com
rep1043 .me .uk shareazasite .com
ro777 .com success-groupco .tw
rocklamanna .com success-groupco .ws
rolstop .in success-groupinc .tw
safepcav .com success-groupsvc .ws
sowner .info tbxierkoqze .info
sttcounter .cn technotronics .cn
theshipmangroup .com
top4hot .info virus-scannerdot1 .com
udaswy .cz virus-scannerdot2 .com
uijghy .cz virus-scannerdot3 .com
vexmarc .com virus-scannerdot6 .com
vjxzzqobsyz .com winter-smile .com
web-pings .com wordpressquest .com
welovetweet .com wxrzufdrzzn .info
xenonshow .gr xlgjewczfjqx .com
yuferd .cz xpresscanon-yourpc .com
zontrhost .net z130217 .infobox .ru

aurora, zeus, phishing, pushdo,rogue domains to block

Posted on February 19th, 2010 in New Domains,Phishing,rogue antivirus,Trojans,zeus by dglosser

lots of fake antivirus, aurora, zeus, and botnet domains to block. Sources include google.com safebrowsing, threatexpert.com, hosts-file.net and others:

360 .homeunix .com adobefreesoftware .com
888viet .com allstaffdefender .com
adobe-config-s3 .net antimalware-2010 .com
adwarepronow .com flashdownloadv11 .com
alt1 .homelinux .com get-spyware-destroyer .com
ameimx .com getantivirusplusnow .com
amt1 .homelinux .com global-a-security .com
anabolic-pharma .com global-b-security .com
antisgetout .cn global-c-security .com
filoups .info global-d-security .com
fireasseye .com global-z-security .com
freecapch .info google .com .analytics .egilkemecun .com
ftpaccess .cc imgyou1 .yourfreehosting .net
fuckbriankrebs .com inter0virus-scan .com
gink22hok .com inter8virus-scan .com
google .homeuni8 .com internet-free-webgames .com
google .homeunix .com just-protect-pc .info
google .homeunkx .com learnwholesalesecrets .com
guards-pc .com max-antivirus-security11 .com
guardwww .com max-antivirus-security22 .com
kinolinks .com max-antivirus-security4 .com
klalkius .com max-antivirus-security5 .com
lexusbestparts .com max-antivirus-security55 .com
loadpartners .com max-antivirus-security6 .com
max-antivirus-security7 .com
max1antispyware .com max-antivirus-security77 .com
max2antispyware .com max-antivirus-security9 .com
max4antispyware .com microantiviruslive .com
max6antispyware .com navy-antispywarea .com
max7antispyware .com pro-2in1-securityh .com
merin22 .mooo .com registrycleanersreviewed .com
mr-tr0jan .no-ip .biz remote-pc-scannerv .com
mysecurityland .com remote-pc1-scanner .com
new-av-scannera .com scan-and-destroya .com
new-system-guard .in scan-and-destroye .com
newsystem-guard .in scan-and-destroyt .com
nokrizis2 .org scan-and-destroyw .com
oduvanchic .com scan-and-destroyz .com
paymentsafety .net scan4virus-onlinea .com
pcsecurity-soft .com scan4virus-onlined .com
pidersli .net scan4virus-onlinet .com
podgribami .org scan4virus-onlinew .com
protectedfield .in scan4virus-onlinne .com
qbzq16 .com secure-plus-payments .com
remotepaybill .com secure .privatesecuredpayments .com
rescuesysupdate .com security-tool2010 .com
safetyearth .net smart-2-antispyware .com
samsonite-shop .cz smart-3-antispyware .com
scriptwb .com smart-7-antispyware .com
secondome .com smart-8-antispyware .com
securepcav .com smart-9-antispyware .com
sl1 .homelinux .org smartvirus-scan1 .com
smart-av-scan1 .com smartvirus-scan3 .com
smart-av-scan3 .com smartvirus-scan4 .com
smart-av-scan5 .com smartvirus-scan6 .com
smart-av-scan7 .com smartvirus-scan8 .com
smart-av-scan9 .com spyware-max-scan2 .com
smart1antivirus .com spyware-max-scan3 .com
smart2antivirus .com spyware-max-scan5 .com
smart4antivirus .com spyware-max-scan7 .com
spy-detectora .com spyware-max-scan9 .com
spy-detectorc .com spywaredestroyerone .com
spy-detectore .com spywaremaxscan4 .com
spy-detectorf .com spywaremaxscan6 .com
spy-detectork .com spywaremaxscan9 .com
spy-sheriff .tk spywareremovalguides .com
spywaremaxscan1 .com stop-virus-server .com
spywaremaxscan3 .com super1antispyware .com
tax .state-nm .com super4antispyware .com
tax .state-ok .com super6antispyware .com
torrentabuser .com super7antispyware .com
tyuqwer .dyndns .org update .ourhobby .com
vasd .info virus-detectora .com
vinefirebot .com virus-detectorc .com
voanews .ath .cx virus-detectord .com
warezaccess .com virus-detectorj .com
webswan .33iqst .com virus-detectort .com
windef2010 .com win6best-scanner .com
winxp7server .com windowsaltserver .com
ymail .ath .cx
The malware block lists here are provided for free for noncommercial use as part of the fight against malware. Please help to keep this site free! Donate whatever you can, all donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgement, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors
The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

100 New Domains

Posted on February 16th, 2010 in New Domains,Phishing by dglosser

Sources: www.malwaredomainlist.com, malwareint.com, abuse.ch and more:

24jd .co .cc accountlogin .saouar-ncsoft .com
384756783900 .cn ads .honestjohn .co .uk
67gr .co .tv advs .rach .com .sg
6ccc .ru antispywarecomp .com
77gr .co .tv antispywarefordummies .com
783456788839 .cn antivirus-live-one .com
aau .bij .pl antivirus-scan-wizarda .com
apsight .ru antivirus-scan-wizardc .com
arber .us antivirus-scan-wizardd .com
avalaz .info antivirus-scan-wizarde .com
bahoy .net antivirus-scan-wizardf .com
banconsol .com antivirus-wizard-d5 .com
bbcnewss .avh .cx antivirus-wizard-e6 .com
bet-portal .com antivirus2010pro .com
brainzzz .net antiviruswizard .org
camforuss .com aop1 .homelinux .com
cddvdwriter .com app1 .homelinux .com
cefincf .com archive .zinnko .be
cement-bag .com av-online-scan .org
comicscaner .cn banginbeckyblog .com
csjbo .info betgrandslam .com
driverpro .org blackhatcodebreaker .com
dsfad .in brutapukamuk .com
e-mule-it .com buy-internetsecurity .com
ecoolwatch .com clickgooglo .com
emule-it .com cnyijiaying .com .cn
farmeset .com compuguard .info
ffsvrs .com connectproxy .3322 .org
frameste .com contentcleaner .com
fraudgedt .com core2687 .downloadarchivex .com
freebest4 .info cp332308 .cpanel .tech-logol .ru
frudget .com downloadserialcrack .com
geewong .org facilsex .com .ar
gotworse .cn for-sunny-smile .com
horosta .ru forhappysex .com
jtmqypcgt .info good-spyware .com
klaikius .com google-analytics .su
kripw .com huliganseres .net
pes2009 .biz inlakehouse .com
raudget .com lehmanbrotherbankruptcy .com
repek .or .kr letitbit .zinnko .pl
securixp .com microsoft-windows-security .com
sjfdhw395t .com mynes-consultings .cn
sneakyboy .com nazarethimaging .com
sulikavan .us protectedsystem .in
textsex .biz protective-program .com
topdns241 .com securityantivirus .com
vinodelam .net useclean-atyour-sys .in
webnomoney .com winxpupdate .org
xx4b83603e .ru zanosi-bablo .com
Next Page »