sqli: Block Njukol -dot – com
We received a report that there’s a sqli injection going on with njukol . com/ r.php. Please check your web sites and add this to your block or shun list. Original Source: http://ilion.blog47.fc2.com/
Domains and IPs to Block ASAP
Two posts from the Internet Storm Center:
SQL Injection Lilupophilupop style –Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog.
Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block those IP addresses
hostexploit.com top bad hosts – 2012 Q1
We added our friends nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s Q1 report on the top bad hosts. To round things out, we also added domains flagged by sucuri as having malicious javascript or iframes.
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash) and http://dns-bh.sagadc.org/. We also have a mirror dedicated to research and Open Source Projects – contact us for details.
* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs. * These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval. * Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”! * Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar. * Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…Urgent Block: nikjju.com and best-antiviruu.de.lv
Sucuri is reporting a new Mass SQL Injection campaign. Sites are infected with the following javascript:
<script src= http://nikjju . com/r.php ></script>
which redirects to Fake/Rogue AV sites such as best-antiviruu. de. lv
Please add these sites to your blocklists and sinkholes ASAP.
iframe,sqli,cybercriminal domains
A small but important update containing domains associated with iframes, cybercriminals, zeus, and our friend lilupophilupop . com. Sources include malc0de.com, safebrowsing.google.com, www.spamhaus.org (Every source is listed in the domains.txt file)…
Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
Urgent Block: lilupophilupop-dot-com (SQL Injection)
SANs is reporting that there’s a SQLi campaign going on right now with the malicious domain lilupophilupop .com being injected into sites running MSSQL.
We will block that domain on the next update but you shouldn’t wait….
Source: http://isc.sans.edu/diary.html?storyid=12127#comment
SQLi, Fastflux Botnet, Dirt Jumper and more
Added 210 domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, www.malwareurl.com and others
(Every source is listed in the domains.txt file)
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
251 new domains: malvertising, zeus v2.0, spyeye, rogues…
251 new domains added. These domains are associated with Zeus v2.0, spyeye, rogue security, malverising, sql injection.. Sources include tristatelogic.com, vxvault.siri-urz.net, www.spamhaus.org… (Every source is listed in the domains.txt file):
0fees .net 1mmjl3l45lkjbdb .ru 19995588 .com abodeflashplayer .co .tv 27cms .eu act1floral .ce .ms 2ok .cz .cc 4r4 .cz .cc agreement52 .com 9f1 .cz .cc ameryvarlaam .ru aloveb .biz asteriadurrand .cz .cc astro-cash .biz avs-america .com atuno .it avs-industry .com avs-carter .com avs-property .com avs-elite .com avs-solutions .com avs-mobile .com avsdelivery .com avs-nevada .com avsindustry .com avs-prime .com avsphotography .com avs-retail .com avswergroup .com avs-tech .com avswerlakers .com avs-thai .com avsweronline .com avs-tract .com dietacaiberry .net avselite .com dirtyrottenwhore .com avslakers .com djevel00 .fileave .com avsretail .com drricardoyepez .org avstract .com esformofset .com avswer .com europole-formations .fr avswerxp .com financialdeposit .com bumbara .co .cc fkfxzhxxqk .cx .cc csmart .co .kr gaufridboris .ru dmzcamp .com giantsoft .co .kr eaevdgg .cz .cc googlestatick1 .cz .cc ebooksit .com googlestatick2 .cz .cc einemenge .info googlestatick3 .cz .cc elpcez .ce .ms googlestatick4 .cz .cc exbii .com gopinathabengt .ru fd5 .cz .cc hanneke37013 .cz .cc flashloads .net hideomechanic .com frankiees .ru hosting161-flash .redirectme .net frankieeus .ru hqxvideofree .com friskyvids .com idatelyfumiu .linkpc .net gamesbaidu .com img105 .herosh .com getwayshop .ru iooodarauisj .cz .cc goleleila .ir ipatoghdl .cz .cc gwynyasser .ru jasoncmeyer .ce .ms gzjianren .com jdfehxrzsbtrbiju .com h7k .in jh99-v5 .cable-modem .org hzcor .ce .ms kamarovoskolkovo .ru hzw .co .be karabasbaraba .ru jcwbqlj .cz .cc kingofpirates .co .cc ji0ns .com klubnika34his .com jsbanners7 .com kosmodromkan .ru jsbanners8 .com lakersvswer .com jwjmusic .cx .cc lcvjooxjnd .cx .cc kangnam .co .kr multimediamodifydata .in kljygsvbfs .in myobfuscate .com kol0 .com mywebspace1 .tld .tc kombek .org needble-for .findhere .org kposjuhnfs .in nowdonload .co .cc kxpeolxi .cz .cc nvhyaghjsd .cz .cc leonidyonah .ru oeuroiuasd .cz .cc lfug .co .cc officialversion .su myavswer .com ojusdtgfrshd .cz .cc myzhuzi .com olasaqyuijuk .linkpc .net newavswer .com online11news .com newinet .co .cc online11news .ru newtubes .in online12flash .com nxmtv .info online12news .com nyoflak .com online12news .ru oboi-msk .ru online13flash .com on10news .com online13news .com on10news .ru online13news .ru on11news .com online14flash .com on11news .ru online14news .com on12news .com online14news .ru on12news .ru online15flash .com on13news .com online15news .com on13news .ru online15news .ru on14news .ru online16flash .com on15news .ru online16news .com on16news .ru online16news .ru on17news .ru online17news .com on18news .ru online17news .ru on19news .ru online18news .com on1news .com online18news .ru on1news .ru online19news .com on20news .ru online19news .ru on2news .com online20news .ru on2news .ru online2flash .com on3news .com online3flash .com online1news .ru online4flash .com online2news .ru online5flash .com online3news .ru online6flash .com online4news .ru online7flash .com online5news .ru online8flash .com online6news .ru online9flash .com online7news .ru onlinehome-writer .com online8news .ru ouiqweghukas .cz .cc online9news .ru parrisherakles .ru openx .net poqlkanbbbba .cz .cc opopop23 .cz .cc qeuirigasdfg .cz .cc promoads .eu qophjgasg .cz .cc qhnfmmpp .co .cc qwechecksystem .com qwea .cz .cc realdyhelp .rr .nu qzgsl .com rjhomesolutions .com shopgetway .ru sajjadiuppiter .ru slolor .cz .cc sextubecentral .com soptnsa .co .cc sexxeschikkaxxx .serveftp .com star99 .info sexyteenage .net stephanos .ru software-avs .com theavswer .com srtjhasthae1 .cz .cc tnbzrkrm .co .cc statpdomwas .cx .cc tomaromain .ru strongmdefense .findhere .org trackups .org svatebniprani .us ubitorent .com tradekerala .com upsclients .com tubedownloader2010 .com upstrack .net tunes-new-online-downloads .com ushcime .com tvmovie-sale .com vaccineu .com tvsportschannel .com webwarper .net tweeter001 .co .cc whitesmoke .com usps .com .trackr04 .com whitesmoke .us viautytdsfs .cz .cc wogehed .cz .cc videospornodetv .com xdnsrv .com vtqssamktp .cx .cc xrtik .ipq .co wait-50-seconds .cz .cc xts-1a .noc .su web-worldmap .com zalsdre .vv .cc whitesmoke .co .il zamhuxnh .cz .cc ydimefanilyju .linkpc .net zeckzer .ce .ms yhonaguecisy .publicvm .com zojozvrm .co .cc
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Please download files from main mirror: http://mirror1.malwaredomains.com/files/
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
Malvertising, rbn, rogue, sql injection domains
Added over 200 domains associated with malvertising, Rogue/fake security, sql injection, etc. Sources include blog.dynamoo.com, community.websense.com, research.zscaler.com (Every source is listed in the domains.txt file):
azetuair .cc 77-platform .net baooe0 .com badodybeqyk .com baooe1 .com bestbanners1 .in baooe2 .com bestbanners2 .in bazagg .cz .cc bestbanners3 .in bedioger .com bestbanners4 .in bhbdzmjy .co .tv bestbanners5 .in bookaros .com bestbanners6 .in bookarra .com bestbanners7 .in bookdolo .com bestbanners8 .in bookfula .com bestbanners9 .in bookgusa .com bocikivihepiqa .com bookmonn .com bunizywytyg .com bookmono .com clanthefallen .com bookmylo .com creditsofast .com bookpolo .com dead-melpomene .com booksgou .com ecxajgff .co .tv booksoco .com eddddbzm .co .tv bookvivi .com enukunaziha .com bookvoxy .com eqezifebawe .com bookzoul .com farelfusion .com bookzula .com fkejoten .co .tv bqhfvvdn .co .tv gb-offerlist .com c8s2 .com greenhopengo .com cbneehtm .co .tv hamobamaduro .com ccjayplh .co .tv hepotevena .com cjr001 .com herovidacege .com dbonis .com high-webtraffic .com demivee .in hocxhnrl .co .tv divinemeb .com hydezerirevy .com drber0 .com hydyfiliduzun .com drber1 .com ibyfolyzijym .com drber2 .com itzqmiip .co .tv drber3 .com jawynuvejeqini .com drber4 .com jazafibyho .com drber5 .com jiqixylexut .com drber6 .com jujbytqe .co .tv drber7 .com jyviziwopakisy .com drber8 .com keepitunreal .in drber9 .com kolifixewitiq .com dzedshuw .co .tv kovejyvymuzi .com efidaxamo .com lajogitytudaxo .com erdvjn1 .com linuxbanners1 .in erdvjn2 .com linuxbanners4 .in erdvjn6 .com linuxbanners5 .in erdvjn8 .com linuxbanners6 .in erdvjn9 .com linuxbanners7 .in erlvn0 .com lucuhojivinu .com erlvn1 .com mediabulker .com erlvn2 .com mehyqibugyluf .com erlvn3 .com mentorcentral .com erlvn4 .com mentorcentral .net erlvn5 .com milotynabojavo .com erlvn6 .com mipituhamys .com erlvn7 .com misyneqewetypo .com erlvn8 .com msor72-gate1 .vv .cc erlvn9 .com mzpupkqo .co .tv f10 .xl .cx neddhilr .co .tv f8d3 .net okvmodps .co .tv findclear .org orrick-media .eu findstiff .org pacugegyfeheka .com h94 .org pboysxaj .co .tv hurdana .cx .cc pijynazerud .com lawujocot .com pivysegocide .com legse .co .cc premium-support-2011 .com macbanners .in premiumsupport2011 .com mediawork .com qbzaqmse .co .tv nopirekuz .com rblvsbht .co .tv paybal .com rowxhoai .co .tv q9z4 .com rvcxwsmt .co .tv qubmoviez .com sbzjrszn .co .tv rappour .in scoregaskets .com replity .in searchcruel .org ripplig .in searchgrubby .org s9w3 .com smartsecuritybox .com s9w3 .net sositawidapezi .com sgsge0 .com sweetnovelty .com sgsge2 .com tesonugixamys .com sgsge3 .com testosploitron .cx .cc sgsge4 .com thingortwo .com sgsge5 .com tikytudububy .com sgsge6 .com traffic-dc .com sgsge7 .com trjmytqlnhyovlpv .com sgsge8 .com vakatesumuhor .com sgsge9 .com vusysogirebymy .com sharkpork .com vuvamewakoq .com smrbr0 .com vyzaraputifyb .com smrbr3 .com wamikopyzoqah .com smrbr8 .com wekabamysugamy .com smrbr9 .com windowsbanners .in t9i2 .org wkrfgzoc .co .tv t9i3 .com wkydwlkk .co .tv t9i3 .org xazofeberus .com tuartma .in xfrfrwjd .co .tv uev1 .co .cc xipagymofi .com uralgaz .ru xisebozenaj .com uxuvoxogy .com xnnblhid .co .tv videoskk .org zarqqasx .co .tv y8r5 .com zhkeinzr .co .tv yjybocore .com zonsolemonito .com zapppo1 .org zzxfyrru .co .tv zyfovubyv .com
Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs.
This malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Please download files from main mirror: http://mirror1.malwaredomains.com/files/
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…