Slimeware, Fraud, Scam domains
- http://www.malwaredo...rdpress/?p=2104
October 4th, 2011 - "Added over -100- slimeware, Scam, Spyeye, and other malicious domains. Sources include blog.dynamoo.com, safebrowsing.google.com..."
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Malware Domain Blocklist updated...
Started by
AplusWebMaster
, Jan 03 2011 04:02 AM
437 replies to this topic
#76
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 05 October 2011 - 06:36 AM
Slimeware, Fraud, Scam domains
- http://www.malwaredo...rdpress/?p=2104
October 4th, 2011 - "Added over -100- slimeware, Scam, Spyeye, and other malicious domains. Sources include blog.dynamoo.com, safebrowsing.google.com..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Register to Remove
#77
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 08 October 2011 - 07:42 AM
FYI...
blackhole exploit kit, fraudload, ransom, rogue domains
- http://www.malwaredo...rdpress/?p=2111
October 7th, 2011 - "Added over 100 zeus, rogue, BH Exploit Kit, FraudLoad domains. Sources include amada.abuse.ch, malwaredomainlist.com and others..."
blackhole exploit kit, fraudload, ransom, rogue domains
- http://www.malwaredo...rdpress/?p=2111
October 7th, 2011 - "Added over 100 zeus, rogue, BH Exploit Kit, FraudLoad domains. Sources include amada.abuse.ch, malwaredomainlist.com and others..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#78
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 12 October 2011 - 05:18 AM
FYI...
iframe, moneymule, rbn domains
- http://www.malwaredo...rdpress/?p=2121
October 11th, 2011 - "Added over -120- domains associated with RBN, moneymule, blackhole exploit kit… Sources include wam.dasient.com, emergingthreats.net, spamhaus.org ..."
iframe, moneymule, rbn domains
- http://www.malwaredo...rdpress/?p=2121
October 11th, 2011 - "Added over -120- domains associated with RBN, moneymule, blackhole exploit kit… Sources include wam.dasient.com, emergingthreats.net, spamhaus.org ..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#79
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 16 October 2011 - 12:31 AM
FYI...
DNS Sinkhole 10/14 Update: 129 New Domains
- http://www.malwaredo...rdpress/?p=2127
October 15th, 2011 - "Added 129 domains associated with RBN, moneymule, malspam and other malicious activity you don’t want on your personal computer or network. Sources: emergingthreats.net, blog.dynamoo.com, labs.m86security.com and others..."
DNS Sinkhole 10/14 Update: 129 New Domains
- http://www.malwaredo...rdpress/?p=2127
October 15th, 2011 - "Added 129 domains associated with RBN, moneymule, malspam and other malicious activity you don’t want on your personal computer or network. Sources: emergingthreats.net, blog.dynamoo.com, labs.m86security.com and others..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#80
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 19 October 2011 - 09:48 AM
FYI...
Over 190 malicious domains added
- http://www.malwaredo...rdpress/?p=2135
October 19th, 2011 - "Added over 190 malicious domains associated with rbn, blackholeexploit, zeus, etc. Sources include blog.dynamoo.com, malwaredomainlist.com, emergingthreats.net..."
Over 190 malicious domains added
- http://www.malwaredo...rdpress/?p=2135
October 19th, 2011 - "Added over 190 malicious domains associated with rbn, blackholeexploit, zeus, etc. Sources include blog.dynamoo.com, malwaredomainlist.com, emergingthreats.net..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#81
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 23 October 2011 - 06:49 AM
FYI...
spyeye, zeus, rbn, scam domains
- http://www.malwaredo...rdpress/?p=2140
October 22nd, 2011 - "Added -206- domains associated with rbn, zeus, botnets, etc. Sources: blog.dynamoo.com, emergingthreats.net, zeustracker.abuse.ch and many others..."
spyeye, zeus, rbn, scam domains
- http://www.malwaredo...rdpress/?p=2140
October 22nd, 2011 - "Added -206- domains associated with rbn, zeus, botnets, etc. Sources: blog.dynamoo.com, emergingthreats.net, zeustracker.abuse.ch and many others..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#82
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 26 October 2011 - 06:58 AM
FYI...
SQLi, Fastflux Botnet, Dirt Jumper and more
- http://www.malwaredo...rdpress/?p=2143
October 25th, 2011 - "Added -210- domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, malwareurl.com and others..."
SQLi, Fastflux Botnet, Dirt Jumper and more
- http://www.malwaredo...rdpress/?p=2143
October 25th, 2011 - "Added -210- domains associated with SQLi, Dirt Jumper, RBN, fast flux botnets and other maliciousness. Sources include blog.dynamoo.com, ddanchev.blogspot.com, malwareurl.com and others..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#83
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 02 November 2011 - 10:09 PM
FYI...
Urgent Block: stats1. in
- http://www.malwaredo...rdpress/?p=2156
November 2nd, 2011 - "Please add stats1. in to your blocklists... See:
- http://google.com/sa...?site=stats1.in
'... last time suspicious content was found on this site was on 2011-11-02...
Malicious software includes 103 scripting exploit(s), 59 exploit(s), 53 trojan(s)'.
We’ll block this domain tonight but you shouldn’t wait..."
Urgent Block: stats1. in
- http://www.malwaredo...rdpress/?p=2156
November 2nd, 2011 - "Please add stats1. in to your blocklists... See:
- http://google.com/sa...?site=stats1.in
'... last time suspicious content was found on this site was on 2011-11-02...
Malicious software includes 103 scripting exploit(s), 59 exploit(s), 53 trojan(s)'.
We’ll block this domain tonight but you shouldn’t wait..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#84
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 03 November 2011 - 07:17 AM
FYI...
Nov 2 Update: 167 Dangerous Domains
- http://www.malwaredo...rdpress/?p=2159
November 3rd, 2011 - "167 malicious and Dangerous Domains associated with fake jobs, malvertising, poisonivy, nitro, trojans..."
Nov 2 Update: 167 Dangerous Domains
- http://www.malwaredo...rdpress/?p=2159
November 3rd, 2011 - "167 malicious and Dangerous Domains associated with fake jobs, malvertising, poisonivy, nitro, trojans..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#85
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 07 November 2011 - 12:00 AM
FYI...
black hole exploitkit, zeroaccess & other harmful domains
- http://www.malwaredo...rdpress/?p=2166
November 5th, 2011 - "Added -118- domains associated with the Black Hole Exploit Kit, Zero Access, and other risky and harmful domains. Sources:malwareurl.com, zeustracker.abuse.ch, vxvault.siri-urz.net and others..."
black hole exploitkit, zeroaccess & other harmful domains
- http://www.malwaredo...rdpress/?p=2166
November 5th, 2011 - "Added -118- domains associated with the Black Hole Exploit Kit, Zero Access, and other risky and harmful domains. Sources:malwareurl.com, zeustracker.abuse.ch, vxvault.siri-urz.net and others..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Register to Remove
#86
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 10 November 2011 - 04:29 AM
FYI...
Blackhole Exploit, LockEmAll, Zeus Domains
- http://www.malwaredo...rdpress/?p=2170
November 9th, 2011 - "Added -119- new Zeus, trojan, “LockEmAll”, BH Exploit domains. Sources include malwareurl.com, safebrowsing.clients.google.com, malwaredomainlist.com and others…"
Blackhole Exploit, LockEmAll, Zeus Domains
- http://www.malwaredo...rdpress/?p=2170
November 9th, 2011 - "Added -119- new Zeus, trojan, “LockEmAll”, BH Exploit domains. Sources include malwareurl.com, safebrowsing.clients.google.com, malwaredomainlist.com and others…"
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#87
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 13 November 2011 - 07:06 AM
FYI...
htaccess redirects, malicious iframes, malvertising domains
- http://www.malwaredo...rdpress/?p=2175
November 12th, 2011 - "Added domains associated with malvertising, malicious javascripts, malicious iframes, htaccess redirects and more. Sources include vxvault.siri-urz.net, hphosts.nets…"
htaccess redirects, malicious iframes, malvertising domains
- http://www.malwaredo...rdpress/?p=2175
November 12th, 2011 - "Added domains associated with malvertising, malicious javascripts, malicious iframes, htaccess redirects and more. Sources include vxvault.siri-urz.net, hphosts.nets…"
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#88
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 14 November 2011 - 09:28 AM
FYI...
Immortal malware domains...
- http://www.malwaredo...rdpress/?p=2180
November 14th, 2011 - "... recertification of -237- long-lived, “immortal” malware domains... These are domains which continue to actively serve malware for months if not years. Some of these domains have been active here for more than two years. Of those 237 domains, 34, or less than 15% were removed. That means that over 85% of these long-lived domains are truly “bulletproof”, and have remained actively malicious for over two years... List of these “immortals” is here:
- http://mirror2.malwa...tal_domains.txt
Immortal malware domains...
- http://www.malwaredo...rdpress/?p=2180
November 14th, 2011 - "... recertification of -237- long-lived, “immortal” malware domains... These are domains which continue to actively serve malware for months if not years. Some of these domains have been active here for more than two years. Of those 237 domains, 34, or less than 15% were removed. That means that over 85% of these long-lived domains are truly “bulletproof”, and have remained actively malicious for over two years... List of these “immortals” is here:
- http://mirror2.malwa...tal_domains.txt
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#89
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 16 November 2011 - 05:50 AM
FYI...
Small but important update
- http://www.malwaredo...rdpress/?p=2187
November 15th, 2011 - "A small but important update… Domains associated with cve-2011-2140*, fast-flux botnets, malicious iframes, etc. were added. Sources include blog.sucuri.net, malc0de.com, dasient.com and others..."
* http://web.nvd.nist....d=CVE-2011-2140
Small but important update
- http://www.malwaredo...rdpress/?p=2187
November 15th, 2011 - "A small but important update… Domains associated with cve-2011-2140*, fast-flux botnets, malicious iframes, etc. were added. Sources include blog.sucuri.net, malc0de.com, dasient.com and others..."
* http://web.nvd.nist....d=CVE-2011-2140
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
#90
AplusWebMaster
-
- Authentic Member
-
- 10,472 posts
AplusWebMaster
- Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 23 November 2011 - 07:59 AM
FYI...
Malvertisers, Zeus, BH Exploit Domains…
- http://www.malwaredo...rdpress/?p=2196
November 21st, 2011 - "Malicious domains associated with trojans, backdoors, BH Exploit Kit, RBN malvertisments were added. Sources include malwareurl.com, xylibox.blogspot.com, scrapbook.zscaler.com, malc0de.com..."
___
- http://www.malwareurl.com/
Total domains: 251677
Total IP addresses: 42006
- http://xylibox.blogspot.com
Midlet URL's...
Landing URL's...
Screenshots ...
"... According to VirusTotal, 15 AV detect these JAR files as Java/SMSSend... And only 10 AV detect these APK files as Android/FakeInst..."
- http://www.malwaredo...ist.com/mdl.php
Page 0 1 ... 38 !
- http://scrapbook.zscaler.com/
"... a lot of emails with attachments like: Facebook_Password_#8071.zip
where the number changes to avoid spam detection.
The email message looks like:
From: "Facebook"
Subject: Facebook Service# Your account has been blocked! Order/1721..."
- http://www.blog.malc...tegory/malware/
"... link domains that were serving the same executable. What I found out in a very short period of time is the binaries are updated so frequently that this becomes almost impossible... made a few adjustments to the database which should speed up the queries... here we can find a domain hosting the Neosploit exploit pack. The domain is hosted on 75 .125.212 .58. By searching malwaregroup.com* we can see domains hosted on the same IP that are named in a similar fashion and are most likely also hosting Neosploit or being staged..."
* http://www.malwaregr...s/75.125.212.58
... 21844 THEPLANET-AS21844:
> http://www.google.co...c?site=AS:21844
"... over the past 90 days, 7863 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2011-11-23, and the last time suspicious content was found was on 2011-11-23... we found 406 site(s) on this network... that appeared to function as intermediaries for the infection of 1619 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 834 site(s)... that infected 7709 other site(s)..."
Malvertisers, Zeus, BH Exploit Domains…
- http://www.malwaredo...rdpress/?p=2196
November 21st, 2011 - "Malicious domains associated with trojans, backdoors, BH Exploit Kit, RBN malvertisments were added. Sources include malwareurl.com, xylibox.blogspot.com, scrapbook.zscaler.com, malc0de.com..."
___
- http://www.malwareurl.com/
Total domains: 251677
Total IP addresses: 42006
- http://xylibox.blogspot.com
Midlet URL's...
Landing URL's...
Screenshots ...
"... According to VirusTotal, 15 AV detect these JAR files as Java/SMSSend... And only 10 AV detect these APK files as Android/FakeInst..."
- http://www.malwaredo...ist.com/mdl.php
Page 0 1 ... 38 !
- http://scrapbook.zscaler.com/
"... a lot of emails with attachments like: Facebook_Password_#8071.zip
where the number changes to avoid spam detection.
The email message looks like:
From: "Facebook"
Subject: Facebook Service# Your account has been blocked! Order/1721..."
- http://www.blog.malc...tegory/malware/
"... link domains that were serving the same executable. What I found out in a very short period of time is the binaries are updated so frequently that this becomes almost impossible... made a few adjustments to the database which should speed up the queries... here we can find a domain hosting the Neosploit exploit pack. The domain is hosted on 75 .125.212 .58. By searching malwaregroup.com* we can see domains hosted on the same IP that are named in a similar fashion and are most likely also hosting Neosploit or being staged..."
* http://www.malwaregr...s/75.125.212.58
... 21844 THEPLANET-AS21844:
> http://www.google.co...c?site=AS:21844
"... over the past 90 days, 7863 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2011-11-23, and the last time suspicious content was found was on 2011-11-23... we found 406 site(s) on this network... that appeared to function as intermediaries for the infection of 1619 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 834 site(s)... that infected 7709 other site(s)..."
Edited by AplusWebMaster, 23 November 2011 - 10:24 AM.
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users
