Malware Domain List

WARNING: All domains on this website should be considered dangerous. If you do
not know what you are doing here, it is recommended you leave right away. This
website is a resource for security professionals and enthusiasts.

Page 0 1 ... 22

Date (UTC)	Domain	IP	Reverse Lookup	Description	Registrant	ASN
⇑ ⇓	⇑ ⇓	⇑ ⇓	⇑ ⇓	⇑ ⇓	⇑ ⇓	⇑ ⇓
2010/09/15_17:18	update.onescan.co.kr/setupa/onescansetup.exe	115.68.13.152	-	fake av	å : ijong1255@nate.com	38700
2009/06/25_00:00	hanulsms.com	124.217.216.40	-	directs to exploits	zzigger@naver.com	38661
2015/01/13_14:47	maxisoft.co.uk/taxadmin/get_doc.html	192.185.111.220	ns539.websitewelcome.com.	Compromised site, leads to exploit	Zircon Ventures Ltd / -	20013
2016/09/05_09:37	evans.babajilab.in/specimen/1479491/tire-something-detect-five-what-knot-unknown-entertain-stiff	85.143.219.181	60567.simplecloud.club.	exploit kit	Zimong Software Private Limited Zimong Software Private Limited / info@zimong.com	201848
2009/05/28_00:00	zkic.com	174.37.172.162	www.se.parahost.com.	directs to exploits	zhirong yang cdyzr@yahoo.com.cn	36351
2016/07/12_13:19	www.ywvcomputerprocess.info/errorreport/ty5ug6h4ndma4/	103.224.212.222	lb-212-222.above.com.	fake alert page	ywvcomputerprocess.info@domainsbyproxy.com	133618
2013/12/20_15:23	www.zctei.com/date/9377chiyue_Y_Cdcr1124.exe	122.225.107.85	-	Win32/Trojan.Spy	ythappyboy@163.com	4134
2009/09/19_00:00	www.whitesports.co.kr	211.202.2.17	web-7.blueweb.co.kr.	iframe directs to LuckySploit	yoon1092@hotmail.com	9318
2009/05/22_00:00	sn-gzzx.com	222.76.215.12	-	Exploits	y113991122@yahoo.com.cn	4134
2012/07/03_13:17	wetjane.x10.mx/	69.175.121.66	boru.x10hosting.com.	Java exploit	x10 Hosting / % by email at ayuda@nic.mx .	32475
2013/02/11_08:24	www.offerent.com/tmp/5lro65.php?receipt_print=825_417011330	200.58.119.30	texila.dattaweb.com.	trojan inside zip file	www.offerent.com / walterpbook@gmail.com	27823
2009/11/15_16:09	www.wrestlingexposed.com/faq.php?t=bleach-244-english-sub	67.20.108.63	67-20-108-63.bluehost.com.	redirects to Rogue if referer is a search engine	wrestlingexposed.com / whois@emailaddressprotection.com	11798
2011/04/01_04:46	www.widestep.com/files/ws_qk_install.exe	205.186.183.224	ekiaioocks.gs07.gridserver.com.	Win32/Agent.HSDNOGR	widestep@mail.ru	31815
2014/12/03_08:50	getdatanetukscan.info/sp32_64_10044639319006172375.exe	85.17.73.28	-	Trojan.FakeMS	WhoisProtectService.net PROTECTSERVICE, LTD. / getdatanetukscan.info@whoisprotectservice.net	16265
2014/12/03_08:50	getdatanetukscan.info/sp32_64_3491943367355003623.exe	85.17.73.28	-	Trojan.FakeMS	WhoisProtectService.net PROTECTSERVICE, LTD. / getdatanetukscan.info@whoisprotectservice.net	16265
2009/06/14_00:00	luckyeffect.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / f974291e6c834cb58b61da35ee0a825c.protect@whoisguard.com	24971
2009/06/14_00:00	luckysure.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / e292ee43d78142ada7bc024ac5f0fed7.protect@whoisguard.com	24971
2009/06/14_00:00	luckyblank.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / e09201274974449886ada169b50d5879.protect@whoisguard.com	24971
2009/06/14_00:00	luckypure.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / befe020f9cc8404d8696e8f255d0eadc.protect@whoisguard.com	24971
2009/06/14_00:00	luckyshine.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / a45a009dbed24caf8d5c337e097c367b.protect@whoisguard.com	24971
2014/02/19_08:08	fallencrafts.info	37.59.68.26	-	Multiple.Malware	WhoisGuard Protected / a2947cc98e68415b983f81ded9e98f3e.protect@whoisguard.com	16276
2009/06/14_00:00	luckysuccess.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / 92f381eb474e400f91bbe7a831dc9e82.protect@whoisguard.com	24971
2009/06/14_00:00	luckyclean.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / 7e0c10ad0bb648489573b22a28f86594.protect@whoisguard.com	24971
2014/03/11_22:39	ukonline.hc0.me/new.exe	5.135.127.68	-	Win32/Injector.Autoit.ABQ trojan	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	ukonline.hc0.me/Host.exe	5.135.127.68	-	Win32/Spy.Agent.NYU trojan	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/CPUMiner.files	5.135.127.68	-	Trojan.PlasmaRAT.Miner	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	ukonline.hc0.me/Host.exe	5.135.127.68	-	DR/AutoIt.Gen2	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	ukonline.hc0.me/new.exe	5.135.127.68	-	DR/AutoIt.Gen2	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	mylondon.hc0.me/Panel/	5.135.127.68	-	Solar EK	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/login.php	5.135.127.68	-	PlasmaRAT ACP	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/YACMiner.files	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/Ufasoft.files	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/Miner.txt	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/jhProtominer.files	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/GPUMiner.files	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2014/03/11_22:39	somethingnice.hc0.me/Miner/CPUMiner.files	5.135.127.68	-	Trojan.PlasmaRAT	WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com	16276
2009/06/14_00:00	luckyhalo.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / 5ef888c31e574ee39bec8149621cbd2b.protect@whoisguard.com	24971
2009/06/14_00:00	luckytidy.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / 1ae7e16139f64a14a63beedbc44bd4bf.protect@whoisguard.com	24971
2009/06/14_00:00	luckyclear.info	89.185.228.15	ex14.exmasters.com.	directs to rogue	WhoisGuard Protected / 1ad83c2f5960476583b10b7bf18fbccf.protect@whoisguard.com	24971
2015/12/20_11:16	eeps.me/	208.67.23.26	h155.cpanellogin.net.	ESET phishing	WhoisGuard Protected / 16c2a1b16681459e91467194536acdbf.protect@whoisguard.com	3257
2009/05/23_00:00	timothycopus.aimoo.com	74.52.179.179	b3.b3.344a.static.theplanet.com.	directs to trojan	WhoisGuard / 2cb93a446cab4816bf9b3dbf18d9b3c2.protect@whoisguard.com	21844
2009/11/15_16:09	www.purplehorses.net/?page=bleach-244-online	69.89.19.200	19-200.bluehost.com.	redirects to Rogue if referer is a search engine	whois@bluehost.com	11798
2009/11/15_16:09	www.wildsap.com/?kkk=bleach-episodes-244	69.89.31.59	box259.bluehost.com.	redirects to Rogue if referer is a search engine	whois@bluehost.com	11798
2009/11/15_16:09	be-funk.com/?kkk=bleach-244-english-sub	69.89.18.20	box20.bluehost.com.	redirects to Rogue if referer is a search engine	whois@bluehost.com	11798
2009/11/15_16:09	revistaelite.com/?topic=bleach-244-english-sub	69.89.22.116	box116.bluehost.com.	redirects to Rogue if referer is a search engine	whois@bluehost.com	11798
2009/11/15_16:09	revistaelite.com/?topic=bleach-244-raw	69.89.22.116	box116.bluehost.com.	redirects to Rogue if referer is a search engine	whois@bluehost.com	11798
2009/12/04_19:56	www.doctor-alex.com/files/SetupDrAlex.exe	69.89.20.48	box48.bluehost.com.	Rogue	whois@bluehost.com	11798
2009/09/24_00:00	purethc.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	wHd9hT@privacypost.com	23352
2009/09/24_00:00	typeofmarijuana.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	trafficgrowth.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	thcvaporizer.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	roorbong.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	thcextractor.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	potvaporizer.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	portablevaporizer.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	cannabispicture.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2009/09/24_00:00	cannabislyric.com/	204.93.171.26	web01.snaago.com.	obfuscated script directs to exploits	WF / mark@tig.eu	23352
2016/06/06_10:17	welington.info/	187.17.111.101	-	iframe on compromised site leads to EK	Welington dos Santos Silva / welington.silva@hotmail.com.br	7162
2014/05/27_04:02	nctbonline.co.uk/InvoiceCopy.scr	37.9.169.15	lb-proxy-13.websupport.sk.	Trojan.Zbot	Websupport, s.r.o. / -	51013
2009/06/29_00:00	vocational-training.us	216.8.179.24	ptr-216-8-179-24.ptr.nextdimensioninc.com.	directs to exploits	webmaster@okcontentweb.com	13727
2011/03/12_14:57	vkont.bos.ru	194.186.208.8	as3.centre.ru.	Trojan	web@centre.ru	3216
2009/06/25_00:00	web-olymp.ru	81.176.232.104	server4.neoweb.ru.	directs to exploits	web-webolymp@yandex.ru	8342
2009/06/29_00:00	warco.pl	81.2.200.162	host-81-2-200-162.alpha.pl.	directs to exploits	warco.pl	24806
2009/06/28_00:00	sbnc.hak.su/spread.txt	91.189.81.71	www2.wen.ru.	RFI	wapplanet@mail.ru	8342
2009/07/21_00:00	plengeh.wen.ru/id.txt	91.189.80.71	www.wen.ru.	RFI	wapplanet@mail.ru	8342
2014/12/03_08:50	xicaxique.com.br/catalog/view/theme/default/image/image102.jpg	200.219.249.162	static.200.219.249.162.datacenter1.com.br.	Trojan.Banker.DE	Vincent Comercio Eletroeletronico Ltda / registro@br2001.com.br	16397
2009/05/20_00:00	rupor.info	62.149.12.191	rupor.info.	redirects to exploits	Viktor Tjutjun / support@rupor.info	15497
2009/09/26_00:00	vernoblisk.com	67.228.85.201	hostica.com.	compromised site directs to exploits	Vern Oblisk Bail Bonds / voblisk@tampabay.rr.com	36351
2016/05/30_16:31	buildviet.info/servicer/fattura/	123.30.240.66	static.vdc.vn.	redirects to trojan download at SugarSync	VDC Online / domain@vdc.com.vn	45899
2009/05/18_00:00	crackspider.us/toolbar/install.php?pack=exe	85.159.233.47	-	Adware.Cracksearch.A	Varavva Brothers Ltd. / bestserials@mail.ru	43350
2014/09/16_09:59	luchtenbergdecor.com.br/cythsfonuj/sijnkzotme.js	186.202.56.110	CPROHWIN0190.locaweb.com.br.	Compromised site (Natwest malspam campaign), leads to Upatre	VALDENIR TORRES E SILVA / valdenirtorres@ig.com.br	27715
2014/09/16_09:59	luchtenbergdecor.com.br/gcbelfuqbk/ygjbemlcsd.js	186.202.56.110	CPROHWIN0190.locaweb.com.br.	Compromised site (DHL malspam campaign), leads to Upatre	VALDENIR TORRES E SILVA / valdenirtorres@ig.com.br	27715
2009/07/21_00:00	www.usaenterprise.com/images/images.txt	212.70.224.183	virtweb-cms.nethouse.it.	RFI	usa enterprise / usainfo@virgilio.it	16141
2013/12/09_11:11	amu.twobox4addon.info/rachel/	162.210.192.5	-	Leads to Win32/InstallRex	TWOBOX4ADDON.INFO@domainsbyproxy.com	30633
2009/06/30_00:00	tk-gregoric.si	91.185.202.90	mail.internetstoritve.com.	directs to exploits	turisticna.kmetija.gregoric@siol.net	41828
2009/07/21_00:00	www.freewebtown.com/atakus/Nokia/BotNetNew.txt	208.75.230.43	www.freewebtown.com.	RFI	Tulip Systems / abuse@tulix.com	36820
2013/10/31_18:23	www.blueimagen.com/Attachment/Invoice-List2013-10-20-Copy.jar	65.99.225.72	server79.neubox.net.	Trojan.AdWind	Tools Ideas Enter (staff@toolsideascreativas.com)	36024
2014/02/07_16:49	www.3peaks.co.jp/1.html	211.19.24.235	usr235.g024.nabic.jp.	Leads to exploit at jolygoestobeinvester.ru	three@soho-net.ne.jp	23641
2009/09/16_00:00	www.professionalblackbook.com/	96.30.28.181	host.disantolaw.com.	obfuscated iframe directs to exploits	The Corporate and Real Estate Law Group, P.L. / bethdesanto@yahoo.com	19066
2013/07/25_06:31	server1.extra-web.cz/dbm.exe	212.80.69.55	xhosting.cz.	trojan	tefan Ihnat / stefan.ihnat@email.cz	29208
2016/10/13_14:03	elmissouri.fr/data.dpg	213.186.33.50	cluster017.ovh.net.	ransomware	tech@ovh.net	16276
2009/06/29_00:00	titon.info	212.36.9.10	ns1.tophostbg.net.	directs to exploits	Tania Terzieva / tania_terzieva@abv.bg	39388
2013/08/07_18:57	saemark.is/wp-content/plugins/wp-sts.php	212.30.229.50	-	Leads to exploit	Sæmark-Sjávarafurðir ehf / siggi@saemark.is	44515
2013/08/07_18:57	www.saemark.is/wp-content/plugins/wp-sts.php	212.30.229.50	-	Leads to exploit	Sæmark-Sjávarafurðir ehf / siggi@saemark.is	44515
2016/01/18_14:18	www.rst-velbert.de/	91.184.35.130	merkur.incoweb.de.	iframe on compromised site leads to EK	support@incoweb.de	34225
2014/02/07_17:00	corroshield.estb.com.sg/1.html	203.125.76.84	ns2.e-dir.com.sg.	Leads to exploit at jolygoestobeinvester.ru	support@e-dir.com	3758
2009/06/29_00:00	svetyivanrilski.com	212.36.9.1	ns5.tophostbg.net.	directs to exploits	Stilian Nikolov / st.nikolov@gmail.com	39388
2016/06/28_20:52	www.alphamedical02.fr/	94.23.236.74	ns308230.ip-94-23-236.eu.	iframe on compromised site leads to EK	stephane.louis@impaakt.fr	16276
2011/02/02_18:13	www.spris.com/images/log.txt	210.114.221.53	-	IE exploit	spris corp. / koo bonghoe wkpark@kumkang.com	4670
2009/09/12_00:00	sportsulsan.co.kr/poll/aipi/id.txt	211.171.231.215	sportsulsan.co.kr.	RFI	sportsulsan@hanmail.net	3786
2014/04/02_08:53	www.gmcjjh.org/DHL	198.252.70.200	stats.green.mysitehosted.com.	Document.zip Trojan.Kryptic	Somnath gmjjh / rexinfosolution@gmail.com	36351
2016/03/08_10:58	stopmeagency.free.fr/9uj8n76b5.exe	212.27.63.112	perso112-g5.free.fr.	trojan	skolaric@online.net	12322
2009/06/07_00:00	hotspot.cz	93.185.104.30	www20.pipni.cz.	directs to exploits	Simon Zaruba / simzaruba@seznam.cz	43541
2016/08/29_14:25	unlink.altitude.lv/vdgqb3.html	93.190.140.162	customer.worldstream.nl.	gateway to EK	siaaltitude@gmail.com	49981
2014/05/27_04:02	demo.vertexinfo.in/conclusione/dettagli.zip	109.203.112.170	-	Trojan.Extension.Exploit	Shrikant Swami / srikantsr@gmail.com	29550
2014/05/27_04:02	demo.vertexinfo.in/conclusione/dettagli.zip?formazione@feldenkrais.it	109.203.112.170	-	Trojan.Zbot	Shrikant Swami / srikantsr@gmail.com	29550
2014/05/27_04:02	demo.vertexinfo.in/conclusione/dettagli.zip?formazione%20at%20feldenkrais.it	109.203.112.170	-	Trojan.Zbot	Shrikant Swami / srikantsr@gmail.com	29550
2013/07/11_02:06	malest.com	208.115.233.154	154-233-115-208.static.reverse.lstn.net.	Leads to fake Google Chrome	shihengzhong@web.de	46475
2014/07/15_08:58	jue0jc.lukodorsai.info/dpta5n0tp2	192.200.105.135	192-200-105-135.static.gorillaservers.com.	exploit kit	shelly burch / qahumvfdfku@hotmail.com	53850
2013/08/02_13:16	nutnet.ir/dl/nnnew.txt	64.79.83.14	-	Leads to exploit	Seyed Alireza Miri Lavasani / SAML_ROMMEL@YAHOO.COM	10297

Page 0 1 ... 22

You can find an overview of downloadable lists here

Search:			Results to return:		Include inactive sites