Malware Domain List

WARNING: All domains on this website should be considered dangerous. If you do
not know what you are doing here, it is recommended you leave right away. This
website is a resource for security professionals and enthusiasts.

Date (UTC)	Domain	IP	Reverse Lookup	Description	Registrant	ASN
2012/02/04_10:13	neoprenolen.com/pony/gate.php	74.207.228.136	li70-136.members.linode.com.	zeus drop zone	JESSICA PLATT / bitbitbord@rocketmail.com	3595
2012/02/04_10:13	driscocity.com/chin.exe	72.29.74.11	plexi.surpasshosting.com.	zeus trojan	Chris Driscoll / -	33182
2012/02/04_10:13	dive-west.com/chin.exe	216.59.5.99	golf.unisonplatform.com.	zeus trojan	Dive West / info@dive-west.com	36167
2012/02/04_10:13	-	221.5.251.236/xampp/1/bot.exe	-	zeus trojan	-	4837
2012/02/04_10:13	-	221.5.251.236/xampp/1/gate.php	-	zeus drop zone	-	4837
2012/02/04_10:13	-	221.5.251.236/xampp/1/config.bin	-	zeus config file	-	4837
2012/02/04_10:13	eurostats2012.net/melt.exe	213.205.38.24	client-sh-4.hosting.tiscali.it.	zeus trojan	SCHIETROMA LIVIO (LIVIOSCH52095) / jsl14@live.it	8612
2012/02/04_10:13	airportsys.com/melt.exe	27.54.85.33	plesk2-virtual.per.syra.net.au.	zeus trojan	Email Address.......: steven@zerospace.com.au	38719
2012/02/04_10:13	airplains.com/melt.exe	69.24.208.13	venus.sumnercomm.net.	zeus trojan	Air Plains Services / kledesma@AIRPLANES.COM	19526
2012/02/04_09:57	ooopesimvrru.com/w.php?f=26&e=2	92.86.41.151	adsl92-86-41-151.romtelecom.net.	trojan Sinowal	Tofan Cornel / tofarwh34@hotmail.com	9050
2012/02/04_09:57	ooopesimvrru.com/index.php?tp=001e4bb7b4d7333d	89.45.6.101	-	Blackhole exploit kit	Tofan Cornel / tofarwh34@hotmail.com	35820
2012/02/04_09:57	peytcswofn.com/w.php?f=26&e=2	147.162.42.41	liv41.lettere.unipd.it.	trojan Sinowal	CAROLYN JENNINGS / carol77jenn@hotmail.com	137
2012/02/04_09:57	peytcswofn.com/index.php?tp=001e4bb7b4d7333d	178.250.34.63	client-178-250-34-63.inturbo.lt.	Blackhole exploit kit	CAROLYN JENNINGS / carol77jenn@hotmail.com	28679
2012/02/03_22:06	oiercpcmosgg.com/w.php?f=26&e=2	83.82.253.137	5352FD89.cm-6-3d.dynamic.ziggo.nl.	trojan Sinowal	Susan Sabelli / sussabbe53y@hotmail.com	9143
2012/02/03_22:06	oiercpcmosgg.com/index.php?tp=001e4bb7b4d7333d	82.38.216.200	cpc1-wake2-0-0-cust199.barn.cable.virginmedia.com.	Blackhole exploit kit	Susan Sabelli / sussabbe53y@hotmail.com	5089
2012/02/03_17:46	namesservers.org/xml.php	92.241.191.176	-	zeus v2 drop zone	chang chen / ftgy23fge@126.com	41947
2012/02/03_17:46	namesservers.org/ssl.exe	92.241.191.176	-	zeus v2 trojan	chang chen / ftgy23fge@126.com	41947
2012/02/03_17:46	namesservers.org/static.html	92.241.191.176	-	zeus v2 config file	chang chen / ftgy23fge@126.com	41947
2012/02/03_17:41	trinehpctoc.com/w.php?f=26&e=2	176.198.176.97	ip-176-198-176-97.unitymediagroup.de.	trojan Sinowal	SUZANNE STEWART / susanser4y@hotmail.com	20825
2012/02/03_17:41	trinehpctoc.com/index.php?tp=001e4bb7b4d7333d	84.31.179.49	541FB331.cm-5-8c.dynamic.ziggo.nl.	Blackhole exploit kit	SUZANNE STEWART / susanser4y@hotmail.com	9143
2012/02/03_17:41	tr.hyundaita.com/w.php?f=16&e=2	79.132.67.141	ip-79-132-67-141.ngn.lv.	Zeus/ICE-X trojan	Domains By Proxy, LLC / -	20910
2012/02/03_17:41	tr.hyundaita.com/main.php?page=f01569c984bcc11c	79.132.67.141	ip-79-132-67-141.ngn.lv.	Blackhole exploit kit	Domains By Proxy, LLC / -	20910
2012/02/03_10:03	-	188.66.6.166/content/fdp2.php?f=26	host-6-166.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.165/content/fdp2.php?f=26	host-6-165.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.164/content/fdp2.php?f=26	host-6-164.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.163/content/fdp2.php?f=26	host-6-163.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.162/content/fdp2.php?f=26	host-6-162.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.166/content/fdp1.php?f=26	host-6-166.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.165/content/fdp1.php?f=26	host-6-165.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.164/content/fdp1.php?f=26	host-6-164.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.163/content/fdp1.php?f=26	host-6-163.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.162/content/fdp1.php?f=26	host-6-162.	PDF Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.166/content/v1.jar	host-6-166.	Java Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.165/content/v1.jar	host-6-165.	Java Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.164/content/v1.jar	host-6-164.	Java Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.163/content/v1.jar	host-6-163.	Java Exploit, part of Blackhole exploit	-	196743
2012/02/03_10:03	-	188.66.6.162/content/v1.jar	host-6-162.	Java Exploit, part of Blackhole exploit	-	196743
2012/02/03_09:35	-	65.75.178.136/Home/	ip-65-75-178-136.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.132/Home/	ip-65-75-176-132.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.79/Home/	ip-65-75-176-79.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.46/Home/	ip-65-75-176-46.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.23/Home/	ip-65-75-176-23.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.22/Home/	ip-65-75-176-22.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.21/Home/	ip-65-75-176-21.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.20/Home/	ip-65-75-176-20.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.19/Home/	ip-65-75-176-19.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.16/Home/	ip-65-75-176-16.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.3/Home/	ip-65-75-176-3.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.173/Home/	ip-65-75-176-173.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.74/Home/	ip-65-75-176-74.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.68/Home/	ip-65-75-176-68.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.173/Home/	ip-65-75-176-173.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.176.158/Home/	ip-65-75-176-158.local.	Exploit	-	36444
2012/02/03_09:35	-	65.75.178.136/Home//files/16	ip-65-75-178-136.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.132/Home//files/16	ip-65-75-176-132.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.79/Home//files/16	ip-65-75-176-79.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.46/Home//files/16	ip-65-75-176-46.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.23/Home//files/16	ip-65-75-176-23.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.22/Home//files/16	ip-65-75-176-22.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.21/Home//files/16	ip-65-75-176-21.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.20/Home//files/16	ip-65-75-176-20.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.19/Home//files/16	ip-65-75-176-19.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.16/Home//files/16	ip-65-75-176-16.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.3/Home//files/16	ip-65-75-176-3.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.173/Home//files/16	ip-65-75-176-173.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.74/Home//files/16	ip-65-75-176-74.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.68/Home//files/16	ip-65-75-176-68.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.173/Home//files/16	ip-65-75-176-173.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_09:35	-	65.75.176.158/Home//files/16	ip-65-75-176-158.local.	Trojan:Win32/FakeSysdef	-	36444
2012/02/03_08:04	cstuonooite.com/w.php?f=26&e=2	190.191.94.45	45-94-191-190.cab.prima.net.ar.	trojan Sinowal	Louis Burgess / burdf3h4hh@hotmail.com	10481
2012/02/03_08:04	cstuonooite.com/index.php?tp=001e4bb7b4d7333d	146.52.124.46	146-52-124-46-dynip.superkabel.de.	Blackhole exploit kit	Louis Burgess / burdf3h4hh@hotmail.com	31334
2012/02/03_02:44	tiendabebemimos.com/JHgfzcjv/js.js	93.93.116.37	syl1017.sync-intertainment.com.	Leads to Blackhole exploit	Encode / casper_z3@hotmail.com	20718
2012/02/03_02:44	thefocuspointphotography.com/JNZXp3ea/js.js	174.132.149.57	-	Leads to Blackhole exploit	Bill Powers / support@hostgator.com	21844
2012/02/03_02:44	successwithsoftware.com/49qKHzro/js.js	76.74.128.80	hp70.hostpapa.com.	Leads to Blackhole exploit	Sophie Lloyd / domains@hostpapasupport.com	13768
2012/02/03_02:44	skodamene.no/CLFtSEyG/js.js	78.46.41.74	cpanel26.proisp.no.	Leads to Blackhole exploit	Email Address..............: tove@nordstad.net	24940
2012/02/03_02:44	produccionesqueens.com/acFv9BmL/js.js	87.106.204.37	clienteservidor.es.	Leads to Blackhole exploit	javier.maza@juntadeandalucia.es	8560
2012/02/03_02:44	mobilae.ialex.nl/w4AUx9Hz/index.html	83.98.197.57	plesk.digitpaint.nl.	Leads to Blackhole exploit	-	25525
2012/02/03_02:44	hakkabout.com/search.php?page=73a07bcb51f4be71	96.126.117.251	li342-251.members.linode.com.	Blackhole exploit	Carol Goodrich / info@seafarermotel.com	21844
2012/02/02_20:56	enormousw1illa.com/nl-in.php?nnn=556	194.28.114.102	h102-114.net.lan-rybnitsa.com.	redirects to fake av	Dan Brown / admin@ens122zzzddazz.com	48691
2012/02/02_20:41	ww.hanbokdress.com/w.php?f=16&e=2	193.19.242.198	193.19.242.198.comfoplace.net.	Zeus/ICE-IX trojan	windchicago / -	48964
2012/02/02_20:41	ww.hanbokdress.com/main.php?page=f01569c984bcc11c	193.19.242.198	193.19.242.198.comfoplace.net.	Blackhole exploit kit	windchicago / -	48964
2012/02/02_19:53	nicesextubes.co/w.php?f=18&e=6	184.82.49.189	184-82-49-189.static.hostnoc.net.	trojan	Domain Discreet / 39fb8bed0a161220124d0cd2b3b1a58d@domaindiscreet.com	21788
2012/02/02_19:53	nicesextubes.co/main.php?page=d8a857dd74ea601d	184.82.49.189	184-82-49-189.static.hostnoc.net.	Blackhole exploit kit	Domain Discreet / 39fb8bed0a161220124d0cd2b3b1a58d@domaindiscreet.com	21788
2012/02/02_19:53	oliffkreyg.com/w.php?f=22&e=2	95.211.105.142	hosted-by.leaseweb.com.	Zeus/ICE-IX trojan	contact@privacyprotect.org	16265
2012/02/02_19:53	oliffkreyg.com/vbforum.php?page=f068f027fa35073f	95.211.105.142	hosted-by.leaseweb.com.	Blackhole exploit kit	contact@privacyprotect.org	16265
2012/02/02_19:36	12-12.net/c.php?f=42&e=2	91.211.117.83	-	Zeus/ICE-IX trojan	Emily Gilday / emily.gilday@yahoo.com	48587
2012/02/02_19:36	12-12.net/staticx.php?dobclas=aa899567db0f74f5	91.211.117.83	-	Blackhole exploit kit	Emily Gilday / emily.gilday@yahoo.com	48587
2012/02/02_17:53	u80d.info/c.php?f=42&e=2	91.211.117.83	-	trojan	Keila Andreina Rodriguez / Keila.Andreina@aol.com	48587
2012/02/02_17:53	u80d.info/staticx.php?dobclas=aa899567db0f74f5	91.211.117.83	-	Blackhole exploit kit	Keila Andreina Rodriguez / Keila.Andreina@aol.com	48587
2012/02/02_16:22	down.adobe-updates.net/update.exe	122.155.13.130	-	zeus trojan	hao cheng ncjbhsk@msn.com	9931
2012/02/02_16:22	adobe-updates.net/w.php?f=20&e=6	203.170.193.102	-	zeus trojan	hao cheng ncjbhsk@msn.com	9891
2012/02/02_16:22	adobe-updates.net/track.php?id=0441c70b56095539	203.170.193.102	-	Blackhole exploit kit	hao cheng ncjbhsk@msn.com	9891
2012/02/02_09:00	utteoeogrp.com/w.php?f=26&e=2	89.46.221.41	89-46-221-41.telecomromania.ro.	trojan Sinowal	Susan Sabelli / sussabbe53y@hotmail.com	44682
2012/02/02_09:00	utteoeogrp.com/index.php?tp=001e4bb7b4d7333d	46.129.85.151	46-129-85-151.dynamic.upc.nl.	Blackhole exploit kit	Susan Sabelli / sussabbe53y@hotmail.com	6830
2012/02/02_07:26	sooepoppcowr.com/w.php?f=26&e=2	188.194.118.52	188-194-118-52-dynip.superkabel.de.	trojan Sinowal	Susan Sabelli / sussabbe53y@hotmail.com	31334
2012/02/02_07:26	sooepoppcowr.com/index.php?tp=001e4bb7b4d7333d	85.233.41.216	85.233.41.216.dynamic.cablesurf.de.	Blackhole exploit kit	Susan Sabelli / sussabbe53y@hotmail.com	35244
2012/02/01_22:25	ctaoaamjee.com/w.php?f=26&e=2	84.25.61.2	54193D02.cm-5-2a.dynamic.ziggo.nl.	trojan Sinowal	Tofan Cornel / tofarwh34@hotmail.com	9143
2012/02/01_22:25	ctaoaamjee.com/index.php?tp=001e4bb7b4d7333d	84.29.227.66	541DE342.cm-5-6d.dynamic.ziggo.nl.	Blackhole exploit kit	Tofan Cornel / tofarwh34@hotmail.com	9143
2012/02/01_21:45	a.jetsetworldwideinc.com/pp2/dpf7.php?i=2	72.55.186.70	s050.panelboxmanager.com.	trojan	Equity Investments, LLC / -	32613
2012/02/01_21:45	a.jetsetworldwideinc.com/pp2/xqiphuashudpcwhzh.php?mzkt=1	72.55.186.70	s050.panelboxmanager.com.	Phoenix exploit kit	Equity Investments, LLC / -	32613
2012/02/01_21:36	www.edgecube.com/portfolio/melt.exe	74.200.195.170	laguna.statussecure.com.	zeus trojan	EdgeCube / -	16805
2012/02/01_19:16	analyze.pl.tf/in.cgi?2	188.72.201.35	188-72-201-35.local.	redirects to exploit kit	-	28753
2012/02/01_19:04	-	31.184.192.58/load.php?showforum=rhino	-	fake av	-	44050
2012/02/01_19:04	bestby.com.au.pn/index.php?showtopic=651496	31.184.192.58	-	Sakura exploit pack	-	44050
2012/02/01_17:40	www.timbertreeservice.org/joomla/images/stories/adobes-flash.exe	97.74.144.172	p3nlh172.shr.prod.phx3.secureserver.net.	trojan Banker	Brett Carliss / brettcarliss@yahoo.com	26496
2012/02/01_17:16	-	67.219.46.164/JbunFuew/index.html	-	Leads to Blackhole exploit	-	14242
2012/02/01_16:44	mvzlqzxncg.zyns.com/w.php?f=16&e=6	91.196.216.114	-	trojan	ChangeIP.com / NSI@ChangeIP.com	43239
2012/02/01_16:44	mvzlqzxncg.zyns.com/main.php?page=48b54f175f2657ec	91.196.216.114	-	Blackhole exploit kit	ChangeIP.com / NSI@ChangeIP.com	43239
2012/02/01_14:21	pogloro.com/xml.php	92.241.191.176	-	zeus v2 drop zone	Whois Agent gmvjcxkxhs@whoisservices.cn	41947
2012/02/01_14:21	pogloro.com/ssl.exe	92.241.191.176	-	zeus v2 trojan	Whois Agent gmvjcxkxhs@whoisservices.cn	41947
2012/02/01_14:21	pogloro.com/static.html	92.241.191.176	-	zeus v2 config file	Whois Agent gmvjcxkxhs@whoisservices.cn	41947
2012/02/01_14:21	adhamon.com/w.php?f=19&e=2	203.170.193.102	-	zeus v2 trojan	Whois Agent gmvjcxkxhs@whoisservices.cn	9891
2012/02/01_14:21	adhamon.com/track.php?id=5c807b6ef9f2a627	203.170.193.102	-	Blackhole exploit kit	Whois Agent gmvjcxkxhs@whoisservices.cn	9891
2012/02/01_08:46	rdscdicorem.com/w.php?f=26&e=2	84.29.114.226	541D72E2.cm-5-6b.dynamic.ziggo.nl.	trojan Sinowal	Tofan Cornel / tofarwh34@hotmail.com	9143
2012/02/01_08:46	rdscdicorem.com/index.php?tp=001e4bb7b4d7333d	178.200.228.212	ip-178-200-228-212.unitymediagroup.de.	Blackhole exploit kit	Tofan Cornel / tofarwh34@hotmail.com	20825
2012/02/01_08:46	epoioscpammcr.com/w.php?f=26&e=2	80.109.53.230	chello080109053230.14.14.vie.surfer.at.	trojan Sinowal	Alfonso Geevers / greenalf63y@hotmail.com	6830
2012/02/01_08:46	epoioscpammcr.com/index.php?tp=001e4bb7b4d7333d	201.253.158.107	host107.201-253-158.telecom.net.ar.	Blackhole exploit kit	Alfonso Geevers / greenalf63y@hotmail.com	7303
2012/02/01_08:46	esidccirpau.com/w.php?f=26&e=2	89.45.5.180	-	trojan Sinowal	Susan Sabelli / sussabbe53y@hotmail.com	35820
2012/02/01_08:46	esidccirpau.com/index.php?tp=001e4bb7b4d7333d	62.163.252.13	a252013.upc-a.chello.nl.	Blackhole exploit kit	Susan Sabelli / sussabbe53y@hotmail.com	6830
2012/02/01_08:46	-	209.174.21.7/webctrl_client/1_0/Comprovante01447.pdf.scr	st-209-174-21-7.riley.s-cook.k12.il.us.	trojan Banker	-	6325
2012/02/01_08:46	www.ijnaa.com/modules/mod_status/Comprovante_Deposito.exe	78.38.150.225	-	trojan Banker	Aryanic / support@aryanic.com	12880
2012/01/31_12:20	aoitcsoosnnc.com/w.php?f=26&e=2	116.118.172.44	44-172-118-116-Q.dynamic.tinp.net.tw.	trojan Sinowal	Louis Burgess / burdf3h4hh@hotmail.com	18049
2012/01/31_12:20	aoitcsoosnnc.com/index.php?tp=001e4bb7b4d7333d	95.208.98.252	HSI-KBW-095-208-098-252.hsi5.kabel-badenwuerttemberg.de.	Blackhole exploit kit	Louis Burgess / burdf3h4hh@hotmail.com	29562
2012/01/31_12:20	epsorimcco.com/w.php?f=26&e=2	217.120.156.239	D9789CEF.cm-3-1c.dynamic.ziggo.nl.	trojan Sinowal	CAROLYN JENNINGS / carol77jenn@hotmail.com	9143
2012/01/31_12:20	epsorimcco.com/index.php?tp=001e4bb7b4d7333d	164.132.35.83	-	Blackhole exploit kit	CAROLYN JENNINGS / carol77jenn@hotmail.com	1267
2012/01/31_12:20	dooicppirrle.com/w.php?f=26&e=2	95.75.204.4	-	trojan Sinowal	CAROLYN JENNINGS / carol77jenn@hotmail.com	16232
2012/01/31_12:20	dooicppirrle.com/index.php?tp=001e4bb7b4d7333d	80.57.206.158	g206158.upc-g.chello.nl.	Blackhole exploit kit	CAROLYN JENNINGS / carol77jenn@hotmail.com	6830
2012/01/31_12:20	horoshovsebudet.ru:8080/html/yveveqduclirb1.php?n=putty	80.90.199.196	lvps80-90-199-196.vps.webfusion.co.uk.	Phoenix exploit kit	-	20738
2012/01/31_02:37	clostery.com/search.php?page=73a07bcb51f4be71	174.142.247.164	-	Blackhole exploit	Roer, Donald / Roer, Donald msssupply@nuvox.net	32613

You can find an overview of downloadable lists here