Malware Domain List
Malware Related => Malicious Domains => Topic started by: JohnC on April 28, 2009, 09:21:35 pm
-
old-partner.com Promotes installs of malware
3xlvip.com Promotes installs of malware
bestsoftlive.com Exploits
astrofonix.com Exploits
astrofonix.com/zui_files/system.exe Trojan-Spy.Zbot.psx
1st.abdulabah.cn/index.php Exploits
tesenmir.ru Exploits
whenudownloads.com/vvsn/prod/AdVantageInstallerInst.exe AdWare.SurfAccuracy.ar
video-go.net/go/go.php?sid=1 FakeRean
xxxtube.freehostia.com/ FakeRean
mp3diary.com/tds/go.php?sid=1 FakeRean
tubemov.com FakeRean
movfree.com FakeRean
uploadmoviez.com/codec/140.exe FakeRean
popka-klass.net Worm.Koobface
burumba.net/go.php?sid=9 Worm.Koobface
hxviewworldmy1.com/view/1/1244/0 Worm.Koobface
billingpayment.net/pp/?id= Rogue
videoadobe.ru/forum/ Exploits
xcount.cc/ads/in.cgi?13 Exploits
sandiiegoexpo.ru/expocity.html Exploits
inactive/remove
lafi.babjr.cn/index.php
www.fifa.babjr.cn/index.php
-
fuse4scan.info/22/?uid=keyin Rogue
fuse4scan.info/download/install.php Rogue
antiviruspowerfulscannerv2.com Rogue, multiple IPs 78.47.91.153, 38.99.170.209, 94.102.48.28
proantivirusscanv2.com Rogue
ns1.proantivirusscanv2.com NameServer for Rogue sites
ns2.proantivirusscanv2.com NameServer for Rogue sites
advancedpcscanner.com Rogue
secure.trustedsoftstore.com/billing/indexSCT.php Billing for Rogue software
deleteallspyware.com Rogue
adware-removal-tool.com Rogue
secure.goldsoftwarestore.com/billing/?product=ADR Billing for Rogue software
systemguard2009.com Rogue
gomaldef09.com Rogue
84.16.251.222/maldef09/setup.php?track_id=10001 Rogue
dlmaldef092.com/maldef09/setup.php?track_id=10001 Rogue
malwaredefender2009.com/download/?track_id=10001 Rogue
secure-data-group.com Rogue
secure.pnm-software.com/software.php Rogue
-
download.web-mediaplayer.com/Web-MediaPlayer_setup.php?grpid=2055&tag_id=718&nums=FFjxahBAOb&popt1=1188&popt2=0 NaviPromo / Wintrim
em.pc-on-internet.com/eas?camp=22769&cu=923&ty=ct&popt1=1188&popt2=0 NaviPromo / Wintrim
porntubxxx.com/view.php?r=1188 NaviPromo / Wintrim
runinyour.cn NaviPromo / Wintrim
refagonhid.cn NaviPromo / Wintrim
ligevideo.cn NaviPromo / Wintrim
porno-movies.name/PLAY-MOVIES/PS3-IPOD-MPG5/play.cgi NaviPromo / Wintrim
fuck-my-dau.com NaviPromo / Wintrim
myfreeporncash.com Exploits
-
vids-online.net/video.php?id=Candace_Michelle Falder
vids-online.net/go.php?sid=4 Falder
vids-online.net/video.php Falder
sp-files.com/download/6f4c534833673d3decebbc42/VideoCodec.exe Falder
91.212.65.17/cgi-bin/generator Malware (Falder) calls home and posts data
adultbeerparty.com Exploits
cheapslotplay.cn/in.cgi?income47 Exploits
lotbetworld.cn/in.cgi?income36 Exploits
goooogleadsence.biz/?click=124B4BD Exploits
nanoautofinest.cn/index.php Exploits
alldrivecleaning.com Rogue
uplcodecset3.com/codec/228.exe FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/g.php?q=xxx&id=28362 FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/xxx.html?id=28362 FakeRean / FraudLoad.ehp
66.36.241.191/__counter/go.php?sid=2&tds-sekey=xxx&tds-id=28362 FakeRean / FraudLoad.ehp
24media.org/search.php?q=xxx Results lead to FakeRean / FraudLoad.ehp
batva.net/in.cgi?2¶meter=xxx FakeRean / FraudLoad.ehp
trusted-dns.com/nfcleaner.exe DNSChanger / ATRAPS
-
freshcinemaonline.net/tds/go.php?sid=5 NaviPromo
crackfind.org/install.exe ZSearch
trafcity.com/in.cgi?4 Exploits
porntubetv.us Exploits
teenstube.us/one.js Exploits
insane-teens.com Exploits
Already in database, but new IP address needs modifying.
visual-porn.com 209.67.210.242 sauron.hostworkz.com
allvidz.net 64.92.169.74 host-64.92.169.74.static.reverse.anchorvps.com
The four below are not currently directing to any malware that I can find, but they have associations with malware sites, and in some cases have links inside to malicious sites which are no longer alive. Such as the pornogurman.com (http://www.malwaredomainlist.com/mdl.php?search=pornogurman&colsearch=All&quantity=50&inactive=on) urls.
adultsyoutube.com
mov2ns.net
handsporn.com
sistagirl.com
-
ugochaves.com/in.cgi?2¶meter=24apr NaviPromo
banarasmalayalamfilm.com Exploits
idunpop.com Exploits
yourlitetop.cn/ts/in.cgi?mozila8 Exploits
alliteautolamps.cn/index.php Exploits
meghalayadigitals.com Exploits
specialneedstoday.org Exploits
jinisethnicgourmet.com/courses.shtml Exploits
marketakshya.com Exploits
nipkelo.net Exploits
nipkelo.net/liloadercdi.php?id=1934464 Sality
a.94saomm.com/js.js Exploits
58.211.81.143:365/360.cn/rs.htm Exploits
58.211.81.143:365/360.cn/fff.swf Exploits
58.211.81.143:365/360.cn/iie.swf Exploits
58.211.81.143:365/360.cn/x.htm Exploits
58.211.81.143:365/360.cn/all.css Exploits
58.211.81.143:365/360.cn/1.htm Exploits
58.211.81.143:365/360.cn/1.css Exploits
58.211.81.143:365/360.cn/2.htm Exploits
58.211.81.143:365/360.cn/2.css Exploits
58.211.81.143:365/360.cn/3.htm Exploits
58.211.81.143:365/360.cn/3.css Exploits
58.211.81.143:365/360.cn/4.htm Exploits
58.211.81.143:365/360.cn/7.htm Exploits
58.211.81.143:365/360.cn/7.css Exploits
58.211.81.143:365/360.cn/newlz.htm Exploits
58.211.81.143:365/360.cn/newlz.css Exploits
58.211.81.143:365/360.cn/s.htm Exploits
58.211.81.143:365/360.cn/office.css Exploits
58.211.81.143:365/360.cn/office.htm Exploits
58.211.81.143:365/360.cn/bf.htm Exploits
58.211.81.143:365/360.cn/bf.css Exploits
58.211.81.143:365/360.cn/cx.htm Exploits
58.211.81.143:365/360.cn/uuss.htm Exploits
58.211.81.143:365/360.cn/bff.htm Exploits
58.211.81.143:365/360.cn/bff.css Exploits
61.164.108.99/a.css Malware
peskostruikaz.com/auq.php?d29f4e=1971906&id=21314263354893 Malware calls home
johnsonbodyshop.com/images/logo.gif?d4ce91=1992359&id=21314263354893 Malware calls home
sunandsea.co.kr/upload/rey.jpg RFI
-
aaaimmigration.com Exploits
hostads.cn Exploits
divinets.cn/z/5.htm Exploits
rifnasax.cn/nuc/index.php Exploits
sotville.ru Exploits
sexy-zone.ru/mix/beta/ Exploits
extraspray.com/in.php? Exploits
cacbuhub.cn/pa.html Exploits
myrurrly.com/su/in.cgi?3 Exploits
porgacig.cn/sss/in.cgi?7 Exploits
netporn-tube.com/123/27/FFFFFF/48742b6265773d3dddc1b009/FlashCodec/FlashVideo/ DNSChanger
youwillenjoythis.info/x/21.fistin_gay.html DNSChanger
173.29.235.190/YouTube/setup.exe Net-Worm.Koobface.he
173.29.235.190/pid=8820/type=videxp/ Net-Worm.Koobface.he
24.23.98.38/YouTube/setup.exe Koobface.BE
173.32.104.128/YouTube/setup.exe Koobface.he
69.146.209.162/YouTube/setup.exe Koobface.he
70.236.74.228/YouTube/Setup.exe Trojan-Spy.Agent.anap / Koobface
76.99.238.201/YouTube/setup.exe Koobface.he
82.43.153.137/YouTube/setup.exe Trojan.Agent2.hgm / Koobface
youtubealert.com/movie.php Virtumonde / Vundo / Virtum
youtubealert.com/setup.exe Virtumonde / Vundo / Virtum
ralcofic.cn/3g/ Exploits
uswsw.com/8888/real.html Exploits
antivirus.vc/? Exploits
bizoplata.ru/pay.html Exploits
bizoplata.ru/moun.html Exploits
bizoplata.ru/palast.html Exploits
beelposttraning.ru/s/in.cgi?2 Exploits
dolchepopka.ru/ol/in.php Exploits
teyrebuf.cn/s/in.cgi?2 Exploits
quicksearchnet.com/in.cgi?3&meter=girls+fingering NaviPromo
findnolimits.com/go.php?sid=1 NaviPromo
0576sf.com/88xz/win.exe GameOL.yqw
tozxiqud.cn/in.cgi?8 Exploits
cximnik.cn/img1/index.php Exploits
idealadvertising.org/clicksagent2/ Exploits
divinets.cn/out.php?s_id=1 Exploits
divinets.cn/xts/in.cgi?9 Exploits
karavan.us/bon/index.php Exploits
91.212.65.138/a/in.php Exploits
91.212.65.138/a/pdf.php Exploits
lsiu.info/evo/count.php?o=2 Exploits
lsiu.info/evo/count.php?o=5 Exploits
lsiu.info/evo/count.php?o=7 Exploits
lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122 Exploits
lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122 Exploits
lsiu.info/evo/getexe.exe?o=2&t=1241403746&i=1365814122&e=1 Rabbit.ac / Wigon / Pushdo / Kobcka / Pandex
tixwagoq.cn/in.cgi?12 Exploits
gukgifoc.cn/nuc/index.php Exploits
gukgifoc.cn/nuc/spl/pdf.pdf Exploits
teenchickas.com Exploits
teenchickas.com/pjs.html Exploits
teenchickas.com/mininova.html Exploits
teenchickas.com/us.pdf Exploits
teenchickas.com/0.gif TaskDisabler
girlteenxxxfreemov.com Trojan-Downloader.Small.jqz
blogsexnakedgirlxxx.com Trojan-Downloader.Small.jqz
megacooltubes2009.com/teens/xmovie.php?id=40013 Trojan-Downloader.Small.jqz
kvm-softwares.com/softwarefortubeview.40013.exe Trojan-Downloader.Small.jqz
antivirus-remote.com Rogue
lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513 Malware calls home
lkmpmlm.com/ccc_2.php?uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&aid=&os=513 Malware calls home
lkmpmlm.com/eee9999.php?aid=0&uid=00cd1a40d41d8cd98f00b204e9800998ecf8427e&os=512 Malware calls home
imageempires.com/perce/064c5b7bbc854008e18e97e54448fea26776e621b10f2f35f025196defd65efd23a07ce83fb8ef114/80f/perce.jpg Trojan-Downloader.FraudLoad.ehz / TrojanDownloader.FakeAlert.ZI
picturesoffline.com/item/86ccfb2b2c651048211e775514986e728746d681618fff45b0b539ddffb6de8d73c0aca83fc8ef51e/50a/item.gif Trojan-Downloader.FraudLoad.eil / Renos / TrojanDownloader.FakeAlert.ABF
74.50.104.76/werber/903/216.jpg Zlob.DGB
200.35.151.36/werber/903/216.jpg Zlob.DGB
imagesrepository.com/resolution.php Malware calls home
zone-searching.com/borders.php Malware calls home
gdfshgfh.com/promo.exe Waledac / FraudLoad.eeb
cls-softwares.com/suc.php Malware calls home
rscserv.cn/service/ Malware calls home
findmorepill.com/klik/search.php?q=xxx Results lead to malware
hottestfiles.com/search/search.php?q=xxx Results lead to malware
italiavideoclip.com/~fcfcfc/zlzlzlz.exe FakeAlert.KH
netporn-tube.com/?t_type=teens&id=4a4b4e5151773d3d2ca18652 DNSChanger
bestxmovs.info DNSChanger
mac-videos.com/play/mac-video.php (needs Macintosh user-agent)
mac-videos.com/start.html (needs Macintosh user-agent)
part-owner.net/download/6b72504756673d3d397ccafd/macvideo.dmg (needs Macintosh user-agent)
cleandownloaded.com/download/6f342f6248773d3dc4e28452/keygen-elite_proxy_switcher_1_07.exe DNSChanger
uniquexsoftware.com/elite-proxy-switcher-107.html DNSChanger
infodist1.com/in.cgi?11¶meter=404 <------ Already in the database but the IP needs modifying, new IP is 64.27.5.163
-
litefinestdirect.cn/ts/in.cgi?mozila5 Exploits
featherlitecarcare.cn/index.php Exploits
adulttopzone.com Exploits
fremoperka.com/embded/zend.php Delf
fenomen-games.com/dfiles/WildTribe_dwn.exe Adware FenomenGame.pxg
goasi.cn/ex/0032.exe Trojan-Downloader.Injecter.cqd
goasi.cn/update/fix.txt Kobcka / Wigon / Pandex / Cutwail / Pushdo
goasi.cn/sys/index.php?id=0005 Exploits
goasi.cn/mega/lgate.php?n=EA6FA0FF48DE8001 Malware calls home
goasi.cn/dll/cs.txt Backdoor.IEbooot.brr / Rootkit.Otlard.A
goasi.cn/dll/abb.txt Backdoor.Small.hwc
goasi.cn/update/licence.txt Backdoor.Agent.pbt / Phdet.G / Finanz.J
goasi.cn/update/readme.txt Srizbi / Rootkit.Qandr.ji
goasi.cn/update/toolbar.txt Zhelatin.agg
goasi.cn/met/ge.txt <---- Already in database, but needs description modified, Joleee.nh / Tedroo
goasi.cn/ex/a.php Trojan-Downloader.Injecter.cqd
goasi.cn/dok/doc.txt IEbooot.iz / Rlsloup
www.upononjob.cn/in.cgi?0032 <<---- Already in the database but IP needs modifying, 211.95.79.6
ns2.terns.org NameServer for malware sites
-
onlinetube.info/tds/go.php?sid=1 Fakealert / FraudLoad <------- Already listed (as zlob) but needs the IP modifying 82.146.50.202
mp3diary.com/tds/go.php?sid=1 Fakealert / FraudLoad
xxxtube.freehostia.com/video.html Fakealert / FraudLoad
truepornupload.com/codec/140.exe Fakealert / FraudLoad
lovemp3world.cn/get/0/Madonna_-_Bedtime_Stories_(Thomas_Penton).mp3.exe Trojan-Dropper.Agent.agit
lovemp3world.cn/go/0/Madonna/Bedtime+Stories+%28Thomas+Penton%29 Trojan-Dropper.Agent.agit
lovemp3world.cn/album.php?aid=79 Trojan-Dropper.Agent.agit
lovemp3world.cn/search.php?q=madonna Trojan-Dropper.Agent.agit
whitetrack.net/zepaniah/1487340203/1/player.php?m=bW92MS53bXY=&id=3543 DNSChanger
winpcdown9.com/pcdef.exe FakeRean / FakeAlert
porntubenew.com/getCodec.php DNSChanger
xxxvideopussy.com/images/autoplay.php DNSChanger
shotdro.com/download/3776694945673d3d03635c6c/play-video.exe Trojan-Dropper.Win32.NSIS.bt
shotdro.com/download/3776694945673d3d03635c6c/play-video.dmg Mac DNSChanger
tubeporn09.com DNSChanger
flashgamezonline.net/video.php DNSChanger
hdvideocenter.org/continue.php DNSChanger
all-softfree.com/1/path.txt DNSChanger
all-softfree.com/1/pathexe.php?id=3180&name=codec DNSChanger
individualpeople.biz/go.php?sid=1 Exploits
tds.smallsexvids.info/go.php?sid=1 Phdet / Koobface
mxviewworldmy1.com/view/1/1193/0 Phdet / Koobface
-
webfreescan.cn/id/4912933/3/1/ Rogue
wn20090504.com/achcheck.php Malware calls home
aksajans.com/1/6244.exe Trojan-Dropper.BHO.bh
aksajans.com/1/nfr.exe Phdet / Koobface
aksajans.com/1/pp.06.exe Koobface
google-forum.biz Exploits
sd9-forum.biz Exploits
xssipforum.biz Exploits
files932435.net/b2b/load/ Unknown malware
dglcxlcfmk.net/progs/bexdde/ahurebocmi.php Virut.n
cezqtessjo.com/progs/bexdde/ahurebocmi.php Virut.n
freewareseach.com FraudLoad.eh / Fakeinit / FakeAlert.YV
free-webscaners.com/disk/?code=229 FraudLoad.eh / Fakeinit / FakeAlert.YV
trucount3000.com/cgi-bin/install.pl?adv=229 FraudLoad.eh / Fakeinit / FakeAlert.YV
Inactive/Remove
files250362.net/b2b/
dablyt.cn/update/fix.txt
dablyt.cn/update/licence.txt
dablyt.cn/update/readme.txt
dablyt.cn/update/toolbar.txt
-
Inactive/Remove
gradesitesled.sitesled.com/cmd1.txt
system-tuner.com
202.72.194.21/card.exe
freewebs.com/robospy/keylogger/PKLOGG.exe
New
systemsecurityline.com/download.php Trojan-Downloader.Agent.blct / Rogue
systemsecurityline.com/downloadsetup.php Trojan-Downloader.Agent.blct / Rogue
extrantivirus.com/setup/install.exe FakeAlert.BW / Rogue
gdq4hevif.com/j.js Mebroot
31c0ffd0.org/a/null Mebroot
javascript-analytics.com/j.php Mebroot
Modify
javacsript.biz/in/in.cgi?2 New IP 213.163.91.244
-
files932435.net/b2b/load/ Unknown malware
http://www.threatexpert.com/report.aspx?md5=6c527bbb73438d33487a6425d740b06b
No hits for it at Jotti though, and VT is down atm.
-
iky2hevif.com as well (on same ip - 67.18.208.28)
hxxp://www.ghcaxmesp.com/j.php
hxxp://www.jhddxqebf.com/j.php
hxxp://www.rhclxqarm.com/j.php
hxxp://www.xhirxtarm.com/j.php
hxxp://www.yhhsx6anj.com/j.php
Edit: Seems that both robtex+bfk.de are not fully updated with newer records currently,arghh...
ie.for example,at the moment,i don't get any useful results over there for ghcaxmesp.com
Anyway - all domains in that ip over there redirect over to mebroot...
Alternatively,until services above are fully updated,the quick-dirty-and-unreliable way... ;)
http://www.google.com/search?hl=en&lr=&num=100&q=allintitle%3A++%22javascript-analytics%22&btnG=Search
-
hxxp://onlinescanxpp.com/land/eurl/1.php?code=
hxxp://antivirus-xppro-2009.com/cgi-bin/download.pl?code=00000001
http://www.virustotal.com/analisis/b48e04e62fbabf49a3ceef96f4cd949c
-
wantfinest.com/tds/in.cgi?default&seoref= FraudLoad.ehs / Rogue
porntube4u.com/?uid=60b12dd602ca88e931e562f4b3ea3d0c FraudLoad.ehs / Rogue
porntube4u.com/install.php?uid=60b12dd602ca88e931e562f4b3ea3d0c FraudLoad.ehs / Rogue
sameshitasiteverwas.com/traf/tds/in.cgi?2 Trojan-Dropper.Agent.anpy
85.17.138.60/update/media_codec_setup.exe Trojan-Dropper.Agent.anpy
94.75.234.35/html/b874550815x19 Malware calls home
94.75.234.35/data/u583x625302070 Malware calls home
nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6 Malware calls home
nolagtime.com/gwc.txt Malware calls home
-
New
freescreensaversx.com Directs to sites with Zango / MyWebSearch.fh
ak.exe.imgfarm.com/images/nocache/funwebproducts/2.3.50.45/PopularScreensaversSetup2.3.50.45.ZRman000.exe MyWebSearch.fh
young-e.net/_count/check_ip.php?ip= Exploits
ciancia.org/help/z/static.php Exploits
trustedwebsecurity.com/page.php?id=85 FraudTool.SystemSecurity.ic
trustedwebsecurity.com/index.php?affid=08085 FraudTool.SystemSecurity.ic
trustedwebsecurity.com/download.php?affid=08085 FraudTool.SystemSecurity.ic
pixtube.net/play/ Zlob
luglios.net/in.php?ref=live Rogue
comitta.cn Exploits
cutheatergroup.cn/fl/index.php Exploits
cutheatergroup.cn/fl/load.php?id=0 Trojan-Dropper.Wlord.sv / Bredolab
file-system.biz Exploits
turokgame.cn/bm/controller.php?action=bot&entity_list=&uid=1&first=1&guid=1824245000&rnd=981633 Malware calls home
turokgame.cn/bm/controller.php?action=report&guid=0&rnd=981633&uid=1&entity=1239400597:unique_start;1241428497:unique_start Malware calls home
megobir.info Exploits
asspardon.com Exploits
porn-tube-movies.com/promo2/?aid=1451&vname=wmcodec FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/2.php?aid=1451&vname=wmcodec FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/get.php?aid=1451&vname=wmcodec FraudTool.PrivacyCenter.t
hotbdsmsex.com Zlob
fullsecurityaction.com Rogue
Modify
useitall.info/in.cgi?3&ur=1&se=search¶meter=Polliciy22.info&HTTP_REFERER=gremmioti.cn 80.87.199.13/in.cgi?3&ur=1&se=search¶meter=Polliciy22.info&HTTP_REFERER=gremmioti.cn
useitall.info/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn 80.87.199.13/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn
nutsmpegs.com/free-porn/show_young.php?video= Description FraudTool.PrivacyCenter.t
nutsmpegs.com/free-porn/young_girl_getting_fucked_by_big_cock.wmv.exe Description FraudTool.PrivacyCenter.t
great2008x.com/great/index.php IP 67.212.80.125
thefreecompany.net/red/in.cgi?default IP 67.212.80.125
Inactive/Remove
206.51.233.130/iexplore.exe
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.194.232/40E8000842CFEBBCE21EFAC86C0000006866000000007600000147EB0005306A70777F
208.66.194.232/40E800085879928BAC9B53916C0000015766000000007600000146EB000530501C79C
208.66.194.232/40E8001430303030303030303030303030303030303031306C0000018366000000007600000642EB000530C8D5DCE4
208.66.194.234/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.234/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.194.241/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.241/s_46_0?m=3&a=1&r=1&hdd=202&os=940
208.66.194.241/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.195.15/40E800142020202057202D444D574D414C393644383133376C0000003266000000017600000064EB00053013181A1
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB0005306490A5B9
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530B0CFE3F7
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530E1FF132
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000006866000000007600000002
83.19.144.26/id.txt
debime.net/in.cgi?4¶meter=yung+porn+videos
194.54.90.246/kkq2.gif
fddporn.net/6007_1.exe
-
tube-library.com Trojan-Downloader.Small.jro
video.xmancer.org/go.php?sid=1&name=1 Trojan-Downloader.Small.jro
my-tube-zone.com/xplays.php?id=40014&name=1 Trojan-Downloader.Small.jro
cls-softwares.com/softwarefortubeview.40014.exe Trojan-Downloader.Small.jro
cls-softwares.com/file.exe
livestockfeed.cn/mov/r/index.html Koobface
greatscansecurity.com/page.php?id=30 Rogue
greatscansecurity.com/index.php?affid=08030 Rogue
94.178.79.30/pid=1000/?ch=&ea= Koobface
74.160.196.69/pid=8047/type=videxp/setup.exe Koobface
redir2404.com/the/?pid=8047&type=videxp Koobface
Modify
jii.be/fds/in.cgi?20 New IP 78.159.112.200
jii.be/s116/in.cgi?16 New URL and IP jii.be/s116/in.cgi?9&group=g14922639 78.159.112.200
-
wvg0.cn Exploits
iwdown.com Exploits
mmwwrrqq.3322.org/a/a7.htm Exploits
mmwwrrqq.3322.org/a/cnzz.htm Exploits
mmwwrrqq.3322.org/a/yy.htm Exploits
mmwwrrqq.3322.org/a/14.js Exploits
mmwwrrqq.3322.org/a/flash.htm Exploits
mmwwrrqq.3322.org/a/qb.htm Exploits
mmwwrrqq.3322.org/a/qb.js Exploits
mmwwrrqq.3322.org/a/ippp.htm Exploits
mmwwrrqq.3322.org/a/ip.htm Exploits
mmwwrrqq.3322.org/a/02.htm Exploits
mmwwrrqq.3322.org/a/set.js Exploits
mmwwrrqq.3322.org/a/lz.htm Exploits
mmwwrrqq.3322.org/a/lz.js Exploits
mmwwrrqq.3322.org/a/office.htm Exploits
mmwwrrqq.3322.org/a/office.js Exploits
mmwwrrqq.3322.org/a/xl.htm Exploits
mmwwrrqq.3322.org/a/xl.js Exploits
mmwwrrqq.3322.org/a/real.htm Exploits
mmwwrrqq.3322.org/a/real.js Exploits
mmwwrrqq.3322.org/a/real.html Exploits
mmwwrrqq.3322.org/a/re11.js Exploits
mmwwrrqq.3322.org/a/bf.htm
Exploits
mmwwrrqq.3322.org/a/bf.js Exploits
mmwwrrqq.3322.org/a/iggg.html Exploits
mmwwrrqq.3322.org/a/i16.swf Exploits
mmwwrrqq.3322.org/a/i28.swf Exploits
mmwwrrqq.3322.org/a/i45.swf Exploits
mmwwrrqq.3322.org/a/i47.swf Exploits
mmwwrrqq.3322.org/a/i64.swf Exploits
mmwwrrqq.3322.org/a/i115.swf Exploits
mmwwrrqq.3322.org/a/fgg.html Exploits
mmwwrrqq.3322.org/a/f16.swf Exploits
mmwwrrqq.3322.org/a/f28.swf Exploits
mmwwrrqq.3322.org/a/f45.swf Exploits
mmwwrrqq.3322.org/a/f47.swf Exploits
mmwwrrqq.3322.org/a/f64.swf Exploits
mmwwrrqq.3322.org/a/f115.swf Exploits
wm5588.com/love/windoss.css Trojan-Downloader.Geral.kq / Trojan.Killav.PN
a22.7766.org/hf/x/y.js Exploits
a22.7766.org/hf/x/ie.htm Exploits
a22.7766.org/hf/x/ieee.htm Exploits
a22.7766.org/hf/x/ireal.htm Exploits
k70.9966.org/hf/x/pp.exe Backdoor.Hupigon.gtww / Trojan-GameThief.WOW
tourdo.net/download/5876596c6e513d3d4236703120090505/flash.exe Trojan.Alureon
trffc2.info/stds/go.php?sid=1 Rogue
j-set.cn/stech/go.php?sid=1 Trojan.Alureon
Modify
goodsite.in/good/in.cgi?18 New URL, IP, Description goodsite.in/good/in.cgi?7 212.98.162.59 Rogue
-
Inactive/Remove
www.hairbyerin.net/TotalCalendar_2.4/alba.txt
141.84.238.34/.../cmd
cgd-k25.org/forum/includes/error/id.txt
xx.getenjoyment.net/id.txt
asyacan.info/tool20.dat
rusrezina.ru/img/test.txt
eurotandem2008.free.fr/id.txt
home.kookmin.ac.kr/~law/board/id.txt
lba.cptec.inpe.br/images/mercury/id.txt
neobit.simset.net/cache/cache_94afbfb2f291e0bf253fcf222e9d238e_d44d7fb098dd72c08c79c2dd4df809x0
216.120.252.101/~newdayn/pix/id1.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR57.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR6.txt
indicce.com/admin/r57.txt
kukekaw.fileave.com/id.txt
niceplace.biz/media/id.txt
niceplace.biz/mambots/id.txt
los-chamos.com/arab.txt
imperialfutar.hu/on.txt
h1.ripway.com/atsoe/bot/safe.txt
lankawe.com/ioncube/readme.txt
los-chamos.com/Fungky/id2.txt
parkliv.nu/mambots/%20%20%20/id.txt
trosken.com/test.txt
guardmusic.com/echo.txt
wechselgroup.com/cache/test.txt
www.anje.pt/www
61.100.228.37/img/02.jpg
www.haiagaros.info/hugs.txt
New
terihatchernecklace.aboutauts.info Exploits
greatds.su/in.cgi?2 Exploits
megasearch.coolwebsearch.us/search.php Exploits
i1match361.biz/html/2440/f8ae8aedaf494548b681dedb37dd3d5f/ Exploits
asusdisp.org/page/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/ Exploits
asusdisp.org/file/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/0.gif Rootkit.Podnuha.byf
pornovideosxxx-01.com/images/pvideo.html Zlob
pornovideosxxx-01.com/rs/go.php?sid=1 Zlob
xxxwomenfucksuck.com/images/videos.html Zlob
gogoalscan.com Rogue
fanscan4.com Rogue
goscanfix.com Rogue
goworkscan.com Rogue
goscanmeta.com Rogue
scan4atom.info Rogue
daset.darktech.org Rogue
goscanmeta.com/?uid=12404 Rogue
-
total-virusprotection.com/xpprot/2/?a=ks157&s=2 Rogue
total-virusprotection.com/secure/661f3fc130277a5847bcb0102ff6122f/4a060e75/setupfiles/totalvirusprotections.exe Rogue
teamerblog.com/blog/ Exploits
teamerblog.com/wiki/Ms06014.htm Exploits
teamerblog.com/wiki/MS06042.htm Exploits
teamerblog.com/wiki/MS07004.htm Exploits
teamerblog.com/wiki/office.htm Exploits
jetclickvip.com/in.cgi?2 WinTrim / NaviPromo
reliable007.com/take.php?id=3&r=1211&s=1365 WinTrim / NaviPromo
reliable007.com/take.php?id=4&r=1202 WinTrim / NaviPromo
reliable007.com/movie2.php?r=1202&s= WinTrim / NaviPromo
reliable007.com/movies.php?r=1211&s=1365 WinTrim / NaviPromo
reliable007.com/view.php?r=1211&s=1365 WinTrim / NaviPromo
download.live-player.com/Live-Player_setup.php?grpid=2566&tag_id=718&nums=FGFBbtPAOb&popt1=1211&popt2=1365&popt3=3 WinTrim / NaviPromo
stolnik.net/888/_ts/?s=ka&sid=euGB1&q=spyware+remover&affid=15555&ref=klikcentral.com&fullref=http%3A%2F%2Fklikcentral.com Trojan.Dropper.NaviPromo.qke
velinta.net/redirpost/?qq=Spyware+Remover&url=&source=ka&sid=euGB1&affid=15555 Trojan.Dropper.NaviPromo.qke
zeis.org.ua/eu/GB/k1/ Trojan.Dropper.NaviPromo.qke
216.12.161.18/download/download.php?camp=22769&f=Spyware%20Remover Trojan.Dropper.NaviPromo.qke
kernelseo.com/in.cgi?5¶meter=spyware+remover&se=15555 NaviPromo
videotoolsfree.com/installation/update/ NaviPromo
seventhdayslubmer.com/WebMediaPlayerInstallation/ NaviPromo
cavle-online.com/play.exe Backdoor.PcClient.aldh
rusuchki.com/go/freevideo2/ FraudPack.mmw / FakeAlert
xvirusdescan.com/index.php?affid=08041 FraudPack.mmw / FakeAlert
xvirusdescan.com/download.php?affid=08041 FraudPack.mmw / FakeAlert
uniqfind.net/?q=xxx Results direct to malware
aeroads.net/?sub=6&id=15555&q=xxx FraudPack.mmw / FakeAlert
klikcentral.com/search.php Results direct to Malware
huangsidai.net/jyly/index.asp Exploits
s51.cnzz-c.cn/stat.js?id=872651&web_id=872651 Exploits
wr.jrt46.cn/1/19/index.htm?20 Exploits
wr.jrt46.cn/1/19/index2.htm Exploits
wr.jrt46.cn/1/19/ccqm.htm Exploits
wr.jrt46.cn/1/19/js.css Exploits
wr.jrt46.cn/1/19/hk14.htm Exploits
wr.jrt46.cn/1/19/14.css Exploits
wr.jrt46.cn/1/19/15.css Exploits
wr.jrt46.cn/1/19/16.css Exploits
wr.jrt46.cn/1/19/hkfl.htm Exploits
wr.jrt46.cn/1/19/cc11.htm Exploits
wr.jrt46.cn/1/19/cc22.htm Exploits
wr.jrt46.cn/1/19/hkvod.htm Exploits
wr.jrt46.cn/1/19/ccvod.css Exploits
wr.jrt46.cn/1/19/b.css Exploits
wr.jrt46.cn/1/19/d.css Exploits
wr.jrt46.cn/1/19/hkbb.htm Exploits
wr.jrt46.cn/1/19/bff1.css Exploits
wr.jrt46.cn/1/19/bff.css Exploits
wr.jrt46.cn/1/19/hkzzx.htm Exploits
wr.jrt46.cn/1/19/091.css Exploits
wr.jrt46.cn/1/19/092.css Exploits
wr.jrt46.cn/1/19/hkff.htm Exploits
wr.jrt46.cn/1/19/ff.css Exploits
wr.jrt46.cn/1/19/hk122121.htm Exploits
wr.jrt46.cn/1/19/Turl.css Exploits
wr.jrt46.cn/1/19/real.css Exploits
wr.jrt46.cn/1/19/real1.css Exploits
wr.jrt46.cn/1/19/ci115.swf Exploits
wr.jrt46.cn/1/19/ci47.swf Exploits
wr.jrt46.cn/1/19/ci45.swf Exploits
wr.jrt46.cn/1/19/ci64.swf Exploits
wr.jrt46.cn/1/19/ci28.swf Exploits
wr.jrt46.cn/1/19/cf115.swf Exploits
wr.jrt46.cn/1/19/cf47.swf Exploits
wr.jrt46.cn/1/19/cf45.swf Exploits
wr.jrt46.cn/1/19/cf64.swf Exploits
wr.jrt46.cn/1/19/cf28.swf Exploits
100xx.com.cn/tj.htm Exploits
shaduzhe.com/head.htm Exploits
aqbo.cn/top.htm Exploits
bizme.com.cn Exploits
3b3.org/c.js Exploits
59ukjff.9966.org/a/a100.htm Exploits
59ukjff.9966.org/a/cnzz.htm Exploits
59ukjff.9966.org/a/yy.htm Exploits
59ukjff.9966.org/a/14.js Exploits
59ukjff.9966.org/a/flash.htm Exploits
59ukjff.9966.org/a/iggg.html Exploits
59ukjff.9966.org/a/fgg.html Exploits
59ukjff.9966.org/a/qb.htm Exploits
59ukjff.9966.org/a/ippp.htm Exploits
59ukjff.9966.org/a/ip.htm Exploits
59ukjff.9966.org/a/02.htm Exploits
59ukjff.9966.org/a/lz.htm Exploits
59ukjff.9966.org/a/office.htm Exploits
wr437jt.3322.org/a/a100.htm Exploits
electric.cn/cp_view.asp?id=16842 Exploits
hjtshop.com Exploits
wr.jkt57.cn/1/04/index.htm?05 Exploits
f1.hf3y5.com/1/aivticx.exe AntiAV
www.gxxwgc.com.cn Exploits
wr.kug78.cn/1/20/index.htm Exploits
a1.igr5s.com/1/avticnx.exe AntiAV
gdcb-h.com/xx.asp?id=2565 Exploits
w3og.cn/s.js Exploits
h1.dgfg4.com/19/AeX.exe Trojan.AntiAV
h1.dgfg4.com/a/AivtieX.exe Trojan.AntiAV
www.adobeus.com/go/getflashplayer/flashplayer.exe Trojan-GameThief.WOW.iif
gm.adsl8899.cn/nl1.exe Trojan.Downloader
jx.kkwyx.com/sie/udw.rar AdWare.BHO
kcs.cn/web6/images/down.txt Malware calls home
kcs.cn/web6/images/dl_205423.exe Koutodoor
kcs.cn/web6/images/nl1.exe OnLineGames.NZF / Trojan-GameThief.WOW.msp
kcs.cn/web6/images/serverB.exe BackDoor.VB.gtw
www.ppggg.com.cn/www.exe AutoRun
219.139.81.6/news/image.jpg Backdoor.Koutodoor
www.xzwrn.cn/nba/image.jpg Backdoor.Koutodoor
chj771277.3322.org/qq.txt?14 Malware calls home
alan.p9555.cn/images/web/2/ie7_new.html Exploits
baidusib.cn/06/ytxxz.htm Exploits
baidusib.cn/06/091.js Exploits
baidusib.cn/06/092.js Exploits
pornotubxxx.com/updater.php?id=1222&rep=1 WinTrim / NaviPromo
celeb.pornotubxxx.com/view.php?video=9196&r=1198&s= WinTrim / NaviPromo
google-anlacc.cn/pagead/show_ads.js Exploits
ljstengfei.h45.f5w.net/cstj/cstj.htm Exploits
qy.fn6k.cn/1/19/index.htm?07 Exploits
onewedhost.com/qdring1/themes/902.htm Exploits
product4.cn/tcoun/ss.htm Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/news.htm Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/js.css Exploits
166pp.com/w/ss.htm Exploits
Modify
lineacount.info/cgi-bin/search?id=169205&k=ar15+stock&ref=undefined <<--- Domain already in the database but needs new IP 91.207.61.48, and this is a new URL
Inactive/Remove
al-horno.com.ar/blog/wrwrwrwr.txt
-
injek.by.ru/download/source/klr-id.txt RFI
antivirusbestscannerv1.com 78.47.91.153 Rogue
antivirusbestscannerv1.com 69.4.230.204 Rogue
antivirusbestscannerv1.com 212.117.165.126 Rogue
antivirusbestscannerv1.com 38.99.170.210 Rogue
antivirusbestscannerv1.com 78.47.132.216 Rogue
antivirusbestscannerv1.com 94.102.48.28 Rogue
usa-antispy.com Rogue
antiviruslivescanv3.com 38.99.170.9 Rogue
antiviruslivescanv3.com 212.117.165.126 Rogue
antiviruslivescanv3.com 78.47.91.153 Rogue
adware-removal-tool.com Rogue
antivirusquickscanv1.com 69.4.230.204
antivirusquickscanv1.com 212.117.165.126
antivirusquickscanv1.com 38.99.170.210
antivirusquickscanv1.com 83.133.123.140
antivirusquickscanv1.com 94.102.48.28
antivirusquickscanv1.com 78.47.91.153
2qnews.07x.net/images/menu.js Rogue
sexerotika2009.ru/admin/red/en.php Rogue
liveavantbrowser2.cn/go.php?id=2022&key=4c69e59ac&p=1 Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO 212.117.165.126 Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO 38.99.170.9 Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO 69.4.230.204 Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO 78.47.91.153 Rogue
ns1.s-hosting.biz NameServer for Rogue sites
ns2.s-hosting.biz NameServer for Rogue sites
softsupportmail.com Rogue
pcantimalware.com/download.php Rogue
www.accaddeoggi.it Exploits
91.207.61.32/.r/.fi/index.php Exploits
91.207.61.32/.r/.fi/load.php Trojan-Spy.Zbot
www.medicidigruppo.it Exploits
guardav.com/index.html Rogue
coreguard2009.com Rogue
guardlab2009.net/index.html Rogue
coreguardlab2009.net Rogue
errorstool.com/downloads/setup.exe Rogue
fixupdates.com Rogue
evidenceeraser.com Rogue
errorsweeper.com Rogue
adultelitiest.ru Exploits
paytraff.biz/ts/in.cgi?prokop Exploits
wuhwasum.cn/s/in.cgi?9 Exploits
cakpapaz.cn/nuc/index.php Exploits
sex.xxx19.org/285/name.jar Trojan-SMS.J2ME.Boxer.c
sextraf.cn Trojan-SMS.J2ME.Boxer.c
8i0c.cn/14.htm Exploits
nvi3.cn/ss.exe Trojan-GameThief.Magania.bavl
deabak.com/z.js Exploits
xin89221.com/love/windoss.css Trojan-Downloader.Geral.kq
best-av-scanner.com Rogue
av-antivir-check.com Rogue
online-av-scan2008.net Rogue
litecarfinestsite.cn Exploits
-
Inactive/Remove
secret-admirer.info/scan/id.txt
replicanew.com/more/kid.txt
bluewaterrunning.com/setan.txt
ds5vxk.com/board/id.txt
121.254.140.55/~shinapt/upload/File_Dir/safe
hanbol.es.kr/indo.txt
125.250.78.194/rgboard/manual/.../sistem.txt
cia.uabc.mx/images/raid.txt
163.27.96.5/~s92106/id.txt
septimamaipu.cl/septima/mambots/idar.txt
hydrocomp.com/phpmyfaq/attachments/id
computraining.nl/img/tool20.dat
freenet.am/~h4ck1nf0/sistem.gif
emmaperquin.nl/components/com_akobook/safeon.txt
posmac.nl/templates/sistem.gif
memex.c3.hu/~tata/limesurvey/tmp/alb
luoghidellacultura.it/www/components/com_joomla-visites/cmd.txt
naparstki.pl/mediagallery/maint/README
emuleapocalypse.nuxit.net/site/skins/advanced/id.txt
fo-saverne.com/images/temp/install.txt
fo-saverne.com/images/temp/readme.txt
dpsg-waldsee.de/dpsg/idv6.txt
elettrostudio.ch/fr/id.txt
elettrostudio.ch/fr/ids.txt
poko.pokol.hu/id5.txt
poko.club.hu/id1.txt
www.lammer.xpg.com.br/enviar3.php
www.webshell.xpg.com.br/TT
www.alb3rt0.xpg.com.br/hospedagem.txt
paginas.terra.com.br/lazer/xfatalityx/id3.txt
paginas.terra.com.br/lazer/fatalzinh0/id3.txt
cepeduc.com/cepa/images/M.images/idscan3
buenosairesidiomas.com/centro/idv6.txt
buenosairesidiomas.com/centro/xuxuon.txt
cinepopbrasil.com.br/sistem.txt
xvascainox7.sites.uol.com.br/v6.txt
brguild.t5.com.br/forum/id2.txt
hyoga.kit.net/idv6.txt
h4x0rs.kit.net/cmd.php
h4x0rs.kit.net/r57.php
New
webfo.biz/fxid1.txt
-
New
sexbases.cn/in.cgi?16&b84b77 Exploits
sexbases.cn/com.html Exploits
firstgate.ru/33/link.php Exploits
firstgate.ru/33/load.php?id=0 Trojan-Downloader.Murlo.awx / Branvine.A
lsiu.info/evo/count.php?o=10 Exploits
lsiu.info/evo/getexe.exe?o=10&t=1242070079&i=1365814122&e=1 Trojan.Win32.Agent.cfwe / Wigon / Pushdo
8addition.info Exploits
fayst.com Exploits
systemsecuritytool.com/downloadsetup.php Trojan-Downloader.Agent.bqbu / Trojan-Downloader.Agent.blct
videoporntrue.com/tube/?id=157&title=Girls+Fucked FakeRean / FakeAlert
videoporntrue.com/codec/157.exe FakeRean / FakeAlert
freetubemov.com FraudTool.PrivacyCenter.w
tubemoviez.com FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/?aid=851 FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/get.php?aid=851&vname=flash_player_plugin FraudTool.PrivacyCenter.w
pornitube.net/new/index.htm Rogue
firesearch.sc/search.php?keyword=xxx Results direct to malware
ngjxcs7b5.votrecv.com Rogue
namazdu6.biz/str/in.cgi?default¶meter=glavmed Rogue
totalvirusshield.com/page.php?id=44 Rogue
antivirus-xppro-2009.com Rogue
antivirusxppro-2009.com Rogue
websecuritybureau.com/hitin.php?land=30&affid=02086 Rogue
coqhecup.cn/pa.html Exploits
hotxasib.cn/su/in.cgi?18 Exploits
profi-tooltip.biz/pro/page.html Exploits
advanced-uninstaller.com Rogue
Modify
www.hqualityporn.com/ethnic/ New IP 85.17.103.104 (Also, doesn't need www.)
www.hqualityporn.com/in.js New IP 85.17.103.104 (Also, doesn't need www.)
adultvidsportal.info/go.php?ref= (currently marked inactive, needs marking active), new IP 85.17.103.104
sutra2s.info Domain already exists in database, IP needs modifying 75.102.24.14
Inactive/Remove
85.17.92.42/cgi-bin/index.cgi?user4
85.17.92.42/cgi-bin/index.cgi?user7
osteklen.org
-
Inactive/Remove
logistics.vec.go.th/r57.txt
gsis.bogo.net/bbs/tes.txt
www.haiagaros.info/x/id.txt
internetwonderful.com/r57.txt
freewebs.com/scanspread/include.c
bjork.name.md/id.txt
lechess.com/a.php
geocities.com/tandry87/test/id.txt
jeffery.wewokawoods.org/components/wing.jpg
lernservicecenter.de/lsc/administrator/components/com_rss/ini/id.txt
tp.klokan.sk/help/css/hello.txt
aranytoll.csillagszemek.hu/test.gif
naturopathic.org/images/bulletins/mic22.txt
topgas.co.uk/forum/succes
art-chrome.no-ip.org:16080/administrator/templates/%20%20%20/3.txt
geocities.com/siskagita/test.txt
lexikus.com/t/r1.txt
lexikus.com/t/stnc.php
yavuzselimlisesi.com/components/com_kanbankasi/language/id.txt
tnwnepal.org/id.txt
foolishmovies.helloweb.eu/fastidio_id.txt
perevorot.org/cache/tits.txt
free-news.nl/joomla/components/com_messages/id.txt
lun4.serveirc.com/bigdoz1.txt
xat.co.kr/xatboard/data/pds/id.txt
201.70.9.109/www
-
New
foto4foto.com/gallery/ Exploits
total-virusprotection.com/xpprot/2/?a=ks125&s= Rogue
total-malwareprotection.com Rogue
directdownloadcenter.net/search.php?q=xxx Results direct to malware
bestspices.biz/search.php?aff=&saff=&q=screw+my+wife+please Results direct to malware
searchpoint3.com/search.php?q=porn%20free Results direct to malware
cvghrte3ergre.com/search.php?q=pussy Results direct to malware
66.36.241.191/_getf_/screw%20my%20wife%20please.html?id=31370 FakeAlert-CM / FakeRean
pornproductions09.net/codec/228.exe FakeAlert-CM / FakeRean
xml.klikvip.com/js.php?pin=2963121788257090953394199662910&num=3&saff=0&q=g-spot+vibrators&view=1&queue=3-1-2&ref= Results direct to malware
ultimatecrack.biz/test/WebVideoX_live.exe Trojan.Downloader.Loadadv.ACE
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413 Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1 Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1 Malware calls home
bazrvxedfe.net/aasuper0.php Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php Virus.Virut.ce
bazrvxedfe.net/aasuper2.php Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a Malware calls home
boscumix.com/optima/control/bot.exe Obfuscator.ER
Inactive/Remove
www.tramiche.org/l33tb1t.txt
www.ustaska.pl/editor/idid.txt
www.v8rx7forum.com/includes/paymentapi/log.txt
yallaweb.net/images/grey/tbl/DEVILS/help.txt
atventure.de/images/idid.txt
mamolar.com/~reloj/id.txt
myplaceol.org/photos/echo.txt
cardimg.info/test.txt
-
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413 Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1 Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1 Malware calls home
bazrvxedfe.net/aasuper0.php Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php Virus.Virut.ce
bazrvxedfe.net/aasuper2.php Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a Malware calls home
boscumix.com/optima/control/bot.exe Obfuscator.ER
You could make iframedollar gang thread out whats been in DB over past year or more. :D
-
Perhaps we should follow them even more closely :) I remember I used to list some of their nameservers aswell, I should probably do that again.
New
sgh-topprograms.com/softwarefortubeview.45013.exe Trojan
yesey.net/play/video.php Trojan
2todays.com/in.cgi?default Trojan
freegirla.com/4831/h85224.html Trojan
yourko.com/8644/n72651.html Trojan
mekind.com/download/6b72504756673d3d397ccafd/MacTubePlayer.dmg Jahlav.D
mac-videos.com/play/mac-video.php Jahlav.D
Inactive
members.lycos.co.uk/zolahacker/id.txt
ncku.net/images/var.txt
quickshare.ru/upload/8374/tool25.html
russianinterpreter.ru/administrator/templates/joomla
shorttrackwarriors.com/backup/romid.txt
dragondyne.com/modules/cmd.txt
verinet.com.tr/id.txt
vririf.verificas01.pochta.ru/verifica.txt
wichtl.at/files/echo.txt
-
New
tm34.info/st/in.cgi?default Rogue
hd.sbells.info/pcxp.php Rogue
axmell.info/out.php?p=pcxp Rogue
futureinternetsecurity.com/hitin.php?land=20&affid=09300 Rogue
quickscanpcv1.com 93.174.93.34 Rogue
quickscanpcv1.com 88.198.41.170 Rogue
savemypcnowv1.com 38.99.170.9 Rogue
savemypcnowv1.com 78.47.91.153 Rogue
savemypcnowv1.com 69.4.230.204 Rogue
-
New
rlamba.biz/in.cgi?5&d=33 Navipromo / Wintrim
1tubexxx.com Navipromo / Wintrim
innovavids.com/take.php?id=3&r=1197 Navipromo / Wintrim
advanedmalwarescanner.com/go.php?id=2019&key=572c78987&p=1 Rogue
your-guide-online.com/page/fuck-slut Rogue
get-mega-tube.com/teens/xindex.php?id=45024 Unknown
sextds.com/in.cgi?3¶meter=teen Unknown
1k.pl/inlkir Unknown
1k.pl/klnk.php?url=inlkir Unknown
kor-programms.com/softwarefortubeview.40000.exe Unknown
Modify
2009/05/13_00:00 85.17.136.137 (Domain is missing '-')
-
New
advanedpromalwarescanner.com Rogue
advanedmalwarescanner.com Rogue
search2007.info/sutra/in.cgi?28 Rogue
indoirc.go.ro/idscan.txt RFI
koal4.com/fx29id.txt RFI
nw.or.kr/bbs/icon/tukulid.txt RFI
208.98.22.241/id.txt RFI
lwamus.com/fx29id.txt RFI
lwamus.com/fx29id2.txt RFI
r-shooter.com/bbs/data/test.txt RFI
treffuns.de/img/icons/tabs/id.txt RFI
wizard.com.br/fx29id.txt RFI
wizard.com.br/fx29id2.txt RFI
www.bernardyni.ofm.pl/organy2/tmp/temp/id1.txt RFI
sherif-dudulz.ucoz.com/id1.txt RFI
sherif-dudulz.ucoz.com/id.txt RFI
sherif-dudulz.ucoz.com/id2.txt RFI
80.24.176.145/time/appserv/file.txt RFI
jeta.co.kr/bbs/component/.jpg/fx29id.txt RFI
rgbclub.net/bbs/icon/fx29id.txt RFI
theblythes.net/cal/mydb RFI
gsmch.org/club/chi.txt RFI
quetzal1.innsz.mx/components/com_joomlalib/standalone/fx29id.txt RFI
juarteakorea.co.kr/board/rgboard/include/w.txt RFI
elitewheels.ru/nopage Exploits
qwehost.com/count.php?o=2 Exploits
sc0field.info Exploits
sc0field.info/Icepack/index.php Exploits
sc0field.info/Icepack/exe.php Trojan.Dropper
202.73.57.11/arwe/?736361acd09ca9717c9462514beb5205 Exploits
202.73.57.11/tomi/?t=2 Exploits
casien.net/eu/GB/k1/ NaviPromo / Skintrim.BAY
216.12.161.18/download/download.php?camp=22769&f=slut NaviPromo / Skintrim.BAY
raindrip.com/cms/baner.txt RFI
barracuda-antivirus.com Rogue
4utraffic.com/tp1.tv Malware calls home
4utraffic.com/misterpresident/s.php Malware calls home
1stempirefinancial.com Exploits
mcdisseny.com/tmp/copyright.txt RFI
tugaspeed.info/idpriv8.txt RFI
sk8sunabe.heteml.jp/mt/mt-static/numpang/fx29id2.txt RFI
www.rainbowofdiamonds.com/scripts/test RFI
212.227.74.68/catalog/fx29id.txt RFI
www.hetjongeschaap.nl/site/images/response.txt RFI
masuccessguy.com/docs/book RFI
rsh.kiev.ua/images/idfx1.txt RFI
shababek.de/baner.txt RFI
srcdirc.my-php.net/fxtool/fxtool/fx29id.txt RFI
home.covenantberks.org/images/kampret.jpg RFI
deutsch-online.pl/films/video/ Exploits
aladin-online.com/new/components/com_virtuemart/shop_image/vendor/test.txt RFI
www.sysweb.it/user/1.txt RFI
tactitrans.com/b1ttletX1.txt RFI
driji.wap.sh/id.txt RFI
pallmall4.fileave.com/id.txt RFI
kcaer.re.kr/zboard/icon/id.txt RFI
mybcpc.org/bcpcchoi/technote7/skin_shop/standard/2_view_body/idfx1.txt RFI
stonemac.com/bbs/g/id1.txt RFI
geocities.com/coracore99/r0bot.txt RFI
qigong-club.ru/bitrix/admin/vid.txt RFI
nw.or.kr/bbs/icon/idxx.txt RFI
www.info-design.fr/language/fonts/id1.txt RFI
geocities.com/valent_45/id1.txt RFI
ssdnb.net/bbs/data/vo RFI
4-floor.com/css/z1 RFI
laskar.mw.lt/id.txt RFI
laxestereo.com/parranda/copyright.txt RFI
kq-china.com/web/templates/ja_purity/id1.txt RFI
triton-friendlyclub.com/2009/id.txt RFI
cocoking.com/upload/gallery/id.txt RFI
h1.ripway.com/lupa121/makan.txt RFI
h1.ripway.com/adi121/id1.txt RFI
kenniscentrumgemeenten.nl/assets/export/id.txt RFI
flyozoneusa.com/tmp/id1.txt RFI
flyozoneusa.com/tmp/rfi.txt RFI
steannareptile.it/administrator/id1.txt RFI
asistek.cl:443/accounts/inc/chid.txt RFI
nw.or.kr/bbs/icon/v6.txt RFI
tmt.org.ru/readme.txt RFI
e-blacklist.net/alditor/bin1.txt RFI
colegiopenacorada.com/xoops_lib/modules/pw.txt RFI
ladyboss.com.ua/fx29id2.txt RFI
angelcitytrading.com/css/1.txt RFI
ambient-arts.co.uk/media/id.txt RFI
lanaalaadi.com/gallery/data/media/2/3/db.txt RFI
nw.or.kr/bbs/icon/gie.txt RFI
diga-pro.es/r57/test.txt RFI
Modify
nospam-ns.com/google/index.php New IP 203.116.63.113
Inactive
nkdb.org/AsaMall/makeup/id.txt
fun-tour.ru/netcat_files/error.txt
cosmickls.net/bruno.bin
201.76.183.2/ids.txt
soesy.barcah.web.id/readme.txt
hashiriya.jp/upload/source/up16019.txt
203.113.6.34/adu/special.txt
emachine.com.hk/.z/okk.txt
203.253.145.192/zb41/skin/zero_vote/ruschmasik.txt
bbwonlinepersonals.com/groups/gallery/did.txt
bbwonlinepersonals.com/groups/gallery/id.txt
keycell.webs.com/IDscan.txt
bpec-english.com/test.txt
freewebs.com/lostmind7/idv6.txt
freewebs.com/brutusman/id.txt
lamarguerite.ca/mraneti.txt
sunter.us/a.txt
barancennet.getmyip.com/id.txt
kavirestan.ir/templates/siteground74/images/Za/bot.txt
pet-ijmond.nl/images/prc.gif
xddddd.webcindario.com/id.txt
elitewheels.ru/images/cnn
elitewheels.ru/images/inc
secondlive24.de/help/sql.txt
4utraffic.com/boom1.tv
-
download.live-player.com/Live-Player_download.php?file=db Malware calls home
download.live-player.com/Live-Player_download.php?file=skin_dll Malware calls home
download.live-player.com/Live-Player_download.php?file=sqlite_dll Malware calls home
download.live-player.com/Live-Player_download.php?file=liveplayer_exe Malware calls home
download.live-player.com/Live-Player_download.php?file=liveplayer_skin Malware calls home
bl4ckst4r.cn/forum/foxpdf.php Exploits
bl4ckst4r.cn/forum/npdf.php Exploits
pornproductions09.com/scan/?id=260 FraudLoad.ekn / FakeAlert
spywaresystems.info/0/go.php?sid=2 FraudLoad.ekn / FakeAlert
fcbarcelona-alb.com FraudLoad.ekn / FakeAlert
tubeonporn09.net/codec/260.exe FraudLoad.ekn / FakeAlert
videoporntrue.com/scan/ FraudLoad.ekn / FakeAlert
pornotvnetwork.us Koobface
wottrack.com/promo.php?id=1000 DNSChanger
tmarab.com/vb/language/1/videoplayer.php.htm Trojan
videoland.biz Zlob
messengerdemon.free.fr/membres/up/Codec_Windows_Media_Player.exe Backdoor.IRCBot.gmp
ologetcn.zeigtsichimweb.de/amazing-video.html Rogue
tinnily.info/cgi-bin/counter?id=629901&ref= Rogue
warwork.info/cgi-bin/visits?id=591905&k=katie+richie+home+video&ref= Rogue
salehner.ynd.pl/all-the-best-video.htm Rogue
wihull.jclan.pl/dronchiro-1034.html Rogue
tangoing.info/cgi-bin/search?id=593102&k=nude+army+men&ref= Rogue
free-webscaners.net/disk/?code=170 Rogue
trafficshop.biz/ts/in.cgi?157 Rogue
retroxporntube.com DNSChanger
hqplayer.net/will/373851649/1/player.php?m=bW92NC53bXY=&id=1000 DNSChanger
newhotvid.com DNSChanger
tampsb.info/cj/ Exploits
xdsabc.info/tds/go.php?sid=3 Exploits
new-videos.info Trojan
celebs-home-portal.com/?id=45017 Trojan
celebs-home-portal.com/video.php Trojan
exclusivestarvideo.com/Celebrity_StarVideo/Flash_Video/index.htm FraudLoad.ekn / FakeAlert
pornproductions09.net/codec/344.exe FraudLoad.ekn / FakeAlert
7stepsmedia.net/download/3776694945673d3d03635c6c/play-video.exe Trojan-Dropper.NSIS
tvcodec.net/xvidcodec.php DNSChanger
Modify
zuxmash.info/tsc/in.cgi?2 New IP 78.108.180.233
-
afflvwetib.com/progs/royyl/fcppddma.php?adv=adv663 Malware calls home
afflvwetib.com/progs/royyl/lvreefo.php Worm.Pinit.ds
afflvwetib.com/progs/royyl/ggcqqdde.php Winwebsec / Ertfor
afflvwetib.com/progs/royyl/kqddj.php Virut
afflvwetib.com/progs/royyl/wspcpq.php Virut
afflvwetib.com/progs/royyl/clmvviwj.php Virut
afflvwetib.com/progs/royyl/cyiivvvjjw.php Virut
afflvwetib.com/progs/royyl/yhrrrrsfob Loadadv.ACA
afflvwetib.com/progs/royyl/dranobool.php?adv=adv663&code1=LNLD&code2=3115&id=1824245000&p=1 Malware calls home
afflvwetib.com/uniq.php?id=1824245000&p=1 Malware calls home
ns1.afflvwetib.com NameServer for malware sites
ns2.afflvwetib.com NameServer for malware sites
klikvs.cn/in/load.exe Zbot
klikvs.cn/in/cfg/EXP.exe Zbot
bfcysytdze.net/aasuper0.php Backdoor.Rustock.NFM
bfcysytdze.net/aasuper1.php Virut / Virtob
bfcysytdze.net/aasuper2.php Trojan-Downloader.Small
bfcysytdze.net/aasuper3.php Koobface
ns1.bfcysytdze.net NameServer for malware sites
ns2.bfcysytdze.net NameServer for malware sites
currentlywork.com/site/unipack/index.php Exploits
Remove
individualpeople.biz/go.php?sid=1 Duplicate
-
gasex.info/s?search=xxx Results direct to malware
66.36.241.191/__counter/go.php?sid=2&tds-sekey=xxx&tds-id=29533 FakeAlert.BDR / FraudTool / Rogue
66.36.241.191/_getf_/xxx.html?id=29533 FakeAlert.BDR / FraudTool / Rogue
66.36.241.191/_getf_/g.php?q=xxx&id=29533 FakeAlert.BDR / FraudTool / Rogue
tubez-boobez.com/promo1/get.php?aid=1540&vname=xxx FakeAlert.BDR / FraudTool / Rogue
ipl.hk Exploits
google-analistyc.net/in.cgi?5 Exploits
archebald.com/promo/?92905d6ab40d95486148bb091780f99e Exploits
ns2.prospeed.cn NameServer for malware sites
livesexhard.ru/1vid1/index.html Exploits
livecumsex.ru Exploits
ns2.Tanford.cn NameServer for malware sites
ns1.Tanford.cn NameServer for malware sites
porn-blog.biz Rogue
traflab.com/in.cgi?4 Rogue
traflab.com/actual_redirect/sp.php Rogue
nicoleaustinxxxmovies.nakvgyuy.cn FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
greatds.su/in.cgi?3&seoref=undefined¶meter=$keyword&se=$se&ur=1&HTTP_REFERER=undefined&default_keyword=undefined FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
callsaua.info/software/ FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
callsaua.info/software/stat/install.exe FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
megasearch.coolwebsearch.us/search.php Exploits
i1match361.biz/html/2440/f8ae8aedaf494548b681dedb37dd3d5f/ Exploits
wabfind.in/page/2440/f8ae8aedaf494548b681dedb37dd3d5f/0517172721782737/ Exploits
wabfind.in/file/2440/f8ae8aedaf494548b681dedb37dd3d5f/0517172721782737/0.gif Rootkit.Podnuha.byf / Boaxxe.E
freesexywomanpic.statesaua.info Exploits
bureauofprintingengraving.growauts.info Exploits
shermanwilliamspaints.everyauts.info Exploits
Multiple IPs
antvirushelpv1.com 69.4.230.204 Rogue
antvirushelpv1.com 38.99.170.9 Rogue
antvirushelpv1.com 78.47.91.153 Rogue
antvirushelpv1.com 83.133.115.9 Rogue