EstDomains clearing up the shit

[sowhat-x]

http://www.scamfraudalert.com/f137/health-refill-www-my-rxshop-com-13453/

[sowhat-x]

Brian Krebs' research continued...
http://voices.washingtonpost.com/securityfix/2008/09/fake_antispyware_purveyor_also.html

[sowhat-x]

...some members decided to scrape through the data archived in the past here at MDL,
and were kind enough to supply me with them...

We're currently though in the process of re-validating MDL's archived data regarding EstDomains,
in order to avoid listing as much as possible potentially 'false' entries,
eg.malware sites that have been redirecting to EstDomains,but which were not directly affiliated...
As soon as the process gets finished,during next days or so,the info will be submitted here obviously...

[Ilya Klein]

Hello,
I'm the owner of favourlinks.com that was listed on previous page.
Thanks to you my domain name was suspended, but there is nothing illegal on it, no phishing/spam/malware or anything of this kind...
It was a USEFUL website visited by thousands of people daily.
But if you google it, you can find people asking to remove it or telling that it hijacked their homepage... I can explain it, yes, on some websites visitors were asked (via standard IE alert) if they want to set favourlinks as their homepage or not, they have a CHOICE, and they HAVE TO click "Yes" to set it. It's their decision. No software/malware was used and they ALWAYS could change their homepage to anything they want.
But, I think you agree with it, most of the internet surfers click "yes" on everything they see without reading it, and most of them even don't know how to change browser's homepage, so that's why you could find such topics on Google.
Now thousands of people see blank page as their homepage instead of website they saw and used everyday before, do you think they happy?
Thank you for your understanding.

[sowhat-x]

Ilya Klein:

There's literally thousands of EstDomains sites that are associated with malware.
False positives might occur occasionally,although this is minimized here...
as all malware-hosting sites listed here have been MANUALLY verified in the past.

It's obviously not possible to remember by heart,
the reason for which every site listed here had been marked as malicious.
favourlinks.com is NOT listed either in MDL main list,
neither I can find an entry about it in the hosts file that we provide.
http://www.malwaredomainlist.com/mdl.php
http://www.malwaredomainlist.com/hostslist/hosts.txt

[sowhat-x]

...a few really quick queries over Google,return the following info:
http://www.google.com/search?hl=en&q=favourlinks.com&btnG=Google+Search&aq=f&oq=

In short...
http://www.geekstogo.com/forum/Need-help-to-remove-Favourlinks-com-t147134.html
http://www.pcreview.co.uk/forums/thread-2323167.php

And probably even more interesting this as well...
http://msmvps.com/blogs/hostsnews/archive/2007/08/12/another-video-activex-error.aspx

[Ilya Klein]

I think I explained it in my post.
Setting favourlinks as homepage is a hard work - you should click something that activate IE prompt to change homepage, then you have to wait some seconds to activate "Yes" button (but you can click "No" instantly and it's set as default button), then you have to click "Yes". And you can change it anytime you want. Is it hijacking? Or malware?

And the main question - do you think people who used to this website happy now?

p.s. In my local store there are people always asking "do you want to try this new product??!!", I have a choice, to say "yes I want" or "no thanks", and I don't think those people are criminals even if I don't like them because they are tiresome.

[kokach]

So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?

[sowhat-x]

Plus SiteAdvisor's report as well...
http://www.siteadvisor.com/sites/favourlinks.com

The report from 21 August there,just two weeks ago,is a very representative one:

...as of Aug. 21, 2008 this is still a current browser hijacking site,
it also plants sypware and malware that turns off your security scanner,
so it can give you driveby downloads. Avoid it all costs.

Meaning,we are certainly not accusing webmasters "in person",
that they are the ones who planted the malware scripts/.exes there in question.
Obviously,they might have been 100% legitimate web admins whose sites got hijacked.

Plus,we certainly are not the ones who "cancel" them:
we merely REPORT in public the domains that have been found,
to be extensively used in malware distribution.
What happens afterwards,is something that in most cases we cannot possibly be aware of...

[Kayrac]

My insight in this comes mostly from this thread(and a few others)

http://www.bleepingcomputer.com/forums/topic109702.html

user stating they cannot change their homepage away from favourlinks.com, while obviously it's down now since i can't check it out obviously, but to me this denotes other changes to the system for instance disabling internet options changing, and or a exe running on the system, which even if your site didn't infect them, why would a malware exe link to your site?

-Brian

[Kayrac]

So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?

While there all down since you guys suspended them, theres a very interesting read for the top 3(online pharmacies)

http://www.fda.gov/oc/buyonline/faqs.html

while this pertains mostly(if not all) to the US, i can pretty much guarentee those are not good online pharmacy websites(i've personally not seen any online pharmacies hosting malware, not to say they couldn't)

Then your getting into a 'gray' area, most probably those top 3 were from spam emails, however sowhat and the others can probably give you more information, i'd wait until they respond to you

-Brian

[sowhat-x]

So you don't mind if we unsuspend the favourlinks.com?

Personally speaking always,I don't mind in general what you do with the data here...
Our task is to identify sites involved in malware/spam/phishing and report them back in public,
so that end-users can protect themselves via hosts files,
and obviously for AV companies to grab the malware in question...

Now in order to 'clean up' all of this mess over there in EstDomains,
ie.to identify which sites were possibly hijacked,
which of them are indeed 'bad' clients and which of them not...
With all the crap that has been gathered throughout all these years,
I can understand this will be a very time-consuming process...
About 1070 domains gathered from MDL's archived data,as I had promised earlier...

Code: [Select]

isvbr.net
antivirus2008x.com
vipantisetup.net
rbn-group.net
antivirus-scanner.com
xpantivirus-scanner.com
antivirus-scanonline.com
crackkeygenarchive.com
fastwebway.com
free-viruscan.com
getieantivirus.com
ieantivirus.com
infectionscanner.com
italianpornovideos.com
italypornvideos.com
malwarebell.com
topvirusscan.com
virus-scanonline.com
virusbestscan.com
virusbestscanner.com
windowzscanner.com
xpcleanerpro.com
mymoneydomain.net
pvmsecure.com
mybestwinstats.com
purecelebsite.com
vidwinstats.com
0bucksforpornmovie.com
100freegalls.com
101sexsecret.com
17-juvenile.com
18-bodies.com
1800-search.com
18sex18.info
18x-adult2008.com
18yearoldbabe.com
1sexin18.com
1st-tube.com
1uu9.com
2005-search.com
2007-search.com
2008-adult-s2008.com
2008adults2008a.com
20nu.net
20searchonlinesite.net
24-7find.com
2400teen.com
2trades.com
2younger.com
30young.com
32duraka.net
32hosts.net
32pigs.net
365pro.com
3picgirlssex3x.com
3xclipsonline.com
3xfestival.com
3xlcash.com
3xlsoftware.com
3xmaster.com
3xpowered.com
3xstreaming.com
404dnserror.com
404dnserror.net
404dnspage.com
404errortool.com
404traff.com
4563maturemovies.com
4less2.com
4u-sexy.com
54htsf.com
5foot.net
5wheel.net
69sexyteens.com
7zo.net
88videosex.com
8pussyvids.net
9-info.com
9maya.net
9xoxmodchip2.com
abapharm.net
abc-adult.com
abc-porno.net
abc77x.com
abcadult.net
abcdperformance.com
abcporno.net
abcways.com
about-adult.com
about-adult.net
about-porn.com
about-porno.com
about-sexy.com
aboutadultsex.com
aboutsexxx.com
aboutyourprivacy.com
access-adult.com
access-adult.net
access-dvd.com
access-porn.net
access-porno.com
accessadult.net
accessporno.net
aconfidenceonline.com
activexobj.com
add-block-filter.net
adnsline.com
adservertoo.com
adsnavigator.com
adult-browse.com
adult-control.com
adult-drive.com
adult-extasy.com
adult-freetube-8.com
adult-handjobs.com
adult-help.net
adult-hotel.net
adult-incest.com
adult-loan.com
adult-look.com
adult-name.net
adult-popular.com
adult-power.net
adult-room.net
adult-searchxxx.com
adult-tits.com
adult-toon.net
adult-use.com
adult-want.net
adult18tube2008.com
adultadscash.com
adultan.com
adultapp.com
adultasperger.com
adultau.com
adultbest.net
adultbookings.com
adultby.com
adultchatgay.com
adultcollect.com
adultdatingsearch.net
adultdvdsfor.com
adultdvdsfora.com
adulteducatio.com
adultexport.net
adultfast.net
adultfilmsite.com
adultforpc.com
adultgamesfor.com
adultgirlsweb.com
adultintern.com
adultloan.net
adultmac.com
adultmovieplus.com
adultnexttop.net
adultonlyview.net
adultpilot.net
adultquery.com
adults-my-way.com
adultsea.net
adultsexcar.com
adultsexpro.com
adultsonlyvids.com
adultsper.com
adultstarworld.com
adulttraffsale.com
adultuse.net
adultvideodot.com
adultvideosgroup.com
adultvidsonly.com
adultvidsportal.info
adultwebcamgirls.net
adultx2008.com
adultzoneworld.com
aduvid.com
advance-actions.com
advancedxpdefender.com
advancedxpfixer.com
advancerelo.net
advertstats.com
adwarebazooka.com
adwarepunisher.com
ae3oporti55.com
afreepornsource.com
afreexxx.com
africanebonyporn.com
afrochicksfuck.com
agsdee.com
aguardsoftware.com
ahomepcsafety.com
ahotporn.com
all-best-search.com
allanalteenmovies.com
allcamguide.com
allcollisions.com
alldiskscheck300.com
alldvdrip.net
allextra.com
allforlesbians.net
allfree-pornmovies.com
allmoviefree.com
allofmpegs.com
allotof.com
alloversafety.com
allpornhardcore.com
allsecurenews.com
allsecurepages.com
allsecuritypage.com
allsexvids.net
allsexygirl.com
allstuff4u.com
allteenmodel.com
alltubevideos.net
allxxxpornogerlsx.com
allyoungpictures.com
alreadynude.com
altmaxtravel.com
amateur-adultvideo.com
amateur-pornmovie.com
amateur-sharing.com
amateurukporn.com
amateuryoungteen.com
amazingshemales.net
amediasource.com
amigobore.com
anale-sesso.com
analliz.com
anallysex.com
analmaids.net
analpornshows.com
analytics-google.net
anti-virus-pro.com
antispy-pro.com
antispycheck.com
antispychecker.com
antispygolden.com
antispykit.com
antispyshield.com
antispysolutions.com
antispystorm2008.com
antispyware-2008-buy.com
antispyware-2008-download.com
antispyware-2008-soft.com
antispyware-2008buy.com
antispyware-2008soft.com
antispyware2008-download.com
antispyware2008-purchase.com
antispyware2008a.com
antispyware2008buy.com
antispyware2008c.com
antispyware2008purchase.com
antispyware2008soft.com
antispyware2008y.com
antispywaredeluxe.com
antispywarehelp.com
antispywarescaner.com
antispyzone.com
antivermins.com
antivir-online-scan.com
antivirgear.com
antivirprotect.com
antivirus-xp-08.com
antivirus2008pro-download1.com
antivirus2008pro-download2.com
antivirus2008pro.net
antivirus2008t-pro.com
antivirus2009online.com
antivirusdoc-scanner.net
antivirusgolden.com
antivirussecuritypro.com
antivirusworld9.com
antivirusxp08.com
antivirusxp08.net
antivirusxp2008.com
antivirxp08.com
antonygay.com
anykindclips.com
anykindmovies.com
anykindmp3s.com
anysafereviews.com
anysearching.com
anyvideoclips.com
aolcounter.com
aolpound.com
aperfectbar.com
apicturetool.com
applebabes.com
aprotectiongear.com
aprotectionweb.com
aprotectservice.com
asafebrowser.com
asafecenter.com
asafeinformation.com
asafetyalways.com
asafetynote.com
asafetynotice.com
asafetyproject.com
asafetysolution.com
asafetyvalue.com
asecureforum.com
asecurepaper.com
asecuretest.com
asecuretool.com
asecuritybar.com
asecurityclick.com
asecurityhere.com
asecurityservice.com
asfadaptation.com
asgates.com
asia-adult-video.com
asia-pornmovie.com
asia-video-xxx.com
asianmastrubate.com
asiansexcafe.com
asiansexpage.com
asiansoftcorepics.com
asianxxxcore.com
askiporn.com
asma40.com
aspxservice.com
ass-forum.com
assfuckher.com
asssuperxxxgirlssexy.com
assuredguard.com
atkgft.com
atotalsafety.com
atruesecurity.com
atubegirl.com
autopressinternet.com
autopressonline.com
aviadaptation.com
avicoupler.com
avidirection.com
aviexecution.com
avihelper.com
aviinstrument.com
aviplugin.com
avitool.com
aviutility.com
avsmanufacture.com
avsmiss.com
avwav.com
avxp-08.com
avxp08.com
avxp08.net
avxp2008.com
awebgate.com
awebsecuritytool.com
azaleahardcored.com
babe-girls.com
baberidecock.com
babesonbed.com
babestofuck.com
babestrips.com
baboonn.com
bakasoftware.com
bakasoftware.net
basic-adult.com
basic-porno.com
basicadult.com
basicporno.net
basicsex.net
batgirl-porn.com
batva.net
bbforama.com
bcnproduction.com
bcodecnow.net
bcodecnow2.net
beanal.com
beastporngirlaccessnr.com
berfalo.net
besecuredtoday.com
bessere-verbindung.net
best-codec.com
best-cracks.com
best-freeware08.com
best-porncollection.com
best-soft08.com
best-thumbs.net
best4all.net
bestadultporno.com
bestblackwomen.com
bestbloggin.com
bestbookblog.com
bestdailyvids.com
bestfindnow.info
bestfindrealty.com
bestgalleriesmovies.com
bestgeekblog.com
besthqgal.com
bestlesbimovies.com
bestmikeus.com
bestmoviesworld.com
bestsexworld.info
bestsoft-ware08.com
bestsoftware.cc
besttape4u.com
bestwetholes.com
bestxxxmovies.net
bestxxxoffer.com
bestyounggirls.com
bettasearch.com
better-search-online.com
bigbizzy.com
simdream.net
softsiteinc.com
traff.justcount.net
ie-antivirus-order.com
mustseethatvid.com
mysoftwarefreezone.com
onlythebestvid.com
thedownloadvid.com
scanner.antivir64.com
endupdate.com
ns0.endupdate.com
favoredmovie.com
firstupdate.net
hqsextube08.com
hqvideoporn.com
macromedia-download.com
ia-scanner.com
inupdate.net
myadultcube.com
mydirecttube.com
pornotube30.net
pornotube8.net
smart-antivirus-2009-buy.com
smart-antivirus-2009.com
smart-antivirus-2009buy.com
smart-antivirus2009-buy.com
smart-antivirus2009.com
smart-antivirus2009buy.com
smartantivirus-2009-buy.com
smartantivirus-2009.com
smartantivirus-2009buy.com
smartantivirus2009-buy.com
smartantivirus2009.com
smartantivirus2009buy.com
software-for-me-08.com
softwarefor-me-2008.com
traff-drive.com
tube28.net
updatecube.com
celebblowsbar.net
goodsex-2008.com
ls-movies.com
theyoungteens.com
womenladies.com
hotwomen2008.net
wetwomen-2008.com
blaunetmedia.com
freakingtube.com
freeeporntube.com
newporntv.com
pornotnt.com
karabotik.net
freetubeguide.net
hotstar2008.net
porngirlshost.com
teen-and-old-porn.com
toolz-porn.com
y0bt.com
ihatemondayand.com
malwarewar.com
protection-list.com
soft4cash.com
virusblast.com
brokenurls.com
caretoolbar.com
clickstoolbar.com
clipsfestival.com
clipslab.com
cusln.com
desklinks.com
dnserrorgoal.com
dnswebpage.com
download3xpics.com
fastfindsite.net
getxxxphotos.com
hotvideostube.com
immenseclips.com
immensevids.com
movstube.com
onlyfresh3xvids.com
opqgrin.com
partnerka.com
pcsdefender.com
perfectcleaner2007.com
photorepositary.com
photospool.net
picturesbomb.com
pornwizardry.com
powerof3x.com
realmovieszone.com
requestedimages.com
rockingmovs.com
rycsp.com
scarddlg.com
sclgntfy.com
secureonlinetags.com
shortcutclicks.com
spyaway2007.com
spymaxx.com
streampornvideos.com
supertds.com
tilimilitriam.com
topmovzonline.com
trefuel.com
tubescollection.com
vidscollections.com
virusranger.com
downloads.virusrescue.com
virusrescue.com
webprobar.com
wista-antivirus.com
wistascanner.com
doctorantivirus2008a.com
malwaremonitor.com
google-analystic.net
google-analystyc.com
malwarecore.com
malwareray.com
malwarewiped.com
mspublic.com
mspublik.com
setup.mspublik.com
void.mspublik.com
msvoid.com
xxxvidonline.com
bigtitsvideosworld.com
bikini-now.com
blowjobsdaily.com
boobedgirls.net
boobedstarsfuck.com
bustyqueens.net
bustytart.com
canadult.com
scanadult.com
casino-big-money.com
cazzi-cazzi.com
coolteenpics.com
coolteenpussy.com
coolteenspage.com
crazyclits.com
cum-attack.com
cumshotscafe.com
cumsshut.com
cunnilinguo.com
cuteasianbabe.com
cuteporns.com
donne-ciccione.com
donne-incinta.com
drycum.com
ebony-stars.com
ebonyadultsex.com
ebonygirlpics.com
euro-rape.com
eurosexgirls.net
every-search.net
fastpornvideo.com
feethouse.com
foto-lesbiche.net
foto-masturbazione.com
foto-orge.com
foto-porno-amatoriale.com
foto-porno-gallerie.com
foto-porno-manga.com
foto-spagnole.com
freetitshow.com
freetreeporn.com
freewhore.net
fuckallgirls.com
fuckthegranny.com
iwillfuckthispussy.com
funkpics.com
fxteens.com
gagonmouthbabe.net
gay-mpg.com
gaysgalleries.com
get-search.net
glamourebony.com
glamourporngirls.com
grandfuck.com
hardsex-now.com
hardsex-party.com
hentaiman.net
holegirl.com
horny-teen-sex.net
hotadults.net
hotorangemovies.com
hungrythroat.com
lesbianlavers.com
lickingasians.com
lingeriecastle.com
livebikiniparty.com
livesecuritycenter.com
mature-clits.com
mature-whores.net
milfslady.com
moviessurf.com
myadultblogs.net
mysexfile.com
nakedpornstars.net
nastystarshardcore.com
naturalorna.com
newsexclub.com
nextfuck.com
olderpornobabes.com
only-date-sites.com
onlysexpics.net
orientalsbeauty.com
page4teens.net
pantyhosecollection.net
pantyhosespace.com
pest-patrol.com
piedi-feticismo.com
platinumthumbs.com
pornocontent.net
pornostar-foto-video.com
pornrest.com
pornsitesvideos.com
porntubesite.com
pornxxxmagazine.com
rapethesluts.com
real-gallery.com
realcrazycunts.com
realliz.com
sborra-sopra-piedi.com
sborrate-in-faccia.com
search-and-more.net
searcheleven.com
seeshyteens.com
sesso-orale-gratis.net
sesso-vero-amatoriale.com
sexfantasy-show.com
sexxxorgy.com
sexyblacky.com
sexyyoungpics.com
shemale-escort-sex.com
sister-tabl.com
softasiangals.com
solehardcore.com
somesexpics.com
spermcovers.com
spermouth.com
spyhazard.com
superpornmoviessex.com
sweetschoolgirl.com
teenies-posing.com
teenpussymania.com
teens-co.com
teensex-for-cash.com
teensspace.com
themoviesclip.com
thumbstower.com
tina-sex-journal.com
travelorgy.com
upskirthome.com
video-porno-anale.com
video-porno-lesbiche.com
videomiles.com
videoxxxworld.com
viewnudeteens.com
vip-pics.com
wet-boobs.com
wholevideos.com
wildxxxpussy.com
wsexi.com
x-drugs.com
xxxlovepornxxx.com
xxxporncafe.com
zoosex-motion-videos.com
customsextapes.com
dark-pics.com
domainserror.com
enakedgirls.com
firstsexbox.com
hentai-lol.com
lolita-picss.com
most-adult.com
movie-in-side.com
mpegdirection.com
mpegutility.com
mpegversion.com
nymphets-lolita-tgp.com
picss-lolita.com
pmffprogram.com
secret-feed.com
shocking-girl.net
teendon.com
teenpornoonline.com
teensexdot.com
teenunit.net
thelolicon.com
wadtds.com
youngsexnow.net
macroav.com
malwarewipeupdate.com
mypornoxxx.com
clipsrun.com
handmadeclips.com
imgcontainer.com
inetppui.com
movlabs.com
picturesheap.com
zoomedclips.com
dryhomepage.com
eroticfuckers.com
homepagefile.com
homepagetoday.com
index-se.com
wagemax.com
bestpriceporn.com
city-porno.com
comp-porno.com
compporno.com
contact-porno.com
contactporno.com
control-porno.com
controlporno.com
coolbestporn.com
driveporno.net
engine-porno.net
findadultsex.com
funpornsite.com
funxxxporn.com
global-porno.net
groupporno.net
helpporno.net
hotxxxadult.com
keysexy.net
landporno.com
latina-pornmovie.com
lustgal.com
network-porno.net
networkporno.net
otherporno.com
pissing-video-xxx.com
playporno.net
pleasure-porno.com
plus-porno.net
popularporno.net
pornissex.com
pornsexcafe.com
porntimeguide.com
pornxxxfilm.com
review-porno.net
scan-porno.net
scanporno.com
seek-porno.net
serviceporno.net
sexy-drive.net
sexy-look.com
sexy-name.com
sexy-network.net
sexy-popular.com
sexy-review.com
sexy-super.com
sexyexport.net
spy-sheriff.com
spysheriff.com
superadultfriend.com
superliveporn.com
superporncity.com
teenporntop.com
theadulteye.com
theadultpost.com
total-sexy.net
usbestporn.com
useporno.net
worldbestadult.com
xxxadultgold.com
cleanticket.net
demoticket.net
endticket.com
endticket.net
gigaticket.net
hq-ticket.com
hqticket.com
hqticket.net
megazticket.com
megazticket.net
niceticket.net
stormticket.com
the-ticket.net
ticketnitro.com
vivaticket.net
wotticket.net
blogscontent.com
brakeporn.net
contact-adult.net
delfiporn.net
helpporn.net
look-adult.net
megazporn.com
name-adult.net
pleasure-adult.com
porn-comp.com
porn-look.net
porn-popular.com
porn-the.net
pornbrake.com
pornnitro.net
poweradult.net
scan-porn.net
service-porn.com
sexwhite.net
sexwot.net
sexxero.com
try-adult.com
uinsex.com
useporn.net
visit-adult.net
xeroporn.com
adminkos.net
fuckdns.com
traffomer.com
eltext.com
download.infectionscanner.com
club-super-sex.com
nude-bollywood.com
777-sex.com
angels-and-demon.com
bdsmbookmarks.com
smokinmovies.com
maturewoman-sex.com
revolution-video.com
teen-porn-video.com
anvi-scanner.com
justcount.net
totsec2009.com
total-submission.com
antivir-64.com
antivir64.com
tube40.net
scanner-avp2008.com
sexgirls-movies.com
pay4health.net
vicegrim.com
nude-art.net
tiny18.net
world-teens.com
criticalinternet.com
search-buy.net
theantivirusscan.com
clipwizards.com
findyourlink.net
getdailyvideos.com
imagesuniverse.com
immensepics.com
picstransformer.com
traffgates.com
bot.mspublik.com
1001-search.com
1computerspiele.net
abosearch.com
allabout6.com
analmoviesdownload.com
antispywareupdates.net
artfemdom.net
beastsex-movies.com
bestgall.net
bestpornoworld.com
chiavate-con-oggetti.com
cjtalk.net
creamlips.com
cumdelicious.net
cumriver.com
cutieteen.net
dashulka.com
dztalk.com
ebonyhut.net
enormi-cazzi.com
every-search.com
fatfast.net
fatpussypicture.com
feetfetishporno.com
femdomphotos.net
fingerfuns.com
foto-bondage.com
foto-pompe-pompini.com
foto-porno-infermiere.com
foto-porno-lesbiche.com
foto-porno-teen.com
foto-porno-video.com
foto-sesso-interraziale.com
foto-sesso-lesbo.com
foto-supercazzi.com
foto-tettone.com
foto-toys-oggetti.com
foto-troie-incinta.com
free-gallery.net
free-xxxgals.com
freeblonde.net
freecamvoyeur.com
freehqporno.com
freesex4gay.com
freshfacialmovies.com
freshpornolinks.com
fuck-whore.com
fuckthispussy.com
gallerie-foto-gratis.com
gestaporape.com
gingersex.net
girlmakeblowjob.com
glorypussy.com
goodcounter.net
grannysandra.com
grupal.net
hairyspring.com
hardcore-adulti-video.com
hardcorebe.com
hardsex-mania.com
hardteenaction.com
hitparadegay.com
honeylesbi.com
hot-clits.com
hot-date-list.com
hotstair.com
hottyasians.net
hustlerstars.com
incest-xxx.net
interracialshow.com
interrucial.com
iwstudio.net
japanpornfilms.com
justspicysex.com
lacemuscle.com
lactaswing.com
lesbi-dreams.com
lesbianplaying.com
lesbiche-sesso.net
livesecurityupdates.com
livexxxmature.com
loverchicks.com
matgals.com
mature-porn-sex.net
maturebabemovie.com
maturewoman-porn.com
more-search.net
nude-clits.com
nudeebonygirls.net
nudemature4u.com
nylonhome.com
oggetti-nella-fica.com
oknarosta.com
oldmatures.com
only-hardcore-sex.net
onlyporngals.com
orgypartynow.com
pantyhosecastle.com
pervonax.com
picturesgay.net
pictureslesbian.com
picturesmature.net
piedi-feticismo-sesso.com
piedi-fetish-sesso.com
pillssearch.net
pinknred.com
porno-babe.com
porno-gratis-filmati.com
porno-holic.com
posingebony.com
privacyprotect-cs.com
profigoda.com
pubblicita-siti-adulti.com
purestocking.com
puttane-grandi-tette.com
rape-fantasy-pics.com
roundgym.com
sablesex.com
sandybutts.com
scopate-gratis.com
search-biz.net
search-city.net
search-club.net
search-free.net
searchforapornstar.net
seductivepantyhose.com
sesso-racconti.com
sexiw.com
sexjizzgames.com
sexlt.com
sexpu.com
sexualwhore.com
sexyamateurbabe.com
shemalefotos.net
shemalez4u.com
slimblack.com
smut-4-free.com
soccerwife.com
stockinghome.com
stockingporno.net
suckskills.com
superiteens.com
teasinglesbi.com
teen-giovani-ragazze.com
teensexualitypics.com
teensgangbang.net
teenshot.net
teenspray.com
teenxxxarea.com
thebdsmvideos.com
thelesbimovies.com
titsfirm.com
titsnudefree.net
transex-transessuali.com
trueteenorgy.com
twoar.com
ultrafuckers.net
vegascocks.com
vietnamchicks.com
vividsunset.com
voyeur-guardoni.com
voyeurexcitement.com
wetteenager.com
xtratits-in-action.com
xxxgarden.net
youranalmovies.com
yourmaturesvideo.com
zone-erotic.com
zoo-sex-pics.com
pornoszones.com
antiwatch.com
ultimateprotect.com
ourtablets.com
chatroomonporn.com
dontforporn.com
pissing-adult-video.com
pissing-pornmovie.com
playhardmovie.com
playhardmovie.net
playxvideo.com
playxxxvideo.net
pornvideosteens.com
pornxvideo.net
sexmovieslist.com
stephieporn.com
teenandporn.com
teenxvideo.net
uniform-pornmovie.com
ahoist.net
adultfree-film.com
adultfree-film.net
bestmodelssite.com
bestpornogirls.net
brakesex.net
girlspornosite.com
group-adult.net
lightporn.net
mainsex.net
mainsexsite.net
movies-girls.com
pleasure-porn.com
porn-bestmovies.net
porn-freemovies.com
porn-pleasure.net
pornbestmovies.com
porndreams-free.com
porndreams-free.net
pornohere.net
pornqaz.com
qazsex.com
seebestsex.net
sex-dreamgirl.com
sex-freemovies.com
sexclean.net
sexgirls-movies.net
sexnitro.net
video-sexfree.com
xerosex.com
protectiondenetsurfage.com
biznesa.net

[SysAdMini]

Here is a list of domains which are registered at Estdomains and listed here on MalwareDomainList.

[Ilya Klein]

but to me this denotes other changes to the system for instance disabling internet options changing, and or a exe running on the system

No. No. No. I don't know how to explain... you know, I just don't need such visitors who was forced to have my website as homepage. They are not happy, they complain, they don't need my website and or any of my services, they are bad customers. For what reason should I force them to visit my website?
I have a feedback form on my website and if somebody want to change favourlinks to anything else but don't know how to do it - I'm always trying to help.

why would a malware exe link to your site?

What malware exe are you talking about?

About SiteAdvisor, http://www.siteadvisor.com/sites/yahoo.com - spam, phishing, malware - all at once!

[sowhat-x]

To kokach:

Assuming you're in a rush,in case this is of any help,
here's also the "not-so-tidy" version of our archived data as well,
as we didn't had the time required to sanitize them to the full extend...
You can be rest assured though that ALL of these were involved in 'suspicious' activities,
NO matter if their website owners were actually aware of this fact or not.

Some general statistics for those curious about it:
12700 domains archived in total by MDL,obviously all of them involved in malware/spam/phishing
4500 of them (approximately) somehow connected with EstDomains
Ie.not necessary registered via EstDomains...for example,
site via Directi hosting malicious javascript,that redirects to EstDomains site and goes on...
About 35% of MDL's data since ever...