Malicious Site Repeat Offenders
The Top Ten list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the month of April, 2015 are shown below along with their major distributions. Included is this list are sites obfuscated by Domain Generation Algorithms (DGA) used to evade detection. Many of the malicious sites originate from CN and RU sites and have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers, Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.
For a more complete listing of repeat offender sites please review the pdf report shown on our Research Page.
1. ie.dianxin777.com - from CN.Nanjing is a very active source of Droppers, Backdoor, Keyloggers and Zeus
2. hlamypho.rustubeplus.ru - from UK.GB.Hampshire publishes Droppers, Backdoors and Keyloggers
3. ge.tt - from IE.Dublin, publishes Zeus, Droppers, Keyloggers and Agents and is an IPTheft repository
4. dx9.97sky.cn - from CN.Changsha, publishes numerous Agents and Backdoors
5. dx40.downyouxi.com - from CN.Changsha, is a very active source of Zeus, Agents, Droppers and Backdoors
6. f20.softwaretop.net - from VN.Hanoi, publishes Backdoor, Injectors, Agents
7. dx2.97sky.cn - from CN.Changsha, publishes Zeus, Backdoors and Agents
8. down8.upantool.com - from CN.Nanjing, publishes Zeus, Keyloggers and Agents
9. down.xiazai2.net - from CN.Chengdu publishes Spyware and Backdoors
10. dl4.getz.tv - from RU. Moscow, publishes Zeus, Surveillance, info harvesting tools and backdoors
|nGran - Research Page