Malicious Site Repeat Offenders
The Top Ten list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the month of June, 2015 are shown below along with their major distributions. Included is this list are sites obfuscated by Domain Generation Algorithms (DGA) used to evade detection. Many of the malicious sites originate from Germany, The Ukraine, China and US cloud sites have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers, Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.
For a more complete listing of repeat offender sites please review the pdf report shown below.
1. 18.104.22.168 - from DE.Baden-wurttemberg.Karlsruhe, publishes Backdoors, Keyloggers and Injectors
2. 22.214.171.124 - from UA.Ivanov is a very active source of Ransomware, Backdoors, Keyloggers and Agents
3. 126.96.36.199 - from CN.Nanchang, publishes Zeus, Injectors, Spyware and Backdoors
4. 188.8.131.52 - from CN.Hangzhou, publishes Agents, Downloaders, Zeus and Backdoors
5. 184.108.40.206 - from US.Iowa.Cloud is a very active source of Downloaders, Backdoor, Keyloggers and Agents
6. 220.127.116.11 - from CN.Guangzhou is a very active source of Downloaders, Backdoor, Keyloggers and Agents
7. 18.104.22.168 - from CN.Nanjing is a very active source of Downloaders, Backdoor, Keyloggers and Agents
8. 22.214.171.124 - from US.Iowa.Cloud is a very active source of Downloaders, Backdoor, Keyloggers and Agents
9. 126.96.36.199 from DE.Hessen.Biebergemuend, publishes numerous Infostealers, Spyware, Backdoors and Keyloggers
10. a.mystick.xyz - from US.OR.Boardman, is an active Infostealer and IPTheft site
|nGran - Research Page