Malicious Site Repeat Offenders
The Top Ten Malicious list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the 1st Quarter, 2016 are shown below along with their major distributions. Included is this list are sites obfuscated by Domain Generation Algorithms (DGA) used to evade detection. Many of the malicious sites originate from Chinese, Russian and US cloud sites have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers, Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.
For a more complete listing of repeat offender sites please review the pdf report shown below.
1. 126.96.36.199-88 - from CN.Shanghai, publishes Agents, Ransomware, Backdoors, Droppers, Keyloggers and Injectors
2. directexe.com - from CN.Guangzhou, publishes Agents, Backdoors, Downloaders, Droppers, Keyloggers and Zeus
3. ge.tt - from CN, IE & US locations, publishes Agents Backdoors, Surveillance tools, Zeus, Injectors, Keyloggers
4. 188.8.131.52 - from HK.TsuenWan, publishes Backdoors, Surveillance tools, Spyware, Keyloggers and Zeus
5. goldbot.ru - from RU.Dmitrov, publishes numerous Zeus variants, Ransomware and Keyloggers
6. toing.ru - from RU.Krasnoyarsk, publishes Scams, Keyloggers, and Zeus
7. cdn3.opencandy.com - from US.MA.Cambridge, publishes Adware loaders in combination with Zeus and other keyloggers
8. buscandoempleointernacional.com - from US.AZ.Scottsdale, publishes Backdoors, Droppers and Downloaders
9. dl.get1993desk.com - from US.MA.Cambridge, publishes Backdoors, Droppers and Downloaders
10. goloduha.info - from UA, publishes Ransomware and Kelihos variants
|nGran - Research Page