Suspicious .pl short lived subdomains - Nov 14, 2013

1. Thu, Nov 14 2013
2. #DhiaLite - New campaign of suspicious short lived .pl subdomains shifted from 5.152.194.51 and started resolving to 5.152.194.52 since yesterday and still going on.
3. Spike in traffic for these subdomains then they stop resolving.
4.  
5. Possibly used for a similar Malvertising -> EK -> ransomware campaign as in
6. http://www.malekal.com/2013/07/31/en-urausy-adultfriendzfinder-malvertising-banner/
7.  
8. Yet to be confirmed.
9.  
10. Currently about 190+ subdomains have resolved to this IP, and more are popping up.
11.  
12. These subdomains are registered under the Polish city 2LD
13.  
14. olecko.pl
15.  
16. #Sample of subdomains on 5.152.194.52
17.  
18. yugio.demandmetric.olecko.pl
19. wowsh.carrapide.olecko.pl
20. world.cospi.olecko.pl
21. westo.how-to-learn-any-language.olecko.pl
22. webgr.snowinn.olecko.pl
23. visas.videochat-nonadult.olecko.pl
24. urban.rudebox.olecko.pl
25. updat.ktaby.olecko.pl
26. uoct.carrapide.olecko.pl
27. ultra.curatorseye.olecko.pl
28. uktut.seuhentai.olecko.pl
29. tubex.ktaby.olecko.pl
30. thevo.how-to-learn-any-language.olecko.pl
31. thesk.card-db.olecko.pl
32. there.nanokamo.olecko.pl
33. theda.networksaigon.olecko.pl
34. thecp.elbagalindo.olecko.pl
35. takem.rudebox.olecko.pl
36. subir.carrapide.olecko.pl
37. store.card-db.olecko.pl
38. start.hellobc.olecko.pl
39. stamb.rhinoslider.olecko.pl
40. ssm.armaniwatchescheap.olecko.pl
41. spide.ummulqura.olecko.pl
42. skymi.iraqiyat.olecko.pl
43. shofh.ummulqura.olecko.pl
44. seria.snowinn.olecko.pl
45. seopu.rhinoslider.olecko.pl
46. seodn.apexoo.olecko.pl
47. senib.rudebox.olecko.pl
48. seika.ashro.olecko.pl
49. safet.cospi.olecko.pl
50. royle.koyalwholesale.olecko.pl
51. robyn.apexoo.olecko.pl
52. respu.networksaigon.olecko.pl
53. regin.card-db.olecko.pl
54. redho.hellobc.olecko.pl
55. reatr.freecsstemplates.olecko.pl
56. ptzce.carrapide.olecko.pl
57. promo.networksaigon.olecko.pl
58. promo.momseries.olecko.pl
59. prcit.card-db.olecko.pl
60. pot.momseries.olecko.pl
61. portm.hellobc.olecko.pl
62. pokaz.rhinoslider.olecko.pl
63. pinks.apexoo.olecko.pl
64. picpa.ktaby.olecko.pl
65. phpbb.seuhentai.olecko.pl
66. paxba.rhinoslider.olecko.pl
67. ourla.mamahawaa.olecko.pl
68. optim.nanokamo.olecko.pl
69. notef.ummulqura.olecko.pl
70. newyo.curatorseye.olecko.pl
71. naxaf.videochat-nonadult.olecko.pl
72. naini.momseries.olecko.pl
73. mylds.hellobc.olecko.pl
74. mpmca.koyalwholesale.olecko.pl
75. mostp.armaniwatchescheap.olecko.pl
76. mn123.demandmetric.olecko.pl
77. mmnew.polibiobraga.olecko.pl
78. misst.iraqiyat.olecko.pl
79. minda.snowinn.olecko.pl
80. michn.iraqiyat.olecko.pl
81. masr.cospi.olecko.pl
82. masco.ktaby.olecko.pl
83. manke.paperjobsads.olecko.pl
84. makin.armaniwatchescheap.olecko.pl
85. loven.networksaigon.olecko.pl
86. livep.cospi.olecko.pl
87. light.videochat-nonadult.olecko.pl
88. lesbi.mamahawaa.olecko.pl
89. lerel.momseries.olecko.pl
90. lendi.elbagalindo.olecko.pl
91. kycdc.apexoo.olecko.pl
92. kubun.snowinn.olecko.pl
93. koneb.freecsstemplates.olecko.pl
94. koles.iraqiyat.olecko.pl
95. kesou.iraqiyat.olecko.pl
96. juliu.seuhentai.olecko.pl
97. jnd.makelove.olecko.pl
98. jelli.rhinoslider.olecko.pl
99. inter.mamahawaa.olecko.pl
100. inter.carrapide.olecko.pl
101. intel.apexoo.olecko.pl
102. infoc.seuhentai.olecko.pl
103. indig.mamahawaa.olecko.pl
104. imark.koyalwholesale.olecko.pl
105. ikent.demandmetric.olecko.pl
106. iffmh.carrapide.olecko.pl
107. hpmcs.card-db.olecko.pl
108. hmong.armaniwatchescheap.olecko.pl
109. globa.ashro.olecko.pl
110. gilse.mamahawaa.olecko.pl
111. gfsrv.freecsstemplates.olecko.pl
112. gamet.ktaby.olecko.pl
113. galar.rudebox.olecko.pl
114. g4s.how-to-learn-any-language.olecko.pl
115. fxcpr.demandmetric.olecko.pl
116. friso.armaniwatchescheap.olecko.pl
117. freec.rudebox.olecko.pl
118. freeb.ktaby.olecko.pl
119. frank.curatorseye.olecko.pl
120. flucc.ashro.olecko.pl
121. fishn.iraqiyat.olecko.pl
122. feech.seuhentai.olecko.pl
123. fathe.momseries.olecko.pl
124. editi.curatorseye.olecko.pl
125. ecred.how-to-learn-any-language.olecko.pl
126. eastw.polibiobraga.olecko.pl
127. dortm.snowinn.olecko.pl
128. dekuc.momseries.olecko.pl
129. dealm.elbagalindo.olecko.pl
130. deadc.card-db.olecko.pl
131. dce.nanokamo.olecko.pl
132. david.mamahawaa.olecko.pl
133. daddy.ashro.olecko.pl
134. ctek.rhinoslider.olecko.pl
135. cread.seuhentai.olecko.pl
136. comas.paperjobsads.olecko.pl
137. clubt.mamahawaa.olecko.pl
138. clipa.polibiobraga.olecko.pl
139. class.rudebox.olecko.pl
140. cieka.apexoo.olecko.pl
141. chine.nanokamo.olecko.pl
142. centr.makelove.olecko.pl
143. cente.demandmetric.olecko.pl
144. ccpcj.nanokamo.olecko.pl
145. camer.videochat-nonadult.olecko.pl
146. bolga.freecsstemplates.olecko.pl
147. bobri.polibiobraga.olecko.pl
148. blog.ashro.olecko.pl
149. black.how-to-learn-any-language.olecko.pl
150. beast.ummulqura.olecko.pl
151. artil.momseries.olecko.pl
152. aluae.ashro.olecko.pl
153. allsu.videochat-nonadult.olecko.pl
154. agitk.videochat-nonadult.olecko.pl
155. advan.koyalwholesale.olecko.pl
156. ace.curatorseye.olecko.pl
157. xexun.evolver.olecko.pl
158. winju.smartbuy.olecko.pl
159. whats.searchbug.olecko.pl
160. tubel.realtid.olecko.pl
161. toyru.realtid.olecko.pl
162. total.i3tracking.olecko.pl
163. theim.i3tracking.olecko.pl
164. tcte.realtid.olecko.pl
165. suppo.hotlist.olecko.pl
166. super.mercialfred.olecko.pl
167. sunto.hotlist.olecko.pl
168. sourc.mercialfred.olecko.pl
169. sexok.hotlist.olecko.pl
170. qads1.i3tracking.olecko.pl
171. publi.articlecabi.olecko.pl
172. pront.mercialfred.olecko.pl
173. pratt.articlecabi.olecko.pl
174. pestw.articlecabi.olecko.pl
175. perfo.pushbuttoncomputing.olecko.pl
176. param.i3tracking.olecko.pl
177. paraj.articlecabi.olecko.pl
178. pandu.smartbuy.olecko.pl
179. packe.pushbuttoncomputing.olecko.pl
180. over3.evolver.olecko.pl
181. onlin.mercialfred.olecko.pl
182. onest.i3tracking.olecko.pl
183. nucoo.searchbug.olecko.pl
184. mohse.searchbug.olecko.pl
185. miche.i3tracking.olecko.pl
186. mcwto.smartbuy.olecko.pl
187. lorea.evolver.olecko.pl
188. laure.smartbuy.olecko.pl
189. ippom.mercialfred.olecko.pl
190. inves.pushbuttoncomputing.olecko.pl
191. inupp.i3tracking.olecko.pl
192. hotel.searchbug.olecko.pl
193. heell.hotlist.olecko.pl
194. girls.realtid.olecko.pl
195. ginno.hotlist.olecko.pl
196. freew.realtid.olecko.pl
197. festi.articlecabi.olecko.pl
198. every.searchbug.olecko.pl
199. eliza.pushbuttoncomputing.olecko.pl
200. elear.evolver.olecko.pl
201. edjo.realtid.olecko.pl
202. downl.pushbuttoncomputing.olecko.pl
203. didyo.pushbuttoncomputing.olecko.pl
204. conve.articlecabi.olecko.pl
205. civil.evolver.olecko.pl
206. cheap.realtid.olecko.pl
207. andik.smartbuy.olecko.pl
208. aasga.pushbuttoncomputing.olecko.pl
209. a7lam.evolver.olecko.pl
210.  
211. END