Compromised GoDaddy domains, Angler EK - Nov 15, 2013

1. Fri, Nov 15 2013
2.  
3. #DhiaLite - Malicious subdomains started resolving two days ago to 78.47.235.252 injected under compromised GoDaddy domains.
4.  
5. After verification, confirmed Angler EK thanks to @kafeine from VT
6.  
7. https://www.virustotal.com/en/ip-address/78.47.235.252/information/
8.  
9. #Sample compromised 2LDs:
10.  
11. drivinglessonsinsoutheastlondon.co.uk
12. newyorkgiantsterritory.com
13. ozdemirhidrolik.com
14. pancarga.info
15. puertaapuertavenezuela.biz
16. renkburada.com
17. seniordentalcarellc.com
18. thecommunityreport.info
19.  
20. #Sample subdomains on 78.47.235.252:
21.  
22. usucapion.pancarga.info
23. turney-afgrissen.renkburada.com
24. sotaveteraaneja.pancarga.info
25. oplossin.pancarga.info
26. laundrymat.pancarga.info
27. jgroenketympanon.puertaapuertavenezuela.biz
28. demouelodespited.renkburada.com
29. deadpanner1csstivaron.thecommunityreport.info
30. akkoord.thecommunityreport.info
31. vertoondagentorrefierait.drivinglessonsinsoutheastlondon.co.uk
32. teollisuushallin.seniordentalcarellc.com
33. swartbonte.newyorkgiantsterritory.com
34. skurzawkacerbillo.seniordentalcarellc.com
35. oobune1rastbichler.seniordentalcarellc.com
36. nondisabledkuiwai.newyorkgiantsterritory.com
37. nasutiform-inzaagden.newyorkgiantsterritory.com
38. leiplajiinsaswinoujs.drivinglessonsinsoutheastlondon.co.uk
39. leaves-schlagkraft.newyorkgiantsterritory.com
40. geklonterdabgekauftem.ozdemirhidrolik.com
41. drviersimmotioned.drivinglessonsinsoutheastlondon.co.uk
42. copulassuperaff.newyorkgiantsterritory.com
43. bk3.newyorkgiantsterritory.com
44. barrikadialainif.seniordentalcarellc.com
45.  
46. END