Current and next Nuclear EK IPs - Feb 26, 2014

1. Wed, Feb 26 2014
2. #DhiaLite - Predicted next IPs to host Nuclear Pack EK subdomains
3.  
4. A new IP range set up to host Nuclear Exploit kit domains
5. 5.101.173.11
6. 5.101.173.12
7. 5.101.173.13
8. 5.101.173.14
9. 5.101.173.15
10. 5.101.173.16
11. 5.101.173.17
12. 5.101.173.18
13. 5.101.173.19
14. 5.101.173.20
15.  
16. So far, 5.101.173.11, 5.101.173.12, 5.101.173.13, 5.101.173.14 have been used.
17.  
18. The Nuclear EK subdomains use these name servers for now
19. DNS1.VIAGISONE.RU on 198.50.212.137
20. and
21. DNS2.VIAGISONE.RU on 198.50.178.137
22.  
23. VIAGISONE.RU registered Fen 24th
24.  
25. 198.50.212.137 is part of the range 198.50.212.136 - 198.50.212.143
26. Same actor also reserverd the below ranges as discussed in http://pastebin.com/KuxpNJwV
27.  
28. 198.50.212.128 - 198.50.212.131
29. 198.50.212.132 - 198.50.212.135
30. 198.50.212.136 - 198.50.212.143
31.  
32. 198.50.178.137 is part of the range 198.50.178.136 - 198.50.178.139
33.  
34. Same actor also reserved 198.50.178.140 - 198.50.178.143
35.  
36. Block/monitor/take down EK domains and their nameservers.
37. Block/monitor full IP ranges for subdomains and name servers.
38.  
39.  
40. Reference:
41. http://labs.umbrella.com/2014/02/14/when-ips-go-nuclear/