#MalwareMustDie - Log of Report of 8 more Kelihos domains

1. #MalwareMustDie - Copy of official report of more Kelihos NEW .COM Domains
2.  
3. Hello all,
4. The below domains are also spotted as new Kelihos .COM domains:
5.  
6. hayznep.com
7. ikfubla.com
8. joejkab.com
9. mulocxu.com
10. nemicki.com
11. sotlequ.com
12. enpomaf.com
13. ofciwox.com
14.  
15. Source: http://pastebin.com/g0EVfqKi by DhiaLite/Umbrella Labs
16.  
17. Same MO as per previous spotted and reported OFCIWOX.COM
18.  
19. Domain Name: HAYZNEP.COM
20. Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
21. Whois Server: whois.PublicDomainRegistry.com
22. Referral URL: http://www.PublicDomainRegistry.com
23. Name Server: NS1.HAYZNEP.COM
24. Name Server: NS2.HAYZNEP.COM
25. Name Server: NS3.HAYZNEP.COM
26. Name Server: NS4.HAYZNEP.COM
27. Name Server: NS5.HAYZNEP.COM
28. Name Server: NS6.HAYZNEP.COM
29. Status: clientTransferProhibited
30. Updated Date: 08-aug-2013
31. Creation Date: 08-aug-2013
32. Expiration Date: 08-aug-2014
33. >>> Last update of whois database: Fri, 09 Aug 2013 15:58:59 UTC <<<
34.  
35. Domain Name: IKFUBLA.COM
36. Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
37. Whois Server: whois.PublicDomainRegistry.com
38. Referral URL: http://www.PublicDomainRegistry.com
39. Name Server: NS1.IKFUBLA.COM
40. Name Server: NS2.IKFUBLA.COM
41. Name Server: NS3.IKFUBLA.COM
42. Name Server: NS4.IKFUBLA.COM
43. Name Server: NS5.IKFUBLA.COM
44. Name Server: NS6.IKFUBLA.COM
45. Status: clientTransferProhibited
46. Updated Date: 08-aug-2013
47. Creation Date: 08-aug-2013
48. Expiration Date: 08-aug-2014
49. >>> Last update of whois database: Fri, 09 Aug 2013 15:58:29 UTC <<<
50.  
51. Domain Name: JOEJKAB.COM
52. Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
53. Whois Server: whois.PublicDomainRegistry.com
54. Referral URL: http://www.PublicDomainRegistry.com
55. Name Server: NS1.JOEJKAB.COM
56. Name Server: NS2.JOEJKAB.COM
57. Name Server: NS3.JOEJKAB.COM
58. Name Server: NS4.JOEJKAB.COM
59. Name Server: NS5.JOEJKAB.COM
60. Name Server: NS6.JOEJKAB.COM
61. Status: clientTransferProhibited
62. Updated Date: 08-aug-2013
63. Creation Date: 08-aug-2013
64. Expiration Date: 08-aug-2014
65. >>> Last update of whois database: Fri, 09 Aug 2013 15:59:45 UTC <<<
66.  
67. [..and so on...]
68.  
69.  
70. With the same Registration Service Provided By: DOMALAND
71.  
72. Domain Name: JOEJKAB.COM
73.  
74. Registration Date: 08-Aug-2013
75. Expiration Date: 08-Aug-2014
76.  
77. Status:LOCKED
78. Note: This Domain Name is currently Locked.
79. This feature is provided to protect against fraudulent acquisition of the domain name,
80. as in this status the domain name cannot be transferred or modified.
81.  
82. Name Servers:
83. ns1.joejkab.com
84. ns2.joejkab.com
85. ns3.joejkab.com
86. ns4.joejkab.com
87. ns5.joejkab.com
88. ns6.joejkab.com
89.  
90.  
91. Registrant Contact Details:
92. N/A
93. Anstice Selby (anstice_selby7250@cyberdude.com)
94. 12721 Ceder St
95. Manor
96. TX,78653
97. US
98. Tel. +1.2530260685
99.  
100. [ and so on...]
101.  
102. With serving hlux to...
103.  
104. @unixfreaxjp ~]$ while true; do dig +short hayznep.com; sleep 1; done
105. 111.241.130.235
106. 46.250.24.36
107. 46.37.197.45
108. 5.165.158.112
109. 92.52.148.100
110. 188.129.195.85
111. ^C
112. @unixfreaxjp ~]$ while true; do dig +short ikfubla.com; sleep 1; done
113. 93.77.103.167
114. 46.187.78.6
115. 46.52.237.127
116. 91.241.104.9
117. ^C
118. @unixfreaxjp ~]$ while true; do dig +short joejkab.com; sleep 1; done
119. 109.106.20.232
120. 91.225.74.13
121. 178.150.203.178
122. 88.81.35.196
123. ^C
124. @unixfreaxjp ~]$ while true; do dig +short mulocxu.com; sleep 1; done
125. 111.242.40.241
126. 80.99.210.196
127. 5.152.214.150
128. ^C
129. [...]
130.  
131. @unixfreaxjp ~]$ while true; do dig +short ofciwox.com; sleep 1; done
132. 114.27.128.253
133. 83.246.151.18
134. 218.209.154.20
135. 114.38.209.98
136. 93.78.76.236
137. ^C
138.  
139. // The IP addresses are the same as per milked 1,200+
140. ----
141. #MalwareMustDie!