New Browlock under compromised Godaddy doms - Feb 1, 2014

1. Sat, Feb 1, 2014
2.  
3. #DhiaLite - New Browlock IP range on 5.104.111.29-38
4. All IPs are hosting Browlock urls, e.g
5.  
6. http://5.104.111.29/interpol/Cv6QkDLfZcpKb3iaL0iOwO8LVQmpGkY1CdQVeI7sAN_/tk1YbFPn2XKTMXSK-Rm_/60xMG1uig5B9/wxGGJQatQOw%7E%7E/YjhhMDUzMDFkOTVkYjUwZmYyMGU3NmRiNWU4NjllYjU
7.  
8. http://5.104.111.38/ec3/IjXyTg32i71CUMbU1E7LWmODH3bXbR2mq1WeXZ14AjeWMpTu5ajAeTX3zN8zXjPgoJXh0OOazKYh/u1hP7o5vxg%7E%7E/MTk0MWM2NDMyYzI4YjhhY2Y2NzAzNDQ2MTMxMDcxMWU
9.  
10. Just form the url with the path /interpol/Cv6QkDLfZcpKb3iaL0iOwO8LVQmpGkY1CdQVeI7sAN_/tk1YbFPn2XKTMXSK-Rm_/60xMG1uig5B9/wxGGJQatQOw%7E%7E/YjhhMDUzMDFkOTVkYjUwZmYyMGU3NmRiNWU4NjllYjU
11.  
12. or
13.  
14. /ec3/IjXyTg32i71CUMbU1E7LWmODH3bXbR2mq1WeXZ14AjeWMpTu5ajAeTX3zN8zXjPgoJXh0OOazKYh/u1hP7o5vxg%7E%7E/MTk0MWM2NDMyYzI4YjhhY2Y2NzAzNDQ2MTMxMDcxMWU
15.  
16. or other possible paths
17.  
18. under http://5.104.111.x in the 5.104.111.29-38 range and you will get a live Browlock page
19.  
20. The IPs 5.104.111.29,30,31,32,34,35,36 are already hosting Browlock subdomains injected under compromised GoDaddy domains.
21.  
22. 5.104.111.33,37,38 are not hosting domains yet.
23.  
24. Likely more subdomains will be injected under Compromised GoDaddy domains and will be made point to 5.104.111.33,37,38
25.  
26. More subdomains are appearing.
27.  
28. #Sample compromised Godaddy 2LDs
29.  
30. 90-4-life.com
31. 90-4-life.mobi
32. 90-4-life.net
33. 90-4-life.org
34. 90-for-life.com
35. 90forlifeleaders.com
36. 90forlifestyletour.com
37. 90forlifestyletour.net
38. 90forlifevideos.com
39. 90forlifewebinars.com
40. averageamericanbillionaire.biz
41. averageamericanbillionaire.com
42. averageamericanbillionaire.net
43. averageamericanmillionaire.biz
44. avgamericanmillionaire.com
45. beyoutifulminerals.com
46. billandreoli.biz
47. billandreoli.com
48. billandreoli.net
49. caddcrusade.com
50. cadd.mobi
51. checkrealty.info
52. exopy.com
53. howtocureerictiledysfunction.com
54. howtocureerictiledysfunction.info
55. howtocureerictiledysfunction.net
56. listingssales.com
57. uscoinandjewelry.info
58. wanttobuy.biz
59. wayneslist.info
60.  
61. #Sample urls of the Browloack page
62.  
63. http://myufg.cadd.mobi/ec3/IjXyTg32i71CUMbU1E7LWmODH3bXbR2mq1WeXZ14AjeWMpTu5ajAeTX3zN8zXjPgoJXh0OOazKYh/u1hP7o5vxg%7E%7E/MTk0MWM2NDMyYzI4YjhhY2Y2NzAzNDQ2MTMxMDcxMWU
64.  
65. http://myufg.cadd.mobi/interpol/Cv6QkDLfZcpKb3iaL0iOwO8LVQmpGkY1CdQVeI7sAN_/tk1YbFPn2XKTMXSK-Rm_/60xMG1uig5B9/wxGGJQatQOw%7E%7E/YjhhMDUzMDFkOTVkYjUwZmYyMGU3NmRiNWU4NjllYjU
66.  
67. VT reports
68. https://www.virustotal.com/en/ip-address/5.104.111.29/information/
69. https://www.virustotal.com/en/ip-address/5.104.111.30/information/
70. https://www.virustotal.com/en/ip-address/5.104.111.31/information/
71. https://www.virustotal.com/en/ip-address/5.104.111.32/information/
72. https://www.virustotal.com/en/ip-address/5.104.111.34/information/
73. https://www.virustotal.com/en/ip-address/5.104.111.35/information/
74.  
75. #Sample Browlock subdomains on 5.104.111.29-36
76.  
77. yhjntyy.billandreoli.net
78. vdfzgdg.billandreoli.com
79. myufg.cadd.mobi
80. czxvd.caddcrusade.com
81. bngch.billandreoli.net
82. bnfuu.cadd.mobi
83. xcvzsdd.billandreoli.com
84. vzsdgd.avgamericanmillionaire.com
85. vcnch.billandreoli.biz
86. zxczsf.90forlifewebinars.com
87. zxcvfnb.averageamericanmillionaire.biz
88. zdfhxf.billandreoli.biz
89. xzvczsd.avgamericanmillionaire.com
90. xstsjhy.averageamericanbillionaire.net
91. xhdjtyr.averageamericanmillionaire.biz
92. vbnyfjd.averageamericanbillionaire.net
93. hthftm.averageamericanbillionaire.com
94. hgfyjy.averageamericanbillionaire.com
95. gfjyjt.averageamericanbillionaire.biz
96. dfhxdg.beyoutifulminerals.com
97. cxzvdd.beyoutifulminerals.com
98. bnxfgj.averageamericanbillionaire.biz
99. nujkf.90forlifestyletour.com
100. caefxc.90forlifewebinars.com
101. zdgstrt.90-for-life.com
102. zdgrr.90-4-life.org
103. xcvncg.90forlifeleaders.com
104. vxzces.90forlifestyletour.net
105. vdzg.90-4-life.org
106. vcnhfu.90forlifevideos.com
107. tfjtyjgvn.90forlifevideos.com
108. sdvfrr.90-4-life.net
109. nikuu.90-4-life.mobi
110. jdtyiyfr.90forlifeleaders.com
111. gjytyfj.90forlifestyletour.com
112. fhdtr.90-4-life.net
113. dgdrfg.90forlifestyletour.net
114. vjkuy.90-4-life.mobi
115. zdgz.howtocureerictiledysfunction.info
116. yfjify.wayneslist.info
117. xhtfg.howtocureerictiledysfunction.net
118. tyujht.listingssales.com
119. nmfu.wayneslist.info
120. ndryu.listingssales.com
121. hntrgg.wanttobuy.biz
122. gertg.howtocureerictiledysfunction.net
123. fyjtsty.90-4-life.com
124. fhdtyf.wanttobuy.biz
125. dryhdt.uscoinandjewelry.info
126. bnxfg.90-4-life.com
127. yjytcd.exopy.com
128. drryr.howtocureerictiledysfunction.com
129. zsdfwe.checkrealty.info
130. rgdff.howtocureerictiledysfunction.com
131. ntrdyuj.exopy.com
132. fvseds.checkrealty.info
133.  
134. END