API tools faq
paste
Advertisement
DhiaLite

Suspicious .pl short lived subdomains II - Nov 14, 2013

DhiaLite
Nov 14th, 2013
222
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.71 KB | None | 0 0
raw download clone embed print report
  1. Thu, Nov 14 2013
  2. #DhiaLite - New campaign of suspicious short lived .pl subdomains shifted from 109.236.83.184 to start resolving to 109.236.83.185 today and still going on.
  3. Follow up to http://pastebin.com/s8ARXGd2
  4.  
  5. Spike in traffic for these subdomains then they stop resolving.
  6.  
  7. Possibly used for a similar Malvertising -> EK -> ransomware campaign as in
  8. http://www.malekal.com/2013/07/31/en-urausy-adultfriendzfinder-malvertising-banner/
  9.  
  10. Yet to be confirmed.
  11.  
  12. Currently about 180+ subdomains have resolved to this IP, and more are popping up.
  13.  
  14. These subdomains are registered under the Polish cities 2LDs
  15.  
  16. olecko.pl
  17. pruszkow.pl
  18.  
  19. #Sample of subdomains on 109.236.83.185
  20.  
  21. warkz.immowelt.pruszkow.pl
  22. votef.immowelt.pruszkow.pl
  23. unite.geradorcpf.pruszkow.pl
  24. twitt.ultimate-codecs.pruszkow.pl
  25. triip.immowelt.pruszkow.pl
  26. telsp.ultimate-codecs.pruszkow.pl
  27. taomi.geradorcpf.pruszkow.pl
  28. softc.googlewebmastercentral.pruszkow.pl
  29. sipel.adready.pruszkow.pl
  30. silic.ultimate-codecs.pruszkow.pl
  31. shopc.googlewebmastercentral.pruszkow.pl
  32. shema.immowelt.pruszkow.pl
  33. selfp.geradorcpf.pruszkow.pl
  34. ptb.googlewebmastercentral.pruszkow.pl
  35. podfo.ultimate-codecs.pruszkow.pl
  36. pisoc.adready.pruszkow.pl
  37. offrm.googlewebmastercentral.pruszkow.pl
  38. nnsta.immowelt.pruszkow.pl
  39. nhe.ultimate-codecs.pruszkow.pl
  40. natur.googlewebmastercentral.pruszkow.pl
  41. morph.rusavtobus.pruszkow.pl
  42. mabul.geradorcpf.pruszkow.pl
  43. livin.geradorcpf.pruszkow.pl
  44. listl.ultimate-codecs.pruszkow.pl
  45. kunst.googlewebmastercentral.pruszkow.pl
  46. krist.googlewebmastercentral.pruszkow.pl
  47. kinli.googlewebmastercentral.pruszkow.pl
  48. jvep.immowelt.pruszkow.pl
  49. jooml.googlewebmastercentral.pruszkow.pl
  50. jirit.geradorcpf.pruszkow.pl
  51. iread.geradorcpf.pruszkow.pl
  52. idcco.googlewebmastercentral.pruszkow.pl
  53. huizh.adready.pruszkow.pl
  54. hsbc.adready.pruszkow.pl
  55. hlera.googlewebmastercentral.pruszkow.pl
  56. goolb.adready.pruszkow.pl
  57. goind.adready.pruszkow.pl
  58. genpi.rusavtobus.pruszkow.pl
  59. funti.adready.pruszkow.pl
  60. ftimg.adready.pruszkow.pl
  61. foris.immowelt.pruszkow.pl
  62. flixh.ultimate-codecs.pruszkow.pl
  63. fairb.ultimate-codecs.pruszkow.pl
  64. eskim.rusavtobus.pruszkow.pl
  65. diabl.geradorcpf.pruszkow.pl
  66. devil.adready.pruszkow.pl
  67. deser.geradorcpf.pruszkow.pl
  68. carlo.ultimate-codecs.pruszkow.pl
  69. burgc.geradorcpf.pruszkow.pl
  70. betds.adready.pruszkow.pl
  71. berke.immowelt.pruszkow.pl
  72. baker.geradorcpf.pruszkow.pl
  73. afric.immowelt.pruszkow.pl
  74. addur.rusavtobus.pruszkow.pl
  75. zeist.ctvwm.olecko.pl
  76. yytcd.hytera.olecko.pl
  77. yumen.verisign.olecko.pl
  78. yoshi.bmbets.olecko.pl
  79. wigif.ristrutturazioni-case.olecko.pl
  80. wifih.hooriat.olecko.pl
  81. whorl.bmbets.olecko.pl
  82. whole.americansongwriter.olecko.pl
  83. werwi.hooriat.olecko.pl
  84. wallb.americansongwriter.olecko.pl
  85. vienn.ctvwm.olecko.pl
  86. vidya.lineshjose.olecko.pl
  87. victo.bmbets.olecko.pl
  88. venau.verisign.olecko.pl
  89. venam.americansongwriter.olecko.pl
  90. uprb.appriver.olecko.pl
  91. unsha.jumbo.olecko.pl
  92. ubala.talesfromtammylyne.olecko.pl
  93. tubes.verisign.olecko.pl
  94. trade.talesfromtammylyne.olecko.pl
  95. topha.mix-computer.olecko.pl
  96. tiger.dalailama.olecko.pl
  97. thetr.ristrutturazioni-case.olecko.pl
  98. thecf.uaudio.olecko.pl
  99. thcgr.lineshjose.olecko.pl
  100. surfc.appriver.olecko.pl
  101. straw.verisign.olecko.pl
  102. start.americansongwriter.olecko.pl
  103. sodom.dalailama.olecko.pl
  104. sitec.jumbo.olecko.pl
  105. shmil.jumbo.olecko.pl
  106. setev.verisign.olecko.pl
  107. sensa.appriver.olecko.pl
  108. semin.hooriat.olecko.pl
  109. scu2c.uaudio.olecko.pl
  110. scano.verisign.olecko.pl
  111. salom.ctvwm.olecko.pl
  112. riode.uaudio.olecko.pl
  113. ricks.hytera.olecko.pl
  114. rejas.hytera.olecko.pl
  115. redar.mix-computer.olecko.pl
  116. rdica.amazeelabs.olecko.pl
  117. rakba.usi.olecko.pl
  118. quepu.bmbets.olecko.pl
  119. py4ki.usi.olecko.pl
  120. proxy.ctvwm.olecko.pl
  121. pront.usi.olecko.pl
  122. photo.jumbo.olecko.pl
  123. perpu.uaudio.olecko.pl
  124. ovb.isis.olecko.pl
  125. optip.verisign.olecko.pl
  126. onlyw.jumbo.olecko.pl
  127. onlin.americansongwriter.olecko.pl
  128. newst.talesfromtammylyne.olecko.pl
  129. nasai.uaudio.olecko.pl
  130. nadpr.mix-computer.olecko.pl
  131. myher.jumbo.olecko.pl
  132. mwome.dalailama.olecko.pl
  133. mweor.bmbets.olecko.pl
  134. mutoj.usi.olecko.pl
  135. music.mix-computer.olecko.pl
  136. micha.isis.olecko.pl
  137. meyam.hytera.olecko.pl
  138. mediz.americansongwriter.olecko.pl
  139. masti.amazeelabs.olecko.pl
  140. marke.talesfromtammylyne.olecko.pl
  141. makec.ctvwm.olecko.pl
  142. lovem.ctvwm.olecko.pl
  143. lovec.hooriat.olecko.pl
  144. liber.rusavtobus.pruszkow.pl
  145. letsc.ctvwm.olecko.pl
  146. lescm.usi.olecko.pl
  147. leice.lineshjose.olecko.pl
  148. ksc.hooriat.olecko.pl
  149. kentu.talesfromtammylyne.olecko.pl
  150. jahan.dalailama.olecko.pl
  151. inspi.lineshjose.olecko.pl
  152. infob.ctvwm.olecko.pl
  153. iconi.talesfromtammylyne.olecko.pl
  154. homet.appriver.olecko.pl
  155. heyra.ristrutturazioni-case.olecko.pl
  156. hansn.ristrutturazioni-case.olecko.pl
  157. golfg.bmbets.olecko.pl
  158. go4sm.appriver.olecko.pl
  159. giftb.jumbo.olecko.pl
  160. funfo.usi.olecko.pl
  161. franq.dalailama.olecko.pl
  162. flahe.americansongwriter.olecko.pl
  163. firew.amazeelabs.olecko.pl
  164. fastp.lineshjose.olecko.pl
  165. farso.verisign.olecko.pl
  166. elpat.usi.olecko.pl
  167. ellap.dalailama.olecko.pl
  168. ejecu.hooriat.olecko.pl
  169. eigoe.mix-computer.olecko.pl
  170. ecol.ctvwm.olecko.pl
  171. dobal.lineshjose.olecko.pl
  172. diceb.ristrutturazioni-case.olecko.pl
  173. csccs.lineshjose.olecko.pl
  174. cpeas.rusavtobus.pruszkow.pl
  175. coupo.usi.olecko.pl
  176. conte.verisign.olecko.pl
  177. concr.isis.olecko.pl
  178. cnl.usi.olecko.pl
  179. cnjia.verisign.olecko.pl
  180. choic.dalailama.olecko.pl
  181. child.talesfromtammylyne.olecko.pl
  182. cheer.appriver.olecko.pl
  183. catho.amazeelabs.olecko.pl
  184. blogc.amazeelabs.olecko.pl
  185. bible.hooriat.olecko.pl
  186. belgi.ctvwm.olecko.pl
  187. bdweb.ctvwm.olecko.pl
  188. bdsma.hytera.olecko.pl
  189. bayen.usi.olecko.pl
  190. baiju.amazeelabs.olecko.pl
  191. azlog.usi.olecko.pl
  192. audio.bmbets.olecko.pl
  193. ateli.hytera.olecko.pl
  194. astur.jumbo.olecko.pl
  195. ashta.appriver.olecko.pl
  196. artio.amazeelabs.olecko.pl
  197. antic.amazeelabs.olecko.pl
  198. aneca.appriver.olecko.pl
  199. analp.ctvwm.olecko.pl
  200. amazi.amazeelabs.olecko.pl
  201. allac.mix-computer.olecko.pl
  202.  
  203. END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!