// =================================== // #MalwareMustDie - Tango Down Report // The cleanup domains based on // Malicious Evil NS. // Credit: Great work by @essachin // And thank's to the all friends to help // following this huge case. // =================================== ====================== OCT 2012 Tango's ====================== base: h00p://bgp.he.net/net/208.88.224.0/22#_dns 208.88.226.230 208.88.226.231 18-Oct-2012 truesamuraidns.com ns1.truesamuraidns.com ns2.truesamuraidns.com PrivacyProtect.org 21-Oct-2012 samuraidns.com ns1.samuraidns.com ns2.samuraidns.com PrivacyProtect.org 22-Oct-2012 / 10-Mar-2010 fastgreendns.com ns1.fastgreendns.com ns2.fastgreendns.com PrivacyProtect.org DELETED/Re-Created 23-Oct-2012 astrotester.com dd1.astrotester.com dd2.astrotester.com PrivacyProtect.org 26-Oct-2012 silentpentest.com ww1.silentpentest.com ww2.silentpentest.com PrivacyProtect.org 28-Oct-2012 prettydik.net dd1.prettydik.net dd2.prettydik.net PrivacyProtect.org ====================== NOV 2012 Tango's ====================== Lead: DI_25137881 Sherman Witchlow sherman_witchlow27@hotbot.com Lead: DI_25143418 Raymond Richman raymond_richman798@usa.net 19-Nov-2012 11:31:43 UTC degreeswiftly.pro 178.162.134.205 ns1.7domaindns.com ns2.7domaindns.com AddPeriod/Suspended 19-Nov-2012 13:15:36 UTC pqdefywsxova.org 149.154.67.103 ns1.7domaindns.com ns2.7domaindns.com AddPeriod/Suspended 19-Nov-2012 14:51:09 UTC texturesbusinesslevel.in 198.23.139.199 ns1.7domaindns.com ns2.7domaindns.com AddPeriod/Suspended 19-Nov-2012 15:26:25 UTC dampsuccessive.pro Same Registrant ns1.7domaindns.com ns2.7domaindns.com AddPeriod/NOT-Active 23-Nov-2012 22:07:44 UTC alliedarticle.pro 94.250.251.61 ns1.7domaindns.com ns2.7domaindns.com AddPeriod/NOT-Active 24-Nov-2012 10:00:00 UTC circlingpsdm.pro 37.9.55.128 ns1.7domaindns.com ns2.7domaindns.com AddPeriod/NOT-Active DI_25137881 Sherman Witchlow sherman_witchlow27@hotbot.com 25-Nov-2012 07:42:33 UTC jeffyes.pro ns1.7domaindns.com ns2.7domaindns.com AddPeriod/Suspended 26-Nov-2012 16:25:25 UTC startstopconcise.info 37.9.55.128 ns1.7domaindns.com ns2.7domaindns.com AddPeriod DI_25143418 Raymond Richman raymond_richman798@usa.net 19-Nov-2012 cardmunchsantiviruses.net dns1.dns5number.com dns2.dns5number.com TransferProhibited/Deleted 21-Nov-2012 15:53:06 UTC plantronicsgimmick.info dns1.6dnsnumber.com dns2.6dnsnumber.com AddPeriod/TransferProhibited ===================================================== Malicious targets on 7domaindns.com Nameservers ===================================================== 26-Nov-2012 05:35:33 UTC avtestorgsredmond.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 06:35:04 UTC appendstreamingvideo.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 07:41:08 UTC apprenticebootable.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 08:26:00 UTC 887555hotels.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 09:02:37 UTC certainredraws.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 09:02:43 UTC breadwebpages.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 17:01:15 UTC alternativesignatures.info ns1.7domaindns.com ns2.7domaindns.com 26-Nov-2012 17:40:55 UTC blimpssinglewindow.info ns1.7domaindns.com ns2.7domaindns.com : collaborativenowpublic.info ns1.7domaindns.com ns2.7domaindns.com : consolidatednoah.info ns1.7domaindns.com ns2.7domaindns.com : culllogically.info ns1.7domaindns.com ns2.7domaindns.com : databasesaboard.info ns1.7domaindns.com ns2.7domaindns.com : decidesinterfaces.org ns1.7domaindns.com ns2.7domaindns.com : deferdoc.org ns1.7domaindns.com ns2.7domaindns.com : digitalaudiolightning.info ns1.7domaindns.com ns2.7domaindns.com : directshowcompatibleexpire.info ns1.7domaindns.com ns2.7domaindns.com : employedstats.info ns1.7domaindns.com ns2.7domaindns.com : eudoratimeport.info ns1.7domaindns.com ns2.7domaindns.com : excerptgrids.info ns1.7domaindns.com ns2.7domaindns.com : explainedmysql.info ns1.7domaindns.com ns2.7domaindns.com : findsfourth.info ns1.7domaindns.com ns2.7domaindns.com ================================================================== Additionals Malware domains detected =================================================================== fromprison.info ns1.7domaindns.com ns2.7domaindns.com greentintedsesame.info ns1.7domaindns.com ns2.7domaindns.com grewvigilant.info ns1.7domaindns.com ns2.7domaindns.com handwriteperspective.info ns1.7domaindns.com ns2.7domaindns.com hierarchalspeechrecognition.info ns1.7domaindns.com ns2.7domaindns.com improvementsforecasts.info ns1.7domaindns.com ns2.7domaindns.com lightningfastsafe.info ns1.7domaindns.com ns2.7domaindns.com livemochasareas.info ns1.7domaindns.com ns2.7domaindns.com managementbon.org ns1.7domaindns.com ns2.7domaindns.com misseswithin.info ns1.7domaindns.com ns2.7domaindns.com ndceleronbased.info ns1.7domaindns.com ns2.7domaindns.com overcomesaltzman.info ns1.7domaindns.com ns2.7domaindns.com partlydeft.info ns1.7domaindns.com ns2.7domaindns.com payabletags.info ns1.7domaindns.com ns2.7domaindns.com pecanslashes.info ns1.7domaindns.com ns2.7domaindns.com personalbrainsixteentrack.info ns1.7domaindns.com ns2.7domaindns.com photosuiteschools.info ns1.7domaindns.com ns2.7domaindns.com planetsamplifier.info ns1.7domaindns.com ns2.7domaindns.com powerpointjapan.info ns1.7domaindns.com ns2.7domaindns.com projecttricks.info ns1.7domaindns.com ns2.7domaindns.com raidcircuit.info ns1.7domaindns.com ns2.7domaindns.com reamsphotoplus.info ns1.7domaindns.com ns2.7domaindns.com rockliffeincluding.org ns1.7domaindns.com ns2.7domaindns.com IST. sbusinessman.info ns1.7domaindns.com ns2.7domaindns.com sofdoomcomnearest.info ns1.7domaindns.com ns2.7domaindns.com somethingoraclei.org ns1.7domaindns.com ns2.7domaindns.com IST. startstopconcise.info ns1.7domaindns.com ns2.7domaindns.com strandvideostudio.info ns1.7domaindns.com ns2.7domaindns.com stylesheetsits.info ns1.7domaindns.com ns2.7domaindns.com testamentcontributions.info ns1.7domaindns.com ns2.7domaindns.com thickwebroot.info ns1.7domaindns.com ns2.7domaindns.com tieinspreadsheet.info ns1.7domaindns.com ns2.7domaindns.com tstestdirector.info ns1.7domaindns.com ns2.7domaindns.com turnedmiddle.info ns1.7domaindns.com ns2.7domaindns.com vuzesopenlinux.info ns1.7domaindns.com ns2.7domaindns.com webawareincar.info ns1.7domaindns.com ns2.7domaindns.com winzipalttab.info ns1.7domaindns.com ns2.7domaindns.com yuppiebatchmode.info ns1.7domaindns.com ns2.7domaindns.com ============================ EARLY DEC (First Week's) 2012 TANGO's (cannot find time to write / sort this well) ============================ ns2.halflifedns.com ns1.halflifedns.com acrossmanitoba.asia workweekdepending.org plantronicsgimmick.info xcomctrlb.pro instructedtabtastic.org faringkyocera.asia textheavylosing.org withholdingsskill.info slidesrootkitspecific.pro textheavylosing.org associatesgymnastic.asia crossoveriveish.org signaledpm.info watermarkbounded.pro enemiesfocuses.org partnerssitesnonauthorized.asia governingjerk.org comicalcnn.info edgeunleashed.pro batterystreaks.org twoweekupend.asia skylinesemihistorical.org hierarchalspeechrecognition.info songbookterrified.pro allencompassingips.org bringingaward.asia enemiesfocuses.org fromprison.info obitalkcomemptied.pro polarizebit.org tyidentifiable.asia batterystreaks.org twaintodo.info ontracksmodeled.pro activexscrutiny.org confidentunbearable.asia obstacledogcams.org webawareincar.info hotelenrolled.pro geossh.net jumpingjspbased-affiliate.asia allencompassingips.org sociallyenhancedcr.info defaultscanned.pro imolatearrival.net xmlstructurednewegg-affiliate.asia expansivecomplaints.org planetsamplifier.info endtoendgenrebased.pro encodersprovisions.net dialupexisting-affiliate.asia polarizebit.org afarswifter.info shieldphotobased.pro routinesati-affiliate.asia activexscrutiny.org guamnoir.info journeyaspbased.pro usercreatedcross-affiliate.asia cassettesbeauty.org hintqualysguards.info demandingextracted.pro awfullycompliant-affiliate.asia scanpeace.in breadwebpages.info whittlesextracted.pro susesdjay-affiliate.asia impressivestamina.info myobspatches.info sponsordisplayed.pro illustrationsperspective.asia winzipalttab.info tidyingdeficiencies.info bigstepsappsand.pro bargeing.asia transplantmac.info payabletags.info amusingstandard.pro stonealthoughcoloring.asia usabledevicespecific.info loadtimekicks.info cloudbackupgovernmentstandard.pro packingdebug.asia cropchromatic.info futzawakens.info herhe.pro coreldrawscratch.asia accustomstaggered.info testamentcontributions.info lernoutelementsthe.pro 93fjf94jfijrifj.asia curvefiberbased.info mobilkeeps.info peekingtake.pro ratevoicemail.asia aixdbdismissed.info filecopyreminders.info demonstrateddesktoplike.pro aheadmailin.asia lcleutweeted.info bulletinsgathers.info activetrakresponsible.pro additionallyworkgroup.asia smackspinpointed.info wallmountedsubprojects.info alliedarticle.pro suppressiblecaches.asia dualbounce.info tieinspreadsheet.info kinkosfragile.pro charitablesecurities.asia emergencyfree.info grewvigilant.info hoopsvibrate.pro cartoonishpauses.asia reinventedxpthe.info accelerationarrangement.info publicationsgive.pro gorillatoolkit.asia apprenticebootable.info dinherent.info theywmf.pro ergyefficient.asia turnedmiddle.info pricepointtopnot.info faxednotsonicesounding.pro recordingssilent.asia wordcountprofile.info thickwebroot.info technicallyscaling.pro ownereast.asia 3biasi-westerville.info dialectskew.info feelscalling.pro tabbasedcompletist.asia brightadobestyle.info broadcastsalready.info locallyproducedovercoming.pro sorcererphotoyou.asia magicallyscheme.info collaboratenoticeably.info thcenturysplitting.pro wclmicrosoftonly.asia iosbasedmachine.info culllogically.info surfcontrolunderlying.pro qadosiwixe3.org uniqueshipshape.info convinceiosonly.info backwardopenssh.pro rightfullyretina.org startstopconcise.info densepromissory.info officeliketruth.pro instructedtabtastic.org translucentspecialpurpose.info colorcodeantiunity.info pornogoodclick.pro deferdoc.org contrastingkourse.info qadosiwixe4.pro iogdbsxmtk.pro logitechsfed.org infodisseminatinghate.info qadosiwixe45.pro divxperusal.pro pervasivefootage.org frontendrecalculate.info qadosiwixe5.pro killedprocessbaremetal.pro getestore.org storageworksshouldersurfing.info freelancerswsml.pro stutterfreeevil.pro invadeinsecure.org announcementssurfing.info slimmingedirol.pro cookieseither.pro deductedsweatinducing.org serialfrustrating.info sukavsepl.pro consultseither.pro printoutfulllength.info uninterruptedplasma.pro circlingpsdm.pro decimalfilemarker.pro searchsjeani.info faxingkampa.pro speedytrorm.pro dtplower.pro fiveuserdropback.info nereviewsa.pro conducttrain.pro analyticaloptimizer.pro discreetplayback.info slackermetadata.pro sitevalidationbegin.pro trustedtor.pro elasticcasio.pro displacementpublics.pro georgiplatonovswergidon.pro expectationscpr.pro metaappno.pro publicationmydvds.pro highvolumeassociation.pro reportsbonjour.pro manyporno.pro peskiestdevotees.pro dandyapples.pro combiningbridges.pro ================================= Dec 25th Merry X-Mas Tango's NS: ns1.whitedns1.pro IP: 208.88.226.228 ================================= google-analystic-594.org amazon-analystic65.org amazon-analystic95.org google-analystic-356.org javascriptsnapseed.org templeweaves.org junemindjets.org soundedcontent.org 2unchangedantivirus33.com bongacamsss.com whitedns1.pro ns1.whitedns1.pro google-analystic-462.pro amazon-analystic35.pro taipeirazor.pro : (latest news / the list is still in confirmation.. domains related to infector is up to the 120 domains!) ---- #MalwareMustDie - 26Dec,2012