Sponsored by..

Friday 10 May 2013

Something evil on 151.248.123.170, Part IV

Here are some additional malicious domains from a very evil malware server on 151.248.123.170 (Reg.ru, Russia) are below. Previous lists (and background details) can be found here, here and here or you can download a full list of everything that I can find here [.txt]. This server is currently being used as the payload for injection attacks. Blocking the IP address is the obvious solution, or you could block the Dynamic DNS domains listed here.

3yt0jehx.servegame.com
6lmzegl7jj.servehttp.com
adxavajjss.myfw.us
ardemk.ns01.info
atiptpl.youdontcare.com
aystezsbvv.ns3.name
azukkxsrhm.dns04.com
bfgnjgjh.youdontcare.com
bnleiuyl.ddns.ms
btdclrl.mypicture.info
btsuqbkqoe.dsmtp.com
btzifwhflrzb.myfw.us
butgkyij.otzo.com
bxtqsq.organiccrap.com
camajdawmue.myfw.us
cggkfma.youdontcare.com
cmmwdypmy.port25.biz
csanogftz.myfw.us
ctrdsxpssh.youdontcare.com
d8kcyl0.no-ip.org
dhslkorcd.xxuz.com
edbtet.serveusers.com
eiqimwf.dns04.com
enndcddwjm.myfw.us
eqdjbeayx.ocry.com
esqiuut.jetos.com
etfozjyin.ikwb.com
fiwhqxobce.mypicture.info
fkmfvunrg.ocry.com
foibgxnhdt.4pu.com
fpybosb.ikwb.com
ftrlndi.ddns.us
gbhccehuj.otzo.com
gjkfowknws.mefound.com
gjqviesu.ftpserver.biz
gmxpdggub.mypicture.info
gqqwww.ftpserver.biz
gsddwknxgy.port25.biz
hhzodla.mefound.com
hizkpthkgf.xxuz.com
hjywvtg.ddns.us
hm193zqtcj.servebeer.com
hwybsmavbo.serveusers.com
itblzdut.ns01.info
itqzzww.dynamicdns.biz
iwtppvsfp.dynamic-dns.net
ixpoohstcli.myfw.us
jpistkhteo.dns04.com
jqeseobut.myfw.us
jrlqjz.ikwb.com
jviwdlsku.4mydomain.com
jxgpwnesm.ddns.us
knltqeeg.freeddns.com
korvrno.organiccrap.com
kozdeh.freeddns.com
ljpeornds.otzo.com
lqsbwfyzmw.myddns.com
lwfmuxq.ns3.name
mfvfcpcpw.ns3.name
miqejhn.mysecondarydns.com
mnlabo.myddns.com
nfzpmqnl.freeddns.com
nmxnyb.jetos.com
nqhddxtcq.dynamicdns.biz
nqzyjpe.freeddns.com
nzzts4z.serveftp.com
oejaysgvlk.4mydomain.com
omupisrv.changeip.org
opbipfxgni.xxuz.com
orypbk.xxuz.com
pceqiij.jetos.com
pdfdahhm.youdontcare.com
pghdqfaoqnpp.myfw.us
pjxkfgps.myddns.com
ptwnvmxgwd.lflinkup.net
puhwzk.mysecondarydns.com
qbcbhwk.jetos.com
qezmcexxws.myddns.com
qzjrom.otzo.com
r5nejrnp.no-ip.org
rccvuohpolsv.myfw.us
rfpixnn.4mydomain.com
rjwixpi.4mydomain.com
rqfqjt.ikwb.com
rsswzmvu.ns02.us
sfaabl.ftpserver.biz
slpeeasssq.ns01.info
sp71jz.myvnc.com
sqwlqgtoh.ns02.us
svoqg5.servehttp.com
tandpmh.organiccrap.com
tfrjskfdc.4pu.com
thiwckoba.ns3.name
tkugnsl.ns3.name
tnbfgoejiu.itemdb.com
udaxsafajq.mysecondarydns.com
udesetsuzpw.myfw.us
uesltoru.lflinkup.net
uiyxxb.dsmtp.com
uqqkechgc.xxuz.com
uvhshmzndy.mefound.com
uycwvwvkh.mefound.com
uyieev.ddns.us
v9obnjp76.3utilities.com
veiamew.4pu.com
vghvghtlrd.dns04.com
vhgnxpjm.organiccrap.com
vhrikjzccavv.myfw.us
vszwte.otzo.com
waimkiuvkn.dsmtp.com
wfjpjammn.ftpserver.biz
wjweiv.itemdb.com
wmjaar.ns01.biz
wmlxuylh.changeip.org
wndjsagu.4mydomain.com
woltpys.ddns.us
wpdnbsnc.xxuz.com
wsuzzrvwvqte.myfw.us
wyohroerl.dsmtp.com
xtphpm.ninth.biz
yhuqgylpyrl.myfw.us
ynghww.changeip.org
yqmfxylyoo.mysecondarydns.com
yqrhrd.port25.biz
yyelgsss.freeddns.com
zborhzxkvk.myfw.us
zemqzpslt.ninth.biz
zlkhlz.organiccrap.com
zyxzfwosnyu.myfw.us

No comments: