Sponsored by..

Showing posts with label Network Operations Center. Show all posts
Showing posts with label Network Operations Center. Show all posts

Wednesday 14 May 2014

One. Two. Three. Network Operations Center hosting things as bad as can be.

Network Operations Center don't exactly have a glowing reputation of cleanliness when it comes to malware. These following IPs and hosts seem to be distributing something nasty which appears to be injected into victim sites.

I don't have a good analysis of what is going on at the moment, so you'll just have to take my word for it at the moment. The activity has been observed on the following Network Operations Center IP addresses over the past few days:

64.120.207.252
66.96.246.135
66.197.241.194
173.212.223.243
184.22.149.175
184.22.149.176
184.22.149.177
184.22.149.178
184.82.38.54
209.159.153.171
209.159.153.186

A lot of these IPs are connected with things like porn sites, but they also have a number of malicious subdomains in the form .one .two and .three on them. You can safely assume that the domains themselves are malicious (listed as the end of the post if you want to block them). Malicious subdomains spotted are:

one.odpewnvd.biz
two.odpewnvd.biz
three.odpewnvd.biz
one.jldywencp.biz
three.jldywencp.biz
one.gdliiitra.biz
two.gdliiitra.biz
three.gdliiitra.biz
one.dkjeeeielv.biz
two.dkjeeeielv.biz
three.dkjeeeielv.biz
one.kleionrtue.biz
two.kleionrtue.biz
one.jhvbhvhch.biz
three.jhvbhvhch.biz
one.fnfgcngjhv.biz
two.fnfgcngjhv.biz
three.fnfgcngjhv.biz
one.khvvkhvchk.biz
two.khvvkhvchk.biz
three.khvvkhvchk.biz
one.hgvjhvjhvjh.biz
two.hgvjhvjhvjh.biz
three.hgvjhvjhvjh.biz
one.jhvjhvhvhjv.biz
two.jhvjhvhvhjv.biz
three.jhvjhvhvhjv.biz
one.kguukgukigk.biz
two.kguukgukigk.biz
three.kguukgukigk.biz
one.khvkhvkhvkjv.biz
two.khvkhvkhvkjv.biz
three.khvkhvkhvkjv.biz
one.kjghkjdfjhdc.biz
two.kjghkjdfjhdc.biz
three.kjghkjdfjhdc.biz
one.jhvkjvhfkcykc.biz
two.jhvkjvhfkcykc.biz
three.jhvkjvhfkcykc.biz
one.fdsglj.biz
two.fdsglj.biz
three.fdsglj.biz
one.dfwvdfsk.biz
two.dfwvdfsk.biz
three.dfwvdfsk.biz
one.fderefjfv.biz
two.fderefjfv.biz
three.fderefjfv.biz
one.jdfslfdsgy.biz
two.jdfslfdsgy.biz
one.jhfjgdhfds.biz
two.jhfjgdhfds.biz
three.jhfjgdhfds.biz
one.vfdsgsrgsg.biz
two.vfdsgsrgsg.biz
three.vfdsgsrgsg.biz
one.bfsdmhglsdg.biz
one.fdfjkhfsadv.biz
two.fdfjkhfsadv.biz
three.fdfjkhfsadv.biz
one.fdsfgsgdvsd.biz
two.fdsfgsgdvsd.biz
three.fdsfgsgdvsd.biz
one.hfgkjhkklbj.biz
two.hfgkjhkklbj.biz
three.hfgkjhkklbj.biz
one.khfjhcfhgfk.biz
two.khfjhcfhgfk.biz
three.khfjhcfhgfk.biz
one.vdgbfslgdfs.biz
two.vdgbfslgdfs.biz
three.vdgbfslgdfs.biz
one.vsfbglmldsv.biz
two.vsfbglmldsv.biz
three.vsfbglmldsv.biz
two.jreoplte.biz
three.jreoplte.biz
one.djsliufhgs.biz
two.djsliufhgs.biz
three.djsliufhgs.biz
one.vfknvdwowe.biz
two.vfknvdwowe.biz
one.vfsnjvdsisw.biz
two.vfsnjvdsisw.biz
three.vfsnjvdsisw.biz
one.dwfnkvgd.biz
two.dwfnkvgd.biz
three.dwfnkvgd.biz
one.fewfjisi.biz
two.fewfjisi.biz
three.fewfjisi.biz
one.vcdsknvkds.biz
two.vcdsknvkds.biz
three.vcdsknvkds.biz
one.hfdodiopr.biz
two.hfdodiopr.biz
three.hfdodiopr.biz
one.nchepeweo.biz
two.nchepeweo.biz
three.nchepeweo.biz
one.odhbowdwe.biz
two.odhbowdwe.biz
three.odhbowdwe.biz
one.khvjhv.biz
two.khvjhv.biz
one.hghdswo.biz
two.hghdswo.biz
three.hghdswo.biz
one.jhchgch.biz
two.jhchgch.biz
three.jhchgch.biz
one.dmslcfwq.biz
three.dmslcfwq.biz
one.bjfyteshi.biz
two.bjfyteshi.biz
three.bjfyteshi.biz
three.fdgblkdor.biz
one.hgufkjyvu.biz
two.hgufkjyvu.biz
one.hgvhfdesl.biz
two.hgvhfdesl.biz
three.hgvhfdesl.biz
one.berzaoli.biz
two.berzaoli.biz
three.berzaoli.biz
one.guilerty.biz
two.guilerty.biz
three.guilerty.biz
one.nertriko.biz
two.nertriko.biz
three.nertriko.biz
one.hutyerfliop.biz
two.hutyerfliop.biz
three.hutyerfliop.biz
one.kiortnion.biz
two.kiortnion.biz
three.kiortnion.biz
one.mdfckel.biz
two.mdfckel.biz
three.mdfckel.biz
one.dfioptie.biz
two.dfioptie.biz
three.dfioptie.biz
one.kdifpewiofg.biz
two.kdifpewiofg.biz
three.kdifpewiofg.biz
two.jlopirtdsmncx.biz

Recommended blocklist:
64.120.207.252
66.96.246.135
66.197.241.194
173.212.223.243
184.22.149.175
184.22.149.176
184.22.149.177
184.22.149.178
184.82.38.54
209.159.153.171
209.159.153.186
odpewnvd.biz
jldywencp.biz
gdliiitra.biz
dkjeeeielv.biz
kleionrtue.biz
jhvbhvhch.biz
fnfgcngjhv.biz
khvvkhvchk.biz
hgvjhvjhvjh.biz
jhvjhvhvhjv.biz
kguukgukigk.biz
khvkhvkhvkjv.biz
kjghkjdfjhdc.biz
jhvkjvhfkcykc.biz
fdsglj.biz
dfwvdfsk.biz
fderefjfv.biz
jdfslfdsgy.biz
jhfjgdhfds.biz
vfdsgsrgsg.biz
bfsdmhglsdg.biz
fdfjkhfsadv.biz
fdsfgsgdvsd.biz
hfgkjhkklbj.biz
khfjhcfhgfk.biz
vdgbfslgdfs.biz
vsfbglmldsv.biz
jreoplte.biz
djsliufhgs.biz
vfknvdwowe.biz
vfsnjvdsisw.biz
dwfnkvgd.biz
fewfjisi.biz
vcdsknvkds.biz
hfdodiopr.biz
nchepeweo.biz
odhbowdwe.biz
khvjhv.biz
hghdswo.biz
jhchgch.biz
dmslcfwq.biz
bjfyteshi.biz
fdgblkdor.biz
hgufkjyvu.biz
hgvhfdesl.biz
berzaoli.biz
guilerty.biz
nertriko.biz
hutyerfliop.biz
kiortnion.biz
mdfckel.biz
dfioptie.biz
kdifpewiofg.biz
jlopirtdsmncx.biz