Sponsored by..

Monday 13 May 2013

Something evil on 188.241.86.33

188.241.86.33 (Megahost, Romania) is a malware server currently involved in injection attacks, serving up the Blackhole exploit kit, Zbot and a side order of Cdorked [1] [2].

This IP hosts a variety of domains, some of which are purely malicious, some of which are hijacked subdomains of legitimate ones. Blocking the IP address is the easiest approach, else I would recommend blocking all the domains that are being abused:

01libertynet.fr.fo
0-film.com
100girlsfree.com
365conseils.net
4unblock.info
5becquet.fr.fo
6x0.fr
7eebr.com
8-cents.com
8cents.fr.fo
a2smadagascar.mg
abc-maroc.com
abcm-jeanpetit.eu
aberkane.org
abjworld.com
abkari.fr
abkaribrahem.com
abousajid.net
abshore.com
acabimport.fr
acajb.org
acgl-congo.com
acgl-congo.fr
achacunsoncartable.com
acl-africa.com
actionalternance.fr
activbold.com
acts42.fr
actu-assurance.com
actubuntu.fr.fo
actu-minecraft.com
garmonyoy.eu
gmzuwr.ru
harmonyoy.eu
hrgvrl.ru
kinyng.ru
luiwmt.ru
ntdsapi.com
ntimage.net
ntmsapi.net
olpnso.ru
pastaoyto.eu
piparse.com
plustab.net
polstore.net
puntooy.eu
pvzvnp.ru
rvwwko.ru
tpxhpz.ru
trlnps.ru
zuihwg.ru
zuknsr.ru

The full list of malicious domains that I can find are below, although I would not expect these to be comprehensive:
040071c6fea7a5bb.365conseils.net
040071c6fea7a5bb01510713050515418167059c09c0824647b0d28469f9a86.365conseils.net
0433a1152ec475d801921313051101474089711298c7e6a1fd7545bc5552d41.achacunsoncartable.com
0433a1152ec475d811601613051104237096368adea8ce55a82f4544fbc01c0.achacunsoncartable.com
0488a1ee2eff75e301425213050201233048184bab90de52abca095e43c0e9e.0-film.com
04bb718dfefca5e0.5becquet.fr.fo
04bb718dfefca5e001607913050610062053256cc4d0ecce785bc8e30493292.5becquet.fr.fo
04cc71bafe5ba5470150421305111855518829847e724828b3c53aec8153583.acts42.fr
157790811f40445c.acajb.org
157790811f40445c01601013051008229123947a4ec000bad7503601a8b8345.acajb.org
157790811f40445c016138130510070780741784317a42a2bccfff6c9b9b979.acajb.org
157790811f40445c019162130510065681946385f315786814d0cea69ce8664.acajb.org
15bba06d2f1c7400.6x0.fr
15bba06d2f1c740001620213050615286119192adfefaf19e4e8a5586a6dd7e.6x0.fr
15ff3069bf78e464.01libertynet.fr.fo
15ff3069bf78e4640110311305011655920288060206a1a1261478459ff3e75.01libertynet.fr.fo
15ff3069bf78e4640142371305011633812870254adfea351ba45ccd84b6ed9.01libertynet.fr.fo
15ffa0792ff874e4.8-cents.com
15ffa0e92f18740401401013051215157128702d9606903880327e698feccbe.actu-minecraft.com
15ffa0e92f1874040141021305121800510682957d930ed7606e94e5678e741.actu-minecraft.com
15ffa0e92f187404014185130512171461299704fdc6792b87c632c2dc8ea0b.actu-minecraft.com
260093561ce747fb.abousajid.net
260093561ce747fb0140101305091529613535950ae91792a9d74ca508e99ad.abousajid.net
260093561ce747fb01603113050915274112535b852cc96df15044d0c5bab97.abousajid.net
26bb633dec4cb75001620213050607357124264d8f6315b9f394ea624df9b66.4unblock.info
26bb633dec4cb75011613913050607052045014adf4c310b3e0bdc47f2861d7.4unblock.info
26bb633dec4cb750116139130506075451302874ade020351e0c39fd5a78c27.4unblock.info
26cc33cabc2be737.actionalternance.fr
26cc33cabc2be73701612213051111086088443c09a6c2cac05c63f7129fe6a.actionalternance.fr
26cc33cabc2be73711601013051110582102074d8f6315c81c1d1cdcd96f60e.actionalternance.fr
26ff93b91cb847a4.100girlsfree.com
26ffa3892c787764019185130512123091695955dc240716cf6878a05b14ee3.actu-minecraft.com
378852cedd4f8653015013130507031910377234406e79b09f6cd6bc3f531b4.8-cents.com
3788a28e2d1f760301404913050802257090662bc33361ff65bce2fa3130839.8cents.fr.fo
40bb751dfa9ca180.8-cents.com
517794411bd040cc.100girlsfree.com
620007168887d39b0141851305072124915913454b8c0a26fb88da3bde7a868.8-cents.com
620007168887d39b01918513050722262103342525b024b1b95bf7573a67195.8-cents.com
623307c58864d378.abc-maroc.com
62333795a894f38801400913051305512080201a47fe7464fbbe561520e01bc.actu-minecraft.com
62333795a894f38801603113051303131041527adf4c310ff3253949005312c.actu-minecraft.com
62446762e8c3b3df.a2smadagascar.mg
62ff57f9c8f893e4.actu-minecraft.com
7344966219c342df.aberkane.org
73cca65a29eb72f7.abshore.com
73cca65a29eb72f701512413050919272107463ccba6e6189fc6986eb8f2d7c.abshore.com
73cca65a29eb72f701601013050919063097002c09c2522cddbf7f407171835.abshore.com
73ff2629a9d8f2c4.actu-minecraft.com
73ff2629a9d8f2c4014010130512092430878098d3a2e5e755dff1f2afa2bf8.actu-minecraft.com
73ffc65949981284.100girlsfree.com
8c443932b693ed8f11601013050822381104927d18d35b903767ba446417aca.aberkane.org
8cffe9c966783d64.abkaribrahem.com
8cffe9c966783d6401401013050909354101757b20d50dc4a53c3f60028ce42.abkaribrahem.com
8cffe9c966783d64015129130509101070859078f510042f6ec44d7e433dae2.abkaribrahem.com
9d3358f5d7848c98.7eebr.com
9d3358f5d7848c9801120213050617401078933d8645f3e106c2cfc1598a843.7eebr.com
9d7718418740dc5c.actu-minecraft.com
9d77b8b137606c7c.acgl-congo.fr
9d77b8b137606c7c01512913051017572124898c056644eb855f5a4b166d2b9.acgl-congo.fr
9d88a81e27af7cb3.abkaribrahem.com
9dbb984d17cc4cd01160101305062232917783743db39d1cf46f37b436dd266.8-cents.com
9dbbb80d37ac6cb0015186130508121671023918f51f80188036111f6dc1f72.a2smadagascar.mg
aeff6b49e4a8bfb4015258130512004781489908ea4b42446e65516bff5ab95.actu-assurance.com
aeff6b49e4a8bfb411601613051200491038674c7b4814aa786570ce3c5098f.actu-assurance.com
bf008a6605f75eeb014010130507173520947835ffc0f0fb081b68065c7e066.8-cents.com
bf008a6605f75eeb01412613050720045090345594f60a636367054ee54e604.8-cents.com
bf33fa7575d42ec8.abc-maroc.com
bf33fa7575d42ec801401013050814009075129bad428136689be7a7da2e9cb.abc-maroc.com
bf33fa7575d42ec8014086130508152020843224d40b5b7505fae9f56aea685.abc-maroc.com
bf33fa7575d42ec801510713050813215101440d61264b31e2cab4662a78b84.abc-maroc.com
bf33fa7575d42ec8016010130508150860906628cb9bce1fcee0c3f22846b31.abc-maroc.com
bf77da9155000e1c.100girlsfree.com
bfbbfaed65ec3ef0.100girlsfree.com
bfccba4a359b6e87.acgl-congo.com
bfccba4a359b6e87014075130510163331172904d4082d81aa81553b5898a2f.acgl-congo.com
bfccba9a259b7e87014010130512212151534285c4d64918e520db9a4a99c7a.actu-minecraft.com
c833cdf542641978.8-cents.com
c833cdf54264197801423713050716106092564c3e2cfb86aac81596dd164e8.8-cents.com
c833cdf542641978019037130507161140855905a1d39c59b9e2e19868866db.8-cents.com
c833fd7572942988014075130511135972133414d40dcf123ee454bb96f2478.activbold.com
c8777de1f220a93c.acajb.org
c8777de1f220a93c014237130510094241134864ffcf0d244b3e0d591c517c2.acajb.org
c8777de1f220a93c114181130510110690897115be0c137c3bfca9956675ebe.acajb.org
c8778d3102a059bc.100girlsfree.com
c8bbfd5d72ec29f0.100girlsfree.com
c8cc1d7a928bc997.actu-minecraft.com
c8cc1d7a928bc9970160931305121954723299543db39d15a4534253bd539f9.actu-minecraft.com
c8cc2deaa26bf977.8-cents.com
c8cc2deaa26bf97701112913050712338147722412926bcc5c4907c1308b240.8-cents.com
c8cc2deaa26bf9770140251305071408106561954a1b95da26542af79a4589c.8-cents.com
c8cc2deaa26bf977016185130507134131011234162579342dbc1f47b4f7fd2.8-cents.com
c8ff1d1992d8c9c4.acgl-congo.com
c8ff1d1992d8c9c401410113051011536170546863d58f33f68331b59ea7c90.acgl-congo.com
c8ff1d1992d8c9c401502213051013158117290d619001d01efd2a3e1b3f29b.acgl-congo.com
d900ac1623d778cb.acabimport.fr
d9442c22a383f89f01408613050902089060547bb26d67892ae078d34f997c1.abjworld.com
d9772c61a390f88c.100girlsfree.com
d9777cd1f360a87c.abkari.fr
d9bb3cfdb36ce870.8cents.fr.fo
d9cc9c8a137b4867.actubuntu.fr.fo
ea003fc6b017eb0b.acl-africa.com
ea003fc6b017eb0b0140551305110632611348655c9f49488e5a4ecb8292208.acl-africa.com
ea33af4520847b9811601013051002514098270cc4d0ed8f39b52f8e725fadc.acabimport.fr
ea776f71e0c0bbdc.abkari.fr
ea776f71e0c0bbdc01401013050912097090662863d2ab4a57e7f0a96b25cf1.abkari.fr
ea776f71e0c0bbdc01920213050913332090345d02caa653dae6865511b8036.abkari.fr
ea885f2ed0bf8ba301620213050804177079250c7c38ecdab30e8e836a60be8.8cents.fr.fo
ea885f2ed0bf8ba301620213050804285084005d073cf45420d7a00dd3d73a2.8cents.fr.fo
ea885f2ed0bf8ba311601013050802399148356d812e2a73d403f9c106d463c.8cents.fr.fo
ea886f6ee0efbbf3.8-cents.com
eacc6f4ae0ebbbf7.abcm-jeanpetit.eu
eacc6f4ae0ebbbf701401013050819143098587bcc05684f8eaabdbf34aacb5.abcm-jeanpetit.eu
eacc6f4ae0ebbbf7014098130508182081375786dd748438ddc6d700470919b.abcm-jeanpetit.eu
eacc6f4ae0ebbbf711601013050818299170546cc4d0ecc24766a4257413c24.abcm-jeanpetit.eu
fbbb6e6de11cba00.5becquet.fr.fo
fbbb6e6de11cba0011601013050614153074812c6661d86385ba30356756c7e.5becquet.fr.fo
garmonyoy.eu
gmzuwr.ru
harmonyoy.eu
hrgvrl.ru
kinyng.ru
luiwmt.ru
ntdsapi.com
ntimage.net
ntmsapi.net
olpnso.ru
pastaoyto.eu
piparse.com
plustab.net
polstore.net
puntooy.eu
pvzvnp.ru
rvwwko.ru
tpxhpz.ru
trlnps.ru
zuihwg.ru
zuknsr.ru

No comments: