46.8.14.154 (Netart Group S.r.o. / Movenix International Inc) forms part of an exploit chain that starts with compromised OpenX servers and appears to end up with an exploit kit of some sort.
The following subdomains have been active on that server, they are ALL hijacked GoDaddy domains:
band.animagraphic.net
casual.animagraphics.org
emissions.usanicotinebiz.com
family.animagraphics.com
format.animagraphics.net
george.animagraphics.net
hunger.usanicotinenow.com
indictment.animagraphic.net
interest.animagraphics.org
keeps.animagraphics.net
nearest.zeezoarticles.com
overwhelmingly.ecigvv.com
revolt.animagraphics.biz
south.animagraphics.com
tests.animagraphics.net
textile.animagraphics.org
this.animagraphics.net
transplant.madvapor.com
floatingtpoint.vzeliquid.com
delivering.animagraphics.biz
week.animagraphics.biz
speaks.animagraphics.biz
automobile.animagraphics.biz
herself.vvmod.com
obtained.vzmod.com
unixtbased.ecigvv.com
transplant.madvapor.com
metric.animagraphics.com
norway.animagraphics.com
plays.nicotinegiant.com
majority.usanicotinenow.com
underground.usanicotinenow.com
o.animagraphic.net
costs.animagraphic.net
illinois.animagraphic.net
rape.animagraphics.net
usable.animagraphics.net
presents.animagraphics.net
upper.hotzonenow.com
Domains spotted so far with malicious subdomains:
animagraphics.org
usanicotinebiz.com
animagraphics.com
animagraphics.net
usanicotinenow.com
zeezoarticles.com
ecigvv.com
animagraphics.biz
madvapor.com
vzeliquid.com
vvmod.com
vzmod.com
madvapor.com
nicotinegiant.com
hotzonenow.com
The best thing to do is to block traffic to 46.8.14.154 because these domains seem to change every few minutes.
No comments:
Post a Comment