[nsp-sec] malicious websites - honeyclient discovered

Jose Nazario jose at arbor.net
Thu Jul 24 09:31:31 EDT 2008 

via the honeyclient project run by kathy wang (MITRE), analyzing links in 
a spam feed.

Bulk mode; whois.cymru.com [2008-07-24 13:30:14 +0000]
16245   | 83.221.139.250   | hxxp://cabesirano.dk/start.html | NGDC NetGroup DataCenter A/S - ngdc.net
12741   | 81.219.9.82      | hxxp://cafe-sukiennice.krakow.pl/index1.php | INTERNETIA-AS Netia SA
5606    | 212.146.105.156  | hxxp://coralis.ro/index1.php | KQRO KPNQwest Romania AS
15699   | 212.36.75.195    | hxxp://decoviccolor.es/begin.html | AS_ADAM ADAM Datacenter - www.adam.es
6724    | 81.169.145.74    | hxxp://grusson-verlag.de/begin.html | STRATO Strato AG
12363   | 195.110.124.133  | hxxp://hardtime.it/begin.html | DADA-AS DADA S.p.a.
8560    | 87.106.169.132   | hxxp://homawoo.net/index1.php | ONEANDONE-AS 1&1 Internet AG
12363   | 195.110.124.133  | hxxp://hotelmonacomima.com/begin.html | DADA-AS DADA S.p.a.
16265   | 83.149.76.60     | hxxp://kcmb.webd.pl/index1.php | LEASEWEB LEASEWEB AS
8560    | 82.165.79.106    | hxxp://meine-augen-blicke.de/index1.php | ONEANDONE-AS 1&1 Internet AG
12363   | 195.110.124.133  | hxxp://ninobianchi.it/begin.html | DADA-AS DADA S.p.a.
12363   | 195.110.124.188  | hxxp://nuovacifet.it/begin.html | DADA-AS DADA S.p.a.
12363   | 195.110.124.133  | hxxp://pelledilunaalassio.it/begin.html | DADA-AS DADA S.p.a.
12363   | 195.110.124.133  | hxxp://rail-cons.com/begin.html | DADA-AS DADA S.p.a.
6939    | 208.85.36.126    | hxxp://reperca.com/t/c/23935/k1/sz59365.html | HURRICANE - Hurricane Electric
26753   | 65.61.216.173    | hxxp://thebackporchband.com/start.html | IN2NET-NETWORK - In2net Network Inc.
3313    | 212.239.28.27    | hxxp://umbertomelli.it/begin.html | INET-AS I.NET S.p.A.
29802   | 74.50.114.134    | hxxp://uyduantenservis.com/index1.php | HVC-AS - HIVELOCITY VENTURES CORP
15699   | 212.36.74.28     | hxxp://welovespain.net/begin.html | AS_ADAM ADAM Datacenter - www.adam.es
4755    | 203.199.107.106  | hxxp://www.akvnjbp.com/start.html | VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System
8220    | 62.85.163.207    | hxxp://www.campodifiori.it/begin.html | COLT COLT Telecommunications
20718   | 217.76.130.51    | hxxp://www.galeriaeude.com/start.html | AS_ARSYS-EURO-1 arsys.es
20718   | 217.76.130.179   | hxxp://www.ikasbidea.net/start.html | AS_ARSYS-EURO-1 arsys.es
6724    | 81.169.145.195   | hxxp://www.kalcum.de/begin.html | STRATO Strato AG
6724    | 81.169.145.223   | hxxp://www.lionia.de/start.html | STRATO Strato AG
26753   | 65.61.216.172    | hxxp://www.m-greenery.com/start.html | IN2NET-NETWORK - In2net Network Inc.
6724    | 81.169.145.195   | hxxp://www.pg-gast-daten.de/start.html | STRATO Strato AG
25074   | 213.203.212.86   | hxxp://www.scorpiphone.com/index1.php | INETBONE-AS INET-People Provider Services
8560    | 82.165.113.61    | hxxp://www.wwkirche.de/begin.html | ONEANDONE-AS 1&1 Internet AG


various droppers and attacks.

-- 
-------------------------------------------------------------
jose nazario, ph.d.     <jose at arbor.net>
security researcher, office of the CTO,  arbor networks
v: (734) 821 1427 	      http://asert.arbornetworks.com/

More information about the nsp-security mailing list