[nsp-sec] ack Re: probably compromised web sites

Tom Fischer tfischer at bfk.de
Fri Mar 21 05:08:28 EDT 2008 

Hi,

On Thu, Mar 20, 2008 at 02:14:22PM -0500, Paul Dokas wrote:
[...]
> Basically, they're building the URLs on the fly based on the date.

yep

[...]
2008-03-03      hwn3thr.com
2008-03-06      ful1thr.com
2008-03-09      ccfathr.com
2008-03-13      gbqpthr.com
2008-03-16      hhipthr.com
2008-03-20      bgidthr.com

It's probably a good idea to monitor/null route the following 
domain names which will be used in the future ...

2008-03-21	bgidthr.com
2008-03-22	bgidthr.com
2008-03-23	incdthr.com
2008-03-24	incdthr.com
2008-03-25	incdthr.com
2008-03-26	incdthr.com
2008-03-27	glasthr.com
2008-03-28	glasthr.com
2008-03-29	glasthr.com
2008-03-30	dsusthr.com
2008-03-31	dsusthr.com
2008-04-01	fgv2fir.com
2008-04-02	fgv2fir.com
2008-04-03	fgv2fir.com
2008-04-04	fgv2fir.com
2008-04-05	fgv2fir.com
2008-04-06	grgjfir.com
2008-04-07	grgjfir.com
2008-04-08	grgjfir.com
2008-04-09	grgjfir.com
2008-04-10	cds5fir.com
2008-04-11	cds5fir.com
2008-04-12	cds5fir.com
2008-04-13	fqsyfir.com
2008-04-14	fqsyfir.com
2008-04-15	fqsyfir.com
2008-04-16	fqsyfir.com
2008-04-17	fbcmfir.com
2008-04-18	fbcmfir.com
2008-04-19	fbcmfir.com
2008-04-20	epemfir.com
2008-04-21	epemfir.com
2008-04-22	epemfir.com
2008-04-23	epemfir.com
2008-04-24	eaoafir.com
2008-04-25	eaoafir.com
2008-04-26	eaoafir.com
2008-04-27	hnoafir.com
2008-04-28	hnoafir.com
2008-04-29	hnoafir.com
2008-04-30	hnoafir.com
2008-05-01	ces2vif.com
2008-05-02	ces2vif.com
2008-05-03	ces2vif.com
2008-05-04	fhv5vif.com
2008-05-05	fhv5vif.com
2008-05-06	fhv5vif.com
2008-05-07	fhv5vif.com
2008-05-08	frf3vif.com
2008-05-09	frf3vif.com
2008-05-10	frf3vif.com
2008-05-11	cyzmvif.com
2008-05-12	cyzmvif.com
2008-05-13	cyzmvif.com
2008-05-14	cyzmvif.com
2008-05-15	iklavif.com
2008-05-16	iklavif.com
2008-05-17	iklavif.com
2008-05-18	heravif.com
2008-05-19	heravif.com
2008-05-20	heravif.com
2008-05-21	heravif.com
2008-05-22	dpdpvif.com
2008-05-23	dpdpvif.com
2008-05-24	dpdpvif.com
2008-05-25	awipvif.com
2008-05-26	awipvif.com
2008-05-27	awipvif.com
2008-05-28	awipvif.com
2008-05-29	cjwdvif.com
2008-05-30	cjwdvif.com
2008-05-31	cjwdvif.com
2008-06-01	bob2xes.com
2008-06-02	bob2xes.com
2008-06-03	bob2xes.com
2008-06-04	bob2xes.com
2008-06-05	bob2xes.com
2008-06-06	bob2xes.com
2008-06-07	bob2xes.com
2008-06-08	annvxes.com
2008-06-09	annvxes.com
2008-06-10	annvxes.com
2008-06-11	annvxes.com
2008-06-12	anajxes.com
2008-06-13	anajxes.com
2008-06-14	anajxes.com
2008-06-15	dbajxes.com
2008-06-16	dbajxes.com
2008-06-17	dbajxes.com
2008-06-18	dbajxes.com
2008-06-19	byyyxes.com
2008-06-20	byyyxes.com
2008-06-21	byyyxes.com
2008-06-22	camyxes.com
2008-06-23	camyxes.com
2008-06-24	camyxes.com
2008-06-25	camyxes.com
2008-06-26	axkmxes.com
2008-06-27	axkmxes.com
2008-06-28	axkmxes.com
2008-06-29	dlkmxes.com
2008-06-30	dlkmxes.com
2008-07-01	imy2ves.com
2008-07-02	imy2ves.com
2008-07-03	imy2ves.com
2008-07-04	imy2ves.com
2008-07-05	imy2ves.com
[...]

-- 
Tom Fischer
BFK edv-consulting GmbH                  tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99

More information about the nsp-security mailing list