[nsp-sec] ATTN AS 12553 malware hosting
Jose Nazario
jose at arbor.net
Wed Apr 8 15:58:12 EDT 2009
some mal links we found there in the past 24h:
Generated: Wed Apr 8 19:44:11 2009 UTC
Covers 24 hour time period through now.
Malicious Links
URLs contacted by malware during automated analysis.
Timestamp, CC, ASN, IP, URL
1239162783, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/e-9195e8b75202e3e165799/216.jpg"
1239162783, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/12608172a23/216.jpg"
1239162783, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/514119a/216.jpg"
1239162783, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/c210d8c7514/216.jpg"
1239076800, LV, 12553, 94.247.2.215, "hxxp://94.247.2.215/redirect.php"
1239076800, LV, 12553, 94.247.2.215, "hxxp://94.247.2.215/se.exe"
1239076800, LV, 12553, 94.247.2.215, "hxxp://94.247.2.215/"
1239076800, LV, 12553, 94.247.2.216, "hxxp://94.247.2.216/cmd.php"
1239076800, LV, 12553, 94.247.2.215, "hxxp://94.247.2.215/cmd.php"
1239076800, LV, 12553, 94.247.3.74, "hxxp://94.247.3.74/install/ws.zip"
1239076800, LV, 12553, 94.247.2.95, "hxxp://94.247.2.95/40E8001442563766633834653637312D35663532373520626C0000002B66000000007600000642EB000530ABBCCCDE"
1239076800, LV, 12553, 94.247.2.216, "hxxp://94.247.2.216/cmd.php"
1239076800, LV, 12553, 94.247.2.215, "hxxp://94.247.2.215/cmd.php"
1239076800, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/e-9195e8b75202e3e165799/216.jpg"
1239076800, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/12608172a23/216.jpg"
1239076800, LV, 12553, 94.247.2.113, "hxxp://94.247.2.113/werber/514119a/216.jpg"
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list