[nsp-sec] Compromised websites

Thomas Hungenberg th.lab at hungenberg.net
Wed Jul 22 07:10:46 EDT 2009 

Hi teams,

please find below a list of compromised websites that have IFRAMEs
pointing to exploit URLs injected:

3064    | 216.219.156.119  | US | www.neildiamondhomepage.com | AFFINITY-FTL - Affinity Internet, Inc
4134    | 61.174.63.171    | CN | www.yellowurl.cn | CHINANET-BACKBONE No.31,Jin-rong Street
4613    | 202.52.255.39    | NP | www.moe.gov.np  | MOS-NP Mercantile Office Systems
4808    | 218.241.156.205  | CN | www.towndoor.com | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
4837    | 221.10.40.182    | CN | www.travelevery.com | CHINA169-BACKBONE CNCGROUP China169 Backbone
4847    | 218.241.156.205  | CN | www.towndoor.com | CNIX-AP China Networks Inter-Exchange
6805    | 217.188.214.198  | DE | www.nebenverdienst.com | TDDE-ASN1 Telefonica Deutschland Autonomous System
8560    | 82.165.75.100    | DE | www.bigfoot-music.de | ONEANDONE-AS 1&1 Internet AG
9809    | 219.235.241.85   | CN | www.osta.org.cn | NOVANET Nova Network Co.Ltd
9892    | 202.157.165.152  | SG | www.heeren.com.sg | WEBVISIONS-AS-AP Webvisions Pte Ltd
10316   | 66.226.89.239    | US | www.colorblender.com | ABACUS-NET-AS - Abacus America Inc.
15497   | 62.149.12.195    | UA | www.hotsale.ua  | COLOCALL Internet Data Center _ColoCALL_
16265   | 85.17.150.234    | NL | www.ledershop.de | LEASEWEB LEASEWEB AS
18403   | 210.245.86.25    | VN | www.thegioinoithat.vn | FPT-AS-AP The Corporation for Financing & Promoting Technology
21844   | 174.132.165.190  | US | familyoutdoorstore.com | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
25229   | 77.120.99.142    | UA | embassies.vita.ua | VOLIA-AS Volia Autonomous System
25560   | 85.199.177.117   | DE | www.bodelschwingh-schule.de | RHTEC-AS rh-tec IP Backbone
26347   | 75.119.214.195   | US | www.delphigroups.info | DREAMHOST-AS - New Dream Network, LLC
26496   | 72.167.112.129   | US | www.mongolia-investment.com | PAH-INC - GoDaddy.com, Inc.
26496   | 72.167.90.42     | US | www.tibettravel.org | PAH-INC - GoDaddy.com, Inc.
34011   | 80.67.17.87      | DE | www.dug.dug-diplomatic.de | DOMAINFACTORY domainfactory GmbH
34011   | 80.67.24.93      | DE | www.vln.de      | DOMAINFACTORY domainfactory GmbH
34619   | 89.19.29.10      | TR | www.realbau.net | CIZGI Cizgi Telekomunikasyon Autonomous System
39023   | 85.119.152.5     | DE | www.belzig-online.de | IU-AS VANAGER GmbH
41126   | 89.111.176.107   | RU | frontlight.ru   | CENTROHOST-AS JSC Centrohost
41528   | 195.74.37.120    | SE | www.watan.ru    | ALEBORG-AS BINERO ASN


     - Thomas

CERT-Bund Incident Response & Anti-Malware Team

More information about the nsp-security mailing list