[nsp-sec] ACK 174 RE: List of spamvertised URL's

Shelton, Steve sshelton at Cogentco.com
Thu Nov 5 08:06:59 EST 2009 

Hello,

Thanks and ACK for AS174.

Steve Shelton
Security Engineer
Cogent Communications



-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Jaap van
Ginkel
Sent: Thursday, November 05, 2009 1:21 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] List of spamvertised URL's

----------- nsp-security Confidential --------

SURFcert received a list of (to be) spamvertised URL's from one of our
constituents. The list was found on a website (we've asked for more
details about that site) and based on random samples looks valid.

Basically the URL's go to pages on most likely compromised webservers
and from there do a redirect to hxxp: // www . pharmacy-now-here . com/
Some (already) give a 404 and some are not reachable.

With the list of URL's we also received a list of typical spam subjects
(typically used with spam for those blue pills).




DNS lookups around 13:00 UTC 2009-11-04
Bulk mode; whois.cymru.com [2009-11-04 20:27:30 +0000]
NA      | 127.0.0.1        |    |
http://talisman.freehostia.com/kntaf7e/5tdgap1.html | NA
174     | 38.102.41.117    | US |
http://38.102.41.117/leschale/ycatvh/748fdjc.html | COGENT Cogent/PSI
174     | 70.35.16.121     | CA |
http://anapa.netfirms.com/t229ehs/h6gu5.html | COGENT Cogent/PSI
174     | 70.35.16.170     | CA |
http://hubhosting.netfirms.com/l8el5m6/vwfzba.html | COGENT Cogent/PSI
174     | 70.35.16.189     | CA |
http://adultdatingsites.netfirms.com/bym3jg7/577y.html | COGENT
Cogent/PSI
174     | 70.35.16.198     | CA |
http://12thlevel.netfirms.com/pc6oe0l/dz84j.html | COGENT Cogent/PSI
174     | 70.35.16.252     | CA |
http://idealmail.netfirms.com/an82lpy/46quc.html | COGENT Cogent/PSI
174     | 70.35.16.62      | CA |
http://petbac.netfirms.com/lwt7sc/x60jp4i.html | COGENT Cogent/PSI
174     | 70.35.16.96      | CA |
http://generic-bumble.netfirms.com/td2olr7/b1k8.html | COGENT Cogent/PSI
174     | 70.35.30.70      | CA | http://nescom.biz/n2qzsq/zdnvkf8.html
| COGENT Cogent/PSI
\




_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________

More information about the nsp-security mailing list