[nsp-sec] ACK: List of spamvertised URL's

Taka Mizuguchi taka at nttv6.jp
Thu Nov 5 18:32:54 EST 2009 

Ack for Japanese ISPs(7670,9370,9371)



But below ASN/IP address is not for japan.

> 38532   | 116.12.51.202    | JP |
> http://116.12.51.202/cxchp93/8ondx.html | USONYX-NET USONYX Singapore
> Broadband Web Hosting Services

I seems that this country code got from person object of this
IP address admin.

-----
nttv6.jp{taka}8: whois -h whois.apnic.net 116.12.51.202

% APNIC found the following authoritative answer from: whois.apnic.net

% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      116.12.48.0 - 116.12.55.255
netname:      USONYX-NET
descr:        USONYX Singapore Broadband Web Hosting Services
country:      SG
admin-c:      SS649-AP
tech-c:       RL595-AP
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      Send abuse reports to info at usonyx.net
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed at apnic.net 20070330
mnt-by:       APNIC-HM
mnt-lower:    MAINT-JP-CLARA
status:       ALLOCATED PORTABLE
changed:      hm-changed at apnic.net 20071228
source:       APNIC

person:       Shin SHIRAHATA
nic-hdl:      SS649-AP
e-mail:       shin at clara.ad.jp
address:      Ariake Frontier Bld. 6F
address:      3-1-25 Ariake
address:      Koto-ku, Tokyo 135-0063
address:      Japan
phone:        +81-3-3599-7321
fax-no:       +81-3-3528-0028
country:      JP
changed:      shin at clara.ad.jp 20060315
mnt-by:       MAINT-JP-CLARA
source:       APNIC

person:       Roman Ledovskiy
nic-hdl:      RL595-AP
e-mail:       noc at usonyx.net
address:      213A Lavender Street Singapore 338770
phone:        +65-62231838
fax-no:       +65-62980801
country:      SG
changed:      shin at clara.ad.jp 20070326
changed:      shin at clara.ad.jp 20081129
mnt-by:       MAINT-JP-CLARA
source:       APNIC
mnt-by:       MAINT-JP-CLARA




Jaap van Ginkel wrote,on 09.11.5 5:20 PM:
> ----------- nsp-security Confidential --------
> 
> SURFcert received a list of (to be) spamvertised URL's from one of our
> constituents. The list was found on a website (we've asked for more
> details about that site) and based on random samples looks valid.
> 
> Basically the URL's go to pages on most likely compromised webservers
> and from there do a redirect to hxxp: // www . pharmacy-now-here . com/
> Some (already) give a 404 and some are not reachable.
> 
> With the list of URL's we also received a list of typical spam subjects
> (typically used with spam for those blue pills).
> 

> 38532   | 116.12.51.202    | JP |
> http://116.12.51.202/cxchp93/8ondx.html | USONYX-NET USONYX Singapore
> Broadband Web Hosting Services


-- 
Taka Mizuguchi

More information about the nsp-security mailing list