[nsp-sec] iframe on OpenX server: similar experiences exploit experiences with AS6851

Peter Moody pmoody at google.com
Thu Aug 19 00:52:48 EDT 2010 

On Wed, Aug 18, 2010 at 9:45 PM, Zane Jarvis <zane at auscert.org.au> wrote:

> Hi all,
>
> > > Abuse mailbox is a gmail account. If it is feasible, anyone from Google
> > > could take a look into this?
> > >
> >
> > abuse contact for an iffy AS/domain is too thin of a reason for the gmail
> > folks to act on an account.
> >
>
> We've seen quite a few dodgy domains registered using that email address.


Can you give me anything more than the fact that it's the abuse contact?
 being an abuse contact (even for *lots* of domains/AS's) doesn't really
violate any TOS.


> Here is a list dating back to 21 May 2010, where that email address has
> been
> listed as the abuse contact. This list is from the stuff we have seen and
> may
> not be exhaustive.
>
> hxxp://01.coolw.in/
> hxxp://01.yxian.in/
> hxxp://06.anirp.in/
> hxxp://79.135.152.180/
> hxxp://79.135.152.181/
> hxxp://79.135.152.190/
> hxxp://85.234.190.12/
> hxxp://85.234.190.14/
> hxxp://85.234.190.43/
> hxxp://85.234.190.45/
> hxxp://85.234.190.62/
> hxxp://85.234.191.101/
> hxxp://85.234.191.111/
> hxxp://85.234.191.191/
> hxxp://91.188.59.134/
> hxxp://91.188.59.135/
> hxxp://91.188.60.152/
> hxxp://91.188.60.226/
> hxxp://adingurj.com/
> hxxp://alterparadigma.net/
> hxxp://atgoal.in/
> hxxp://barei.info/
> hxxp://basiccontrol.in/
> hxxp://bliman.com/
> hxxp://bravqwer.com/
> hxxp://cated.in/
> hxxp://cogoo.in/
> hxxp://downloadfreenow.in/
> hxxp://drovent.com/
> hxxp://dusute.in/
> hxxp://engineonline.in/
> hxxp://esvictory5.ru/
> hxxp://fortuna1.info/
> hxxp://jL.chura.pl/
> hxxp://leninvgorkax.net/
> hxxp://livench.com/
> hxxp://macromediasetup.com/
> hxxp://necice.in/
> hxxp://networksportsgo.com/
> hxxp://ozlink.in/
> hxxp://qsfgyee.com/
> hxxp://senderdata.co.cc/
> hxxp://solaruploader.net/
> hxxp://solaruploaderz.com/
> hxxp://ssdssds.co.cc/
> hxxp://staticportal.in/
> hxxp://subyq.info/
> hxxp://sunn.in/
> hxxp://totalsystem.in/
> hxxp://trafficcdata.co.cc/
> hxxp://www.fast-scanneronline.org/
> hxxp://www.premiaa.com/
> hxxp://ytoimneyqawernmkla.deswelt.net/
>
> Regards,
> Zane
>
> --
> Zane Jarvis
> Senior Information Security Analyst  | Hotline: +61 7 3365 4417
> AusCERT, Australia's Leading CERT    | Fax:     +61 7 3365 7031
> The University of Queensland         | WWW:     www.auscert.org.au
> QLD 4072 Australia                   | Email:   auscert at auscert.org.au
>
>
>
>
>
>


-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list