[nsp-sec] iframe on OpenX server: similar experiences exploit experiences with AS6851
Chris Morrow
morrowc at ops-netman.net
Thu Aug 19 00:57:31 EDT 2010
On 8/19/10 12:52 AM, Peter Moody wrote:
> ----------- nsp-security Confidential --------
>
> On Wed, Aug 18, 2010 at 9:45 PM, Zane Jarvis <zane at auscert.org.au> wrote:
>
>> Hi all,
>>
>>>> Abuse mailbox is a gmail account. If it is feasible, anyone from Google
>>>> could take a look into this?
>>>>
>>>
>>> abuse contact for an iffy AS/domain is too thin of a reason for the gmail
>>> folks to act on an account.
>>>
>>
>> We've seen quite a few dodgy domains registered using that email address.
>
>
> Can you give me anything more than the fact that it's the abuse contact?
> being an abuse contact (even for *lots* of domains/AS's) doesn't really
> violate any TOS.
aka: "And these domains are being used in SPAM campaigns which send out
zeus trojan zip files."
I think pete means this, yes?
-Chris
>
>> Here is a list dating back to 21 May 2010, where that email address has
>> been
>> listed as the abuse contact. This list is from the stuff we have seen and
>> may
>> not be exhaustive.
>>
>> hxxp://01.coolw.in/
>> hxxp://01.yxian.in/
>> hxxp://06.anirp.in/
>> hxxp://79.135.152.180/
>> hxxp://79.135.152.181/
>> hxxp://79.135.152.190/
>> hxxp://85.234.190.12/
>> hxxp://85.234.190.14/
>> hxxp://85.234.190.43/
>> hxxp://85.234.190.45/
>> hxxp://85.234.190.62/
>> hxxp://85.234.191.101/
>> hxxp://85.234.191.111/
>> hxxp://85.234.191.191/
>> hxxp://91.188.59.134/
>> hxxp://91.188.59.135/
>> hxxp://91.188.60.152/
>> hxxp://91.188.60.226/
>> hxxp://adingurj.com/
>> hxxp://alterparadigma.net/
>> hxxp://atgoal.in/
>> hxxp://barei.info/
>> hxxp://basiccontrol.in/
>> hxxp://bliman.com/
>> hxxp://bravqwer.com/
>> hxxp://cated.in/
>> hxxp://cogoo.in/
>> hxxp://downloadfreenow.in/
>> hxxp://drovent.com/
>> hxxp://dusute.in/
>> hxxp://engineonline.in/
>> hxxp://esvictory5.ru/
>> hxxp://fortuna1.info/
>> hxxp://jL.chura.pl/
>> hxxp://leninvgorkax.net/
>> hxxp://livench.com/
>> hxxp://macromediasetup.com/
>> hxxp://necice.in/
>> hxxp://networksportsgo.com/
>> hxxp://ozlink.in/
>> hxxp://qsfgyee.com/
>> hxxp://senderdata.co.cc/
>> hxxp://solaruploader.net/
>> hxxp://solaruploaderz.com/
>> hxxp://ssdssds.co.cc/
>> hxxp://staticportal.in/
>> hxxp://subyq.info/
>> hxxp://sunn.in/
>> hxxp://totalsystem.in/
>> hxxp://trafficcdata.co.cc/
>> hxxp://www.fast-scanneronline.org/
>> hxxp://www.premiaa.com/
>> hxxp://ytoimneyqawernmkla.deswelt.net/
>>
>> Regards,
>> Zane
>>
>> --
>> Zane Jarvis
>> Senior Information Security Analyst | Hotline: +61 7 3365 4417
>> AusCERT, Australia's Leading CERT | Fax: +61 7 3365 7031
>> The University of Queensland | WWW: www.auscert.org.au
>> QLD 4072 Australia | Email: auscert at auscert.org.au
>>
>>
>>
>>
>>
>>
>
>
More information about the nsp-security
mailing list