[nsp-sec] Spamvertized URLs on compromised websites

Thomas Hungenberg th.lab at hungenberg.net
Wed Jun 29 04:42:26 EDT 2011 

Hi,

please find below a list of currently spamvertized URLs on compromised websites
redirecting to Fake AV or Pharmacy sites:

2860    | 195.23.94.159    | PT | http://gequorum.com/homi.php | NOVIS Novis Telecom, S.A.
3361    | 173.225.21.2     | US | http://weatherreportcard.com/wizl.html | FCC-NETWORK - Fortress Colocation Centers
12824   | 79.96.42.161     | PL | http://wilczura.pl/winsc.php | HOMEPL-AS home.pl autonomous system
12824   | 89.161.187.142   | PL | http://darro.pl/winsc.php | HOMEPL-AS home.pl autonomous system
13237   | 83.125.22.158    | EU | http://hrmarinkovic.awardspace.biz/homi.php | LAMBDANET-AS European Backbone of LambdaNet
13768   | 64.34.127.116    | US | http://nrityarchannaa.com/homi.php | PEER1 - Peer 1 Network Inc.
15967   | 85.128.195.24    | PL | http://lazell.nazwa.pl/winsc.php | NETART NetArt Spolka Akcyjna Spolka Komandytowo-Akcyjna
16805   | 74.200.236.250   | US | http://moosejawpr.com/fastcheck.php | LAYER3-ASN-2 - Layered Technologies, Inc.
18479   | 187.108.192.18   | BR | http://colegiosantoagostinho.org/winsc.php | Plug-In Vanet Sistemas de Comunicao LTDA
19318   | 74.50.95.18      | US | http://ladoxengineering.com/homi.php | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
21788   | 184.82.5.119     | US | http://cheapprogressiveglasses.com/wp-content/plugins/widgets/yahoolink.php | NOC - Network Operations Center Inc.
21844   | 174.120.139.34   | US | http://singthaidisco.com/winsc.php | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844   | 174.122.19.254   | US | http://webgamblingeurope.com/winsc.php | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844   | 74.53.27.226     | US | http://star.sharpseo.com/homi.php | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844   | 74.53.63.86      | US | http://asmacbcs.com/homi.php | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
22773   | 24.248.168.110   | US | http://ihmediasolutions.com/fastcheck.php | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc.
26347   | 173.236.247.4    | US | http://rayaya.info/wp-content/plugins/jetpack/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 67.205.3.150     | US | http://terezinsings.org/yiddish/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.168.164   | US | http://zapodamy.pl/forum/includes/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.181.249   | US | http://iuiconsulting.com/cv/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.183.70    | US | http://thelasthurrahmovie.com/4yreyesonly/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.184.19    | US | http://nutrinet.com.br/phpmailer/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.184.229   | US | http://4kboy.com/myspace/yahoolink.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.185.126   | US | http://danielswiecki.com/myshityo/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.193.154   | US | http://yougiveloveabad.name/wp-content/themes/connections-reloaded/yahoolink.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.193.242   | US | http://glasseye.org/Japan/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.195.214   | US | http://john.bothner.com/bryllup/yahoolinks.php | DREAMHOST-AS - New Dream Network, LLC
26347   | 69.163.195.6     | US | http://watchmanprotective.com/site/Careers/yahoolink.php | DREAMHOST-AS - New Dream Network, LLC
26496   | 68.178.254.83    | US | http://www.progenresearchlab.com/homi.php | PAH-INC - GoDaddy.com, Inc.
26496   | 97.74.144.176    | US | http://realestateunlimited-ca.com/wp-content/plugins/shadowbox-js/yahoolink.php | PAH-INC - GoDaddy.com, Inc.
26496   | 97.74.144.188    | US | http://seniorfinancial.com/wp-content/plugins/robots-meta/yahoolink.php | PAH-INC - GoDaddy.com, Inc.
26753   | 108.60.15.93     | CA | http://asianroadshow.com/wizl.html | IN2NET-NETWORK In2Net network inc.
27715   | 187.45.195.10    | BR | http://newuniversegroup.com/homi.php | LocaWeb Ltda
32244   | 67.227.142.4     | US | http://sonuuktour.com/winsc.php | LIQUID-WEB-INC - Liquid Web, Inc.
32613   | 174.142.68.24    | CA | http://carbetgroup.com/homi.php | IWEB-AS - iWeb Technologies Inc.
34619   | 94.73.144.80     | TR | http://kimsebilmiyor.com/homi.php | CIZGI Cizgi Telekomunikasyon Hizmetleri Sanayi Ve Ticaret Limited Sirketi
35732   | 91.208.99.12     | GB | http://denises.me.uk/modules/Search/invite.php | UKWEBHOSTING-AS UK Webhosting Ltd - Autonomous System
36167   | 66.219.30.219    | US | http://cryptonaux.com/wizl.html | NETRIPLEX01 - NETRIPLEX LLC
36351   | 75.126.179.179   | US | http://djroberto.com.br/homi.php | SOFTLAYER - SoftLayer Technologies Inc.
40244   | 67.231.253.145   | US | http://asset-protection-trust.us/DiamondsFromSierraLeone2/photos/yahoolinks.php | TURNKEY-INTERNET - Turnkey Internet Inc.
46015   | 110.4.45.176     | MY | http://silvergatepromotions.com.my/homi.php | EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd.
47869   | 94.228.208.10    | NL | http://intos.gr/homi.php | NETROUTING-AS Netrouting Data Facilities
48170   | 93.190.217.19    | TR | http://spagettikids.com/tmp/templates_c/invite.php | REKARE Rekare Bilgi Teknolojileri Ticaret ve Sanayi Limited Sirketi
51696   | 195.211.72.26    | NL | http://positiverealism.net/homi.php | ANTAGONIST-AS Antagonist B.V.


     - Thomas

CERT-Bund Incident Response & Anti-Malware Team

More information about the nsp-security mailing list