Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's

[Gary Flynn <flynngn () JMU EDU>]

www.jmu.eu points to
83.149.74.172

You may want to check some of the other TLDs
too:

jmu]$ nslookup www.jmu.eu

Non-authoritative answer:
Name:   www.jmu.eu
Address: 83.149.74.172

jmu]$ nslookup www.jmu.cn

Non-authoritative answer:
Name:   www.jmu.cn
Address: 222.76.205.156

jmu]$ nslookup www.jmu.nl

Non-authoritative answer:
Name:   www.jmu.nl
Address: 212.79.243.144

jmu]$ nslookup www.jmu.de

Non-authoritative answer:
Name:   www.jmu.de
Address: 82.165.85.251

jmu]$ nslookup www.jmu.ru

Non-authoritative answer:
Name:   www.jmu.ru
Address: 83.69.242.110

jmu]$ nslookup www.jmu.ph

Non-authoritative answer:
Name:   www.jmu.ph
Address: 72.51.36.133

jmu]$ nslookup www.jmu.com

Non-authoritative answer:
Name:   www.jmu.com
Address: 216.57.210.200

jmu]$ nslookup www.jmu.org

Non-authoritative answer:
Name:   www.jmu.org
Address: 209.123.16.48

jmu]$ nslookup www.jmu.net

Non-authoritative answer:
Name:   www.jmu.net
Address: 69.56.237.154


Some appear legit. Some appear to be domain sponges.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security