ACHを騙るスパム - photo_new.htm
Published: 2012/10/13
観測日: 2012/10/12
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
このネタも
Scan from a Hewlett-Packard ScanJet - wp-local.htm
と同じ手法で使われるようになりました。BHEK2ですよね。
いつもの内容、書式は最近よく使われてるフォーマット。
「xxxxx/photo_new.htm」へ誘導されますが、このファイルの中身は以下のよなスクリプトです。
実行するとこのURLへリダイレクトされます。
リダイレクトに使われるサイトは今回も新しく。
domain | ip | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
crocebiancabolzaneto.it | 46.16.168.208 | ip-168-208.sn1.7host.com. | 3257 | TINET-BACKBONE_Tinet_SpA | Italy |
jiuzehui.com | 61.139.126.88 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
www.brandway.org | 175.102.2.222 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
www.oonly.net | 175.102.2.222 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
www.tf1837.com | 175.102.2.222 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
www.oformi.by | 91.149.189.245 | fjord.gatonegro.by.sha.neolocation.net. | 6697 | BELPAK-AS_Republican_Association_BELTELECOM | Belarus |
permschool9.ru | 176.57.209.236 | poseydon.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
200.32.12.29 | 200.32.12.29 | 200-32-12-29.prima.net.ar. | 10481 | Prima_S.A. | Argentina |
www.rgvdirectory.com | 209.217.254.17 | vps.chorro1.com. | 11042 | LANDIS-HOLDINGS-INC_-_Landis_Holdings_Inc | UnitedStates |
szkola-baristow.pl | 77.55.46.75 | abu75.rev.netart.pl. | 15967 | NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna | Poland |
www.devignes.fr | 213.186.33.87 | cluster014.ovh.net. | 16276 | OVH_OVH_Systems | France |
www.restauracja.kotlorem.eu | 87.98.239.19 | cluster010.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
580ls.com | 180.86.149.193 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
cuixq.com | 115.47.170.99 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
jiamu.xinji.us | 115.47.203.91 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
vtuanba.com | 203.158.16.66 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.aisesheying.com | 203.158.16.72 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.bjxiaotian.com | 203.158.16.75 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.long-shining.com | 203.158.16.72 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.sd-autd.com | 115.47.73.235 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.xjdyw.xinji.us | 115.47.203.91 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
xiangping.xinji.us | 115.47.203.91 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
xjyhzx.xinji.us | 115.47.203.91 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
ykever.com | 203.158.16.75 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.conceptuamarketing.com | 81.21.75.91 | server61.donhost.co.uk. | 20738 | AS20738_Webfusion_Internet_Solutions | UnitedKingdom |
utubeview.com | 198.58.85.171 | NONE | 21788 | NOC_-_Network_Operations_Center_Inc. | UnitedStates |
www.gevrimini.it | 174.132.200.226 | aphro.site5.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates |
usti.farnost.cz | 77.93.216.80 | verunka.x-base.cz. | 24971 | MASTER-AS_Master_Internet_s.r.o_/_Czech_Republic_/_www.master.cz | CzechRepublic |
hebinho28000.com.br | 64.90.45.132 | apache2-zoo.shaula.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
jenneyrivard.com | 72.167.231.141 | ip-72-167-231-141.ip.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
www.leslielaweventing.com | 208.109.181.28 | p3slh072.shr.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
www.yuletidesingersny.com | 173.201.216.47 | p3nlh260.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
djsteelarms.com | 98.130.164.2 | rev.opentransfer.com.2.164.130.98.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
marryme.uz | 62.209.154.66 | tx3.billur.net. | 34718 | TPSUZ-AS_ISPTPS-_BGP_ASN_ofTEXNOPROSISTEMLtd | Uzbekistan |
www2.itu.tu.ac.th | 203.131.220.132 | NONE | 37992 | THAMMASAT-BORDER-AS_Thammasat_University_in_thailand | Thailand |
www.outdoor-media.co | 192.166.218.75 | NONE | 41508 | PL-IWACOM-AS_IWACOM_Sp._z_o.o. | Poland |
sliekotava.lv | 85.31.96.201 | ns.firsthost.lv. | 43513 | NANO-AS_Sia_Nano_IT | Latvia |
varrono.mediatop.hu | 94.199.181.196 | www.mediatop.hu. | 43711 | SZERVERNET-HU-AS_Szervernet_Ltd. | Hungary |
www.truth4thai.org | 173.254.28.69 | just69.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.radvanpark.sk | 195.210.29.6 | tin.websupport.sk. | 51013 | WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o. | Slovakia |
by jyake