AICPA Fake spam

Published: 2012/12/10

約一年前にもBHEKで利用されていたネタです。

Subjectはこんな感じ。

 Income faked tax return accusations. 
 Income sham tax return accusations. 
 Income incorrect tax return accusations. 
 Income fake tax return accusations. 
 Income phony tax return accusations. 
 Income false tax return accusations. 
 Income improper tax return accusations. 
 Income counterfeit tax return accusations.

誘導URLの特徴はこれ。10月頃からあるBHEK2で利用されているパターンです。

 ｈttp://polycliniqueidimed.com/components/com_ag_google_analytics2/aicpataxcompl.html
 ｈttp://auto-serviser.com/components/com_ag_google_analytics2/aicpataxcompl.html
 ｈttp://kentplus-temizlik.com/components/com_ag_google_analytics2/aicpataxcompl.html

細かい点で他の攻撃に比べて少し高度です。

主にアメリカです。

name	IP	逆引き	AS	AS Name	Country
wohnbau-rastatt.com	195.78.76.157	server157.star-server.info.	5464	NETDISCOUNTER_Netdiscounter_GmbH_autonomous_system	Germany
asociaciondesarrolloruraldosvalles.com	82.165.18.165	clienteservidor.es.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
printer2you.com	27.254.55.110	cs17.hostneverdie.com.	9891	CSLOX-IDC-AS-AP_CS_LOXINFO_Public_Company_Limited.	Thailand
myprotext.com	184.170.135.195	NONE	10929	NETELLIGENT_-_Netelligent_Hosting_Services_Inc.	Canada
kenzeo.com	69.90.162.140	hp45.hostpapa.com.	13768	PEER1_-_Peer_1_Network_Inc.	Canada
xn--b1aeonhcx.com	91.236.118.192	s18.domen.com.ua.	15497	COLOCALL_Internet_Data_Center__ColoCALL_	Ukraine
aserto.org	95.211.20.87	x78.alfaservers.com.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
claryfix.com	213.186.33.3	cluster015.ovh.net.	16276	OVH_OVH_Systems	France
kanienpub.com	188.165.199.16	ks310048.kimsufi.com.	16276	OVH_OVH_Systems	France
polycliniqueidimed.com	213.186.33.17	cluster006.ovh.net.	16276	OVH_OVH_Systems	France
quintessence-formation.com	178.33.122.76	ns223952.ovh.net.	16276	OVH_OVH_Systems	France
discoveryville.com	204.12.48.19	NONE	20021	LNH-INC_-_HostMySite	UnitedStates
dowienet.com	174.120.194.134	86.c2.78ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
huashangsrl.com	174.121.78.194	thorpe.webserversystems.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
tajhealth.com	46.4.73.16	static.16.73.4.46.clients.your-server.de.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
atlasgeomatic.com	79.175.163.57	afranet.com.	25184	AFRANET_AFRANET_Co._Tehran_Iran	Iran	Islamic
chooum.com	146.255.39.1	n1nlhg422c1422.shr.prod.ams1.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	Netherlands
dauthentic.com	97.74.198.127	ip-97-74-198-127.ip.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	UnitedStates
intemporeconsulting.com	184.168.184.1	p3nlhg206c1206.shr.prod.phx3.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	UnitedStates
qebelemescidi.com	184.168.206.1	p3nlhg130c1130.shr.prod.phx3.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	UnitedStates
udonvan.com	50.63.69.1	p3nlhg362c1362.shr.prod.phx3.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	UnitedStates
absofrigginlutely.com	77.232.91.224	77-232-91-224.static.servage.net.	29671	SERVAGE_Servage_GmbH	Europe
4cservices.net	66.96.147.113	113.147.96.66.static.eigbox.net.	29873	BIZLAND-SD_-_The_Endurance_International_Group_Inc.	UnitedStates
clinicasdentalesvalrod.com	66.96.160.152	152.160.96.66.static.eigbox.net.	29873	BIZLAND-SD_-_The_Endurance_International_Group_Inc.	UnitedStates
advanced-directions.com	76.163.16.170	NONE	32392	OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation	UnitedStates
india-computing.com	50.6.201.114	NONE	32392	OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation	UnitedStates
unidadmedicayennire.com	173.236.43.155	server2.serverhostingmonagas.com.	32475	SINGLEHOP-INC_-_SingleHop	UnitedStates
hunteresmiol.com	75.150.17.52	webhost3.impalanetworks.com.	33654	CMCS_-_Comcast_Cable_Communications_Inc.	UnitedStates
tiyatrocezve.com	94.73.148.180	94-73-148-180.cizgi.net.tr.	34619	CIZGI_Cizgi_Telekomunikasyon_Hizmetleri_Sanayi_Ve_Ticaret_Limited_Sirketi	Turkey
countrycharmrealty.net	216.172.169.37	NONE	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
egyscout.com	50.22.11.30	stormont.accountservergroup.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
kuzsms.com	50.116.98.212	ns1640.websitewelcome.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
nanakmatta.org	50.22.131.158	50.22.131.158-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
rajivmishra.com	50.23.47.208	50.23.47.208-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
sportsturnout.com	184.172.170.98	184.172.170.98-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
acitcpatiala.com	199.79.62.149	bh-cp-9.webhostbox.net.	40034	CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc	UnitedStates
javaenterprises.net	208.91.199.120	bh-11.webhostbox.net.	40034	CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc	UnitedStates
erkaauto.com	46.235.9.150	46.235.9.150.static.teknikdata.com.	42910	SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_Sti	Turkey
kentplus-temizlik.com	93.187.206.11	mail.sitedinamik.com.	43391	NETDIREKT-TR_Netdirekt_A.S.	Turkey
drbvreddy.com	66.147.242.174	box574.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
myvisioninformatics.com	74.220.199.22	fast22.fastdomain.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
auto-serviser.com	94.231.107.137	linux33.unoeuro.com.	48854	ZITCOM_ZITCOM_A/S	Denmark
residenzaalponte.com	95.141.36.4	lnx24.ion.it.	49367	ASSEFLOW_Seflow_S.N.C._Di_Marco_Brame__&_C.	Italy
tropicasolar.com	84.243.195.250	NONE	51088	A2B_A2B_Internet_B.V.	Netherlands

[カテゴリ:spam観察日記]

by jyake

AICPA Fake spam

TOP

Contents

About cNotes

What's New