cNotes 検索 一覧 カテゴリ

Amazonを騙るspam - amazonzon

Published: 2013/05/09

5/8に大量に届いたメール。

subjectはいろいろありますが、この例はkindle e-bookのオーダー確認の体。

本文中のリンクは下記のような感じで「amazonzon.html」が特徴。すべてリダイレクタ。

 http://wordofmouthbali.com/amazonzon.html?special=PVHDZ0M0B0AJ 
 http://wuertthof.web.my-ct.de/amazonzon.html?description=02910-98DGR-C2ATPN3A61TM 
 http://xn----4tbbdcdd.xn--p1ai/amazonzon.html
 http://xn--90abr5b.xn--p1ai/amazonzon.html 

これらのサイトからここへリダイレクトされzbot等のマルウェアをダウンロードさせられます。

 http://ehrap.net/news/days_electric-sources.php

このdomainはすでにNXDOMAIN。


hostip逆引きASAS NameCountry
imladriscattery.hu195.56.44.221lin.hu.8358INTERWARE-AS_GTS_Hungary_Tavkozlesi_Ktf.Hungary
borclub.fr82.165.112.92kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
s349546578.onlinehome.us74.208.156.178perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
raipreda-homestay.com122.155.168.143ns22.appservhosting.com.9931CAT-AP_The_Communication_Authoity_of_Thailand_CATThailand
wickosoft.com148.244.240.67igcll004.alestraidc.net.mx.11172Alestra_S._de_R.L._de_C.V.Mexico
akkerman-vastgoedbeheer.nl212.79.238.196NONE24875NL-ISPSERVICES_Cleanport_B.V.Netherlands
garmoniia.ru188.40.133.147shared-2.vanet.ru.24940HETZNER-AS_Hetzner_Online_AGGermany
xn----4tbbdcdd.xn--p1ai78.47.166.106ms-str.ru.24940HETZNER-AS_Hetzner_Online_AGGermany
musoni.co.ke85.158.207.219musoni-focus.musoni.cyso.net.25151CYSO-AS_Cyso_Hosting_B.V._Alkmaar_The_NetherlandsNetherlands
xn--90abr5b.xn--p1ai87.242.112.44winweb08.win.masterhost.ru.25532MASTERHOST-AS_.masterhost_autonomous_systemRussianFederation
pharmacie-paroielle.com151.236.42.156151-236-42-156.static.as29550.net.29550SIMPLYTRANSIT_Simply_Transit_LtdUnitedKingdom
wuertthof.web.my-ct.de82.211.59.100NONE31400ACCELERATED-IT_Accelerated_IT_Services_GmbHGermany
nyabeauty.com108.167.178.26NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
sdshutterdepot.com184.172.32.36184.172.32.36-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
frankschabel.de178.254.62.91mis10.de.42730EVANZOAS_EVANZO_e-commerce_GmbHGermany
gucluvinc.com.tr188.132.129.12linux12.sadecehosting.com.42910SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_StiTurkey
atw.es92.43.20.148vl20350.dns-privadas.es.44497REDCORUNA-AS_REDCORUNASpain
meyleme.com142.4.30.238cyb.cybernatix.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
wordofmouthbali.com173.254.48.214173-254-48-214.unifiedlayer.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates

[カテゴリ:spam観察日記]

by jyake