Amazonを騙るspam - amazonzon

Published: 2013/05/09

5/8に大量に届いたメール。

subjectはいろいろありますが、この例はkindle e-bookのオーダー確認の体。

本文中のリンクは下記のような感じで「amazonzon.html」が特徴。すべてリダイレクタ。

 ｈttp://wordofmouthbali.com/amazonzon.html?special=PVHDZ0M0B0AJ 
 ｈttp://wuertthof.web.my-ct.de/amazonzon.html?description=02910-98DGR-C2ATPN3A61TM 
 ｈttp://xn----4tbbdcdd.xn--p1ai/amazonzon.html
 ｈttp://xn--90abr5b.xn--p1ai/amazonzon.html

これらのサイトからここへリダイレクトされzbot等のマルウェアをダウンロードさせられます。

 ｈttp://ehrap.net/news/days_electric-sources.php

このdomainはすでにNXDOMAIN。

host	ip	逆引き	AS	AS Name	Country
imladriscattery.hu	195.56.44.221	lin.hu.	8358	INTERWARE-AS_GTS_Hungary_Tavkozlesi_Ktf.	Hungary
borclub.fr	82.165.112.92	kundenserver.de.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
s349546578.onlinehome.us	74.208.156.178	perfora.net.	8560	ONEANDONE-AS_1&1_Internet_AG	UnitedStates
raipreda-homestay.com	122.155.168.143	ns22.appservhosting.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
wickosoft.com	148.244.240.67	igcll004.alestraidc.net.mx.	11172	Alestra_S._de_R.L._de_C.V.	Mexico
akkerman-vastgoedbeheer.nl	212.79.238.196	NONE	24875	NL-ISPSERVICES_Cleanport_B.V.	Netherlands
garmoniia.ru	188.40.133.147	shared-2.vanet.ru.	24940	HETZNER-AS_Hetzner_Online_AG	Germany
xn----4tbbdcdd.xn--p1ai	78.47.166.106	ms-str.ru.	24940	HETZNER-AS_Hetzner_Online_AG	Germany
musoni.co.ke	85.158.207.219	musoni-focus.musoni.cyso.net.	25151	CYSO-AS_Cyso_Hosting_B.V._Alkmaar_The_Netherlands	Netherlands
xn--90abr5b.xn--p1ai	87.242.112.44	winweb08.win.masterhost.ru.	25532	MASTERHOST-AS_.masterhost_autonomous_system	RussianFederation
pharmacie-paroielle.com	151.236.42.156	151-236-42-156.static.as29550.net.	29550	SIMPLYTRANSIT_Simply_Transit_Ltd	UnitedKingdom
wuertthof.web.my-ct.de	82.211.59.100	NONE	31400	ACCELERATED-IT_Accelerated_IT_Services_GmbH	Germany
nyabeauty.com	108.167.178.26	NONE	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
sdshutterdepot.com	184.172.32.36	184.172.32.36-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
frankschabel.de	178.254.62.91	mis10.de.	42730	EVANZOAS_EVANZO_e-commerce_GmbH	Germany
gucluvinc.com.tr	188.132.129.12	linux12.sadecehosting.com.	42910	SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_Sti	Turkey
atw.es	92.43.20.148	vl20350.dns-privadas.es.	44497	REDCORUNA-AS_REDCORUNA	Spain
meyleme.com	142.4.30.238	cyb.cybernatix.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
wordofmouthbali.com	173.254.48.214	173-254-48-214.unifiedlayer.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates

[カテゴリ:spam観察日記]

by jyake

Amazonを騙るspam - amazonzon

TOP

Contents

About cNotes

What's New