Amazonを騙るspam - amazonzon
Published: 2013/05/09
5/8に大量に届いたメール。
subjectはいろいろありますが、この例はkindle e-bookのオーダー確認の体。
本文中のリンクは下記のような感じで「amazonzon.html」が特徴。すべてリダイレクタ。
http://wordofmouthbali.com/amazonzon.html?special=PVHDZ0M0B0AJ http://wuertthof.web.my-ct.de/amazonzon.html?description=02910-98DGR-C2ATPN3A61TM http://xn----4tbbdcdd.xn--p1ai/amazonzon.html http://xn--90abr5b.xn--p1ai/amazonzon.html
これらのサイトからここへリダイレクトされzbot等のマルウェアをダウンロードさせられます。
http://ehrap.net/news/days_electric-sources.php
このdomainはすでにNXDOMAIN。
host | ip | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
imladriscattery.hu | 195.56.44.221 | lin.hu. | 8358 | INTERWARE-AS_GTS_Hungary_Tavkozlesi_Ktf. | Hungary |
borclub.fr | 82.165.112.92 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
s349546578.onlinehome.us | 74.208.156.178 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
raipreda-homestay.com | 122.155.168.143 | ns22.appservhosting.com. | 9931 | CAT-AP_The_Communication_Authoity_of_Thailand_CAT | Thailand |
wickosoft.com | 148.244.240.67 | igcll004.alestraidc.net.mx. | 11172 | Alestra_S._de_R.L._de_C.V. | Mexico |
akkerman-vastgoedbeheer.nl | 212.79.238.196 | NONE | 24875 | NL-ISPSERVICES_Cleanport_B.V. | Netherlands |
garmoniia.ru | 188.40.133.147 | shared-2.vanet.ru. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
xn----4tbbdcdd.xn--p1ai | 78.47.166.106 | ms-str.ru. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
musoni.co.ke | 85.158.207.219 | musoni-focus.musoni.cyso.net. | 25151 | CYSO-AS_Cyso_Hosting_B.V._Alkmaar_The_Netherlands | Netherlands |
xn--90abr5b.xn--p1ai | 87.242.112.44 | winweb08.win.masterhost.ru. | 25532 | MASTERHOST-AS_.masterhost_autonomous_system | RussianFederation |
pharmacie-paroielle.com | 151.236.42.156 | 151-236-42-156.static.as29550.net. | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
wuertthof.web.my-ct.de | 82.211.59.100 | NONE | 31400 | ACCELERATED-IT_Accelerated_IT_Services_GmbH | Germany |
nyabeauty.com | 108.167.178.26 | NONE | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
sdshutterdepot.com | 184.172.32.36 | 184.172.32.36-static.reverse.softlayer.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
frankschabel.de | 178.254.62.91 | mis10.de. | 42730 | EVANZOAS_EVANZO_e-commerce_GmbH | Germany |
gucluvinc.com.tr | 188.132.129.12 | linux12.sadecehosting.com. | 42910 | SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_Sti | Turkey |
atw.es | 92.43.20.148 | vl20350.dns-privadas.es. | 44497 | REDCORUNA-AS_REDCORUNA | Spain |
meyleme.com | 142.4.30.238 | cyb.cybernatix.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
wordofmouthbali.com | 173.254.48.214 | 173-254-48-214.unifiedlayer.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
by jyake