cNotes 検索 一覧 カテゴリ

BBB - mail.html

Published: 2012/02/20

観測日: 2012/2/17〜2/18

通数: 50〜200通/day

目的: javaの脆弱性を利用した攻撃等→アカウント情報を盗む、FakeAV等

特徴: URLに「mail.html」

BBB - company.htmlのバリエーション。

mail.htmlが設置されているURLをみると、WordPressで運用しているサイトのアカウント情報が盗まれて、そのサイトが大量に利用されている例が多い感じ。若干その他のサイトも含まれているようですが。


このような文面。

以下はいままでの攻撃と同じ。


文面のURLはこのような感じ。

domainpath
advofamily.com/newsite/mail.html
alambrepolitico.minuto30.com/wp-includes/mail.html
alamos.gob.mx/transparencia1/mail.html
avintagewatch.com/wp-content/mail.html
badulescu.net/Wedding/mail.html
blackhawktacticalstore.com/images/mail.html
bounceaboutcastles.com/wp-admin/mail.html
brianviki.com/brian/mail.html
caletacolorada.com/wp-admin/mail.html
caritasnairobi.org/cgi-bin/mail.html
cihanpatent.com/logs/mail.html
classic2wheelers.com/ebay/mail.html
coldair.nl/email/mail.html
computervariety.com/wp-includes/mail.html
damicoproduzioni.it/wp-admin/mail.html
defamationzone.com/images/mail.html
doorkeepers.co.nz/includes/mail.html
edisonkuo.com/apps/mail.html
emi-2u.com/v2/mail.html
fundaprocrear.org/wp-includes/mail.html
golf.declipse.se/cp/mail.html
greatsouthernshowcasems.com/images/mail.html
hay365.net/images/mail.html
irunlikeamother.com/wp-admin/mail.html
jaytorbit.com/wp-content/mail.html
jetleigh.com/images/mail.html
jvashow.co.uk/wp-content/mail.html
kidland.it/wp-admin/mail.html
lasermeasuringdevice.org/wp-content/mail.html
listandcash.com/mail.html
masbordadospanama.com/wp-admin/mail.html
mobilepersonalgifts.com/wp-includes/mail.html
onlinecargosecurity.com/wp-content/mail.html
orthopedicseatcushion.org/wp-admin/mail.html
popularjobinterviewquestions.com/wp-includes/mail.html
property-buyer.net/cgi-bin/mail.html
puros.ca/downloads/mail.html
ricklenoblecpa.com/pbadmin/mail.html
righthomebuyers.com/wp-includes/mail.html
scottsdalemusic.org/cache/mail.html
sharpautoparts.com/media/mail.html
sinhalababynames.com/wp-content/mail.html
the-best-info-online.com/wp-admin/mail.html
thecanadianway.com.au/voiiceworx/mail.html
uralbeats.com/muz/mail.html
viktor.declipse.se/cgi-bin/mail.html
wateraerobicsroutines.com/cgi-bin/mail.html

ASとか国とかの情報。

domainip逆引きASAS Name
alambrepolitico.minuto30.com66.239.209.31server.minuto30.com.2828XO-AS15_-_XO_CommunicationsUnitedStates
alamos.gob.mx67.205.5.80apache2-mop.gambino.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
avintagewatch.com173.236.38.138cx39.justhost.com.32475SINGLEHOP-INC_-_SingleHopUnitedStates
badulescu.net69.163.251.203apache2-grog.hamer.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
blackhawktacticalstore.com50.23.23.8550.23.23.85-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
bounceaboutcastles.com79.170.40.40web40.extendcp.co.uk.31727NODE4-AS_Node4_Ltd_UKUnitedKingdom
brianviki.com69.163.250.37apache2-cabo.tobias.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
caletacolorada.com68.178.232.99parkwebwin-v02.prod.mesa1.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_Inc.UnitedStates
caritasnairobi.org69.89.31.191box391.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
cihanpatent.com94.102.8.5656nu1a8i.ni.net.tr.51559NETINTERNET_Netinternet_Bilgisayar_ve_Telekomunikasyon_San._ve_Tic._Ltd._Sti.Turkey
classic2wheelers.com184.154.126.50fsx02.justhost.com.32475SINGLEHOP-INC_-_SingleHopUnitedStates
coldair.nl84.243.205.81wilson.fastbyte-hosting.nl.51088A2B_A2B_Internet_B.V.Netherlands
computervariety.com122.155.16.84dg0028ns1.dragonhispeed.com.9931CAT-AP_The_Communication_Authoity_of_Thailand_CATThailand
damicoproduzioni.it69.163.187.17apache2-olive.bujumbura.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
defamationzone.com68.171.208.134bigmikewatters.com.22878ASACENET1_-_ACENET_INC.UnitedStates
doorkeepers.co.nz209.217.253.26static-26-253-217-209.nocdirect.com.16626GNAXNET-AS_-_Global_Net_Access_LLCUnitedStates
edisonkuo.com180.235.150.7demoniix.in-hell.com.45731ARDH-AS-ID_ARDH_GLOBAL_INDONESIA_PTIndonesia
emi-2u.com202.75.41.6server27.internet-webhosting.com.17971TMVADS-AP_TM-VADS_Datacenter_ManagementMalaysia
fundaprocrear.org72.249.126.107NONE30496COLO4_-_Colo4_LLCUnitedStates
golf.declipse.se212.97.132.141ws41.surf-town.net.9120COHAESIONET_Cohaesio_A/SDenmark
greatsouthernshowcasems.com64.13.206.177acmkokomci.gs01.gridserver.com.31815MEDIATEMPLE_-_Media_Temple_Inc.UnitedStates
hay365.net173.236.157.237apache2-bongo.randall.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
irunlikeamother.com69.89.31.191box391.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
jaytorbit.com173.236.169.213apache2-pat.mamoudzou.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
jetleigh.com69.163.251.157apache2-moon.hamer.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
jvashow.co.uk69.163.208.67apache2-echo.porto-novo.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
kidland.it69.163.141.66apache2-bongo.obelix.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
lasermeasuringdevice.org72.9.153.145host.trailerway.com.30496COLO4_-_Colo4_LLCUnitedStates
listandcash.com174.132.189.162gator731.hostgator.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
masbordadospanama.com69.163.208.56apache2-snort.brasilia.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
mobilepersonalgifts.com82.165.100.220kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
onlinecargosecurity.com174.120.148.194m45.websitewelcome.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
orthopedicseatcushion.org72.9.153.145host.trailerway.com.30496COLO4_-_Colo4_LLCUnitedStates
popularjobinterviewquestions.com67.228.239.23667.228.239.236-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
property-buyer.net173.193.108.140173.193.108.140-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
puros.ca173.236.130.195apache2-udder.samick.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
ricklenoblecpa.com67.159.216.32host-67-159-216-32.in2net.com.26753IN2NET-NETWORK_In2Net_network_inc.Canada
righthomebuyers.com50.116.98.104NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
scottsdalemusic.org69.160.35.164srv03.coppershadow.com.19181CWIE_-_CWIE_LLCUnitedStates
sharpautoparts.com64.13.232.215acmkoieeqq.gs02.gridserver.com.31815MEDIATEMPLE_-_Media_Temple_Inc.UnitedStates
sinhalababynames.com69.175.50.172gurukulla.com.32475SINGLEHOP-INC_-_SingleHopUnitedStates
the-best-info-online.com67.228.239.23667.228.239.236-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
thecanadianway.com.au116.0.23.215sontaran.instanthosting.com.au.9280CIA-AS_connect_infobahn_australia_(CIA)Australia
uralbeats.com88.198.37.49static.88-198-37-49.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
viktor.declipse.se212.97.132.141ws41.surf-town.net.9120COHAESIONET_Cohaesio_A/SDenmark
wateraerobicsroutines.com66.147.242.176box576.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates

[カテゴリ:spam観察日記]

by jyake