cNotes 検索一覧カテゴリ

BBB - mail.html

Published: 2012/02/20

観測日： 2012/2/17～2/18

通数： 50～200通/day

目的： javaの脆弱性を利用した攻撃等→アカウント情報を盗む、FakeAV等

特徴： URLに「mail.html」

BBB - company.htmlのバリエーション。

mail.htmlが設置されているURLをみると、WordPressで運用しているサイトのアカウント情報が盗まれて、そのサイトが大量に利用されている例が多い感じ。若干その他のサイトも含まれているようですが。

このような文面。

以下はいままでの攻撃と同じ。

文面のURLはこのような感じ。

domain	path
advofamily.com	/newsite/mail.html
alambrepolitico.minuto30.com	/wp-includes/mail.html
alamos.gob.mx	/transparencia1/mail.html
avintagewatch.com	/wp-content/mail.html
badulescu.net	/Wedding/mail.html
blackhawktacticalstore.com	/images/mail.html
bounceaboutcastles.com	/wp-admin/mail.html
brianviki.com	/brian/mail.html
caletacolorada.com	/wp-admin/mail.html
caritasnairobi.org	/cgi-bin/mail.html
cihanpatent.com	/logs/mail.html
classic2wheelers.com	/ebay/mail.html
coldair.nl	/email/mail.html
computervariety.com	/wp-includes/mail.html
damicoproduzioni.it	/wp-admin/mail.html
defamationzone.com	/images/mail.html
doorkeepers.co.nz	/includes/mail.html
edisonkuo.com	/apps/mail.html
emi-2u.com	/v2/mail.html
fundaprocrear.org	/wp-includes/mail.html
golf.declipse.se	/cp/mail.html
greatsouthernshowcasems.com	/images/mail.html
hay365.net	/images/mail.html
irunlikeamother.com	/wp-admin/mail.html
jaytorbit.com	/wp-content/mail.html
jetleigh.com	/images/mail.html
jvashow.co.uk	/wp-content/mail.html
kidland.it	/wp-admin/mail.html
lasermeasuringdevice.org	/wp-content/mail.html
listandcash.com	/mail.html
masbordadospanama.com	/wp-admin/mail.html
mobilepersonalgifts.com	/wp-includes/mail.html
onlinecargosecurity.com	/wp-content/mail.html
orthopedicseatcushion.org	/wp-admin/mail.html
popularjobinterviewquestions.com	/wp-includes/mail.html
property-buyer.net	/cgi-bin/mail.html
puros.ca	/downloads/mail.html
ricklenoblecpa.com	/pbadmin/mail.html
righthomebuyers.com	/wp-includes/mail.html
scottsdalemusic.org	/cache/mail.html
sharpautoparts.com	/media/mail.html
sinhalababynames.com	/wp-content/mail.html
the-best-info-online.com	/wp-admin/mail.html
thecanadianway.com.au	/voiiceworx/mail.html
uralbeats.com	/muz/mail.html
viktor.declipse.se	/cgi-bin/mail.html
wateraerobicsroutines.com	/cgi-bin/mail.html

ASとか国とかの情報。

domain	ip	逆引き	AS	AS Name	国
alambrepolitico.minuto30.com	66.239.209.31	server.minuto30.com.	2828	XO-AS15_-_XO_Communications	UnitedStates
alamos.gob.mx	67.205.5.80	apache2-mop.gambino.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
avintagewatch.com	173.236.38.138	cx39.justhost.com.	32475	SINGLEHOP-INC_-_SingleHop	UnitedStates
badulescu.net	69.163.251.203	apache2-grog.hamer.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
blackhawktacticalstore.com	50.23.23.85	50.23.23.85-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
bounceaboutcastles.com	79.170.40.40	web40.extendcp.co.uk.	31727	NODE4-AS_Node4_Ltd_UK	UnitedKingdom
brianviki.com	69.163.250.37	apache2-cabo.tobias.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
caletacolorada.com	68.178.232.99	parkwebwin-v02.prod.mesa1.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_Inc.	UnitedStates
caritasnairobi.org	69.89.31.191	box391.bluehost.com.	46606	BLUEHOST-AS-2_-_Bluehost_Inc.	UnitedStates
cihanpatent.com	94.102.8.56	56nu1a8i.ni.net.tr.	51559	NETINTERNET_Netinternet_Bilgisayar_ve_Telekomunikasyon_San._ve_Tic._Ltd._Sti.	Turkey
classic2wheelers.com	184.154.126.50	fsx02.justhost.com.	32475	SINGLEHOP-INC_-_SingleHop	UnitedStates
coldair.nl	84.243.205.81	wilson.fastbyte-hosting.nl.	51088	A2B_A2B_Internet_B.V.	Netherlands
computervariety.com	122.155.16.84	dg0028ns1.dragonhispeed.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
damicoproduzioni.it	69.163.187.17	apache2-olive.bujumbura.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
defamationzone.com	68.171.208.134	bigmikewatters.com.	22878	ASACENET1_-_ACENET_INC.	UnitedStates
doorkeepers.co.nz	209.217.253.26	static-26-253-217-209.nocdirect.com.	16626	GNAXNET-AS_-_Global_Net_Access_LLC	UnitedStates
edisonkuo.com	180.235.150.7	demoniix.in-hell.com.	45731	ARDH-AS-ID_ARDH_GLOBAL_INDONESIA_PT	Indonesia
emi-2u.com	202.75.41.6	server27.internet-webhosting.com.	17971	TMVADS-AP_TM-VADS_Datacenter_Management	Malaysia
fundaprocrear.org	72.249.126.107	NONE	30496	COLO4_-_Colo4_LLC	UnitedStates
golf.declipse.se	212.97.132.141	ws41.surf-town.net.	9120	COHAESIONET_Cohaesio_A/S	Denmark
greatsouthernshowcasems.com	64.13.206.177	acmkokomci.gs01.gridserver.com.	31815	MEDIATEMPLE_-_Media_Temple_Inc.	UnitedStates
hay365.net	173.236.157.237	apache2-bongo.randall.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
irunlikeamother.com	69.89.31.191	box391.bluehost.com.	46606	BLUEHOST-AS-2_-_Bluehost_Inc.	UnitedStates
jaytorbit.com	173.236.169.213	apache2-pat.mamoudzou.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
jetleigh.com	69.163.251.157	apache2-moon.hamer.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
jvashow.co.uk	69.163.208.67	apache2-echo.porto-novo.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
kidland.it	69.163.141.66	apache2-bongo.obelix.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
lasermeasuringdevice.org	72.9.153.145	host.trailerway.com.	30496	COLO4_-_Colo4_LLC	UnitedStates
listandcash.com	174.132.189.162	gator731.hostgator.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
masbordadospanama.com	69.163.208.56	apache2-snort.brasilia.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
mobilepersonalgifts.com	82.165.100.220	kundenserver.de.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
onlinecargosecurity.com	174.120.148.194	m45.websitewelcome.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
orthopedicseatcushion.org	72.9.153.145	host.trailerway.com.	30496	COLO4_-_Colo4_LLC	UnitedStates
popularjobinterviewquestions.com	67.228.239.236	67.228.239.236-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
property-buyer.net	173.193.108.140	173.193.108.140-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
puros.ca	173.236.130.195	apache2-udder.samick.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
ricklenoblecpa.com	67.159.216.32	host-67-159-216-32.in2net.com.	26753	IN2NET-NETWORK_In2Net_network_inc.	Canada
righthomebuyers.com	50.116.98.104	NONE	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
scottsdalemusic.org	69.160.35.164	srv03.coppershadow.com.	19181	CWIE_-_CWIE_LLC	UnitedStates
sharpautoparts.com	64.13.232.215	acmkoieeqq.gs02.gridserver.com.	31815	MEDIATEMPLE_-_Media_Temple_Inc.	UnitedStates
sinhalababynames.com	69.175.50.172	gurukulla.com.	32475	SINGLEHOP-INC_-_SingleHop	UnitedStates
the-best-info-online.com	67.228.239.236	67.228.239.236-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
thecanadianway.com.au	116.0.23.215	sontaran.instanthosting.com.au.	9280	CIA-AS_connect_infobahn_australia_(CIA)	Australia
uralbeats.com	88.198.37.49	static.88-198-37-49.clients.your-server.de.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
viktor.declipse.se	212.97.132.141	ws41.surf-town.net.	9120	COHAESIONET_Cohaesio_A/S	Denmark
wateraerobicsroutines.com	66.147.242.176	box576.bluehost.com.	46606	BLUEHOST-AS-2_-_Bluehost_Inc.	UnitedStates

[カテゴリ:spam観察日記]

by jyake

BBB - mail.html

TOP

Contents

About cNotes

What's New