cNotes 検索 一覧 カテゴリ

Changelog spam - infourl.htm

Published: 2013/03/23

繰り返し送信される「Changelog」系の誘導。

最近では「Changelog spam - inform.htm」。

subjectもたくさん。

 Fwd: Your Changelog UPDATED
 Fwd: Changelog 2011 update
 Re: Changelog 2011 update
 Re: Fwd: Changelog as promised (upd.)
 Re: Fwd: Changelog Oct.
 Fwd: Re: Changelog as promised(updated)
 Fwd: Re: Your Changelog UPDATED
 Fwd: Your Changelog
 Fwd: Changelog as promised(updated)
 Fwd: Re: Your Changelog
 Re: Changelog as promised(updated)
 Re: Fwd: Changelog 2011 update
 Re: Fwd: Your Changelog UPDATED
 Fwd: Changelog as promised (upd.)
 Fwd: Re: Changelog as promised (upd.)

文中のURLはこんな感じ。

 http://www.pokolenie-xxi-orel.ru/infourl.htm

いつものパターン。

今回のはwget等でもアクセスできますが、BHEK等を使った時の特徴である「1つのIPからは1回しかアクセスできない」ようです。二回目以降のアクセスは502応答。

降ってきますね。

いつもどおりPDFその他の脆弱性狙われて個人情報盗まれる系へのパターンです。。


hostnameip逆引きASAS NameCountry
13b.ru92.63.103.154hosterm.net.29182ISPSYSTEM-AS_ISPsystem_Autonomous_SystemRussianFederation
4x4adventure.pl213.186.33.19cluster010.ovh.net.16276OVH_OVH_SystemsFrance
abnormal-world.ru95.211.1.142cp8.kubez.biz.16265LEASEWEB_LeaseWeb_B.V.Netherlands
action-rp.ru37.140.192.72spl25.hosting.reg.ru.39134SKYMEDIA_United_Network_LLCRussianFederation
alan.myarena.ru62.122.213.10anyhosting.ru.197309RSMEDIA-AS_RS-Media_LLCRussianFederation
anewyousupport.com50.63.97.1p3nlhg434c1434.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
anytools.ir79.143.86.131NONE57230ARIAWEBCO-AS_Aria_Web_Development_LLCUnitedKingdom
cs64.ru81.177.140.55NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
device.gtahost.ru77.220.180.12web1.game-servers.ru.42632MNOGOBYTE-AS_MnogoByte_LLCRussianFederation
dev.thralle.com82.165.92.242kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
dinamomania.ro86.120.69.9086-120-69-90.rdsnet.ro.8708RCS-RDS_RCS_&_RDS_SARomania
dragon07.byethost7.com209.190.85.24san2.byetcluster.com.10297ENET-2_-_eNET_Inc.UnitedKingdom
dv-tigers.no-ip.org77.34.179.81NONE12332PRIMORYE-AS_OJSC_RostelecomRussianFederation
eternalcorpsecouncil.com193.107.29.122web5.ip.no.50562ITPAYS-AS_IT_PAYS_ASNorway
fakultatyv.com62.109.24.109fakultatyv.ru.29182ISPSYSTEM-AS_ISPsystem_Autonomous_SystemRussianFederation
forum.bme-damas.com66.147.244.94box794.bluehost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
forum.hyperionteam.pl5.9.152.198webhostar.pl.24940HETZNER-AS_Hetzner_Online_AGGermany
forumi.net16.net31.170.161.5631-170-161-56.main-hosting.com.47583HOSTINGER-AS_Hostinger_International_LimitedUnitedStates
forum.nanya.ru62.76.185.20962-76-185-209.clodo.ru.57010CLODO-AS_IT_House_Ltd.RussianFederation
forum.niphome.com79.174.72.66cf1.hc.ru.47385HOSTING-COMPANY-AS_Hosting_center_Ltd.RussianFederation
forum.redux-rp.ru81.222.215.79mailtron.beget.ru.20597ELTEL-AS_ELTEL.NET_Autonomous_SystemRussianFederation
forums.division24.com.au69.89.31.170box370.bluehost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
forums.iboxgames.org66.96.147.118118.147.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
forums.opgaming.net64.37.52.73air.nseasy.com.33812KELDYSH-AS_M.V.Keldysh_Institute_for_Applied_Mathematics_of_Russian_Science_AcademyUnitedStates
godreams.ru77.222.56.125nagoya.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
himikov.net69.163.194.39apache2-snort.colts.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
incendiary-ps.com198.15.67.210ns1.trentahost.com.20454SSASN2_-_SECURED_SERVERS_LLCUnitedStates
ingush-strike.com66.147.244.113box813.bluehost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
jazone.net46.30.211.50webcluster13.one.com.51468ONECOM_One.com_A/SDenmark
kazbahlabs.altervista.org78.129.205.44ns179.altervista.org.20860IOMART-AS_IomartItaly
la2bless.ru178.208.83.16s12.h.mchost.ru.35415WEBAZILLA_Webazilla_B.V.RussianFederation
mattdesigns.freehostia.com127.0.0.1NONENONEIOMART-AS_IomartAddressnot
mc.twideonline.ru81.177.139.151NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
my-crime.ruNULLNONENONEIOMART-AS_IomartNONENONE
nepharion.com108.162.196.226NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
nepharion.com108.162.197.226NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
norfolkbikeriders.com199.193.255.78thunder.countryhost.net.18978ENZUINC-US_-_Enzu_IncUnitedStates
northodyssey.ru92.53.96.221gagarin.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
painkiller.another-team.com88.191.117.239sd-20498.dedibox.fr.12322PROXAD_Free_SASFrance
prisoncity.net212.1.212.45212-1-212-45.hosting24.com.47583HOSTINGER-AS_Hostinger_International_LimitedUnitedStates
r00tsecurity.org209.141.46.20NONE53667PONYNET_-_FranTech_SolutionsUnitedStates
ragnabeta.net198.98.122.115srv3.khwdns.info.18978ENZUINC-US_-_Enzu_IncUnitedStates
reality-serveur.com108.162.196.206NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
reality-serveur.com108.162.197.206NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
servers.sa-mp.be178.208.83.40s33.h.mchost.ru.35415WEBAZILLA_Webazilla_B.V.RussianFederation
ss-bot.org37.221.170.116lh20128.voxility.net.39743VOXILITY-AS_Voxility_S.R.L.Germany
starkomfort.ru89.108.67.156cp120.agava.net.43146AGAVA3_Agava_Ltd.RussianFederation
talk.bosscopilot.ru37.140.192.24server41.hosting.reg.ru.39134SKYMEDIA_United_Network_LLCRussianFederation
triathlonplus.net66.96.147.114114.147.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
vortex-ro.net63.143.55.124124-55-143-63.static.reverse.lstn.net.46475LIMESTONENETWORKS_-_Limestone_Networks_Inc.UnitedStates
webmarketforums.com74.220.207.153host153.hostmonster.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
www.30man.com176.9.37.123static.123.37.9.176.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AGGermany
www.aocrealm.net74.220.215.201host201.hostmonster.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
www.arattan.comNULLhost153.hostmonster.com.NONEUNIFIEDLAYER-AS-1_-_Unified_LayerNONENONE
www.boonsongrabbit.com122.155.168.138ns17.appservhosting.com.9931CAT-AP_The_Communication_Authoity_of_Thailand_CATThailand
www.bucksvag.net212.227.32.65kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
www.carmod.net75.126.146.24675.126.146.246-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
www.drhacks.com176.32.230.1web1.extendcp.co.uk.31727NODE4-AS_Node4_LimitedUnitedKingdom
www.exyfox.com103.1.175.1sg2nlhg430c1430.shr.prod.sin2.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCSingapore
www.hostile-x.com212.1.215.194212-1-215-194.hosting24.com.47583HOSTINGER-AS_Hostinger_International_LimitedUnitedStates
www.imper1umdesigns.com184.168.55.1p3nlhg248c1248.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
www.knightsofdusk.com50.63.103.1p3nlhg406c1406.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
www.littleliarsbrasil.com5.39.71.9ns2273790.ovh.net.16276OVH_OVH_SystemsFrance
www.lovedacha.com37.140.193.24spl21.hosting.reg.ru.39134SKYMEDIA_United_Network_LLCRussianFederation
www.pokolenie-xxi-orel.ru95.107.33.143rigeryhost.ru.41134CTC-OREL-AS_OJSC_RostelecomRussianFederation
www.quickcraft.com.br186.227.162.3ns1.eloshost.com.br.262721AMPLITUDENET_PROVEDOR_DE_ACESSO_A_INTERNET_LTDABrazil
www.royale-ro.net108.171.246.247b2-10.unixbsd.info.40676PSYCHZ_-_Psychz_NetworksUnitedStates
www.tokyo.altervista.org144.76.1.54ns190.altervista.org.24940HETZNER-AS_Hetzner_Online_AGGermany
www.unbelievable-jeff.com213.229.123.30inferno.3v0.net.29550SIMPLYTRANSIT_Simply_Transit_LtdUnitedKingdom
www.valsori.com208.79.16.73NONE29944LATISYS-ASHBURN_-_Latisys-Ashburn_LLCUnitedStates
www.viedequalite.com85.17.90.75NONE16265LEASEWEB_LeaseWeb_B.V.Netherlands
www.walkurewest.ru77.222.61.141vh25.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
zm.bloodyfight.net92.53.125.90bumblebee.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
zotmice.com173.236.117.2server05.srvmatrix.info.32475SINGLEHOP-INC_-_SingleHopUnitedStates

[カテゴリ:spam観察日記]

by jyake