Changelog spam - infourl.htm
Published: 2013/03/23
繰り返し送信される「Changelog」系の誘導。
最近では「Changelog spam - inform.htm」。
subjectもたくさん。
Fwd: Your Changelog UPDATED Fwd: Changelog 2011 update Re: Changelog 2011 update Re: Fwd: Changelog as promised (upd.) Re: Fwd: Changelog Oct. Fwd: Re: Changelog as promised(updated) Fwd: Re: Your Changelog UPDATED Fwd: Your Changelog Fwd: Changelog as promised(updated) Fwd: Re: Your Changelog Re: Changelog as promised(updated) Re: Fwd: Changelog 2011 update Re: Fwd: Your Changelog UPDATED Fwd: Changelog as promised (upd.) Fwd: Re: Changelog as promised (upd.)
文中のURLはこんな感じ。
http://www.pokolenie-xxi-orel.ru/infourl.htm
いつものパターン。
今回のはwget等でもアクセスできますが、BHEK等を使った時の特徴である「1つのIPからは1回しかアクセスできない」ようです。二回目以降のアクセスは502応答。
降ってきますね。
いつもどおりPDFその他の脆弱性狙われて個人情報盗まれる系へのパターンです。。
hostname | ip | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
13b.ru | 92.63.103.154 | hosterm.net. | 29182 | ISPSYSTEM-AS_ISPsystem_Autonomous_System | RussianFederation |
4x4adventure.pl | 213.186.33.19 | cluster010.ovh.net. | 16276 | OVH_OVH_Systems | France |
abnormal-world.ru | 95.211.1.142 | cp8.kubez.biz. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands |
action-rp.ru | 37.140.192.72 | spl25.hosting.reg.ru. | 39134 | SKYMEDIA_United_Network_LLC | RussianFederation |
alan.myarena.ru | 62.122.213.10 | anyhosting.ru. | 197309 | RSMEDIA-AS_RS-Media_LLC | RussianFederation |
anewyousupport.com | 50.63.97.1 | p3nlhg434c1434.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
anytools.ir | 79.143.86.131 | NONE | 57230 | ARIAWEBCO-AS_Aria_Web_Development_LLC | UnitedKingdom |
cs64.ru | 81.177.140.55 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation |
device.gtahost.ru | 77.220.180.12 | web1.game-servers.ru. | 42632 | MNOGOBYTE-AS_MnogoByte_LLC | RussianFederation |
dev.thralle.com | 82.165.92.242 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
dinamomania.ro | 86.120.69.90 | 86-120-69-90.rdsnet.ro. | 8708 | RCS-RDS_RCS_&_RDS_SA | Romania |
dragon07.byethost7.com | 209.190.85.24 | san2.byetcluster.com. | 10297 | ENET-2_-_eNET_Inc. | UnitedKingdom |
dv-tigers.no-ip.org | 77.34.179.81 | NONE | 12332 | PRIMORYE-AS_OJSC_Rostelecom | RussianFederation |
eternalcorpsecouncil.com | 193.107.29.122 | web5.ip.no. | 50562 | ITPAYS-AS_IT_PAYS_AS | Norway |
fakultatyv.com | 62.109.24.109 | fakultatyv.ru. | 29182 | ISPSYSTEM-AS_ISPsystem_Autonomous_System | RussianFederation |
forum.bme-damas.com | 66.147.244.94 | box794.bluehost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
forum.hyperionteam.pl | 5.9.152.198 | webhostar.pl. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
forumi.net16.net | 31.170.161.56 | 31-170-161-56.main-hosting.com. | 47583 | HOSTINGER-AS_Hostinger_International_Limited | UnitedStates |
forum.nanya.ru | 62.76.185.209 | 62-76-185-209.clodo.ru. | 57010 | CLODO-AS_IT_House_Ltd. | RussianFederation |
forum.niphome.com | 79.174.72.66 | cf1.hc.ru. | 47385 | HOSTING-COMPANY-AS_Hosting_center_Ltd. | RussianFederation |
forum.redux-rp.ru | 81.222.215.79 | mailtron.beget.ru. | 20597 | ELTEL-AS_ELTEL.NET_Autonomous_System | RussianFederation |
forums.division24.com.au | 69.89.31.170 | box370.bluehost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
forums.iboxgames.org | 66.96.147.118 | 118.147.96.66.static.eigbox.net. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates |
forums.opgaming.net | 64.37.52.73 | air.nseasy.com. | 33812 | KELDYSH-AS_M.V.Keldysh_Institute_for_Applied_Mathematics_of_Russian_Science_Academy | UnitedStates |
godreams.ru | 77.222.56.125 | nagoya.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
himikov.net | 69.163.194.39 | apache2-snort.colts.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
incendiary-ps.com | 198.15.67.210 | ns1.trentahost.com. | 20454 | SSASN2_-_SECURED_SERVERS_LLC | UnitedStates |
ingush-strike.com | 66.147.244.113 | box813.bluehost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
jazone.net | 46.30.211.50 | webcluster13.one.com. | 51468 | ONECOM_One.com_A/S | Denmark |
kazbahlabs.altervista.org | 78.129.205.44 | ns179.altervista.org. | 20860 | IOMART-AS_Iomart | Italy |
la2bless.ru | 178.208.83.16 | s12.h.mchost.ru. | 35415 | WEBAZILLA_Webazilla_B.V. | RussianFederation |
mattdesigns.freehostia.com | 127.0.0.1 | NONE | NONE | IOMART-AS_Iomart | Addressnot |
mc.twideonline.ru | 81.177.139.151 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation |
my-crime.ru | NULL | NONE | NONE | IOMART-AS_Iomart | NONENONE |
nepharion.com | 108.162.196.226 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
nepharion.com | 108.162.197.226 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
norfolkbikeriders.com | 199.193.255.78 | thunder.countryhost.net. | 18978 | ENZUINC-US_-_Enzu_Inc | UnitedStates |
northodyssey.ru | 92.53.96.221 | gagarin.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
painkiller.another-team.com | 88.191.117.239 | sd-20498.dedibox.fr. | 12322 | PROXAD_Free_SAS | France |
prisoncity.net | 212.1.212.45 | 212-1-212-45.hosting24.com. | 47583 | HOSTINGER-AS_Hostinger_International_Limited | UnitedStates |
r00tsecurity.org | 209.141.46.20 | NONE | 53667 | PONYNET_-_FranTech_Solutions | UnitedStates |
ragnabeta.net | 198.98.122.115 | srv3.khwdns.info. | 18978 | ENZUINC-US_-_Enzu_Inc | UnitedStates |
reality-serveur.com | 108.162.196.206 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
reality-serveur.com | 108.162.197.206 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
servers.sa-mp.be | 178.208.83.40 | s33.h.mchost.ru. | 35415 | WEBAZILLA_Webazilla_B.V. | RussianFederation |
ss-bot.org | 37.221.170.116 | lh20128.voxility.net. | 39743 | VOXILITY-AS_Voxility_S.R.L. | Germany |
starkomfort.ru | 89.108.67.156 | cp120.agava.net. | 43146 | AGAVA3_Agava_Ltd. | RussianFederation |
talk.bosscopilot.ru | 37.140.192.24 | server41.hosting.reg.ru. | 39134 | SKYMEDIA_United_Network_LLC | RussianFederation |
triathlonplus.net | 66.96.147.114 | 114.147.96.66.static.eigbox.net. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates |
vortex-ro.net | 63.143.55.124 | 124-55-143-63.static.reverse.lstn.net. | 46475 | LIMESTONENETWORKS_-_Limestone_Networks_Inc. | UnitedStates |
webmarketforums.com | 74.220.207.153 | host153.hostmonster.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
www.30man.com | 176.9.37.123 | static.123.37.9.176.clients.your-server.de. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
www.aocrealm.net | 74.220.215.201 | host201.hostmonster.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
www.arattan.com | NULL | host153.hostmonster.com. | NONE | UNIFIEDLAYER-AS-1_-_Unified_Layer | NONENONE |
www.boonsongrabbit.com | 122.155.168.138 | ns17.appservhosting.com. | 9931 | CAT-AP_The_Communication_Authoity_of_Thailand_CAT | Thailand |
www.bucksvag.net | 212.227.32.65 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
www.carmod.net | 75.126.146.246 | 75.126.146.246-static.reverse.softlayer.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
www.drhacks.com | 176.32.230.1 | web1.extendcp.co.uk. | 31727 | NODE4-AS_Node4_Limited | UnitedKingdom |
www.exyfox.com | 103.1.175.1 | sg2nlhg430c1430.shr.prod.sin2.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | Singapore |
www.hostile-x.com | 212.1.215.194 | 212-1-215-194.hosting24.com. | 47583 | HOSTINGER-AS_Hostinger_International_Limited | UnitedStates |
www.imper1umdesigns.com | 184.168.55.1 | p3nlhg248c1248.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
www.knightsofdusk.com | 50.63.103.1 | p3nlhg406c1406.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
www.littleliarsbrasil.com | 5.39.71.9 | ns2273790.ovh.net. | 16276 | OVH_OVH_Systems | France |
www.lovedacha.com | 37.140.193.24 | spl21.hosting.reg.ru. | 39134 | SKYMEDIA_United_Network_LLC | RussianFederation |
www.pokolenie-xxi-orel.ru | 95.107.33.143 | rigeryhost.ru. | 41134 | CTC-OREL-AS_OJSC_Rostelecom | RussianFederation |
www.quickcraft.com.br | 186.227.162.3 | ns1.eloshost.com.br. | 262721 | AMPLITUDENET_PROVEDOR_DE_ACESSO_A_INTERNET_LTDA | Brazil |
www.royale-ro.net | 108.171.246.247 | b2-10.unixbsd.info. | 40676 | PSYCHZ_-_Psychz_Networks | UnitedStates |
www.tokyo.altervista.org | 144.76.1.54 | ns190.altervista.org. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
www.unbelievable-jeff.com | 213.229.123.30 | inferno.3v0.net. | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
www.valsori.com | 208.79.16.73 | NONE | 29944 | LATISYS-ASHBURN_-_Latisys-Ashburn_LLC | UnitedStates |
www.viedequalite.com | 85.17.90.75 | NONE | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands |
www.walkurewest.ru | 77.222.61.141 | vh25.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
zm.bloodyfight.net | 92.53.125.90 | bumblebee.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
zotmice.com | 173.236.117.2 | server05.srvmatrix.info. | 32475 | SINGLEHOP-INC_-_SingleHop | UnitedStates |
by jyake