cNotes 検索一覧カテゴリ

Citibankを騙るフィッシング

Published: 2012/12/15

観測日： 2012/12/14

通数： 300通/day

手法：誘導URL型

目的：マルウェア感染、個人情報搾取

フィッシングとかExploitKit利用した攻撃だとかマルウェア感染だとか手法的な違いはありますが、最近はなんでもかんでも送信元を騙って騙して個人情報奪い取るものばかりなので同じといえば同じ。。。

12/13から大量発生中のフィッシングネタの一つ。年末だから？

こういう時は、ここでは検出できていないたくさんのフィッシングが発生していると思われます。

BHEK2でやられてる改竄サイトが利用されています。

citibankについては「com_ag_google_analytics2」のパターンがほとんです。（一部別のパターンも含まれるようです）

 ｈttp://tumrubtong.com/components/com_ag_google_analytics2/alert-service-citi-sign_in.html
 ｈttp://bakaymuhendislik.com/images/alert-service-citi-sign_in.html 
 ｈttp://ceipfernandogavilan.com/components/com_ag_google_analytics2/alert-service-citi-sign_in.html

domain	ip	逆引き	AS	AS Name	Country
ancienslps.org	41.228.38.39	NONE	2609	TN-BB-AS_Tunisia_BackBone_AS	Tunisia
pinkfinancialgroup.com	117.104.160.137	vip-web9-3.ilisys.com.au.	7474	OPTUSCOM-AS01-AU_SingTel_Optus_Pty_Ltd	Australia
proliconplus.com	202.142.220.206	sith.chaiyohosting.com.	7654	SIAMGLOBE-AS-AP_Internet_Service_Provider_Co._Ltd.	Thailand
taxipuertollano.com	217.160.246.129	clienteservidor.es.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
simasultana.com	84.95.248.125	tpirsum.starltd.net.	9116	GOLDENLINES-ASN_012_Smile_Communications_Main_Autonomous_System	Israel
thairath92.net	27.254.38.219	dg0038ns1.dragonhispeed.com.	9891	CSLOX-IDC-AS-AP_CS_LOXINFO_Public_Company_Limited.	Thailand
chousehotel.com	122.155.13.19	ns1-15513019.dragonhispeed.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
kaewjewelry.com	122.155.17.187	cat17187.thaihostserver.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
massstation.com	122.155.0.183	NONE	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
miinni.net	122.155.7.77	server.nanowebhost.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
nettec-solution.com	122.155.6.21	ns1-1556021.dragonhispeed.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
ukimura.com	122.155.1.83	server-1551083.dragonhispeed.com.	9931	CAT-AP_The_Communication_Authoity_of_Thailand_CAT	Thailand
cyprusconx.com	209.140.18.132	server14.idealhost.ws.	11042	LANDIS-HOLDINGS-INC_-_Landis_Holdings_Inc	UnitedStates
maccamsarl.com	69.73.165.200	roguelj.co.uk.	11042	LANDIS-HOLDINGS-INC_-_Landis_Holdings_Inc	UnitedStates
addright-ng.com	209.105.246.119	NONE	13354	ASN-EBLGLOBAL_-_EBL_Global_Networks_Inc.	UnitedStates
expresspcsupport.com	54.234.37.25	ec2-54-234-37-25.compute-1.amazonaws.com.	14618	AMAZON-AES_-_Amazon.com_Inc.	UnitedStates
open-ukraine.com	31.24.209.34	034.vps.ho.ua.	15497	COLOCALL_Internet_Data_Center__ColoCALL_	Ukraine
toddi73.net	80.190.202.172	web40.heiko-rudolf.de.	15598	IP-EXCHANGE_IP_Exchange_GmbH	Germany
tamilarog.com	109.237.132.6	alfa3064.alfahosting-server.de.	16097	HLKOMM_HL_komm_Telekommunikations_GmbH	Germany
lafarramedellin.com	198.27.78.193	hydra.cehis.net.	16276	OVH_OVH_Systems	Canada
varambon.com	87.98.153.75	serveur3.3go.fr.	16276	OVH_OVH_Systems	France
911pcs.com	173.199.189.36	server27.ecuhosting.org.	19066	WIREDTREE_-_Cogswell_Enterprises_Inc.	UnitedStates
themixradioextra.com	66.45.255.234	server7.datalength.com.	19318	NJIIX-AS-1_-_NEW_JERSEY_INTERNATIONAL_INTERNET_EXCHANGE_LLC	UnitedStates
sithra.com	208.76.243.50	s307.c4.crucialx.net.	20202	CRUCIAL_-_Crucial_Paradigm	UnitedStates
fastinmatesearch.com	198.58.85.2	stats.iguana.arvixe.com.	21788	NOC_-_Network_Operations_Center_Inc.	UnitedStates
abyssinianflights.com	174.121.134.190	be.86.79ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
addgoal.com	69.93.231.38	26.e7.5d45.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
europa-coaches-international.com	174.132.79.195	c3.4f.84ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
gpstrackingtoday.com	174.121.37.126	7e.25.79ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
green-traders.com	174.121.134.91	5b.86.79ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
iafethiopia.com	174.121.134.189	bd.86.79ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
konkanibhashamandal.com	174.121.85.158	9e.55.79ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
rslfiji.com	74.52.72.43	2b.48.344a.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
vertilexbd.com	174.120.117.187	bb.75.78ae.static.theplanet.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
ruaxekhongcannuoc.com	202.78.227.162	mail.atpcorporation.com.vn.	24085	QTSC-AS-VN_Quang_Trung_Software_City_Development_Company	Vietnam
wiese-steuerberater.com	88.84.158.30	mv1867.1blu.de.	24989	IXEUROPE-DE-FRANKFURT-ASN_Equinix_Germany_(Previously_IX_Europe_Germany_AS)	Germany
safi-ro.com	207.58.135.22	server5.jsrhost.com.	25847	SERVINT_-_ServInt	UnitedStates
retablospesce.com	200.58.119.117	inglaterra.dattaweb.com.	27823	Dattatec.com	Argentina
cpaamerican.org	66.96.160.154	154.160.96.66.static.eigbox.net.	29873	BIZLAND-SD_-_The_Endurance_International_Group_Inc.	UnitedStates
define-designpreneur.com	204.197.246.138	host.f3nd.com.	30496	COLO4_-_Colo4_LLC	UnitedStates
mediaworkstudios.com	78.142.63.134	vps.swaminarayan.in.	31083	TELEPOINT_Powernet_Ltd	Bulgaria
takarafze.com	78.110.50.148	cl1-w.ht-systems.ru.	31240	OLD-HT-SYSTEMS-AS_JSC_Hosting_Telesystems_autonomous_system	RussianFederation
psdtoxhtmlcode.com	79.170.44.95	web95.extendcp.co.uk.	31727	NODE4-AS_Node4_Ltd_UK	UnitedKingdom
transportjogja.com	142.54.184.27	NONE	32097	WII-KC_-_WholeSale_Internet_Inc.	UnitedStates
nihapa.com	199.48.254.56	smart.mambogroup.net.	32748	STEADFAST_-_Steadfast_Networks	UnitedStates
abonoselbuensembrador.com	199.168.186.154	alpha.superdnssite.com.	33182	DIMENOC_-_HostDime.com_Inc.	UnitedStates
rajenengg.com	119.18.57.67	jet.websitedns.in.	33480	WEBWERKSAS1_-_Web_Werks	India
haksanotomat.com	94.73.146.80	94-73-146-80.cizgi.net.tr.	34619	CIZGI_Cizgi_Telekomunikasyon_Hizmetleri_Sanayi_Ve_Ticaret_Limited_Sirketi	Turkey
konyafotografevi.com	94.73.146.100	94-73-146-100.cizgi.net.tr.	34619	CIZGI_Cizgi_Telekomunikasyon_Hizmetleri_Sanayi_Ve_Ticaret_Limited_Sirketi	Turkey
evigoldhaliperde.com	149.3.131.85	85-131-3-149.rackcentre.redstation.net.uk.	35662	REDSTATION_Redstation_Limited	UnitedKingdom
detectall.com	100.42.59.77	100.42.59.77-static.reverse.mysitehosted.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
gamedaytickets.com	173.193.177.187	173.193.177.187-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
kenandbamboooz.com	216.172.186.201	NONE	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
lvcufamily.com	173.193.85.77	hostvillenigeria.hostvillenigeria.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
siescolombia.org	174.37.136.219	174.37.136.219-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
spiritofqurban.com	50.22.174.232	50.22.174.232-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
sextabletka.com	37.140.192.23	spl18.hosting.reg.ru.	39134	SKYMEDIA_United_Network_LLC	RussianFederation
jb-solution.com	46.182.216.8	keurigonline09.nl.	39704	CJ2-AS_CJ2_Hosting&Development	Netherlands
parlaitalia.com	31.31.196.35	scp7.hosting.reg.ru.	39792	ANDERS-AS_Anders_Telecom_Ltd.	RussianFederation
artocrafts.com	208.91.199.19	bh-10.webhostbox.net.	40034	CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc	UnitedStates
omshivind.com	208.91.198.47	md-6.webhostbox.net.	40034	CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc	UnitedStates
pbcwebhosting.com	208.91.198.96	bh-1.webhostbox.net.	40034	CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc	UnitedStates
langkawi-carrent.com	124.217.248.26	NONE	45839	PIRADIUS-AS_PIRADIUS_NET_AS45839	Malaysia
agilemaxima.com	69.89.25.169	box169.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
coiffurelifestyle.com	173.254.28.136	just136.justhost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
hissesor.com	66.147.244.94	box794.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
rjewelryd.com	66.147.244.107	box807.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
santai-sabang.com	69.89.31.218	box418.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
skngas.com	50.87.117.43	50-87-117-43.unifiedlayer.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
windwavessoln.com	66.147.244.135	box835.bluehost.com.	46606	UNIFIEDLAYER-AS-1_-_Unified_Layer	UnitedStates
softwarehit.com	195.88.75.11	sh1-n1-gmdc.datacenter.bg.	48900	INFODATACENTER_Info_Data_Center_Ltd.	Bulgaria
stickere.info	93.115.203.215	215.203.115.93.static.spatiul.ro.	50939	SPACE-AS_Space_Ro_Srl	Romania
bakaymuhendislik.com	95.173.165.30	30tas5h3.ni.net.tr.	51559	NETINTERNET_Netinternet_Bilgisayar_ve_Telekomunikasyon_San._ve_Tic._Ltd._Sti.	Turkey
beylikduzundekoltukdoseme.com	94.102.11.233	233k1y77e.ni.net.tr.	51559	NETINTERNET_Netinternet_Bilgisayar_ve_Telekomunikasyon_San._ve_Tic._Ltd._Sti.	Turkey
sandalyegiydirme.net	94.102.11.238	238zxyogh.ni.net.tr.	51559	NETINTERNET_Netinternet_Bilgisayar_ve_Telekomunikasyon_San._ve_Tic._Ltd._Sti.	Turkey
viabensolutions.com	173.205.127.190	ehub29.webhostinghub.com.	54641	INMOTI-1_-_InMotion_Hosting_Inc.	UnitedStates
saifakarnkaset.com	119.59.120.15	ns95.hostinglotus.net.	56067	METRABYTE-TH_453_Ladplacout_Jorakhaebua	Thailand
tumrubtong.com	119.59.120.8	ns83.hostinglotus.net.	56067	METRABYTE-TH_453_Ladplacout_Jorakhaebua	Thailand
doitacvang.com	103.28.36.191	share28-r4.nhanhoa.com.	131353	NHANHOA-AS-VN_NhanHoa_Software_company	Vietnam
ceipfernandogavilan.com	86.109.162.236	h0101.hostytec.com.	196713	ABANSYS_AND_HOSTYTEC-AS_Abansys_&_Hostytec_S.L.	Spain

[カテゴリ:spam観察日記]

by jyake

Citibankを騙るフィッシング

TOP

Contents

About cNotes

What's New