cNotes 検索 一覧 カテゴリ

Copies of Policies ― page-3.htm

Published: 2012/11/28

観測日: 2012/11/27

通数: 100通/day

手法: 誘導URL型

目的: マルウェア感染


この文面に使われているネタも以前同じものがあったと思います。

誘導URLの特徴が

 http://www.daytonahomes.ca/page-3.htm 
 http://www.tlmcpj.com/page-3.htm 
 http://www.wawo.cc/page-3.htm 

飛び先は

 http://ganiopatia.ru:8080/forum/links/column.php 

です。攻撃は新し目。


踏み台サイトですが、毎度毎度初めて見るホスティングサービスがありますね。

domainIP逆引きASAS nameCountry
tianyi-china.com116.254.188.24NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
ipoem.cca.gov.tw210.69.67.12NONE4782GSNET_Data_Communication_Business_GroupTaiwan
vf.kk.gov.tw210.69.67.12NONE4782GSNET_Data_Communication_Business_GroupTaiwan
www.taimali.gov.tw61.60.26.2961-60-26-29.HINET-IP.hinet.net.4782GSNET_Data_Communication_Business_GroupTaiwan
www.wawo.cc61.152.239.145NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
www.moshi8.com114.113.239.50NONE4847CNIX-AP_China_Networks_Inter-ExchangeChina
rioofby.vh35.hoster.by93.125.99.4vh35.hoster.by.6697BELPAK-AS_Republican_Association_BELTELECOMBelarus
mjm.mezon.ru37.77.135.198gate-obit.mezon.ru.8492OBIT-AS_Obit_Telecommunications_St.Petersburg_RussiaRussianFederation
www.macgregor.edu.hk223.255.186.34macgregor.edu.hk.9381NEWTT-IP-AP_Wharf_T&T_Ltd.HongKong
www.cmha.ua.edu130.160.21.131webhost1.ua.edu.12173UA_-_The_University_of_AlabamaUnitedStates
www.kovaripatent.hu91.82.85.51onlinefax.eu.12301INVITEL_Invitel_Tavkozlesi_Zrt.Hungary
blog.ortosultasto.it62.48.32.160linuxcluster.playnet.it.13284BRT-AS_Brain_Technology_S.p.A.Italy
www.educadog.it62.48.32.160linuxcluster.playnet.it.13284BRT-AS_Brain_Technology_S.p.A.Italy
www.daytonahomes.ca64.56.146.114iphost-64-56-146-114.edm.wiband.net.15102ASN-WIBAND-1_-_WiBand_CommunicationsCanada
rezevici-apartmani.com217.26.70.79NONE15982VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37Serbia
98903375.p81.sqnet.cn203.158.16.66NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
bhdlw.com180.86.123.77NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
tmtqtq.com115.47.136.102NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.tlmcpj.com115.47.69.38NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
oic.com.bd81.21.75.85server57.donhost.co.uk.20738AS20738_Webfusion_Internet_SolutionsUnitedKingdom
www.meteocenter.it77.89.7.180PTR-77.89.7.180.21309CASAWEB-AS_ACANTHO_SPAItaly
wilsad.cal24.pl46.4.74.241pekin.cal.pl.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
www.bioera.it62.108.234.203NONE25518ZUCCHETTI-AS_ZUCCHETTI_SPAItaly
vdg-el.com195.208.0.138NONE25535ASN-RUCENTER-HOSTING_Autonomous_Non-commercial_Organization__Regional_Network_Information_Center_RussianFederation
www.construireavecsaint-gobain.fr89.107.174.117.25593LINKBYNET-AS_Linkbynet_S.AFrance
domainmarkets.ru217.65.10.37NONE29076CITYTELECOM-AS_Citytelecom.ruRussianFederation
cristo-pelli.eu82.96.94.35thor.vel.pl.29686PROBENETWORKS-AS_Probe_NetworksGermany
pszr.info77.221.130.27srv027.infobox.ru.30968INFOBOX-AS_Infobox.ru_Autonomous_SystemRussianFederation
nighttraits.net199.204.47.194shared70.mtl.net.vexxhost.com.33028THENEBULACLOUD_-_vexxhostCanada
rusladoga.ru80.93.62.50sig.z8.ru.35569PETERHOST-MOSCOW_Concorde_Ltd.RussianFederation
utw.wroclaw.pl194.88.154.131194-88-154-131.host.static.webio.pl.35787IC-AS_Internet_Cafe_uslugi_informatyczne_Miroslaw_BackielPoland
museodecienciasamb.org.mx50.97.141.132linux.servidor1.net.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
sciwoburn.com184.173.81.183184.173.81.183-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
www.ftn.pr.ac.rs194.9.95.45s378.loopia.se.39570LOOPIA_Loopia_ABSweden
elan_svatky.toronto.raynet.cz81.91.222.67toronto.raynet.cz.39817OVANET_Ovanet_a.s.CzechRepublic
veg.baxtool.com178.20.153.9s23.freehost.com.ua.42331FREEHOST_PE_FreehostUkraine
sorisa.su77.222.56.28portland.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
sohungry.cn66.147.244.152box652.bluehost.com.46606BLUEHOST-AS-2_-_Unified_LayerUnitedStates
mixmediagroup.ru109.234.152.215NONE49505SELECTEL_Selectel_Ltd.RussianFederation

[カテゴリ:spam観察日記]

by jyake