EFTPS Batch Provider Customer Serviceを騙るspam
Published: 2013/01/12
EFTPS Electronic Federal Tax Payment System を騙るスパム、Tax Payment系です。
狙いはいつもどおりです。
相変わらずWordpressのpluginsフォルダに仕掛けられてます。
http://order-protandim.com/wp-content/plugins/zeleaqonybg/eftpssignin.html http://rajtakova.com/wp-content/plugins/zcwwosuoenw/batchdeteftps.html http://ysatny.com/wp-content/plugins/zaejieorook/batchdeteftps.html http://bestpermanentroof.com/wp-content/plugins/zudiuaqekni/eftpssignin.html http://fullspectrumbuilders.com/wp-content/plugins/zwoswqcekux/eftpssignin.html http://jurisdictionthemovie.com/wp-content/plugins/zeotyjoeuek/eftpssignin.html
次のステップはここに飛ばされますが
http://linuxreal.net/detects/eftps-gov.php
端末の条件が合わないと攻撃サイトではなくgoogleに飛ばされます。
domain | IP | 逆引き | AS | AS name | Country |
---|---|---|---|---|---|
tickeridentify.com | 108.175.5.35 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
kaoliqi.com | 49.212.198.12 | www2802.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
clinicadeladoctoraileanlopez.com | 174.34.224.110 | node101.fastbighost.com. | 13618 | CARONET-ASN_-_Carolina_Internet_Ltd. | UnitedStates |
order-protandim.com | 209.191.188.205 | optim.hostingbywgs.com. | 14744 | INTERNAP-BLOCK-4_-_Internap_Network_Services_Corporation | UnitedStates |
jennifersironworks.com | 174.122.92.142 | 174-122-92-142.opticaljungle.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates |
bestpermanentroof.com | 184.168.248.1 | p3nlhg164c1164.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
jurisdictionthemovie.com | 72.167.0.8 | ip-72-167-0-8.ip.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
ysatny.com | 208.109.78.137 | linhost259.prod.mesa1.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
fullspectrumbuilders.com | 50.28.63.246 | host.mynextwebsite.com. | 32244 | LIQUID-WEB-INC_-_Liquid_Web_Inc. | UnitedStates |
ameriservradon.com | 173.236.125.34 | m1288.sgded.com. | 32475 | SINGLEHOP-INC_-_SingleHop | UnitedStates |
flowerdepots.com | 64.37.52.32 | galaxy.host-care.com. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
kopiberontoseno.com | 173.192.134.84 | incubus.in-hell.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
mysurveywebsite.com | 97.79.238.33 | gvo23833.gvodatacenter.com. | 46549 | GVO_-_Global_Virtual_Opportunities | UnitedStates |
losestomachfatproducts.com | 74.220.219.60 | box460.bluehost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
lovequoteslifequotes.com | 173.254.28.26 | just26.justhost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
mixkids.com | 74.220.207.186 | host186.hostmonster.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
radiusrhymes.com | 66.147.244.98 | box798.bluehost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
rajtakova.com | 195.210.29.1 | am.websupport.sk. | 51013 | WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o. | Slovakia |
blognyapemimpi.com | 101.50.1.27 | jjmarineindonesia.com. | 55688 | BEON-AS-ID_PT._Beon_Intermedia | Indonesia |
SAKURAのユーザーがやられてますね。ほとんどUSです。
by jyake