cNotes 検索 一覧 カテゴリ

EFTPS Batch Provider Customer Serviceを騙るspam

Published: 2013/01/12

EFTPS Electronic Federal Tax Payment System を騙るスパム、Tax Payment系です。

狙いはいつもどおりです。

相変わらずWordpressのpluginsフォルダに仕掛けられてます。

 http://order-protandim.com/wp-content/plugins/zeleaqonybg/eftpssignin.html
 http://rajtakova.com/wp-content/plugins/zcwwosuoenw/batchdeteftps.html
 http://ysatny.com/wp-content/plugins/zaejieorook/batchdeteftps.html
 http://bestpermanentroof.com/wp-content/plugins/zudiuaqekni/eftpssignin.html
 http://fullspectrumbuilders.com/wp-content/plugins/zwoswqcekux/eftpssignin.html
 http://jurisdictionthemovie.com/wp-content/plugins/zeotyjoeuek/eftpssignin.html

次のステップはここに飛ばされますが

 http://linuxreal.net/detects/eftps-gov.php

端末の条件が合わないと攻撃サイトではなくgoogleに飛ばされます。

domainIP逆引きASAS nameCountry
tickeridentify.com108.175.5.35perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
kaoliqi.com49.212.198.12www2802.sakura.ne.jp.9371SAKURA-C_SAKURA_Internet_Inc.Japan
clinicadeladoctoraileanlopez.com174.34.224.110node101.fastbighost.com.13618CARONET-ASN_-_Carolina_Internet_Ltd.UnitedStates
order-protandim.com209.191.188.205optim.hostingbywgs.com.14744INTERNAP-BLOCK-4_-_Internap_Network_Services_CorporationUnitedStates
jennifersironworks.com174.122.92.142174-122-92-142.opticaljungle.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
bestpermanentroof.com184.168.248.1p3nlhg164c1164.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
jurisdictionthemovie.com72.167.0.8ip-72-167-0-8.ip.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
ysatny.com208.109.78.137linhost259.prod.mesa1.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
fullspectrumbuilders.com50.28.63.246host.mynextwebsite.com.32244LIQUID-WEB-INC_-_Liquid_Web_Inc.UnitedStates
ameriservradon.com173.236.125.34m1288.sgded.com.32475SINGLEHOP-INC_-_SingleHopUnitedStates
flowerdepots.com64.37.52.32galaxy.host-care.com.33182DIMENOC_-_HostDime.com_Inc.UnitedStates
kopiberontoseno.com173.192.134.84incubus.in-hell.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
mysurveywebsite.com97.79.238.33gvo23833.gvodatacenter.com.46549GVO_-_Global_Virtual_OpportunitiesUnitedStates
losestomachfatproducts.com74.220.219.60box460.bluehost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
lovequoteslifequotes.com173.254.28.26just26.justhost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
mixkids.com74.220.207.186host186.hostmonster.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
radiusrhymes.com66.147.244.98box798.bluehost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
rajtakova.com195.210.29.1am.websupport.sk.51013WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o.Slovakia
blognyapemimpi.com101.50.1.27jjmarineindonesia.com.55688BEON-AS-ID_PT._Beon_IntermediaIndonesia

SAKURAのユーザーがやられてますね。ほとんどUSです。

[カテゴリ:spam観察日記]

by jyake