cNotes 検索 一覧 カテゴリ

IRSを騙るスパム - irsrev.html

Published: 2012/08/15

観測日: 2012/8/14

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染

特徴:

サイトに設置されるスクリプトファイルのファイル名が「irsrev.html」

夏休みに入ってからspamのバリエーションと通数が増えていますが、その中の一つ。

これはいつものIRSネタのバリエーションです。

そしていつもどおりjavaの脆弱性等を狙った攻撃につながります。


誘導URLの例

 http://jianglecg.com/irsrev.html 
 http://jtlogistics.cn/irsrev.html 
 http://lux-limo.pl/irsrev.html 
 http://mall.lovedancer.cn/irsrev.html 
 http://nebeda.org/irsrev.html 
 http://polluxtech.cn/irsrev.html  
 http://qinshi.org/irsrev.html 
 http://sovei.com.cn/irsrev.html 
domainip逆引きASAS namecountry
tppbila.org193.193.194.194sleipnir.carrier.kiev.ua.3254LNUA_LN.UA_Ltd.Ukraine
ebh888.com61.164.141.176NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
fxwg315.com118.123.7.207NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
mall.lovedancer.cn61.164.141.176NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
xbylfww.com61.139.126.88NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
auqidesign.com61.152.239.188NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
horizon-rv.com61.152.239.188NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
jtlogistics.cn61.152.91.38NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
sovei.com.cn61.152.239.188NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
cspsid-kalin.spb.ru195.131.162.2terraon.ru.6690WEBPLUS-AS_Web_Plus_ZAORussianFederation
myoushinji.com59.106.27.157www1917.sakura.ne.jp.9370SAKURA-B_SAKURA_Internet_Inc.Japan
highschool-manzai.com219.94.192.110www1700.sakura.ne.jp.9371SAKURA-C_SAKURA_Internet_Inc.Japan
webandgraphicsolutions.com67.210.98.50tyro.lunarmania.com.15244ADDD2NET-COM-INC-DBA-LUNARPAGES_-_Lunar_PagesUnitedStates
xn--materiay-budowlane-szczyrk-4je.pl94.75.225.48w04.webd.pl.16265LEASEWEB_LeaseWeb_B.V.Netherlands
giebultowiczfoto.pl87.98.239.19cluster010.ovh.net.16276OVH_OVH_SystemsPoland
misterbigfeet.fr213.186.33.3cluster015.ovh.net.16276OVH_OVH_SystemsFrance
88836950.cn203.158.16.75NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
jianglecg.com203.158.16.66NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
polluxtech.cn180.86.83.223NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
uaebusinesscentre.com74.50.95.11674-50-95-116.static.hostdepartment.com.19318NJIIX-AS-1_-_NEW_JERSEY_INTERNATIONAL_INTERNET_EXCHANGE_LLCUnitedStates
brandjunkie.co.uk217.199.174.111ds8347.dedicated.turbodns.co.uk.20738AS20738_Webfusion_Internet_SolutionsUnitedKingdom
nebeda.org184.82.51.53184-82-51-53.static.hostnoc.net.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
martinmusics.org173.236.215.44apache2-jiffy.cheetara.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
mnrkft.hu79.172.211.139m17.maxer.hu.29278DENINET-HU-AS_Deninet_KFTHungary
newmedianet.gr213.175.209.30miltonkeynes.theukhost.net.29550SIMPLYTRANSIT_Simply_Transit_LtdUnitedKingdom
citybenches.com72.52.209.9NONE32244LIQUID-WEB-INC_-_Liquid_Web_Inc.UnitedStates
lacasadelpadre.info72.29.92.210db.guatesitios.net.33182DIMENOC_-_HostDime.com_Inc.UnitedStates
xerby.com116.255.205.70NONE37943CNNIC-GIANT_ZhengZhou_GIANT_Computer_Network_Technology_Co._LtdChina
stoneplus.cn121.198.40.227ip198.hichina.com.37963CNNIC-ALIBABA-CN-NET-AP_Alibaba_(China)_Technology_Co._Ltd.China
ny.entertainmen.se217.70.32.136www1-php5.fordon.levonline.com.41175INTERNETBORDER_Internet_Border_Technolgies_ABSweden
lux-limo.pl94.124.1.3host3.polserwer.net.42927S-NET-AS_S-NET_Sp._z_o.o.Poland
ferdielektronik.com77.245.149.33srv75626s1.trdns.com.43391NETDIREKT-TR_Netdirekt_A.S.Turkey
breadnbutter.cn112.126.218.124ip112.hichina.com.45096CNNIC-ALIBABA-BJ-NET-AP_Alibaba_(Beijing)_Technology_Co._Ltd.China
qinshi.org180.178.59.163FORSALE1.requestdomainquote.com.45753NETSEC-HK_Unit_1205-1207HongKong
tongguilin.com180.178.59.163FORSALE1.requestdomainquote.com.45753NETSEC-HK_Unit_1205-1207HongKong
virtualmof.net173.254.28.13just13.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
naturalnaciaza.pl173.0.137.156NONE53628APYLI-AS_-_Apyl_IncUnitedStates
christian.web.br.com187.73.33.30web166.f1.k8.com.br.262672Brazil

[カテゴリ:spam観察日記]

by jyake