IRSを騙るスパム - irsrev.html
Published: 2012/08/15
観測日: 2012/8/14
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
特徴:
サイトに設置されるスクリプトファイルのファイル名が「irsrev.html」
夏休みに入ってからspamのバリエーションと通数が増えていますが、その中の一つ。
これはいつものIRSネタのバリエーションです。
そしていつもどおりjavaの脆弱性等を狙った攻撃につながります。
誘導URLの例
http://jianglecg.com/irsrev.html http://jtlogistics.cn/irsrev.html http://lux-limo.pl/irsrev.html http://mall.lovedancer.cn/irsrev.html http://nebeda.org/irsrev.html http://polluxtech.cn/irsrev.html http://qinshi.org/irsrev.html http://sovei.com.cn/irsrev.html
domain | ip | 逆引き | AS | AS name | country |
---|---|---|---|---|---|
tppbila.org | 193.193.194.194 | sleipnir.carrier.kiev.ua. | 3254 | LNUA_LN.UA_Ltd. | Ukraine |
ebh888.com | 61.164.141.176 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
fxwg315.com | 118.123.7.207 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
mall.lovedancer.cn | 61.164.141.176 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
xbylfww.com | 61.139.126.88 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
auqidesign.com | 61.152.239.188 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
horizon-rv.com | 61.152.239.188 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
jtlogistics.cn | 61.152.91.38 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
sovei.com.cn | 61.152.239.188 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
cspsid-kalin.spb.ru | 195.131.162.2 | terraon.ru. | 6690 | WEBPLUS-AS_Web_Plus_ZAO | RussianFederation |
myoushinji.com | 59.106.27.157 | www1917.sakura.ne.jp. | 9370 | SAKURA-B_SAKURA_Internet_Inc. | Japan |
highschool-manzai.com | 219.94.192.110 | www1700.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
webandgraphicsolutions.com | 67.210.98.50 | tyro.lunarmania.com. | 15244 | ADDD2NET-COM-INC-DBA-LUNARPAGES_-_Lunar_Pages | UnitedStates |
xn--materiay-budowlane-szczyrk-4je.pl | 94.75.225.48 | w04.webd.pl. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands |
giebultowiczfoto.pl | 87.98.239.19 | cluster010.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
misterbigfeet.fr | 213.186.33.3 | cluster015.ovh.net. | 16276 | OVH_OVH_Systems | France |
88836950.cn | 203.158.16.75 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
jianglecg.com | 203.158.16.66 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
polluxtech.cn | 180.86.83.223 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
uaebusinesscentre.com | 74.50.95.116 | 74-50-95-116.static.hostdepartment.com. | 19318 | NJIIX-AS-1_-_NEW_JERSEY_INTERNATIONAL_INTERNET_EXCHANGE_LLC | UnitedStates |
brandjunkie.co.uk | 217.199.174.111 | ds8347.dedicated.turbodns.co.uk. | 20738 | AS20738_Webfusion_Internet_Solutions | UnitedKingdom |
nebeda.org | 184.82.51.53 | 184-82-51-53.static.hostnoc.net. | 21788 | NOC_-_Network_Operations_Center_Inc. | UnitedStates |
martinmusics.org | 173.236.215.44 | apache2-jiffy.cheetara.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
mnrkft.hu | 79.172.211.139 | m17.maxer.hu. | 29278 | DENINET-HU-AS_Deninet_KFT | Hungary |
newmedianet.gr | 213.175.209.30 | miltonkeynes.theukhost.net. | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
citybenches.com | 72.52.209.9 | NONE | 32244 | LIQUID-WEB-INC_-_Liquid_Web_Inc. | UnitedStates |
lacasadelpadre.info | 72.29.92.210 | db.guatesitios.net. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
xerby.com | 116.255.205.70 | NONE | 37943 | CNNIC-GIANT_ZhengZhou_GIANT_Computer_Network_Technology_Co._Ltd | China |
stoneplus.cn | 121.198.40.227 | ip198.hichina.com. | 37963 | CNNIC-ALIBABA-CN-NET-AP_Alibaba_(China)_Technology_Co._Ltd. | China |
ny.entertainmen.se | 217.70.32.136 | www1-php5.fordon.levonline.com. | 41175 | INTERNETBORDER_Internet_Border_Technolgies_AB | Sweden |
lux-limo.pl | 94.124.1.3 | host3.polserwer.net. | 42927 | S-NET-AS_S-NET_Sp._z_o.o. | Poland |
ferdielektronik.com | 77.245.149.33 | srv75626s1.trdns.com. | 43391 | NETDIREKT-TR_Netdirekt_A.S. | Turkey |
breadnbutter.cn | 112.126.218.124 | ip112.hichina.com. | 45096 | CNNIC-ALIBABA-BJ-NET-AP_Alibaba_(Beijing)_Technology_Co._Ltd. | China |
qinshi.org | 180.178.59.163 | FORSALE1.requestdomainquote.com. | 45753 | NETSEC-HK_Unit_1205-1207 | HongKong |
tongguilin.com | 180.178.59.163 | FORSALE1.requestdomainquote.com. | 45753 | NETSEC-HK_Unit_1205-1207 | HongKong |
virtualmof.net | 173.254.28.13 | just13.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
naturalnaciaza.pl | 173.0.137.156 | NONE | 53628 | APYLI-AS_-_Apyl_Inc | UnitedStates |
christian.web.br.com | 187.73.33.30 | web166.f1.k8.com.br. | 262672 | Brazil |
by jyake