cNotes 検索 一覧 カテゴリ

IRSを騙るスパム7 - inforet.html

Published: 2012/09/01

観測日: 2012/8/28

通数: 100通/day

手法: 誘導URL型

目的: マルウェア感染

特徴:

サイトに設置されるスクリプトファイルのファイル名が「inforet,html」


季節物のネタ、最近の手法の組み合わせのバリエーション。

利用されるURLの例。

 http://autonoleggia.it/inforet.html
 http://115.47.109.248/inforet.html
 http://latinchat.ca/inforet.html
 http://velvetjayne.com.au/inforet.html
 http://158jx.com/inforet.html
 http://asian-jewelry.com/inforet.html
 http://bei.cl/inforet.html
 http://cooly.com.au/inforet.html
 http://kulturpreise.de/inforet.html
 http://metrotienda.netai.net/inforet.html
 http://onlinefragrancestore.net/inforet.html
 http://riophotostudio.com/inforet.html
 http://seventhveil.com.au/inforet.html
 http://shop.org-sys.de/inforet.html
 http://115.47.68.237/inforet.html
 http://51288895.com/inforet.html
 http://akspot.net/inforet.html
 http://asaaircargo.com/inforet.html
 http://blue.kikodo.net/inforet.html
 http://bnt.com.np/inforet.html
 http://caboria.net/inforet.html
 http://cantinanottola.it/inforet.html
 http://cenkdeneme.net84.net/inforet.html
 http://concertinabauru.com.br/inforet.html
 http://cupidflowers.in/inforet.html
 http://eclipsehomecare.co.uk/inforet.html
 http://estacaoboliche.com.br/inforet.html
 http://fidei-defensor-mc.org/inforet.html
 http://fugitivas.cl/inforet.html
 http://gabrielschneider.com/inforet.html
 http://geoprovi.es/inforet.html
 http://gigacomputers.co.nz/inforet.html
 http://graceoutreachbiblechurch.net/inforet.html
 http://gzsjdzc.com/inforet.html
 http://iatan.fr/inforet.html
 http://jbs.adv.br/inforet.html
 http://jyyswh.com/inforet.html
 http://karma.pdjsolutions.in/inforet.html
 http://laveson.by/inforet.html
 http://milhocanela.com.br/inforet.html
 http://moda1000.com.br/inforet.html
 http://morneghini.altervista.org/inforet.html
 http://mtbridersclub.com/inforet.html
 http://onvon.com/inforet.html
 http://ruedusport.fr/inforet.html
 http://showtimetattoo.info/inforet.html
 http://tsalaspiros.gr/inforet.html
 http://uperform.cn/inforet.html
 http://ventavid.hjp.cl/inforet.html
 http://wallmarket.com.ve/inforet.html
 http://yyishow.com/inforet.html
 http://zhiboty.com/inforet.html
 http://zuliaoyp.com/inforet.html

利用されているサイトの情報

主にホスティングサービスですので大きくはかわっていないようですが、過去に観測されていなかったサービスの利用者のページの利用がわずかに追加されていっている感じですかね。

nameip逆引きASAS name.Country
blue.kikodo.net202.39.70.56202-39-70-56.HINET-IP.hinet.net.3462HINET_Data_Communication_Business_GroupTaiwan
cooly.com.au207.210.100.66explorer.dnsprotect.com.3595GNAXNET-AS_-_Global_Net_Access_LLCUnitedStates
uperform.cn175.102.2.222NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
yyishow.com175.102.2.222NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
iatan.fr85.9.22.87server23.romania-webhosting.com.5606KQRO_GTS_Telecom_SRLRomania
laveson.by91.149.157.131vh29.hoster.by.6697BELPAK-AS_Republican_Association_BELTELECOMBelarus
concertinabauru.com.br187.17.96.67whw0138.whservidor.com.7162Itanet_-_Itamarati_On-Line_Ltda.Brazil
gabrielschneider.com74.208.80.183perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
kulturpreise.de159.255.168.11vali.xdot.de.8881VERSATEL_Versatel_Deutschland_GmbHGermany
latinchat.ca209.217.254.17vps.chorro1.com.11042LANDIS-HOLDINGS-INC_-_Landis_Holdings_IncUnitedStates
riophotostudio.com70.117.196.32cpe-70-117-196-32.rgv.res.rr.com.11427SCRR-11427_-_Road_Runner_HoldCo_LLCUnitedStates
fidei-defensor-mc.org216.194.104.16web-01.awp-hosting.com.13911TERA-BYTE_-_Tera-byte_Dot_Com_Inc.Canada
bei.cl190.96.85.49srv49.planetahosting.cl.14259Gtd_Internet_S.A.Chile
ruedusport.fr46.105.99.57ns382297.ovh.net.16276OVH_OVH_SystemsFrance
graceoutreachbiblechurch.net75.127.114.162rs26.abstractdns.com.16626GNAXNET-AS_-_Global_Net_Access_LLCUnitedStates
caboria.net208.77.99.159server.caboria.net.17183RAPIDVPS-COM_-_Infinitum_Technologies_Inc.UnitedStates
158jx.com115.47.69.138NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
51288895.com203.158.16.75NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
gzsjdzc.com115.47.136.95NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
jyyswh.com115.47.69.36NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
zhiboty.com203.158.16.72NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
zuliaoyp.com203.158.16.66NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
asaaircargo.com81.21.75.87server58.donhost.co.uk.20738AS20738_Webfusion_Internet_SolutionsUnitedKingdom
eclipsehomecare.co.uk81.21.75.40server55.donhost.co.uk.20738AS20738_Webfusion_Internet_SolutionsUnitedKingdom
cupidflowers.in204.93.182.57winhostingserver.com.23367GENADAP_-_Genesis_Adaptive_INC.UnitedStates
velvetjayne.com.au180.235.128.170syd-srv21.ezyreg.com.24446NETREGISTRY-AS-AP_NetRegsitry_Pty_Ltd.Australia
morneghini.altervista.org78.46.64.55ns105.altervista.org.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
tsalaspiros.gr5.9.6.178d01.cybertraffic.gr.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
autonoleggia.it89.31.72.190orion.interhost.it.24994GENESYS-AS_genesys_informatica_srlItaly
shop.org-sys.de212.90.148.48w88.goneo.de.25394MK-NETZDIENSTE-AS_AS_for_MK_Netzdienste_GmbH_&_Co._KGGermany
bnt.com.np207.58.155.146vps.bellanet.org.25847SERVINT_-_ServIntUnitedStates
showtimetattoo.info69.163.159.166apache2-hardy.hobgoblin.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
ventavid.hjp.cl173.236.173.223apache2-linus.tech21.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
wallmarket.com.ve200.58.111.77serbia.dattaweb.com.27823Dattatec.comArgentina
milhocanela.com.br189.113.7.66hw100.webservidor.net.28209Brazil
asian-jewelry.com64.29.151.221hostedc40.carrierzone.com.30447INFB2-AS_-_InternetNamesForBusiness.comUnitedStates
cantinanottola.it62.149.209.239net15.wdpro.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
fugitivas.cl108.163.174.114srv11.benzahosting.cl.32613IWEB-AS_-_iWeb_Technologies_Inc.Canada
geoprovi.es184.173.247.226mrpotato.theservercluster.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.Spain
seventhveil.com.au203.16.61.53cb103d35.kgbec.com.45454WEB24-VIC-AU_Web24_Virtual_&_Dedicated_hosting_service_provider_Melb_AustraliaAustralia
gigacomputers.co.nz119.47.118.25rakiura.webbase.net.nz.45459WEB-DRIVE-NZ-AS-AP_Web_Drive_LimitedNewZealand
onlinefragrancestore.net216.14.120.22server.toodaily.com.46433ADF01_-_EBOUNDHOST.comUnitedStates
karma.pdjsolutions.in173.254.28.76just76.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
mtbridersclub.com173.254.28.126just126.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
onvon.com173.254.28.125just125.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
cenkdeneme.net84.net31.170.162.18331-170-162-183.main-hosting.com.47583HOSTING-MEDIA_Aurimas_Rapalis_trading_as__II_Hosting_Media_UnitedStates
metrotienda.netai.net31.170.161.11631-170-161-116.main-hosting.com.47583HOSTING-MEDIA_Aurimas_Rapalis_trading_as__II_Hosting_Media_UnitedStates
akspot.net178.210.160.65cp5.markum.net.56363MARKUM-AS_Markum_Bilisim_Teknolojileri_Tic._Ltd._Sti.Turkey
estacaoboliche.com.br177.84.130.2r4linuxserver06.com.br.262586Brazil
jbs.adv.br177.84.130.2r4linuxserver06.com.br.262586Brazil
moda1000.com.br177.84.130.2r4linuxserver06.com.br.262586Brazil

[カテゴリ:spam観察日記]