IRSを騙るスパム7 - inforet.html
Published: 2012/09/01
観測日: 2012/8/28
通数: 100通/day
手法: 誘導URL型
目的: マルウェア感染
特徴:
サイトに設置されるスクリプトファイルのファイル名が「inforet,html」
季節物のネタ、最近の手法の組み合わせのバリエーション。
- IRSを騙るスパム - irsrev.html
- Facebookを騙るスパム - Facebook Password Change
- IRSを騙るスパム6 確定申告
- IRSを騙るスパム5
- IRSを騙るスパム4 - Notice of Underreported Income
- スパムで利用されるTargetted URLの応用
- DHLを騙るスパム
- IRSを騙るスパム3
- IRSを騙るスパムのドメイン情報
- IRSを騙るスパム
利用されるURLの例。
http://autonoleggia.it/inforet.html http://115.47.109.248/inforet.html http://latinchat.ca/inforet.html http://velvetjayne.com.au/inforet.html http://158jx.com/inforet.html http://asian-jewelry.com/inforet.html http://bei.cl/inforet.html http://cooly.com.au/inforet.html http://kulturpreise.de/inforet.html http://metrotienda.netai.net/inforet.html http://onlinefragrancestore.net/inforet.html http://riophotostudio.com/inforet.html http://seventhveil.com.au/inforet.html http://shop.org-sys.de/inforet.html http://115.47.68.237/inforet.html http://51288895.com/inforet.html http://akspot.net/inforet.html http://asaaircargo.com/inforet.html http://blue.kikodo.net/inforet.html http://bnt.com.np/inforet.html http://caboria.net/inforet.html http://cantinanottola.it/inforet.html http://cenkdeneme.net84.net/inforet.html http://concertinabauru.com.br/inforet.html http://cupidflowers.in/inforet.html http://eclipsehomecare.co.uk/inforet.html http://estacaoboliche.com.br/inforet.html http://fidei-defensor-mc.org/inforet.html http://fugitivas.cl/inforet.html http://gabrielschneider.com/inforet.html http://geoprovi.es/inforet.html http://gigacomputers.co.nz/inforet.html http://graceoutreachbiblechurch.net/inforet.html http://gzsjdzc.com/inforet.html http://iatan.fr/inforet.html http://jbs.adv.br/inforet.html http://jyyswh.com/inforet.html http://karma.pdjsolutions.in/inforet.html http://laveson.by/inforet.html http://milhocanela.com.br/inforet.html http://moda1000.com.br/inforet.html http://morneghini.altervista.org/inforet.html http://mtbridersclub.com/inforet.html http://onvon.com/inforet.html http://ruedusport.fr/inforet.html http://showtimetattoo.info/inforet.html http://tsalaspiros.gr/inforet.html http://uperform.cn/inforet.html http://ventavid.hjp.cl/inforet.html http://wallmarket.com.ve/inforet.html http://yyishow.com/inforet.html http://zhiboty.com/inforet.html http://zuliaoyp.com/inforet.html
利用されているサイトの情報
主にホスティングサービスですので大きくはかわっていないようですが、過去に観測されていなかったサービスの利用者のページの利用がわずかに追加されていっている感じですかね。
name | ip | 逆引き | AS | AS name.Country | |
---|---|---|---|---|---|
blue.kikodo.net | 202.39.70.56 | 202-39-70-56.HINET-IP.hinet.net. | 3462 | HINET_Data_Communication_Business_Group | Taiwan |
cooly.com.au | 207.210.100.66 | explorer.dnsprotect.com. | 3595 | GNAXNET-AS_-_Global_Net_Access_LLC | UnitedStates |
uperform.cn | 175.102.2.222 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
yyishow.com | 175.102.2.222 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
iatan.fr | 85.9.22.87 | server23.romania-webhosting.com. | 5606 | KQRO_GTS_Telecom_SRL | Romania |
laveson.by | 91.149.157.131 | vh29.hoster.by. | 6697 | BELPAK-AS_Republican_Association_BELTELECOM | Belarus |
concertinabauru.com.br | 187.17.96.67 | whw0138.whservidor.com. | 7162 | Itanet_-_Itamarati_On-Line_Ltda. | Brazil |
gabrielschneider.com | 74.208.80.183 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
kulturpreise.de | 159.255.168.11 | vali.xdot.de. | 8881 | VERSATEL_Versatel_Deutschland_GmbH | Germany |
latinchat.ca | 209.217.254.17 | vps.chorro1.com. | 11042 | LANDIS-HOLDINGS-INC_-_Landis_Holdings_Inc | UnitedStates |
riophotostudio.com | 70.117.196.32 | cpe-70-117-196-32.rgv.res.rr.com. | 11427 | SCRR-11427_-_Road_Runner_HoldCo_LLC | UnitedStates |
fidei-defensor-mc.org | 216.194.104.16 | web-01.awp-hosting.com. | 13911 | TERA-BYTE_-_Tera-byte_Dot_Com_Inc. | Canada |
bei.cl | 190.96.85.49 | srv49.planetahosting.cl. | 14259 | Gtd_Internet_S.A. | Chile |
ruedusport.fr | 46.105.99.57 | ns382297.ovh.net. | 16276 | OVH_OVH_Systems | France |
graceoutreachbiblechurch.net | 75.127.114.162 | rs26.abstractdns.com. | 16626 | GNAXNET-AS_-_Global_Net_Access_LLC | UnitedStates |
caboria.net | 208.77.99.159 | server.caboria.net. | 17183 | RAPIDVPS-COM_-_Infinitum_Technologies_Inc. | UnitedStates |
158jx.com | 115.47.69.138 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
51288895.com | 203.158.16.75 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
gzsjdzc.com | 115.47.136.95 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
jyyswh.com | 115.47.69.36 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
zhiboty.com | 203.158.16.72 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
zuliaoyp.com | 203.158.16.66 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
asaaircargo.com | 81.21.75.87 | server58.donhost.co.uk. | 20738 | AS20738_Webfusion_Internet_Solutions | UnitedKingdom |
eclipsehomecare.co.uk | 81.21.75.40 | server55.donhost.co.uk. | 20738 | AS20738_Webfusion_Internet_Solutions | UnitedKingdom |
cupidflowers.in | 204.93.182.57 | winhostingserver.com. | 23367 | GENADAP_-_Genesis_Adaptive_INC. | UnitedStates |
velvetjayne.com.au | 180.235.128.170 | syd-srv21.ezyreg.com. | 24446 | NETREGISTRY-AS-AP_NetRegsitry_Pty_Ltd. | Australia |
morneghini.altervista.org | 78.46.64.55 | ns105.altervista.org. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
tsalaspiros.gr | 5.9.6.178 | d01.cybertraffic.gr. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
autonoleggia.it | 89.31.72.190 | orion.interhost.it. | 24994 | GENESYS-AS_genesys_informatica_srl | Italy |
shop.org-sys.de | 212.90.148.48 | w88.goneo.de. | 25394 | MK-NETZDIENSTE-AS_AS_for_MK_Netzdienste_GmbH_&_Co._KG | Germany |
bnt.com.np | 207.58.155.146 | vps.bellanet.org. | 25847 | SERVINT_-_ServInt | UnitedStates |
showtimetattoo.info | 69.163.159.166 | apache2-hardy.hobgoblin.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
ventavid.hjp.cl | 173.236.173.223 | apache2-linus.tech21.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
wallmarket.com.ve | 200.58.111.77 | serbia.dattaweb.com. | 27823 | Dattatec.com | Argentina |
milhocanela.com.br | 189.113.7.66 | hw100.webservidor.net. | 28209 | Brazil | |
asian-jewelry.com | 64.29.151.221 | hostedc40.carrierzone.com. | 30447 | INFB2-AS_-_InternetNamesForBusiness.com | UnitedStates |
cantinanottola.it | 62.149.209.239 | net15.wdpro.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
fugitivas.cl | 108.163.174.114 | srv11.benzahosting.cl. | 32613 | IWEB-AS_-_iWeb_Technologies_Inc. | Canada |
geoprovi.es | 184.173.247.226 | mrpotato.theservercluster.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | Spain |
seventhveil.com.au | 203.16.61.53 | cb103d35.kgbec.com. | 45454 | WEB24-VIC-AU_Web24_Virtual_&_Dedicated_hosting_service_provider_Melb_Australia | Australia |
gigacomputers.co.nz | 119.47.118.25 | rakiura.webbase.net.nz. | 45459 | WEB-DRIVE-NZ-AS-AP_Web_Drive_Limited | NewZealand |
onlinefragrancestore.net | 216.14.120.22 | server.toodaily.com. | 46433 | ADF01_-_EBOUNDHOST.com | UnitedStates |
karma.pdjsolutions.in | 173.254.28.76 | just76.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
mtbridersclub.com | 173.254.28.126 | just126.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
onvon.com | 173.254.28.125 | just125.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
cenkdeneme.net84.net | 31.170.162.183 | 31-170-162-183.main-hosting.com. | 47583 | HOSTING-MEDIA_Aurimas_Rapalis_trading_as__II_Hosting_Media_ | UnitedStates |
metrotienda.netai.net | 31.170.161.116 | 31-170-161-116.main-hosting.com. | 47583 | HOSTING-MEDIA_Aurimas_Rapalis_trading_as__II_Hosting_Media_ | UnitedStates |
akspot.net | 178.210.160.65 | cp5.markum.net. | 56363 | MARKUM-AS_Markum_Bilisim_Teknolojileri_Tic._Ltd._Sti. | Turkey |
estacaoboliche.com.br | 177.84.130.2 | r4linuxserver06.com.br. | 262586 | Brazil | |
jbs.adv.br | 177.84.130.2 | r4linuxserver06.com.br. | 262586 | Brazil | |
moda1000.com.br | 177.84.130.2 | r4linuxserver06.com.br. | 262586 | Brazil |