cNotes 検索 一覧 カテゴリ

Scan_from_a_Xerox_W_Pro - forwarding.htm

Published: 2012/11/03

観測日: 2012/11/3

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染

いつものScan from a Xeroxネタです。

関連


いつものです。

今回は誘導URLがforwarding.htm。

そのなかみはこんなスクリプト。

実行するといつものパターンでここへアクセスさせられます。

 panacealeon.ru:8080/forum/links/column.php

リダイレクタに使われている改竄サイト。

hostip逆引きASAS NameCountry
bykj8.com113.28.112.39113-28-112-39.static.imsbiz.com.4515ERX-STAR_PCCW_IMSBizHongKong
www.pgpadova.it46.252.158.22srv-hs2.netsons.net.5602KPNQwest_Italia_S.p.aItaly
www.modelzwerge.de81.169.145.148w94.rzone.de.6724STRATO_STRATO_AGGermany
schatzkarte.captain-iglo.de87.106.112.217kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
unitedauto.kz92.46.62.137imagine.kz.9198KAZTELECOM-AS_JSC_KazakhtelecomKazakhstan
www.mitkogov.cp11.dnr.kz82.200.202.141cp11.skilltex.kz.9198KAZTELECOM-AS_JSC_KazakhtelecomKazakhstan
shoppingbenfica.com.br201.49.54.115NONE11921Secrelnet_Informatica_LTDABrazil
gallery.kineticfly.com108.166.188.210shark.gigapros.com.13354ASN-EBLGLOBAL_-_EBL_Global_Networks_Inc.UnitedStates
observatorio.dsmultimedia.es91.121.115.110ns201019.ovh.net.16276OVH_OVH_SystemsFrance
bloo.se46.137.80.53blooflirt.com.16509AMAZON-02_-_Amazon.com_Inc.Ireland
chagangchang.com61.4.83.32NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
club.minhangren.com115.47.67.227NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.5dkou.cn115.47.67.184NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.bjkuntongda.com115.47.69.194NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.genpro.co.in68.67.68.11server11.hostcats.com.19844GORACK_-_GoRack_LLCIndia
language-first.de87.230.62.104vwp0609.webpack.hosteurope.de.20773HOSTEUROPE-AS_Host_Europe_GmbHGermany
abode-web.ru85.10.251.15385-10-251-153.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
forum.nauchat.ru195.208.0.129NONE25535ASN-RUCENTER-HOSTING_Autonomous_Non-commercial_Organization__Regional_Network_Information_Center_RussianFederation
pcfpa.org75.119.216.124apache2-igloo.joker.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
webcal.joeinfo.org173.236.174.104apache2-pat.hartke.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.stepinternet.co.uk50.62.69.1p3nlhg466c1466.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
gorod-sport.ru62.109.14.14zerenda.ru.29182ISPSYSTEM-AS_ISPsystem_Autonomous_SystemRussianFederation
gymnasium5.tyumen-city.ru85.15.184.137school100.tyumen-city.ru.31094TTKNET_OJSC_RostelecomRussianFederation
aluperfection.gr98.131.64.2rev.opentransfer.com.2.64.131.98.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
epikentra.gr98.131.64.2rev.opentransfer.com.2.64.131.98.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
karantou.com98.131.64.2rev.opentransfer.com.2.64.131.98.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
humanityy.com100.42.55.220stats.warthog.arvixe.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
www.skyllermarks.se195.74.37.200bender.kontrollpanelen.se.41528ALEBORG-AS_Binero_ABSweden
www.berkteknik.com.tr188.132.235.137static-137-235-132-188.sadecehosting.net.42910SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_StiTurkey
www.beamsociety.org193.202.110.195srv195.one.com.51468ONECOM_One.com_A/SNetherlands
preview.setup.nl195.211.73.229s80.webhostingserver.nl.51696ANTAGONIST-AS_Antagonist_B.V.Netherlands

[カテゴリ:spam観察日記]

by jyake