Scan_from_a_Xerox_W_Pro - forwarding.htm
Published: 2012/11/03
観測日: 2012/11/3
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
いつものScan from a Xeroxネタです。
関連
- Scan from a Hewlett-Packard Officejet
- Xerox WorkCentre Scan - 新しくなにかをやろうとしてる?
- Xeroxした結果届きました
- Scan from a Xerox WorkCentre Pro N XXXXXXX
いつものです。
今回は誘導URLがforwarding.htm。
そのなかみはこんなスクリプト。
実行するといつものパターンでここへアクセスさせられます。
panacealeon.ru:8080/forum/links/column.php
リダイレクタに使われている改竄サイト。
host | ip | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
bykj8.com | 113.28.112.39 | 113-28-112-39.static.imsbiz.com. | 4515 | ERX-STAR_PCCW_IMSBiz | HongKong |
www.pgpadova.it | 46.252.158.22 | srv-hs2.netsons.net. | 5602 | KPNQwest_Italia_S.p.a | Italy |
www.modelzwerge.de | 81.169.145.148 | w94.rzone.de. | 6724 | STRATO_STRATO_AG | Germany |
schatzkarte.captain-iglo.de | 87.106.112.217 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
unitedauto.kz | 92.46.62.137 | imagine.kz. | 9198 | KAZTELECOM-AS_JSC_Kazakhtelecom | Kazakhstan |
www.mitkogov.cp11.dnr.kz | 82.200.202.141 | cp11.skilltex.kz. | 9198 | KAZTELECOM-AS_JSC_Kazakhtelecom | Kazakhstan |
shoppingbenfica.com.br | 201.49.54.115 | NONE | 11921 | Secrelnet_Informatica_LTDA | Brazil |
gallery.kineticfly.com | 108.166.188.210 | shark.gigapros.com. | 13354 | ASN-EBLGLOBAL_-_EBL_Global_Networks_Inc. | UnitedStates |
observatorio.dsmultimedia.es | 91.121.115.110 | ns201019.ovh.net. | 16276 | OVH_OVH_Systems | France |
bloo.se | 46.137.80.53 | blooflirt.com. | 16509 | AMAZON-02_-_Amazon.com_Inc. | Ireland |
chagangchang.com | 61.4.83.32 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
club.minhangren.com | 115.47.67.227 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.5dkou.cn | 115.47.67.184 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.bjkuntongda.com | 115.47.69.194 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.genpro.co.in | 68.67.68.11 | server11.hostcats.com. | 19844 | GORACK_-_GoRack_LLC | India |
language-first.de | 87.230.62.104 | vwp0609.webpack.hosteurope.de. | 20773 | HOSTEUROPE-AS_Host_Europe_GmbH | Germany |
abode-web.ru | 85.10.251.153 | 85-10-251-153.clients.your-server.de. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
forum.nauchat.ru | 195.208.0.129 | NONE | 25535 | ASN-RUCENTER-HOSTING_Autonomous_Non-commercial_Organization__Regional_Network_Information_Center_ | RussianFederation |
pcfpa.org | 75.119.216.124 | apache2-igloo.joker.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
webcal.joeinfo.org | 173.236.174.104 | apache2-pat.hartke.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
www.stepinternet.co.uk | 50.62.69.1 | p3nlhg466c1466.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
gorod-sport.ru | 62.109.14.14 | zerenda.ru. | 29182 | ISPSYSTEM-AS_ISPsystem_Autonomous_System | RussianFederation |
gymnasium5.tyumen-city.ru | 85.15.184.137 | school100.tyumen-city.ru. | 31094 | TTKNET_OJSC_Rostelecom | RussianFederation |
aluperfection.gr | 98.131.64.2 | rev.opentransfer.com.2.64.131.98.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
epikentra.gr | 98.131.64.2 | rev.opentransfer.com.2.64.131.98.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
karantou.com | 98.131.64.2 | rev.opentransfer.com.2.64.131.98.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
humanityy.com | 100.42.55.220 | stats.warthog.arvixe.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
www.skyllermarks.se | 195.74.37.200 | bender.kontrollpanelen.se. | 41528 | ALEBORG-AS_Binero_AB | Sweden |
www.berkteknik.com.tr | 188.132.235.137 | static-137-235-132-188.sadecehosting.net. | 42910 | SADECEHOSTING-COM_Hosting_Internet_Hizmetleri_Ltd_Sti | Turkey |
www.beamsociety.org | 193.202.110.195 | srv195.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands |
preview.setup.nl | 195.211.73.229 | s80.webhostingserver.nl. | 51696 | ANTAGONIST-AS_Antagonist_B.V. | Netherlands |
by jyake