Verizon wirelessを騙るスパム
Published: 2013/02/13
Verizon wirelessを騙るスパムです。
3年前にもZeuS系で同じように騙られてました。
URLの特徴はmail.htm
http://www.iraqinvestmentfund.com/mail.htm http://www.mult.dk/mail.htm http://www.passiivmaja.ee/mail.htm
攻撃サイトはここ
http://emaianem.ru:8080/forum/links/column.php
いつものBHEK2系です。
踏み台に利用されるサイトは、今回はロシア、ウクライナ他ヨーロッパ系が多い?
あいかわらずのアカウントが乗っ取られたホスティングサービスですね。
host | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
amrita-club.com.ua | 91.222.136.201 | d78.ukraine.com.ua. | 47781 | ANSUA-ASDelta-XLTD | Ukraine |
asiaspa-chita.ru | 188.130.180.22 | castle.bz8.ru. | 50717 | FORTIS_OOO__Fortis_ | RussianFederation |
comp.ilc.edu.ru | 93.180.55.28 | ier.ilc.msu.ru. | 2848 | MSU_Federal_State_Educational_Institution_of_Higher_Professional_Education_M.V.Lomonosov_Moscow_State_University | RussianFederation |
dev.dickersonparkzoo.org | 216.69.240.39 | mercury.pcis.net. | 23127 | SOFNETINC_-_Sofnet_Inc. | UnitedStates |
drive.ispu.ru | 109.60.163.3 | ip3.ispu.ru. | 47241 | IV-TELECOM-AS_CJSC__Ivtelecom_ | RussianFederation |
emf.ispu.ru | 109.60.163.3 | ip3.ispu.ru. | 47241 | IV-TELECOM-AS_CJSC__Ivtelecom_ | RussianFederation |
fusefarm.com.au | 113.29.243.73 | ip-73.243.29.113.VOCUS.net.au. | 4826 | VOCUS-BACKBONE-AS_Vocus_Connect_International_Backbone | Australia |
gs1by.by | 80.94.174.92 | gs1by.by. | 21274 | BAS-NET-AS_BAS-NET_Network | Belarus |
inalco2012.g-mesh.cl | 200.6.97.120 | host-200-6-97-120.iia.cl. | 27659 | Ingeniería_e_Informática_Asociada_Ltda_(IIA_Ltda) | Chile |
ipo-bg.com | 195.24.39.20 | ws1.websense.bg. | 8672 | ORBITEL_Orbitel_EAD | Bulgaria |
ipplan.ispu.ru | 109.60.163.3 | ip3.ispu.ru. | 47241 | IV-TELECOM-AS_CJSC__Ivtelecom_ | RussianFederation |
kv-journal.info | 91.206.200.178 | web75.ukraine.com.ua. | 47781 | ANSUA-ASDelta-XLTD | Ukraine |
laserdome-skovde.se | 193.202.110.156 | srv156.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands |
live.onlinereklamen.dk | 81.7.132.34 | dns1.hostingpool.net. | 16095 | JAYNET_jay.net_a/s | Denmark |
meganrosemunoz.com | 64.40.151.128 | web5.websitesource.net. | 4250 | ALENT-ASN-1_-_Alentus_Corporation | UnitedStates |
motel-aura.ba | 176.9.2.45 | srv01.sayber.com. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
nachalka.kharkov.ua | 194.0.200.18 | s13.freehost.com.ua. | 42331 | FREEHOST_PE_Freehost | Ukraine |
news.castleschool.co.uk | 79.170.44.75 | web75.extendcp.co.uk. | 31727 | NODE4-AS_Node4_Limited | UnitedKingdom |
rca-activ.ro | 85.9.53.146 | web2.itassist.ro. | 5606 | KQRO_GTS_Telecom_SRL | Romania |
report.dublinport.ie | 78.47.3.186 | static.78-47-3-186.clients.your-server.de. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany |
scaleup.org.ua | 195.68.203.244 | h2.faust.net.ua. | 29074 | FAUST-ASN_FAUST_Ltd. | Ukraine |
top-dubai.biz | 91.250.65.147 | vwp10508.webpack.hosteurope.de. | 20773 | HOSTEUROPE-AS_Host_Europe_GmbH | Germany |
www.acclaro.com | 98.129.229.14 | NONE | 33070 | RMH-14_-_Rackspace_Hosting | UnitedStates |
www.apa.ne.jp | 49.212.52.116 | axtv.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
www.assaggiatore.ru | 92.53.96.49 | NONE | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
www.biotst.ru | 78.108.80.10 | web-farm1.majordomo.ru. | 43362 | MAJORDOMO_MAJORDOMO_LLC | RussianFederation |
www.biotst.ru | 78.108.86.10 | web-farm1.majordomo.ru. | 43362 | MAJORDOMO_MAJORDOMO_LLC | RussianFederation |
www.comrads.nl | 174.120.169.11 | b.a9.78ae.static.theplanet.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates |
www.dege.dk | 193.202.110.134 | srv134.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands |
www.displaytech-us.com | 108.162.196.194 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
www.displaytech-us.com | 108.162.197.194 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
www.finn-geotherm.co.uk | 85.233.160.70 | lb1.namesco.net. | 8622 | ISIONUK_Namesco_Limited | UnitedKingdom |
www.hassel-bakken.dk | 193.202.110.7 | srv7.one.com. | 51468 | ONECOM_One.com_A/S | Denmark |
www.iraqinvestmentfund.com | 208.86.152.184 | host.draconnect.com. | 19066 | WIREDTREE_-_Cogswell_Enterprises_Inc. | UnitedStates |
www.ltcaccess.co.uk | 85.233.160.70 | lb1.namesco.net. | 8622 | ISIONUK_Namesco_Limited | UnitedKingdom |
www.mult.dk | 193.202.110.23 | srv23.one.com. | 51468 | ONECOM_One.com_A/S | Denmark |
www.npi-tu.ru | 195.209.112.45 | NONE | 56374 | NPI-TU-AS_State_Educational_Institution_of | RussianFederation |
www.passiivmaja.ee | 217.146.69.10 | sn10.zone.eu. | 49604 | ZONE_Zone_Media_Autonomous_System | Estonia |
www.penzafond.ru | 89.111.176.223 | fe114-1.hc.ru. | 41126 | CENTROHOST-AS_JSC_Centrohost | RussianFederation |
www.pevi.es | 82.223.164.190 | mlxe048.servidoresdns.net. | 20718 | AS_ARSYS-EURO-1_arsys.es | Spain |
www.pmbs.ac.id | 182.23.53.119 | NONE | 4800 | LINTASARTA-AS-AP_Network_Access_Provider_and_Internet_Service_Provider | Indonesia |
www.puyehue-sa.cl | 201.238.196.246 | mail.transoceanica.cl. | 14259 | Gtd_Internet_S.A. | Chile |
www.skolaludus.sk | 195.210.29.1 | am.websupport.sk. | 51013 | WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o. | Slovakia |
www.smithsauctions.co.nz | 116.90.138.225 | dream.247hosting.co.nz. | 38477 | UNLEASH-AS-NZ_Unleash | NewZealand |
www.upyr.net | 77.222.56.225 | bergen.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
www.vip-dog.ru | 89.111.178.72 | web11.r01.ru. | 41126 | CENTROHOST-AS_JSC_Centrohost | RussianFederation |
ibook.infopress.co.th | 182.50.86.6 | 6.86.50.182.static-corp.jastel.co.th. | 55423 | JASTEL-NETWORK-TH-IDC-AP_JasTel_Network | Thailand |
www.greenleafchopshop.com | 50.56.111.62 | 50-56-111-62.static.cloud-ips.com. | 19994 | RACKSPACE_-_Rackspace_Hosting | UnitedStates |
homepartners.fr | 87.98.172.116 | 87-98-172-116.ovh.net. | 16276 | OVH_OVH_Systems | France |
www.collezionitoscane.info | 89.105.65.238 | 89-105-65-238.lunet.it. | 41381 | LUCENSE-ASN_Lucense_SCpA | Italy |
www.galleriartigianato.it | 89.105.65.238 | 89-105-65-238.lunet.it. | 41381 | LUCENSE-ASN_Lucense_SCpA | Italy |
che.dp.ua | 109.108.88.138 | 109-108-88-138.kievnet.com.ua. | 34056 | KIEVNET_Kiev_Optic_Networks_Ltd. | Ukraine |
by jyake