cNotes 検索 一覧 カテゴリ

Verizon wirelessを騙るスパム

Published: 2013/02/13

Verizon wirelessを騙るスパムです。

3年前にもZeuS系で同じように騙られてました。

URLの特徴はmail.htm

 http://www.iraqinvestmentfund.com/mail.htm 
 http://www.mult.dk/mail.htm 
 http://www.passiivmaja.ee/mail.htm 

攻撃サイトはここ

 http://emaianem.ru:8080/forum/links/column.php 

いつものBHEK2系です。


踏み台に利用されるサイトは、今回はロシア、ウクライナ他ヨーロッパ系が多い?

あいかわらずのアカウントが乗っ取られたホスティングサービスですね。

hostIP逆引きASAS NameCountry
amrita-club.com.ua91.222.136.201d78.ukraine.com.ua.47781ANSUA-ASDelta-XLTDUkraine
asiaspa-chita.ru188.130.180.22castle.bz8.ru.50717FORTIS_OOO__Fortis_RussianFederation
comp.ilc.edu.ru93.180.55.28ier.ilc.msu.ru.2848MSU_Federal_State_Educational_Institution_of_Higher_Professional_Education_M.V.Lomonosov_Moscow_State_UniversityRussianFederation
dev.dickersonparkzoo.org216.69.240.39mercury.pcis.net.23127SOFNETINC_-_Sofnet_Inc.UnitedStates
drive.ispu.ru109.60.163.3ip3.ispu.ru.47241IV-TELECOM-AS_CJSC__Ivtelecom_RussianFederation
emf.ispu.ru109.60.163.3ip3.ispu.ru.47241IV-TELECOM-AS_CJSC__Ivtelecom_RussianFederation
fusefarm.com.au113.29.243.73ip-73.243.29.113.VOCUS.net.au.4826VOCUS-BACKBONE-AS_Vocus_Connect_International_BackboneAustralia
gs1by.by80.94.174.92gs1by.by.21274BAS-NET-AS_BAS-NET_NetworkBelarus
inalco2012.g-mesh.cl200.6.97.120host-200-6-97-120.iia.cl.27659Ingeniería_e_Informática_Asociada_Ltda_(IIA_Ltda)Chile
ipo-bg.com195.24.39.20ws1.websense.bg.8672ORBITEL_Orbitel_EADBulgaria
ipplan.ispu.ru109.60.163.3ip3.ispu.ru.47241IV-TELECOM-AS_CJSC__Ivtelecom_RussianFederation
kv-journal.info91.206.200.178web75.ukraine.com.ua.47781ANSUA-ASDelta-XLTDUkraine
laserdome-skovde.se193.202.110.156srv156.one.com.51468ONECOM_One.com_A/SNetherlands
live.onlinereklamen.dk81.7.132.34dns1.hostingpool.net.16095JAYNET_jay.net_a/sDenmark
meganrosemunoz.com64.40.151.128web5.websitesource.net.4250ALENT-ASN-1_-_Alentus_CorporationUnitedStates
motel-aura.ba176.9.2.45srv01.sayber.com.24940HETZNER-AS_Hetzner_Online_AGGermany
nachalka.kharkov.ua194.0.200.18s13.freehost.com.ua.42331FREEHOST_PE_FreehostUkraine
news.castleschool.co.uk79.170.44.75web75.extendcp.co.uk.31727NODE4-AS_Node4_LimitedUnitedKingdom
rca-activ.ro85.9.53.146web2.itassist.ro.5606KQRO_GTS_Telecom_SRLRomania
report.dublinport.ie78.47.3.186static.78-47-3-186.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AGGermany
scaleup.org.ua195.68.203.244h2.faust.net.ua.29074FAUST-ASN_FAUST_Ltd.Ukraine
top-dubai.biz91.250.65.147vwp10508.webpack.hosteurope.de.20773HOSTEUROPE-AS_Host_Europe_GmbHGermany
www.acclaro.com98.129.229.14NONE33070RMH-14_-_Rackspace_HostingUnitedStates
www.apa.ne.jp49.212.52.116axtv.jp.9371SAKURA-C_SAKURA_Internet_Inc.Japan
www.assaggiatore.ru92.53.96.49NONE9123TIMEWEB-AS_OOO_TimeWebRussianFederation
www.biotst.ru78.108.80.10web-farm1.majordomo.ru.43362MAJORDOMO_MAJORDOMO_LLCRussianFederation
www.biotst.ru78.108.86.10web-farm1.majordomo.ru.43362MAJORDOMO_MAJORDOMO_LLCRussianFederation
www.comrads.nl174.120.169.11b.a9.78ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
www.dege.dk193.202.110.134srv134.one.com.51468ONECOM_One.com_A/SNetherlands
www.displaytech-us.com108.162.196.194NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
www.displaytech-us.com108.162.197.194NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
www.finn-geotherm.co.uk85.233.160.70lb1.namesco.net.8622ISIONUK_Namesco_LimitedUnitedKingdom
www.hassel-bakken.dk193.202.110.7srv7.one.com.51468ONECOM_One.com_A/SDenmark
www.iraqinvestmentfund.com208.86.152.184host.draconnect.com.19066WIREDTREE_-_Cogswell_Enterprises_Inc.UnitedStates
www.ltcaccess.co.uk85.233.160.70lb1.namesco.net.8622ISIONUK_Namesco_LimitedUnitedKingdom
www.mult.dk193.202.110.23srv23.one.com.51468ONECOM_One.com_A/SDenmark
www.npi-tu.ru195.209.112.45NONE56374NPI-TU-AS_State_Educational_Institution_ofRussianFederation
www.passiivmaja.ee217.146.69.10sn10.zone.eu.49604ZONE_Zone_Media_Autonomous_SystemEstonia
www.penzafond.ru89.111.176.223fe114-1.hc.ru.41126CENTROHOST-AS_JSC_CentrohostRussianFederation
www.pevi.es82.223.164.190mlxe048.servidoresdns.net.20718AS_ARSYS-EURO-1_arsys.esSpain
www.pmbs.ac.id182.23.53.119NONE4800LINTASARTA-AS-AP_Network_Access_Provider_and_Internet_Service_ProviderIndonesia
www.puyehue-sa.cl201.238.196.246mail.transoceanica.cl.14259Gtd_Internet_S.A.Chile
www.skolaludus.sk195.210.29.1am.websupport.sk.51013WEBSUPPORT-SRO-SK-AS_Websupport_s.r.o.Slovakia
www.smithsauctions.co.nz116.90.138.225dream.247hosting.co.nz.38477UNLEASH-AS-NZ_UnleashNewZealand
www.upyr.net77.222.56.225bergen.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
www.vip-dog.ru89.111.178.72web11.r01.ru.41126CENTROHOST-AS_JSC_CentrohostRussianFederation
ibook.infopress.co.th182.50.86.66.86.50.182.static-corp.jastel.co.th.55423JASTEL-NETWORK-TH-IDC-AP_JasTel_NetworkThailand
www.greenleafchopshop.com50.56.111.6250-56-111-62.static.cloud-ips.com.19994RACKSPACE_-_Rackspace_HostingUnitedStates
homepartners.fr87.98.172.11687-98-172-116.ovh.net.16276OVH_OVH_SystemsFrance
www.collezionitoscane.info89.105.65.23889-105-65-238.lunet.it.41381LUCENSE-ASN_Lucense_SCpAItaly
www.galleriartigianato.it89.105.65.23889-105-65-238.lunet.it.41381LUCENSE-ASN_Lucense_SCpAItaly
che.dp.ua109.108.88.138109-108-88-138.kievnet.com.ua.34056KIEVNET_Kiev_Optic_Networks_Ltd.Ukraine

[カテゴリ:spam観察日記]

by jyake