Wire Transferスパム - infourl.htm

Published: 2012/11/15

観測日： 2012/11/14

通数： 100通/day

手法：誘導URL型

目的：マルウェア感染

誘導URLの特徴がこんな感じです。

 ｈttp://zakazpaleniatytoniu.pl/infourl.htm
 ｈttp://ochronaprawkonsumenta.pl/infourl.htm 
 ｈttp://www.leenbeke.be/lb1/sites/default/files/infourl.htm 
 ｈttp://de.berenika.biz/sites/default/files/infourl.htm 
 ｈttp://erotictrust.info/sites/all/themes/infourl.htm

いつもどおりBHEK2がらみです。

domain	IP	逆引き	AS	AS Name	Country
itu.sci.cu.edu.eg	193.227.5.25	APPL.SCI.CU.EDU.EG.	2561	EUN	Egypt
shliangfan.com	61.152.239.145	NONE	4812	CHINANET-SH-AP_China_Telecom_(Group)	China
ec.drupal-c.info	210.253.109.19	NONE	7506	INTERQ_GMO_InternetInc	Japan
mmarketing.ru	195.54.209.54	father.rinet.ru.	8331	RINET-AS_Cronyx_Plus_Ltd	RussianFederation
www.tszh.rinet.ru	195.54.209.44	vm-5.rinet.ru.	8331	RINET-AS_Cronyx_Plus_Ltd	RussianFederation
www.vlankas.ru	213.178.50.74	mx1.vlankas.ru.	8439	AIST	RussianFederation
jantarstargard.pl	89.146.199.169	main9.lh.pl.	8495	INTERNET_AG_INTERNET_AG_Global_Network	Germany
www.albrock-cafe.de	82.165.113.73	kundenserver.de.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
www.cardissa.fr	217.160.235.92	s15433216.domainepardefaut.fr.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
www.srtreffen.de	82.165.113.73	kundenserver.de.	8560	ONEANDONE-AS_1&1_Internet_AG	Germany
nikand.se	212.97.132.168	ws54.surf-town.net.	9120	SURFTOWNNET_Surftown_A/S	Denmark
www.catriders.com	173.245.60.141	cf-173-245-60-141.cloudflare.com.	13335	CLOUDFLARENET_-_CloudFlare_Inc.	UnitedStates
www.catriders.com	173.245.60.54	cf-173-245-60-54.cloudflare.com.	13335	CLOUDFLARENET_-_CloudFlare_Inc.	UnitedStates
erotictrust.info	184.73.232.107	erotictrust.com.	14618	AMAZON-AES_-_Amazon.com_Inc.	UnitedStates
www.leenbeke.be	95.211.20.85	x79.alfaservers.com.	16265	LEASEWEB_LeaseWeb_B.V.	Netherlands
18606685528.com	115.47.67.112	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
www.jhrdt.com	61.4.83.39	NONE	17964	DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.	China
mercurycube.com	208.180.24.23	park01.gkg.net.	18710	GKG-NET_-_GKG.NET_INC	UnitedStates
www.funasasaude.com.br	187.115.161.170	mail.funasasaude.com.br.	18881	Global_Village_Telecom	Brazil
soyflaca.com	184.106.6.161	NONE	19994	RACKSPACE_-_Rackspace_Hosting	UnitedStates
www.soyflaca.com.mx	184.106.6.161	NONE	19994	RACKSPACE_-_Rackspace_Hosting	UnitedStates
www.shiftinggearspet.com	68.169.52.11	NONE	20141	QUALITYTECH-SUW-300_-_Quality_Technology_Services_LLC.	UnitedStates
www.taosalon.co.uk	109.104.93.234	lvps109-104-93-234.vps.webfusion.co.uk.	20738	AS20738_Webfusion_Internet_Solutions	UnitedKingdom
www.fayetteimpressions.com	75.151.205.41	75-151-205-41-Memphis.hfc.comcastbusiness.net.	22258	COMCAST-22258_-_Comcast_Cable_Communications_Holdings_Inc	UnitedStates
bammagazine.es	78.47.74.165	server.beatsandmotion.com.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
de.berenika.biz	78.47.176.115	kotu.pl.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
www.mv-ettlingenweier.de	78.46.109.52	imp03.fandert-eservices.de.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
srkopus.com	64.131.66.103	server.krakenasia.com.	25847	SERVINT_-_ServInt	UnitedStates
www.lab-in-a-box.cc	207.58.143.19	cle.angellight.net.	25847	SERVINT_-_ServInt	UnitedStates
www.lamperthomes.com	69.163.237.211	apache2-argon.moscow.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
solymossandor.hu	87.229.26.124	x124.dataglobe.eu.	29278	DENINET-HU-AS_Deninet_KFT	Hungary
www.radclivecumchackmore.org.uk	213.175.211.240	vps.cmkemail.net.	29550	SIMPLYTRANSIT_Simply_Transit_Ltd	UnitedKingdom
www.arquiestructuras.es	67.222.2.40	NONE	30496	COLO4_-_Colo4_LLC	UnitedStates
new.tksoluzioni.it	82.113.204.37	ip6.tell.customers.twt.it.	30848	IT-TWT-AS_TWT_S.p.A.	Italy
www.voiceofpeace.org.uk	70.38.122.218	NONE	32613	IWEB-AS_-_iWeb_Technologies_Inc.	Canada
www.kcofficials.com	65.182.101.165	yuma4.brinkster.com.	33055	BCC-65-182-96-0-PHX_-_Brinkster_Communications_Corporation	UnitedStates
printingcheaper.com	50.56.134.228	NONE	33070	RMH-14_-_Rackspace_Hosting	UnitedStates
www.garylinton.com	72.29.84.27	server.gsdcc.org.	33182	DIMENOC_-_HostDime.com_Inc.	UnitedStates
www.livingtogetherlaw.com	72.29.84.27	server.gsdcc.org.	33182	DIMENOC_-_HostDime.com_Inc.	UnitedStates
www.villasdeandalucia.com	217.12.24.33	33.zone-217.12.24.juntadeandalucia.es.	34285	JJAA-AS_Sociedad_Andaluza_para_el_Desarrollo_de_las_Telecomunicaciones_S.A.	Spain
redbridge.whorunslondon.org.uk	94.229.167.25	magic.effusion.co.uk.	34934	UKFAST_UKFast.Net_Ltd	UnitedKingdom
www.mujapple.com	89.187.131.48	maserati.isol.cz.	35592	COOLHOUSING-AS_COOLHOUSING_Autonomous_System	CzechRepublic
finko.ykt.ru	77.242.4.74	host7.ykt.ru.	42451	SSN-AS_Limited_Company_Sakha_Sprint_Network	RussianFederation
www.fest-for-alle.dk	193.202.110.86	srv86.one.com.	51468	ONECOM_One.com_A/S	Denmark
www.argrp.ru	109.68.190.83	ns1.gilhost.ru.	52201	TCTEL_LLC__TC_TEL_	RussianFederation
ochronaprawkonsumenta.pl	91.228.199.142	wirt04.biznes-host.pl.	198414	BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o.	Poland
xn--zakazmiecenia-0rc.pl	91.228.199.142	wirt04.biznes-host.pl.	198414	BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o.	Poland
xn--zakazspoywaniaalkoholu-3ze.pl	91.228.199.142	wirt04.biznes-host.pl.	198414	BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o.	Poland
zakazpaleniatytoniu.pl	91.228.199.142	wirt04.biznes-host.pl.	198414	BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o.	Poland

改竄された一般サイトなので、CloudFlareのユーザーもこのリストに載ってしまうのは仕方ないですかね。

[カテゴリ:spam観察日記]

by jyake

Wire Transferスパム - infourl.htm

TOP

Contents

About cNotes

What's New