Wire Transferスパム - infourl.htm
Published: 2012/11/15
観測日: 2012/11/14
通数: 100通/day
手法: 誘導URL型
目的: マルウェア感染
誘導URLの特徴がこんな感じです。
http://zakazpaleniatytoniu.pl/infourl.htm http://ochronaprawkonsumenta.pl/infourl.htm http://www.leenbeke.be/lb1/sites/default/files/infourl.htm http://de.berenika.biz/sites/default/files/infourl.htm http://erotictrust.info/sites/all/themes/infourl.htm
いつもどおりBHEK2がらみです。
domain | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
itu.sci.cu.edu.eg | 193.227.5.25 | APPL.SCI.CU.EDU.EG. | 2561 | EUN | Egypt |
shliangfan.com | 61.152.239.145 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
ec.drupal-c.info | 210.253.109.19 | NONE | 7506 | INTERQ_GMO_InternetInc | Japan |
mmarketing.ru | 195.54.209.54 | father.rinet.ru. | 8331 | RINET-AS_Cronyx_Plus_Ltd | RussianFederation |
www.tszh.rinet.ru | 195.54.209.44 | vm-5.rinet.ru. | 8331 | RINET-AS_Cronyx_Plus_Ltd | RussianFederation |
www.vlankas.ru | 213.178.50.74 | mx1.vlankas.ru. | 8439 | AIST | RussianFederation |
jantarstargard.pl | 89.146.199.169 | main9.lh.pl. | 8495 | INTERNET_AG_INTERNET_AG_Global_Network | Germany |
www.albrock-cafe.de | 82.165.113.73 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
www.cardissa.fr | 217.160.235.92 | s15433216.domainepardefaut.fr. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
www.srtreffen.de | 82.165.113.73 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
nikand.se | 212.97.132.168 | ws54.surf-town.net. | 9120 | SURFTOWNNET_Surftown_A/S | Denmark |
www.catriders.com | 173.245.60.141 | cf-173-245-60-141.cloudflare.com. | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
www.catriders.com | 173.245.60.54 | cf-173-245-60-54.cloudflare.com. | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates |
erotictrust.info | 184.73.232.107 | erotictrust.com. | 14618 | AMAZON-AES_-_Amazon.com_Inc. | UnitedStates |
www.leenbeke.be | 95.211.20.85 | x79.alfaservers.com. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands |
18606685528.com | 115.47.67.112 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.jhrdt.com | 61.4.83.39 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
mercurycube.com | 208.180.24.23 | park01.gkg.net. | 18710 | GKG-NET_-_GKG.NET_INC | UnitedStates |
www.funasasaude.com.br | 187.115.161.170 | mail.funasasaude.com.br. | 18881 | Global_Village_Telecom | Brazil |
soyflaca.com | 184.106.6.161 | NONE | 19994 | RACKSPACE_-_Rackspace_Hosting | UnitedStates |
www.soyflaca.com.mx | 184.106.6.161 | NONE | 19994 | RACKSPACE_-_Rackspace_Hosting | UnitedStates |
www.shiftinggearspet.com | 68.169.52.11 | NONE | 20141 | QUALITYTECH-SUW-300_-_Quality_Technology_Services_LLC. | UnitedStates |
www.taosalon.co.uk | 109.104.93.234 | lvps109-104-93-234.vps.webfusion.co.uk. | 20738 | AS20738_Webfusion_Internet_Solutions | UnitedKingdom |
www.fayetteimpressions.com | 75.151.205.41 | 75-151-205-41-Memphis.hfc.comcastbusiness.net. | 22258 | COMCAST-22258_-_Comcast_Cable_Communications_Holdings_Inc | UnitedStates |
bammagazine.es | 78.47.74.165 | server.beatsandmotion.com. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
de.berenika.biz | 78.47.176.115 | kotu.pl. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
www.mv-ettlingenweier.de | 78.46.109.52 | imp03.fandert-eservices.de. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
srkopus.com | 64.131.66.103 | server.krakenasia.com. | 25847 | SERVINT_-_ServInt | UnitedStates |
www.lab-in-a-box.cc | 207.58.143.19 | cle.angellight.net. | 25847 | SERVINT_-_ServInt | UnitedStates |
www.lamperthomes.com | 69.163.237.211 | apache2-argon.moscow.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
solymossandor.hu | 87.229.26.124 | x124.dataglobe.eu. | 29278 | DENINET-HU-AS_Deninet_KFT | Hungary |
www.radclivecumchackmore.org.uk | 213.175.211.240 | vps.cmkemail.net. | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
www.arquiestructuras.es | 67.222.2.40 | NONE | 30496 | COLO4_-_Colo4_LLC | UnitedStates |
new.tksoluzioni.it | 82.113.204.37 | ip6.tell.customers.twt.it. | 30848 | IT-TWT-AS_TWT_S.p.A. | Italy |
www.voiceofpeace.org.uk | 70.38.122.218 | NONE | 32613 | IWEB-AS_-_iWeb_Technologies_Inc. | Canada |
www.kcofficials.com | 65.182.101.165 | yuma4.brinkster.com. | 33055 | BCC-65-182-96-0-PHX_-_Brinkster_Communications_Corporation | UnitedStates |
printingcheaper.com | 50.56.134.228 | NONE | 33070 | RMH-14_-_Rackspace_Hosting | UnitedStates |
www.garylinton.com | 72.29.84.27 | server.gsdcc.org. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
www.livingtogetherlaw.com | 72.29.84.27 | server.gsdcc.org. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
www.villasdeandalucia.com | 217.12.24.33 | 33.zone-217.12.24.juntadeandalucia.es. | 34285 | JJAA-AS_Sociedad_Andaluza_para_el_Desarrollo_de_las_Telecomunicaciones_S.A. | Spain |
redbridge.whorunslondon.org.uk | 94.229.167.25 | magic.effusion.co.uk. | 34934 | UKFAST_UKFast.Net_Ltd | UnitedKingdom |
www.mujapple.com | 89.187.131.48 | maserati.isol.cz. | 35592 | COOLHOUSING-AS_COOLHOUSING_Autonomous_System | CzechRepublic |
finko.ykt.ru | 77.242.4.74 | host7.ykt.ru. | 42451 | SSN-AS_Limited_Company_Sakha_Sprint_Network | RussianFederation |
www.fest-for-alle.dk | 193.202.110.86 | srv86.one.com. | 51468 | ONECOM_One.com_A/S | Denmark |
www.argrp.ru | 109.68.190.83 | ns1.gilhost.ru. | 52201 | TCTEL_LLC__TC_TEL_ | RussianFederation |
ochronaprawkonsumenta.pl | 91.228.199.142 | wirt04.biznes-host.pl. | 198414 | BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o. | Poland |
xn--zakazmiecenia-0rc.pl | 91.228.199.142 | wirt04.biznes-host.pl. | 198414 | BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o. | Poland |
xn--zakazspoywaniaalkoholu-3ze.pl | 91.228.199.142 | wirt04.biznes-host.pl. | 198414 | BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o. | Poland |
zakazpaleniatytoniu.pl | 91.228.199.142 | wirt04.biznes-host.pl. | 198414 | BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o. | Poland |
改竄された一般サイトなので、CloudFlareのユーザーもこのリストに載ってしまうのは仕方ないですかね。
by jyake