cNotes 検索 一覧 カテゴリ

WordPressのpluginsフォルダにmail.htm

Published: 2012/10/17

観測日: 2012/10/16

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染

BHEK2がらみですよね。

今回は、特定のネタではなくさまざまな文面が利用されてますが、この文面が一番多いようです。

今回の特徴は誘導URLにつかわれているhtmlファイルがpluginsかthemeフォルダにおかれています。

 http://abstract.nassassin.com/wp-content/plugins/counterize/mail.htm
 http://affairsoftheheart.rocus.org/wp-content/themes/twentyten/mail.htm
 http://assistedlivingwestminsterco.com/wp-content/plugins/zadassoaqrm/mail.htm
 http://beshapebyrossen.com/wp-content/plugins/akismet/mail.htm
 http://blog.asiatraveladvisor.com/wp-content/plugins/seo-ultimate/mail.htm
 http://blog.ghb.pl/wp-content/themes/classic/mail.htm
 http://blog.maciejgas.com/wp-content/plugins/akismet/mail.htm
 http://blog.smartphones.pk/wp-content/plugins/zfuyudfobic/mail.htm
 http://blurayplayerbargains.com/wp-content/themes/twentyten/mail.htm
 http://cajolable.com/wp-content/themes/benevolence/mail.htm
 http://css.webtm.ru/wp-content/plugins/zasqiuhomew/mail.htm
 http://darmowesexanonse.pl/wp-content/themes/twentyeleven/mail.htm
 http://desfundare-canalizare.ro/wp-content/plugins/mail.htm
 http://euro-business.com.pl/wp-content/themes/twentyeleven/mail.htm
 http://fugyourcms.com/wp-content/plugins/disable-wpautop/mail.htm
 http://gruene-pforzheim-enz.de/wp-content/plugins/akismet/mail.htm
 http://ha.falmouthjournalism.co.uk/wp-content/themes/twentyten/mail.htm
 http://haskovoi.com/wp-content/themes/twentyten/mail.htm
 http://jasonhowell.com/wp-content/plugins/akismet/mail.htm
 http://laboratoryproductions.com/wp-content/plugins/mail.htm
 http://linkfan.neteasy.pl/wp-content/plugins/akismet/mail.htm
 http://odessa.illion-ua.com/wp-content/themes/Sensation/mail.htm
 http://omstart10.onboxmedia.com/wp-content/plugins/akismet/mail.htm
 http://pandorco.com/wp-content/themes/twentyten/mail.htm
 http://pdrtl.in/wp-content/plugins/akismet/mail.htm
 http://priori.neconserver.pl/wp-content/plugins/zjrueppebau/mail.htm
 http://scottishpebbles.co.uk/wp-content/plugins/mail.htm
 http://sea-partner.com/wp-content/plugins/authimage/mail.htm
 http://spalnobelio.eu/wp-content/themes/default/mail.htm
 http://sportslegendsonline.com/wp-content/themes/twentyten/mail.htm
 http://terreros.es/wp-content/themes/mobile_pack_base/mail.htm
 http://top20.volle-information.de/wp-content/themes/seo_theme_1/mail.htm
 http://vampireavatar.com/wp-content/themes/twentyten/mail.htm
 http://vestberries.com/wp-content/themes/sliding-door/mail.htm
 http://www.0cx.org/wp-content/plugins/recent-google-searches-widget/mail.htm
 http://www.39moto.ru/wp-content/plugins/flv-player/mail.htm
 http://www.39moto.ru/wp-content/plugins/superb-slideshow/mail.htm
 http://www.aenton.se/wp-content/plugins/mail.htm
 http://www.aracotokiralama.com/wp-content/plugins/eklentiler/mail.htm
 http://www.blog.asociaciongeografica.com/wp-content/plugins/wp-hashcash/mail.htm
 http://www.cemocan24.eu.gg/wp-content/themes/twentyeleven/mail.htm
 http://www.chalkhousegreenfarm.co.uk/wp-content/themes/twentyeleven/mail.htm
 http://www.cketch.com/wp-content/plugins/wp-statistics/mail.htm
 http://www.dikk.it/wp-content/themes/twentyten/mail.htm
 http://www.fernandapinochetgeissecl/wp-content/plugins/wp-hashcash/mail.htm
 http://www.folkcure.ru/wp-content/themes/twentyeleven/mail.htm
 http://www.fotoceramica.co.il/wp-content/plugins/rtler/mail.htm
 http://www.giorno.ro/wp-content/plugins/configurable-tag-cloud-widget/mail.htm
 http://www.handygalaxy.com/wp-content/plugins/mail.htm
 http://www.hwnetwork.com/wp-content/plugins/zkcrhevioeo/mail.htm
 http://www.hy991.com/wp-content/plugins/akismet/mail.htm
 http://www.ilgiracose.it/wp-content/plugins/zueoxooirue/mail.htm
 http://www.inevco.ca/wp-content/themes/twentyeleven/mail.htm
 http://www.katalogus.msnfan.hu/wp-content/plugins/zweejobmlow/mail.htm
 http://www.kuponkonyv.com/wp-content/plugins/azigen/mail.htm
 http://www.lihovinky.cz/wp-content/themes/default/mail.htm
 http://www.namethecar.com/wp-content/plugins/tweet-this/mail.htm
 http://www.odiseya.net/wp-content/themes/twentyten/mail.htm
 http://www.rebeccasantillo.com/wp-content/themes/twentyten/mail.htm
 http://www.reclame-video.ro/wp-content/themes/wallow/mail.htm
 http://www.relief-for-anxiety.com/wp-content/themes/twentyeleven/mail.htm
 http://www.renataoosterveen.nl/wp-content/plugins/znhefbeunia/mail.htm
 http://www.sandiegodefenseattorney.org/wp-content/plugins/komoona-ads-google-adsense-companion/mail.htm
 http://www.schafhof-drachenhoehle.de/wp-content/plugins/slimbox/mail.htm
 http://www.strathconacondo.org/wp-content/themes/twentyeleven/mail.htm
 http://www.thechambrangs.be/wp-content/themes/twentyeleven/mail.htm
 http://www.tommylin.com/wp-content/plugins/mail.htm
 http://www.vivaesperanza.org/wp-content/plugins/zmwyopuvejl/mail.htm
 http://www.watchesehot.com/wp-content/plugins/akismet/mail.htm
 http://www.westparkpc.com/wp-content/plugins/add-to-any/mail.htm
 http://www.witt-hahn.com/wp-content/plugins/zogojtedgaa/mail.htm
domainip逆引きASAS NameCountry
blurayplayerbargains.com207.7.92.91host.wpcashgenerators.com.558NET2EZ_-_Net2EZUnitedStates
www.reclame-video.ro212.146.82.5server30.romania-webhosting.com.5606KQRO_GTS_Telecom_SRLRomania
affairsoftheheart.rocus.org209.51.180.253brown.mayfirst.org.6939HURRICANE_-_Hurricane_Electric_Inc.UnitedStates
www.thechambrangs.be62.182.62.174174-62.182.62.static.priorweb.net.8201EVONET_XS4ALL_Belgium_NVBelgium
omstart10.onboxmedia.com193.107.69.81host-193-107-69-81.superhosting.bg.8262LIREXNET-AS_Lirex_net_EOODBulgaria
www.katalogus.msnfan.hu195.70.57.139s24.mediacenter.hu.8358INTERWARE-AS_GTS_Hungary_Tavkozlesi_Ktf.Hungary
gruene-pforzheim-enz.de82.165.74.241kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
pandorco.com87.106.192.250clienteservidor.es.8560ONEANDONE-AS_1&1_Internet_AGSpain
terreros.es87.106.195.204clienteservidor.es.8560ONEANDONE-AS_1&1_Internet_AGSpain
www.schafhof-drachenhoehle.de82.165.84.1NONE8560ONEANDONE-AS_1&1_Internet_AGGermany
www.aracotokiralama.com188.138.16.83ns42.kebirhost.com.8972PLUSSERVER-AS_intergenia_AGGermany
css.webtm.ru92.53.96.240leonov.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
sportslegendsonline.com196.41.139.42za1.circle.co.za.12258MWEB-12258SouthAfrica
www.ilgiracose.it217.64.195.216w-07.th.seeweb.it.12637SEEWEB_Seeweb_s.r.l.Italy
beshapebyrossen.com193.107.36.80server18.host.bg.13147NETINFO_NetInfo_Ltd.Bulgaria
www.odiseya.net184.75.248.132132.248.75.184.static.intovps.com.13354ASN-EBLGLOBAL_-_EBL_Global_Networks_Inc.UnitedStates
blog.smartphones.pk75.101.133.97ec2-75-101-133-97.compute-1.amazonaws.com.14618AMAZON-AES_-_Amazon.com_Inc.UnitedStates
www.handygalaxy.com89.31.143.100NONE15598IP-EXCHANGE_IP_Exchange_GmbHGermany
www.lihovinky.cz217.11.249.138locutus.blueboard.cz.15685CASABLANCA-AS_Casablanca_INT_Autonomous_systemCzechRepublic
blog.maciejgas.com77.55.99.147adv147.rev.netart.pl.15967NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-AkcyjnaPoland
www.giorno.ro95.211.171.72web332.webfaction.com.16265LEASEWEB_LeaseWeb_B.V.Netherlands
www.hy991.com180.86.123.80NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
vestberries.com64.92.120.35paidvm5.limedomains.com.18779EGIHOSTING_-_EGIHostingUnitedStates
www.inevco.ca174.120.16.66dewey.site5.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
www.chalkhousegreenfarm.co.uk89.200.139.14hughead1.miniserver.com.24931DEDIPOWER_DediPower_Managed_Hosting_LimitedUnitedKingdom
priori.neconserver.pl78.46.66.249static.249.66.46.78.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
www.cemocan24.eu.gg46.4.149.201static.201.149.4.46.clients.your-server.de.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
www.kuponkonyv.com46.4.102.41server2.hosting55.com.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
top20.volle-information.de178.254.62.12s05.speicheranbieter.de.24989IXEUROPE-DE-FRANKFURT-ASN_Equinix_Germany_(Previously_IX_Europe_Germany_AS)Germany
abstract.nassassin.com75.119.207.8apache2-grog.cloak.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
darmowesexanonse.pl69.163.226.8apache2-igloo.seoul.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
euro-business.com.pl69.163.226.8apache2-igloo.seoul.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
fugyourcms.com173.236.173.161apache2-vat.crate.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.0cx.org173.236.190.174apache2-goo.pegasus.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.blog.asociaciongeografica.com69.163.159.170apache2-joker.bishop.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.tommylin.com69.163.137.48apache2-rank.kings.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.westparkpc.com69.163.174.21ps14951.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
blog.ghb.pl94.152.8.55host55.kei.pl.29522KEI_Krakowskie_e-Centrum_Informatyczne_JUMPPoland
www.cketch.com66.96.147.104104.147.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
www.dikk.it62.149.140.151webx141.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
vampireavatar.com205.186.179.231ekiaioicea.c08.mtsvc.net.31815MEDIATEMPLE_-_Media_Temple_Inc.UnitedStates
www.watchesehot.com72.41.118.42rev.opentransfer.com.42.118.41.72.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
blog.asiatraveladvisor.com184.171.250.19184-171-250-19.static.dimenoc.com.33182DIMENOC_-_HostDime.com_Inc.UnitedStates
www.relief-for-anxiety.com198.31.50.68host44.my-ehost.com.33724BIZNESSHOSTING_-_VOLICOUnitedStates
www.strathconacondo.org184.173.9.232pea.pearlwhitemediahosting.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
laboratoryproductions.com203.170.86.193cp3-virtual.syra.net.au.38719AUSTDOM-AS-AP_Aust_Domains_International_Pty_Ltd.Australia
www.renataoosterveen.nl94.124.93.142keurigonline30.nl.39704CJ2-AS_CJ2_Hosting&DevelopmentNetherlands
desfundare-canalizare.ro93.119.227.32NONE39743VOXILITY-AS_Voxility_S.R.L.Romania
pdrtl.in208.91.198.132cp-18.webhostbox.net.40034CONFLUENCE-NETWORK-INC_-_Confluence_Networks_IncVirginIslands
www.aenton.se195.74.38.93cl-09.atm.binero.net.41528ALEBORG-AS_Binero_ABSweden
www.39moto.ru77.222.40.78hydra.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
www.folkcure.ru77.222.56.31stockholm.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
assistedlivingwestminsterco.com66.147.244.75box775.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
cajolable.com74.220.202.35host35.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
jasonhowell.com66.147.244.154box654.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
odessa.illion-ua.com74.220.215.80host280.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.fotoceramica.co.il74.220.215.73host273.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.hwnetwork.com69.89.31.124box324.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.namethecar.com69.89.31.144box344.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.rebeccasantillo.com66.147.244.227box727.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.sandiegodefenseattorney.org66.147.244.96box796.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.vivaesperanza.org66.147.244.239box739.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
haskovoi.com91.215.216.46sea.icnhost.net.49699ICN-BG_Internet_Corporated_Networks_Ltd.Bulgaria
sea-partner.com91.215.216.16sun.icnhost.net.49699ICN-BG_Internet_Corporated_Networks_Ltd.Bulgaria
spalnobelio.eu91.215.216.44north.icnhost.net.49699ICN-BG_Internet_Corporated_Networks_Ltd.Bulgaria
www.witt-hahn.com193.202.110.193srv193.one.com.51468ONECOM_One.com_A/SNetherlands
scottishpebbles.co.uk5.28.58.74nodns.hyliahub.com.58117SWORDFISH_Swordfish_Hosting_LimitedUnitedKingdom
linkfan.neteasy.pl178.19.104.90hosted-by.slaskdatacenter.pl.59491LIVENET-PL_Livenet_Sp._z_o.o.Poland

[カテゴリ:spam観察日記]

by jyake

Powered by FreeStyleWikiLite X

TOP

Contents

About cNotes

What's New

2014/10/04 2014/08/22 2014/08/21 2014/08/15 2014/07/22 2014/07/01 2014/06/29 2014/06/28 2014/04/29 2014/04/28

2012年10月17日 19時43分12秒