cNotes 検索 一覧 カテゴリ

XXX wants to be friends on Facebook 2

Published: 2011/08/24

誘導先のサイトの化けが解消されてました。

あいかわらず検出率は低いかな。(10/44)

http://www.virustotal.com/file-scan/report.html?id=387d5693674f3944ed3cda42ddf04f14ae814fa06f3444246651bc79b327544a-1314154607


誘導サイトのドメインがこのように変化してます。

 session58777845350936.pmstdl.com 
 session27820525035232.pmstdl.com 
 session49897951993085.pmstdl.com 
 :
 :
 ↓
 session25109785802284.fileuplarc.com 
 session51597671149419.fileuplarc.com 
 session23781692059410.fileuplarc.com 
 session07068235199077.fileuplarc.com 
 session44115408945192.fileuplarc.com 
 :
 :
 ↓
 session70720582448771.downtohole.com

   Domain Name: PMSTDL.COM
   Registrar: REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER
   Whois Server: whois.nic.ru
   Referral URL: http://www.nic.ru
   Name Server: No nameserver
   Status: clientHold
   Status: clientTransferProhibited
   Updated Date: 23-aug-2011
   Creation Date: 27-jul-2011
   Expiration Date: 27-jul-2012
 Domain name:             PMSTDL.COM
 Creation Date:           2011.07.27
 Updated Date:            2011.07.28
 Expiration Date:         2012.07.27
 
 Status:                  NOT DELEGATED
 
 Registrant ID:           DIR5RYL-RU
 Registrant Name:         Aleksei O Zhukov
 Registrant Organization: Aleksei O Zhukov
 Registrant Street1:      Kosmonavtov ul., 1-64
 Registrant City:         Korolev
 Registrant State:        Moskovskaya Oblast
 Registrant Postal Code:  141075
 Registrant Country:      RU
 Aレコードなし

   Domain Name: FILEUPLARC.COM
   Registrar: PLANETDOMAIN PTY LTD.
   Whois Server: whois.planetdomain.com
   Referral URL: http://www.planetdomain.com
   Name Server: NS1.LARECONEXIONDELSER.NET
   Name Server: NS1.REMIANN.NET
   Status: ok
   Updated Date: 20-aug-2011
   Creation Date: 08-jun-2011
   Expiration Date: 08-jun-2012
   Domain Name: FILEUPLARC.COM
      Reseller..............: DNMaster LLC
      Created on............: 9 Jun 2011 01:52:45 EST
      Expires on............: 9 Jun 2012 01:52:45 EST
      Record last updated on: 9 Jun 2011 01:52:45 EST
      Status................: ACTIVE
   Owner, Administrative Contact, Technical Contact, Billing Contact:
      Sebastijan Stancar (ID00466654)
      Slovenska cesta 34
      Ljubljana, Ljubljana 1000
      SI
      Phone: +386.12517164
      Email: clank@mailti.com
 % host session44115408945192.fileuplarc.com
 session44115408945192.fileuplarc.com has address 84.123.147.146
 session44115408945192.fileuplarc.com has address 114.134.131.217
 session44115408945192.fileuplarc.com has address 71.217.16.172
 session44115408945192.fileuplarc.com has address 83.221.72.119

   Domain Name: DOWNTOHOLE.COM
   Registrar: PAKNIC (PRIVATE) LIMITED
   Whois Server: whois.paknic.com
   Referral URL: http://www.paknic.com
   Name Server: NS1.LARECONEXIONDELSER.NET
   Name Server: NS1.REMIANN.NET
   Status: ok
   Updated Date: 23-aug-2011
   Creation Date: 25-feb-2011
   Expiration Date: 25-feb-2012
 Domain name: DOWNTOHOLE.COM
 
 Created On: 2/25/2011 7:11:53 PM
 Expires On: 2/25/2012 7:11:53 PM
 Last Updated On: 2/25/2011 7:11:53 PM
 Domain Status:
 
 Registrant [PAK11022576505-1]:
        NA
        Sergey Kulakov        cents@bz3.ru
        ul.Marshala Kazakova d.1 k.2 kv.308
        Sankt-Peterburg, Sankt-Peterburg 198302
        RU
        Phone: 7.812102324 Ext: 
        Fax: 1.
 %host session91247034735799.downtohole.com
 session91247034735799.downtohole.com has address 71.217.16.172
 session91247034735799.downtohole.com has address 83.221.72.119
 session91247034735799.downtohole.com has address 84.123.147.146
 session91247034735799.downtohole.com has address 114.134.131.217
 session91247034735799.downtohole.com has address 200.125.77.157

久しぶりにこの形態?

IP逆引きASAS name
71.217.16.17271-217-16-172.tukw.qwest.net.209ASN-QWESTUS
83.221.72.11983-221-72-119.dynamic.primacom.net.16202PRIMACOM-ASDE
84.123.147.14684.123.147.146.dyn.user.ono.com.6739ONO-ASES
114.134.131.217cmu07d217.cncm.ne.jp.10000NCMJP
200.125.77.157cpe-200-125-77-157.telecentro-reversos.com.ar.27747NO_ENTRIESAR

[カテゴリ:spam観察日記]

by jyake