cNotes 検索 一覧 カテゴリ

You have been set a file

Published: 2012/12/22

クリスマス、年末に向けてスパムが増えてますね。

これはいつものBHEK2のバリエーションの一つです。sendspaceからの連絡を騙るものです。

誘導URLの特徴は「mail.htm」。

そしえ今回改竄されて利用されているサイトはbbs系?なんですかね?

 http://www.clma.unict.it/modulesold/mail.htm 
 http://www.comune.pula.ca.it/sites/all/mail.htm 
 http://www.dublinked.ie/forum/cache/mail.htm 
 http://www.englit.or.kr/bbs/data/mail.htm 
 http://www.eu.be/old2_sites/default/files/mail.htm 

利用されているサイトはこのあたり。世界中に。。

domainIP逆引きASAS NameCountry
www.csail.mit.edu128.30.2.134hindenburg.csail.mit.edu.3MIT-GATEWAYS_-_Massachusetts_Institute_of_TechnologyUnitedStates
disd.sta.uniroma1.it151.100.3.211hp1.sta.uniroma1.it.137ASGARR_GARR_Italian_academic_and_research_networkItaly
www.clma.unict.it151.97.242.10NONE137ASGARR_GARR_Italian_academic_and_research_networkItaly
www.allisaindotour.com38.126.172.14c14.ruskyhost.com.174COGENT_Cogent/PSIUnitedStates
www.gcpvail.com65.38.153.249dev01.colorado.net.209ASN-QWEST-US_NOVARTIS-DMZ-USUnitedStates
www.foerderpreisvideokunst.ch130.92.244.59zpkgenesis.unibe.ch.559SWITCH_SWITCH_Swiss_Education_and_Research_NetworkSwitzerland
www.dublinked.ie149.157.140.15pwee15.eeng.nuim.ie.1213HEANET_HEAnet_LimitedIreland
www.better-living.ch82.195.224.128gic-web-bsd-028.genotec.ch.1836GREEN_green.ch_AG_Autonomous_SystemSwitzerland
human.geo.science.unideb.hu193.6.138.68mat-tamop.unideb.hu.1955HBONE-AS_HUNGARNETHungary
www.eu.be193.190.130.15fiorano.belnet.be.2611BELNET_BELNETBelgium
www.arte.edu.ee195.250.188.58arte.edu.ee.3249ESTPAK_Elion_Enterprises_Ltd.Estonia
e974.com219.136.255.162NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
muchautomation.com61.151.239.202NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
www.gzberyl.com218.83.160.80NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
www.jpwf.org.cn125.32.153.251251.153.32.125.adsl-pool.jlccptt.net.cn.4837CHINA169-BACKBONE_CNCGROUP_China169_BackboneChina
kedip.med.auth.gr155.207.85.7cornea.med.auth.gr.5470ASAUTHNET_AUTH-NET-ASGreece
www.meducator3.net155.207.85.7cornea.med.auth.gr.5470ASAUTHNET_AUTH-NET-ASGreece
www.matteotrialteam.it46.252.150.20srv-hp3.netsons.net.5602KPNQwest_Italia_S.p.aItaly
zecherubin.pl80.54.119.20host-20-80-54-119.inter-wlan.pl.5617TPNET_Telekomunikacja_Polska_S.A.Poland
www.scc.ca69.20.237.130www.scc.ca.7788MAGMA-COMM_-_Magma_Communications_Ltd.Canada
avonet.dk91.144.244.176NONE8273ERTELE-AS_Verdo_Tele_A/SDenmark
snob-ocenka.ru81.176.66.67hgc1.hostingcenter.ru.8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
app.ump65.net87.106.158.170kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
calender.somnnavhda.org74.208.210.36perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
calendrier.speedboat-service.fr87.106.171.227kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
la-ronde-des-ducs.fr87.106.159.211kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
ksro.mos.ru82.138.16.123NONE8732COMCOR-AS_AS_for_Moscow_Telecommunication_Corporation_(COMCOR)RussianFederation
developer.jibemobile.com194.145.123.243jibe02.comspace.de.9182COMSPACEAS_COMSPACE_GmbH_&_Co_KGGermany
edencell.com221.141.3.96NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
peaceflower4.peaceflower.org58.225.75.238NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
skywalking.ivyro.net211.49.162.40NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.englit.or.kr219.240.39.142NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
home.skku.ac.kr115.145.129.31home.skku.edu.9686SKKUNET-AS_SungKyunKwan_University_(SKKU)KoreaRepublic
lecuiraparis.com64.77.49.162dns4.french-connexion.com.11305P1DH-1-ASN_-_Peer_1_Dedicated_HostingFrance
www.misscarpatica.info95.131.48.105sparta.freedom.hu.12301INVITEL_Invitel_Tavkozlesi_Zrt.Hungary
culturesciences.chimie.ens.fr88.191.123.241sd-21988.dedibox.fr.12322PROXAD_Free_SASFrance
supra.it3.pl212.85.109.47v003349.home.net.pl.12824HOMEPL-AS_home.pl_sp._z_o.o.Poland
50tt.guardian.co.tt108.162.194.99NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
50tt.guardian.co.tt108.162.199.197NONE13335CLOUDFLARENET_-_CloudFlare_Inc.UnitedStates
www.chartistvisitorcentre.org.uk109.228.24.253server109-228-24-253.live-servers.net.15418FASTHOSTS-INTERNET_Fasthosts_Internet_Ltd._Gloucester_UK.UnitedKingdom
www.lahf.org.uk151.236.218.172li573-172.members.linode.com.15830TELECITY-LON_TELECITYGROUP_INTERNATIONAL_LIMITEDUnitedKingdom
sandbox.vxs.fr46.105.103.227ks383277.kimsufi.com.16276OVH_OVH_SystemsFrance
www.comune.pula.ca.it94.23.206.204ns207374.ovh.net.16276OVH_OVH_SystemsFrance
www.naturalbeauty-jo.com94.23.252.99ns383374.ovh.net.16276OVH_OVH_SystemsFrance
www.youseemii.fr188.165.13.107ns62014.ovh.net.16276OVH_OVH_SystemsFrance
www.memoria.cat54.246.102.65ec2-54-246-102-65.eu-west-1.compute.amazonaws.com.16509AMAZON-02_-_Amazon.com_Inc.Ireland
womenincoffee.org63.252.82.15mysql1.microcomps.com.17167MCSNOC01_-_Microchip_Computer_Solutions_Inc.UnitedStates
www.fukuseki.co.jp124.37.10.181www.en-walker.com.17506UCOM_UCOM_Corp.Japan
citsgs.com203.158.16.66NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
hitachi-beijing.com115.47.68.46NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
sdshengyang.com115.47.203.122NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.jnmaidao.com115.47.67.219NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www2.oeil.nc61.5.209.101NONE18200OPT-NC-AS-AP_Office_des_Postes_et_Telecommunications_New-CaledoniaNewCaledonia
www.konsultme.no184.106.55.83NONE19994RACKSPACE_-_Rackspace_HostingUnitedStates
epk.cm.ru217.174.97.10NONE20655E-STYLEISP-AS_http://www.e-styleisp.ruRussianFederation
procenter.se217.13.243.204xj.procenter.se.21195DGCSYSTEMS_DGC_Access_ABSweden
www.idibuworld.com80.87.128.137oneworld.positive-dedicated.net.21260POSITIVE-INTERNET-UK-AS_The_Positive_Internet_Company_LtdUnitedKingdom
www.amra.org.au173.255.201.160li211-160.members.linode.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
www.pjreview.info156.62.1.135gilneas.aut.ac.nz.24398AUT-NZ-AP_Auckland_University_of_TechnologyNewZealand
saboresnasportasdegalicia.com176.9.84.54ns20.argallo.es.24940HETZNER-AS_Hetzner_Online_AGGermany
www.oracleug.com207.58.171.77dev.cat4mba.com.25847SERVINT_-_ServIntUnitedStates
forum.ghsclass04.com173.236.174.104apache2-pat.hartke.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
ghsclass04.com173.236.174.104apache2-pat.hartke.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
stargate.joeinfo.org173.236.238.55apache2-cid.hartke.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
webcal.joeinfo.org173.236.174.104apache2-pat.hartke.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
elitecretehouston.net208.109.181.231p3slh145.shr.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
innovativemartialarts.com64.202.163.4linhost128.prod.mesa1.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
corp.stlmag.com63.246.26.11063-246-26-110.contegix.com.27467RACKMY-STL-AS1_-_XIOLINK_LLCUnitedStates
www.inria.cl200.7.6.134unassigned.nic.cl.27678NIC_ChileChile
www.agiaumbria.it62.149.140.241webx231.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.borgometeo.it62.149.140.228webx218.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.cislscuolafrosinone.it62.149.142.60webx294.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.hotelvalmontone.it62.149.140.206webx196.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.ilfilodiariannaonlus.it62.149.140.227webx217.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.print-design.it62.149.140.167webx157.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.studiodalporto.eu62.149.142.23webx257.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.xdive.it62.149.140.202webx192.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.yhref.org.uk213.143.3.164panther.pipeten.co.uk.31509W2NETWORKING_W2_Networking_LtdUnitedKingdom
unbeatenpath.com71.18.107.138rev.opentransfer.com.138.107.18.71.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
dcp-help.ru89.111.176.238fe111-1.hc.ru.41126CENTROHOST-AS_JSC_CentrohostRussianFederation
www.encinaabl.com188.65.98.133aspect-server1.ha247.co.uk.43013YORKDATASERVICES_York_Data_Services_LimitedUnitedKingdom
www.dj-party.cz78.24.8.144apollo.vshosting.cz.43541VSHOSTING_VSHosting_s.r.o.CzechRepublic
www.troax.com46.21.104.21446-21-104-214-static.serverhotell.net.43948GLESYS-AS_GleSYS_Internet_Services_ABSweden
rattaphum2.rmutsv.ac.th203.158.177.1ns.rmutsv.ac.th.45575RMUTSV-AS-AP_Rajamangala_University_of_Technology_SrivijayaThailand
school100.centerstart.ru217.19.105.238217-19-105-238.synterra-ug.ru.47218SYNTERRA-UG-AS_OJSC_MegaFonRussianFederation
school17.centerstart.ru217.19.105.238217-19-105-238.synterra-ug.ru.47218SYNTERRA-UG-AS_OJSC_MegaFonRussianFederation
school32.centerstart.ru217.19.105.238217-19-105-238.synterra-ug.ru.47218SYNTERRA-UG-AS_OJSC_MegaFonRussianFederation
school55.centerstart.ru217.19.105.238217-19-105-238.synterra-ug.ru.47218SYNTERRA-UG-AS_OJSC_MegaFonRussianFederation
school80.centerstart.ru217.19.105.238217-19-105-238.synterra-ug.ru.47218SYNTERRA-UG-AS_OJSC_MegaFonRussianFederation
www.eutrain-project.eu160.40.63.78NONE47616CERTH_Center_for_Research_and_Technology_Hellas_(CERTH)Greece
www.denieuweduigoldskomeneraan.nl79.99.25.101NONE48635PCEXTREME_PCextreme_B.V.Netherlands
telbud.pl193.239.44.102grid03.agnat.pl.49258AGNATPL-AS_Agnat_Sp._z_o.o.Poland
www.tonyblairfaithfoundation.org178.18.120.26NONE50056AI-NET_Advantage_Interactive_LimitedUnitedKingdom
agrobazar.kz212.154.192.40vkz1.hoster.kz.50482KAZAKHTELECOM-AS_JSC_KazakhtelecomKazakhstan
cbo.danaportal.ir212.80.20.248NONE50733BINA-AS_Ertebat_Gostaran_BinaIranIslamic
www.eydo.es86.109.162.51a0099.abansys.com.196713ABANSYS_AND_HOSTYTEC-AS_Abansys_&_Hostytec_S.L.Spain

そこから飛ばされるサイトは

 http://bilainkos.ru:8080/forum/links/column.php
 % host bilainkos.ru
 bilainkos.ru has address 91.224.135.20
 bilainkos.ru has address 187.85.160.106
 bilainkos.ru has address 210.71.250.131

LT,BR,TWです。LTはいまだによく登場します。

inetnum: 91.224.134.0 - 91.224.135.255netname: PROSERVIS-NETdescr: Proservis UABcountry: LTorg: ORG-UP13-RIPEadmin-c: PJ2859-RIPEtech-c: MD138-RIPEstatus: ASSIGNED PImnt-by: RIPE-NCC-END-MNTmnt-by: MNT-ALFATELECOMmnt-by: MNT-PROSERVIS-LTmnt-lower: RIPE-NCC-END-MNTmnt-routes: MNT-PROSERVIS-LTmnt-domains: MNT-PROSERVIS-LTsource: RIPE # Filtered

 %whois 187.85.160.106
 inetnum:     187.85.160.104/29
 aut-num:     AS28343
 abuse-c:     NOTTE2
 owner:       KSYS COMCIO DE PRODUTOS DE INFORMICA LTDA
 ownerid:     009.466.427/0001-54
 responsible: Cioney Giovany Giovanella
 country:     BR
 owner-c:     KSSWE
 tech-c:      KSSWE
 created:     20110727
 changed:     20110727
 inetnum-up:  187.85.160/20 
 
 nic-hdl-br:  KSSWE
 person:      Ksys Solus Web
 e-mail:      dominios@ksys.com.br
 created:     20090630
 changed:     20110419
 % whois 210.71.250.131
   Netname: TECOM-921-TW
   Netblock: 210.71.250.131/32
   Administrator contact:
      auden.hsieh@tecom.com.tw
   Technical contact:
      auden.hsieh@tecom.com.tw

[カテゴリ:spam観察日記]

by jyake