You have been set a file
Published: 2012/12/22
クリスマス、年末に向けてスパムが増えてますね。
これはいつものBHEK2のバリエーションの一つです。sendspaceからの連絡を騙るものです。
誘導URLの特徴は「mail.htm」。
そしえ今回改竄されて利用されているサイトはbbs系?なんですかね?
http://www.clma.unict.it/modulesold/mail.htm http://www.comune.pula.ca.it/sites/all/mail.htm http://www.dublinked.ie/forum/cache/mail.htm http://www.englit.or.kr/bbs/data/mail.htm http://www.eu.be/old2_sites/default/files/mail.htm
利用されているサイトはこのあたり。世界中に。。
domain | IP | 逆引き | AS | AS Name | Country | |
---|---|---|---|---|---|---|
www.csail.mit.edu | 128.30.2.134 | hindenburg.csail.mit.edu. | 3 | MIT-GATEWAYS_-_Massachusetts_Institute_of_Technology | UnitedStates | |
disd.sta.uniroma1.it | 151.100.3.211 | hp1.sta.uniroma1.it. | 137 | ASGARR_GARR_Italian_academic_and_research_network | Italy | |
www.clma.unict.it | 151.97.242.10 | NONE | 137 | ASGARR_GARR_Italian_academic_and_research_network | Italy | |
www.allisaindotour.com | 38.126.172.14 | c14.ruskyhost.com. | 174 | COGENT_Cogent/PSI | UnitedStates | |
www.gcpvail.com | 65.38.153.249 | dev01.colorado.net. | 209 | ASN-QWEST-US_NOVARTIS-DMZ-US | UnitedStates | |
www.foerderpreisvideokunst.ch | 130.92.244.59 | zpkgenesis.unibe.ch. | 559 | SWITCH_SWITCH_Swiss_Education_and_Research_Network | Switzerland | |
www.dublinked.ie | 149.157.140.15 | pwee15.eeng.nuim.ie. | 1213 | HEANET_HEAnet_Limited | Ireland | |
www.better-living.ch | 82.195.224.128 | gic-web-bsd-028.genotec.ch. | 1836 | GREEN_green.ch_AG_Autonomous_System | Switzerland | |
human.geo.science.unideb.hu | 193.6.138.68 | mat-tamop.unideb.hu. | 1955 | HBONE-AS_HUNGARNET | Hungary | |
www.eu.be | 193.190.130.15 | fiorano.belnet.be. | 2611 | BELNET_BELNET | Belgium | |
www.arte.edu.ee | 195.250.188.58 | arte.edu.ee. | 3249 | ESTPAK_Elion_Enterprises_Ltd. | Estonia | |
e974.com | 219.136.255.162 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China | |
muchautomation.com | 61.151.239.202 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China | |
www.gzberyl.com | 218.83.160.80 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China | |
www.jpwf.org.cn | 125.32.153.251 | 251.153.32.125.adsl-pool.jlccptt.net.cn. | 4837 | CHINA169-BACKBONE_CNCGROUP_China169_Backbone | China | |
kedip.med.auth.gr | 155.207.85.7 | cornea.med.auth.gr. | 5470 | ASAUTHNET_AUTH-NET-AS | Greece | |
www.meducator3.net | 155.207.85.7 | cornea.med.auth.gr. | 5470 | ASAUTHNET_AUTH-NET-AS | Greece | |
www.matteotrialteam.it | 46.252.150.20 | srv-hp3.netsons.net. | 5602 | KPNQwest_Italia_S.p.a | Italy | |
zecherubin.pl | 80.54.119.20 | host-20-80-54-119.inter-wlan.pl. | 5617 | TPNET_Telekomunikacja_Polska_S.A. | Poland | |
www.scc.ca | 69.20.237.130 | www.scc.ca. | 7788 | MAGMA-COMM_-_Magma_Communications_Ltd. | Canada | |
avonet.dk | 91.144.244.176 | NONE | 8273 | ERTELE-AS_Verdo_Tele_A/S | Denmark | |
snob-ocenka.ru | 81.176.66.67 | hgc1.hostingcenter.ru. | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
app.ump65.net | 87.106.158.170 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany | |
calender.somnnavhda.org | 74.208.210.36 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates | |
calendrier.speedboat-service.fr | 87.106.171.227 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany | |
la-ronde-des-ducs.fr | 87.106.159.211 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany | |
ksro.mos.ru | 82.138.16.123 | NONE | 8732 | COMCOR-AS_AS_for_Moscow_Telecommunication_Corporation_(COMCOR) | RussianFederation | |
developer.jibemobile.com | 194.145.123.243 | jibe02.comspace.de. | 9182 | COMSPACEAS_COMSPACE_GmbH_&_Co_KG | Germany | |
edencell.com | 221.141.3.96 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
peaceflower4.peaceflower.org | 58.225.75.238 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
skywalking.ivyro.net | 211.49.162.40 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.englit.or.kr | 219.240.39.142 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
home.skku.ac.kr | 115.145.129.31 | home.skku.edu. | 9686 | SKKUNET-AS_SungKyunKwan_University_(SKKU) | Korea | Republic |
lecuiraparis.com | 64.77.49.162 | dns4.french-connexion.com. | 11305 | P1DH-1-ASN_-_Peer_1_Dedicated_Hosting | France | |
www.misscarpatica.info | 95.131.48.105 | sparta.freedom.hu. | 12301 | INVITEL_Invitel_Tavkozlesi_Zrt. | Hungary | |
culturesciences.chimie.ens.fr | 88.191.123.241 | sd-21988.dedibox.fr. | 12322 | PROXAD_Free_SAS | France | |
supra.it3.pl | 212.85.109.47 | v003349.home.net.pl. | 12824 | HOMEPL-AS_home.pl_sp._z_o.o. | Poland | |
50tt.guardian.co.tt | 108.162.194.99 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates | |
50tt.guardian.co.tt | 108.162.199.197 | NONE | 13335 | CLOUDFLARENET_-_CloudFlare_Inc. | UnitedStates | |
www.chartistvisitorcentre.org.uk | 109.228.24.253 | server109-228-24-253.live-servers.net. | 15418 | FASTHOSTS-INTERNET_Fasthosts_Internet_Ltd._Gloucester_UK. | UnitedKingdom | |
www.lahf.org.uk | 151.236.218.172 | li573-172.members.linode.com. | 15830 | TELECITY-LON_TELECITYGROUP_INTERNATIONAL_LIMITED | UnitedKingdom | |
sandbox.vxs.fr | 46.105.103.227 | ks383277.kimsufi.com. | 16276 | OVH_OVH_Systems | France | |
www.comune.pula.ca.it | 94.23.206.204 | ns207374.ovh.net. | 16276 | OVH_OVH_Systems | France | |
www.naturalbeauty-jo.com | 94.23.252.99 | ns383374.ovh.net. | 16276 | OVH_OVH_Systems | France | |
www.youseemii.fr | 188.165.13.107 | ns62014.ovh.net. | 16276 | OVH_OVH_Systems | France | |
www.memoria.cat | 54.246.102.65 | ec2-54-246-102-65.eu-west-1.compute.amazonaws.com. | 16509 | AMAZON-02_-_Amazon.com_Inc. | Ireland | |
womenincoffee.org | 63.252.82.15 | mysql1.microcomps.com. | 17167 | MCSNOC01_-_Microchip_Computer_Solutions_Inc. | UnitedStates | |
www.fukuseki.co.jp | 124.37.10.181 | www.en-walker.com. | 17506 | UCOM_UCOM_Corp. | Japan | |
citsgs.com | 203.158.16.66 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China | |
hitachi-beijing.com | 115.47.68.46 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China | |
sdshengyang.com | 115.47.203.122 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China | |
www.jnmaidao.com | 115.47.67.219 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China | |
www2.oeil.nc | 61.5.209.101 | NONE | 18200 | OPT-NC-AS-AP_Office_des_Postes_et_Telecommunications_New-Caledonia | NewCaledonia | |
www.konsultme.no | 184.106.55.83 | NONE | 19994 | RACKSPACE_-_Rackspace_Hosting | UnitedStates | |
epk.cm.ru | 217.174.97.10 | NONE | 20655 | E-STYLEISP-AS_http://www.e-styleisp.ru | RussianFederation | |
procenter.se | 217.13.243.204 | xj.procenter.se. | 21195 | DGCSYSTEMS_DGC_Access_AB | Sweden | |
www.idibuworld.com | 80.87.128.137 | oneworld.positive-dedicated.net. | 21260 | POSITIVE-INTERNET-UK-AS_The_Positive_Internet_Company_Ltd | UnitedKingdom | |
www.amra.org.au | 173.255.201.160 | li211-160.members.linode.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates | |
www.pjreview.info | 156.62.1.135 | gilneas.aut.ac.nz. | 24398 | AUT-NZ-AP_Auckland_University_of_Technology | NewZealand | |
saboresnasportasdegalicia.com | 176.9.84.54 | ns20.argallo.es. | 24940 | HETZNER-AS_Hetzner_Online_AG | Germany | |
www.oracleug.com | 207.58.171.77 | dev.cat4mba.com. | 25847 | SERVINT_-_ServInt | UnitedStates | |
forum.ghsclass04.com | 173.236.174.104 | apache2-pat.hartke.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
ghsclass04.com | 173.236.174.104 | apache2-pat.hartke.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
stargate.joeinfo.org | 173.236.238.55 | apache2-cid.hartke.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
webcal.joeinfo.org | 173.236.174.104 | apache2-pat.hartke.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
elitecretehouston.net | 208.109.181.231 | p3slh145.shr.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates | |
innovativemartialarts.com | 64.202.163.4 | linhost128.prod.mesa1.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates | |
corp.stlmag.com | 63.246.26.110 | 63-246-26-110.contegix.com. | 27467 | RACKMY-STL-AS1_-_XIOLINK_LLC | UnitedStates | |
www.inria.cl | 200.7.6.134 | unassigned.nic.cl. | 27678 | NIC_Chile | Chile | |
www.agiaumbria.it | 62.149.140.241 | webx231.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.borgometeo.it | 62.149.140.228 | webx218.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.cislscuolafrosinone.it | 62.149.142.60 | webx294.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.hotelvalmontone.it | 62.149.140.206 | webx196.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.ilfilodiariannaonlus.it | 62.149.140.227 | webx217.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.print-design.it | 62.149.140.167 | webx157.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.studiodalporto.eu | 62.149.142.23 | webx257.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.xdive.it | 62.149.140.202 | webx192.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
www.yhref.org.uk | 213.143.3.164 | panther.pipeten.co.uk. | 31509 | W2NETWORKING_W2_Networking_Ltd | UnitedKingdom | |
unbeatenpath.com | 71.18.107.138 | rev.opentransfer.com.138.107.18.71.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates | |
dcp-help.ru | 89.111.176.238 | fe111-1.hc.ru. | 41126 | CENTROHOST-AS_JSC_Centrohost | RussianFederation | |
www.encinaabl.com | 188.65.98.133 | aspect-server1.ha247.co.uk. | 43013 | YORKDATASERVICES_York_Data_Services_Limited | UnitedKingdom | |
www.dj-party.cz | 78.24.8.144 | apollo.vshosting.cz. | 43541 | VSHOSTING_VSHosting_s.r.o. | CzechRepublic | |
www.troax.com | 46.21.104.214 | 46-21-104-214-static.serverhotell.net. | 43948 | GLESYS-AS_GleSYS_Internet_Services_AB | Sweden | |
rattaphum2.rmutsv.ac.th | 203.158.177.1 | ns.rmutsv.ac.th. | 45575 | RMUTSV-AS-AP_Rajamangala_University_of_Technology_Srivijaya | Thailand | |
school100.centerstart.ru | 217.19.105.238 | 217-19-105-238.synterra-ug.ru. | 47218 | SYNTERRA-UG-AS_OJSC_MegaFon | RussianFederation | |
school17.centerstart.ru | 217.19.105.238 | 217-19-105-238.synterra-ug.ru. | 47218 | SYNTERRA-UG-AS_OJSC_MegaFon | RussianFederation | |
school32.centerstart.ru | 217.19.105.238 | 217-19-105-238.synterra-ug.ru. | 47218 | SYNTERRA-UG-AS_OJSC_MegaFon | RussianFederation | |
school55.centerstart.ru | 217.19.105.238 | 217-19-105-238.synterra-ug.ru. | 47218 | SYNTERRA-UG-AS_OJSC_MegaFon | RussianFederation | |
school80.centerstart.ru | 217.19.105.238 | 217-19-105-238.synterra-ug.ru. | 47218 | SYNTERRA-UG-AS_OJSC_MegaFon | RussianFederation | |
www.eutrain-project.eu | 160.40.63.78 | NONE | 47616 | CERTH_Center_for_Research_and_Technology_Hellas_(CERTH) | Greece | |
www.denieuweduigoldskomeneraan.nl | 79.99.25.101 | NONE | 48635 | PCEXTREME_PCextreme_B.V. | Netherlands | |
telbud.pl | 193.239.44.102 | grid03.agnat.pl. | 49258 | AGNATPL-AS_Agnat_Sp._z_o.o. | Poland | |
www.tonyblairfaithfoundation.org | 178.18.120.26 | NONE | 50056 | AI-NET_Advantage_Interactive_Limited | UnitedKingdom | |
agrobazar.kz | 212.154.192.40 | vkz1.hoster.kz. | 50482 | KAZAKHTELECOM-AS_JSC_Kazakhtelecom | Kazakhstan | |
cbo.danaportal.ir | 212.80.20.248 | NONE | 50733 | BINA-AS_Ertebat_Gostaran_Bina | Iran | Islamic |
www.eydo.es | 86.109.162.51 | a0099.abansys.com. | 196713 | ABANSYS_AND_HOSTYTEC-AS_Abansys_&_Hostytec_S.L. | Spain |
そこから飛ばされるサイトは
http://bilainkos.ru:8080/forum/links/column.php
% host bilainkos.ru bilainkos.ru has address 91.224.135.20 bilainkos.ru has address 187.85.160.106 bilainkos.ru has address 210.71.250.131
LT,BR,TWです。LTはいまだによく登場します。
inetnum: 91.224.134.0 - 91.224.135.255netname: PROSERVIS-NETdescr: Proservis UABcountry: LTorg: ORG-UP13-RIPEadmin-c: PJ2859-RIPEtech-c: MD138-RIPEstatus: ASSIGNED PImnt-by: RIPE-NCC-END-MNTmnt-by: MNT-ALFATELECOMmnt-by: MNT-PROSERVIS-LTmnt-lower: RIPE-NCC-END-MNTmnt-routes: MNT-PROSERVIS-LTmnt-domains: MNT-PROSERVIS-LTsource: RIPE # Filtered
%whois 187.85.160.106 inetnum: 187.85.160.104/29 aut-num: AS28343 abuse-c: NOTTE2 owner: KSYS COMCIO DE PRODUTOS DE INFORMICA LTDA ownerid: 009.466.427/0001-54 responsible: Cioney Giovany Giovanella country: BR owner-c: KSSWE tech-c: KSSWE created: 20110727 changed: 20110727 inetnum-up: 187.85.160/20 nic-hdl-br: KSSWE person: Ksys Solus Web e-mail: dominios@ksys.com.br created: 20090630 changed: 20110419
% whois 210.71.250.131 Netname: TECOM-921-TW Netblock: 210.71.250.131/32
Administrator contact: auden.hsieh@tecom.com.tw
Technical contact: auden.hsieh@tecom.com.tw
by jyake