cNotes 検索 一覧 カテゴリ

Your UPS derivery tracking - upy.htm

Published: 2012/06/18

観測日: 2012/6/16

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染

特徴:

サイトに設置されるスクリプトファイルのファイル名が「upy.htm」

UPS系のバリエーション

  • CVE-2010-1885
  • CVE-2012-0507

こんな文面。

URLはこのような感じ。

 http://neuafrika.com/wp/wp-content/uploads/fgallery/upy.html
 http://targetyoursitelocally.com/upy.html
 http://leftneglected.com/upy.html
 http://barritshayes.co.uk/upy.html
 http://discounthandbags.bz6.org/upy.html
 http://112-gouda.nl/upy.html
 http://asktheunicorn.com/upy.html
 http://kay.lensjournal.com/upy.html
 http://everingwarcraft.com/upy.html
 http://sweetygreen33.sabahblog.com/upy.html
 http://bestcamera.iblog365.com/upy.html
 http://cincinnaticoupons.net/upy.html
 http://justynsmith.com/upy.html
 http://iworkwithmusic.com/upy.html
 http://newsinfo.iblog365.com/upy.html
 http://advancedesign.ie/upy.html
 http://twrichards.tateauthor.com/wp-content/uploads/fgallery/upy.html
 http://barritshayes.co.uk/upy.html
 http://donziboatsforsalefeaturedintvandfilm.myfirstblog.org/upy.html
 http://mayflowerquiz.co.uk/upy.html
 http://slick-deals.org/upy.html
 http://sneakydragon.com/upy.html
 http://surfrhythm.com/upy.html
 http://whistlerblackcombrealestate.com//upy.html
 http://homesfromepic.com//upy.html
 http://jamesfrancovideos.myfirstblog.org/upy.html
 http://skigogglesoakley.runskateboard.com/upy.html
 http://swtorcredits.b34.us/upy.html
 http://afterjia.bz6.org/upy.html
 http://greatblog.myfirstblog.org/upy.html
 http://homeandrenovation.ca//upy.html
 http://oralhistory.blogs.suffolk.edu/upy.html
 http://sundaymovies.iblog365.com/upy.html
 http://thelosttruthsaboutourlives.tateauthor.com/wp-content/uploads/fgallery/upy.html
 http://bckamloops.ca//upy.html
 http://brcine.net/upy.html
 http://iblog365.com/upy.html
 http://musiclib.myfirstblog.org/upy.html
 http://kitesurfstore.net/upy.html
 http://liveblog.classcaster.net/upy.html
 http://marketingco-opgroup.com/upy.html
 http://mubees.com/upy.html
 http://richpykecomputerservices.com/upy.html
 http://scarlettjohanssonnews.myfirstblog.org/upy.html
 http://texnolyze.se/upy.html
 http://viralcastmedia.com/upy.html
 http://apaqrashouse.bondageradio.com/upy.html
 http://blueridgemanorbnb.com/upy.html
 http://edwardbrownlee.tateauthor.com/wp-content/uploads/fgallery/upy.html
 http://elgallocomponents.com/upy.html
 http://espiti.com//upy.html
 http://goldsgee.sabahblog.com/upy.html
 http://kidsinternetsafetyguide.com/upy.html
 http://outboardboatmotor1.iblog365.com/upy.html
 http://seattlechili.com/upy.html
 http://solarzmr.nazwa.pl/petrolhearts/wp-content/uploads/fgallery/upy.html
 http://webdesign.echotam.com/upy.html
 http://broker.be//upy.html
 http://cheapiceskatingdresses.com/upy.html
 http://cyber2day.com//upy.html
 http://freelancewriterroad.com/upy.html
 http://freemoviednlds.com/upy.html
 http://guccioutletse9.sabahblog.com/upy.html
 http://ispyder.iblog365.com/upy.html
 http://jamesmac.ca/upy.html
 http://jimmydiets.iblog365.com/upy.html
 http://landonslaughter.com/upy.html
 http://seekrin.com//upy.html
 http://theharbinger.tateauthor.com/wp-content/uploads/fgallery/upy.html
 http://uggrao.sabahblog.com/upy.html
 http://canadagoosejakke.bz6.org/upy.html
 http://ebay.nuspc.com/upy.html
 http://neuafrika.com/wp/wp-content/uploads/fgallery/upy.html
 http://seeksafely.org/upy.html
 http://tv.nuspc.com/upy.html
 http://zt96.lifeblogs.org/upy.html
 http://anne-kerstin-busch.com/upy.html
 http://cebulifestyles.com/upy.html
 http://joen.superfastcashmachine.com/upy.html
 http://le-colombier.net/upy.html
 http://midwestballers.com/upy.html
 http://moviesathome.net/upy.html
 http://skateboardrampshalfpipe.runskateboard.com/upy.html
 http://targetyoursitelocally.com/upy.html
 http://terryhall.seobake.com//upy.html
 http://theservicedoffice.co.uk//upy.html
 http://totalitati.mug.ro/upy.html
 http://worship.mccchurch.org/upy.html

ドメインに関する情報。今回はUSが多いパターン。

domainIP逆引きASAS NameCountry
everingwarcraft.com207.244.194.3207.244.194.3.static.colo.hostirian.com.6428CDM_-_CDMUnitedStates
edwardbrownlee.tateauthor.com209.217.63.29aux-209-217-63-29.webhero.com.7258CATALOG-AS7258_-_Catalog.comUnitedStates
theharbinger.tateauthor.com209.217.63.29aux-209-217-63-29.webhero.com.7258CATALOG-AS7258_-_Catalog.comUnitedStates
thelosttruthsaboutourlives.tateauthor.com209.217.63.29aux-209-217-63-29.webhero.com.7258CATALOG-AS7258_-_Catalog.comUnitedStates
twrichards.tateauthor.com209.217.63.29aux-209-217-63-29.webhero.com.7258CATALOG-AS7258_-_Catalog.comUnitedStates
mayflowerquiz.co.uk94.102.159.107server8.custardmedia.co.uk.8426CLARANET-AS_ClaraNET_LTDUnitedKingdom
elgallocomponents.com87.106.157.212clienteservidor.es.8560ONEANDONE-AS_1&1_Internet_AGSpain
totalitati.mug.ro82.77.241.5mug.xtekservers.net.8708RDSNET_RCS_&_RDS_S.A.Romania
freelancewriterroad.com207.182.131.281c.83.b6.static.xlhost.com.10297ENET-2_-_eNET_Inc.UnitedStates
cebulifestyles.com209.126.208.132omswebhosting.com.10439CARINET_-_CariNet_Inc.UnitedStates
liveblog.classcaster.net184.72.251.64ec2-184-72-251-64.compute-1.amazonaws.com.14618AMAZON-AES_-_Amazon.com_Inc.UnitedStates
asktheunicorn.com74.50.4.215kokab.lunarservers.com.15244ADDD2NET-COM-INC-DBA-LUNARPAGES_-_Lunar_PagesUnitedStates
solarzmr.nazwa.pl85.128.230.241anv241.rev.netart.pl.15967NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-AkcyjnaPoland
freemoviednlds.com82.192.92.66hosted-by.leaseweb.com.16265LEASEWEB_LeaseWeb_B.V.Netherlands
afterjia.bz6.org87.98.221.7787-98-221-77.ovh.net.16276OVH_OVH_SystemsFrance
canadagoosejakke.bz6.org87.98.221.7787-98-221-77.ovh.net.16276OVH_OVH_SystemsFrance
cyber2day.com37.49.227.33NONE16276OVH_OVH_SystemsNetherlands
discounthandbags.bz6.org87.98.221.7787-98-221-77.ovh.net.16276OVH_OVH_SystemsFrance
le-colombier.net178.33.204.24http1.web4all.fr.16276OVH_OVH_SystemsFrance
oralhistory.blogs.suffolk.edu192.138.214.163studentgroups.suffolk.edu.20143SUNET-1_-_Suffolk_UniversityUnitedStates
jamesmac.ca69.27.99.162madalsa.com.20218BLACKSUN_-_BlackSun_Inc.Canada
donziboatsforsalefeaturedintvandfilm.myfirstblog.org184.82.154.211211.allbee.com.br.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
greatblog.myfirstblog.org184.82.154.211211.allbee.com.br.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
jamesfrancovideos.myfirstblog.org184.82.154.211211.allbee.com.br.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
musiclib.myfirstblog.org184.82.154.211211.allbee.com.br.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
scarlettjohanssonnews.myfirstblog.org184.82.154.211211.allbee.com.br.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
homesfromepic.com174.120.189.220dc.bd.78ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
joen.superfastcashmachine.com174.122.52.99.34.7aae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
justynsmith.com74.54.110.186ba.6e.364a.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
mubees.com69.56.136.4028.88.3845.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
seeksafely.org74.53.44.1388a.2c.354a.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
targetyoursitelocally.com174.120.43.218da.2b.78ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
terryhall.seobake.com74.53.44.1388a.2c.354a.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
theservicedoffice.co.uk174.132.149.185b9.95.84ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
viralcastmedia.com74.54.77.244f4.4d.364a.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
webdesign.echotam.com174.120.202.222de.ca.78ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
worship.mccchurch.org174.120.136.187bb.88.78ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
zt96.lifeblogs.org174.122.106.10367.6a.7aae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
seekrin.com204.93.165.4robinhood.my-hosting-panel.com.23352SERVERCENTRAL_-_Server_Central_NetworkUnitedStates
leftneglected.com100.42.59.15stats.weasel.arvixe.com.25653FORTRESSITX_-_FortressITXUnitedStates
iworkwithmusic.com65.254.250.10365-254-250-103.yourhostingaccount.com.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
neuafrika.com66.96.134.2929.134.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
sneakydragon.com66.96.160.145145.160.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
bestcamera.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
ispyder.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
jimmydiets.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
newsinfo.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
outboardboatmotor1.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
sundaymovies.iblog365.com209.236.126.123209.236.126.123.tailormadeservers.com.30496COLO4_-_Colo4_LLCSingapore
anne-kerstin-busch.com87.118.114.210server16.dmsolutionsonline.de.31103KEYWEB-AS_Keyweb_AGGermany
barritshayes.co.uk89.187.66.156156-66-187-89.keepnet.net.31708COREIX-UK-AS_Coreix_LimitedUnitedKingdom
richpykecomputerservices.com79.170.44.103web103.extendcp.co.uk.31727NODE4-AS_Node4_Ltd_UKUnitedKingdom
kidsinternetsafetyguide.com67.227.156.197host.dumagueteinfo.com.32244LIQUID-WEB-INC_-_Liquid_Web_Inc.UnitedStates
bckamloops.ca184.154.82.154server2.icanhost.ca.32475SINGLEHOP-INC_-_SingleHopUnitedStates
marketingco-opgroup.com208.117.45.193marketingco-opgroup.com.32748STEADFAST_-_Steadfast_NetworksUnitedStates
brcine.net50.115.163.101feirabrasileira.feirabrasileira.com.br.32875VIRPUS_-_DNSSLAVE.COMUnitedStates
broker.be217.21.184.210217.21.184.210.static.hosted.by.combell.com.34762COMBELL-AS_Combell_group_NVBelgium
kitesurfstore.net96.43.91.180NONE35916MULTA-ASN1_-_MULTACOM_CORPORATIONUnitedStates
apaqrashouse.bondageradio.com184.173.213.64ns2958.hostgator.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
ebay.nuspc.com108.167.172.206NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
goldsgee.sabahblog.com173.193.108.152173.193.108.152-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
guccioutletse9.sabahblog.com173.193.108.152173.193.108.152-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
kay.lensjournal.com216.172.166.234NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
landonslaughter.com96.125.174.27NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
midwestballers.com216.172.184.240ns3278.hostgator.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
moviesathome.net184.172.188.195184.172.188.195-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
skateboardrampshalfpipe.runskateboard.com216.172.186.167NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
skigogglesoakley.runskateboard.com216.172.186.167NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
slick-deals.org184.173.229.64ns3002.hostgator.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
surfrhythm.com216.172.171.166NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
sweetygreen33.sabahblog.com173.193.108.152173.193.108.152-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
tv.nuspc.com108.167.172.206NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
uggrao.sabahblog.com173.193.108.152173.193.108.152-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
advancedesign.ie78.153.215.161pemlinweb68.blacknight.com.39122BLACKNIGHT-AS_Blacknight_Internet_Solutions_LtdIreland
swtorcredits.b34.us193.93.205.98ip98-205.efuzja.net.pl.39760EFUZJA-AS_Autonomous_System_for_eFUZJAPoland
cincinnaticoupons.net67.23.123.130mail.hscapcorp.com.40015MOVECLICKLLC_-_Yellow_Fiber_NetworksUnitedStates
texnolyze.se188.95.227.20atapache.citynetwork.se.42695CNHAB_City_Network_Hosting_ABSweden
cheapiceskatingdresses.com97.79.237.230230.237.79.97.gvodatacenter.com.46549GVO_-_Global_Virtual_OpportunitiesUnitedStates
blueridgemanorbnb.com173.254.28.94just94.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
espiti.com69.195.68.9569-195-68-95.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
homeandrenovation.ca69.195.93.5169-195-93-51.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
seattlechili.com70.40.198.1670-40-198-16.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
whistlerblackcombrealestate.com66.147.244.152box652.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
112-gouda.nl194.247.30.103picard11.deziweb.com.48539OXILION-AS_Oxilion_B.V.Netherlands

本体サイト。

   Domain Name: AUTOBOURACKY.NET
   Registrar: REGISTER.COM, INC.
   Whois Server: whois.register.com
   Referral URL: http://www.register.com
   Name Server: SK.S5.CM.NS1.37.ZTOMY.COM
   Name Server: SK.S5.CM.NS2.37.ZTOMY.COM
   Status: clientTransferProhibited
   Updated Date: 16-jun-2012
   Creation Date: 08-jun-2012
   Expiration Date: 08-jun-2013
IP逆引きASAS NameCountry
208.91.197.54208.91.197-54.confluence-networks.com.40034CONFLUENCE-NETWORK-INC_-_Confluence_Networks_IncVirginIslands

[カテゴリ:spam観察日記]

by jyake