facebookを騙るスパム - page5.htm
Published: 2012/08/12
観測日: 2012/8/9
通数: 100通/day
手法: 誘導URL型
目的: マルウェア感染
特徴:
サイトに設置されるスクリプトファイルのファイル名が「page5.htm」
文面はよくあるfacebookを騙るタイプ。
誘導URLの例。
http://4000678351.com/page5.htm http://assumptioncathedral.catholic.or.th/webboard/page5.htm http://cicegim.com/page5.htm http://coctail2go.com/page5.htm http://dba.selfip.com/page5.htm http://giebultowiczfoto.pl/page5.htm http://guyzingui.com/page5.htm http://illiyyun.com/page5.htm http://iplanit.biz/page5.htm http://it-source.ro/tag/sony-ericsson-vivaz/page5.htm http://kalkulation-am-bau.de/dump1/page5.htm http://linkindians.com/page5.htm http://melisjuwelier.de/page5.htm http://nagratest.com/page5.htm http://nouspouvonsrdc.org/page5.htm http://qjsy168.com/page5.htm http://ruf-arthen.de/wikidiehl/index.php/page5.htm http://ruf-arthende/wikidiehl/index.php/page5.htm http://selectprotectnsr.h-wilsonwebsolutions.co.uk/page5.htm http://shop.siouxland.dyndns.biz/page5.htm http://sh-zhengting.com/page5.htm http://sogi.cc/images/page5.htm http://sogicc/images/page5.htm http://spencergeorge.com/page5.htm http://test.blatornet.se/page5.htm http://thelivesound.altervista.org/page5.htm http://thessalonica.buffalostate.edu/wiki/wikilib.d/page5.htm http://twfighter.com/forumdata/page5.htm http://westers.se/page5.htm http://wwe.akbk.dk/index.php/page5.htm http://wwo.org.pk/page5.htm http://www.aruna.com.cn/page5.htm http://www.bergmannschor-reyershausen.de/page5.htm http://www.chspark.com/page5.htm http://www.dhyjjw.gov.cn/page5.htm http://www.enjhr.com/page5.htm http://www.futurexxxstar.net/page5.htm http://www.hojaverde.com.ec/page5.htm http://www.hundestudio-sibille.ch/page5.htm http://www.paintballalliance.com/pixel/page5.htm http://www.reiterstaffel-nrw.de/page5.htm http://www.szokeihorgaszto.hu/page5.htm http://www.tahodigital.rs/page5.htm http://www.telagile.com/page5.htm http://www.tgfarm.co.rs/page5.htm http://www.youmogu.com/page5.htm
ドメインについて。
name | ip | 逆引き | AS | AS name | Country |
---|---|---|---|---|---|
nouspouvonsrdc.org | 66.11.236.160 | 66-11-236-160.managemyvps.com. | 2044 | IINET-2044_-_Infinity_Internet_Inc. | UnitedStates |
www.bergmannschor-reyershausen.de | 80.150.6.143 | tld.t-online.de. | 3320 | DTAG_Deutsche_Telekom_AG | Germany |
ruf-arthen.de | 62.67.244.26 | s9095.evanzo-server.de. | 3356 | LEVEL3_Level_3_Communications | Germany |
qjsy168.com | 222.73.178.224 | mail.shanghai-channel.cn. | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
sh-zhengting.com | 222.73.178.224 | mail.shanghai-channel.cn. | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
www.telagile.com | 61.152.91.38 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
assumptioncathedral.catholic.or.th | 202.57.128.201 | petahost1.ns.co.th. | 7654 | SIAMGLOBE-AS-AP_Internet_Service_Provider_Co._Ltd. | Thailand |
melisjuwelier.de | 87.106.61.239 | tappisfahrschule.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
kalkulation-am-bau.de | 80.252.104.229 | srv3.pob.com. | 8893 | ARTFILES-AS_Artfiles_New_Media_GmbH | Germany |
www.tahodigital.rs | 217.26.70.86 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
giebultowiczfoto.pl | 87.98.239.19 | cluster010.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
nagratest.com | 213.186.33.2 | cluster002.ovh.net. | 16276 | OVH_OVH_Systems | France |
www.aruna.com.cn | 122.115.36.190 | NONE | 17429 | BGCTVNET_BEIJING_GEHUA_CATV_NETWORK_CO.LTD | China |
www.enjhr.com | 122.115.34.21 | NONE | 17429 | BGCTVNET_BEIJING_GEHUA_CATV_NETWORK_CO.LTD | China |
sogi.cc | 58.64.136.54 | serv136-54.hkspace.com.hk. | 17444 | NWT-AS-AP_AS_number_for_New_World_Telephone_Ltd. | HongKong |
4000678351.com | 203.158.16.75 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
thessalonica.buffalostate.edu | 136.183.193.201 | thessalonica.buffalostate.edu. | 19933 | BUFFALOSTATE_-_Buffalo_State_College | UnitedStates |
www.hundestudio-sibille.ch | 80.74.155.20 | falkenstein.sui-inter.net. | 21069 | ASN-METANET_METANET_AG_Switzerland | Switzerland |
www.hojaverde.com.ec | 64.46.67.186 | NONE | 23216 | MEGADATOS_S.A. | UnitedStates |
www.chspark.com | 66.79.181.179 | NONE | 23338 | ASN-DCS-01_-_DCS_Pacific_Star_LLC | UnitedStates |
iplanit.biz | 72.167.34.121 | ip-72-167-34-121.ip.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
www.szokeihorgaszto.hu | 79.172.211.139 | m17.maxer.hu. | 29278 | DENINET-HU-AS_Deninet_KFT | Hungary |
coctail2go.com | 91.186.20.67 | dns2.supremecenter16.co.uk. | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
guyzingui.com | 213.229.112.103 | NONE | 29550 | SIMPLYTRANSIT_Simply_Transit_Ltd | UnitedKingdom |
www.futurexxxstar.net | 208.53.168.57 | scratchy.cirtexhosting.com. | 30058 | FDCSERVERS_-_FDCservers.net | UnitedStates |
www.paintballalliance.com | 216.17.106.207 | NONE | 30266 | A1COLO-COM_-_A1COLO.COM | UnitedStates |
www.reiterstaffel-nrw.de | 195.42.120.240 | hcmg120240.tuxtools.net. | 31442 | TERIONS-BLN-AS_Terions_Communication_Ltd | Ireland |
wwo.org.pk | 96.127.146.10 | node01.tmdhosting116.com. | 32475 | SINGLEHOP-INC_-_SingleHop | UnitedStates |
shop.siouxland.dyndns.biz | 66.172.212.114 | 66-172-212-114.longlines.com. | 32867 | LLI-BLK1_-_Long_Lines_Internet | UnitedStates |
dba.selfip.com | 69.181.133.255 | c-69-181-133-255.hsd1.ca.comcast.net. | 33651 | CMCS_-_Comcast_Cable_Communications_Inc. | UnitedStates |
it-source.ro | 89.44.47.182 | 182-47-static.mxserver.ro. | 35818 | WEBFACTOR-AS_Webfactor_SRL | Romania |
test.blatornet.se | 217.70.32.136 | www1-php5.fordon.levonline.com. | 41175 | INTERNETBORDER_Internet_Border_Technolgies_AB | Sweden |
westers.se | 217.70.32.136 | www1-php5.fordon.levonline.com. | 41175 | INTERNETBORDER_Internet_Border_Technolgies_AB | Sweden |
cicegim.com | 77.245.149.33 | srv75626s1.trdns.com. | 43391 | NETDIREKT-TR_Netdirekt_A.S. | Turkey |
illiyyun.com | 77.245.149.33 | srv75626s1.trdns.com. | 43391 | NETDIREKT-TR_Netdirekt_A.S. | Turkey |
by jyake