index2.html - Bank of America etc...
Published: 2010/06/30
久々にバンカメのフィッシングかと思いましたが、
等のバリエーションの一つでした。
文中のリンクはこれ。
http://sonda.co.kr/index2.html
アクセス先のhtml。
最初のURLはいつもの薬屋さん。
二番目のURLはいつもの8080。
誘導先がxxxxx/index2.htmlとなっている下記のメールも同じ目的。
Subject: Your confirmation is needed → http://scp-project.ch/index2.html Subject: Reset your XXXXXXX password → http://equitativo.com.ar/index2.html Subject: Confirm your e-mail address → http://equitativo.com.ar/index2.html Subject: Confirm your e-mail address for Windows Live ID → http://tokyapbims.com/index2.html Subject: Please confirm your email to → http://equitativo.com.ar/index2.html Subject: Please confirm your message → http://www.platestahl.com/index2.html Subject: Your Amazon.com Order (XXX-XXXXXXXXXXXXXXX) → http://dengebims.com/index2.html Subject: Your XXXXXXXX account information has changed → http://standhostesi.org/index2.html
Domain Name : sonda.co.kr Registrant : aromaville Registrant Address : 895 Dangha-dong Seo-gu Incheon Korea Registrant Zip Code : 404310 Administrative Contact(AC): son young kyu AC E-Mail : sky@jundo.com AC Phone Number : 032-567-1597 Registered Date : 2003. 09. 15. Last updated Date : 2003. 09. 15. Expiration Date : 2011. 09. 15. Publishes : Y Authorized Agency : Asadal, Inc.(http://www.asadal.co.kr)
sonda.co.kr has address 222.236.220.234 IPv4 Address : 222.236.192.0-222.236.255.255 Network Name : HANANET-INFRA Connect ISP Name : broadNnet Connect Date : 20050327 Registration Date : 20050329
Domain Name: PULLKEEP.COM Registrar: CHINA SPRINGBOARD INC. Whois Server: whois.namerich.cn Referral URL: http://www.namerich.cn Name Server: NS1.SERENESWEET.COM Name Server: NS2.SERENESWEET.COM Name Server: NS3.DOORMONTH.COM Name Server: NS4.DOORMONTH.COM Name Server: NS5.0SF.RU Name Server: NS6.0SF.RU Status: clientDeleteProhibited Status: clientTransferProhibited Updated Date: 26-jun-2010 Creation Date: 26-jun-2010 Expiration Date: 26-jun-2011
PULLKEEP.COM has address 121.61.118.101 inetnum: 121.60.0.0 - 121.63.255.255 netname: CHINANET-HB descr: CHINANET Hubei province network descr: Data Communication Division descr: China Telecom country: CN
Domain Name: COMPRESSYOURMORTGAGE.COM Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS27.DOMAINCONTROL.COM Name Server: NS28.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 25-nov-2009 Creation Date: 24-nov-2007 Expiration Date: 24-nov-2010 ads.compressyourmortgage.com has address 89.200.171.216 inetnum: 89.200.168.0 - 89.200.175.255 netname: ANTAGUS-NET descr: 1st Antagus Internet GmbH country: DE
by jyake