intuit incを騙るスパム - prolintu.html
Published: 2012/07/19
観測日: 2012/7/17
通数: 100通/day
手法: 誘導URL型
目的: マルウェア感染
特徴:
サイトに設置されるスクリプトファイルのファイル名が「prolintu.html」
はやりのパターンですが、
intuit incネタは今年の春ごろ利用されていました。
文面。
サイトに設置されるスクリプトファイルのファイル名が「prolintu.html」。
URL |
---|
http://76lube.com.cn/prolintu.html |
http://avena.vel.pl/prolintu.html |
http://baltech.biz/prolintu.html |
http://brueckenhaus-loehne.de/prolintu.html |
http://cartuner.ro/prolintu.html |
http://cd3d.com.cn/prolintu.html |
http://cengwen.com.cn/prolintu.html |
http://colegiosfxavier.com.br/prolintu.html |
http://dentusa.com.cn/prolintu.html |
http://detskydesign.cz/prolintu.html |
http://dfxg.cn/prolintu.html |
http://domeczek.org.pl/prolintu.html |
http://drfund.com.cn/prolintu.html |
http://drustvo-svs.si/prolintu.html |
http://dtgmf.com/prolintu.html |
http://ebele.jp/prolintu.html |
http://elitexcn.com/prolintu.html |
http://ermtrade.rs/prolintu.html |
http://fotoiwa.pl/prolintu.html |
http://gsmicrobox.com.ar/prolintu.html |
http://hatchee.cn/prolintu.html |
http://humanas.rs/prolintu.html |
http://hzhuali.cn/prolintu.html |
http://imayoh.com/prolintu.html |
http://incolor.pl/prolintu.html |
http://jeedtube.com/prolintu.html |
http://jurohwer.de/prolintu.html |
世界中のホスティングサービスが改竄されてますかね。
domain | IP | 逆引き | AS | AS Number | Country |
---|---|---|---|---|---|
dentusa.com.cn | 58.215.64.147 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
dfxg.cn | 61.139.126.244 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
hatchee.cn | 218.5.79.45 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
letao666.com | 118.123.7.207 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
wzm1982.com.cn | 58.215.64.147 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
jeedtube.com | 203.150.230.138 | host138.elife.co.th. | 4618 | INET-TH-AS_Internet_Thailand_Company_Limited | Thailand |
jysj.net.cn | 121.189.19.24 | NONE | 4766 | KIXS-AS-KR_Korea_Telecom | Korea |
cengwen.com.cn | 61.152.91.38 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
drfund.com.cn | 61.152.91.38 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
cartuner.ro | 193.226.163.129 | NONE | 5606 | KQRO_GTS_Telecom_SRL | Romania |
korovabar.info | 195.131.162.2 | terraon.ru. | 6690 | WEBPLUS-AS_Web_Plus_ZAO | RussianFederation |
verwertungszentrum24.de | 81.169.145.146 | w92.rzone.de. | 6724 | STRATO_STRATO_AG | Germany |
drustvo-svs.si | 195.246.12.26 | hosting-6.domovanje.com. | 6764 | PERFTECH-SLOVENIA-AS_Perftech_d.o.o. | Slovenia |
sunblade.com.br | 200.98.197.11 | whl0057.whservidor.com. | 7162 | Itanet_-_Itamarati_On-Line_Ltda. | Brazil |
gsmicrobox.com.ar | 190.228.29.81 | mx2981.godns.net. | 7303 | Telecom_Argentina_S.A. | Argentina |
smart61.in.kg | 212.42.102.209 | virtual-free.elcat.kg. | 8449 | AS8449-ELCAT_Join_Venture_Company__ElCat_ | Kyrgyzstan |
maxbau-gmbh.de | 87.106.61.239 | tappisfahrschule.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
mvbl.fr | 87.106.168.233 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
ebele.jp | 112.78.125.159 | www2319.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
imayoh.com | 219.94.162.86 | www1276.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
momokuro.jp | 112.78.125.235 | www2395.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
opti.jp | 112.78.112.186 | www1846.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
thaivbd.org | 27.254.33.57 | NONE | 9891 | CSLOX-IDC-AS-AP_CS_LOXINFO_Public_Company_Limited. | Thailand |
krawatnapogrzeb.pl | 79.96.162.250 | v092198.home.net.pl. | 12824 | HOMEPL-AS_home.pl_sp._z_o.o. | Poland |
ermtrade.rs | 217.26.70.88 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
humanas.rs | 217.26.70.84 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
trgovinastokom.com | 217.26.70.78 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
windoora.com | 217.26.70.78 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
winners.co.rs | 217.26.70.83 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
domeczek.org.pl | 87.98.239.3 | cluster015.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
fotoiwa.pl | 87.98.239.19 | cluster010.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
tomek.galezowski.o12.pl | 87.98.233.140 | s17.prothost.com. | 16276 | OVH_OVH_Systems | Poland |
76lube.com.cn | 113.10.149.50 | NONE | 17444 | NWT-AS-AP_AS_number_for_New_World_Telephone_Ltd. | HongKong |
polarbag.cn | 113.10.149.40 | NONE | 17444 | NWT-AS-AP_AS_number_for_New_World_Telephone_Ltd. | HongKong |
cd3d.com.cn | 115.47.203.172 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
landscapecompany.com.cn | 203.158.16.38 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
samoji.cn | 115.47.171.55 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
rocs.ro | 188.214.21.2 | vg1.gazduire.ro. | 20616 | NETBRIDGE-AS_NetBridge_Services_SRL | Romania |
jurohwer.de | 80.237.133.13 | wp244.webpack.hosteurope.de. | 20773 | HOSTEUROPE-AS_Host_Europe_GmbH | Germany |
sabrinasexy.altervista.org | 78.46.107.6 | ns77.altervista.org. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
spschelmonie.pl | 88.198.47.220 | nil.cal.pl. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
zelotnoob.altervista.org | 178.63.8.150 | ns95.altervista.org. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
detskydesign.cz | 81.31.47.235 | iris.fortion.net. | 24971 | MASTER-AS_Master_Internet_s.r.o_/_Czech_Republic_/_www.master.cz | CzechRepublic |
brueckenhaus-loehne.de | 89.110.129.53 | eden3.netclusive.de. | 24989 | IXEUROPE-DE-FRANKFURT-ASN_Equinix_Germany_(Previously_IX_Europe_Germany_AS) | Germany |
px-webshop.px-webserver.de | 91.223.141.147 | NONE | 25504 | CRONON-AS_Vautron_Rechenzentrum_AG | Germany |
dtgmf.com | 97.74.215.196 | p3nw8sh137.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
kvkli.cz | 93.99.138.150 | NONE | 29113 | SLOANE-AS_UPC_Ceska_Republica_s.r.o. | CzechRepublic |
v10074251m5425.vlnet.pl | 217.76.112.20 | web4.vline.pl. | 29553 | VLINE-AS_Virtual_Line | Poland |
avena.vel.pl | 82.96.94.2 | baldur.vel.pl. | 29686 | PROBENETWORKS-AS_Probe_Networks | Germany |
incolor.pl | 82.96.94.80 | gemini.vel.pl. | 29686 | PROBENETWORKS-AS_Probe_Networks | Germany |
lnx.ngserviceonline.com | 62.149.140.106 | webx96.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.151 | mxd6.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.154 | mxd7.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.157 | mxd8.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.160 | mxd1.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.163 | mxd2.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.166 | mxd3.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.72 | mxd4.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
mobilicannata.it | 62.149.128.74 | mxd5.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.151 | mxd6.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.154 | mxd7.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.157 | mxd8.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.160 | mxd1.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.163 | mxd2.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.166 | mxd3.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.72 | mxd4.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
zero16.com | 62.149.128.74 | mxd5.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
baltech.biz | 80.93.62.2 | tango.z8.ru. | 35569 | PETERHOST-MOSCOW_Concorde_Ltd. | RussianFederation |
zghcyy.com | 203.124.13.211 | 203124013211.hkserverdomain.com. | 38277 | CLINK-AS-AP_CommuniLink_Internet_Limited. | HongKong |
klub-modrosti.eu | 91.185.211.67 | b1.hitrost.net. | 41828 | TUSMOBIL_TUSMOBIL_network | Slovenia |
smj.biznesport.info.pl | 77.88.139.133 | 139-133.nitka.net.pl. | 49289 | NITKA-NET_ELPRO_-_Elektronika_Profesjonalna_Waldemar_Nitka | Poland |
colegiosfxavier.com.br | 177.84.130.2 | r4linuxserver06.com.br. | 262586 | Brazil |
ここにリダイレクトされます。
http://mailmergesfinger.org/main.php?page=bfc8be54a0120bca
いつもどおりです。
すでに対策済み?
Domain ID:D166091193-LROR Domain Name:MAILMERGESFINGER.ORG Created On:16-Jul-2012 13:36:07 UTC Last Updated On:17-Jul-2012 09:35:10 UTC Expiration Date:16-Jul-2013 13:36:07 UTC Sponsoring Registrar:Click Registrar, Inc. d/b/a publicdomainregistry.com (R1935-LROR) Status:CLIENT DELETE PROHIBITED Status:CLIENT HOLD Status:CLIENT RENEW PROHIBITED Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Status:TRANSFER PROHIBITED Status:ADDPERIOD Registrant ID:CR_23226623 Registrant Name:Cad Lashmit Registrant Organization:N/A Registrant Street1:W Alpine Rd Registrant Street2: Registrant Street3: Registrant City:Austin Registrant State/Province:TX Registrant Postal Code:78704 Registrant Country:US
by jyake