cNotes 検索 一覧 カテゴリ

navisiteseparation.net - iprprocsd.html

Published: 2012/10/18

観測日: 2012/10/17

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染


誘導URLがこんな感じ。

 http://www.relief-for-anxiety.com/wp-content/themes/twentyeleven/iprprocsd.html 
 http://jaybeee.name/wp-content/plugins/wassup/iprprocsd.html
 http://www.indianbusybees.com/blog/wp-content/plugins/akismet/iprprocsd.html 
 http://qjin-ueno.huuzoku.net/blog/wp-content/plugins/twitter-goodies/iprprocsd.html 

このファイルの中身のリダイレクトの手法が変更されています。

 navisiteseparation.net has address 141.8.224.162
  CH, Switzerland

日本のサイトもちらほら改竄。

domainIP逆引きASAS NameCountry
paulgravelle.com74.117.220.29ns29.dnchosting.com.4935DIRECTNIC-ANYCAST1-EASTCOAST_-_DirectNIC_Ltd.CaymanIslands
affairsoftheheart.rocus.org209.51.180.253brown.mayfirst.org.6939HURRICANE_-_Hurricane_Electric_Inc.UnitedStates
www.folhaacademica.com.br200.98.197.93whl0046.whservidor.com.7162Itanet_-_Itamarati_On-Line_Ltda.Brazil
www.indianbusybees.com216.151.164.65shared-hosting.njtech.com.7393CYBERCON_-_CYBERCON_INC.Canada
log.panicc.jp157.7.144.5www.gmoserver.jp.7506INTERQ_GMO_InternetIncJapan
material212.com210.172.144.156lb09.virt.lolipop.jp.7506INTERQ_GMO_InternetIncJapan
sakuragate.jp210.172.144.24lb05.virt.lolipop.jp.7506INTERQ_GMO_InternetIncJapan
evangordonphotography.com74.208.57.32perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
www.eyslerimaging.com74.208.237.69perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
www.lokigaming.com74.208.81.200perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
www.softchecker.net62.75.166.3232-166-75-62.ip.sr-itsysteme.de.8972PLUSSERVER-AS_intergenia_AGGermany
css.webtm.ru92.53.96.240leonov.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
qjin-ueno.huuzoku.net219.94.155.239www449b.sakura.ne.jp.9371SAKURA-C_SAKURA_Internet_Inc.Japan
www.ilgiracose.it217.64.195.216w-07.th.seeweb.it.12637SEEWEB_Seeweb_s.r.l.Italy
www.letiziaragni.it217.64.195.223w-03.th.seeweb.it.12637SEEWEB_Seeweb_s.r.l.Italy
www.eatbok.com69.49.96.33hostingc6-18.megawebservers.com.14116INFB-AS_-_InternetNamesForBusiness.comUnitedStates
blueskier.com208.38.188.80ganymede.cleverdot.com.16724ESC-TPA-CW-AP_-_E_Solutions_CorporationUnitedStates
vestberries.com64.92.120.35paidvm5.limedomains.com.18779EGIHOSTING_-_EGIHostingUnitedStates
user3.inet.vn202.92.4.27NONE24177INET-AS-AP_iNET_Media_Company_LtdVietnam
blogs.flashfingaz.de188.40.130.227users.flashfingaz.de.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
www.ovadis.at95.143.172.53scorpius.uberspace.de.25560RHTEC-AS_rh-tec_IP_BackboneGermany
mattgonzales.net208.76.80.13endor.tchmachines.com.25767WAVEFORM_-_Waveform_Technology_LLCUnitedStates
www.tommylin.com69.163.137.48apache2-rank.kings.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
www.tamparooferreviews.com72.167.131.154p3slh194.shr.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
wohnungen-und-frankfurt.de77.236.97.53webbox1193.server-home.net.29339MBBG-AS_Markus_Bach_Betriebs_Gesellschaft_mbHGermany
music4assemblies.com66.96.147.119119.147.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
www.wordtour.com65.254.248.19765-254-248-197.yourhostingaccount.com.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
womenfitnesssite.com8.29.140.638-29-140-63.bhsrv.net.30152BEYOND-HOSTING_-_Beyond_Hosting_LLCUnitedStates
www.rugbyseacadets.com217.115.119.85cpanel33.fastsecurehost.com.30900WEBWORLD-AS_Web_World_IrelandIreland
www.reisfa.eti.br85.13.236.90host.data.srv.br.31708COREIX-UK-AS_Coreix_LimitedUnitedKingdom
jashn.amruts.com74.91.216.22.webhosting.ecommerce.com.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
vijayainfotech.com98.130.128.2rev.opentransfer.com.2.128.130.98.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
blog.asiatraveladvisor.com184.171.250.19184-171-250-19.static.dimenoc.com.33182DIMENOC_-_HostDime.com_Inc.UnitedStates
www.relief-for-anxiety.com198.31.50.68host44.my-ehost.com.33724BIZNESSHOSTING_-_VOLICOUnitedStates
www.smallclaimadvisor.com68.180.151.96p2p-i.geo.vip.sp1.yahoo.com.36752YAHOO-SP1_-_YahooUnitedStates
jaybeee.name93.158.114.176s-5d9e72b0.fiveslots.net.39369PORT80_Phonera_Networks_ABSweden
www.renataoosterveen.nl94.124.93.142keurigonline30.nl.39704CJ2-AS_CJ2_Hosting&DevelopmentNetherlands
www.aenton.se195.74.38.93cl-09.atm.binero.net.41528ALEBORG-AS_Binero_ABSweden
www.xn--bttvtten-3zag.se195.74.38.18lb-lsp02.atm.binero.net.41528ALEBORG-AS_Binero_ABSweden
www.39moto.ru77.222.40.78hydra.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
www.39moto.ru77.222.40.78hydra.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
www.folkcure.ru77.222.56.31stockholm.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
inthesandtrap.com74.220.207.158host158.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
odessa.illion-ua.com74.220.215.80host280.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
piccollection.net173.254.28.83just83.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
takeyourcameraforawalk.org69.89.31.164box364.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.carapearlman.com66.147.244.166box666.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.chengdongjian.com173.254.28.80just80.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.qmo-a.com69.89.31.99box299.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.sbvespa.com66.147.244.193box693.bluehost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
salonhoshanne.dk193.202.110.183srv183.one.com.51468ONECOM_One.com_A/SNetherlands

[カテゴリ:spam観察日記]

by jyake