navisiteseparation.net - iprprocsd.html
Published: 2012/10/18
観測日: 2012/10/17
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
誘導URLがこんな感じ。
http://www.relief-for-anxiety.com/wp-content/themes/twentyeleven/iprprocsd.html http://jaybeee.name/wp-content/plugins/wassup/iprprocsd.html http://www.indianbusybees.com/blog/wp-content/plugins/akismet/iprprocsd.html http://qjin-ueno.huuzoku.net/blog/wp-content/plugins/twitter-goodies/iprprocsd.html
このファイルの中身のリダイレクトの手法が変更されています。
navisiteseparation.net has address 141.8.224.162 CH, Switzerland
日本のサイトもちらほら改竄。
domain | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
paulgravelle.com | 74.117.220.29 | ns29.dnchosting.com. | 4935 | DIRECTNIC-ANYCAST1-EASTCOAST_-_DirectNIC_Ltd. | CaymanIslands |
affairsoftheheart.rocus.org | 209.51.180.253 | brown.mayfirst.org. | 6939 | HURRICANE_-_Hurricane_Electric_Inc. | UnitedStates |
www.folhaacademica.com.br | 200.98.197.93 | whl0046.whservidor.com. | 7162 | Itanet_-_Itamarati_On-Line_Ltda. | Brazil |
www.indianbusybees.com | 216.151.164.65 | shared-hosting.njtech.com. | 7393 | CYBERCON_-_CYBERCON_INC. | Canada |
log.panicc.jp | 157.7.144.5 | www.gmoserver.jp. | 7506 | INTERQ_GMO_InternetInc | Japan |
material212.com | 210.172.144.156 | lb09.virt.lolipop.jp. | 7506 | INTERQ_GMO_InternetInc | Japan |
sakuragate.jp | 210.172.144.24 | lb05.virt.lolipop.jp. | 7506 | INTERQ_GMO_InternetInc | Japan |
evangordonphotography.com | 74.208.57.32 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
www.eyslerimaging.com | 74.208.237.69 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
www.lokigaming.com | 74.208.81.200 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
www.softchecker.net | 62.75.166.32 | 32-166-75-62.ip.sr-itsysteme.de. | 8972 | PLUSSERVER-AS_intergenia_AG | Germany |
css.webtm.ru | 92.53.96.240 | leonov.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
qjin-ueno.huuzoku.net | 219.94.155.239 | www449b.sakura.ne.jp. | 9371 | SAKURA-C_SAKURA_Internet_Inc. | Japan |
www.ilgiracose.it | 217.64.195.216 | w-07.th.seeweb.it. | 12637 | SEEWEB_Seeweb_s.r.l. | Italy |
www.letiziaragni.it | 217.64.195.223 | w-03.th.seeweb.it. | 12637 | SEEWEB_Seeweb_s.r.l. | Italy |
www.eatbok.com | 69.49.96.33 | hostingc6-18.megawebservers.com. | 14116 | INFB-AS_-_InternetNamesForBusiness.com | UnitedStates |
blueskier.com | 208.38.188.80 | ganymede.cleverdot.com. | 16724 | ESC-TPA-CW-AP_-_E_Solutions_Corporation | UnitedStates |
vestberries.com | 64.92.120.35 | paidvm5.limedomains.com. | 18779 | EGIHOSTING_-_EGIHosting | UnitedStates |
user3.inet.vn | 202.92.4.27 | NONE | 24177 | INET-AS-AP_iNET_Media_Company_Ltd | Vietnam |
blogs.flashfingaz.de | 188.40.130.227 | users.flashfingaz.de. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
www.ovadis.at | 95.143.172.53 | scorpius.uberspace.de. | 25560 | RHTEC-AS_rh-tec_IP_Backbone | Germany |
mattgonzales.net | 208.76.80.13 | endor.tchmachines.com. | 25767 | WAVEFORM_-_Waveform_Technology_LLC | UnitedStates |
www.tommylin.com | 69.163.137.48 | apache2-rank.kings.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
www.tamparooferreviews.com | 72.167.131.154 | p3slh194.shr.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
wohnungen-und-frankfurt.de | 77.236.97.53 | webbox1193.server-home.net. | 29339 | MBBG-AS_Markus_Bach_Betriebs_Gesellschaft_mbH | Germany |
music4assemblies.com | 66.96.147.119 | 119.147.96.66.static.eigbox.net. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates |
www.wordtour.com | 65.254.248.197 | 65-254-248-197.yourhostingaccount.com. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates |
womenfitnesssite.com | 8.29.140.63 | 8-29-140-63.bhsrv.net. | 30152 | BEYOND-HOSTING_-_Beyond_Hosting_LLC | UnitedStates |
www.rugbyseacadets.com | 217.115.119.85 | cpanel33.fastsecurehost.com. | 30900 | WEBWORLD-AS_Web_World_Ireland | Ireland |
www.reisfa.eti.br | 85.13.236.90 | host.data.srv.br. | 31708 | COREIX-UK-AS_Coreix_Limited | UnitedKingdom |
jashn.amruts.com | 74.91.216.2 | 2.webhosting.ecommerce.com. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
vijayainfotech.com | 98.130.128.2 | rev.opentransfer.com.2.128.130.98.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
blog.asiatraveladvisor.com | 184.171.250.19 | 184-171-250-19.static.dimenoc.com. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
www.relief-for-anxiety.com | 198.31.50.68 | host44.my-ehost.com. | 33724 | BIZNESSHOSTING_-_VOLICO | UnitedStates |
www.smallclaimadvisor.com | 68.180.151.96 | p2p-i.geo.vip.sp1.yahoo.com. | 36752 | YAHOO-SP1_-_Yahoo | UnitedStates |
jaybeee.name | 93.158.114.176 | s-5d9e72b0.fiveslots.net. | 39369 | PORT80_Phonera_Networks_AB | Sweden |
www.renataoosterveen.nl | 94.124.93.142 | keurigonline30.nl. | 39704 | CJ2-AS_CJ2_Hosting&Development | Netherlands |
www.aenton.se | 195.74.38.93 | cl-09.atm.binero.net. | 41528 | ALEBORG-AS_Binero_AB | Sweden |
www.xn--bttvtten-3zag.se | 195.74.38.18 | lb-lsp02.atm.binero.net. | 41528 | ALEBORG-AS_Binero_AB | Sweden |
www.39moto.ru | 77.222.40.78 | hydra.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
www.39moto.ru | 77.222.40.78 | hydra.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
www.folkcure.ru | 77.222.56.31 | stockholm.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
inthesandtrap.com | 74.220.207.158 | host158.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
odessa.illion-ua.com | 74.220.215.80 | host280.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
piccollection.net | 173.254.28.83 | just83.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
takeyourcameraforawalk.org | 69.89.31.164 | box364.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.carapearlman.com | 66.147.244.166 | box666.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.chengdongjian.com | 173.254.28.80 | just80.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.qmo-a.com | 69.89.31.99 | box299.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.sbvespa.com | 66.147.244.193 | box693.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
salonhoshanne.dk | 193.202.110.183 | srv183.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands |
by jyake