cNotes 検索 一覧 カテゴリ

viaqira professiionnal

Published: 2013/04/02

文中のURLはこのような感じ。

 http://www.linux-hosting.net/backup-12.htm 
 http://www.primedrivers.org/backup-12.htm 
 http://www.tedxcoimbra.com/backup-12.htm 

このメールもいつものexplotkit絡みのリダイレクト手法ですが、

行く先はマルウェア感染させられるサイトではなく、いつもの薬屋さん。

 doctorpuffs.ru
 doctorpuffs.ru has address 91.240.165.35
 inetnum:        91.240.165.0 - 91.240.165.255
 netname:        Aiming-Invest-sro-net
 descr:          Aiming Invest s.r.o.
 country:        CZ
 org:            ORG-AIs22-RIPE
 admin-c:        DJ1955-RIPE
 tech-c:         DJ1955-RIPE
 status:         ASSIGNED PI
 mnt-by:         RIPE-NCC-END-MNT
 mnt-lower:      RIPE-NCC-END-MNT
 mnt-by:         PI-AS-MNT
 mnt-routes:     Fajncom-mnt 
 remarks:        FOR ABUSE noc@aiminginvest.com
 source:         RIPE # Filtered

入り口のリダイレクタは同じ仕組みで作られてても、マルウェア感染に向かうものと

広告誘導に利用するものに分岐します。


hostIP逆引きASAS NameCountry
medreg2.gamesinedu.com62.141.71.139NONE3216SOVAM-AS_OJSC__Vimpelcom_RussianFederation
wiki.dungeon-defenders.ru188.65.208.52vh15.radiushost.ru.6719KNOPP-AS_Limited_Liability_Company_KNOPPRussianFederation
leneno-maslo.com91.196.124.63host124-63.superhosting.bg.8262LIREXNET-AS_Lirex_net_EOODBulgaria
client.twideonline.ru81.177.139.151NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
forum.online-rp.ru81.177.141.72NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
karyzir.myjino.ru81.177.140.155srv92-h-st.jino.ru.8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
necroz-project.ru81.177.140.155srv92-h-st.jino.ru.8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
online-rp.ru81.177.141.72NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
sherlockholmes.myjino.ru81.177.141.122NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
true-cinema.ru81.177.6.72NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
www.charmdiamondcentres.com74.208.193.142NONE8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
media-summer.ru92.53.125.30hesse.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
soft-cc.ru92.53.113.52galileo.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
www.ahnart.com121.78.148.173www3.coreworks.co.kr.9286LGH-AS-KR_LGHitachiKoreaRepublic
www.3drawings.com211.49.162.13NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.juingong.org218.54.30.229NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.mtoon.com210.205.6.167NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.paeksang.org116.127.123.45NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.whyuhak.com218.236.90.128NONE9318HANARO-AS_Hanaro_Telecom_Inc.KoreaRepublic
www.mightypartners.co.kr66.232.138.22lsh806.siteprotect.co.kr.9848GNGAS_Enterprise_NetworksKoreaRepublic
freelanceforum-bg.com193.107.36.110server20.host.bg.13147NETINFO_NetInfo_Ltd.Bulgaria
www.primedrivers.org64.34.196.52server1.islandpond.com.13768PEER1_-_Peer_1_Network_Inc.UnitedStates
mybouwgroothandel.nl31.186.169.51www21.totaalholding.nl.16265LEASEWEB_LeaseWeb_B.V.Netherlands
vip.webmasterok.net46.165.233.6hosted-by.leaseweb.com.16265LEASEWEB_LeaseWeb_B.V.Germany
elpoble.tv87.98.231.17cluster006.ovh.net.16276OVH_OVH_SystemsSpain
www.worldinvestmentconferences.com50.57.174.16050-57-174-160.static.cloud-ips.com.19994RACKSPACE_-_Rackspace_HostingUnitedStates
drova74.ru217.174.103.221mh21.multihost.ru.20655E-STYLEISP-AS_e-Style_ISP_LLCRussianFederation
investor74.ru217.174.103.221mh21.multihost.ru.20655E-STYLEISP-AS_e-Style_ISP_LLCRussianFederation
ipadtime.ru217.174.103.221mh21.multihost.ru.20655E-STYLEISP-AS_e-Style_ISP_LLCRussianFederation
kitchen-world.ru217.174.103.221mh21.multihost.ru.20655E-STYLEISP-AS_e-Style_ISP_LLCRussianFederation
mustang74.ru217.174.103.221mh21.multihost.ru.20655E-STYLEISP-AS_e-Style_ISP_LLCRussianFederation
bidlo.lv83.241.93.196mpe-93-196.mpe.lv.20662MP-ELEKTRONIKA-AS_SIA__MP_ELEKTRONIKA_Latvia
www.rigel.com.ua193.169.188.222193.169.188.222.hostpro.com.ua.21219DATAGROUP_PRIVATE_JOINT_STOCK_COMPANY__DATAGROUP_Ukraine
www.tuneotienda.com66.197.135.8166-197-135-81.static.hostnoc.net.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
www.linux-hosting.net174.121.236.245f5.ec.79ae.static.theplanet.com.21844THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.UnitedStates
www.tedxcoimbra.com109.71.43.127sisup.com.24768ALMOUROLTEC_ALMOUROLTEC_SERVICOS_DE_INFORMATICA_E_INTERNET_LDAPortugal
gilberthomesforsale.info68.178.254.205p3slh054.shr.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
www.lesliegreenart.com50.63.211.1p3nlhg322c1322.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
fantas-rp.ru62.173.141.100100.141.173.62.IN-ADDR.ARPA.icosmos.ru.34300SPACENET-AS_JSC_Internet-CosmosRussianFederation
music.games-teams.ru62.173.141.254254.141.173.62.IN-ADDR.ARPA.icosmos.ru.34300SPACENET-AS_JSC_Internet-CosmosRussianFederation
avant-auto.com31.31.196.44scp8.hosting.reg.ru.39792ANDERS-AS_Anders_Telecom_Ltd.RussianFederation
b-tronix.ru31.31.196.44scp8.hosting.reg.ru.39792ANDERS-AS_Anders_Telecom_Ltd.RussianFederation
cyber-league.eu31.31.196.44scp8.hosting.reg.ru.39792ANDERS-AS_Anders_Telecom_Ltd.RussianFederation
musa-nohcho.ru77.234.200.220serv23-220.hostland.ru.42289VTC-ITMO-AS_Saint-Petersburg_State_University_of_Information_Technologies_Mechanics_and_OpticsRussianFederation
alreader.kms.ru77.222.56.59taipei.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
www.lj10.com.tw67.20.76.115host415.hostmonster.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
www.zonfitness.com173.254.28.47just47.justhost.com.46606UNIFIEDLAYER-AS-1_-_Unified_LayerUnitedStates
dmarshrut.ru109.70.26.36expirepages-kiae-1.nic.ru.48287RU-SERVICE-AS_RU-SERVICE_LtdRussianFederation
dmarshrut.ru194.85.61.78expirepages-kiae-2.nic.ru.48287RU-SERVICE-AS_RU-SERVICE_LtdRussianFederation
www.expprint.ru94.247.58.116www-2.maglan.ru.48441MAGLAN-AS_Society_with_limited_liability_MagLANRussianFederation
opa.ru185.12.95.44btmir.ru.49189RUWEB_Closed_Joint_Stock_Company__RuWeb_RussianFederation
medisite.pl193.189.117.50193.189.117.50.host.e-ring.pl.49792IONIC-PL-AS_PAWEL_JOZEF_NAJDEKPoland
pytajnikowo.pl193.189.117.50193.189.117.50.host.e-ring.pl.49792IONIC-PL-AS_PAWEL_JOZEF_NAJDEKPoland
swiat-feromonow.pl193.189.117.50193.189.117.50.host.e-ring.pl.49792IONIC-PL-AS_PAWEL_JOZEF_NAJDEKPoland
globaltec.com.ua192.102.6.248best.seo-host.ru.57682HVDS-AS_TOV_HOST_VDSUkraine
asteriya.u2m.ru193.107.17.103NONE58001IDEALSOLUTION-AS_Ideal_Solution_LtdRussianFederation
top-mechanics.w2c.ru193.107.16.165vps1166.2x4.ru.58001IDEALSOLUTION-AS_Ideal_Solution_LtdRussianFederation
bgblog.info195.189.82.66web.jumphosting02.com.197216DELTA-BG-AS_Delta_Softmedia_Ltd.Bulgaria

[カテゴリ:spam観察日記]

by jyake