viaqira professiionnal
Published: 2013/04/02
文中のURLはこのような感じ。
http://www.linux-hosting.net/backup-12.htm http://www.primedrivers.org/backup-12.htm http://www.tedxcoimbra.com/backup-12.htm
このメールもいつものexplotkit絡みのリダイレクト手法ですが、
行く先はマルウェア感染させられるサイトではなく、いつもの薬屋さん。
doctorpuffs.ru
doctorpuffs.ru has address 91.240.165.35
inetnum: 91.240.165.0 - 91.240.165.255 netname: Aiming-Invest-sro-net descr: Aiming Invest s.r.o. country: CZ org: ORG-AIs22-RIPE admin-c: DJ1955-RIPE tech-c: DJ1955-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: PI-AS-MNT mnt-routes: Fajncom-mnt remarks: FOR ABUSE noc@aiminginvest.com source: RIPE # Filtered
入り口のリダイレクタは同じ仕組みで作られてても、マルウェア感染に向かうものと
広告誘導に利用するものに分岐します。
host | IP | 逆引き | AS | AS Name | Country | |
---|---|---|---|---|---|---|
medreg2.gamesinedu.com | 62.141.71.139 | NONE | 3216 | SOVAM-AS_OJSC__Vimpelcom_ | RussianFederation | |
wiki.dungeon-defenders.ru | 188.65.208.52 | vh15.radiushost.ru. | 6719 | KNOPP-AS_Limited_Liability_Company_KNOPP | RussianFederation | |
leneno-maslo.com | 91.196.124.63 | host124-63.superhosting.bg. | 8262 | LIREXNET-AS_Lirex_net_EOOD | Bulgaria | |
client.twideonline.ru | 81.177.139.151 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
forum.online-rp.ru | 81.177.141.72 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
karyzir.myjino.ru | 81.177.140.155 | srv92-h-st.jino.ru. | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
necroz-project.ru | 81.177.140.155 | srv92-h-st.jino.ru. | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
online-rp.ru | 81.177.141.72 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
sherlockholmes.myjino.ru | 81.177.141.122 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
true-cinema.ru | 81.177.6.72 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation | |
www.charmdiamondcentres.com | 74.208.193.142 | NONE | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates | |
media-summer.ru | 92.53.125.30 | hesse.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation | |
soft-cc.ru | 92.53.113.52 | galileo.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation | |
www.ahnart.com | 121.78.148.173 | www3.coreworks.co.kr. | 9286 | LGH-AS-KR_LGHitachi | Korea | Republic |
www.3drawings.com | 211.49.162.13 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.juingong.org | 218.54.30.229 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.mtoon.com | 210.205.6.167 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.paeksang.org | 116.127.123.45 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.whyuhak.com | 218.236.90.128 | NONE | 9318 | HANARO-AS_Hanaro_Telecom_Inc. | Korea | Republic |
www.mightypartners.co.kr | 66.232.138.22 | lsh806.siteprotect.co.kr. | 9848 | GNGAS_Enterprise_Networks | Korea | Republic |
freelanceforum-bg.com | 193.107.36.110 | server20.host.bg. | 13147 | NETINFO_NetInfo_Ltd. | Bulgaria | |
www.primedrivers.org | 64.34.196.52 | server1.islandpond.com. | 13768 | PEER1_-_Peer_1_Network_Inc. | UnitedStates | |
mybouwgroothandel.nl | 31.186.169.51 | www21.totaalholding.nl. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands | |
vip.webmasterok.net | 46.165.233.6 | hosted-by.leaseweb.com. | 16265 | LEASEWEB_LeaseWeb_B.V. | Germany | |
elpoble.tv | 87.98.231.17 | cluster006.ovh.net. | 16276 | OVH_OVH_Systems | Spain | |
www.worldinvestmentconferences.com | 50.57.174.160 | 50-57-174-160.static.cloud-ips.com. | 19994 | RACKSPACE_-_Rackspace_Hosting | UnitedStates | |
drova74.ru | 217.174.103.221 | mh21.multihost.ru. | 20655 | E-STYLEISP-AS_e-Style_ISP_LLC | RussianFederation | |
investor74.ru | 217.174.103.221 | mh21.multihost.ru. | 20655 | E-STYLEISP-AS_e-Style_ISP_LLC | RussianFederation | |
ipadtime.ru | 217.174.103.221 | mh21.multihost.ru. | 20655 | E-STYLEISP-AS_e-Style_ISP_LLC | RussianFederation | |
kitchen-world.ru | 217.174.103.221 | mh21.multihost.ru. | 20655 | E-STYLEISP-AS_e-Style_ISP_LLC | RussianFederation | |
mustang74.ru | 217.174.103.221 | mh21.multihost.ru. | 20655 | E-STYLEISP-AS_e-Style_ISP_LLC | RussianFederation | |
bidlo.lv | 83.241.93.196 | mpe-93-196.mpe.lv. | 20662 | MP-ELEKTRONIKA-AS_SIA__MP_ELEKTRONIKA_ | Latvia | |
www.rigel.com.ua | 193.169.188.222 | 193.169.188.222.hostpro.com.ua. | 21219 | DATAGROUP_PRIVATE_JOINT_STOCK_COMPANY__DATAGROUP_ | Ukraine | |
www.tuneotienda.com | 66.197.135.81 | 66-197-135-81.static.hostnoc.net. | 21788 | NOC_-_Network_Operations_Center_Inc. | UnitedStates | |
www.linux-hosting.net | 174.121.236.245 | f5.ec.79ae.static.theplanet.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates | |
www.tedxcoimbra.com | 109.71.43.127 | sisup.com. | 24768 | ALMOUROLTEC_ALMOUROLTEC_SERVICOS_DE_INFORMATICA_E_INTERNET_LDA | Portugal | |
gilberthomesforsale.info | 68.178.254.205 | p3slh054.shr.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates | |
www.lesliegreenart.com | 50.63.211.1 | p3nlhg322c1322.shr.prod.phx3.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates | |
fantas-rp.ru | 62.173.141.100 | 100.141.173.62.IN-ADDR.ARPA.icosmos.ru. | 34300 | SPACENET-AS_JSC_Internet-Cosmos | RussianFederation | |
music.games-teams.ru | 62.173.141.254 | 254.141.173.62.IN-ADDR.ARPA.icosmos.ru. | 34300 | SPACENET-AS_JSC_Internet-Cosmos | RussianFederation | |
avant-auto.com | 31.31.196.44 | scp8.hosting.reg.ru. | 39792 | ANDERS-AS_Anders_Telecom_Ltd. | RussianFederation | |
b-tronix.ru | 31.31.196.44 | scp8.hosting.reg.ru. | 39792 | ANDERS-AS_Anders_Telecom_Ltd. | RussianFederation | |
cyber-league.eu | 31.31.196.44 | scp8.hosting.reg.ru. | 39792 | ANDERS-AS_Anders_Telecom_Ltd. | RussianFederation | |
musa-nohcho.ru | 77.234.200.220 | serv23-220.hostland.ru. | 42289 | VTC-ITMO-AS_Saint-Petersburg_State_University_of_Information_Technologies_Mechanics_and_Optics | RussianFederation | |
alreader.kms.ru | 77.222.56.59 | taipei.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation | |
www.lj10.com.tw | 67.20.76.115 | host415.hostmonster.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates | |
www.zonfitness.com | 173.254.28.47 | just47.justhost.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates | |
dmarshrut.ru | 109.70.26.36 | expirepages-kiae-1.nic.ru. | 48287 | RU-SERVICE-AS_RU-SERVICE_Ltd | RussianFederation | |
dmarshrut.ru | 194.85.61.78 | expirepages-kiae-2.nic.ru. | 48287 | RU-SERVICE-AS_RU-SERVICE_Ltd | RussianFederation | |
www.expprint.ru | 94.247.58.116 | www-2.maglan.ru. | 48441 | MAGLAN-AS_Society_with_limited_liability_MagLAN | RussianFederation | |
opa.ru | 185.12.95.44 | btmir.ru. | 49189 | RUWEB_Closed_Joint_Stock_Company__RuWeb_ | RussianFederation | |
medisite.pl | 193.189.117.50 | 193.189.117.50.host.e-ring.pl. | 49792 | IONIC-PL-AS_PAWEL_JOZEF_NAJDEK | Poland | |
pytajnikowo.pl | 193.189.117.50 | 193.189.117.50.host.e-ring.pl. | 49792 | IONIC-PL-AS_PAWEL_JOZEF_NAJDEK | Poland | |
swiat-feromonow.pl | 193.189.117.50 | 193.189.117.50.host.e-ring.pl. | 49792 | IONIC-PL-AS_PAWEL_JOZEF_NAJDEK | Poland | |
globaltec.com.ua | 192.102.6.248 | best.seo-host.ru. | 57682 | HVDS-AS_TOV_HOST_VDS | Ukraine | |
asteriya.u2m.ru | 193.107.17.103 | NONE | 58001 | IDEALSOLUTION-AS_Ideal_Solution_Ltd | RussianFederation | |
top-mechanics.w2c.ru | 193.107.16.165 | vps1166.2x4.ru. | 58001 | IDEALSOLUTION-AS_Ideal_Solution_Ltd | RussianFederation | |
bgblog.info | 195.189.82.66 | web.jumphosting02.com. | 197216 | DELTA-BG-AS_Delta_Softmedia_Ltd. | Bulgaria |
by jyake