index2.html　- Bank of America etc...

久々にバンカメのフィッシングかと思いましたが、

• A New Year For Us - html添付スパム
• Reset your Twitter password 2
• FaceBook message: ~~~~~

等のバリエーションの一つでした。

文中のリンクはこれ。

 ｈttp：//sonda.co.kr／index2.html

アクセス先のhtml。

最初のURLはいつもの薬屋さん。

二番目のURLはいつもの8080。

誘導先がxxxxx/index2.htmlとなっている下記のメールも同じ目的。

 Subject: Your confirmation is needed　→　ｈttp://scp-project.ch／index2.html
 Subject: Reset your XXXXXXX password　→　ｈttp://equitativo.com.ar／index2.html
 Subject: Confirm your e-mail address →　ｈttp://equitativo.com.ar／index2.html
 Subject: Confirm your e-mail address for Windows Live ID　→　ｈttp://tokyapbims.com／index2.html
 Subject: Please confirm your email to　→　ｈttp://equitativo.com.ar／index2.html
 Subject: Please confirm your message　→　ｈttp://www.platestahl.com／index2.html
 Subject: Your Amazon.com Order (XXX-XXXXXXXXXXXXXXX)　→　ｈttp://dengebims.com／index2.html
 Subject: Your XXXXXXXX account information has changed　→　ｈttp://standhostesi.org／index2.html

 Domain Name               : sonda.co.kr
 Registrant                : aromaville
 Registrant Address        : 895 Dangha-dong Seo-gu Incheon Korea
 Registrant Zip Code       : 404310
 Administrative Contact(AC): son young kyu
 AC E-Mail                 : sky@jundo.com
 AC Phone Number           : 032-567-1597
 Registered Date           : 2003. 09. 15.
 Last updated Date         : 2003. 09. 15.
 Expiration Date           : 2011. 09. 15.
 Publishes                 : Y
 Authorized Agency         : Asadal, Inc.(http://www.asadal.co.kr) 

 sonda.co.kr has address 222.236.220.234
 
 IPv4 Address       : 222.236.192.0-222.236.255.255
 Network Name       : HANANET-INFRA
 Connect ISP Name   : broadNnet
 Connect Date       : 20050327
 Registration Date  : 20050329

   Domain Name: PULLKEEP.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.SERENESWEET.COM
   Name Server: NS2.SERENESWEET.COM
   Name Server: NS3.DOORMONTH.COM
   Name Server: NS4.DOORMONTH.COM
   Name Server: NS5.0SF.RU
   Name Server: NS6.0SF.RU
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Updated Date: 26-jun-2010
   Creation Date: 26-jun-2010
   Expiration Date: 26-jun-2011

 PULLKEEP.COM has address 121.61.118.101
 
 inetnum:      121.60.0.0 - 121.63.255.255
 netname:      CHINANET-HB
 descr:        CHINANET Hubei province network
 descr:        Data Communication Division
 descr:        China Telecom
 country:      CN

   Domain Name: COMPRESSYOURMORTGAGE.COM
   Registrar: GODADDY.COM, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS27.DOMAINCONTROL.COM
   Name Server: NS28.DOMAINCONTROL.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 25-nov-2009
   Creation Date: 24-nov-2007
   Expiration Date: 24-nov-2010
 
 ads.compressyourmortgage.com has address 89.200.171.216
 
 inetnum:        89.200.168.0 - 89.200.175.255
 netname:        ANTAGUS-NET
 descr:          1st Antagus Internet GmbH
 country:        DE

[カテゴリ:spam観察日記]

by jyake