クライアントのサイトがハッキングを受けたので少々調べていたら以下の見覚えがある、聞き覚えがある例の怪しいサイトに出会えてしまいました!今回は前回と違いバージョンアップ?ダウン?しているようにフィッシングサイトの画面も新しくなっていたりでいろいろと楽しませてくれます。
scamfraudalert.org ⇒ bidr.trellian.com ⇒ gurusstrongpg.infoと勝手にページが変わり、最終的にいつものポップアップと日本語頑張ってるな~っていう東南アジア系の女性の発音でWindowsがやばいよ~、セキュリティーがどうのこうのって言ってきます。
例のごとく、ESCキーとタブをバツ印クリックで消すことができますが、今回はポップアップをいくら消してもそれを二度と表示させないようなブラウザー標準の機能がなくなっていることからフィッシングサイト自体見た目だけではなく中身もバージョンアップしてきたみたいです。
目次
今回のフィッシングサイトその1
scamfraudalert.orgにアクセスすると勝手にbidr.trellian.com ⇒ gurusstrongpg.infoページが変わって以下のような画面と東南アジアのお姉ちゃんの声が聞こえるけどやめとこうね。
今回はこの電話番号みたいだ「03-4578-9419」。
電話しちゃだめだよ!
でも、面白そうだからだれかロケットニュース24の人が電話でもしてくれてアップしてくれると面白いんだけど!
scamfraudalert.orgの補足
Domain Name: SCAMFRAUDALERT.ORG Registry Domain ID: D402200000001715160-LROR Registrar WHOIS Server: Registrar URL: www.sitename.com Updated Date: 2017-05-04T03:46:53Z Creation Date: 2017-03-04T14:30:24Z Registry Expiry Date: 2018-03-04T14:30:24Z Registrar Registration Expiration Date: Registrar: SiteName Ltd. Registrar IANA ID: 437 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: C136922651-LROR Registrant Name: Domain Manager Registrant Organization: samirnet -domain names for sale Registrant Street: Flat No. 48 Cunningham Apts Edward Road Registrant City: Bangalore Registrant State/Province: Registrant Postal Code: 560052 Registrant Country: IN Registrant Phone: +91.802260640 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: samirnet2@gmail.com Registry Admin ID: C136922651-LROR Admin Name: Domain Manager Admin Organization: samirnet -domain names for sale Admin Street: Flat No. 48 Cunningham Apts Edward Road Admin City: Bangalore Admin State/Province: Admin Postal Code: 560052 Admin Country: IN Admin Phone: +91.802260640 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: samirnet2@gmail.com Registry Tech ID: C136922651-LROR Tech Name: Domain Manager Tech Organization: samirnet -domain names for sale Tech Street: Flat No. 48 Cunningham Apts Edward Road Tech City: Bangalore Tech State/Province: Tech Postal Code: 560052 Tech Country: IN Tech Phone: +91.802260640 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: samirnet2@gmail.com Name Server: NS15.ABOVE.COM Name Server: NS16.ABOVE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2017-05-10T00:02:36Z <<<
bidr.trellian.comの補足
Domain Name: TRELLIAN.COM Registry Domain ID: 1227937_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.above.com Registrar URL: http://www.above.com Updated Date: 2010-01-21 17:05:04.12417+11 Creation Date: 1998-05-06 04:00:00+10 Registrar Registration Expiration Date: 2019-05-05 04:00:00+10 Registrar: ABOVE.COM PTY LTD. Registrar IANA ID: 940 Registrar Abuse Contact Email: XXXXX@above.com Registrar Abuse Contact Phone: +61.390164107 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Registry Registrant ID: 3239 Registrant Name: Trellian Pty Ltd Registrant Organization: Registrant Street: 6 - 8 East Councourse Registrant City: Melbourne Registrant State/Province: Victoria Registrant Postal Code: 3193 Registrant Country: AU Registrant Phone: 61.395897946 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: hostmaster@trellian.com Registry Admin ID: 3239 Admin Name: Trellian Pty Ltd Admin Organization: Admin Street: 6 - 8 East Councourse Admin City: Melbourne Admin State/Province: Victoria Admin Postal Code: 3193 Admin Country: AU Admin Phone: 61.395897946 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: hostmaster@trellian.com Registry Tech ID: 3239 Tech Name: Trellian Pty Ltd Tech Organization: Tech Street: 6 - 8 East Councourse Tech City: Melbourne Tech State/Province: Victoria Tech Postal Code: 3193 Tech Country: AU Tech Phone: 61.395897946 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: hostmaster@trellian.com Name Server: ns1.trellian.com Name Server: ns2.trellian.com
gurusstrongpg.infoの補足
Domain Name: GURUSSTRONGPG.INFO Registry Domain ID: D503300000039206869-LRMS Registrar WHOIS Server: whois.namecheap.com Registrar URL: www.namecheap.com Updated Date: 2017-05-08T21:10:29Z Creation Date: 2017-05-02T19:47:33Z Registry Expiry Date: 2018-05-02T19:47:33Z Registrar Registration Expiration Date: Registrar: NameCheap, Inc Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Reseller: Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Registry Registrant ID: C202084083-LRMS Registrant Name: WhoisGuard Protected Registrant Organization: WhoisGuard, Inc. Registrant Street: P.O. Box 0823-03411 Registrant City: Panama Registrant State/Province: Panama Registrant Postal Code: Registrant Country: PA Registrant Phone: +507.8365503 Registrant Phone Ext: Registrant Fax: +51.17057182 Registrant Fax Ext: Registrant Email: bd647a6b0ef74ceda35cadfa6ace3f3d.protect@whoisguard.com Registry Admin ID: C202084080-LRMS Admin Name: WhoisGuard Protected Admin Organization: WhoisGuard, Inc. Admin Street: P.O. Box 0823-03411 Admin City: Panama Admin State/Province: Panama Admin Postal Code: Admin Country: PA Admin Phone: +507.8365503 Admin Phone Ext: Admin Fax: +51.17057182 Admin Fax Ext: Admin Email: bd647a6b0ef74ceda35cadfa6ace3f3d.protect@whoisguard.com Registry Tech ID: C202084082-LRMS Tech Name: WhoisGuard Protected Tech Organization: WhoisGuard, Inc. Tech Street: P.O. Box 0823-03411 Tech City: Panama Tech State/Province: Panama Tech Postal Code: Tech Country: PA Tech Phone: +507.8365503 Tech Phone Ext: Tech Fax: +51.17057182 Tech Fax Ext: Tech Email: bd647a6b0ef74ceda35cadfa6ace3f3d.protect@whoisguard.com Registry Billing ID: C202084081-LRMS Billing Name: WhoisGuard Protected Billing Organization: WhoisGuard, Inc. Billing Street: P.O. Box 0823-03411 Billing City: Panama Billing State/Province: Panama Billing Postal Code: Billing Country: PA Billing Phone: +507.8365503 Billing Phone Ext: Billing Fax: +51.17057182 Billing Fax Ext: Billing Email: bd647a6b0ef74ceda35cadfa6ace3f3d.protect@whoisguard.com Name Server: NS-120.AWSDNS-15.COM Name Server: NS-615.AWSDNS-12.NET Name Server: NS-1226.AWSDNS-25.ORG Name Server: NS-1884.AWSDNS-43.CO.UK DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2017-05-10T00:26:28Z <<<
面白いことにフィッシングサイトは全てamazon AWSを使っていますね。
今回のフィッシングサイトその2
こちらのは最終的にhttp://microsoft.japan.windows-driver-42717.win/をいうサイトに転送されていくんだけど、結局はいつもと同じ事。数日たてば消える運命のサイトでしょうね。
windows-driver-42717.winの補足
Domain Name: windows-driver-42717.win Domain ID: D2B7529D75A4141868D601CC6C8BA9D64-NSR WHOIS Server: whois.namecheap.com Referral URL: http://www.namecheap.com Updated Date: 2017-05-03T16:44:27Z Creation Date: 2017-04-28T16:44:25Z Registry Expiry Date: 2018-04-28T16:44:25Z Sponsoring Registrar: NameCheap, Inc. Sponsoring Registrar IANA ID: 1068 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registrant ID: C7C748031631944AB80C70B3F87DD16B4-NSR Registrant Name: WhoisGuard Protected Registrant Organization: WhoisGuard, Inc. Registrant Street: P.O. Box 0823-03411 Registrant Street: Registrant Street: Registrant City: Panama Registrant State/Province: Panama Registrant Postal Code: Registrant Country: PA Registrant Phone: +507.8365503 Registrant Phone Ext: Registrant Fax: +51.17057182 Registrant Fax Ext: Registrant Email: 653295fa07884514bcba3390667564c8.protect@whoisguard.com Admin ID: C5F01E36D2E284B3DBEF9918F6A465202-NSR Admin Name: WhoisGuard Protected Admin Organization: WhoisGuard, Inc. Admin Street: P.O. Box 0823-03411 Admin Street: Admin Street: Admin City: Panama Admin State/Province: Panama Admin Postal Code: Admin Country: PA Admin Phone: +507.8365503 Admin Phone Ext: Admin Fax: +51.17057182 Admin Fax Ext: Admin Email: 653295fa07884514bcba3390667564c8.protect@whoisguard.com Tech ID: C852453E7FBF4436B9C5AFAE0F9BC5DA8-NSR Tech Name: WhoisGuard Protected Tech Organization: WhoisGuard, Inc. Tech Street: P.O. Box 0823-03411 Tech Street: Tech Street: Tech City: Panama Tech State/Province: Panama Tech Postal Code: Tech Country: PA Tech Phone: +507.8365503 Tech Phone Ext: Tech Fax: +51.17057182 Tech Fax Ext: Tech Email: 653295fa07884514bcba3390667564c8.protect@whoisguard.com Name Server: scott.ns.cloudflare.com Name Server: jean.ns.cloudflare.com DNSSEC: unsigned >>> Last update of WHOIS database: 2017-05-10T00:30:51Z <<<
くれぐれも電話とかサイトのアホなメッセージに引っかからないように!
コメント