Good day!
Most of the christian world is celebrating Christmas and also elsewhere, people are enjoying a short vacation before jumping into the Year 2009. As always at such seasons - it is also an opportunity for criminals who take advantage of the fact that CERTs, abuse desks, ISPs and many IT security related companies might be 'a bit' slow in response.
Beginning at 2008-12-25 18:46:07 a huge spam wave of phishing URLs targeting "JPMorgan Chase & Co" was observed. At time of writing we have collected no less than 11209 unique URLs like the following:
hxxp://chaseonline.chase.com.dlls-to.com/Secure/webform/OSL.aspx?LOB=
The domains used for this attack are:
dll-isapi.com
dlls-to.bz
dlls-to.com
dlls-to.mn
dlls-to.name
file-07i.com
file-id011.com
file-id017.com
file-p0174.eu
filestack-01.bz
filestack-01.com
filestack-01.co.in
filestack-01.name
filestack-01.net
filestack-01.org
idr-to7.cc
idr-to7.com
idr-to7.mobi
idr-to7.net
idr-to7.us
mode-d021.com
modedl-id01.com
userdl-isapi000071.com
userdl-isapi000071.org
userdl-isapi000073.org
userdl-isapi000075.org
These domains are resolving to 15 IPs at a time, three of them are changing each 30 minutes. Total IP pool consists of the following 265 addresses :
IP Address - Country
113.131.224.36 Korea, Republic Of 114.145.62.47 Japan 114.164.132.216 Japan
114.182.11.127 Japan
114.182.58.206 Japan
114.201.27.115 Korea, Republic Of
114.74.219.117 Australia
118.15.181.227 Japan
118.19.70.69 Japan
118.8.122.197 Japan
12.202.1.12 USA - New York
12.202.7.201 USA - New York
121.113.181.142 Japan
121.113.182.244 Japan
172.131.180.173 USA - Virginia
172.162.2.190 USA - Virginia
172.162.31.108 USA - Virginia
173.21.75.7 USA - New York
193.39.73.14 Romania
201.233.114.143 Colombia
203.128.184.164 Korea, Republic Of
203.128.184.36 Korea, Republic Of
209.127.20.20 USA - California
210.249.74.115 Japan
211.128.182.235 Japan
211.128.182.40 Japan
212.129.111.29 Russian Federation
212.152.45.193 Russian Federation
216.20.143.167 USA - West Virginia
218.238.4.111 Korea, Republic Of
218.44.41.132 Japan
219.110.78.126 Japan
219.126.121.249 Japan
219.126.123.144 Japan
220.109.1.62 Japan
220.109.147.167 Japan
220.148.160.212 Japan
220.148.162.250 Japan
220.148.163.182 Japan
220.221.18.140 Japan
222.150.156.30 Japan
24.136.176.91 USA - Georgia
24.136.214.30 USA - Georgia
24.148.132.49 USA - Georgia
24.197.136.101 USA - Missouri
24.197.136.96 USA - Missouri
24.31.140.216 USA - Virginia
24.34.244.95 USA - New Jersey
58.176.9.74 Hong Kong
58.190.43.53 Japan
58.89.120.228 Japan
59.28.212.203 Korea, Republic Of
60.43.10.44 Japan
62.143.26.211 Germany
62.31.243.71 United Kingdom
62.42.80.67 Spain
62.57.222.4 Spain
65.39.139.81 USA - New York
65.81.151.81 USA - Georgia
66.168.183.107 USA - Missouri
66.30.132.23 USA - New Jersey
67.135.130.48 USA - Colorado
67.172.60.164 USA - New Jersey
68.122.80.105 USA - California
68.179.138.95 USA - Indiana
68.255.5.42 USA - Illinois
68.40.193.72 USA - New Jersey
68.51.164.175 USA - New Jersey
68.60.29.213 USA - New Jersey
68.72.113.78 USA - Texas
68.72.114.224 USA - Texas
68.72.128.182 USA - Texas
68.72.131.62 USA - Texas
68.72.134.5 USA - Texas
68.72.142.212 USA - Texas
68.72.143.122 USA - Texas
69.14.236.16 USA - Illinois
69.148.198.52 USA - Texas
69.149.57.104 USA - Texas
69.149.59.247 USA - Texas
69.150.75.115 USA - Texas
69.152.229.233 USA - Texas
69.154.246.1 USA - Texas
69.155.130.228 USA - Texas
69.155.143.252 USA - Texas
69.84.99.133 USA - Florida
70.121.191.48 USA - Virginia
70.129.133.198 USA - Texas
70.133.4.18 USA - Texas
70.141.208.193 USA - Texas
70.235.120.122 USA - Texas
70.242.184.253 USA - Texas
70.242.185.195 USA - Texas
70.244.113.250 USA - Texas
70.248.179.225 USA - Texas
70.254.87.142 USA - Texas
71.113.148.4 USA - Virginia
71.113.158.101 USA - Virginia
71.113.195.107 USA - Virginia
71.113.203.160 USA - Virginia
71.137.224.162 USA - California
71.143.155.183 USA - Texas
71.205.98.16 USA - New Jersey
71.227.122.14 USA - New Jersey
71.230.155.12 USA - New Jersey
71.234.16.79 USA - New Jersey
71.62.75.72 USA - New Jersey
72.229.123.166 USA - Virginia
72.253.196.243 USA - Hawaii
74.65.132.241 USA - Virginia
75.19.121.53 USA - Texas
75.19.37.186 USA - Texas
75.250.122.98 USA - New Jersey
75.32.104.233 USA - Texas
75.32.185.47 USA - Texas
75.32.187.159 USA - Texas
75.32.187.225 USA - Texas
75.34.153.143 USA - Texas
75.45.176.164 USA - Texas
75.49.81.174 USA - Texas
75.58.247.185 USA - Texas
75.62.113.92 USA - Texas
75.63.170.53 USA - Texas
75.69.200.16 USA - New Jersey
75.74.26.103 USA - New Jersey
76.11.157.39 USA - Missouri
76.112.122.216 USA - New Jersey
76.119.221.197 USA - New Jersey
76.202.231.201 USA - Texas
76.203.25.6 USA - Texas
76.205.66.56 USA - Texas
76.205.88.196 USA - Texas
76.211.16.24 USA - Texas
76.226.133.78 USA - Texas
76.226.144.124 USA - Texas
76.226.171.21 USA - Texas
76.226.171.237 USA - Texas
76.226.188.247 USA - Texas
76.226.66.184 USA - Texas
76.226.82.168 USA - Texas
76.226.90.125 USA - Texas
76.232.224.223 USA - Texas
76.234.133.223 USA - Texas
76.234.138.225 USA - Texas
76.251.81.85 USA - Texas
76.251.83.139 USA - Texas
76.251.83.157 USA - Texas
76.251.83.217 USA - Texas
76.252.185.129 USA - Texas
76.252.189.68 USA - Texas
76.27.148.240 USA - New Jersey
77.100.42.202 United Kingdom
77.126.235.37 Israel
77.184.94.178 Germany
77.41.109.184 Russian Federation
78.42.185.106 Germany
78.42.187.15 Germany
78.53.112.224 Germany
78.53.115.107 Germany
78.53.115.246 Germany
78.96.169.60 Romania
79.117.198.30 Romania
79.117.204.71 Romania
79.117.86.21 Romania
79.118.233.104 Romania
79.118.233.133 Romania
79.118.233.184 Romania
79.118.233.60 Romania
79.118.234.13 Romania
79.118.234.32 Romania
79.142.170.18 Russian Federation
79.164.61.132 Russian Federation
79.165.223.91 Russian Federation
80.2.63.234 United Kingdom
81.101.230.224 United Kingdom
81.110.166.60 United Kingdom
81.141.211.13 United Kingdom
81.203.80.40 Spain
81.203.89.45 Spain
81.96.34.100 United Kingdom
82.10.227.196 United Kingdom
82.11.47.220 United Kingdom
82.13.107.180 United Kingdom
82.13.84.146 United Kingdom
82.17.75.240 United Kingdom
82.18.60.242 United Kingdom
82.20.249.167 United Kingdom
82.200.227.62 Kazakhstan
82.21.223.160 United Kingdom
82.21.226.51 United Kingdom
82.3.206.34 United Kingdom
82.33.53.67 United Kingdom
82.38.35.93 United Kingdom
82.39.65.27 United Kingdom
82.40.118.13 United Kingdom
82.40.149.96 United Kingdom
82.40.240.90 United Kingdom
82.44.225.124 United Kingdom
82.44.37.132 United Kingdom
83.23.123.137 Poland
83.254.19.246 Sweden
84.121.118.24 Spain
84.126.24.81 Spain
84.126.31.131 Spain
84.56.103.15 Germany
84.56.119.24 Germany
84.56.80.19 Germany
85.216.125.210 Germany
85.216.125.43 Germany
86.0.209.6 United Kingdom
86.122.146.169 Romania
86.15.140.68 United Kingdom
86.15.143.160 United Kingdom
86.175.176.93 United Kingdom
86.5.237.166 United Kingdom
86.9.137.35 United Kingdom
87.179.204.12 Germany
87.179.226.80 Germany
87.224.233.52 Russian Federation
87.69.167.156 Israel
87.70.245.150 Israel
88.18.129.105 Spain
89.102.187.44 Czech Republic
89.103.102.100 Czech Republic
89.137.210.212 Romania
89.138.52.188 Israel
89.208.65.230 Russian Federation
89.223.26.229 Russian Federation
89.247.98.176 Germany
89.41.182.181 Romania
91.108.67.46 United Kingdom
91.123.159.112 Ukraine
91.89.164.106 Germany
91.89.200.120 Germany
91.89.200.255 Germany
92.101.10.72 Russian Federation
92.11.226.17 United Kingdom
92.114.74.6 Romania
92.192.100.173 Germany
92.233.26.189 United Kingdom
92.235.49.58 United Kingdom
92.252.242.145 Russian Federation
92.61.238.186 Israel
93.188.86.159 Russian Federation
93.80.109.149 Russian Federation
93.80.168.176 Russian Federation
93.80.170.189 Russian Federation
93.80.99.222 Russian Federation
94.52.26.211 Romania
95.24.154.126 Russian Federation
95.24.201.91 Russian Federation
95.24.240.124 Russian Federation
95.24.32.170 Russian Federation
97.82.50.128 USA - Missouri
98.141.74.204 USA - Virginia
98.174.198.85 USA - Georgia
98.217.125.105 USA - New Jersey
98.218.21.87 USA - New Jersey
98.222.245.254 USA - New Jersey
99.131.50.175 USA - Texas
99.140.243.14 USA - Texas
99.141.1.149 USA - Texas
99.145.85.134 USA - Texas
99.151.125.173 USA - Texas
99.228.208.25 Canada
If any of those IPs is yours, you might want to check your machine for problems.
__________________________________
A quick timetable of abused IPs (Japan):
114.145.62.47
Tue Dec 30 10:36:19 - Tue Dec 30 14:37:17
114.164.132.216
Sat Dec 27 04:21:15 - Sat Dec 27 05:21:22
Sat Dec 27 05:51:24 - Sat Dec 27 06:21:26
Sat Dec 27 12:32:36 - Sat Dec 27 13:33:06
114.182.11.127
Sun Dec 28 13:46:28 - Sun Dec 28 20:57:32
114.182.58.206
Fri Dec 26 18:49:16 - Fri Dec 26 19:19:19
Fri Dec 26 20:19:30 - Fri Dec 26 21:49:53
118.15.181.227
Fri Dec 26 14:04:48 - Fri Dec 26 14:48:22
118.19.70.69
Sat Dec 27 18:53:39 - Sun Dec 28 00:24:18
118.8.122.197
Sun Dec 28 06:35:05 - Sun Dec 28 07:05:13
Sun Dec 28 08:05:22 - Sun Dec 28 14:46:38
121.113.181.142
Tue Dec 30 19:08:06 - Tue Dec 30 20:08:21
Tue Dec 30 20:38:30 - Tue Dec 30 22:08:43
121.113.182.244
Tue Dec 30 09:36:03 - Tue Dec 30 16:37:36
210.249.74.115
Sun Dec 28 14:46:38 - Sun Dec 28 21:27:39
211.128.182.235
Fri Dec 26 14:18:15 - Fri Dec 26 16:18:43
211.128.182.40
Fri Dec 26 16:48:46 - Fri Dec 26 18:19:09
218.44.41.132
Sat Dec 27 12:02:33 - Sat Dec 27 12:32:36
219.110.78.126
Sun Dec 28 09:35:38 - Sun Dec 28 12:16:16
219.126.121.249
Mon Dec 29 14:31:57 - Mon Dec 29 17:32:39
219.126.123.144
Tue Dec 30 20:08:21 - Tue Dec 30 20:38:30
220.109.1.62
Sun Dec 28 12:16:16 - Sun Dec 28 12:46:18
220.109.147.167
Sun Dec 28 19:57:18 - Sun Dec 28 21:27:39
220.148.160.212
Tue Dec 30 20:38:30 - Wed Dec 31 02:10:00
220.148.162.250
Tue Dec 30 17:07:38 - Tue Dec 30 18:38:03
220.148.163.182
Sun Dec 28 02:54:40 - Sun Dec 28 03:24:42
220.221.18.140
Mon Dec 29 18:02:42 - Tue Dec 30 00:33:55
222.150.156.30
Fri Dec 26 19:19:19 - Fri Dec 26 19:49:22
58.190.43.53
Sat Dec 27 09:32:00 - Sat Dec 27 10:02:07
58.89.120.228
Fri Dec 26 19:49:22 - Fri Dec 26 20:19:30
60.43.10.44
Mon Dec 29 19:02:49 - Mon Dec 29 20:03:00
Above list clearly shows that some IPs were used just once, some for only 30 minutes.
0 comments:
Post a Comment