MoinQ:

1. 103.117.102.186

四つ子のフィッシングサイトか: dnsv.jp に作成;

https://www.yaatrooting.com http://www.yaatrooting.com

https://www.senlucyming.com watchNS/dnsv/senlucyming.com

https://www.tootlyyaan.com watchNS/dnsv/tootlyyaan.com

watchNS/dnsv/raykrootneer.com

www.yaatrooting.com. 600 IN A 103.117.102.186

localhostにredirectされる。(どういう意図だろう。)

登録したてのドメインだ。 https://twitter.com/AP_Zenmashi/status/1520586647704059905?s=20&t=A2QPFObHvo3dAd6EQo_3NQ

zenmashi @AP_Zenmashi
Amazonのフィッシングサイトと思われるものを検知
hxxps://www.yaatrooting.com
 IP:103.117.102.186
本日117杯目
🍜🍜🍜🍜🍚🍜🍜🍜🍜🥟🍜( ‘༥’ )ŧ‹”ŧ‹”

#Phishing #フィッシング #Amazon #アマゾン
画像
午前11:11 · 2022年5月1日·App_For_AntiPhishing

1.1. whois

   Domain Name: YAATROOTING.COM
   Registry Domain ID: 2693096349_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.discount-domain.com
   Registrar URL: http://gmo.jp
   Updated Date: 2022-04-30T19:35:25Z
   Creation Date: 2022-04-30T19:33:51Z
   Registry Expiry Date: 2023-04-30T19:33:51Z
   Registrar: GMO Internet, Inc. d/b/a Onamae.com
   Registrar IANA ID: 49
   Registrar Abuse Contact Email: abuse@gmo.jp
   Registrar Abuse Contact Phone: +81.337709199
   Domain Status: ok https://icann.org/epp#ok
   Name Server: 01.DNSV.JP
   Name Server: 02.DNSV.JP
   Name Server: 03.DNSV.JP
   Name Server: 04.DNSV.JP
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-05-01T02:21:16Z <<<

yaatrooting.com.        300     IN      SOA     01.dnsv.jp. hostmaster.dnsv.jp. 1651347324 3600 900 604800 300

1.2. history

        Rank    Hosting Provider        Mail Provider
www.aplus.co.jp.roti8fdl0ls.ourekav.com         DMIT Cloud Services     ‐
www.aplus.co.jp.djgoe1kf2.oueajfgk.com          DMIT Cloud Services     ‐
www.aplus.co.jp.yesf565bfhjh.podrjhgdu.com              DMIT Cloud Services     ‐
www.aplus.co.jp.njhfjshfe323oifgnf.tndruhusd.com                DMIT Cloud Services     ‐
aplus.soruida.com               DMIT Cloud Services     ‐
www.aplus.co.jp.fgrew57dh.74dfg.wersfgag.com            DMIT Cloud Services     ‐
apollo335hk.apollo333.com               DMIT Cloud Services     ‐

hxxps://www.eorakfad.com hxxps://www.giralghsa.com hxxps://www.kfhrsmga.com hxxps://www.orfjaglag.com hxxps://www.nralgeral.com hxxps://www.btosjgatwe.com hxxps://www.zomafrakg.com


CategoryDns CategoryWatch CategoryTemplate

MoinQ: フィッシング/103.117.102.186 (last edited 2022-05-07 16:03:05 by ToshinoriMaeno)