Yahoo! JAPANを装ったフィッシング詐欺サイト
以下のURLにフィッシング詐欺サイトが作成されています。
http://informationupdate.info/user-account-id/
http://informationupdate.info/user-account-id/ - 2009年4月19日 11:36 - ウェブ魚拓
4月5日の
Yahoo! JAPANを装ったフィッシング詐欺サイト - snitchの日記 迷惑メール備忘録等
とほぼ同じ手口です。
メールはb-mobileを利用してODNのメールサーバを使用して送信されているようです。
発信元のIPアドレスはb-mobileのアドレス帯です。
whois -h whois.nic.ad.jp 202.232.243.153 Network Information: [ネットワーク情報] a. [IPネットワークアドレス] 202.232.242.0/23 b. [ネットワーク名] BMOBILE f. [組織名] 日本通信株式会社 g. [Organization] Japan Communication Inc. m. [管理者連絡窓口] JP00016083 n. [技術連絡担当者] JP00016083 p. [ネームサーバ] ns3.bmobile.ne.jp p. [ネームサーバ] ns4.bmobile.ne.jp p. [ネームサーバ] ns6.bmobile.ne.jp p. [ネームサーバ] ns5.bmobile.ne.jp [割当年月日] 2002/06/24 [返却年月日] [最終更新] 2008/01/21 14:56:06(JST)
Subject: ヤフージャパンのご利用に関する大切なご連絡
From: Yahoo! JAPAN カスタマーセンター <customerservice@lily.odn.ne.jp>
To: <xxxxxxxxxx@yahoo.co.jp>
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
Content-Type: text/plain;
charset="iso-2022-jp"
Date: Mon, 20 Jul 2009 02:48:59 +0900
X-Apparently-To: xxxxxxxxxx@yahoo.co.jp via 124.83.200.71; Mon, 20 Jul 2009 02:48:59 +0900
X-Originating-IP: [143.90.14.143]
Received-SPF: pass (cmta103.odn.ne.jp: domain of customerservice@lily.odn.ne.jp designates 143.90.14.143 as permitted sender) receiver=cmta103.odn.ne.jp; client-ip=143.90.14.143; envelope-from=customerservice@lily.odn.ne.jp;
Authentication-Results: mta137.mail.tnz.yahoo.co.jp from=lily.odn.ne.jp; domainkeys=neutral (no sig)
Received: from 143.90.14.143 (EHLO cmta103.odn.ne.jp) (143.90.14.143)
by mta137.mail.tnz.yahoo.co.jp with SMTP; Mon, 20 Jul 2009 02:48:59 +0900
Received: from vmta103.odn.ne.jp by cmta103.odn.ne.jp with ESMTP
id <20090719174859583.GBUU.15161.cmta103.odn.ne.jp@mta103.odn.ne.jp>
for <xxxxxxxxxx@yahoo.co.jp>; Mon, 20 Jul 2009 02:48:59 +0900
Received: from emta103.odn.ne.jp by vmta103.odn.ne.jp with ESMTP
id <20090719174859521.ZQHR.10890.vmta103.odn.ne.jp@mta103.odn.ne.jp>
for <xxxxxxxxxx@yahoo.co.jp>; Mon, 20 Jul 2009 02:48:59 +0900
Received: from userff38c9308e ([202.232.243.153] [202.232.243.153])
by emta103.odn.ne.jp with SMTP
id <20090719174858661.UDLF.5904.emta103.odn.ne.jp@mta103.odn.ne.jp>
for <xxxxxxxxxx@yahoo.co.jp>; Mon, 20 Jul 2009 02:48:58 +0900
Message-ID: <CAB0C14E32EA40A5BEFF592919E9A943@userff38c9308e>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Odn-Service: VIRUS-CHECKED
--------------------------------------------------------------------
Yahoo! JAPAN - ユーザーアカウント継続手続き
--------------------------------------------------------------------
いつもyahoo!オークションをご利用いただきありがとうございます。
今後もYahoo!オークションを継続してご利用いただくためには、Yahoo! JAPAN ID
のユーザーアカウント継続手続きが必要です。
詳しくはユーザーアカウント継続手続きページをご覧ください
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
ユーザーアカウント継続手続きページはこちら
http://informationupdate.info/user-account-id/
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
********************************************************************
このメッセージは、Yahoo! JAPAN より自動的に送信されています。
********************************************************************
==========Yahoo!オークションからお知らせ==========
2009夏最旬スタイル♪安カワ990円から!
http://www.nissen.co.jp/smileland/
人気ブランド5000点以上!SALE開催!
http://directstyle.world.co.jp/sp/sale/2009/summer/index.html?
===================================
━━PR━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
≪全国送料一律≫モテカワアイテム1290円〜
http://www.nissen.co.jp/cate001/
最新トレンド続々!夏新作アイテム入荷中♪
http://www.nissen.co.jp/cate001/
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━PR━━
===================================
このメールに心当たりのない場合やご不明な点がある場合は、
wallet-skey@mail.yahoo.co.jp までご連絡ください。
Yahoo! JAPANをご利用いただき、ありがとうございます。
http://www.yahoo.co.jp/
--------
informationupdate.infoの情報
Access to INFO WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Afilias registry database. The data in this record is provided by Afilias Limited for informational purposes only, and Afilias does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Afilias reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain ID:D29084823-LRMS Domain Name:INFORMATIONUPDATE.INFO Created On:16-Jul-2009 14:43:34 UTC Last Updated On:16-Jul-2009 14:43:35 UTC Expiration Date:16-Jul-2010 14:43:34 UTC Sponsoring Registrar:Fastdomain Inc. (R397-LRMS) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:FAST-12785245 Registrant Name:BlueHost.Com - INC Registrant Organization:BlueHost.Com, POWERFUL WEB HOSTING - 300GB Disc space - 3,000GB Transfer Registrant Street1:1958 South 950 East Registrant Street2:HOST UNLIMITED DOMAINS *FREE* Registrant Street3:Hosting Accounts starting at ONLY $6.95 per month - Registrant City:Provo Registrant State/Province:Utah Registrant Postal Code:84606 Registrant Country:US Registrant Phone:+1.8884014678 Registrant Phone Ext.: Registrant FAX:+1.8017651992 Registrant FAX Ext.: Registrant Email:whois@bluehost.com Admin ID:FAST-12785245 Admin Name:BlueHost.Com - INC Admin Organization:BlueHost.Com, POWERFUL WEB HOSTING - 300GB Disc space - 3,000GB Transfer Admin Street1:1958 South 950 East Admin Street2:HOST UNLIMITED DOMAINS *FREE* Admin Street3:Hosting Accounts starting at ONLY $6.95 per month - Admin City:Provo Admin State/Province:Utah Admin Postal Code:84606 Admin Country:US Admin Phone:+1.8884014678 Admin Phone Ext.: Admin FAX:+1.8017651992 Admin FAX Ext.: Admin Email:whois@bluehost.com Billing ID:FAST-12785245 Billing Name:BlueHost.Com - INC Billing Organization:BlueHost.Com, POWERFUL WEB HOSTING - 300GB Disc space - 3,000GB Transfer Billing Street1:1958 South 950 East Billing Street2:HOST UNLIMITED DOMAINS *FREE* Billing Street3:Hosting Accounts starting at ONLY $6.95 per month - Billing City:Provo Billing State/Province:Utah Billing Postal Code:84606 Billing Country:US Billing Phone:+1.8884014678 Billing Phone Ext.: Billing FAX:+1.8017651992 Billing FAX Ext.: Billing Email:whois@bluehost.com Tech ID:FAST-12785245 Tech Name:BlueHost.Com - INC Tech Organization:BlueHost.Com, POWERFUL WEB HOSTING - 300GB Disc space - 3,000GB Transfer Tech Street1:1958 South 950 East Tech Street2:HOST UNLIMITED DOMAINS *FREE* Tech Street3:Hosting Accounts starting at ONLY $6.95 per month - Tech City:Provo Tech State/Province:Utah Tech Postal Code:84606 Tech Country:US Tech Phone:+1.8884014678 Tech Phone Ext.: Tech FAX:+1.8017651992 Tech FAX Ext.: Tech Email:whois@bluehost.com Name Server:NS1.BLUEHOST.COM Name Server:NS2.BLUEHOST.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server:
whois -h whois.arin.net 66.147.242.190 NetRange: 66.147.240.0 - 66.147.255.255 CIDR: 66.147.240.0/20 OriginAS: AS11798 NetName: BLUEHOST-NETWORK-4 NetHandle: NET-66-147-240-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: NS1.BLUEHOST.COM NameServer: NS2.BLUEHOST.COM Comment: RegDate: 2008-05-05 Updated: 2008-05-05 RAbuseHandle: NOC2320-ARIN RAbuseName: Network Operations Center RAbusePhone: +1-801-765-9400 RAbuseEmail: abuse@bluehost.com RNOCHandle: TECHN497-ARIN RNOCName: Technical Operations RNOCPhone: +1-801-765-9400 RNOCEmail: support@bluehost.com RTechHandle: NETWO2081-ARIN RTechName: Network Operations RTechPhone: +1-801-765-9400 RTechEmail: netops@bluehost.com OrgTechHandle: SAL72-ARIN OrgTechName: Alligood, Steve OrgTechPhone: +1-801-765-9400 OrgTechEmail: netops@bluehost.com
