知らない人から「メールボックスのストレージ容量が少ない」というメールが来たので調べてみた
概要
更新履歴
- 2024/03/13 初版
目次
はじめに
このドキュメントはメール管理者の私に,メール管理者を騙る者からメールボックスのストレージ容量不足が発生しているので,対処しろと言って不正サイト にログインさせようとしているので,誘導先のドメインやその転送先を調べたら,Cloudflareを使っていたり,日本,カナダ,米国,タイランドなど の国が出てくるので追跡調査は面倒.メールの確認
フィッシングメール本文
- 私の管理するメールサーバのメール管理者を装って,メールボックスの空き容量が少ないと警告するメールが到着.
- なんで管理者の私に来るのだろう.
- リンク先はちょっと訳わからない感じになってリダイレクトされているけれど,リダイレクト先のドメイン名は今回悪戯に使われているドメイン名が使われていたので,そのあたりを出鱈目に偽装してサイトにアクセス.
https[:]//url-shield.securence.com/?p=1.0&r=adrienne@amg-law[.]com&
amp;sid=169021XXXX887-022-00172088&s=g53hchkx&n=brgejkixh&
ms=0.5,0.0,0.0,0.5&u=http://www.ドメイン5XXXX8900.cwcoin.io/?vc=XXXX@ドメイ
ン.jp- よくみるとパラメータにはアドリアネさんのメアドが含まれていますね.マンハッタンの法律会社の様です.
メールヘッダの確認
- メールヘッダは次の通り.
- メールヘッダに記録のあったドメインへのアクセス
$ whois gaudiams.com🆑
Domain Name: GAUDIAMS.COM
Registry Domain ID: 2692431136_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://gmo.jp🈁
Updated Date: 2022-04-28T02:01:07Z🈁
Creation Date: 2022-04-28T01:44:48Z🈁
Registry Expiry Date: 2024-04-28T01:44:48Z
Registrar: GMO Internet Group, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Domain Status: ok https://icann.org/epp#ok
Name Server: NS1.DNS.NE.JP
Name Server: NS2.DNS.NE.JP
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-03-12T21:29:22Z <<<
- アクセスしてみた.
- 表面上は,WordPressの作成中のサイト.
誘導先のサイトにアクセス
- メール本文にあったURLパラメータの後半部分を以下のように出鱈目に加工してアクセス.
http://www.XXX99998900.cwcoin.io/
- すると次のようなページに転送された.
- ユーザ名がundefinedとなっているけど,これはURLパラメータを反映している模様.
https[:]//ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/#undefined
- このundefinedのパラメータを変えちゃうとこのようになる.
https[:]//ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/#police
- パスワードも含めて出鱈目に入力したら,一応チェックでエラーになった模様.
- パスワード短いのか...
- 2回ほど出鱈目なパスワードを入力したら,東京電機大学のWebメールサーバに転送されてしまった.
- これはフィッシングでメールアドレスを取得する際にもバリデーション(入力検査)のために再入力させているのだろうと考えている.
- 誘導さいのWebメールサーバの証明書を確認すると,東京電機大学で正しそうだ.
- セコムトラストのSSL証明書を取得しているから,信頼度は高そう.
- QUALITIAというのは,クラウド型サービスのQUALITIA CLOUDの模様.
- https://www.qualitia.com/
- 文教系によく導入されているそうなので,今回の東京電機大学が使っていても違和感なし.
ドメイン情報を調べるsecurence.com
- 最初に使われていたurl-shield.securence.comの情報を調査.
- まずはIPアドレス.
$ dig url-shield.securence.com🆑
; <<>> DiG 9.10.6 <<>> url-shield.securence.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11622
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;url-shield.securence.com. IN A
;; ANSWER SECTION:
url-shield.securence.com. 149 IN A 216.17.3.180🈁
;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 13 05:23:56 JST 2024
;; MSG SIZE rcvd: 69
$ curl -s ipinfo.io/216.17.3.180🆑
{
"ip": "216.17.3.180",
"city": "Minneapolis",
"region": "Minnesota",🈁
"country": "US",
"loc": "44.9264,-93.2818",
"org": "AS10242 US Internet Corp",
"postal": "55409",
"timezone": "America/Chicago",
"readme": "https://ipinfo.io/missingauth"
}
$
- 米国のミネソタ州ミネアポリス.
- 次にドメイン情報.
$ whois securence.com🆑
Domain Name: SECURENCE.COM
Registry Domain ID: 129562818_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://www.tucows.com
Updated Date: 2017-09-27T13:01:38Z
Creation Date: 2004-09-09T15:30:44Z🆑
Registry Expiry Date: 2027-09-09T15:30:44Z
Registrar: Tucows Domains Inc.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: DNSRAD1.USINTERNET.COM
Name Server: DNSRAD2.USINTERNET.COM
Name Server: NS2.USINTERNET.COM
Name Server: NS4.USINTERNET.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-03-12T19:59:55Z <<<- カナダのレジストラのtucowsを使って匿名ドメインを取得.ドメイン歴は長い模様.
- SECURENCE.COMを訪問するとこんな感じ.
- トップページに書いてあることを見ると,電子メールに関係するサービスをやっている会社の模様.
- Securence is a leading provider of email filtering and management software that includes email protection and security services for small business, enterprise, educational, and government institutions worldwide.
- Securenceは、世界中の中小企業、企業、教育機関、政府機関向けの電子メール保護およびセキュリティサービスを含む、電子メールフィルタリングおよび管理ソフトウェアのリーディングプロバイダです。
- ここも文教系.
ドメイン情報を調べるcwcoin.io
- 転送に使われているFQDNを調べる.
- まずはIPアドレス.
$ dig www.aaa0.cwcoin.io🆑
; <<>> DiG 9.10.6 <<>> www.aaa0.cwcoin.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59842
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.aaa0.cwcoin.io. IN A
;; ANSWER SECTION:
www.aaa0.cwcoin.io. 1200 IN A 104.219.248.87
;; Query time: 15 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 13 05:28:26 JST 2024
;; MSG SIZE rcvd: 63
$
動的DNSを使っている様で,ホスト名部分は出鱈目を設定してもこのIPアドレスが返ってくる.
$ curl -s ipinfo.io/104.219.248.87🆑
{
"ip": "104.219.248.87",
"hostname": "server135-1.web-hosting.com",
"city": "Phoenix",
"region": "Arizona",🈁
"country": "US",
"loc": "33.4484,-112.0740",
"org": "AS22612 Namecheap, Inc.",
"postal": "85001",
"timezone": "America/Phoenix",
"readme": "https://ipinfo.io/missingauth"
}
$
- 米国のアリゾナ.
$ whois cwcoin.io🆑
Domain Name: cwcoin.io
Registry Domain ID: a9b148a0640a43e8a241c3c6485d4d5e-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2023-04-13T06:25:08Z
Creation Date: 2021-05-08T21:03:55Z
Registry Expiry Date: 2024-05-08T21:03:55Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
- トップドメインだけでアクセスしてみるとこんな感じ.
- cPanelの管理画面の様なものが出てきた.
- CWCOIN.NET(Change the World Token)という類似の名前のドメインを持つサイトもあるが関連は不明.
ドメイン情報を調べるze.barlow-master.com
- 採取的に転送されるWebサイトの情報を調べてみる
- まずはIPアドレスの情報を確認.
$ dig ze.barlow-master.com🆑
; <<>> DiG 9.10.6 <<>> ze.barlow-master.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12007
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ze.barlow-master.com. IN A
;; ANSWER SECTION:
ze.barlow-master.com. 300 IN A 104.21.96.3🈁
ze.barlow-master.com. 300 IN A 172.67.150.25🈁
;; Query time: 21 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Mar 12 07:38:56 JST 2024
;; MSG SIZE rcvd: 81
$- IPアドレスの詳細はこちら.
$ curl -s ipinfo.io/104.21.96.3
{
"ip": "104.21.96.3",
"anycast": true,
"city": "San Francisco",
"region": "California",
"country": "US",
"loc": "37.7621,-122.3971",
"org": "AS13335 Cloudflare, Inc.",
"postal": "94107",
"timezone": "America/Los_Angeles",
"readme": "https://ipinfo.io/missingauth"
}[MacPro2013:ujpadmin 07:39:22 ~ ]
$ curl -s ipinfo.io/172.67.150.25
{
"ip": "172.67.150.25",
"anycast": true,
"city": "San Francisco",
"region": "California",
"country": "US",
"loc": "37.7621,-122.3971",
"org": "AS13335 Cloudflare, Inc.",
"postal": "94107",
"timezone": "America/Los_Angeles",
"readme": "https://ipinfo.io/missingauth"
}
$- 米国のカリフォルニア.
- Cloudflareか.CDNを使っている辺りは本格的.
- whois情報を確認.
$ whois barlow-master.com🆑
Domain Name: BARLOW-MASTER.COM
Registry Domain ID: 2739826453_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-11-11T00:53:47Z🈁
Creation Date: 2022-11-21T10:50:38Z🈁
Registry Expiry Date: 2024-11-21T10:50:38Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DELL.NS.CLOUDFLARE.COM
Name Server: MOURA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-03-11T22:41:17Z <<<- 匿名サービスを使っているのでドメインの取得者は不明.
- ドメイン年齢は若い.
- ドメインで使われているbarlowは,大型のポケットナイフのことらしい.
- 念の為,Wayback machineで過去のサイト情報を調べた.
- nginxのデフォルトページがあるのみ.
- www.も調べたけどbarlow-master.comへ転送された
コンテンツ発見調査
- 何か見えてくるのではないかと思って,調査.
dirbで調査
$ ./dirb https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/ ./wordlists/common.txt🆑
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Tue Mar 12 07:20:59 2024
URL_BASE: https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/
WORDLIST_FILES: ./wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/ ----
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/.config (CODE:403|SIZE:522)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/_data (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/_database (CODE:200|SIZE:16)
+
https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/_vti_bin/_vti_adm/admin.dll
(CODE:403|SIZE:528)
+
https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/_vti_bin/_vti_aut/author.dll
(CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/_vti_bin/shtml.dll (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/admin.cgi (CODE:403|SIZE:582)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/akeeba.backend.log (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/app_data (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/AT-admin.cgi (CODE:403|SIZE:582)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/awmdata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/awstats.conf (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/bdata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/cachemgr.cgi (CODE:403|SIZE:582)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/cgi-data (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/data (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/database (CODE:200|SIZE:16)
+
https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/database_administration
(CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/databases (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/datafiles (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/datas (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/development.log (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/forumdata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/global.asa (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/global.asax (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/index.html (CODE:200|SIZE:18383)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/ipdata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/json (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/json-api (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/main.mdb (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/mdb-database (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/metadata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/oradata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/php.ini (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/production.log (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/spamlog.log (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/thumbs.db (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/Thumbs.db (CODE:403|SIZE:528)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/webdata (CODE:200|SIZE:16)
+ https://ze.barlow-master.com/japan-webmail-server-migration.customer-service--japan.bin/WS_FTP.LOG (CODE:403|SIZE:528)
er-service--japan.bin/zt
-----------------
END_TIME: Tue Mar 12 07:50:51 2024
DOWNLOADED: 4612 - FOUND: 40
$- いくつかHTTP 200が返ってきているけどアクセスしてみるとこういうデータが表示されるだけだった.
KiteRunnerを使って調査
- 次にコンテンツ発見のために,KiteRunnerを使ってみた.
- 使ったコマンドはこれ.
kr brute https://ze.barlow-master.com/ -w
~/bin/wordlist/data/automated/httparchive_directories_1m_2024_01_28.txt
-D -x 200
- 200並列にしている.ネットわー機器が弱い人は,この数字を少なくやった方が良いでしょう.
では実行.
$ kr brute https://ze.barlow-master.com/ -w ~/bin/wordlist/data/automated/httparchive_directories_1m_2024_01_28.txt -D -x 200🆑
▄▄▄▄ ██
▄▄▀▀▀▀▄▄
█▀▄█▄█
█▄▄▄
▒
▄▄ █▄█ ▀▀▄▄▄ ▀▀▀▄▄██▀▀▀▀▀
▄█▄█▄▄█▄
▄▄▄ ▒█▒
██▄▄▀▀██ ███ ▄▄▄▄▄▄▄▄▄▄▄▄█▄ █████▀▀▀▄█ ▄▄▄▓█
▄▄ ▄█▄▀▓▄█▄
▒ ▄▄
▀█▀▄▌▐█▌█ █▓█ ██▀▀▀▀██▀██▓█ ██▄▀▀▐▓ ▄█▓▌ ▀▀█▓█ █▓█ ▄ ▀ █▄▀▀▀▄ ▄▄ ▄▄▄▄▄█▄
▐██▌▐██▀ ▀▀▀ █▓█ █▄▓▀ █▀▀▄▄▄▄▄▄ ▐▓▄█▓▄▄█▄
███▄▄▀ ██▄█ ▄▄▀ ▄▀ ▀
▀███▀▀▄█▄
▐▀███▄▄▄▄█▄▀▄▀▀ ███▄▄ ▄█▄▀▀▀▀▓███▄▀█▀▀▓█ ▀█▀▀█ █▓ ▀▄█▓█ ▄▓█ ██▀▀▀ ▄ ▐▓█ ▀█▀▀
▐█▓▄█▀▀▀▀▀██ ▀▄ ▐▓▀▀ █▄▀▀▀▄▄▀▀████▀
█▓▌ ▐▀ ██▀ ▄
▀▓█ █▓▄ ▄▄▀ ▐▓▌
▐███▄ ▐▄██ ▄█ ▄█▌ █▀▄▄▄ ▀▀
▐██ ▐▀▄ ▄█▓█ ▄▄█▄ ██ ▀▄▄▄▀▄ ▀▀▄▄▀▀ ▄▄▀
▐▀▓█ █▓██▄▄▄███▄█ ▀█▀▄█ ▄█▄▄▓█ ▀▀▀▀▄█▄▄▄▄▄▀▄▄ ▀ █▓█▀▄█▌ ▄▀▄██
█▀█ ██▀▀▀▀▀▀▀▀▀▓█ ██ ▀▀▀
███▀▓█ ▄▀█▀▀▀▀▀▀ ▀▀ ▐▓█
▀▌ ▄▀▄▄▀█
▀▀ ███
█▀▀▄▄█
▀▓▀
▐▀▀
▀▀▄█▀
▒
▀█▄▄██
▀▀
▒█▒ ▀▄█▀
▒ ▀
+----------------------+----------------------------------------------------------------------------------------------------------------------------------+
|
SETTING
|
VALUE
|
+----------------------+----------------------------------------------------------------------------------------------------------------------------------+
|
delay
|
0s
|
|
full-scan
|
false
|
| full-scan-requests |
1620317
|
|
headers
|
[x-forwarded-for:127.0.0.1]
|
| max-conn-per-host |
200
|
| max-parallel-host |
50
|
| max-redirects |
3
|
| max-timeout |
3s
|
| preflight-routes |
11
|
| quarantine-threshold |
10
|
|
read-body
|
false
|
| read-headers |
false
|
| scan-depth
|
1
|
| skip-preflight |
false
|
|
target
|
https://ze.barlow-master.com/
|
| total-routes |
694282
|
| user-agent
| Chrome. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36
|
+----------------------+----------------------------------------------------------------------------------------------------------------------------------+
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/webplaza.dll
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/coverlist.dll
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/www.fortecharger.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/samply-a03ff.appspot.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/atecsoftweb.dll
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/webchatv2stage.clientbook.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/www.bambitospringwater.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/zynkdesign.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/cta.intelegencia.com
GET 520 [
15, 3, 1]
https://ze.barlow-master.com/lat/thumbs/r350/pasakumi
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/config/fevo-enterprise.com
GET 403 [
528, 8, 15]
https://ze.barlow-master.com/wicket/resource/com.vtls.chamo.webapp.application.resources.Resources
GET 200 [ 877,
44, 1] https://ze.barlow-master.com/player/videojs/dist🈁
GET 200 [ 877,
44, 1] https://ze.barlow-master.com/player/v/8.20.4🈁
GET 301 [
155, 5, 8]
https://ze.barlow-master.com/webmail/images/favicon ->
https://ze.barlow-master.com/roundcube/🈁
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/fortpages.fortvision.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/entry/image/http://www.antennash.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/landing.uraniz.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/www.cojaliusa.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/apply.freshprints.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/cloud-gadmin_1/luisvives.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/plenoptika.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/widget-frontend.klara.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/https://fonts.googleapis.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/shop.juliegoodnight.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/mcjr-ea901.appspot.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/zwandako.com
GET 200 [ 2308, 104, 70]
https://ze.barlow-master.com/index.php/produse/thumbnails🈁
GET 200 [ 2308, 104, 70] https://ze.barlow-master.com/index.php/br
GET 200 [ 2308, 104, 70] https://ze.barlow-master.com/index.php/svg/core/logo
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/images/www.theholidayvillage.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/www.nichegenerics.com
GET 200 [ 329, 14, 17] https://ze.barlow-master.com/cdn-cgi/trace
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/b/jsd/r
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/b/cmg/1
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api
GET 404 [ 930,
76, 15]
https://ze.barlow-master.com/cdn-cgi/scripts/ddc5a536/cloudflare-static
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/h/b/scripts
GET 400 [
7, 1, 1]
https://ze.barlow-master.com/cdn-cgi/challenge-platform/scripts
GET 200 [ 877,
44, 1]
https://ze.barlow-master.com/embed/_next/static/chunks
GET 200 [ 877,
44, 1] https://ze.barlow-master.com/embed/assets/img
GET 200 [ 877,
44, 1] https://ze.barlow-master.com/embed/dist🈁
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/wp-content/cache/flying-press/yourcruisegirl.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/wp-content/cache/flying-press/chunomotor.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/wp-content/themes/cayxanhanphu.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/wp-content/cache/flying-press/www.ulcontrols.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/propcart-dev.appspot.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/url/https://www.youtube.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/url/http://esite100.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/NmPubApiHandler.axd
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/to2/zennioptical.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/volunteeringjourneys.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/generatorsupercenteroflufkin.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/try.nervaibs.com
GET 403 [
145, 3, 14]
https://ze.barlow-master.com/cc.silktide.com
100% |█████| (1620317/1620317, 602 it/s)
8:49AM INF scan complete duration=2694352.291867 results=57
$-
めぼしいものは見つからなかったけど,
player/v/8.20.4という宇野はWinX DVD RipperPlatinumが該当する模様. produse/thumbnailsにアクセスすると次の様な画面が.
-
次に
embed/distもアクセスしてみる.
- ネットで調べられる情報からは米国関連の情報しかなかったけど,コンテンツの中身を見てみたら急にタイランドが出てくる.
