弁財天

ゴフマン「専門家を信じるのではなく、自分自身で考えて判断せよ」

Windowsは起動時にUSBメタデータをマイクロソフトに送信するw update2

10/19-00:35:58.701427  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2025275:3]  <デバイスeth0> ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:59.357310  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40278 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2025275:3]  <デバイスeth0> ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:59.357310  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40278 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2025275:3]  <デバイスeth0> ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:59.357310  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40278 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:58.701427  [**] [1:2025275:3]  <デバイスeth0> ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 我が家:40268 -> 52.138.148.89:80
10/19-00:35:59.357310  [**] [1:2027390:2]  <デバイスeth0> ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 我が家:40278 -> 52.138.148.89:80

$ whois 52.138.148.89
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
8075    | 52.138.148.89    | 52.136.0.0/13       | US | arin     | 2015-11-24 | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
$
Return-Path: 
X-Original-To: abuse@benzaiten.dyndns.org
Delivered-To: abuse@benzaiten.dyndns.org
Received: from mail.mofald.gov.np (unknown [202.45.144.156])
    by benzaiten.dyndns.org (Postfix) with ESMTP id 67664E8AAF
    for ; Fri, 18 Oct 2019 21:24:33 +0900 (JST)
Received: from [192.168.1.1] (unknown [201.232.31.140])
    by mail.mofald.gov.np (Postfix) with ESMTPA id D1F66148984B;
    Mon, 14 Oct 2019 23:53:25 +0545 (NPT)
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Independent Financial Consultant., 156
To: Recipients 
From: "Mr. Ryan Roger" 
Date: Mon, 14 Oct 2019 11:41:02 -0500
Reply-To: rr7035707@gmail.com

Good Day ,

My name is Mr. Ryan Rogers the Independent Financial Consultant. We are contacting you concerning funding of your business project. We are interested to partnership with you as we are seeking to diversify our financial portfolio into viable and lucrative business projects that worth it,

We are most interested in partnerships business ventures in Medical and Health care projects, Real estate projects, mining projects, agricultural projects renewable energy projects, Oil and Gas, start-up projects and business expansions / Loan with lower rate,

Your swift response is highly needed.

Best Regard,
Ryan Roger
なるメールが送られてきたw

メールヘッダーを見ると
「Received: from mail.mofald.gov.np (unknown [202.45.144.156])」
となっているw

いったいどこの政府なのかと、「http://mofald.gov.np」などと調べてると…

10/19-16:03:29.802805 [**] [1:2012252:2] <デバイスeth0> ET SHELLCODE Common 0a0a0a0a Heap Spray String [**] [Classification: Executable Code was Detected] [Priority: 1] {TCP} 103.69.124.139 ネパール王国 NP Central Region Kathmandu (Koteshwor) [ASN131341 Department of Information Technology, Governme 103.69.124.0/24]:80 -> 我が家.11 benzaiten.dyndns.org ZZ:37836
などと攻撃されてしまったw

投稿されたコメント:

コメント
コメントは無効になっています。