Author Topic: daily something......  (Read 692650 times)

0 Members and 1 Guest are viewing this topic.

March 17, 2015, 09:00:58 pm
Reply #1260

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really PDF files:

patriziapulcina.it/wp-content/uploads/2015/01/css1.pdf
liymo.com/mandoc/css1.pdf
harveyouellet.com/mandoc/wus1.pdf
plomberie-depannages.com/mandoc/wus1.pdf
deyellah.com/std/pius1.pdf
escolamanoela.com/mandoc/pius1.pdf
businessmoney.in/css/pino.pdf
wginfotech.net/abba/pages/css/pino.pdf
sama-libya.com.ly/tools/kitok3.pdf
thegulfitjobs.com/cron/log/kitok3.pdf
manualtatex.com/mandoc/kitokn.pdf
houndsofcullen.com/mandoc/kitokn.pdf

March 17, 2015, 09:50:38 pm
Reply #1261

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really PDF files:

maxprintingcentre.com/swf/wusn.pdf
ativokids.info/downloads/Hugo/wusn.pdf

March 17, 2015, 11:01:41 pm
Reply #1262

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
phishing sites and php phishing kits. mostly google docs, some dropbox or multi-email seine phishing. couple dating sites.

youonline.fr/wp-includes/js/tinymce/skins/wordpress/gucci2014/gdocs/document.html
www.stella-invest.com/document.htm
loveinfruit.com/doc/doc/document.php
www.hoacuoisaigon.com/pdf/document.php
www.hoacuoisaigon.com/dropbox/
www.tekzs.com/believe/doc/doc/document.php
www.tekzs.com/believe/doc.zip
www.tekzs.com/XP/XPS/XPS/Mail_Administrator/Mail_Administrator/ticket.html
www.tekzs.com/checking/doc/doc/view.html
www.tekzs.com/checking/doc.zip
www.tekzs.com/creative/doc/doc/document.php
www.tekzs.com/creative/doc.zip
www.tekzs.com/document/doc/doc/doc/document.php
www.tekzs.com/document/doc%20(2).zip
www.tekzs.com/iimages/plugin/hotmailuser/52f9e652e2638258ecde3060f5e6058c062e5499/
www.tekzs.com/iimages/plugin/hotmailuser.zip
www.tekzs.com/nogok/doc/doc/document.php
www.tekzs.com/nogok/doc.zip
www.tekzs.com/temp/MATCH/login.aspx.htm
www.tekzs.com/temp/MATCH.zip
www.tekzs.com/zee/adobe/user/login/
whatifi.co.uk/view.image.googledrive/doc/view.html
whatifi.co.uk/google.drive/doc/document.php
whatifi.co.uk/google.drive/doc/document.php
whatifi.co.uk/PDF/WordMCF/doc/view.html
whatifi.co.uk/PDF/WordMCF/doc/view.html
www.huiles-essentielles.org/username/EmailValidation.zip
www.huiles-essentielles.org/EmailValidation.zip
googledrive.swindonrunners.co.uk/files/document.php
googledrive.swindonrunners.co.uk/documents/index2.php
www.calabashafrica.com/access/googledocs/document.php
www.calabashafrica.com/access/googledocs.zip
www.calabashafrica.com/document/googledocfresh/document.php
www.calabashafrica.com/document/googledocfresh.zip
www.calabashafrica.com/nude1/us.match.com-login.php
www.auravisual.cl/Docs/document.php
www.rcj.cl/EmailValidation/document.php
www.rcj.cl/EmailValidation.zip
www.rcj.cl/ABLE/spare/
www.rcj.cl/DES/DOC1/
www.rcj.cl/DROGBA/spare/
www.rcj.cl/GUILY/spare/
www.rcj.cl/HAPPY/spare/
www.rcj.cl/JESU/spare/
www.rcj.cl/HIS/googledock/Googledoc/
www.rcj.cl/LOVE/spare/
www.rcj.cl/God/googledock/Googledoc/
www.rcj.cl/chdoc.zip
www.rcj.cl/documentopen.zip
www.rcj.cl/MALIK/spare/
www.rcj.cl/MAMA/DOC1/
www.rcj.cl/OKAN-IKA/spare/
www.rcj.cl/UAUA/DOC1/
www.rcj.cl/ebony/spare/
www.rcj.cl/chdoc/
www.rcj.cl/him/googledock/Googledoc/
www.rcj.cl/okan/FAV/
www.rcj.cl/safe/spride/
www.rcj.cl/godson/googledock/Googledoc/
www.rcj.cl/great/googledock/Googledoc/
www.rcj.cl/iuy/googledock/Googledoc/
www.rcj.cl/jesus/googledock/Googledoc/
www.rcj.cl/you/googledock/Googledoc/
www.rcj.cl/iau/googledock/Googledoc/
www.anabolica.be/mbar/disp/blk/
www.anabolica.be/mbar/disp.zip
dropbox.globalhost.nl/doc/document.php
www.reloadmailserver.com/docs/doc/document.php
www.reloadmailserver.com/docs.zip
files.primemovie.org/doc/rmd/document.php
files.primemovie.org/doc.zip
cafethanhphat.vn/doc/doc/document.php
www.swindonrunners.co.uk/googledrive/files/document.php
www.swindonrunners.co.uk/googledrive/documents/index2.php
www.swindonrunners.co.uk/doingbusinessaccountsummary/
www.swindonrunners.co.uk/Wealth/google.files/
www.swindonrunners.co.uk/DoingBusiness/Wealths/index2.php
mxcrst.biz/pdf/document.php
mxcrst.biz/pdf/view.html
mxcrst.biz/auth/view/document/
mxcrst.biz/es/auth/view/document/
www.iguata.com.br/Data.File/Docs/view.html
www.iguata.com.br/Data.File/Docs/document.php
www.iguata.com.br/Admin/reli/
www.iguata.com.br/Admin/reli.zip
www.iguata.com.br/Data/Docs/document.php
www.iguata.com.br/Fille/Docs/document.php
www.iguata.com.br/Fille/BAS.zip
www.iguata.com.br/Wp-fm/Docs/document.php
www.iguata.com.br/files/Docs/document.php
www.iguata.com.br/no2015/new2015/document.php
www.iguata.com.br/wp-zero/2014/2014/
www.iguata.com.br/wp-zero/2014.zip
drivegoogle.co.nr/
www.quotientonline.com/links/haol/
seoaltinvestments.org/wp-includes/css/AutoUpdate/
thetownsenddesignco.com/css/2014googledocs/
rambudesign.com/gdoc/
healthnmuscle.com/panya/gdocs-verify/

March 18, 2015, 02:54:30 am
Reply #1263

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
adobe-style google docs phishing

etv4pc.com/docs

March 18, 2015, 03:21:59 pm
Reply #1264

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really RTF files:

railcosoft.ro/css/ixus1.rtf
domorisdeco.ro/css/ixus1.rtf
straphael.org.uk/youth2000_files/doc11.rtf
canabrake.com.mx/css/doc11.rtf
user41992.vs.easily.co.uk/img/doc12.rtf
82.45.180.172/ary/css/doc12.rtf

at least 1 dyreza downloads (probably a spammer bot, encrypted executable also):
37.59.44.18/ml1from1.tar

March 18, 2015, 05:17:57 pm
Reply #1265

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
some phishing sites

www.nursingschooladvantage.com/documento/index.php.htm
www.logintvn.com/img/google/file_doc.php
hapacus.com/libraries/simplepie/idn/Drive/documents.php
www.casinogamesworld.net/wiz/
aftechnology.org/GoogleDrive/document/
superiortankinc.com/site/plugins/authentication/joomla/anothers/
marketing360radio.com/wp-content/3deccba88ed7430e310706c671969658/
alter23.altervista.org/google.html
www.monarchexcess.com/basix/index.htm
odbcg.com/docss/Login.html
www.sunrisegroupng.com/_derived/7676h/direct.htm
www.sunrisegroupng.com/_derived/eff/webmailsupport.google.com_/direct.htm
terranegocios.com/Gdoc/
terranegocios.com/Data/Sign_in.html
terranegocios.com/Yahoo/
terranegocios.com/hotmail/Sign_in.html
terranegocios.com/info/Sign_in.html
terranegocios.com/login/aliyun.htm
terranegocios.com/outlook/Sign_in.html
terranegocios.com/secure/main.html
terranegocios.com/share/main.html
www.pragmaticwebtools.com/config/googledocs/securelog00123/
www.video.cafeask.com/googledoc89434993458348509login/
kansasreining.com/reining/Googledoxxx/Googledrive/google/
www.newgambia.gm/mommy/google/drive/document.html
www.tea-garden.com/googledocs/
www.privaseg.com.br/googledocs/sss/
perfectfitjewelry.com/www/ww/www.googledocs.com/w/www.google.docs/googledocs1/
perfectfitjewelry.com/www/Matches/match.aspx.htm
perfectfitjewelry.com/www/Matches.zip
docs-google.com.facebook.login.landroverquebec.com/document/u/0/
www.pousadatiatita.com.br/wp-content/Verify%20Secure%20File/
parque5.pt/secure/signin.htm
www.sshields.com/images/Secure/

March 18, 2015, 05:57:07 pm
Reply #1266

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
some phishing sites

www.lankapropertyguide.lk/db/hotmail/outlook.html
www.lankapropertyguide.lk/db/Alibaba.com/Samples.html
www.lankapropertyguide.lk/db/Alibaba.com.zip
www.lankapropertyguide.lk/db/hotmail.zip
mtrlxod.tk/
https://vnextra.home.pl/bud/
www.hunan-bus.com/link/Outlook/Outlook/Sign%20In.html
www.hunan-bus.com/link/MainOutlook..zip
www.umacau-datacenter.com:4998/tw-msntw/20140112/outlook.com/
www.planin.com.sg/hotmail.html
www.planin.com.sg/Logon/key/KeyBank%20-%20Sign%20On%20to%20Online%20Banking.html
www.planin.com.sg/Logon/KEY.zip
www.planin.com.sg/capitalone/capitalone.html
www.planin.com.sg/capitalone/login_question.html
dotmatservices.com/Web_Development.html
whatcouldyoudowith2k.com/wp-admin/hotmai.html
metafrio.com.br/sss/login.srf.htm
www.besiktaseskort.net/images/hotmail.comm/www.hotmail.com/hot/
nwgd.altervista.org/ipp/index.html
www.voltahotel.net/obm/css/Sign_in.html
metafrio.com.br/dboxlog/knd/Dropbox.html
metafrio.com.br/dboxlog/knd/ssl/googledrive.rar
metafrio.com.br/drop/Dropbox.html
metafrio.com.br/micro/login.srf.htm
metafrio.com.br/tt/Dropbox.html
metafrio.com.br/microsoft/login.srf.htm
swordsisters.com/outlook/hotmail/index.html
swordsisters.com/outlook/hotmail.zip

March 18, 2015, 05:59:13 pm
Reply #1267

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
pony drop-zones and panels:

server3.streamservices.de/p/admin.php
dekeukenvernieuwers.be/panel/admin.php
dekeukenvernieuwers.be/panel/gate.php
www.bscdragonboard.com/yeyo/cpanel/admin.php
www.bscdragonboard.com/yeyo/cpanel/gate.php
www.bscdragonboard.com/yeyo/cpanel/Pony.exe
dekeukenvernieuwers.be/panel/admin.php
dekeukenvernieuwers.be/panel/gate.php
topholehosting.nl/panel/admin.php
topholehosting.nl/panel/gate.php
www.sibrico.com/panel/admin.php
www.sibrico.com/panel/gate.php
www.sibrico.com/panel/Pony.exe
radiancee.esy.es/pny/admin.php
radiancee.esy.es/pny/gate.php
dewnfoods.com/new/admin.php
dewnfoods.com/new/gate.php
shawnconstruction.org/admin/Panel/admin.php
shawnconstruction.org/admin/Panel/gate.php
fodio.tk/pole/panel/admin.php
fodio.tk/pole/panel/gate.php
www.xpressdeliverys.com/pon/panel/admin.php
www.xpressdeliverys.com/pon/panel/gate.php
www.tastytower.com/jj/1/admin.php
www.tastytower.com/jj/1/gate.php
yantzu.com/ven/panel/admin.php
yantzu.com/ven/panel/gate.php
yantzu.com/ven/panel/Pony.exe
yantzu.com/ven/panel.zip
yantzu.com/test/panel/admin.php
yantzu.com/test/panel/gate.php
yantzu.com/test/panel/Pony.exe
yantzu.com/test/panel.zip
www.plsgod.info/henox/moni/admin.php
www.plsgod.info/henox/moni/gate.php
weloveapple.org/cybercry/root/admin.php
weloveapple.org/cybercry/root/gate.php
www.e11bay.com/rich/Panel/admin.php
www.e11bay.com/rich/Panel/gate.php
fishery.co.in/virgin/leo/admin.php
fishery.co.in/virgin/leo/gate.php
fdsms.net63.net/fdsms/admin.php
fdsms.net63.net/fdsms/gate.php
canada007.webege.com/html/admin.php
canada007.webege.com/html/gate.php
www.toolsinc.info/hopon/admin.php
www.toolsinc.info/hopon/gate.php
www.toolsinc.info/kenpon/admin.php
www.toolsinc.info/kenpon/gate.php
www.irodewilde.be/Panel/admin.php
www.irodewilde.be/Panel/gate.php

March 18, 2015, 06:00:04 pm
Reply #1268

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dridex and other dridex-related things, more malware from one of the dridex botnets

95.163.121.186/api/au.exe
95.163.121.186/api/gb.exe
95.163.121.186/api/gbb1.exe
95.163.121.186/api/it.exe
95.163.121.186/api/gb1.exe1
95.163.121.186/b.exe
95.163.121.186/kwefewef/fgdsee/dxzq.jpg
95.163.121.186/pnn-t/admin.php
85.25.176.113/api/au.exe
85.25.176.113/api/gb.exe
85.25.176.113/api/gbb1.exe
85.25.176.113/api/it.exe
85.25.176.113/api/gb1.exe1
85.25.176.113/b.exe
85.25.176.113/pnn-t/admin.php

March 18, 2015, 06:19:19 pm
Reply #1269

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really RTF files:

bej-it-solutions.com/pvt/ixusn.rtf
capslik.com/mandoc/ixusn.rtf
xpertmech.ca/public/ixus2.rtf
yasperfumes.com/mandoc/ixus2.rtf

March 19, 2015, 10:15:55 am
Reply #1270

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dridex botnet=125 from some .xls macros

www.lenhausen.de/js/bin.exe
meostore.net/js/bin.exe


March 19, 2015, 01:38:35 pm
Reply #1271

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
yahoo phishing sites

www.mazda-motorsport.ch/
www.montguesa.com/public/viewdoc/yahoo/index.html
www.montguesa.com/public/viewdoc/
www.ausfloodplain.org.au/sg_cms/sg_xmedia_plugins/expert/sg/Yahoo.htm
www.ausfloodplain.org.au/sg_cms/Yahoo.htm
www.asg-hunters.pl/wp-content/themes/twentyten/languages/wilfex/yahoo!mail.html
www.ausfloodplain.org.au/sg_cms/build/Yahoo.htm
www.ausfloodplain.org.au/sg_cms/Yahoo.htm
www.ausfloodplain.org.au/sg_cms/build/Gmail/ServiceLogin.htm
revolt.com.ua/mail.yahoo.com/yahoo.html
moho.5gbfree.com/sun/account.php?code=mail
www.trio-subic.si/yahoo/
lucernegroup.com/socka.htm
tratamentovascular.med.br/temporario/Yahoo/y/y/yahoo.html
www.capriltriqueda.com.br/view/documents/yahoo.htm
sironton.com/NEW-ACCESS/Yah00.security.htmI/Sign%20in%20to%20Yahoo!!!.htm
iscchiapas.com/l/
jeke.dossants.net/zeen/
angteckcheng.com/svhe.html
www.susipadilha.com.br/wp-content/themes/flyflydiba/

March 19, 2015, 05:54:27 pm
Reply #1272

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
hancitor downloads

91.194.254.214/ca/file.jpg
91.194.254.214/ca/file.exe

March 19, 2015, 06:01:04 pm
Reply #1273

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dridex botnet="120" downloads

91.227.18.76/smoozy/shake.exe
193.26.217.199/smoozy/shake.exe
91.226.93.51/smoozy/shake.exe
176.31.28.244/smoozy/shake.exe

March 19, 2015, 06:31:52 pm
Reply #1274

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really RTF files:

sosyalmedyahaber.com/wp-content/uploads/2015/02/xusn.rtf
romanyrosebenfleet.co.uk/css/xusn.rtf
bej-it-solutions.com/app/css/xus1.rtf
capslik.com/wp-content/uploads/2015/02/xus1.rtf