Author Topic: daily something......  (Read 644207 times)

0 Members and 4 Guests are viewing this topic.

March 20, 2015, 05:19:49 am
Reply #1275

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
some phishing sites

www.primeaerialphoto.com/protect/Google_Doc/secure%20Login.htm
www.primeaerialphoto.com/protect/Google_Doc.zip
fatmabasar.com/
www.mrclean-bg.com/images/file/products/viewer.php
www.mrclean-bg.com/images/
largeanimalhospital.com/.google.com/docs/documents/
denmush.com/pls/source_update/products/viewer.php
denmush.com/cool/source_update/products/viewer.php
denmush.com/charls/source_update/products/viewer.php
www.aytusupite.com/googlez/index.htm
ewshanghai.com/secure/signin.htm
119.18.57.69/~ashishpi/Note/Receipt/
odbcg.com/docss/Login.html
119.18.57.69/~ashishpi/Note/Receipt.zip
superiortankinc.com/site/plugins/authentication/joomla/anothers/
greenschool.lk/documents/index.htm
www.sunrisegroupng.com/_derived/7676h/direct.htm
www.sunrisegroupng.com/_derived/eff/webmailsupport.google.com_/direct.htm
pullmypermit.com/holladimextration/dropbox/dropbox/index.php
pullmypermit.com/holladimextration/dropbox.zip
www.xxxveiling.be/folder/Newgogledoc/index.html
www.xxxveiling.be/folder/Newgogledoc.zip
allora-tour.by/var/upload/file/upload.google.com/index.html
abellhotel.com/engine/alldownload.dropbox.com/index.htm
tcglabel.com/securedoc/Google_Doc/secure%20Login.htm
tcglabel.com/securedoc/Google_Doc.zip
parkcentralaccountacy.com.au/mends/
visionaryglassarts.com/wp-content/rtrt/index.html
ssdpac.com/service/ymail.html
ssdpac.com/inboxmove/ymail.html
ssdpac.com/mail/mailbox.html
ssdpac.com/new/update.htm
www.yottabd.com/wp-content/themes/responsive/lofh/yahoo/i.php
www.yottabd.com/wp-content/themes/responsive/lofh/unzipz.php
guidemyroute.com/account/yahoo.html
www.eventsetcfla.com/
www.daktekstil.com/theproton/ym/verify.html
upgrade.vahoomail.process.taqwahalal.com/
aspetaghana.com/account/yahoo/Yahoo!AccountVerification.htm
lepelka.by/download_files/price/dyhdf/yaho/yahoo.html
unstoppable.persiangig.com/yahoo.html
hacksmetin2.hi2.ro/
www.rehmanent.com/Yahoo/index.php
smallworldrestaurant.com/wp-content/themes/twentytwelve/inc/yahoo/me/6/yahoo.html
insightmpo.com/yahoo/yahoo.html
yahooservice.yolasite.com/
www.oltreilcolle.com/forum/login_verify2.html
blingcakepopsticks.com/new/acctupdate.html
www.larsenmarketing.com/wp-content/themes/premiumnews/yahoo.html
blackwizardmagician.persiangig.com/HTML%20Code/Sign%20in%20to%20Yahoo!.htm
buffalobaptistchurch-maryland.org/vodafone-sms.ro/

March 20, 2015, 03:32:58 pm
Reply #1276

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really RTF or PNG files:

noizeradio.gr/images/img21.png
powderpure.com/science/img21.png
olivetv.uk.com/wp-content/uploads/2015/02/xlus11.rtf
londonpleasure.co.uk/wp-content/uploads/2014/11/xlus11.rtf
techiework.co.uk/wp-includes/images/img2.png
sosyalmedyahaber.com/wp-includes/images/img2.png
amatebisuteria.es/libs/rmail/xlus12.rtf
designerhabit.co.uk/wp-content/uploads/2014/10/xlus12.rtf
youngrichandhustlin.co.uk/xus5.rtf
techiework.co.uk/wp-content/uploads/2015/02/xus5.rtf

March 20, 2015, 04:51:40 pm
Reply #1277

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
trapwot fake-antivirus downloads, must use IE user-agent, GET params probably have to change.

lovino.altervista.org/document.php?rnd=7291&id=5555555E06050D08011D24050613034A0B1603
solid.altervista.org/document.php?rnd=7291&id=5555555E06050D08011D24050613034A0B1603
hotmaillmsn.altervista.org/document.php?rnd=7291&id=5555555E06050D08011D24050613034A0B1603
vikramprabu.com/document.php?id=5453575E0007080513080D0624070B4A000B11030805174A0B164A1117&rnd=6596381
www.book-keepers-now.com/document.php?rnd=861&id=545D535E051C17240016051401164A070B09
www.mybusinessdoc.com/document.php?rnd=4331&id=5554565E121405120B0A2414120C4A070B09
guilfordgourmetclub.org/document.php?rnd=5111&id=545D545E170D090B0A3B00050C050A552413050808054A070B09
www.royalemanagement.com/document.php?rnd=4392&id=545D535E171011240A0110130D00014A0A0110
nursealarmsystems.com/document.php?rnd=292&id=55545C5E050A0C011D0824050114160D1201160B14174A070B09

trapwot check-in and config download:

176.53.125.24/a/offers?i=0&u=fabbc6a1c5734ea09ca150004b35a440&f=1&v=19&a=22

March 22, 2015, 01:38:20 pm
Reply #1278

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
some phishing sites and php phishing kits

www.skycabs.com/imo/index.html
www.skycabs.com/wwwww/
www.sabe-sabe.com/invest_co/instructions/up/
ceptelefonuteknikserviskayseri.com/servis/aztech/2b60a493bcb6560de944955161746ae2/
ceptelefonuteknikserviskayseri.com/servis/aztech/7252aa8319c21f332a4c1fc2ad6247c8/
ceptelefonuteknikserviskayseri.com/servis/aztech/
tamaian-art-glass.ro/login/tamaian/Viewdoc/Googlesdocument/index.php
www.itcam.cl/wp-admin/includes/gkk/googledrive/index.htm
www.itcam.cl/wp-admin/includes/gkk/googledrive.zip
kaleimailealii.org/wp-content/plugins/jetpack/_inc/Purchase/googledrive.php
eurotelbd.net/newyorman/2013gdocs/
eurotelbd.net/newyorman/2014gdocs.zip
restaurantemoreninha.com.br/GoogleDrive/document/
butesonsanddaughters.co.uk/oldpics/sss/
thechrisomatic.com/properties/
hccnp.net.pk/wp-admin/js/j/auth.php
hccnp.net.pk/wp-admin/js/j/index.php
escortmarketingblog.com/wp-content/themes/ggdrives/
www.casinogamesworld.net/wiz/
unamoscaenmarzo.com/google/
www.sugoistudio.com/wp-content/NGdocs/reli/Login.html
www.cafetango.by/zw/adobe/user/login/
www.cafetango.by/zw/adobe.zip
capriltriqueda.com.br/doc2014/auth.php
www.seoc.co.uk/Archive/log_on/
alter23.altervista.org/google.html
rajalatex.com/lane/
alphonsusnlg.com/wp-content/themes/radiate/2013gdocs/
rai.uk.com/remax/remax/
calabashafrica.com/network/googledrive/document.php
calabashafrica.com/network/googledrive.zip
calabashafrica.com/access/googledocs/document.php
calabashafrica.com/access/googledocs.zip
calabashafrica.com/document/googledocfresh/document.php
calabashafrica.com/document/googledocfresh.zip
calabashafrica.com/nude1/us.match.com-login.php
gospelsongsworldint.com/photo/googledrive/
gospelsongsworldint.com/photo/googledrive.zip
gospelsongsworldint.com/gallery/2014googledocs/
gospelsongsworldint.com/gallery/Racket.zip
gospelsongsworldint.com/photodir/googledrive/
gospelsongsworldint.com/photodir/googledrive.zip
gospelsongsworldint.com/teampics/Racket.zip
old.ddm.gov.bd/advertisement/googledrive/
old.ddm.gov.bd/advertisement/googledrive.zip
mynewfile.net/googledrive/login.php
mynewfile.net/googledrive.zip
mynewfile.net/attachment/login.php
mynewfile.net/attachment%20(2).zip
portraitsbymbarrera.com/server/2014gdocs/
portraitsbymbarrera.com/server/2014gdocs.zip
www.normantremblay.com/2013gdocs/
www.onefinegallery.com/log/2013googledocs.zip
arabianfal.com/Clients/earthlink/support/
richardblackstone.com/fed_manu/image.htm
www.naturavox.fr/IMG/distant/html/downloadmid2faed.html
www.theaccountspayablenetwork.com/images/banners/malta/Indezx.html
hotelwhitebeach.com/css/hma.html
kamsi.olympe.in/notice-verification/notice-verification/Attupdateindex.html
kamsi.olympe.in/notice-verification/notice-verification/CGU-SSOWebmail.htm
kamsi.olympe.in/notice-verification/notice-verification/CSLoxInfoWebmail.htm
squalus.org/uwa/
www.maadimedical.com/css/home/yahoo/mg6.html
alhamrarestaurantsf.com/wp-content/themes/news/includes/kelly.html
global-technicalsupport.com/stain/TTCOPYY.htm
global-technicalsupport.com/stain/microsoft.html
jamesb150.byethost7.com/
jattsukha90.xtgem.com/001.html
jattsukha90.xtgem.com/002.html
lastfakeman.persiangig.com/other/yahoo.html
surreel.com/WARNING/index.html
freilaufmenschen.com/verificationchecks/admin2012/help.yahoo.com/
olowoleca.viralhosts.com/login.htm
juliuskonsults.yolasite.com/kk.php
www.hssqjy.com/dzts/book/book25/20098314153234.htm
yahoolove.xtgem.com/files/code.php
www.newmail.atw.hu/

March 22, 2015, 02:24:37 pm
Reply #1279

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
some phishing sites and php phishing kits

www.greattshirtco.com/gdocs/
pousadabomjardim.com.br/googledrive/
www.sugoistudio.com/wp-content/NGdocs/reli/Login.html
adhealth.co.za/NGdocs/NGdocs/Login.html
oldtimery.com/logs/BIG/2014gdocs/
www.marioguerrero.info/files/2014gdoc/2014gdocs/2014gdocs/
www.top-rankedmarketing.com/imagesworknewdocpluginsimages/2014gdocs/
www.top-rankedmarketing.com/imagesworknewdocpluginsimages/2014gdocs.zip
student.intnet.mu/2014gdocs/
student.intnet.mu/directory/mitllldocc/
student.intnet.mu/vow/mitllldocc/
student.intnet.mu/vow/Balogun.zip
heilaguna.com/BIG/2014gdocs/
gustavobaldo.net/newdocumentfilemanager/2014gdocs/
mail.meson.com.br/2014gdocs/
cambridgesculpturegarden.ca/2013-NEWgdocs/2013gdocs/
www.khanalsaboun.net/COSTA.RICA2/google%20doc%202013.zip
www.estudios25peru.com/magic!/BIG/2013gdocs/
citylivingph.net/chatigniter/system/core/css/2013gdocs/
www.delanticuario.com/phpmyadmin/2013gdocs/
sundaramshutters.com/ggdoc2014/BIG/2013gdocs/
aikido.ptimalin.net/dokuwiki-rc2011-11-10/lib/images/2013gdocs/index.htm
can-makina.com/templates/attached-document-for-review/2013gdocs/
boss.timeforband.com/newgoodle%281%29natasha/2013gdocs/
boss.timeforband.com/newgoodle(1)natasha.zip
dotacionesyseguridad.com/2013gdocs/
obvestilo.info/includes/settings/2013gdocs/
happy.80port.net/bbs/data/bestsite/2009/08/2013gdocs/
crownhomes.co.ke/logs/file/2014gdoc.zip
crownhomes.co.ke/logs/file/2013gdocs.zip
www.ayalagch.mn/logs/2013gdocs/
muzahid.com/nasir/2013gdocs/
alphonsusnlg.com/wp-content/themes/radiate/2013gdocs/
blueberryridge.us/securedoc/up/
woto.com/fb-album
users9.nofeehost.com/abbatemlim/
turbomaquinas.cl/document/confirm.htm
mysuicide.net/good/
clarearproducoes.com.br/money/smiley/drivedocs/
clarearproducoes.com.br/money/YAHLATEEF.zip
superdooberdoc.net/documents/destination/embezzler(closed)/
superdooberdoc.net/documents/destination/abonbil/
superdooberdoc.net/documents/destination/amil/
superdooberdoc.net/documents/destination/amilashleyy(closed)/
superdooberdoc.net/gmail/
superdooberdoc.net/documents/destination/amildeni/
superdooberdoc.net/documents/destination/amiljhcr(closed)/
superdooberdoc.net/documents/destination/victorzfriend(closed)/
superdooberdoc.net/documents/destination/vectorz(closed)/
superdooberdoc.net/documents/destination/treseyfriend(closed)/
superdooberdoc.net/documents/destination/segun(closed)/
superdooberdoc.net/documents/destination/tresey(closed)/
superdooberdoc.net/documents/destination/scoobedoo(closed)/
superdooberdoc.net/documents/destination/richardscw(closed)/
superdooberdoc.net/documents/destination/richard(closed)/
superdooberdoc.net/documents/destination/ramon/
superdooberdoc.net/documents/destination/queen(closed)/
superdooberdoc.net/documents/destination/private/
superdooberdoc.net/documents/destination/meadowss/
superdooberdoc.net/documents/destination/nagod(closed)/
superdooberdoc.net/documents/destination/malaga/
superdooberdoc.net/documents/destination/lucky/
superdooberdoc.net/documents/destination/jaychoice(closed)/
superdooberdoc.net/documents/destination/jason/
superdooberdoc.net/documents/destination/james/
superdooberdoc.net/documents/destination/iddmagio(expired)/
superdooberdoc.net/documents/destination/dyoung/
superdooberdoc.net/documents/destination/currentaffxgurlz(expired)/
superdooberdoc.net/documents/destination/brenda/
superdooberdoc.net/documents/destination/babz/
superdooberdoc.net/documents/destination/amilusa(closed)/

March 23, 2015, 12:46:25 pm
Reply #1280

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
trapwot fake-antivirus downloads, must use IE user-agent, GET params probably have to change.

trovione.altervista.org/document.php?rnd=7471&id=5555555E06050D08011D24050613034A0B1603
saintclan2.altervista.org/document.php?rnd=7471&id=5555555E06050D08011D24050613034A0B1603
amperspective.com/document.php?rnd=7471&id=5555555E06050D08011D24050613034A0B1603

c2 at : 176.53.125.25

March 23, 2015, 06:28:04 pm
Reply #1281

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
encrypted dyreza for upatre to download, not really RTF or PNG files:

rskn.be/lux3.png
darjael.es/upload/pictures/lux3.png
divioserv.ro/sites/all/muz4.rtf
djgabriellalavitt.com/css/muz4.rtf
noizeradio.gr/images/img21.png
powderpure.com/science/img21.png

March 23, 2015, 09:34:18 pm
Reply #1282

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
hancitor download

91.194.254.212/ca/file.jpg

March 24, 2015, 01:20:25 pm
Reply #1283

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dyreza downloads, encryped binaries not PNG files:

134.249.63.46/arrow4.png
194.28.190.167/arrow4.png
195.3.157.218/arrow4.png
46.151.48.173/arrow4.png
91.232.157.139/arrow4.png
93.123.40.17/arrow4.png


dridex downloads :

inesbrook.com/js/bin.exe
dogordie.de/js/bin.exe
wuppie.dyndns.org/js/bin.exe

March 24, 2015, 02:58:19 pm
Reply #1284

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
hancitor download

91.194.254.215/us/file.exe

March 24, 2015, 05:37:14 pm
Reply #1285

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dyreza downloads, encryped binaries not .doc files:

134.249.63.46/legas4.doc
46.151.48.173/legas4.doc
195.3.157.218/legas4.doc
91.232.157.139/legas4.doc
93.123.40.17/legas4.doc
194.28.190.167/legas4.doc

March 24, 2015, 11:15:51 pm
Reply #1286

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
trapwot fake-av malware download:

pitfaa.nidhog.com/document.php
ilarf.net/document.php
gurutravel.co.nz/document.php
www.lead.com.co/document.php

must use a windows user-agent and have get params like:

pitfaa.nidhog.com/document.php?rnd=9001&id=56565656656565
ilarf.net/document.php?rnd=9001&id=56565656656565
gurutravel.co.nz/document.php?rnd=9001&id=56565656656565
www.lead.com.co/document.php?rnd=9001&id=246924692469

March 25, 2015, 12:28:31 pm
Reply #1287

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
dyreza downloads, encryped binaries not .doc files:

134.249.63.46/file2.doc
46.151.48.173/file2.doc
195.3.157.218/file2.doc
91.232.157.139/file2.doc
93.123.40.17/file2.doc
194.28.190.167/file2.doc

dridex download:

madasi.homepage.t-online.de/dbcfg/32.exe

March 25, 2015, 09:23:48 pm
Reply #1288

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
first one is andromeda, the rest are associated malware downloaded by the andromeda bot. thx to matt mesa for tracking them down.

54.149.214.13/and40a311.exe  andromeda
155.133.18.45/107fjr3.exe  lethic
155.133.18.45/112fjr3.exe
155.133.18.45/109fjr3.exe
155.133.18.45/121fjr3.exe
155.133.18.45/240fjr3.exe
54.149.214.13/ng40a311.exe
54.149.214.13/bet40a311.exe  betabot
54.149.214.13/nut40a311.exe  nutrino
54.149.214.13/dqnewand40a311.exe
54.149.214.13/110040a311.exe
155.133.18.45/85fjr3.exe
155.133.18.45/12fjr3.exe

March 26, 2015, 12:47:42 pm
Reply #1289

techhelplist.com

  • Jr. Member

  • Offline
  • **

  • 34
trapwot fakeav malware downloads

avdl.ru/img/ppc.exe
avdl.ru/img/av.exe
avsrv.ru/img/av.exe
181.112.55.130/img/ppc.exe
181.112.55.130/img/av.exe