LinkedIn SPAM campaign 2013-09-30

1. ## The following URLs have been collected as a part of LinkedIn SPAM campaign investigation
2. ## NOTE: This is NOT a comprehensive list of URLs related to this campaign
3.  
4. ## Links contained in the SPAM emails ##
5. hxxp://bisexuallib.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
6. hxxp://bisexuallib.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
7. hxxp://blacksheepbookkeeping.com/wp-content/themes/zenith/wp-enter.php?x{_symbol}
8. hxxp://cattheworld.com/components/com_banners/wp-enter.php?x{_symbol}
9. hxxp://daesaninc.com/wp-content/themes/rttheme15/rt-framework/admin/images/iphone-style-checkboxes/wp-track.php?x{_symbol}
10. hxxp://dimondlibrary.org/components/com_contact/wp-enter.php?x{_symbol}
11. hxxp://fineline-films.com/wp-content/plugins/wp-plugin-repo-stats/wp-gdt.php?x{_symbol}
12. hxxp://fineline-films.com/wp-content/plugins/wp-plugin-repo-stats/wp-wdt.php?x{_symbol}
13. hxxp://kr.wordpresslab.co.kr/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
14. hxxp://kyle-nelson.com/wp-enter.php?x{_symbol}
15. hxxp://machinimatv.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
16. hxxp://mikespook.com/wp-content/themes/mobile_pack_base/groups/nokia_high/styles/tweaks/wp-enter.php?x{_symbol}
17. hxxp://nc-shop.com/sougolink/template/wp-enter.php?x{_symbol}
18. hxxp://nc-shop.com/sougolink/template/wp-track.php?x{_symbol}
19. hxxp://npo.co/wp-content/plugins/podpress/players/xspf_jukebox/skin_and_variables_files_examples/wp-enter.php?x{_symbol}
20. hxxp://oltberg.by/media/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
21. hxxp://phohoan.ca/wp-content/themes/qntservicess.com/includes/admin/buttons-formatting/buttons/wp-track.php?x{_symbol}
22. hxxp://phyllopie.com/wp-content/themes/twentytwelve/wp-enter.php?x{_symbol}
23. hxxp://pochwal-sie.info/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
24. hxxp://prikritie.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
25. hxxp://redshealthtips.com/wp-content/themes/twentytwelve/wp-enter.php?x{_symbol}
26. hxxp://rusgeopolit.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
27. hxxp://severlesmaster.ru/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
28. hxxp://shavedpunani.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/.svn/tmp/text-base/wp-track.php?x{_symbol}
29. hxxp://sixtyfourgreen.com/sougolink/template/wp-track.php?x{_symbol}
30. hxxp://sportmo.ru/includes/editor/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
31. hxxp://sportmo.ru/includes/editor/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
32. hxxp://superfineknitters.com/cgi-bin/wp-track.php?x{_symbol}
33. hxxp://tandjdental.com/wp-content/themes/care/functions/widgets/social-widget/images/default/64/wp-track.php?x{_symbol}
34. hxxp://technomaxindia.com/cgi-bin/wp-track.php?x{_symbol}
35. hxxp://th-phuloc2-soctrang.edu.vn/modules/mod_xsystemx/wp-enter.php?x{_symbol}
36. hxxp://three-dollar.com/plugins/content/jw_allvideos/jw_allvideos/includes/js/mediaplayer/skins/bekle/controlbar/wp-track.php?x{_symbol}
37. hxxp://tokyoseitoku-watanabe-lab.com/cms/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
38. hxxp://vgpproperty.com/wp-content/themes/twentythirteen/wp-enter.php?x{_symbol}
39. hxxp://webmail.pluit-hospital.com/wp-enter.php?x{_symbol}
40. hxxp://wildwestkettlekorn.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
41. hxxp://www.cinemadenblog.com/wp-enter.php?x{_symbol}
42. hxxp://www.clenvironmental.com/wp-enter.php?x{_symbol}
43. hxxp://www.daesaninc.com/wp-content/themes/rttheme15/rt-framework/admin/images/iphone-style-checkboxes/wp-track.php?x{_symbol}
44. hxxp://www.fineline-films.com/wp-content/plugins/wp-plugin-repo-stats/wp-gdt.php?x{_symbol}
45. hxxp://www.holdenintl.com/wordpress/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
46. hxxp://www.kissthetour.com/wp-content/themes/newscast/framework/theme_plugins/kriesi_menu_manager/images/wp-track.php?x{_symbol}
47. hxxp://www.kyle-nelson.com/wp-enter.php?x{_symbol}
48. hxxp://www.lansf.unimontes.br/widget.php?x{_symbol}
49. hxxp://www.lansf.unimontes.br/wp-gdt.php?x{_symbol}
50. hxxp://www.machinimatv.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-enter.php?x{_symbol}
51. hxxp://www.redshealthtips.com/wp-content/themes/twentytwelve/wp-enter.php?x{_symbol}
52. hxxp://www.seattlebusinesssolutions.com/cgi-bin/wp-track.php?x{_symbol}
53. hxxp://www.severlesmaster.ru/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
54. hxxp://www.tandjdental.com/wp-content/themes/care/functions/widgets/social-widget/images/default/64/wp-track.php?x{_symbol}
55. hxxp://www.th-phuloc2-soctrang.edu.vn/modules/mod_xsystemx/wp-enter.php?x{_symbol}
56. hxxp://www.vgpproperty.com/wp-content/themes/twentythirteen/wp-enter.php?x{_symbol}
57. hxxp://www.wildwestkettlekorn.com/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/wp-track.php?x{_symbol}
58. hxxp://www.xn--tck5apc2jo751ahw3aws7b.com/sougolink/template/wp-track.php?x{_symbol}
59. hxxp://xn--7ck3a8c6a8ex62u9ls8xrc24dvxp.com/link/template/wp-track.php?x{_symbol}
60. hxxp://xn--80atbrbl6f.xn--p1ai/modules/mod_media_style/wp-enter.php?x{_symbol}
61. hxxp://xn--tck5apc2jo751ahw3aws7b.com/sougolink/template/wp-track.php?x{_symbol}
62.  
63. ## BH2 Landing pages ##
64. hxxp://horridils.biz/closest/i9jfuhioejskveohnuojfir.php
65. hxxp://webhelpgreatlooking.biz/closest/i9jfuhioejskveohnuojfir.php
66.  
67.  
68. ## BH2 JAR requests ##
69. hxxp://horridils.biz/closest/i9jfuhioejskveohnuojfir.php?o5-2_*=x07L4t*65Q!Z&5EnvQPyr=**46_*N32o_
70. hxxp://webhelpgreatlooking.biz/closest/i9jfuhioejskveohnuojfir.php?rZ!7ggci!*sQ=_6!p*Sx2V97xNF_&_Q)za_1NF_15s_=!p1d8tWb
71.  
72. ## BH2 Initial payload ##
73. hxxp://horridils.biz/closest/i9jfuhioejskveohnuojfir.php?7!mx!Q6=w88a8a8d89&AO*-18)_9tY!_y=waww8awc8cwewbwb8b8c&NL!(N_9*A-*=ww&18-86=!kN-2I3!&-1(58R_!42*!=1I*3I
74. hxxp://webhelpgreatlooking.biz/closest/i9jfuhioejskveohnuojfir.php?2wOS1=w88a8a8d89&B)h65**r=waww8awc8cwewbwb8b8c&CO!PBr-!=ww&6E5T3OUh_p=vr!*t07y3NI-2&!!i34=(7!P36X*
75.  
76.  
77. ## Artifact requests ##
78. hxxp://doctorwsni.ru/