API tools faq
paste
Guest User

phish at hasotyw.tk leads to stuff

a guest
Mar 1st, 2018
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.44 KB | None | 0 0
raw download clone embed print report
  1. phish at :
  2. hasotyw.tk/mnt_1
  3.  
  4. hosted at :
  5. 94.177.249.118
  6.  
  7. these domains had history there :
  8. http://zatowog.ml/js/Stightly.htm
  9. http://zatowog.ml/image/fgaofficepge/oFFiCe.php
  10. http://zatowog.ml/image/fgaofficepge/office365.htm
  11. http://zatowog.ml/image/fgaofficepge.zip
  12. http://zatowog.ml/login.mail.office.live.com.324567877666890798/fgaofficepge/oFFiCe.php
  13. http://zatowog.ml/login.mail.office.live.com.324567877666890798/fgaofficepge/office365.htm
  14. http://zatowog.ml/login.mail.office.live.com.324567877666890798/fgaofficepge.zip
  15. http://veqydit.tk/+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM/microsoft.php
  16. http://veqydit.tk/+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM/office.php
  17. http://veqydit.tk/+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM/
  18. http://cilegux.ga/sayed/sayed_output30B2400.exe
  19. http://cilegux.ga/ff/build_outputAF457FF.exe
  20. http://duqoduf.cf/jamisiboboyi/login/office/
  21. http://veqydit.tk/+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM+_)(*&%5e%25$%23@!~NNM/
  22. http://nehafeb.ml/home.zip
  23.  
  24. loki :
  25. http://cilegux.ga/sayed/sayed_output30B2400.exe
  26. c2 :
  27. http://ontime52.com/e7/five/fre.php
  28. see also :
  29. http://ontime52.com/e7/five/PvqDq929BSx_A_D_M1n_a.php
  30. http://ontime52.com/won/PvqDq929BSx_A_D_M1n_a.php
  31.  
  32. loki :
  33. http://cilegux.ga/ff/build_outputAF457FF.exe
  34. c2 :
  35. http://timenolonger20.com/e7/five/fre.php
  36. see also :
  37. http://timenolonger20.com/e7/five/PvqDq929BSx_A_D_M1n_a.php
  38.  
  39.  
  40. ontime52.com and timenolonger20.com at :
  41. 46.21.147.252
  42.  
  43. these domains had history there :
  44. http://accessc-itgroupb.com/cgb/
  45. http://accesslloy-dlb.com/online-en/
  46. http://accessonesavingb.com/en/os/
  47. http://accessunionib.com/online/
  48. http://airtradel.com/Order_Quotation.LZH
  49. http://annieberners.com/annieber/Bank_Information_pdf.exe
  50. http://arrelormittal.com/benalpha/cpanel/
  51. http://arrelormittal.com/benalpha/cpanel.zip
  52. http://arrelormittal.com/WebPanel/login.php
  53. http://atikaluminyum-tr.com/love/login.php
  54. http://atikaluminyum-tr.com/oldlov/webpanel.zip
  55. http://brixtrading.org/a1/Panel/five/PvqDq929BSx_A_D_M1n_a.php
  56. http://brixtrading.org/dprove/Panel/five/PvqDq929BSx_A_D_M1n_a.php
  57. http://brixtrading.org/dream/Panel/five/PvqDq929BSx_A_D_M1n_a.php
  58. http://brixtrading.org/e7/Panel/five/PvqDq929BSx_A_D_M1n_a.php
  59. http://erobinhood.com/Panel/five/PvqDq929BSx_A_D_M1n_a.php
  60. http://facebook-892.security-7463.com/account-765457652.html
  61. http://log-in.register-online-hmrc.tax.refund.hm-revenue.paye.customs.payment.services.gov.secure.ssl.cnd.php.techniquefleet.com.au/Tax-Refund.php
  62. http://gaccess-sb.com/b/
  63. http://kojucome.us/file/file.exe
  64. http://newdawn18.com/doors/five/PvqDq929BSx_A_D_M1n_a.php
  65. http://udopom.com/web/login.php
  66. http://updatetmt.us/alaska/
  67. http://updatetmt.us/chase/
  68. http://updatetmt.us/chase1/
  69. http://updatetmt.us/hawaiiantel/
  70. http://updatetmt.us/leowells/
  71. http://updatetmt.us/login/
  72. http://updatetmt.us/logout/
  73. http://updatetmt.us/phemy/phemy/Login.html
  74. http://updatetmt.us/phemy/phemy.zip
  75. http://updatetmt.us/uwec/
  76.  
  77.  
  78. kojucome.us
  79. registered by :
  80. james_philip28@hotmail.co.uk
  81. also with malicious xls :
  82. http://jamesphilip28.org/myproperty/MY%20PROPERTIES%20LISTING.xls
  83.  
  84.  
  85. updatetmt.us
  86. registered by :
  87. aaakinkumi115@gmail.com
  88. 11 crappy domains, only the 1 alive.
  89.  
  90.  
  91. http://jamesphilip28.org/myproperty/MY%20PROPERTIES%20LISTING.xls
  92. downloads orcus rat:
  93. http://www.infiltratools.com/botnet/putt2.exe
  94. c2 :
  95. wh1t3h0rs3.duckdns.org:7007
  96.  
  97.  
  98.  
  99. downloads
  100.  
  101. https://www.virustotal.com/#/file/fa056283327cab90cfb48bf4feaf51fde9eef6f0478969c858450531c2841fb9
  102.  
  103.  
  104.  
  105. infiltratools.com/botnet/putt2.exe
  106.  
  107.  
  108. #orcus #orcusrat
  109.  
  110. dl from :
  111. http://infiltratools.com/botnet/putt2.exe
  112. by :
  113. http://jamesphilip28.org/myproperty/MY%20PROPERTIES%20LISTING.xls
  114. https://www.virustotal.com/#/file/ad46da6fd4a86e072a708dfafd26859b7505031d6b13e9f014fa21e24d731eb1/community
  115.  
  116. c2 :
  117. wh1t3h0rs3.duckdns.org:7007
  118.  
  119. jamesphilip28.org reg'ed by james_philip28@hotmail.co.uk
  120. other domain same dude : kojucome.us with bad IP GBA history
  121.  
  122.  
  123. infiltratools.com is at :
  124. 46.21.147.250
  125.  
  126. with :
  127. http://access-firstmb.com/personal/
  128. http://access-firstrb.com/firstrebuplic.zip
  129. http://access-firstrb.com/online/
  130. http://accessa-lliantb.com/Online/
  131. http://accessgsb-online.com/goldmansachsbank/
  132. http://accessi-ngb.com/ing/
  133. http://accessi-ngb.com/ings.zip
  134. http://accesslloy-db.com/online/
  135. http://euroaccessb.com/gr/
  136. http://faninemae.com/file/View/
  137. http://faninemae.com/file/god/lnnn/
  138. http://faninemae.com/file/god.zip
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!