eqrvbczir5ua2emd is a Locky payment site. Attached is a list of all the malware hidden service names we are tracking.
On Thu, May 19, 2016 at 9:42 AM, Virgil Griffith <[email protected]> wrote: > This needs to be blocked. Otherwise tucows will take away the tor2web.org > domain. > > ---------- Forwarded message ---------- > From: *Paul Karkas* <[email protected]> > Date: Thursday, 19 May 2016 > Subject: Fwd: Trojan Detected - Please Shut Down! tor2web.org > > > > Hello; > > > Please note that there is active malware on your site located at > > > http://eqrvbczir5ua2emd.tor2web.org/ > > > This may be due to an exploit , would you kindly remove the link and let > me know so we can put this issue to rest? > > > Thank you. > > > http://en.wikipedia.org/wiki/malware > > Since you are using Tucows whois privacy, I would kindly ask that you > > let me know how you will respond to this inquiry. > > > Should you not respond to this email within 48 hours, or provide > > Tucows/Contactprivacy indication that you will respond to the inquiring > > party, Tucows/Contactprivacy may act to remove or reveal the > > proxy/privacy services on your domain, as per the terms and conditions > > of the ContactPrivacy service: > > see https://www.opensrs.com/docs/contracts/exhibita.htm > > > Section 33. WHOIS PRIVACY SERVICE > > > "g. Right to Suspend and Disable. We shall have the right, at our sole > > discretion and without liability to you or any of your Contacts, suspend > > or cancel your domain name and to reveal Registrant and Contact Whois > > Information in certain circumstances" > > > Thank you. > > > Paul Karkas > > Compliance Officer OpenSRS > > Tucows Inc. > > [email protected] > > 416-535-0123 ext 1625 > > Direct line 416-538-5458 > > 1-800-371-6992 > > > > Paul Karkas > > Compliance Manager OpenSRS > > Tucows Inc. > > [email protected] > > 416-535-0123 ext 1625 > > Direct line 416-538-5458 > > 1-800-371-6992 > > Fax416-531-2516 > > fax416-531-2516 > > > -------- Forwarded Message -------- > Subject: Trojan Detected - Please Shut Down! - [BBVA - E2142429] - > 38.229.70.4 > Date: 19 May 2016 14:20:02 +0300 > From: RSA Anti-fraud Command Center <[email protected]> > To: [email protected] > > BBVA - E2142429 > > To whom it may concern: > > RSA, The Security Division of EMC (“RSA”), an information security > company, has detected and verified that a Malware (as defined below) > program is being propagated from a server which is associated with the > following URL: > > (the “Designated Site”) > > From our review, it is our understanding that you operate the Designated > Site and that it is, therefore, under your control. > > For the purposes of this letter, “Malware” means any software applications > or executables that perform actions unanticipated by and without the > consent of the person running the software. Malware is distributed via many > mechanisms including, but not limited to: email attachments; content > injection such as cross site scripting; exploiting security vulnerabilities > in operating systems and other software; and/or insertion into downloadable > software. Malware is designed, among other things, to misappropriate > personal data in order to engage in fraudulent transactions using that > data, and/or to compromise and co-opt an end-user’s networked computer; all > for the purpose of performing illegal or improper acts such as > misappropriating funds; carrying out denial of service attacks; and sending > unsolicited mass emails. > > For your information, we have analyzed the specific Malware and enclose a > file, which includes: > > - Malware name: *Ransom* > - Description:Ransomware is computer malware which holds a computer > system, or the data it contains, hostage against its user by demanding a > ransom for its restoration. > http://www.symantec.com/connect/node/1618951 > - http://eqrvbczir5ua2emd.tor2web.org/ > > This file also details the method by which it appears that the Malware is > downloaded to a victim’s computer. > > In this instance, it is our belief that the specific purpose of the > Malware is to misappropriate account credentials and identity information > from the customers of one or more financial institutions in order to access > their bank accounts fraudulently. > > *Therefore, we request that you immediately take all actions necessary to > disable and remove this Malware from the Designated Site.* > > We specifically would ask that you also take the following actions: *Please > provide us with a tar/zip file of all the content located under the > Malware's path (including hidden files)*, so that we may analyze it to > help prevent further attacks. If any customer data has been captured that > is stored on your systems or equipment, please send us that data so that > the customers to whom that data relates can be notified and take steps to > protect their credit. Please provide a copy of any records you maintain > that indicate the name, contact information, method of payment or similar > information that may be useful in helping learn about the identity and > location of the customer for whom the website has been operated. > > We would appreciate your email confirmation that the source of the Malware > infection has been disabled. > > We understand that you may not be aware of the above described improper > use of the Designated Site and we thank you for your cooperation in the > prevention of fraudulent online activity. The foregoing is without > prejudice to any and all rights and remedies of any financial institution > impacted by the improper use of the Designated Site, which rights and > remedies are hereby expressly reserved. > If you need further information, please do not hesitate to contact RSA at > the numbers below. > > Sincerely, > RSA SECURITY INC. > > *RSA Anti-Fraud Command Center* > Tel: +44 (0)800-032-7751 (UK) > Tel: +1-866-408-7525 (US) > E-mail: [email protected] > > > _______________________________________________ > Tor2web-talk mailing list > [email protected] > https://lists.ghserv.net/mailman/listinfo/tor2web-talk >
['t2upiokua37wq2cx', '4xau3z5os5byevya', 'kb63vhjuk3wh4ex7', 'fwgrhsao3aoml7ej', 'hyu2ni73qbucih2m', 'o7zeip6us33igmgw', '23bteufi2kcqza2l', 'pf3tlgkpks7pu7yr', '3qwajq5p5pfsi3sw', '6qe7iwjh6fz7ipyj', 'beedqybvjehzlud5', 'jssestaew3e7ao3q', 'incogugncmfkib6s', 's2o757cbk5xw4pad', 'rp4roxeuhcf2vgft', '7vhbukzxypxh3xfy', 'yycqx6ay5oedto5f', 'qp4xhrnjuzq6glwx', 'hw5qrh6fxv2tnaqn', 'a5xpevkpcmfmnaew', 'h36fhvsupe4mi7mm', 'evkid7zszfcrimgo', 'ghscjen32hejrbjy', 'szlvj5va4ey3vnfd', 'bcn5w6eqglytlnnn', 'zaxseiufetlkwpeu', 'twbers4hmi6dx65f', '4elcqmis624seeo7', 'whwxanmtcntjgnwc', 'lclebb6kvohlkcml', '5qgerbbyhdz5bwca', 'f2d2v7soksbskekh', 'xvha2ctkacx2ug3b', 'vgresgrweu5vpucb', 'czc57cr2pn3zfn4b', 'x2h6roismjroam63', 'yhc266qdppkt7bie', 'svcz25e3m4mwlauz', 'hggbfghojyece6qd', 'elv5ydgjdcyaaux7', 'h63rbx7gkd3gygag', 'iet7v4dciocgxhdv', '33p5mqkaj22irv4z', 'h34lvzkn42mtovic', '7ziwuw5b2pbezpuy', 'gvgfgt5dibj67dsg', 'ayh2m57ruxjtwyd5', '5ibpimzptwzjgbny', 'mango7u3rivtwxy7', 'u6nq72amuvkzqgyw', 'qmu7bm3cjfbux5xg', 'humapzcmz744fe7y', 'zem6b3aofh2ysehq', 'tisoyhcp2y52ioyk', 'de2nuvwegoo32oqv', 'clkk2rppw26syjgg', 'omi62yc6jtsd2q37', 'j2pjkgrlaopysagn', '4ptyziqllh5iyhx4', '5kiuc45pat3qr6gd', 'twbers4hmi6dc65f', 'javajvlsworf3574', 'ca4hcqqkaeadcenw', 'crptcj7wd4oaafdl', '3wzn5p2yiumh7akj', '5tszrpywjwri6hmt', 'um6fsdil5ecma5kf', 'ho7rcj6wucosa5bu', 'i6rgah3ox5hyoe3v', 'qtrudrukmurps7tc', 'o3qz25zwu4or5mak', 'rj2bocejarqnpuhm', 'xlowfznrg4wf7dli', 'm2coftkce5g4gyza', 'pbhi2lvgo5y6leh3', 'bbsqfujyiblsrygu', 'zpr5huq4bgmutfnf', '44l6tamp6og2p755', 'onja764ig6vah2jo', 'pc35hiptpcwqezgs', 'emmooey2tt2joh3s', 'ukzo73z4inzpenmq', 'brk7tda32wtkxjpa', 'athenabeicoxjr2l', '65y3g34c4zk3xkh2', 'decrypttozxybarc', 'bzr3zdzaitb3cruf', 'bnsjwaf4nc2xd4c4', 'ndvgtf27xkhdvezr', 'ruqa62d2kwna64hx', '5dpgl7ulnr73k63a', 'vfpukzlx5e3w7bpv', 'uw2kdu43jtxssofz', 'zoqowm4kzz4cvvvl', 'mwyigd4n52mkbyhe', 'w3hysz3ewytv6efh', 'strj3ya55r367jqd', 'bn6ivudjjf2txwcp', 'yuwurw46taaep6ip', '3afd57c4dchzp3pe', 'eyy4qqf324ojjctw', 'chngvdetu6isyfoz', 'ggvvwt7u6b3qaicm', 'zbqxpjfvltb6d62m', 'qkcayskvimz3p3vg', 'oxbl66hlnt6ujajl', '4sfxctgp53imlvzk', 'cypherxffttr7hho', 'qj2n3eebuuwvt7ju', '6dtxgqam4crv6rr6', '66bkuneu3hkgqpqf', 'idxcgov7x3dl552g', 'tmc2ybfqzgkaeilm', 'esyw3fvlmnxekebh', 'myx7pt2xtsp3sjyg', 'qbstdn6k7iivyki2', 'hlvumvvclxy2nw7j', 'pf5dahldauhrjxfd', 'iupfnqg2uaigwoei', '4lpwzo5ptsv6a2y5', 'lctoszyqpr356kw4', 'wypwtzc2kaceyufw', 'crptbfoi5i54ubez', 'bmacyzmea723xyaz', 'cld7vqwcvn2bii67', 'l7gbml27czk3kvr5', 'jsrgmlud44wtvyfj', '45k4h4kei56wiozx', 'v2aahgcan6ed564p', 'sgqjml3dstgmarn3', 'bc3ywvif4m3lnw4o', 'paytordmbdekmizq', 'djdkduep62kz4nzx', 'y46nzcjjg3g5dzrq', 'vacdgwaw5djp5hmu', 'iq3ahijcfeont3xx', '43qzvceo6ondd6wt', 'grams7enufi7jmdl', 'wdthvb6jut2rupu4', '4tsur32luets6fhe', '2c3j26kq6w4ec667', 'tj2es2lrxelpknfp', 'xtthkg74zpt2skec', '4ocjd3ubbxq6ykw7', 'rmxlqabmvfnw4wp4', 'umrilq67j2usutcj', '7tno4hib47vlep5o', 'uwm2wosrob3gplxy', 'yjalbss7b5yfeaie', 's73q5gg7ohplg3by', 'r7twae4a7jtozjwv', 'epmhyca5ol6plmx3', 'fizxfsi3cad3kn7v', 'tw7kaqthui5ojcez', 'i3ezlvkoi7fwyood', '32kl2rwsjvqjeui7', '4bpthx5z4e7n6gnb', 'ahsqbeospcdrngfv', 'dpaqjri6tinnqleh', 'tmclybfqzgkaeilm', 'alcov44uvcwkrend', 'zvnvp2rhe3ljwf2m', 't7r67vsrpjcm5dfc', 'nne4b5ujqqedvrkh', 'ss4vay6jg27klugw', 'xlc2opjy2iniygev', 'bmu34dvfhn7zrhvq', '7sv5jprihn6qdl36', 'qacg4i3r2dnbz5aj', '7oqnsnzwwnm6zb7y', 'des7siw5vfkznjhi', 'cww4mgb635hjpkti', 'u6sep2pltvemcg5r', 'jwdmkcoqa4qh6wej', 'q4vyrzddq25a4jhf', 'ta66nfopjkdkieuv', 'z3mm6cupmtw5b2xx', '25z5g623wpqpdwis', 'encryptor3awk6px', '2k7vcwbzor5ybfto', 'juf5pjk4sl7uojh4', 'h4uqttt4ub2hehkl', 'h5zuvyasqszw5s7q', 'fxxfgxqijkkbo7ss', 'toxicola7qwv37qj', 'tkjthigtqlvohs7z', '4nauizsaaopuj3qj', '4ggxntohlejkutst', '24fkxhnr3cdtvwmy', 'lmgxmluuqwrbdvkb', 'restoredz4xpmuqr', 'j2qwyburl2f4nwsp', 'kkd47eh4hdjshb5t', '5lyw72uhvt2xvgjm', 'zt6bycgnjvatzzvi', 'tzsvejrzduo52siy', 'wls3uapur3zjm5gm', '6i3cb6owitcouepv', 'lnc57humvaxpqfv3', 'na5waivbwt32f4ih', 'cctbulqlcve6e36o', 'kplpqns3yqfdqw45', 'evgg4iqc23vvoxhx', 'vgqisyuzmsa7cenq', 'kqd2eml2kjib53oe', 'bc7cxr6v3arxkffn', 'vozbpt7qiv2nbony', 'b3pepirxq7l2aybj', 'r2bv3u64ytfi2ssf', 'ohmva4gbywokzqso', '2kf7l7vpvvttzxuv', '3fdzgtam4qk625n6', 'tevyc2dds5oxutwe', 'tkj3higtqlvohs7z', 'u6y2j2ggtyplvzfm', 'qcuikaiye577q3p2', 'o2y3ee3fj6usmvn6', 'eqrvbczir5ua2emd', '3v6e2oe5y5ruimpe', 'stgg5jv6mqiibmax', 'krrewiaog3u4npcg', 'iezqmd4s2fflmh7n', 'fiwf4kwysm4dpw5l', 'rrcspgfghsjnklts', '7n4p5o6vlkdiqiee', '6lpeyskl4iiy2ksh', 'ycvcjbhgkmsiyhdd', 'iabni66w5xvwawbe', '34r6hq26q2h4jkzj', 'tlunjscxn5n76iyz', '47gzcamilht76ubo', 'nejdtkok7oz5kjoc', 'v6qyh5dnrn324jzs', 'gzc7lj4rvmkg25dm', 'bs7aygotd2rnjl4o', 'nmki4534a4sdtndk', 'crzy4iatvc7oxpbj', 'kurrmpfx6kgmsopm', '6ubux6ppafr24izl', 'zsn5qtrgfpu4tmpg', 'rzss2zfue73dfvmj', 't54cjs4qc2r4bn63', '52o7rub5gsybritg', 'otsaa35gxbcwvrqs', '2j6ye677oebe37id', 'bpq4dub4rlivvswu', 'fhqt44i7du2oyd35', 'kaofzop5phcg2irj', 'voooxrrw2wxnoyew', '5sse6j4kdaeh3yus', 'vf4xdqg4mp3hnw5g', '75nzutdjjtnpgscz', 'kpai7ycr7jxqkilp', 'jrb2v76dktumckcp', 'vr6g2curb2kcidou', 'wv55abv6bde65ek6', 'erhitnwfvpgajfbu', 'i3e5y4ml7ru76n5e', 'decryptoraveidf7', '4nzchpngrtdhn27u', 'ymleyd4xs3it55m7', 'lpholfnvwbukqwye', '333e45lpjqrebknr', 'vrvis6ndra5jeggj', 'dpckd2ftmf7lelsa', '3bjpwsf3fjcwtnwx', 'eqlc75eumpb77ced', '3kxwjihmkgibht2s', 'xuf5gcycmms2k2vd', 'btcgenyj6ho35io2', 'k7mkm44ddqm6eh2s', 'is6xsotjdy4qtgur', 'w7yue5dc5amppggs', '3qbyaoohkcqkzrz6', '3st7uyjfocyourll', 'smu743glzfrxsqcl', 'bpxw7rfs7t6f52u6', 'paytoc4gtpn5czl2', 'zxjfcvfvhqfqsrpz', 'xwxwninkssujglja', 'dugjdv7z3h5x4nrp', 'gnkltbsaeq35rejl', 'j2kiphmeb4m4ek66', 'ihma6dpeczozwz2q', 'k7tlx3ghr3m4n2tu', 'q5xofefox3mejgok', '613cb6owitcouepv', 'udm744mfh5wbwxye', 'mmc65z4xsgbcbazl', '24u4jf7s4regu6hn', 'mjof2bfjbfrucsou', 'vswefkqsipoeuq5o', 'xzjvzkgjxebzreap', 'xdndo2okt43cjx44', '7fa6gldxg64t5wnt', 'xhgiq7xle4s27pwg', 'cerberhhyed5frqa', 'e4vcpcfrnqh6sfz6', 'yez2o5lwqkmlv5lc', 'kc6b4fksimypsogl', 'rkcgwcsfwhvuvgli', '74724z223r535723', 'crptarv4hcu24ijv', 'llgerw4plyyff446', 'oclsi4szqlnpsxh2']
_______________________________________________ Tor2web-talk mailing list [email protected] https://lists.ghserv.net/mailman/listinfo/tor2web-talk
