Author Archive
American Express Card Phishing Websites
May 18, 2012 | 
Author This morning our team came accross various American Express Phishing Sites. The site is a scam. The sites are mapped in various network domains in various countries that include Brazil, India, Portugal and India.
Malware Found:
- Phishing Sites
- Spyware
- Scam/Fraud
Sample American Express Phishing Site:
Phishy Sites Associated with the American Express Scam
- hxxp:__www.slotshop.it/americanexpress/
hxxp:__www.unizo.be/americanexpress/
hxxp:__www.us.cibt.com/americanexpress/
hxxp:__ftp.denacali.com/americanexpress/
hxxp:__ftp.shellrent.com/americanexpress/
hxxp:__ftp.webdensiparis.com/americanexpress/
hxxp:__acdesoto.org/americanexpress/
hxxp:__alfaengpro.com/americanexpress/
hxxp:__bialowolski1.home.pl/americanexpress/
hxxp:__camaradearte.com.br/americanexpress/
hxxp:__cashingedge.com/americanexpress/
hxxp:__cennetpinar.org/americanexpress/
hxxp:__cog-associados.com.br/americanexpress/
hxxp:__correiodocerrado.com/americanexpress/
hxxp:__david.deb.hu/americanexpress/
hxxp:__digifix.be/americanexpress/
hxxp:__expressioncreative.com/americanexpress/
hxxp:__glamoureventos.com.bo/americanexpress/ - hxxp:__golftraveltr.com/americanexpress/
hxxp:__implanteyesteticadentalbolivia.com/americanexpress/
hxxp:__karinmuhlbach.com.br/americanexpress/
hxxp:__mehdi-tavakoli.com/americanexpress/
hxxp:__meridianassociates.biz/americanexpress/
hxxp:__onlyootyproperties.com/americanexpress/
hxxp:__pdks.com.tr/americanexpress/
hxxp:__prosperts.in/americanexpress/ - hxxp:__regalotecnia.com/americanexpress/
hxxp:__sbdesign.se/americanexpress/
hxxp:__sosrepair.info/americanexpress/
hxxp:__tayfunbudak.com/americanexpress/
hxxp:__thazkiyyah.com/americanexpress/
hxxp:__themoonlighter.info/americanexpress/
hxxp:__tome1234.webd.pl/americanexpress/
hxxp:__tr-live33.info/americanexpress/
hxxp:__valenciacollegebr.com.br/americanexpress/
hxxp:__washasec.com.br/americanexpress/
hxxp:__webdesign2009.info/americanexpress/
hxxp:__webflyer.co.il/americanexpress/
Reference: Clean MX
Posted in Phishing, Scam, Spyware, Survival | 
Tags: American Exporess Spoof, American Express Phishing Site | 
No Comments »
Zeus Trojan Compiled Website Mini List
Our Research team has compiled the latest mini list of Zeus Trojan sites. The sites also include other Nasty Malware attacks. Good Luck!
Malware Found:
- Trojan Zeus / Zbot
- Trojan.Win32.Danglo
- Fake Anti-Virus / RansomWare
- TrojanSpy Bancos.DI
- Trojan.JS.BlacoleRef
- Directs to Exploit kit
- TrojanSpy Banker.ADX
ZEUS Compiled List:
- hxxp:__somdatorre.com.br/cSCS8uPK/index.html
- hxxp:__200.98.246.235
- hxxp:__www.wificomputacion.com.ar/KPnTs5X3/index.html
- hxxp:__bandvalefm.com.br/eae4tPvF/index.html
- hxxp:__new.photo-text.de/cSCS8uPK/index.html
- hxxp:__www.polivet.ro/PBPS5kYk/index.html
- hxxp:__76.12.158.176/Z438EdZ8/index.html
- hxxp:__96.9.42.120/GRYYEt3L/index.html
- hxxp:__96.9.42.120/uvoNJPhk/index.html
- hxxp:__acdesoto.org/62FHkkQU/index.html
- hxxp:__ademimarlik.com/wobsAXaH/index.html
- hxxp:__atkbirthday.com/FW3s2g0r/index.html
- hxxp:__bonanzastock.com/AfbMojVQ/index.html
- hxxp:__buyrealfacebooklikes.org/6X6tGZvj/index.html
- hxxp:__cantokay.com/hTVbWtV1/index.html
- hxxp:__cantokay.com/qh8xhoi8/index.html
- hxxp:__casadepanmargus.com.ar/SCpdMNoh/index.html
- hxxp:__casadepanmargus.com.ar/ZgzUBpAS/index.html
- hxxp:__coachconsciencial.com/b8oR7pPA/index.html
- hxxp:__colinagrande.ro/fM9QAuuE/index.html
- hxxp:__computer-repair-broward-florida.us/WzH8omg5/index.html
- hxxp:__cookviewer1.cookcountyil.gov/jsviewer/index.html
- hxxp:__dp38213687.lolipop.jp/6ctF0m2r/index.html
- hxxp:__dp38213687.lolipop.jp/BLVvwEjE/index.html
- hxxp:__emailjb.astralecia.com.br/nuVGp7Rq/index.html
- hxxp:__emailjb.astralecia.com.br/sUELspcK/index.html
- hxxp:__envasesplasticoseg.com.ar/JKnDwqyr/index.html
- hxxp:__envasesplasticoseg.com.ar/sUELspcK/index.html
- hxxp:__epeoplerealworkers.com/g3usHbw6/index.html
- hxxp:__fixconsultoria.com/E6ngV7C3/index.html
- hxxp:__fixconsultoria.com/iot7FQVF/index.html
- hxxp:__fjernsynifarver.dk/KDFUvSAi/index.html
- hxxp:__foxpublicidade.com.br/P5ut143R/index.html
- hxxp:__foxpublicidade.com.br/uvoNJPhk/index.html
- hxxp:__ftp.aromatta.com.br/8tVwmrKd/index.html
- hxxp:__ftp.magazinuldecupoane.ro/eae4tPvF/index.html
- hxxp:__ftp.misanplas.com.ar/4Jqu5JCt/index.html
- hxxp:__ftp.misanplas.com.ar/E6ngV7C3/index.html
- hxxp:__ftp.misanplas.com.ar/y7dBk8vm/index.html
- hxxp:__ftp.nakagawa-usa.com/3dUnup64/index.html
- hxxp:__gameshole.net/Y0VkGFQy/index.html
- hxxp:__GaryLoomisCustoms.com/ZWagr31N/index.html
- hxxp:__gemeia.com.ar/Gs0evc0Q/index.html
- hxxp:__gianoimports.com/8AA0f6r9/index.html
- hxxp:__goldmen.ma/aLjPFaV5/index.html
- hxxp:__goldmen.ma/bsN2Wnz0/index.html
- hxxp:__greencastle.it/1veTyqpi/index.html
- hxxp:__hdplumbing.com/6ctF0m2r/index.html.
- hxxp:__hdplumbing.com/aThhJqg0/index.html
- hxxp:__hdplumbing.com/JKnDwqyr/index.html
- hxxp:__hybridstate.co.uk/1BLJdvaw/index.html
- hxxp:__investcaldas.com.br/mycjRaJh/index.html
- hxxp:__jahu.com.br/qh8xhoi8/index.html
- hxxp:__kirikhanrehberi.com/dYjRcTrp/index.html
- hxxp:__kirikhanrehberi.com/e5mHgwg3/index.html
- hxxp:__kirikhanrehberi.com/eGRo6MF9/index.html
- hxxp:__kulppasur.com/sUELspcK/index.html
- hxxp:__launchcontrol.in/g3usHbw6/index.html
- hxxp:__launchcontrol.in/sUELspcK/index.html
- hxxp:__linksolutions.com.br/U0LA0Ee8/index.html
- hxxp:__loveandmaterialism.com/1G91V8HA/index.html
- hxxp:__loveandmaterialism.com/1veTyqpi/index.html
- hxxp:__loveandmaterialism.com/6ctF0m2r/index.html
- hxxp:__loveandmaterialism.com/dHAADdvK/index.html
- hxxp:__loveandmaterialism.com/DuZiWJ4e/index.html
- hxxp:__lukadesign.altervista.org/mycjRaJh/index.html
- hxxp:__madaboutleisure.wsini.com/BLVvwEjE/index.html
- hxxp:__madaboutleisure.wsini.com/DuZiWJ4e/index.html
- hxxp:__madaboutleisure.wsini.com/e5mHgwg3/index.html
- hxxp:__madaboutleisure.wsini.com/E6ngV7C3/index.html
- hxxp:__madaboutleisure.wsini.com/sUELspcK/index.html
- hxxp:__madaboutleisure.wsini.com/WAJFUnxv/index.html
- hxxp:__madmadscientists.com/6ymrineF/index.html
- hxxp:__marketingestablecimientos.com/c8kRoGD7/index.html
- hxxp:__marketingestablecimientos.com/JjKV2aSM/index.html
- hxxp:__marketingestablecimientos.com/w6m5waK0/index.html
- hxxp:__massivesupplies.com.au/1veTyqpi/index.html
- hxxp:__massivesupplies.com.au/DuZiWJ4e/index.html
- hxxp:__masymasradio.com/dYjRcTrp/index.html
- hxxp:__masymasradio.com/JKnDwqyr/index.html
- hxxp:__masymasradio.com/nuVGp7Rq/index.html
- hxxp:__masymasradio.com/SdqaATJ9/index.html
- hxxp:__masymasradio.com/sRScazbC/index.html
- hxxp:__masymasradio.com/WAJFUnxv/index.html
- hxxp:__materawaste.com.au/aThhJqg0/index.html
- hxxp:__materawaste.com.au/g3usHbw6/index.html
- hxxp:__materawaste.com.au/uHh0npQR/index.html
- hxxp:__mbcmedya.net/nuVGp7Rq/index.html
- hxxp:__mkhalilelectric.com/aThhJqg0/index.html
- hxxp:__mkhalilelectric.com/BLVvwEjE/index.html
- hxxp:__mkhalilelectric.com/dYjRcTrp/index.html
- hxxp:__mkhalilelectric.com/WAJFUnxv/index.html
- hxxp:__mp3mi.com/tdFtfJBT/index.html
- hxxp:__myvidawell.h1864257.stratoserver.net/JjKV2aSM/index.html
- hxxp:__myvidawell.h1864257.stratoserver.net/SQ7W9esM/index.html
- hxxp:__newtriumphtrading.com/5y76chNE/index.html
- hxxp:__nicolejanelle.com/0k8deSUg/index.html
- hxxp:__nomadiccommunications.com/Wevvn3t5/index.html
- hxxp:__oleksyk.pl/1veTyqpi/index.html
- hxxp:__oleksyk.pl/DuZiWJ4e/index.html
- hxxp:__oleksyk.pl/sUELspcK/index.html
- hxxp:__oleksyk.pl/uHh0npQR/index.html
- hxxp:__oleksyk.pl/y7dBk8vm/index.html
- hxxp:__pepperycomunic.com.br/BxYMAAgu/index.html
- hxxp:__petroffinstitutional.com/Yh7Zmcwa/index.html
- hxxp:__primeconsulting.hu/BLVvwEjE/index.html
- hxxp:__primeconsulting.hu/e5mHgwg3/index.html
- hxxp:__primeconsulting.hu/E6ngV7C3/index.html
- hxxp:__primeconsulting.hu/g3usHbw6/index.html
- hxxp:__primeconsulting.hu/nuVGp7Rq/index.html
- hxxp:__primeconsulting.hu/sUELspcK/index.html
- hxxp:__primeconsulting.hu/y7dBk8vm/index.html
- hxxp:__profinmty.com/mabpx4nN/index.html
- hxxp:__protarp.co.za/VjsrdHbg/index.html
- hxxp:__pvcwindowmanufacturers.com/6ctF0m2r/index.html
- hxxp:__pvcwindowmanufacturers.com/dYjRcTrp/index.html
- hxxp:__pvcwindowmanufacturers.com/eGRo6MF9/index.html
- hxxp:__pvcwindowmanufacturers.com/PpesAg3G/index.html
- hxxp:__questers.git.edu/fq0P3859/index.html
- hxxp:__raulparoli.com.ar/dYjRcTrp/index.html
- hxxp:__raulparoli.com.ar/e5mHgwg3/index.html
- hxxp:__raulparoli.com.ar/sRScazbC/index.html
- hxxp:__raulparoli.com.ar/WAJFUnxv/index.html
- hxxp:__reservamilitar.com/yvdCkwKu/index.html
- hxxp:__reyonemlak.com/MkHL4vBp/index.html
- hxxp:__rigoornellamobili.com/aThhJqg0/index.html
- hxxp:__rigoornellamobili.com/tZFu3Pv5/index.html
- hxxp:__ronnyealison.com.br/rw54WCDQ/index.html
- hxxp:__sampadaindia.in/DRiqBMbW/index.html
- hxxp:__sgmelektrik.com.tr/e5mHgwg3/index.html
- hxxp:__sgmelektrik.com.tr/iot7FQVF/index.html
- hxxp:__smilephotobooths.co.uk/1veTyqpi/index.html
- hxxp:__smilephotobooths.co.uk/E6ngV7C3/index.html
- hxxp:__smilephotobooths.co.uk/eGRo6MF9/index.html
- hxxp:__smilephotobooths.co.uk/PpesAg3G/index.html
- hxxp:__smilephotobooths.co.uk/sRScazbC/index.html
- hxxp:__spa-sanjuan.zxq.net/tdFtfJBT/index.html
- hxxp:__specialoffers.com.br/E6ngV7C3/index.html
- hxxp:__stickyroller.ca/sRScazbC/index.html
- hxxp:__student-si.99k.org/fM9QAuuE/index.html
- hxxp:__student-si.99k.org/Um4T3svC/index.html
- hxxp:__student-si.99k.org/yyQNXKQw/index.html
- hxxp:__summitbikes.co.za/Um4T3svC/index.html
- hxxp:__summitbikes.co.za/yvdCkwKu/index.html
- hxxp:__tecviagens.com.br/E6ngV7C3/index.html
- hxxp:__tecviagens.com.br/nuVGp7Rq/index.html
- hxxp:__television2.99k.org/qh8xhoi8/index.html
- hxxp:__trapichealo.com/aThhJqg0/index.html
- hxxp:__trapichealo.com/g3usHbw6/index.html
- hxxp:__tspcncmachinetools.com/4Jqu5JCt/index.html
- hxxp:__tspcncmachinetools.com/DuZiWJ4e/index.html
- hxxp:__tspcncmachinetools.com/eGRo6MF9/index.html
- hxxp:__tuespacio.com.uy/U0LA0Ee8/index.html
- hxxp:__vincentius.or.id/eae4tPvF/index.html
- hxxp:__wheatallergysymptom.com/1veTyqpi/index.html
- hxxp:__wheatallergysymptom.com/aThhJqg0/index.html
- hxxp:__wiplay.com.br/dYjRcTrp/index.html
- hxxp:__wiplay.com.br/eGRo6MF9/index.html
- hxxp:__wiplay.com.br/PpesAg3G/index.html
- hxxp:__worldmusic-ar.com.ar/NGxo03v6/index.html
- hxxp:__wp.almaxstudio.com/2yQNTA97/index.html
- hxxp:__www.aavfrancescoprivitera.it/6ctF0m2r/index.html
- hxxp:__www.aavfrancescoprivitera.it/eGRo6MF9/index.html
- hxxp:__www.aavfrancescoprivitera.it/g3usHbw6/index.html
- hxxp:__www.aavfrancescoprivitera.it/PpesAg3G/index.html
- hxxp:__www.buyukkaristirantml.k12.tr/391ixoyA/index.html
- hxxp:__www.camarasaldanha.rs.gov.br/U0LA0Ee8/index.html
- hxxp:__www.easywaytogetpregnant.com/ZmUaukzG/index.html
- hxxp:__www.eventosabsolue.com/hTVbWtV1/index.html
- hxxp:__www.eventosabsolue.com/QnVRT4PE/index.html
- hxxp:__www.figurinhasalvin.com.br/foRzthoD/index.html
- hxxp:__www.figurinhasalvin.com.br/QzUdE8zX/index.html
- hxxp:__www.figurinhasalvin.com.br/yWyXU9NU/index.html
- hxxp:__www.graficasalli.com.br/E6ngV7C3/index.html
- hxxp:__www.graficasalli.com.br/JKnDwqyr/index.html
- hxxp:__www.helppcweb.it/b2Nfq104/index.html
- hxxp:__www.hso.co.jp/3oXGcu61/index.html
- hxxp:__www.hso.co.jp/foRzthoD/index.html
- hxxp:__www.hso.co.jp/GRYYEt3L/index.html
- hxxp:__www.matudesign.com/1G91V8HA/index.html
- hxxp:__www.matudesign.com/1veTyqpi/index.html
- hxxp:__www.matudesign.com/dHAADdvK/index.html
- hxxp:__www.newsletter.seelenmaerchen.com/5CY4dSwa/index.html
- hxxp:__www.petroffinstitutional.com/Yh7Zmcwa/index.html
- hxxp:__www.studiobarsotti.it/yWyXU9NU/index.html
- hxxp:__www.studiobarsotti.it/Z438EdZ8/index.html
- hxxp:__www.sunproofuv.com/EPSLUGex/index.html
- hxxp:__www.wificomputacion.com.ar/whr6AFa6/index.html
Reference: Clean-MX and the Malware Survival Team
Posted in Bots, Command and Control, Survival, Trojan, Web Threats | Tags: Botnet, Phishing, Scam, Trojan Bancos, Trojan Zeus, Zbot | No Comments »
