MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

28.2.10

Phishing database III

Financial & Banking Institutions
Canada Trusth (http://www.tdcanadatrust.com/)
http://www-tdcanadatrust-com.epage.ru/td-bank-index.html
Citigroup (http://www.citigroup.com)
http://www.alanmetauro.com/home/online.citibank.com/US/JPS/portal/Index.do.htm?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH
CUA - Credit Union Australia (http://www.cua.com.au)
http://www.colconkproducts.com/pub/your-account-is-locked-cua-com-au/
http://173-11-85-81-sfba.hfc.comcastbusiness.net/images/webbanker.cua.com.au/webbanker/CUA/
UniCredit Banca (http://www.unicreditbanca.it)
http://161.58.125.218/uc/index.html
Grupo Banca Carige (http://www.gruppocarige.it/ws/gruppo/jsp/index.jsp)
http://www.iadr.or.kr/bbs/data/gruppocarige/it/grp/ws/gruppo/jsp/banca_carige/index.html
Grupo Banca Popolare Di Bari
http://www.georgiakoreans.com/bbs/data/bpr/index.html
Banca Cesare Ponti (http://www.gruppocarige.it/grp/bponti/html/ita/index.htm)
http://www.iadr.or.kr/bbs/data/gruppocarige/it/grp/ws/gruppo/jsp/banca_cesare_ponti/index.html
Banca Del Monte Di Luccia (http://www.gruppocarige.it/ws/bmlucca/jsp/index.jsp)
http://www.iadr.or.kr/bbs/data/gruppocarige/it/grp/ws/gruppo/jsp/banca_del_monte_di_lucca/index.html
CRS - Cassa di Risparmio di Savona (http://www.gruppocarige.it/ws/carisa/jsp/index.jsp)
http://www.iadr.or.kr/bbs/data/gruppocarige/it/grp/ws/gruppo/jsp/cassa_di_risparmio_di_savona/index.html
Cassa di Risparmio di Carrara (http://www.gruppocarige.it/ws/crcarrara/jsp/index.jsp)
http://www.iadr.or.kr/bbs/data/gruppocarige/it/grp/ws/gruppo/jsp/cassa_di_risparmio_di_carrara/index.html
Poste Italiane (http://www.poste.it)
http://posteitalianeonlinebpolcarteprestafgfdf.pcriot.com/posteitaliane/bpol/cartepre/formslogin.aspx.php?TYPE=33554433&REALMOID=06-b5208d98-1e41-108b-b247-8392a717ff3e&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME
http://www.ynzal.com/catalog/images/bpol/bancoposta/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid
http://www.yelin.ru/wm/bancopostaonline.poste.it/bpol/CARTEPRE/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid
Santander (www.santander.com)
http://slarrauri.com/tusitioweb/demo/BentoBox/modules/Logon.html
ABSA (http://www.absa.co.za)
http://markostoreltd.com/account.log/index.php
HSBC (http://www.hsbc.com)
http://worldviba.org/hboard3/bbs/indexx/hsbc/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?IDV_URL=hsbc.MyHSBC_pib
http://www.ss4net.com/flash/IBlogin.html
http://www.tricitypt.com/photos/pediatrics/hsbcsecure/IBlogin.html
http://in2pool.com/Sources/.x/IBlogin.html
http://erethizon.net/pomocne/hibernace/IBlogin.php
http://cs.kku.ac.kr/data/file/alumnus/hsbconline/HSBC/index.php
http://etechsol.pk/cp/IBlogin.html
http://www.fsk-squad.eu/stats/IBlogin.html
http://www.goldenstwarriors.com/boxes/IBlogin.html
http://singaporeluggagestorage.info/modules/foles/kmg/www.hsbc.co.uk/CAM10-jsessionid=000026MQ7KnXUxsKmiYKszFUkGJ12c58ti63.htm

In the domain singaporeluggagestorage.info climbed several packages of phishing through a shell. Besides HSBC phishing pack, found others to CIBS and ING Direct.

ING Direct (http://www.ing.com)
http://singaporeluggagestorage.info/modules/foles/mijn.ing.htm
Lloyds TSB (http://www.lloydstsb.com)
http://cjuckett.com/gallery/include/login/online.lloydstsb.co.uk/online.lloydstsb.co.uk/online.lloydstsb.co.uk/online.lloydstsb.co.uk/customer.ibc/
Wachovia (http://www.wachovia.com)
http://202.111.173.205/.../wachovia/AuthService.php?action=presentLogin&url=https://onlineservices.wachovia.com/NASApp/NavApp/Titanium?action=returnHome
Bank of America (http://www.bankofamerica.com)
http://210.116.103.118/~kardex/gnuboard4/bbs/Languages/
http://ahuarqalliance.com/~ahuarqal/Pringles/www.bankofamerica.com/bofa-update/bofa-update/bofa/
J.P.Morgan (http://www.jpmorgan.com)
http://martindlk.ie/pdf_files/10/c/ch.htm?customerid=&co_partnerId=2&siteid=0&ru=&PageName=login_run&pp=pass&pageType=708XeMWZllWXS3AlBX+VShqAhQRfhgTDrf&co_partnerId=2&siteid=0&ru=&pp=&pageType=708&MfcISAPICommand=ConfirmRegistration&708XeMWZllWXS3AlBXVShqAhQRfhgTDrfQRfhgTDrfA
egg (http://www.egg.com)
http://www.extv.co.kr/data/file/s_tag08/819,00.html
http://www.wrpt.us/fireworks/Egg-Login.htm
InterSwitch (http://www.interswitchng.com)
http://2009_securityupdate1.t35.com/Nigeria_interSwitch.htm
MoneyGram (http://www.moneygram.com)
http://121.11.253.235/.cgi-bin/mg/MoneyGram/eMoneyTransfer/
Discover (http://www.discovercard.com)
https://www.discovercard.com/cardmembersvcs/loginlogout/app/ac_main
VISA (http://www.visa.com)
http://intersecure.fr/security/verified/cards/unlock/ssl/Deutschland/

Electronic Commerce
Amazon (http://www.amazon.com) http://digiplan.nl/img/xzf5465x6z4f56xz4fx5z64f5645z4x5z64f556xf4z56x4z5f45z6x4f56f4z5xf45zx64f/cxz4564z56z4z6c54cx54xc545c46z54c4zxzxfx5fz4z65f454xz5f45zx45xz64f/
PayPal (https://www.paypal.com)
http://www.revenueirish.net/~gustavo/mongis/webscrcmd=_login-submit&dispatch=5885d80a13c0db1fc53a056acd1538879f614231735d88db02692aa5ce177197.php
http://8shagyasser.com/.cc/pp/us/
http://www.revenueirish.net/~gustavo/mongis/index4.php
http://allmedwholesale.com/cache/paypal/index.htm
http://www.skizo123.com/update/
http://francomm.org/worldsecure/
http://carinethomas10.net/www.PayPal.Com22/webscrcmd=_login-done&login_access=1190737782.htm
Capitalone (http://www.capitalone.com)
http://allmedwholesale.com/cache/c/e/capitalOne/login.aspx.htm

Government Services
IRS - Internal Revenue Service (www.irs.gov)
http://www.budgetcirkus.dk/irs.gov/IRS/irs-refund-account.html
http://195.140.132.196/~dan10417/irs.gov/IRS/irs-refund-account.html
HMRC - HM Revenue & Customs (http://www.hmrc.gov.uk)
http://www.hmrc.ukonlinerefund.com/refund.php?item=1928381240348811

Online Games
World of Warcraft (http://www.worldofwarcraft.com)
http://www.worldofwarcraft-account-instrcationcheck.com/login.asp?app=wam&ref=https://www.worldofwarcraft.com/account/&eor=0&app=bam
http://www.review-billing-worldofwarcraft.com/
http://nm-jk-gh.worldofwarcraftftc.com/
http://check.worldofwarcraftfts.com/
http://account.worldofwarcraftfta.com/

Zynga Poker (http://www.zynga.com)
http://admin_zynga_security.t35.com/
http://administrator-poker.t35.com/security/account_verification/

Social Networking
Hi5 (http://www.hi5.com)
http://aipoise.t35.com/frienddisplayHomePage.do.html
MySpace (http://www.myspace.com)
http://210.51.184.12/myspace.com&session_timed_out.php
Orkut (http://www.orkut.com)
http://orkutfunky2008.50webs.com/index.HTML
http://orkutf.50webs.com/Orkut/
http://lanhousemv.t35.com/
http://abhijaan.justfree.com/2009.html
http://guuhrox.galeon.com/
Facebook (http://www.facebook.com)
http://admin_tools_zynga.t35.com/
http://admin_zynga.t35.com/
http://admin_zynga_poker.t35.com/
http://admin_zyngapokergames.t35.com/
http://adminbanned.t35.com/Zinga.Terms/
http://adminfacebookz.t35.com/Facebook.htm
http://adminforu.t35.com/facebook/facebook.php
http://ak-sdk-fbsdk-conf.t35.com/
http://funnymoneygame.t35.com/
http://facebooknewlog.t35.com/Facebook.php
http://apps-facebook-poker.t35.com/
http://newfoundsite.t35.com/facebook/Facebook.htm
Xbox Live (http://www.xbox.com)
http://anythingmicrosoft.t35.com/

WebMail
Yahoo (http://www.yahoo.com)
https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do?d=U2FsdGVkX19cY56F3r1QvfGtU0XVsveCoTYWNnRpvZ4bILechNLfZTHvHIOFjqsAa77VmsuwGDHOvNJSa0FuwZgPFc6s8evu39eeQ.zeRGM1OZ4zVBg-&m=0&l=en_US&=
Windows Live (http://login.live.com)
http://account_validation.t35.com/Windows%20live.php
http://alw7dany.tripod.com/hotmail.htm
http://wiwaxiaa.tripod.com/
http://girl.q8sex.tripod.com/hotmail/login.srf.htm
AOL Mail (http://www.webmail.aol.com)
http://aolz.t35.com/Webmail/
http://aoltosbillingcenter.t35.com/
http://aolsn.t35.com/
AIM Express (http://www.aim.com/aimexpress.adp)
http://aoldashboard02.t35.com/aimexpress.html

File Hosting
Rapidshare (http://rapidshare.com)
http://2993amit.justfree.com/Rapidshare/files.php
http://www.rapidfree.za.pl/#200
http://easy.justfree.com/index1.php
http://willgax.justfree.com/rp/indir.php
http://babalar2.justfree.com/rp/indir.php
http://rsmany.t35.com/premiumzone.php
http://rapid24.blackapplehost.com/files.php
http://rapid24.blackapplehost.com/logon.php
http://www.phish.yoyo.pl/index.php
http://hotfilm.xaa.pl/rs/index.php
http://chronoshon.t35.com/files.php
Hotfile (http://www.hotfile.com)
http://hotfiles.justfree.com/?f=295/dl/4629684/01bd28f/Boob-E_CD1_chunk_1.rar.html
http://zsah.justfree.com/hotfile/index.php
http://indigo2.justfree.com/

Related information
Phishing database II
Phishing database I
ZeuS on IRS Scam remains actively exploited
New ZeuS phishing campaign against Google and Blogger
Facebook & VISA phishing campaign proposed by ZeuS
Dissection of a fraudulent package. Wachovia phishing attack

Jorge Mieres

0 comentarios:

Post a Comment