Saturday, December 20, 2014

Inquiry From TradeKey (Tradekey Phishing)

TradeKey Logo

Dear Tradekey Customer,

You have received a new business inquiry from Rashid al-Maktum on Tradekey.com unfortunately, we are unable to deliver further inquiries to your email address. Please visit the Tradekey.com member services centre to verify your email account information.

*Please Sign in here with your email-address and e-mail password to verify your account.

Wishing you the very best of business,

Thank you for using our services.

http://int2.tkcdn.com/lang/images/iso_horizontal.gif

Privacy Policy - Terms of Use - Intellectual Property Policy
Copyright © 2014 TradeKey.com

Phishing analysis :

CLICK : *Please Sign in here with your email-address and e-mail password to verify your account.
OPEN : http://staging.sojournmusic.com/tradekey.com/index.html
SCREENSHOT :


ACTION : FILL FORM
CLICK : Sign In
REDIRECT : http://www.tradekey.com/
ANALYSIS : http://staging.sojournmusic.com/ RELAY TRADEKEY PHISHING
ANALYSIS : CODE SOURCE OF THE PHISHING PAGE : http://pastebin.com/raw.php?i=Rjp0N096

Email analysis :

NOTE : Received-Spf : client-ip=95.215.227.59;
NOTE : X-Source-Args : /usr/sbin/proxyexec -q -d -s /var/run/proxyexec/cagefs.sock/socket /bin/cagefs.server
NOTE : Return-Path : < wwwiliad@dedicated1.i-spy360.com >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : iliad.mu:/public_html/wp-includes/Text/Diff/Renderer
NOTE : X-Php-Script : www.iliad.mu/wp-includes/Text/Diff/Renderer/jamb.php for 41.151.173.119


NOTE : Content-Transfer-Encoding : 8bit
NOTE : X-Get-Message-Sender-Via : dedicated1.i-spy360.com
NOTE : :authenticated_id: wwwiliad/only user confirmed/virtual account not confirmed
NOTE : Content-Type : text/html
NOTE : Received : from blackmartini.mu (vps.i-spy360.com. [95.215.227.59])
NOTE : Received : from wwwiliad by dedicated1.i-spy360.com with local (Exim 4.84)
NOTE : (envelope-from < wwwiliad@dedicated1.i-spy360.com >)
NOTE : Inquiry From TradeKey

FINAL NOTE :

NOTE : illiad.mu was used to send the phishing. (Leaked wordpress installation)
NOTE : The phishing is hosted by sojournmusic.com (Leaked wordpress installation)
NOTE : The phishing mail was sent by 41.151.173.119

Labels : ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright © Scam.cz | Created by Rbcafe