Friday, December 2, 2016

Rappel ! (Phishing Carte Bleue)


Bonjour,

Une nouveau message en ligne est disponible sur votre Messagerie e-carte bleue.

Pour la consulter et accéder a votre messagerie sécurise.

veuillez vous adresser à https://service.e-cartebleue.com/fr/

Nous vous remercions par avance et restons bien sur à votre disposition pour
toute précision utile.

Cordialement.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique. Cette adresse e-mail ne peut pas recevoir de réponses.

Phishing screenshot :


Phishing analysis :

CLICK : https://service.e-cartebleue.com/fr/
OPEN : http://edilbarbetta.com/wp-content/them/
SCREENSHOT :


DETAIL : Wordpress website...

Domain analysis :

Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Expiration Date 11-sep-2017
Registrar Ascio Technologies, Inc
Registrant Name Luca Barbetta
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Domain Name EDILBARBETTA.COM
Sponsoring Registrar IANA ID 106
Whois Server whois.ascio.com
Referral URL http://www.ascio.com
Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Status ok https://icann.org/epp#ok
Updated Date 16-aug-2016
Creation Date 11-sep-2015
Expiration Date 11-sep-2017
Last update of whois database Fri, 02 Dec 2016 09:37:40 GMT
Registry Domain ID 1959304579_DOMAIN_COM-VRSN
Registrar WHOIS Server whois.ascio.com
Registrar URL http://www.ascio.com
Updated Date 2016-08-16T08:16:43Z
Creation Date 2015-09-11T00:00:00Z
Registrar Registration Expiration Date 2017-09-11T18:13:36Z
Registrar Ascio Technologies, Inc
Registrar IANA ID 106
Registrar Abuse Contact Email abuse@ascio.com
Registrar Abuse Contact Phone +44.2070159370
Domain Status OK
Registrant Name Luca Barbetta
Registrant Street via Tasso 8
Registrant Street Ve
Registrant City La Salute di Livenza
Registrant Postal Code 30029
Registrant Country IT
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Admin Name Master Host
Admin Organization One.com
Admin Street Kalvebod Brygge 24
Admin City Copenhagen V
Admin State/Province Copenhagen V
Admin Postal Code 1560
Admin Country DK
Admin Phone +45.46907100
Admin Fax +45.70205872
Admin Email hostmaster@one.com
Tech Name Master Host
Tech Organization One.com
Tech Street Kalvebod Brygge 24
Tech City Copenhagen V
Tech State/Province Copenhagen V
Tech Postal Code 1560
Tech Country DK
Tech Phone +45.46907100
Tech Fax +45.70205872
Tech Email hostmaster@one.com
DNSSEC unsigned
Last update of WHOIS database 2016-12-02T09:37:52 UTC

Email analysis :

NOTE : services.e-cartebleue@bell.net
NOTE : services.e-cartebleue@service.fr
NOTE : 184.150.200.79

CHECK YOUR BANK ACCOUNT, YOUR ACCOUNT HAS BEEN ACCREDITED WITH US$12.8 MILLION

Dear customer,

Congratulations please check your bank account,your fund of
US$12.8 million has been transferred to your bank account.

Gordon Williams
BARCLAYS BANK LONDON.
williamsgordon7@aol.com
+442038085314

Email analysis :

NOTE : williamsgordon7@aol.com
NOTE : X-Sender : INFO@BARCLAYSBANK.COM
NOTE : Organization : BARCLAYS BANK LONDON
NOTE : 91.135.16.19 is neither permitted
NOTE : Received : from pop.dtg.lv (pop.dtg.lv [91.135.16.4])


NOTE : by smtp.dtg.lv (Postfix)
NOTE : client-ip=91.135.16.19;

Transfer Notification/ Respond Now

NEEL KASHKARI
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Attn: Beneficiary,

This is to inform you that we have received a payment instruction from Mr. Chan Tak Kin, a Citizen of China demanding that we should transfer your funds to him, as you have given him the mandate and authorization for him to receive your funds interest.Note that he has given us a bank account in Hong-Kong, where we will transfer your funds to him without delay.

Bank of China (Hong Kong)
25 Wu Pak Street, Aberdeen, HK
Account Name: Chan Tak Kin
Swift code: BKCHHKHHCLS
Routing number: 026003269
Account number: 012-879-6-034422-0

Please let us know if you have truly instructed and directed him to receive your funds in Hong-Kong.We have informed him to get an official Power of Authorization from you, before we will release the funds to him, which we are still waiting for.However, we want to inform you that, you have within the next five (5) official working days to get back to us on this notice or we will release the funds to him.

Yours truly,

Neel Kashkari

FEDERAL RESERVE BANK
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Email analysis :

NOTE : neelkashkari@barid.com
NOTE : info@federalreserve.gov
NOTE : FEDERAL RESERVE BANK
NOTE : 51.15.42.116 ()


NOTE : Strange...
NOTE : UK Government Department for Work and Pensions
NOTE : Search Google for "UK Government Department for Work and Pensions IP"
NOTE : http://www.bbc.com/news/technology-32826353
NOTE : IP was sold off ?

NOTE : Informations about 51.15.42.116

inetnum: 51.15.0.0 - 51.15.63.255
org: ORG-ONLI2-RIPE
netname: ONLINE_NET_DEDICATED_SERVERS_NL
country: NL
admin-c: MM42047-RIPE
tech-c: MM42047-RIPE
status: LEGACY
mnt-by: ONLINESAS-MNT
created: 2016-10-28T11:18:17Z
last-modified: 2016-10-28T11:19:00Z
source: RIPE
organisation: ORG-ONLI2-RIPE
org-name: ONLINE SAS NL
org-type: OTHER
address: ONLINE SAS NL, EvoSwitch AMS1, J.W. Lucasweg 35 2031 BE Haarlem
abuse-c: AR32851-RIPE
mnt-ref: ONLINESAS-MNT
mnt-by: ONLINESAS-MNT
created: 2016-05-13T10:41:40Z
last-modified: 2016-05-13T10:41:40Z
source: RIPE # Filtered
person: Mickael Marchand
address: 8 rue de la ville l'eveque 75008 PARIS
phone: +33173502000
nic-hdl: MM42047-RIPE
mnt-by: MMA-MNT
created: 2015-07-10T15:02:32Z
last-modified: 2016-02-23T12:43:25Z
source: RIPE # Filtered

NOTE : Received : from User (unknown [104.238.195.195])


NOTE : (Authenticated sender: admin) by mail.dealer.com

Hello Dear

Dear Friend,

Your contact came to me through a friend who does international business between countries.

I am Ms Ashley William, of the Ministry of Health in Mauritius proposing a beneficial transaction to you.I am relying on your genuineness and sincerity,in all aspects of this proposal.

The transaction in question of which I am about to reveal to you,emanated from over-invoicing(COMMISSION) of contract awarded in my ministry for the supplies of medical equipment and quality health programs.The Contract payment were completed on the directives of Nicholas west: knowing fully that my commission will be paid out as agreed to a receiving vault as deposited valuables.

please kindly respond to my email addresses below for full details:
ashleywilliamz2000@hotmail.com

Thanks,
Ms Ashley Williams

Email analysis :

NOTE : ashleywilliamz2000@hotmail.com
NOTE : Shashi@studentmail.siit.tu.ac.th
NOTE : X-Mailer : Zimbra 8.6.0_GA_1194 (zclient/8.6.0_GA_1194)
NOTE : X-Originating-Ip : [166.88.123.62]


NOTE : Received : from mail.studentmail.siit.tu.ac.th
NOTE : (mail.studentmail.siit.tu.ac.th [103.253.75.124])
NOTE : by mail.studentmail.siit.tu.ac.th


NOTE : account Shashi
NOTE : siit.tu.ac.th


NOTE : mail.studentmail.siit.tu.ac.th server was used to relay this scam.

Contact Diplomat John Now

We wish to inform you that the diplomatic agent conveying the consignment box valued at the sum of $2.5 Million is currently at John F Kennedy International Airport. We required you to reconfirm the following information below so that he can deliver your consignment box to you today. Contact Diplomat John DeJohn and also make sure that you forward your Code Number registration to him because it is very important to enable him locate your address.

I require your urgent response to this email with below stated information

Full Name=========
Home Address=======
City==========
Country========
ID============
Telephone =========

Bank REGISTRATION NO :EG58945
Bank CODE NUMBER: 0140479

Make sure you don't let the agent know the content of the consignment box for security purposes and i want this to be within you and us to avoid another person contacting the agent over your fund. Immediately you contact him, he will deliver your consignment box to you.

Contact Email ; dejohnjohnm@gmail.com
Mobile Number:(+1 646 513 5132)

Best Regards

Director Albert F. Cuthbert
Foreign Operation department
United State Embassy West Africa
+22962329600

Email analysis :

NOTE : albertcuthbert@yahoo.com
NOTE : dejohnjohnm@gmail.com
NOTE : "www."@gaea.ocn.ne.jp
NOTE : Fedex
NOTE : Mr Albert Cuthbert
NOTE : X-Originating-Ip : [41.86.234.171]

RE: CHARITY WORK AND NEEDY....

My Dear Beloved ,

Greetings and many thanks my dear for your urgent response to my proposal. I will also thank you for your concern. Am in Scotland now receiving my treatment, I have been here for pass Two years and Eight Months. From my proposal you can understand what i am going through.I have been bed-ridden for a very longtime now. I only need someone whom i will trust this fund so that it will be used the way i want.. I will also send you the certificate of deposit and the bank will educate you more concerning the fund, am old woman seeking for your help before i die because i don't want to lose the fund with the bank.

If you can assist me to receive this fund , you should give me your full name and address with your ID CARD, your telephone And Your Age for easy communication so that i will send it to the Bank to enable them change all the documentations to your name as the beneficiary of the fund. The above documents will stand you as the beneficiary to the fund and will empower the Bank to send the funds to you without any delay.

I was restricted by the doctors from using phone because of my health. But I will be communicating with you regularly through mail because i know that with your honesty and trust, the funds will get to you within three workers days from now.

Thanks and my regards,

Madam Elizabeth Benedicta

Email analysis :

NOTE : elizabethbenedicta@yahoo.com
NOTE : elizybe343322@hotmail.com
NOTE : Received : from User (unknown [197.211.56.16])


NOTE : by macareo.pucp.edu.pe


NOTE : pucp.edu.pe


NOTE : macareo.pucp.edu.pe server was used to relay this scam.