Sunday, February 8, 2015

Email Administration Alert

Your mailbox is almost full.

Dear test@test.com

3840MB 4096MB
Current size Maximum size

Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty your Deleted Items folder. Click here to do reduce size automatically.

Thanks,
Mail System Administrator

This notification was sent to test@test.com; Don't want occasional updates about subscription preferences and friendly suggestions? Change what email Google+ sends you.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043 USA

Phishing analysis :

CLICK : Click here
OPEN : http://utherbucket.com/includes/email/upgrade/newp/ii.php?email=test@test.com
SCREENSHOT :


CLICK : Sign In to continue

REDIRECT : http://utherbucket.com/includes/email/upgrade/newp/loading.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=test@test.com&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1


REDIRECT : https://www.google.com/

Email analysis :

NOTE : hamza@smartzonesaudi.com
NOTE : Received : from sl13.sahara.net.sa ([212.76.85.74])
NOTE : Received : from [41.71.217.42] (port=64475) by sl13.sahara.net.sa
NOTE : Email Administration Alert

utherbucket.com whois :

Domain Name: UTHERBUCKET.COM
Registrar URL: http://www.godaddy.com
Registrant Name: Cinnamon Alexi
Registrant Organization: Project B
Name Server: NS1.KATARINAFORBES.COM
Name Server: NS2.KATARINAFORBES.COM
DNSSEC: unsigned

Thursday, September 25, 2014

Facebook phishing

Dear Facebook User, We recently noticed that your Facebook account is being accessed by a third-party. We think that this is unauthorized access – an attempt to hack your account. So, we need you to confirm the ownership of your Facebook account. Please login to your Facebook account from the link below

Facebook account

Phishing analysis :
===================================
NOTE : Click "Facebook account"
NOTE : Open http://www.facebookke.com
===================================

facebookke.com whois :
===================================
Domain Name: FACEBOOKKE.COM
Registry Domain ID: NA
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2014-09-24 05:13:51Z
Creation Date: 2014-09-24 12:13:00Z
Registrar Registration Expiration Date: 2015-09-24 12:13:00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: abuse@enom.com
Registrar Abuse Contact Phone: +1.4252744500
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: KEN SIVERTS
Registrant Organization: VICTORIA LOP
Registrant Street: 365 W VICTORIA ST
Registrant City: MIAMI
Registrant State/Province: FL
Registrant Postal Code: 33142
Registrant Country: US
Registrant Phone: +1.6024327883
Registrant Email: TGNST@DAINTLY.COM
Registry Admin ID:
Admin Name: KEN SIVERTS
Admin Organization: VICTORIA LOP
Admin Street: 365 W VICTORIA ST
Admin City: MIAMI
Admin State/Province: FL
Admin Postal Code: 33142
Admin Country: US
Admin Phone: +1.6024327883
Admin Email: TGNST@DAINTLY.COM
Tech Name: KEN SIVERTS
Tech Organization: VICTORIA LOP
Tech Street: 365 W VICTORIA ST
Tech City: MIAMI
Tech State/Province: FL
Tech Postal Code: 33142
Tech Country: US
Tech Phone: +1.6024327883
Tech Email: TGNST@DAINTLY.COM
Name Server: NS1.GRIDFAST.NET
Name Server: NS2.GRIDFAST.NET
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-09-24 05:13:51Z
===================================

Mail analysis :
===================================
NOTE : Return-Path : < change@facebook.com >
NOTE : Received : from unknown (HELO sona.server-queen.jp) (209.54.62.165)
NOTE : X-Php-Originating-Script : 10000:crons.php(7) : eval()'d code
NOTE : Facebook Password Reset Confirmation! Important Message
===================================