LinkedIn
Ahmed Kinawy wants to add you to their network
mahmoud ahmed
Ahmed Kinawy
CEO at RIOTRADE BUSINESS GROUP
Dubai:· 5,640 connections
Accept Ahmed's invitation
LinkedIn is a social network and online platform for professionals. Learn More
Unsubscribe | Help
You are receiving Invitation emails. LinkedIn will use your email address to make suggestions to our members in features like People You May Know.
This email was sent to you.
LinkedIn
© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : hsmuisem@meu.edu.jo
NOTE : Received : from [172.20.10.3] (105.112.24.147)
Phishing screenshot :
Phishing analysis :
CLICK :
OPEN : https://florenciaeventos.com.ar/jkk/i.php
REDIRECT : https://florenciaeventos.com.ar/Lin/www.linkedin/c393e7e29942131cf98a4f0aecb5c2a2/
SCREENSHOT :
FILL : FORM
REDIRECT : https://florenciaeventos.com.ar/Lin/www.linkedin/c393e7e29942131cf98a4f0aecb5c2a2/index2.html
SCREENSHOT :
Tuesday, October 10, 2017
Thursday, October 5, 2017
Your Apple ID: Access from new web or mobile device (Apple ID Phishing)
Dear Apple Customer,
This email was generated because of a login attempt from a web or mobile device located at 88.190.229.170 (FR). The login attempt included your correct Apple ID and password. The Apple ID Guard is required to complete the login. No one can access your account without also accessing this email. You are unable to access your account. Please use this account specific recovery link for assistance recovering your account.
Recovering my account
Thanks,
The Apple Team
https://support.apple.com
TM and copyright © 2017 Apple Inc. 1 Infinite Loop, MS 96-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID
Email analysis :
NOTE : Return-Path : < f@node02.facesharedasia1.com >
NOTE : Return-Path : f@node02.facesharedasia1.com
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative; boundary="===============1462413996=="
NOTE : Received-Spf : client-ip=216.127.151.37;
NOTE : Received : from WIN-6Q15KS5IKGJ ([216.127.151.37])
NOTE : Received : from [38.121.232.25]
NOTE : Your Apple ID: Access from new web or mobile device
Phishing analysis :
CLICK : Recovering my account
OPEN : https://pmb.stiemmamuju.ac.id/index1.html
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/login.php?ip=*
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/suspended.php?ip=*
SCREENSHOT :
CLICK : Confirm My Account
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/personal.php?ip=*
This email was generated because of a login attempt from a web or mobile device located at 88.190.229.170 (FR). The login attempt included your correct Apple ID and password. The Apple ID Guard is required to complete the login. No one can access your account without also accessing this email. You are unable to access your account. Please use this account specific recovery link for assistance recovering your account.
Recovering my account
Thanks,
The Apple Team
https://support.apple.com
TM and copyright © 2017 Apple Inc. 1 Infinite Loop, MS 96-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID
Email analysis :
NOTE : Return-Path : < f@node02.facesharedasia1.com >
NOTE : Return-Path : f@node02.facesharedasia1.com
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative; boundary="===============1462413996=="
NOTE : Received-Spf : client-ip=216.127.151.37;
NOTE : Received : from WIN-6Q15KS5IKGJ ([216.127.151.37])
NOTE : Received : from [38.121.232.25]
NOTE : Your Apple ID: Access from new web or mobile device
Phishing analysis :
CLICK : Recovering my account
OPEN : https://pmb.stiemmamuju.ac.id/index1.html
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/login.php?ip=*
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/suspended.php?ip=*
SCREENSHOT :
CLICK : Confirm My Account
REDIRECT : http://inboxaus.com/apple/627f3b5930cd81c983453025ffe207da/personal.php?ip=*
Tuesday, September 19, 2017
Add me on Linkedln (LinkedIn Phishing Attempt)
LinkedIn
Ahmed Kinawy wants to add you to their network
mahmoud ahmed
Ahmed Kinawy
CEO at LAKHRAIM BUSINESS GROUP
Dubai:· 5,640 connections
Accept Ahmed's invitation
LinkedIn is a social network and online platform for professionals. Learn More
Unsubscribe | Help
You are receiving Invitation emails. LinkedIn will use your email address to make suggestions to our members in features like People You May Know.
This email was sent to you.
LinkedIn
© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : Jnsour@meu.edu.jo
NOTE : client-ip=104.47.0.219;
Phishing analysis :
CLICK : Accept Ahmed's invitation
OPEN : http://www.bristolflying.co.uk/wp-includes/js/wp-admin/Linkedln/
NOTE : ERROR.
NOTE : Phishing attempt.
Ahmed Kinawy wants to add you to their network
mahmoud ahmed
Ahmed Kinawy
CEO at LAKHRAIM BUSINESS GROUP
Dubai:· 5,640 connections
Accept Ahmed's invitation
LinkedIn is a social network and online platform for professionals. Learn More
Unsubscribe | Help
You are receiving Invitation emails. LinkedIn will use your email address to make suggestions to our members in features like People You May Know.
This email was sent to you.
© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
Email analysis :
NOTE : Jnsour@meu.edu.jo
NOTE : client-ip=104.47.0.219;
Phishing analysis :
CLICK : Accept Ahmed's invitation
OPEN : http://www.bristolflying.co.uk/wp-includes/js/wp-admin/Linkedln/
NOTE : ERROR.
NOTE : Phishing attempt.
please add me on your LinkedIn network (LinkedIn Phishing)
Hi, Mohamed El Wahab sent message on your LinkedIn network
Mohamed El Wahab
CHIEF EXECUTIVE at LLC TRADING IMP & EXP TRADE CO.,LTD
Dubai, UAE.
Connected in August 2017
View Message Here
2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.
You are receiving Activity You Missed emails. Unsubscribe
This email was intended for you (owner). Learn why we included this.
LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland
Email analysis :
NOTE : LinkedInCorporation2017@service.net
NOTE : linkedin-service@noreply.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : Received : from localhost (HELO webmail.sai.org.in)
Phishing analysis :
CLICK : View Message Here
OPEN : http://ramonbmejia.myjino.ru/mejia/linnkedin/www.linkedin/Linkedin1/
VALIDATE : FORM
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://www.linkedin.com/start
SCREENSHOT :
Mohamed El Wahab
CHIEF EXECUTIVE at LLC TRADING IMP & EXP TRADE CO.,LTD
Dubai, UAE.
Connected in August 2017
View Message Here
2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.
You are receiving Activity You Missed emails. Unsubscribe
This email was intended for you (owner). Learn why we included this.
LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland
Email analysis :
NOTE : LinkedInCorporation2017@service.net
NOTE : linkedin-service@noreply.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : Received : from localhost (HELO webmail.sai.org.in)
Phishing analysis :
CLICK : View Message Here
OPEN : http://ramonbmejia.myjino.ru/mejia/linnkedin/www.linkedin/Linkedin1/
VALIDATE : FORM
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://www.linkedin.com/start
SCREENSHOT :
Tuesday, September 12, 2017
Please verify your email address *
The Dropbox logo
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : Received : from customer-PUE-207-103.megared.net.mx (unknown [177.245.207.103])
NOTE : verify@dropbox.com
LINK : http://floraisdobrasil.com.br/dropbox.html
NOTE : Received : from 189.89.7.60.telesa.com.br (unknown [189.89.7.60])
NOTE : verify@dropbox.com
LINK : http://basedow-bilder.de/dropbox.html
Phishing analysis :
CLICK : Verify your email
OPEN : http://floraisdobrasil.com.br/dropbox.html
SCREENSHOT :
CLICK : Verify your email
OPEN : http://basedow-bilder.de/dropbox.html
SCREENSHOT :
REDIRECT : http://wittinhohemmo.net/drop.php
OPEN : http://wittinhohemmo.net/drop.php
DOWNLOAD : Dropbox-MSGCODE-*.js
RESULT : Dropbox-MSGCODE-*.js is a virus
Virus analysis :
Arcabit HEUR.JS.Trojan.ba
Avira HTML/ExpKit.Gen2
Baidu JS.Trojan-Downloader.Nemucod.yo
Cyren JS/Agent.AAO1!Eldorado
F-Prot JS/Agent.AAO1!Eldorado
Qihoo-360 virus.js.qexvmc.1075
Rising Malware.Undefined!8.C (cloud:CVrV9ZfawJI)
Symantec JS.Downloader.D
TrendMicro Possible_Cerber-JS03b1
TrendMicro-HouseCall Possible_Cerber-JS03b1
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Conclusion :
Virus stored for analysis...
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : Received : from customer-PUE-207-103.megared.net.mx (unknown [177.245.207.103])
NOTE : verify@dropbox.com
LINK : http://floraisdobrasil.com.br/dropbox.html
NOTE : Received : from 189.89.7.60.telesa.com.br (unknown [189.89.7.60])
NOTE : verify@dropbox.com
LINK : http://basedow-bilder.de/dropbox.html
Phishing analysis :
CLICK : Verify your email
OPEN : http://floraisdobrasil.com.br/dropbox.html
SCREENSHOT :
CLICK : Verify your email
OPEN : http://basedow-bilder.de/dropbox.html
SCREENSHOT :
REDIRECT : http://wittinhohemmo.net/drop.php
OPEN : http://wittinhohemmo.net/drop.php
DOWNLOAD : Dropbox-MSGCODE-*.js
RESULT : Dropbox-MSGCODE-*.js is a virus
Virus analysis :
Arcabit HEUR.JS.Trojan.ba
Avira HTML/ExpKit.Gen2
Baidu JS.Trojan-Downloader.Nemucod.yo
Cyren JS/Agent.AAO1!Eldorado
F-Prot JS/Agent.AAO1!Eldorado
Qihoo-360 virus.js.qexvmc.1075
Rising Malware.Undefined!8.C (cloud:CVrV9ZfawJI)
Symantec JS.Downloader.D
TrendMicro Possible_Cerber-JS03b1
TrendMicro-HouseCall Possible_Cerber-JS03b1
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Conclusion :
Virus stored for analysis...
Monday, September 4, 2017
TR :lmportant (Phishing Banque Postale)
Cher(e) Client(e),
Dans le cadre de l'amélioration continue de nos services, nos conseilles est à votre écoute.
La Banque Postale effectuent un mise a niveau du logiciel prevu.
Nous vous demandons instamment de visiter le lien suivant pour commencer la confirmation de votre login.
Pour commencer, s'il vous plait cliquer sur le lien ci-dessous:
Cliquez ici
Si vous souhaitez prendre contact avec nous, veuillez Contacter nous sur «Aide et contact».
Email analysis :
NOTE : p.vloon@home.nl
NOTE : 212.54.34.166
NOTE : Received : from vm4.bonachats.net
NOTE : ([52.169.121.142] helo=52.169.121.142)
Screenshot of the Phishing :
Phishing analysis :
CLICK : Cliquez ici
OPEN : https://goo.gl/d9zaHc
SCREENSHOT :
COPY LINK : http://tunarp.se/wp-content/labanquepostale/
OPEN : http://tunarp.se/wp-content/labanquepostale/
RESULT : Phishing attempt
Dans le cadre de l'amélioration continue de nos services, nos conseilles est à votre écoute.
La Banque Postale effectuent un mise a niveau du logiciel prevu.
Nous vous demandons instamment de visiter le lien suivant pour commencer la confirmation de votre login.
Pour commencer, s'il vous plait cliquer sur le lien ci-dessous:
Cliquez ici
Si vous souhaitez prendre contact avec nous, veuillez Contacter nous sur «Aide et contact».
Email analysis :
NOTE : p.vloon@home.nl
NOTE : 212.54.34.166
NOTE : Received : from vm4.bonachats.net
NOTE : ([52.169.121.142] helo=52.169.121.142)
Screenshot of the Phishing :
Phishing analysis :
CLICK : Cliquez ici
OPEN : https://goo.gl/d9zaHc
SCREENSHOT :
COPY LINK : http://tunarp.se/wp-content/labanquepostale/
OPEN : http://tunarp.se/wp-content/labanquepostale/
RESULT : Phishing attempt
Sunday, September 3, 2017
Notification(1) (PayPal Phishing Attempt)
ΡayΡal
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
Saturday, September 2, 2017
Please verify your email address (Dropbox Phishing Attempt)
The Dropbox logo
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : no-reply@dropbox.com
NOTE : Received : from [177.182.101.95] (unknown [177.182.101.95])
NOTE : Received : from ip-161-245.vnt.net.id (unknown [103.58.161.245])
NOTE : Received : from unitel.com.la (unknown [183.182.101.232])
Phishing analyis :
CLICK : Verify your email
OPEN : http://jaysonmorrison.com/dropbox.html
SCREENSHOT :
CLICK : click here
OPEN : http://dippydado.net/json.php
RESULT : website broken...
OPEN : Another dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://dar-alataa.com/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
OPEN : Another Dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://potamitis.gr/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
Hi *,
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Email analysis :
NOTE : no-reply@dropbox.com
NOTE : Received : from [177.182.101.95] (unknown [177.182.101.95])
NOTE : Received : from ip-161-245.vnt.net.id (unknown [103.58.161.245])
NOTE : Received : from unitel.com.la (unknown [183.182.101.232])
Phishing analyis :
CLICK : Verify your email
OPEN : http://jaysonmorrison.com/dropbox.html
SCREENSHOT :
CLICK : click here
OPEN : http://dippydado.net/json.php
RESULT : website broken...
OPEN : Another dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://dar-alataa.com/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
OPEN : Another Dropbox phishing with the same content
CLICK : Verify your email
OPEN : http://potamitis.gr/dropbox.html
SCREENSHOT :
CLICK : click here
RESULT : same result...
Thursday, August 24, 2017
Verify your account™ (Phishing)
Hi *@*,
Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.
Please click here for confimation to avoid mail malfunction.
Regards
Mail sent to: *@*
© 2017 Online Office. All rights reserved. NMLSR ID 399801
Email analysis :
NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;
Phishing analysis :
CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :
Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.
Please click here for confimation to avoid mail malfunction.
Regards
Mail sent to: *@*
© 2017 Online Office. All rights reserved. NMLSR ID 399801
Email analysis :
NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;
Phishing analysis :
CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :
Your PayPal account has been temporarily Locked! (PayPal Phishing)
paypal
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Saturday, August 19, 2017
Votre demande d'ahésion ! (Phishing Société Générale)
vos information
SG
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < noreply@tix.fr >
NOTE : X-Sender-Info : < 349043243@infong732.kundenserver.de >
NOTE : Received : from mout.kundenserver.de ([212.227.126.133])
NOTE : Received : from infong732.kundenserver.de (infong732.kundenserver.de [212.227.29.55])
NOTE : by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis)
NOTE : Received : from 62.210.15.181 (IP may be forged by CGI script)
NOTE : by infong732.kundenserver.de
NOTE : Votre demande d'ahésion !
Phishing analysis :
CLICK : SG
OPEN : x-webdoc://***
OPEN : SOURCE CODE
EXTRACTED : http://apalomino.com/calson/ - http://peinturesdusud-avignon.com/sec
EXTRACTED : cyberzoide@multimanoi.com_body
OPEN : http://apalomino.com/calson/
REDIRECT : http://cubiertasbarcelona.es/eteg/nera/
SCREENSHOT :
Impacted services :
Relay : kundenserver.de
Open Redirect : apalomino.com
Phishing hosted on : cubiertasbarcelona.es
Victim : Société Générale
Tuesday, August 15, 2017
FWD:TR:RE (Phishing attempt Société Générale)
SOCIETE GENERALE
Cher client,
Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.
Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.
https://www.societegenerale.fr/customercare/banque/confprocedure.asp
Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.
© Société Générale 2017
Phishing screenshot :
Email analysis :
NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]
Phishing analysis :
CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.
Cher client,
Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.
Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.
https://www.societegenerale.fr/customercare/banque/confprocedure.asp
Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.
© Société Générale 2017
Phishing screenshot :
Email analysis :
NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]
Phishing analysis :
CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.
Tuesday, August 8, 2017
FWD:RE (Phishing Société Générale)
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit
Notre systeme a detecte que vous n'avez pas active Pass securite
Cliquez ici Pour activez ce service
NOUVEAU: Votre identifiant evolue
NOTE : Ne pas repondre a ce courrier electronique car il est emis
automatiquement depuis une adresse technique
Cordialement
Alexandre krivine
Directeur de la relation clients
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Apply Now >
Facebook
Twitter
Instagram
RSS
Appstore
Android
This message was sent to ilyass-maradona@live.fr
If you would like to update your email address, please click here.
To unsubscribe from emails, please log in to your Mint account
where you can manage your email and mobile alerts setting.
©2007—2017 Mint Software, Inc. | All Rights Reserved.
Mint.com 2632 Marine Way, Mountain View, CA 94043
Privacy Policy | Terms and Conditions
Phishing screenshot :
Email analysis :
NOTE : ing22@telus.net
NOTE : ilyass-maradona@live.fr
NOTE : Received : from cmta16.telus.net ([209.171.16.89])
NOTE : Received : from mtlp000023.email.telus.net ([172.20.100.250])
NOTE : by cmsmtp with SMTP
NOTE : X-Originating-Ip : [105.149.30.122]
Phishing anaylsis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://www.goingesten.se/wp-snapshots/tmp/
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/Action.php?*
SCREENSHOT :
CLICK : VALIDATE WRONG CODE
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/deconnecter.php?date=0000000000&crd=0000&date-ex=00&year-ex=0000&cv=000&numo=0000000000&zob1=00000000&zob2=000000
REDIRECT : http://societegenerale.fr/
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit
Notre systeme a detecte que vous n'avez pas active Pass securite
Cliquez ici Pour activez ce service
NOUVEAU: Votre identifiant evolue
NOTE : Ne pas repondre a ce courrier electronique car il est emis
automatiquement depuis une adresse technique
Cordialement
Alexandre krivine
Directeur de la relation clients
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Apply Now >
RSS
Appstore
Android
This message was sent to ilyass-maradona@live.fr
If you would like to update your email address, please click here.
To unsubscribe from emails, please log in to your Mint account
where you can manage your email and mobile alerts setting.
©2007—2017 Mint Software, Inc. | All Rights Reserved.
Mint.com 2632 Marine Way, Mountain View, CA 94043
Privacy Policy | Terms and Conditions
Phishing screenshot :
Email analysis :
NOTE : ing22@telus.net
NOTE : ilyass-maradona@live.fr
NOTE : Received : from cmta16.telus.net ([209.171.16.89])
NOTE : Received : from mtlp000023.email.telus.net ([172.20.100.250])
NOTE : by cmsmtp with SMTP
NOTE : X-Originating-Ip : [105.149.30.122]
Phishing anaylsis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://www.goingesten.se/wp-snapshots/tmp/
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/Action.php?*
SCREENSHOT :
CLICK : VALIDATE WRONG CODE
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/deconnecter.php?date=0000000000&crd=0000&date-ex=00&year-ex=0000&cv=000&numo=0000000000&zob1=00000000&zob2=000000
REDIRECT : http://societegenerale.fr/
Monday, July 31, 2017
FWD:RE (Phishing Société Générale)
En ce qui concerne les informations relatives à votre compte bancaire:
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Facebook
Instagram
Twitter
Pinterest
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Votre-Paiement-En ligne (Phishing attempt)
Bonjour,
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Subscribe to:
Posts (Atom)