Tuesday, August 16, 2016

Wichtig: Konto-Update (Strato Phishing)

Sehr geehrter Kunde:

Wir führen Wartungsarbeiten an unserer Kundendatenbank , wodurch Sie verpflichtet sind, Ihre Daten sofort zu überprüfen.

Wir betrachten diesen Prozess zwingend

Aktualisieren Sie Ihr Konto

Mit freundlichen Grüßen

STRATO AG
--------------------------------------------------------
Website: http://www.strato.de
--------------------------------------------------------
STRATO AG
Pascalstraße 10
10587 Berlin
--------------------------------------------------------
Vorsitzender des Aufsichtsrates: Vicente Vento

Vorstand: Dr. Christian Böing (Vorsitz), Christoph Steffens, René Wienholtz

Amtsgericht Berlin-Charlottenburg HRB 79450

Disclaimer: NOTICE, The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Petromin will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Petromin. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message.

Email screenshot :


Email analysis :

NOTE : Wichtig: Konto-Update
NOTE : rene.templonuevo@petromin.com
NOTE : 209.85.161.174 as permitted sender)
NOTE : smtp.mailfrom=rene.templonuevo@petromin.com

Phishing analysis :

CLICK : Aktualisieren Sie Ihr Konto
OPEN : https://dl.dropboxusercontent.com/u/594471236/strat.htm
REDIRECT : data:text/html;base64
SCREENSHOT :

NOTE : Interesting form : https://marte.rhscargoexpress.de/s.php
CLICK : Login
REDIRECT : https://marte.rhscargoexpress.de/s.php
REDIRECT : https://www.strato.de/

Saturday, July 23, 2016

Wichtig: Konto-Update (Strato Phishing)

Sehr geehrter Kunde:

Wir führen Wartungsarbeiten an unserer Kundendatenbank , wodurch Sie verpflichtet sind, Ihre Daten sofort zu überprüfen.

Wir betrachten diesen Prozess zwingend

Aktualisieren Sie Ihr Konto

Freundliche Grüße
Strato

Email screenshot :


Email analysis :

NOTE : byron.d@aldamafoods.com
NOTE : Mime-Version : 1.0

Phishing analysis :

CLICK : Aktualisieren Sie Ihr Konto
OPEN : https://db.tt/iBIofV7y
REDIRECT : base64 redirect (raw file on pastebin) (converted html file on pastebin)
SCREENSHOT :

Thursday, September 24, 2015

confirmez votre compte Itunes (Phishing Apple)

Chère/Cher client(e,

Nous vous informons que votre compte arrive à expiration dans moins de 48 heures, il est impératif d'effectuer une vérification de vos informations dès à présent, sans quoi votre compte sera supprimé.
Telechargez le formulaire ci-joint et l'ouvrir dans votre navigateur et faites votre demande.

Pourquoi ce courrier électronique vous a-t-il été envoyé ?
L'envoi de ce courrier électronique s'applique lorsque la date d'expiration de votre compte arrive à terme.

Merci,
L'assistance à la clientèle Apple

Mon identifiant Apple | Assistance | Engagement de confidentialité
Copyright © 2015 iTunes S.à r.l. 31-33, rue Sainte Zithe, L-2763 Luxembourg.? Tous droits réservés.

Confirmation_N527728.html

Phishing analysis :

NOTE : open Confirmation_N527728.html
NOTE : Inside the file Confirmation_N527728.html javascript "unescape"
NOTE : Unescape file Confirmation_N527728.html
NOTE : Extract http://85.214.65.215/~php/TOS.php
NOTE : Extract http://85.214.65.215/~images/css/validationEngine.jquery.css
NOTE : The file Confirmation_N527728.html is a phishing page.
NOTE : The datas are sent to http://85.214.65.215/~php/TOS.php
NOTE : http://85.214.65.215/~php/TOS.php redirect to apple.com

85.214.65.215 analysis :

inetnum: 85.214.16.0 - 85.214.139.255
netname: STRATO-RZG-DED2
org: ORG-SRA1-RIPE
descr: Strato Rechenzentrum, Berlin
country: DE
admin-c: SRDS-RIPE
tech-c: SRDS-RIPE
remarks: ************************************************************
remarks: * Please send abuse complaints to abuse-server@strato.de *
remarks: * or fax +49-30-88615-755 ONLY. *
remarks: * Abuse reports to other e-mail addresses will be ignored. *
remarks: ************************************************************
status: ASSIGNED PA
mnt-by: STRATO-RZG-MNT
created: 2006-05-11T16:37:24Z
last-modified: 2013-07-06T09:34:26Z
source: RIPE Filtered
organisation: ORG-SRA1-RIPE
org-name: Strato AG
org-type: LIR
address: Strato AG
address: Christian Mueller
address: Pascalstrasse 10
address: 10587
address: Berlin
address: GERMANY
phone: +4930398020
fax-no: +493039802222
mnt-ref: STRATO-RZG-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: AS286-MNT
mnt-by: RIPE-NCC-HM-MNT
admin-c: CM265-RIPE
admin-c: CHSE-RIPE
abuse-c: SRAC-RIPE
abuse-mailbox: abuse@strato.de
created: 2004-04-17T11:12:39Z
last-modified: 2015-08-12T13:35:20Z
source: RIPE Filtered
role: RIPE contact Dedicated Server
address: STRATO AG
address: Pascalstr. 10
address: D-10587 Berlin
address: Germany
phone: +49 30 39802-0
org: ORG-SRA1-RIPE
abuse-mailbox: abuse-server@strato.de
admin-c: XX1-RIPE
tech-c: CHSE-RIPE
nic-hdl: SRDS-RIPE
remarks: ************************************************************
remarks: * Please send abuse complaints to abuse-server@strato.de *
remarks: * or fax +49-30-88615-755 ONLY. *
remarks: * Abuse reports to other e-mail addresses will be ignored. *
remarks: * *
remarks: * For peering requests or operational issues please look *
remarks: * at the information in the AS6724 RIPE database object. *
remarks: ************************************************************
mnt-by: STRATO-RZG-MNT
created: 2010-01-15T08:35:31Z
last-modified: 2013-10-14T08:04:17Z
source: RIPE Filtered
route: 85.214.65.0/24
descr: STRATO AG
descr: prefix only advertised in case of DDoS
origin: AS6724
mnt-by: STRATO-RZG-MNT
created: 2014-02-18T16:19:23Z
last-modified: 2014-02-18T16:19:23Z
source: RIPE Filtered

% This query was served by the RIPE Database Query Service version 1.80.1 (DB-1)

Email analysis :

NOTE : Return-Path : < noreply@apple.com >
NOTE : Return-Path : noreply@apple.com
NOTE : X-Remote : 185.8.50.110 ()
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 1 (High)
NOTE : Received : from unknown (HELO final) (185.8.50.110)
NOTE : Received : from [185.8.50.110] ([127.0.0.1]) by final with Microsoft SMTPSVC
NOTE : confirmez votre compte Itunes

185.8.50.110 analysis :

inetnum: 185.8.50.0 - 185.8.51.255
netname: ARUBACLOUD-FR
descr: Aruba SAS - Cloud Services Farm4
country: FR
admin-c: SANS-RIPE
tech-c: AN3450-RIPE
status: ASSIGNED PA
mnt-by: ARUBAFR-MNT
created: 2012-10-29T11:05:37Z
last-modified: 2012-10-29T11:05:37Z
source: RIPE Filtered
role: ARUBA NOC
address: Aruba S.p.A.
address: Loc. Palazzetto 4
address: 52011 Bibbiena Stazione - Arezzo
address: Italy
abuse-mailbox: abuse@staff.aruba.it
admin-c: SS936-RIPE
tech-c: SC279-RIPE
nic-hdl: AN3450-RIPE
mnt-by: ARUBA-MNT
created: 2008-11-19T19:02:34Z
last-modified: 2011-12-28T16:45:28Z
source: RIPE Filtered
person: Eric Sansonny
address: Aruba SAS
address: Rue de Cambrai 32
address: 75019 Paris
phone: +330140388700
fax-no: +330146079808
nic-hdl: SANS-RIPE
mnt-by: ARUBAFR-MNT
created: 2012-09-20T06:28:55Z
last-modified: 2012-09-20T06:34:56Z
source: RIPE Filtered
route: 185.8.48.0/22
descr: Aruba.FR Network
origin: AS199653
mnt-by: ARUBAFR-MNT
created: 2012-10-26T15:40:29Z
last-modified: 2012-10-26T15:40:29Z
source: RIPE Filtered