Friday, January 18, 2013

Sendspace Phishing from fake Habbo Hotel

Sendspace File Delivery Notification:
You've got a file called Webmaster_N****.pdf, (581.8 KB) waiting to be downloaded at sendspace.(It was sent by Adalia ).

You can use the following link to retrieve your file:
Download

Thank you,
Sendspace, the best free file sharing service.


Fetching links :

=======================================================
http://brlifecs.paradisegamers.com.br/wlc.htm
=======================================================

Extracting datas :

paradisegamers.com.br is hosted on 108.163.190.2 by :
=======================================================
aut-num: AS32613
as-name: IWEB-AS
descr: iWeb Technologies Inc.
http://www.iweb.com/
=======================================================
import: from AS174 accept ANY
import: from AS5769 accept ANY
import: from AS6453 accept ANY
import: from AS13768 accept ANY
import: from AS18875 accept ANY
import: from AS30176 accept ANY
import: from AS3320 accept ANY
import: from AS26198 accept ANY
import: from AS54110 accept ANY
=======================================================
export: to AS174 announce AS-IWEB
export: to AS5769 announce AS-IWEB
export: to AS6453 announce AS-IWEB
export: to AS13768 announce AS-IWEB
export: to AS18875 announce AS-IWEB
export: to AS30176 announce AS-IWEB
export: to AS3320 announce AS-IWEB
export: to AS26198 announce AS-IWEB
=======================================================
admin-c: CM-IWEB
tech-c: CM-IWEB
notify: net-admin(at)iweb.ca
mnt-by: MAINT-AS32613
changed: tstpierre(at)iweb.com 20120822 #19:20:54Z
source: RADB
=======================================================
person: Cyrille Mertes
address: Le Groupe iWeb Technologies Inc.
3185, rue Hochelaga
Montreal, Quebec
H1W 1G4
phone: 514-2836-4242
fax-no: 514-286-1292
e-mail: cmertes(at)iweb.com
nic-hdl: CM-IWEB
remarks: SysAdmin
mnt-by: MAINT-AS32613
=======================================================
changed: cyrille(at)iwebgroup.com 20040710 #17:47:14(UTC)
changed: cyrille(at)iwebgroup.com 20040710 #18:07:08(UTC)
changed: cyrille(at)iwebgroup.com 20050505 #20:39:40(UTC)
changed: cmertes(at)iweb.com 20080408 #22:21:18Z
=======================================================
source: RADB
=======================================================
paradisegamers.com.br whois :
=======================================================
domain: paradisegamers.com.br
owner: Nuno Henriques Previato Branco
ownerid: 425.816.418-60
country: BR
owner-c: NHPBR
admin-c: NHPBR
tech-c: CHOAS
billing-c: NHPBR
nserver: ns1.comdatacenter.com
nsstat: 20130116 AA
nslastaa: 20130116
nserver: ns2.comdatacenter.com
nsstat: 20130116 AA
nslastaa: 20130116
saci: yes
created: 20110703 #8525082
expires: 20130703
changed: 20121228
status: published
=======================================================
nic-hdl-br: CHOAS
person: Cássio Henrique Oliveira de Assis
e-mail: cassiohenrique@globomail.com
created: 20110405
changed: 20110418
=======================================================
nic-hdl-br: NHPBR
person: Nuno Henriques Previato Branco
e-mail: nunopb2@yahoo.com.br
created: 20110702
changed: 20110830
=======================================================

EXTRACTING MAIL INFORMATIONS :

=======================================================
Email : sheasingo@sunydutchess.edu,auto-contact@habbo.com
IP : 62.50.39.209,66.132.225.103,89.120.49.5
Using : ecelerity 3.1.3.39918 r(39919)
Title : You have been sent a file (Filename: Webmaster_N******.pdf)
=======================================================

Social engineering is a long path...

Request for a foreign financial trustee/Guidian

My name is Davidson Garang son of one of the biggest cocoa merchants in Cote D' Ivoire who was killed in the last electoral crisis between the deposed former president Laurent Gbagbo and the current president Alassane Ouattara.

My father gave me an instruction to leave Cote D' Ivoire at the wake of the unrest and he gave me a note and some documents to meet with his lawyer in Accra, Ghana over his deposit of a 3 trunk boxes which contained the sum of US$12,000,000.00 deposited with a security company in Ghana as family valuable.

My father who is now dead, told me that any thing can happen to him when I was leaving Cote D' Ivoire because he was seen as the former president ally. He said I should use the proceed of the box through a trusted foreign trustee that can take good care of me and my future by investing the fund into a very profitable business where those that are concerned will benefit while I continue my education.

I met with the lawyer on my arrival in Ghana who assisted me to work out the modalities toward the claiming of the deposit from the security company.What is left is for me presenting a foreign manager as my trustee before the security company in accordance with the bond my late father signed with the security company that I must introduce a trustee before the release of the deposit.

This is why I wrote you this email to be my foreign trustee who will assist to manage this fund in terms that we have to agree upon.Please get back to me as soon as possible for us to proceed if you are prepare to be my trustee.

Wait to hear from you as soon as possible.

Regards,
Davidson Garang

========================================================
Email : davegerag@yahoo.com,davegarang1@yahoo.com
IP : 100.42.219.12,217.160.107.108
Mailer : Microsoft Outlook Express 6.00.2600.0000
========================================================