Thursday, November 16, 2017

Promocao Netflix 2 Meses Gratuitos (78091) (Netflix Phishing)

Prezado Cliente: Email Cadastrado - Caso nao esteja visualizando a imagem .
Exibir Imagens

Email analysis :

NOTE : ip-160-153-231-135.ip.secureserver.net
NOTE : www-data@ip-160-153-231-135.ip.secureserver.net
NOTE : Received : from ip-160-153-231-135.ip.secureserver.net
NOTE : (ip-160-153-231-135.ip.secureserver.net [160.153.231.135])

Phishing analysis :

CLICK : Exibir Imagens
OPEN : https://graficagibin.com.br/VELHO/beta/images/content/02/?
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/index.php
SCREENSHOT :


VALIDATE FORM WITH WRONG EMAIL
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/payment.php?form=*.scr
SCREENSHOT :


CLICK : VISA
SCREENSHOT :


FILL : FAKE DATA
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/terminor.php?form=*.scr
SCREENSHOT :


REDIRECT : https://www.netflix.com/getstarted?locale=pt-BR&action=startAction

Warning Your test@test.com Shut Down !!! (Gmail phishing)

Server Message

Dear test@test.com

Our record indicates that you have recently made a request to deactivate email. This request will be processed shortly. If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

Cancel De-activation

However, if you do not cancel this request, your account will be de-activated shortly and all your email data will be permanently lost.

Regards.

Email Administrator

Message is auto This-generated from security server, and replies sent to this email can not be delivered. This email is meant for:

Email analysis :

NOTE : support@mailserver.com
NOTE : Received : from mailserver.com ([148.163.101.104])


Phishing analysis :

CLICK : Cancel De-activation
OPEN : http://www.ksawed.org/webmail.php?email=test@test.com
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://support.google.com/accounts/answer/141137?hl=&visit_id=0-636464428251608265-4216504168&rd=1
SCREENSHOT :


INFO : Gmail phishing...

HELLO GOOD DAY (Rosneft Scam)

Hello and good day.

I am looking to work with a reputable individual/firm to engage in a profit oriented ventures in your country and perhaps with your assistance, we could get low tax rates.

I have the directive of Mr. Mikhail Khodorkovsky to source for partner abroad who can accommodate and manage 150M & 350M USD respectively. The sums are derived from an executed project with Yukos Oil Company before the company was change merged into Rosneft Oil Corporation in Russia.

We shall apply for the necessary paper work required to re-profile your name as the receipient and also ensure payment is carried out by Rosneft into a bank account in your name. I guaranty we would execute this business under a legitimate arrangement without breach of the law.

Further details will follow upon your positive reply.

Regards,

ALEXANDER KORIKOV

Email analysis :

NOTE : info@s41.coreserver.jp
NOTE : alexanderkorikov2747@gmail.com
NOTE : Received : from 204.44.78.199.static.greencloudvps.com
NOTE : (HELO User) (204.44.78.199)


NOTE : by s41.coreserver.jp
NOTE : client-ip=202.172.28.42;