You have a dropbox message (Dropbox phishing)

Greetings from Dropbox Team!

You have a new document shared with you via dropbox
Click to open: Secure Message

Happy Dropboxing!
- The Dropbox Team

P.S. To get even more space, invite your friends or upgrade your Dropbox.
© 2016 Dropbox

Phishing analysis :

CLICK : Secure Message
OPEN : http://siliconleaf.com/js/drop/TT/Dropbox.html
SCREENSHOT :

NOTE : Phishing was removed.

Email analysis :NOTE :

NOTE : Mime-Version : 1.0
NOTE : lizann50@suddenlink.net designates 208.180.40.72 as permitted sender)
NOTE : smtp.mailfrom=lizann50@suddenlink.net
NOTE : Return-Path : < lizann50@suddenlink.net >
NOTE : Received : from dalofep02.suddenlink.net (txofep02.suddenlink.net. [208.180.40.72])
NOTE : Received : from [10.111.1.6] (really [209.95.50.130])

NOTE : by dalofep02.suddenlink.net (InterMail vM.8.04.03.22)
NOTE : client-ip=208.180.40.72;

NOTE : You have a dropbox message

siliconleaf.com whois :

Domain Name: SILICONLEAF.COM
Registry Domain ID: 1735949442_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-07-26T15:27:00Z
Creation Date: 2012-07-27T06:08:40Z
Registrar Registration Expiration Date: 2016-07-27T06:08:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Registrant Name: Rushabh Parikh
Registrant Organization: Silikonleaf
Registrant Street: 402, Chandanvan-1, Majuragate
Registrant City: Surat
Registrant State/Province: Gujarat
Registrant Postal Code: 395002
Registrant Country: IN
Registrant Phone: +91-902-445-6484
Registrant Email: russ1990@gmail.com
Admin Name: Rushabh Parikh
Admin Organization: Silikonleaf
Admin Street: 402, Chandanvan-1, Majuragate
Admin City: Surat
Admin State/Province: Gujarat
Admin Postal Code: 395002
Admin Country: IN
Admin Phone: +91-902-445-6484
Admin Email: russ1990@gmail.com
Tech Name: Rushabh Parikh
Tech Organization: Silikonleaf
Tech Street: 402, Chandanvan-1, Majuragate
Tech City: Surat
Tech State/Province: Gujarat
Tech Postal Code: 395002
Tech Country: IN
Tech Phone: +91-902-445-6484
Tech Email: russ1990@gmail.com
Name Server: DNS.SITE5.COM
Name Server: DNS2.SITE5.COM
DNSSEC: unsigned

Re : nouveau message disponible (Phishing Free)

bonjour,


Vous étes client déune offre internet Freebox et nous vous remercions de votre confiance.

En effet votre facture Né 139358537B0 date d'émission 16/01/2016 é été doublement débite.

Directement en cliquant sur le lien suivant : Mon suivi de remboursement

Désireux de vous satisfaire, nous vous remercions de votre fidélité.


Votre service clients internet


Phishing analysis :

CLICK : Mon suivi de remboursement
OPEN : https://www.umshop.com.br/1234.html
REDIRECT : http://www.malls99.com/www.Freemobile.fr/id.mobile-free.fr/auth_user/bin/auth0user.cgidate=*/

Email analysis :NOTE :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset="iso-8859-1"
NOTE : X-Mailer : PHPMailer [version 1.73]
NOTE : X-Priority : 3
NOTE : Return-Path : < support@m.deallx.fr >
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Received : from sexshop-germany.sexshop-germany.de ([52.28.140.27])
NOTE : Received : from www.palora.de (localhost [IPv6:::1])
NOTE : by sexshop-germany.sexshop-germany.de (Postfix)
NOTE : Message-Id : < *@www.palora.de >
NOTE : Re : nouveau message disponible

umshop.com.br whois :

nic-hdl-br: MAH165
person: Marcelo Haddad
created: 20011120
changed: 20120507

deallx.fr whois :

domain: deallx.fr
status: ACTIVE
hold: NO
holder-c: UL1566-FRNIC
admin-c: DG7861-FRNIC
tech-c: NH1896-FRNIC
zone-c: NFC1-FRNIC
nsl-id: NSL4564-FRNIC
registrar: EPAG Domainservices GmbH
Expiry Date: 04/04/2016
created: 25/02/2011
last-update: 04/04/2015
source: FRNIC
ns-list: NSL4564-FRNIC
nserver: ns1.nessus.at
nserver: ns2.nessus.at
nserver: ns3.nessus.at
source: FRNIC
registrar: EPAG Domainservices GmbH
type: Isp Option 1
address: Niebuhrstra??e 16b
address: DE-53113 BONN
country: DE
phone: +49 228 3296840
fax-no: +49 228 3296849
e-mail: support@epag.de
website: http://www.epag.de
anonymous: NO
registered: 11/01/2006
source: FRNIC
nic-hdl: UL1566-FRNIC
type: ORGANIZATION
contact: 101Domain Limited
address: 101Domain Limited
address: 72 High Street, Haslemere
address: GU27 2LA Surrey
country: GB
phone: +44 17604448674
fax-no: +44 17605794996
e-mail: domreg@101domain.com
registrar: EPAG Domainservices GmbH
changed: 05/04/2014 nic@nic.fr
anonymous: NO
obsoleted: NO
source: FRNIC
nic-hdl: DG7861-FRNIC
type: ORGANIZATION
contact: Deallx GmbH
address: Industriezeile 54
address: 5280 Braunau
address: Oberoesterreich
country: AT
phone: +49 85719250212
fax-no: +49 85719250229
e-mail: info@deallx.de
registrar: EPAG Domainservices GmbH
changed: 27/03/2014 nic@nic.fr
anonymous: NO
obsoleted: NO
eligstatus: ok
eligsource: REGISTRAR
eligdate: 27/03/2014 12:04:46
reachmedia: email
reachstatus: ok
reachsource: REGISTRAR
reachdate: 27/03/2014 12:04:46
source: FRNIC
nic-hdl: NH1896-FRNIC
type: PERSON
contact: Nessus Hostmaster
address: NESSUS GmbH
address: Fernkorngasse 10/A/2/101
address: 1100 Wien
country: AT
phone: +43 720002828
fax-no: +43 123488779
e-mail: hostmaster@nessus.at
registrar: EPAG Domainservices GmbH
changed: 13/03/2013 nic@nic.fr
anonymous: NO
obsoleted: NO
source: FRNIC

malls99.com whois :

Domain Name: MALLS99.COM
Registry Domain ID: 1951021053_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-08-04T16:25:04Z
Creation Date: 2015-08-04T16:25:04Z
Registrar Registration Expiration Date: 2016-08-04T16:25:04Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Registry Registrant ID:
Registrant Name: dishank gupta
Registrant Organization:
Registrant Street: s22 ashok vihar near by arjun nagar phatak
Registrant Street: jaipur
Registrant City: jaipur
Registrant State/Province: Rajasthan
Registrant Postal Code: 302015
Registrant Country: IN
Registrant Phone: +91.8955879778
Registrant Email: dishank.gupta1991@gmail.com
Registry Admin ID:
Admin Name: dishank gupta
Admin Organization:
Admin Street: s22 ashok vihar near by arjun nagar phatak
Admin Street: jaipur
Admin City: jaipur
Admin State/Province: Rajasthan
Admin Postal Code: 302015
Admin Country: IN
Admin Phone: +91.8955879778
Admin Email: dishank.gupta1991@gmail.com
Registry Tech ID:
Tech Name: dishank gupta
Tech Organization:
Tech Street: s22 ashok vihar near by arjun nagar phatak
Tech Street: jaipur
Tech City: jaipur
Tech State/Province: Rajasthan
Tech Postal Code: 302015
Tech Country: IN
Tech Phone: +91.8955879778
Tech Email: dishank.gupta1991@gmail.com
Name Server: NS1.DOTICONIC.COM
Name Server: NS2.DOTICONIC.COM
DNSSEC: unsigned

palora.de whois :

Domain holder: Scandia Trading ApS
Address: Buen 36
Postal code: 6340
City: Kruså
Country: DK
Administrative contact
Name: Sandra Zell
Organisation: PTS Privacy & Trustee Services GmbH
Address: Neunkircher-Str. 43
Postal code: 66299
City: Friedrichsthal
Country: DE
Technical contact
Name: Hostmaster Funktionen
Organisation: UnoEuro
Address: Danmarksvej 26
Postal code: 8660
City: Skanderborg
Country: DK
Phone: +45-86515030
Fax: +45-70235567
E-mail: hostmaster@unoeuro.com
Zone administrator
Name: Hostmaster Funktionen
Organisation: UnoEuro
Address: Danmarksvej 26
Postal code: 8660
City: Skanderborg
Country: DK
Phone: +45-86515030
Fax: +45-70235567
E-mail: hostmaster@unoeuro.com
Name server: ns-121.awsdns-15.com
Name server: ns-1275.awsdns-31.org
Name server: ns-1961.awsdns-53.co.uk
Name server: ns-839.awsdns-40.net

sexshop-germany.de whois :

Domain holder: QE GmbH & Co. KG
Address: Martinistr. 3
Postal code: 49080
City: Osnabrück
Country: DE
Administrative contact
Name: Ansas Meyer
Organisation: QE GmbH & Co. KG
Address: Martinistr. 3
Postal code: 49080
City: Osnabrück
Country: DE
Technical contact
Name: Hostmaster of the day
Organisation: QE GmbH & Co. KG
Address: Martinistr. 3
Postal code: 49080
City: Osnabrück
Country: DE
Phone: +49-541-40666-180
Fax: +49-541-40666-189
E-mail: info@birawu.com
Zone administrator
Name: Hostmaster of the day
Organisation: QE GmbH & Co. KG
Address: Martinistr. 3
Postal code: 49080
City: Osnabrück
Country: DE
Phone: +49-541-40666-180
Fax: +49-541-40666-189
E-mail: info@birawu.com
Technical data
Name server: ns1.birawu.com
Name server: ns2.birawu.com

Domains used for this phishing :

• umshop.com.br
• malls99.com
• deallx.fr
• sexshop-germany.de
• palora.de

Waiting for your positive reply.

Good day

How are you today, hope you are fine. There is important issue I want us to discuss concerning a lucrative project which I want us to establish in your country. I am Mr.Tarek Aziz from Dubai. U.A.E. Get back to me with your decision so that I will give you more details.
My regards to your family. Waiting for your positive reply.

Sincerely

Email analysis :

NOTE : tarekaaziz@yahoo.com.hk
NOTE : tareaziz122@yahoo.cl
NOTE : X-Virus-Scanned : amavisd-new at budnik.cl
NOTE : client-ip=200.75.12.211;
NOTE : Received : from zmb.budnik.cl (alerce.budnik.cl. [200.75.12.211])
NOTE : Received : from User (unknown [160.129.138.109])
NOTE : by zmb.budnik.cl (Postfix)
NOTE : Waiting for your positive reply.

Scammer's last position :

Dr. Raji Musa

My Dear Good Friend,

My name is Dr. Raji Musa, i am the immediate past Financial Director of ECONOMIC COMMUNITY OF WEST AFRICAN STATES (Ecowas). I have about USD30M which I made while in office and i intend to invest this $30M in your country with your partnership.You will have 25% (USD7.5M) for your assistance . Kindly reply through private email address (rajimusa1974@outlook.com) for security reasons if you are interested and do not entertain any fear or doubt on this transaction because it is very legal and legitimate.

Regards,
Dr. Raji Musa
Dr. Raji Musa

Email analysis :

NOTE : rajimusa1974@outlook.com
NOTE : raiquen@speedy.com.ar
NOTE : Dr raji musa < raiquen@speedy.com.ar >
NOTE : Received : from localhost (28v.terra.com [208.84.242.166])
NOTE : (authenticated user raiquen!speedylm)
NOTE : by mail-smtp15-mia.tpn.terra.com
NOTE : X-Origin : 41.58.15.179

Fund Delivery

Attention My Dear

I have registered your winning Price of $2.5USD with World Courier Company with registration code of ( DCJKT00617G). please Contact with your delivery information such as, Your Name, Your Address ID CARD
COPY and Your Telephone Number:

World Courier Company Office:
Contact Person: Mr Paulo Jay:
E-mail: worldcourier2016@hotmail.com
PHONE: NO +229-68650487

I have paid for the Insurance & Delivery fee.The only fee you have to pay is their Security fee only.Please indicate the registration Number and ask Him how much is their Security fee so that you can pay it.

Best Regards,
Mrs. Jolie Davis.

Fund Delivery

Email analysis :

NOTE : worldcourier2016@hotmail.com
NOTE : Davis1@heart.ocn.ne.jp
NOTE : Received : from mzcstore311.ocn.ad.jp
NOTE : (mz-fcb311p.ocn.ad.jp [180.37.198.99])
NOTE : by vcwebmail.ocn.ad.jp
NOTE : 197.234.219.23

Reply Please.

Hello My Dear in the Lord,

I crave your indulgence at this mail coming from somebody like me, whom you do not know before. I decided to do this after praying over the situation. You should please consider the transaction on its content and not the fact that you have not known me before. I need not dwell on how I came by your contact information because there are many such possibilities these days’ would like to introduce myself as Mr. Nathan Browell, of united Arab Emirate (DUBAI),widow to Late Mrs. Ruth Browell manager Daewoo in Madrid Spain. I have been recently diagnosed Cancer of the Pelvic. I am writing to you now from my sick bed because of how this transfer is urgent to me.

There is $26.5M (twenty six Million Five Hundred United State Dollars) my wife has in an account with the Islamic Bank, Dubai of which I am the next of kin.

With my health condition and because my wife and I have no children, I am looking for a credible person that will not betrayed me to whom I will pass the right of next of kin . This person will apply to the bank and request for the transfer of the fund to his/her bank account. This is on the condition that you will take only 30% of the fund for yourself, 10% used for expenses, while you will use the remaining 60%for the less privilege people in the society. This is in fulfillment of the last request of my wife: that a substantial part of the fund be used to carter for the less privileged. If this conditions acceptable to you, you should contact me immediately with your full contact information below;

Your full name...................................................,
Your Address....................................................,
Your telephone Number and Fax Number........,
Your Occupation.................................................,
Your Age............................................................,

So that I will ask our family lawyer to prepare the authorization that will give you the right of next of kin to the account in the bank. I will also give you a text of the application Letter you are to send to the bank.

I cannot predict what will be my fate by the time the fund will be transferred into your account, but you should please ensure that the fund is used as i have described above. I will like you to contact my private doctor on his direct telephone number as stated below: +1209 8317242. to inform him that you have sent me a message, so that i will reply you by sending you a letter of claim.

Looking forward to your immediate response to this my email address above and your information if you are willing to assist me on this project. you reply me on engr.nathanbrowell1941@live.com

Yours Sincerely,
Mr. Nathan

Email analysis :

NOTE : info@io.com
NOTE : engr.nathanbrowell1@barid.com
NOTE : Received : from 4pmail.ylib.com (61.67.176.130)
NOTE : Received : from User ([66.55.23.99]) by 4pmail.ylib.com