Tuesday, July 5, 2016

societe generaIe - (Phishing Société Générale)

Cher(e)cClient(e),c

Lorscdecvotre dérniercachat, vous avez été averticpar un messagecvous informantcde l'obligationcd'adhérer à la
nouvellecréglementationcconcernant la fiabilitécpour les achatscpar C.Bcsur internet et declacmis en place d'un
arrét pour vos futurs achats

Or, nous n'avons pas, ce jour , d'adhésioncde votrcpart et nous sommes ou regret de vouscinformer que vous
pouvezcplus utilisercvotr cart sur internet

cAdhésion : cIiquant icicc

Merci de la confiancecque vouscnous témoignezcc

Cordialementcc

Conseil d'administrationcc

Screenshot of the email :

Email analysis :

NOTE : nnert@diamant35.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < dlkjqqdt@diamant35.com >
NOTE : Received : from diamant35.com ([84.39.45.103])
NOTE : Received : by diamant35.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:qlskjdq.php
NOTE : Message-Id : < 20160705100727.943B92188C@diamant35.com >
NOTE : societe generaIe -

Phishing analysis :

CLICK : Adhésion : cIiquant ici
OPEN : http://lawavesurf.com/di
REDIRECT : http://lawavesurf.com/site/lib/societegenerale/
NOTE : Phishing was removed...
NOTE : Websites used for this phishing : lawavesurf, diamant35

A MESSAGE FOR YOU

From: Mrs. Esther Masego
Address: PO Box 11015, 50742
Kuala Lumpur, Malaysia

Dear Elected.

I am happy to know you, but God knows you better and he knows why he has directed me to you at this point of time so do not be afraid. I saw your contact when i was searching foreign ministries and foreign trade departments. I bring peace and love to you from God. It is by the grace of God that I received Jesus Christ as my lord and savior in my life, Having known the truth; I had no choice than to do what is lawful and right in the sight of God for eternal life and in the sight of man for witness of God mercy and glory upon my life. I am Mrs. Esther Masego the wife of Late Mr. Sadasivan Masego from Malaysia, My husband worked with the Central Bank Of Malaysia for ten years before he died in the year 2005.We were married for twenty-seven years without a child. My Husband died after a brief illness that lasted for only four days. Before his death we were both born again Christians. Since his death I decided not to re-marry or get a child outside my matrimonial home which the Bible is against. When my late husband was alive he deposited the sum of 9,900,000.00 GBP (Nine Million Nine Hundred Thousand Great British Pound) with Barclays Bank PLC, UK. Presently, this money is still with the bank and the management just wrote me as the next of kin to come forward to sign for the release of this fund only know to me and my late husband or rather issue an authorization to somebody to receive it on my behalf if I cannot come over. Unfortunately, I'm in a hospital in Malaysia where I have been undergoing treatment for esophageal cancer. I have lost my ability to talk and my doctors have told me that I have only few months to live. It is my last wish to see this money distributed to any charitable organizations anywhere in the World. Because relatives and friends have plundered so much of my wealth since my illness, I cannot live with the agony of entrusting this huge responsibility to any of them. Please will you utilize this money the way I am going to instruct herein ?. I want you to take 35% of the total money for your personal use. And 5% shall stand to settle any other expenses that may be incurred in the course of executing the transaction, while the remaining 60% of the money will go to charity people in the street without home, helping the orphanage and less-privileged once. Please i don't need any telephone communication in this regard because of my soundless voice and presence of my husband's relatives around me always. So please kindly send me only E-mail here (esther_masego@163.com) because I don't want them to know about this development. With God all things are possible. As soon as I receive your response I shall give you the contact of my late husband Attorney who is in Europe as he will be the one to assist you in laying claims for this money. Your prompt reply will be appreciated. Thank you.

Yours in Christ,
Mrs. Esther Masego .
My Personal E-mail: esther_masego@163.com

Email analysis :

NOTE : esther_masego@163.com
NOTE : craig.metzing@bbpcd.com
NOTE : authenticated_id: roadrunner@rrweatherization.com
NOTE : eceived : from [199.180.115.39] (port=52611 helo=User)

NOTE : by server.ORSERVER.NET with esmtpa (Exim 4.87)
NOTE : (envelope-from < craig.metzing@bbpcd.com >

Vסus avez (1) un nסuveau message, (Phishing Hello bank)

Bonjour,

Vous avez reçu (1) nouveau message.

Pour le consulter, veuiller cliquez sur le lien ce-dessous :

Votre profile

Nous vous remercions de votre confiance.

.
Ce courriel vous a ete envoye par un systeme automatique d'emission de messages.
L'adresse d'emission n'est pas une adresse de courriel classique.
Si vous ecrivez a cette adresse, votre message ne sera pas pris en compte

Screenshot the email :

Email analysis :

NOTE : Vסus avez (1) un nסuveau message,
NOTE : Assistance_Mail@crystaltraveldeals.com
NOTE : Received : from crystaltraveldeals.com ([45.55.190.117])
NOTE : www-data@crystaltraveldeals.com
NOTE : X-Php-Originating-Script : 0:PHPMAILER.php
NOTE : HolloBank

Phishing analysis :

CLICK : Votre profile
NOTE : http://maklounitano.com/*/redere

data:text/html;https://www.hellobank.fr/fr/espace-client:/SGVsbG8gQmFuazwvdGl0bGU+DQo8bGluayByZWw9InNob3J0Y3V0IGljb24iIHR5cGU9ImltYWdlL3gtaWNvbiIgaHJlZj0iaHR0cHM6Ly;base64,PGh0bWw+DQo8dGl0bGU+SGVsbG8gQmFuazwvdGl0bGU+DQo8bGluayByZWw9InNob3J0Y3V0IGljb24iIHR5cGU9ImltYWdlL3gtaWNvbiIgaHJlZj0iaHR0cHM6Ly93d3cuaGVsbG9iYW5rLmZyL3JzYy9jb250cmliL2ltYWdlL2hvbWUvc2xpZGVyL3Byb21vLTgwLmpwZyIvPg0KDQoNCjxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RW11bGF0ZUlFNyIgLz4NCg0KDQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4NCg0KDQoNCg0KDQoNCg0KDQoNCiAgICAgDQo8c3R5bGU+DQoqICAgICAge21hcmdpbjowO3BhZGRpbmc6MDt9DQpodG1sLA0KYm9keSAgICB7aGVpZ2h0OjEwMCU7ICB3aWR0aDoxMDAlOyBvdmVyZmxvdzpoaWRkZW47fQ0KdGFibGUgIHtoZWlnaHQ6MTAwJTsgIHdpZHRoOjEwMCU7IHRhYmxlLWxheW91dDpzdGF0aWM7DQpib3JkZXItY29sbGFwc2U6Y29sbGFwc2U7fQ0KaWZyYW1lICB7ZmxvYXQ6bGVmdDsgaGVpZ2h0OjEwMCU7IHdpZHRoOjEwMCU7fQ0KLmhlYWRlciB7Ym9yZGVyLWJvdHRvbToxcHggc29saWQgIzAwMH0NCi5jb250ZW50IHtoZWlnaHQ6MTAwJTt9DQo8L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHk+DQogICANCiAgICAgIDxpZnJhbWUgc3JjPSJodHRwOi8vbW9zdGFoaWxvbmF0by5jb20va29rL3JlNDQ1MTU1ZDUiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4NCgkgIDwvYm9keT4NCjwvaHRtbD4=

SCREENSHOT :

CLICK : Accéder aux comptes
SCREENSHOT :

Dear friend (Email Leak)

Dear friend

Good morning my dear and how wre you doing today. I am koffi .sidonie.and I hereby write this email to you with great sorrow in my heart and heavy tears in my eyes simply because my late father relative here have tried several times to kill me so that the can inherit my late father properties as I am my parent only child. As a result of this development,I went to the bank here where my late father deposited this money and explained about my situation to the bank director which he promised to help me with this transfer as soon as I can find someone who can help me secure it after receiving it in his or her bank account because I will also relocate to the person's country to continue my education and also start a new life as I dont have any other family member this place who cares for me.

The total money in question is USD $8.3 million dollar and i will provide you with other informations once you indicate your willingness.

Best Regards,
Miss koffi .sidonie

Email analysis :

NOTE : jennetteome15@daum.net
NOTE : Received : from wwl1737.hanmail.net ([117.52.3.197])
NOTE : X-Originating-Ip : [41.207.16.195]

Email leak :

endofpainspelltemple@gmail.com, drlugardendofpainspelltemple@yahoo.com, gustorresbig@gmail.com, gurushackers@outlook.com, hacklord20@gmail.com, joseph.l.meeker@gmail.com, sharonysmithy@gmail.com, amarice51@gmail.com, ch.goldschmidt@ollech-immobilien.ch, claire.george35@gmail.com, dorismorgan08@gmail.com, xxhypodermiaxx@gmail.com, edutwtw@gmail.com, okusisiokusisi2040@gmail.com, disgaifuchs@tutanota.com, newyorkrichlife@gmail.com, rebeccacourtney08@gmail.com, greatsukusolutiontemple@gmail.com, maryrobin08@yahoo.com, lizincedric76@gamail.com, herbalhealeracademy1@gmail.com, rosariothomas17@gmail.com, ricksimpsoncannabis@gmail.com, jeffjohn2653@gmail.com, joetheplumber529@gmail.com, jonathanwalker121@gmail.com, martinmcpherson1980@gmail.com, johanna@dollsdancers.fi, samplejanice0@gmail.com, zeusethicalhacker@gmail.com, zeusethical@gmail.com, klaus.apfelstrudel.von@gmail.com, Carloscafe@mail.com, jbankwater@gmail.com, juicer112@gmail.com, jebacarkecompany@wp.pl, jebacarkecompaty@wp.pl, Carloscafe@mailinator.com, jennifertull1@gmail.com, christheawesome46@gmail.com, davidhartman48@outlook.com, dschrute391@gmail.com, obasolutionhome@gmail.com, dannysauron1@gmail.com, burtmacklin9000@hotmail.com, Ehicarespellhelp@gmail.COM, katierose08888@gmail.com, danielandersonprivate@gmail.com, barrykrunt@gmail.com, stanleyphillips623@gmail.com, CANDOVALOVESPELL@GMAIL.COM, lauralbert24@gmail.com, obrawkins.nathan@gmail.com, monicaspiritualtemple@gmail.com, ogunspiritualspelltemple@gmail.com, supersolutionhome1@gmail.com, supersolutionhom@yahoo.com, alexiskimberly2010@gmail.com, osesespelltemple@gmail.com, out..drofemospelltemple@gmail.com, franknelson079@gmail.com, randywilsonCEO@gmail.com, azuumaspelltemple@gmail.com, Azuumaspelltemple@mail.com, osesespelltemple@gmaill.com, doeaf01@yahoo.com, neways103@hushmail.com, tomkelvin40@gmail.com, jessybrown223@gmail.com, richiejack@gmail.com, dr.eveherbeshome@gmail.com, sandra4@yahoo.com, adodalovespelltemple@gmail.com, turokmeceno12345@gmail.com, Ologbotemple@gmail.com, emilylukeman@gmail.com, andyjohnsonz10@gmail.com, dr.okijaspellshrine@hotmail.com, annabelpeterson73@gmail.com, jjroger74@hotmail.com, diannafaber52@gmail.com, sharrongreg81@gmail.com, ehigraceherbalcurecenter@gmail.com, ehigraceherpescure@gmail.com, justcallmeminty@gmail.com, fastatmcardmachine@gmail.com, startechblankatmhackers@outlook.com, beniyhachris19@gmail.com, papapowerfultemple10@gmail.com, sandramark799@gmail.com, comments@your-views.co.uk, helenaadamsp@gmail.com, babaagbasolutiontemple@gmail.com, salobaspiritualtemple@gmail.com, sadikcardhackers.us@gmail.com, dincrediblehackers@gmail.com, cybercrack227@gmail.com, ultimatespellcaster0@gmail.com

Emirates NBD Dubai!!!

Greetings from U.A.E to you My Dear friend,

How are you doing today hope I met you in good health?

I am Mr.Abdulla Qassem Group Chief Operating Officer of Emirates NBD Dubai. I have a business matter of great importance proposal worth of $30,000,000.00 (Thirty Million United State Dollars) for you that has to do with your name. reply urgently for details

Have a nice day and God bless. Anticipating your prompt response.

Regards.

Abdulla Qassem.
Group Chief Operating Officer of Emirates NBD Dubai.

Email analysis :

NOTE : Emirates NBD Dubai!!!
NOTE : che_qassem626@outlook.com
NOTE : hedler.gebaeudereinigung@gmx.de
NOTE : client-ip=82.165.159.41;

NOTE : Received : from LENOVO-PC ([38.95.108.246])

NOTE : by mail.gmx.com (mrgmx103)

Monday, July 4, 2016

Lisez votre nouveau message. (Phishing Hello bank)

Bonjours,

Suite au double payement d'une facture par erreur sur votre compte.
Â veuillez completer votre formulaire de remboursement,
Â PourÂ consulter, Veuiller cliquez sur le lien ce-dessous :
Lisez votre message

Nous vous remercions de votre confiance.

Ce courriel vous a Ã©tÃ© envoyÃ© par un systÃ¨me automatique d'Ã©mission de messages.
L'adresse d'Ã©mission n'est pas une adresse de courriel classique.
Si vous Ã©crivez Ã cette adresse, votre message ne sera pas pris en compte

Email analysis :

NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@blcart.com >
NOTE : Received : from blcart.com ([188.166.166.99])
NOTE : Received : by blcart.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:g.php
NOTE : Message-Id : < 20160704070443.B634F120214@blcart.com >
NOTE : Lisez votre nouveau message.

Phishing analysis :

CLICK : Lisez votre message
OPEN : http://www.objets-sante-securite.com/localization/aa.php
NOTE : base64 url...

data:text/html;https://www.hellobank.fr/fr/espace-client;base64,PFNjcmlwdCBMYW5ndWFnZT0nSmF2YXNjcmlwdCc+DQo8IS0tINiq2LTZgdmK2LEgQW0zUmVmaC5Db20gLS0+DQo8IS0tDQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgnJTNDJTY4JTc0JTZEJTZDJTNFJTNDJTY4JTY1JTYxJTY0JTNFJTNDJTJGJTY4JTY1JTYxJTY0JTNFJTNDJTYyJTZGJTY0JTc5JTNFJTBBJTA5JTNDJTc0JTY5JTc0JTZDJTY1JTNFJTQyJTYxJTZFJTcxJTc1JTY1JTIwJTY0JTY5JTY3JTY5JTc0JTYxJTZDJTY1JTIwJTQ4JTY1JTZDJTZDJTZGJTIwJTYyJTYxJTZFJTZCJTIxJTIwJUUyJUFDJTFDJTIwJTYzJTZGJTZFJTZFJTY1JTc4JTY5JTZGJTZFJTIwJUMzJTI2JTZFJTYyJTczJTcwJTNCJTIwJTZDJUUyJUFDJTIyJTY1JTczJTcwJTYxJTYzJTY1JTIwJTYzJTZDJTY5JTY1JTZFJTc0JTNDJTJGJTc0JTY5JTc0JTZDJTY1JTNFJTBBJTA5JTA5JTNDJTZDJTY5JTZFJTZCJTIwJTcyJTY1JTZDJTNEJTIyJTczJTY4JTZGJTcyJTc0JTYzJTc1JTc0JTIwJTY5JTYzJTZGJTZFJTIyJTIwJTc0JTc5JTcwJTY1JTNEJTIyJTY5JTZEJTYxJTY3JTY1JTJGJTc4JTJEJTY5JTYzJTZGJTZFJTIyJTIwJTY4JTcyJTY1JTY2JTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTZGJTYyJTZBJTY1JTc0JTczJTJEJTczJTYxJTZFJTc0JTY1JTJEJTczJTY1JTYzJTc1JTcyJTY5JTc0JTY1JTJFJTYzJTZGJTZEJTJGJTZDJTZGJTYzJTYxJTZDJTY5JTdBJTYxJTc0JTY5JTZGJTZFJTJGJTYxJTYxJTJGJTY4JTZGJTZEJTY1JTJGJTY5JTZEJTYxJTY3JTY1JTczJTJGJTc0JTY5JTc0JTZDJTY1JTJFJTUwJTRFJTQ3JTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTIyJTc1JTc0JTY2JTJEJTM4JTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTU4JTJEJTU1JTQxJTJEJTQzJTZGJTZEJTcwJTYxJTc0JTY5JTYyJTZDJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTQ5JTQ1JTNEJTQ1JTZEJTc1JTZDJTYxJTc0JTY1JTQ5JTQ1JTM3JTIyJTNFJTBBJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTQzJTZGJTZFJTc0JTY1JTZFJTc0JTJEJTU0JTc5JTcwJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTc0JTY1JTc4JTc0JTJGJTY4JTc0JTZEJTZDJTNCJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTU1JTU0JTQ2JTJEJTM4JTIyJTNFJTBBJTIwJTNDJTczJTc0JTc5JTZDJTY1JTNFJTBBJTIwJTIwJTdCJTZEJTYxJTcyJTY3JTY5JTZFJTNBJTMwJTNCJTcwJTYxJTY0JTY0JTY5JTZFJTY3JTNBJTMwJTNCJTdEJTBBJTY4JTc0JTZEJTZDJTJDJTBBJTYyJTZGJTY0JTc5JTIwJTIwJTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTZGJTc2JTY1JTcyJTY2JTZDJTZGJTc3JTNBJTY4JTY5JTY0JTY0JTY1JTZFJTNCJTdEJTBBJTc0JTYxJTYyJTZDJTY1JTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc0JTYxJTYyJTZDJTY1JTJEJTZDJTYxJTc5JTZGJTc1JTc0JTNBJTczJTc0JTYxJTc0JTY5JTYzJTNCJTBBJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNBJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNCJTdEJTBBJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTIwJTdCJTY2JTZDJTZGJTYxJTc0JTNBJTZDJTY1JTY2JTc0JTNCJTIwJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTJFJTY4JTY1JTYxJTY0JTY1JTcyJTIwJTdCJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYyJTZGJTc0JTc0JTZGJTZEJTNBJTMxJTcwJTc4JTIwJTczJTZGJTZDJTY5JTY0JTIwJTIzJTMwJTMwJTMwJTdEJTBBJTJFJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTNDJTJGJTczJTc0JTc5JTZDJTY1JTNFJTBBJTBBJTBBJTIwJTIwJTIwJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTNDJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTczJTcyJTYzJTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTZGJTYyJTZBJTY1JTc0JTczJTJEJTczJTYxJTZFJTc0JTY1JTJEJTczJTY1JTYzJTc1JTcyJTY5JTc0JTY1JTJFJTYzJTZGJTZEJTJGJTZDJTZGJTYzJTYxJTZDJTY5JTdBJTYxJTc0JTY5JTZGJTZFJTJGJTYxJTYxJTJGJTIyJTIwJTY2JTcyJTYxJTZEJTY1JTYyJTZGJTcyJTY0JTY1JTcyJTNEJTIyJTMwJTIyJTNFJTNDJTJGJTY5JTY2JTcyJTYxJTZEJTY1JTNFJTBBJTA5JTIwJTIwJTBBJTNDJTJGJTYyJTZGJTY0JTc5JTNFJTNDJTJGJTY4JTc0JTZEJTZDJTNFJykpOw0KLy8tLT4NCjwvU2NyaXB0Pg==

Base 64 Decode : file
Unescaped javascript : file

SCREENSHOT :

CLICK : Accéder aux comptes
NOTE : WRONG PASS....
SCREENSHOT :