Fishing : Remboursement des impot.gouv.fr

43 x served & 21 x viewed

J’ai recu du fishing pour ce faire passer pour les impôts :

Return-Path: <info@forasmile.org>
Delivered-To: ....
Received: (qmail 96024 invoked by uid 65534); 18 Apr 2020 12:33:28 -0000
Received: from unknown (HELO mxin7.phpnet.org) (10.52.1.13)
  by mails18.phpnet.org with SMTP; 18 Apr 2020 12:33:28 -0000
Received: by mxin7.phpnet.org (Postfix, from userid 1001)
	id 494C6w44Hvz2xGc; Sat, 18 Apr 2020 14:33:28 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on spamd14.phpnet.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.8 required=5.0 tests=BAYES_50,FROM_EXCESS_BASE64,
	HTML_MESSAGE,INVALID_DATE,MISSING_MIMEOLE,SPF_HELO_NONE,SPF_NONE,
	T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.2
Received: from cus09-08.cs.nexin.it (cus09-08.cs.nexin.it [194.113.88.208])
	by mxin7.phpnet.org (Postfix) with ESMTPS id 494C6t6w55z2xFw
	for ....; Sat, 18 Apr 2020 14:33:26 +0200 (CEST)
Received: by cus09-08.cs.nexin.it (Postfix, from userid 5078)
	id A55D63C0D7; Sat, 18 Apr 2020 14:32:07 +0200 (CEST)
To: ....
Subject: =?UTF-8?B?W1Byw6lhdmlzXSAtIFJlbWJvdXJzZW1lbnQgTjAwNzg4Nzk1IDA0LzE4LzIwMjAgMDI6MzI6MDcgcG0u?=
X-PHP-Originating-Script: 5078:newsletter.php
Date: Sat, 18 Apr 2020 14:32:07 +0200
From: =?UTF-8?B?SW1wb3RzLmdvdXYuZnI=?= <info@forasmile.org>
Message-ID: <163e1bfa4bc5a6ef187307d3062ba8@www.forasmile.org>
X-Mailer: X-mailer: nlserver, Build 6.1.0.8192
List-Unsubscribe: <mailto:unsubscribe@www.forasmile.org?subject=/wf/unsubscribe*q*upn=ICUNALTOHVYZDRSEWKXPMBQJGF-27OJSNCA0BZPXGIE15LFHYDT34MQRU89V6WKDHCsvjNSlJrp3AVB7OqoFQf0E1YbhaxTtd2Xicn8GK94emyUgZIkMWuwPLRz65-3D>
X-MSMail-Priority: High
Importance: High
Organization: www.forasmile.org
X-mailer: nlserver, Build 6.1.0.8192
Date: 18/04/2020 02:32:07
X-AntiAbuse: This is a solicited email for - www.forasmile.org mailing list.
X-AntiAbuse: Servername - www.forasmile.org
X-OriginalArrivalTime: 16 Nov 2019 13:39:39.0481 (UTC) FILETIME=[7BF24490:01D0E3F2]
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_21e63db75a4b0eae8ad576d4a763d98a"

This is a multi-part message in MIME format.

Le message est :

Notification d’impôts – Remboursement

Après les derniers calculs annuels de l’exercice de votre activité, nous avons déterminé que

vous êtes admissible à recevoir un remboursement d’impôt de 169,73€

Les noms de domaines :

  • cus09-08.cs.nexin.it ( Italie ) 
  • forasmile.org ( chez register.it : Italie ) 
  • L’Url du faux site : remboursement.impots.fr.zunket.com ( chez whoisguard.com : Panama )

SPAM de server59.powerteam.com : DIRECTION GENERALE DES IMPOTS : Nouveaux remboursement disponibles

71 x served & 22 x viewed

Un SPAM de server59.powerteam.com , à noter que le SPF passe … merci powerteam.com ( cela envoi vers https://usersidlimited.com/remboursement/ : NE PAS CLIQUER SUR LE LIEN )  :

Return-Path: <service@userchecksecurity.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on spamd14.phpnet.org
X-Spam-Level: 
X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
	NORDNS_LOW_CONTRAST,SPF_HELO_NONE,SPF_SOFTFAIL,T_KAM_HTML_FONT_INVALID,
	URIBL_BLOCKED,URI_TRUNCATED autolearn=no autolearn_force=no
	version=3.4.2
Received: from server59.powerteam.com (unknown [185.67.1.85])
...
Authentication-Results: server59.powerteam.com;
	spf=pass (sender IP is 93.115.96.181) smtp.mailfrom=service@userchecksecurity.com smtp.helo=[93.115.96.181]
Received-SPF: pass (server59.powerteam.com: connection is authenticated)
...
Subject: Nouveaux remboursement disponibles
Message-ID: <cbd03706a3c4724ea0337688b69973d1@93.115.96.181>
Date: Mon, 16 Dec 2019 00:10:13 +0100

Whois :

  • powerteam.com :
Registrant Contact Information:
NameDomain Administrator
Organization SPX FLOW, Inc.
Address 13320 Ballantyne Corporate Place
City Charlotte
State / Province NC
Postal Code 28277
Country US
Phone +1.7047524626
Email
  • usersidlimited.com
    •  OVH : Merci …. c’est bien quand on reste sur du français … Misère.

Le message est assez bien fait …. on progresse :

Encore une demande de rançon : 15MNVJ1eQvoY2osLxqZDEszckA73V7KPa1

117 x served & 16 x viewed

En regardant en détail dans l’email :

Return-Path: <alex@email.no>
..
Received: from epost.no (unknown [188.166.48.88])
...
X-Sender: <alex@email.no>
...
Message-ID: <70.2569.7562.DA93A@email.no>
...
X-Complaints-To: <abuse@mail.email.no>
...
List-Subscribe: <https://email.no/lists/?p=subscribe>
...
Date: Thu, 13 Jun 2019 17:34:47 +0200
...
X-CSA-Complaints: whitelistcomplaints@email.no
...
X-Sender-Info: <alex@email.no>
...
Abuse-Reports-To: abuse@email.no
...

Le message :

Encore une demande de rançon : 15LZuFSVyDAoaNLtbh4ru7ZQWvZxEosCaf

208 x served & 111 x viewed

Dans la source de l’email : la personne n’est pas à son premier essai : https://www.bitcoinabuse.com/reports/17X5raT9zqDPBi4L8NrvwSQ77LuG9QjFCH .

X-SPAMOUT-IP: 203.239.130.5 (TRUST)
X-Original-SENDERIP: 203.239.130.5
X-SPAMOUT-COUNTRY: KR
X-SPAMOUT-FROM: <jt.joo@elim.net>
X-SPAMOUT-RELAY: IP

Il est déjà dans les abuses : https://www.bitcoinabuse.com/reports/15LZuFSVyDAoaNLtbh4ru7ZQWvZxEosCaf

Voici l’email :

Hi, this account is hacked! Renew the password immediately!
You might not know anything about me and you are probably surprised for what reason you are getting this particular message, proper?
I am ahacker who burstyour emailand all devicessome time ago.
Do not attempt to msg me or look for me, it is hopeless, because I sent you this message from YOUR account that I've hacked.
I have build in malware soft on the adult vids (porno) site and suppose that you have enjoyed this site to have fun (you understand what I want to say).
During you were watching video clips, your browser started out functioning as a RDP (Remote Control) with a keylogger that granted me permission to access your desktop and camera.
Then, my applicationgotall data.
You have put passcodes on the web-sites you visited, I intercepted them.
Of course, you can modify each of them, or have already changed them.
Even so it does not matter, my malware updates needed data every time.
What did I do?
I made a backup of your device. Of all files and each contact.
I created a dual-screen videofile. The 1st screen reveals the clip you had been watching (you've got an interesting preferences, ha-ha...), and the 2nd part shows the movie from your web camera.
What exactly must you do?
Great, I think, 1000 USD will be a inexpensive amount of money for this very little riddle. You'll make your deposit by bitcoins (in case you don't recognize this, search “how to buy bitcoin” in Google).
My bitcoin wallet address:
15LZuFSVyDAoaNLtbh4ru7ZQWvZxEosCaf
(It is cAsE sensitive, so just copy and paste it).
Warning:
You have only 2 days to make the payment. (I built in an unique pixel in this e-mail, and at the moment I understand that you have read through this email).
To monitorthe reading of a messageand the actionsin it, I usea Facebook pixel. Thanks to them. (Everything thatis appliedfor the authorities can helpus.)

If I do not get bitcoins, I shall undoubtedly offer your video to all your contacts, including family members, colleagues, etc?

 

SPAM : Security Alert. … was compromised. Password must be changed

380 x served & 297 x viewed

Quand il n’y a pas de limite au SPAM …. il suffit de voir https://www.bitcoinabuse.com/reports/182PJESsEWbuJ8PEgfM58p64jbok3i1gNU , pour comprendre que c’est du SPAM.

A noter qu’il y a toujours des imbéciles pour payer ( début le 30/11/2018 ) : https://www.blockchain.com/btc/address/182PJESsEWbuJ8PEgfM58p64jbok3i1gNU 

Le message :

Hello!

I have very bad news for you.
09/08/2018 - on this day I hacked your OS and got full access to your account ....

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $768 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 182PJESsEWbuJ8PEgfM58p64jbok3i1gNU

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck.