Wednesday, May 11, 2016

Vous avez un nouveau message (Phishing Fortuneo > Banque Populaire)

Bonjour,

Un nouveau Message est disponible sur votre Messagerie Fortuneo .

Pour le consulter, Veuiller Cliquez sur le lien ce-dessous:

https;//mabanque.fortuneo/fr/connexion

Cordialement,
l'équipe Fortuneo
Nous vous remercions de votre confiance.

My account | My itinerary | Unsubscribe | Privacy Policy | Customer Support
Expedia.ca sent this email and cannot receive replies via email. P.O. Box 47628, Toronto, ON, M3C 3S7, Canada.

Travel Industry Council of Ontario
In accordance with the Ontario Travel Industry Act, 2002, this page contains detailed information on the names, addresses, and registration numbers applicable to the providers of travel and ticket fulfillment services.

Ticket fulfillment services provided by:
Tour East Holidays (Canada) Inc., 15 Kern Road, Suite 9, Toronto, Ontario M3B 1S9.
TICO Registration No.: 50015827
Tour East Holiday (Canada) Inc., 2000 Peel Street, Suite 735 Montréal, QC H3A 2W5.
Quebec License No. 702246.


© 2016 Expedia, Inc. All rights reserved. Expedia, Expedia.ca, and the Airplane logo are trademarks or registered trademarks of Expedia, Inc. in the U.S. and/or other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
(EMID: MR-CM-RFD-teid4.0-issu123-test2-langEN-versX-mcidM-segaX-segbX-segmX-SID4003962-key34080121838-paid167700948-locen_CA) (MD: 20160406054400)

Phishing analysis :

CLICK : https;//mabanque.fortuneo/fr/connexion
OPEN : http://casaruralsanmiguel.com/hkr
REDIRECT : http://13.79.168.131/populaire-1/*/index.php
SCREENSHOT :


ACTION : SELECT A REGION
REDIRECT : http://13.79.168.131/populaire-1/*/index.html
SCREENSHOT :


CLICK : Valider
REDIRECT : http://13.79.168.131/populaire-1/*/bred/index.php
SCREENSHOT :


CLICK : CONNEXION
REDIRECT : http://13.79.168.131/populaire-1/*/bred/connect.php?co=*_*
SCREENSHOT :

Email analysis :

NOTE : rs@zeturf.fr
NOTE : lkhydh@zeturf.fr
NOTE : X-Mailer : PHPMailer [version 1.73]
NOTE : Received : from l3ez.entercloudsuite.local ([185.48.33.67])

Wednesday, January 20, 2016

Your Expedia account was restricted (Phishing)

Dear partner,

A recent attempt to Sign in to your Expedia PartnerCentral was restricted.

As a security precaution, we have temporarity suspended access to your account services

What do I have to do?

Please click the button below and follow the procedure in order to complete the verification process.

https://expediaparnercentral.com/

Full access to your account will be regained once verified

© 2016 Copyright. All rights reserved. Confidential and proprietary.

Phishing analysis :

CLICK : https://expediaparnercentral.com/
OPEN : http://crias.cl/images/.x/partner/expediapartnercentral.com/
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://www.expediapartnercentral.com/Account/Logon?MESSAGE=*&RP_ID=1

Email analysis :

NOTE : info@rns.com.tr
NOTE : Received : from static.107.167.76.144.clients.your-server.de
NOTE : ([144.76.167.107]:49865 helo=[127.0.0.1])


NOTE : by sv67.ifastnet16.org with esmtpa (Exim 4.86)
NOTE : (envelope-from < info@rns.com.tr >)
NOTE : Received : from sv67.ifastnet16.org (sv67.ifastnet16.org. [31.22.7.248])


crias.cl whois :
==================================
Titular: Verónica Delgado (CENTRO DE REHABILITACION INFANTIL AKTION SONNENSCHEIN LTDA)
Fecha de creación: 2007-08-21 13:15:16 CLT
Fecha de expiración: 2016-09-18 09:15:16 CLT Renovar ahora
Servidor de Nombre: ns1.accesoprime.cl
Servidor de Nombre: ns2.accesoprime.cl
==================================

rns.com.tr whois :
==================================
Registrant:

Rns Madencilik Sanayi Ve Dis Tic. Ltd. Sti.
atasehir bulv. 38. ada 3/3 no:66 Istanbul, Turkiye
muratyalcinkaya1@hotmail.com
Phone : + 216-456-1027

Billing Contact:

NIC Handle : rmv27-metu
Organization Name : RNS Madencilik ve San. D** Ticaret Ltd. *ti.
Address : Uzuntarla Mevkii No:19/1 *ile / Turkiye Istanbul,
Phone : + 90-262-6440088-

Domain Servers:

ns1.ifastnet16.org
ns2.ifastnet16.org

** Additional Info:
Created on..............: 2009-May-07.
Expires on..............: 2016-May-06.
==================================

Monday, October 19, 2015

Update Your Expedia Account (Expedia Phishing


Expedia Customer Experience

Dear user,

We take our community's security seriously, so under certain circumstances, we'll ask you to confirm your account. Once you're confirmed, you'll be on your way.As a security precaution we ask you to link your e-mail account using our secure link bellow:

Verify Account.

TO RESPOND TO THIS TICKET, REPLY TO THIS EMAIL 124973883747617948747316447971

Phishing analysis :

CLICK : Verify Account
OPEN : http://expediacentral87487447732506331787partner.senteservices.net/email/partner/user/www.expediapartnercentral.com//
SCREENSHOT :


REDIRECT : https://www.expediapartnercentral.com/Account/Logon?MESSAGE=T3UtIakIzb%2b2VN2xVTBJUcbiraHuTzUu0Se27HZlMjkzvJP98UuQz9KF7I6BQhxGlYIRk5XL%2fwoHUFWFTDTmQBeu%2bs8NldSQ7XRMRVeQfgsMaM96LdwKb4Ftcb%2fmrMAj%2bxT2UBN1cdYUAI6NNibBZ2ZHBE%2bMM69C%2bA%2b%2bNrKqEvc%3d&RP_ID=1

senteservices.net whois :

Domain Name: SENTESERVICES.NET
Registry Domain ID: 1696298025_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.aerotek.com.tr
Updated Date: 2015-01-11T16:49:54Z
Creation Date: 2012-01-10T12:16:12Z
Registrar Registration Expiration Date: 2016-01-10T12:16:12Z
Registrar: Aerotek Bilisim Taahut Sanayi Ve Ticaret Ltd Sti.
Registrar IANA ID: 1534
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: neslihan bukumcu
Registrant Organization: Senteservices - Neslihan Bukumcu
Registrant Street: Kukurtlu mah.basaran sk.yesildeniz apt. No: 8/a
Registrant City: Bursa
Registrant Postal Code: 16080
Registrant Country: TR
Registrant Phone: +90.2242335626
Registrant Fax: +90.2242335609
Registrant Email: neslihanbukumcu@gmail.com
Admin Name: neslihan bukumcu
Admin Organization: Senteservices - Neslihan Bukumcu
Admin Street: Kukurtlu mah.basaran sk.yesildeniz apt. No: 8/a
Admin City: Bursa
Admin Postal Code: 16080
Admin Country: TR
Admin Phone: +90.2242335626
Admin Fax: +90.2242335609
Admin Email: neslihanbukumcu@gmail.com
Name Server: cpns1.turdns.com
Name Server: cpns2.turdns.com
DNSSEC:Unsigned

Email analysis :

NOTE : test@finartserramenti.it
NOTE : Received : from [212.125.105.153]
NOTE : (helo=[127.0.0.1]) by web1.host-it.it
NOTE : client-ip=46.28.5.157;