Thursday, December 3, 2015

RE: Documentos encontrados

R1%

--Baixar tudo como zip

Documentos encontrados em anexo, verifica-los.

Link analysis :

CLICK : --Baixar tudo como zip
OPEN : http://216.126.192.177/


RESULT : UNRESPONSIVE...

Email analysis :

NOTE : presente-conf50269@ouvidoria64.is-into-games.com
NOTE : 185.12.177.163 (ouvidoria64.is-into-games.com)
NOTE : Received : by ouvidoria64.is-into-games.com (Postfix, from userid 33)

Thursday, October 29, 2015

Fw: Copia de cheque devolvido - 06:19:25 14/10/2015

Copia-Cheque 2880520.PDF (326,4 KB)

Segue a copia do cheque devolvido dia 07/10 de numero 001288052042.
Favor entrar em contato.

File analysis :

CLICK : Copia-Cheque 2880520.PDF (326,4 KB)
OPEN : http://www.pathibharachannel.com.np/pecs/doc.php#Copia-Cheque-2880520.PDF

URL analysis :

Opera : Malicious site
Sophos : Malicious site
Kaspersky : Malware site
CLEAN MX : Phishing site
ESET : Phishing site
Fortinet : Phishing site

pathibharachannel.com.np whois :

Domain Name : pathibharachannel.com.np
Registered On 2013-09-13 11:04:06
Primary Name Server : ns1.imaginarycreation.info
Secondary Name Server : ns2.imaginarycreation.info
Tertiary Name Server : N/A
Administrator Email : media.pathibhara@gmail.com
Administrator : Sagar Subba
Organization : Pathibhara Channel
Organization Email : media.pathibhara@gmail.com

Email analysis :

NOTE : Received : from bol.com.br (a4-wakko5.host.intranet [10.131.140.94])
NOTE : by a4-salsa2.host.intranet (Postfix)
NOTE : financeiro.4dcw1@bol.com.br
NOTE : scalvenzi2500@bol.com.br
NOTE : client-ip=200.147.97.221;

Tuesday, September 16, 2014

NatWest link for Virus

NatWest Logo

You have a new private message from NatWest

To view/read this your secure message please click here

Email Encryption Provided by NatWest. Learn More.
Email Security Powered by Voltage IBE
Copyright 2014 National Westminster Bank Plc. All rights reserved.

Footer Logo NatWest

To unsubscribe please click here

National Westminster Bank Plc. All rights, save as expressly granted, are reserved. Reproduction in any form of any part of the contents of this website without our prior written consent is prohibited unless for personal use only.

Email analysis :
=================================================
NOTE : Return-Path : < denqv@bpbcorp.com >
NOTE : Received : from unknown (HELO localhost) (113.167.221.144)


NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : You have received a new secure message from NatWest
=================================================

Link analysis :
=================================================
NOTE : Click "To view/read this your secure message please click here"
NOTE : Open "http://high-hollin.org/nrhscgfayh/rxyxzmsbsy.html"
NOTE : A new download is processed :


NOTE : File "SecureMessage.zip" from http://www.explicacoesmagicmath.pt
NOTE : File "SecureMessage.zip" is a VIRUS !
=================================================

Virus analysis (DEF 20140916) :
=================================================
AVware : Win32.Malware!Drop
Avira : TR/ATRAPS.A.1717
Baidu-International : Trojan.Win32.Upatre.ABlK
DrWeb : Trojan.DownLoad3.34292
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan (7000000c1)
K7GW : Trojan(7000000c1)
Kaspersky : Trojan-Downloader.Win32.Upatre.avh
Kingsoft : VIRUS_UNKNOWN
Malwarebytes : Trojan.Upatre
McAfee : Artemis!AE3D2F8620F0
Microsoft : TrojanDownloader:Win32/Upatre.AA
Panda : Trj/Chgt.F
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Mal/DrodZp-A
Symantec : Trojan.Zbot
Tencent : Win32.Trojan-downloader.Upatre.Wqmz
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.S.Agent.20992.PD
=================================================

Whois Analysis :
=================================================
high-hollin.org
=================================================
Domain Name:HIGH-HOLLIN.ORG
Domain ID: D153034212-LROR
Creation Date: 2008-06-20T18:34:26Z
Updated Date: 2012-06-19T08:02:22Z
Registry Expiry Date: 2015-06-20T18:34:26Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant ID:tuMZ59PcSs2k5l1K
Registrant Name:Douglas McCowen
Registrant Organization:None
Registrant Street: Riverside Barn
Registrant City:Winford- BRISTOL
Registrant State/Province:Avon
Registrant Postal Code:BS408HJ
Registrant Country:GB
Registrant Phone:+44.7985466869
Registrant Email:dhl_mccowen@hotmail.com
Admin ID:tuMZ59PcSs2k5l1K
Admin Name:Douglas McCowen
Admin Organization:None
Admin Street: Riverside Barn
Admin City:Winford- BRISTOL
Admin State/Province:Avon
Admin Postal Code:BS408HJ
Admin Country:GB
Admin Phone:+44.7985466869
Admin Email:dhl_mccowen@hotmail.com
Tech ID:tu9LIBi0nseyvCgJ
Tech Name:Pickaweb Limited Domains Dpt
Tech Organization:Pickaweb Limited
Tech Street: 7 Marlow Copse
Tech City:Chatham
Tech State/Province:Kent
Tech Postal Code:ME59DP
Tech Country:GB
Tech Phone:+44.8712180841
Tech Email:domains@pickaweb.co.uk
Name Server:NS7.UKHOSTSUPPORT.COM
Name Server:NS8.UKHOSTSUPPORT.COM
=================================================
explicacoesmagicmath.pt
=================================================
Domain Name: explicacoesmagicmath.pt
Creation Date (dd/mm/yyyy): 04/02/2013
Expiration Date (dd/mm/yyyy): 03/02/2015
Status: ACTIVE

Registrant

Francisco Cascao
Rua Francisco sa Miranda Lt 7
538
2975 538

Email: franciscocascao@iol.pt

Entidade Gestora / Billing Contact
EASYHOST - SERVI?OS INTERNET, UNIPESSOAL LDA
Email: dns@easyhost.pt
RACKSPOT LDA
Email: helpdesk@rackspot.com
Nameserver: explicacoesmagicmath.pt NS a.ns.rackspot.com.
Nameserver: explicacoesmagicmath.pt NS b.ns.rackspot.com.
=================================================