Apple Phishing Sequel...

In the previous post I obtained an url :
=============================================
www.johnfritzphotography.com/apple.comIDMSWebAuthclassicLogin.html.html
=============================================

This URL leads to :
=============================================
http://idmsa.apple.com-idmswebaclassiclogin.html.icetel.co.nz/apple.comIDMSWebAuthclassicLogin.html/1fd7529bd85207a9b7695b4af58f59bf/
=============================================

icetel.co.nz WHOIS :
=============================================
% New Zealand Domain Name Registry Limited
% Users confirm on submission their agreement to all published Terms
%
version: 5.00
query_datetime: 2014-07-25T18:39:16+12:00
domain_name: icetel.co.nz
query_status: 200 Active
domain_dateregistered: 2010-09-15T12:56:47+12:00
domain_datebilleduntil: 2014-08-15T12:56:47+12:00
domain_datelastmodified: 2014-07-15T07:14:36+12:00
domain_delegaterequested: yes
domain_signed: no
%
registrar_name: Voyager Internet Ltd
registrar_address1: PO Box 137-272
registrar_address2: Parnell
registrar_city: Auckland
registrar_postalcode: 1052
registrar_country: NZ (NEW ZEALAND)
registrar_phone: +64 9 444-4444
registrar_email: domains@voyager.co.nz
%
registrant_contact_name: Guy Alexander
registrant_contact_address1: PO Box 8823
registrant_contact_address2: Symonds St
registrant_contact_city: Auckland
registrant_contact_postalcode: 0000
registrant_contact_country: NZ (NEW ZEALAND)
registrant_contact_phone: +64 9 3094485
registrant_contact_email: guy@guyalexander.co.nz
%
admin_contact_name: Guy Alexander
admin_contact_address1: PO Box 8823
admin_contact_address2: Symonds St
admin_contact_city: Auckland
admin_contact_postalcode: 0000
admin_contact_country: NZ (NEW ZEALAND)
admin_contact_phone: +64 9 3094485
admin_contact_email: guy@guyalexander.co.nz
%
technical_contact_name: Guy Alexander
technical_contact_address1: PO Box 8823
technical_contact_address2: Symonds St
technical_contact_city: Auckland
technical_contact_postalcode: 0000
technical_contact_country: NZ (NEW ZEALAND)
technical_contact_phone: +64 9 3094485
technical_contact_email: guy@guyalexander.co.nz
%
ns_name_01: ns1.hostone.net.nz
ns_name_02: ns2.hostone.net.nz
%
% Users are advised that the following activities are strictly forbidden.
%
% Using multiple WHOIS queries, or using the output of multiple WHOIS
% queries in conjunction with any other facility or service, to enable
% or effect a download of part or all of the .nz Register.
%
% Using any information contained in the WHOIS query output to attempt a
% targeted contact campaign with any person, or any organisation, using any
% medium.
%
% A breach of these conditions will be treated as a breach of the .nz Policies
% and Procedures. Sanctions in line with those specified in the policies and
% procedures at www.dnc.org.nz may result from any breach.
%
% Copyright InternetNZ
=============================================

Apple Phishing

ok

Your request (Request # 1229769 ) for access privileges on the Apple Global Service Exchange (GSX) system has been denied by for the following reason(s):

After resolving your issue, you may re-apply for GSX access privileges..

Please verify your account

https://idmsa.apple.com/IDMSWebAuth/classicLogin.html/appIdKey=45571f444c4f547116bfd05246

Diagnostic functions within GSX will be unavailable on July 27, 2014 at the times indicated in the table below due to system maintenance. During this period, Apple Service Toolkit (AST) may still be run, but diagnostic results will not process in GSX until the maintenance period is complete.

Apple Sites

GSX functions go offline
(local time) GSX functions
come back up (approximate local time)
Cupertino, CA Sunday, July 27, 2014
1:00 a.m. Sunday, July 27, 2014 3:00 a.m.
Austin, Chicago 3:00 a.m. 5:00 a.m.
New York City 4:00 a.m. 6:00 a.m.
São Paulo 5:00 a.m. 7:00 a.m.
Cork, London 9:00 a.m. 11:00 a.m.
Paris 10:00 a.m. 12:00 p.m. (Noon)
Singapore 4:00 p.m. 6:00 p.m.
Tokyo 5:00 p.m. 7:00 p.m.
Sydney 6:00 p.m. 8:00 p.m.

Viewable by these GSX Roles: Admin, Apprentice, Manager, Technician

PHISHING NOTES :
================================================================
NOTE : idmsa@admingsx.com
NOTE : From srv03.coppershadow.com (srv03.coppershadow.com. [69.160.35.164])
NOTE : From johnfrit by srv03.coppershadow.com with local (Exim 4.80.1)
NOTE : (envelope-from < johnfrit@srv03.coppershadow.com >)
NOTE : www.johnfritzphotography.com/m/index.php for 192.95.23.169
NOTE : Warning: An unknown error has occurred
NOTE : x-webdoc://9832AFCA-360F-4C3E-9F59-87DCE60A6ABD/
NOTE : srv03.coppershadow.com: authenticated_id: johnfrit/only user
NOTE : confirmed/virtual account not confirmed
NOTE : www.johnfritzphotography.com/apple.comIDMSWebAuthclassicLogin.html.html
================================================================

johnfritzphotography.com WHOIS :
================================================================
John Fritz Photography
32531 N Scottsdale Rd. Ste #105-285
Scottsdale, AZ 85266
602-410-2131
================================================================

DIGGING MORE johnfritzphotography.com
================================================================
www.johnfritzphotography.com/m/index.php > http://johnfritzphotography.com/m/login.php
================================================================

http://johnfritzphotography.com/m/login.php Screenshot :
================================================================

================================================================

PayPal Phishing

PayPal

Review Your PayPal Account limited

Identity Case ID PP 352-054-271-526

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.
As part of our security measures, we regularly check the PayPal screen activity. We request information from you for the following reason:,

Our system detected unusual charges to a credit card linked to your PayPal account.

1. Download Attachment tethered with this email .And don't given this page to anyone .
2. Confirm that you are the owner of the account by opening your account and follow the instructions.

If you need help logging in, go to our Help Center by clicking the Help link located in the upper right-hand corner of any PayPal page.

Sincerely,

PayPal Support,

NOTE : PayPal INC
NOTE : replay@paypal.org
NOTE : Review Your PayPal Account limited !
NOTE : < PP-352-054-271-526.html >
NOTE : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : from unknown (HELO WIN-O4A5UB8L7AS) (185.43.109.69)
NOTE : from User ([127.0.0.1]) by WIN-O4A5UB8L7AS with Microsoft SMTPSVC(7.5.7601.17514);

185.43.109.69 LOCATION :
================================================

================================================

DATA EXTRACTED FROM : PP-352-054-271-526.html
================================================
http://www.israelpost.co.il/zipcode.nsf/demozip
http://www.sarenapaleta.com
================================================

israelpost.co.il WHOIS :
================================================
descr: michal kerem
descr: 217 jaffa st.
descr: Jerusalem
descr: 12345
descr: Israel
phone: +972 2 6295094
e-mail: ipa.security10 AT gmail.com
===============================
admin-c: DT-MK20103-IL
tech-c: DT-GP6265-IL
zone-c: DT-MK20079-IL
nserver: ns1.bezeqint.net
nserver: ns2.bezeqint.net
nserver: ns3.bezeqint.net
validity: 08-01-2016
status: Transfer Locked
===============================
changed: domain-registrar AT isoc.org.il 20060108 (Assigned)
changed: domain-registrar AT isoc.org.il 20060209 (Changed)
changed: domain-registrar AT isoc.org.il 20070809 (Transferred)
changed: domain-registrar AT isoc.org.il 20070809 (Changed)
changed: domain-registrar AT isoc.org.il 20131119 (Changed)
changed: domain-registrar AT isoc.org.il 20131119 (Changed)
changed: domain-registrar AT isoc.org.il 20131119 (Changed)
changed: domain-registrar AT isoc.org.il 20131208 (Changed)
===============================
person: michal kerem
address: michal kerem
address: 217 jaffa st.
address: Jerusalem
address: Israel
phone: +972 2 6295094
e-mail: kerem_m AT postil.com
===============================
nic-hdl: DT-MK20103-IL
changed: Managing Registrar 20131208
person: Gilad Pomerantz
address: ISRAEL POST COMPANY LTD
address: 217 jaffa st.
address: Jerusalem
address: 91999
address: Israel
phone: +972 54 2888875
e-mail: pumi AT postil.com
===============================
nic-hdl: DT-GP6265-IL
changed: Managing Registrar 20131119
person: michal kerem
address: michal kerem
address: 217 jaffa st.
address: Jerusalem
address: Israel
phone: +972 2 6295094
e-mail: ipa.security10 AT gmail.com
nic-hdl: DT-MK20079-IL
changed: Managing Registrar 20131119
================================================

sarenapaleta.com WHOIS :
================================================
Registrar URL: http://www.godaddy.com
Registrant Name: Olivera Kulesevic
Registrant Organization: Sarena Paleta
Name Server: NS15.DOMAINCONTROL.COM
Name Server: NS16.DOMAINCONTROL.COM
DNSSEC: unsigned
================================================

FRANK ACKERMAN

I am Frank Ackerman of the Director of Finance of Chevron Petroleum Pipelines company in France. I seek your Co-operation to transfer funds into your bank account. The funds are resulted from an over Invoiced Contract Executed by an American contractor. The original contract sum has-been paid to the contractor leaving an excess of Twenty Five Million United States Dollars. If you are interested in this deal please call me on +33581180708 or Email me on (frankackerman25@gmail.com) for details of what you need to do to actualize this deal. Note That this deal is safe and the funds Will Be shared in the ratio 60% for me and 40% for you. Also Know That you must mention a security code (PPC) When you call me before i can open up for conversation with you.

Frank Ackerman.

YOU HAVE A PACKAGE WITH FEDEX

Dear Customer,

We have been waiting for you to contact us for your Confirmed Package that is registered with us for shipping to your residential location.We thought that the sender gave you our contact details and that you would have contacted us by now. We would also let you know that a letter is also attached to your package.However, we cannot quote its content to you via E-mail for privacy reasons. We understand that the content of your package itself is a Bank Draft worth $800,000.00 USD; in FedEx we do not ship money in CASH or in CHEQUES but in Bank Drafts only. The package is registered with us for mailing by your colleague, and your colleague explained that he is from the United States but he is in Nigeria for a three (3) month Surveying Project and for he is working with a consulting firm in Nigeria, West Africa. We are sending you this E-mail because your package is been registered on a Special Order. What you have to do now, is to contact our Delivery Department for the immediate dispatch of your package to your residential address. Note that as soon as our Delivery Team confirms your information, it will only take us one working day (24 hours) for your package to arrive at its designated destination. For your information, the VAT & Shipping charges as well as the processing fees have been paid by your colleague before your package was registered. Note that the payment that is made on the Processing, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to Sponsor Terrorism in your country. This will help you avoid any form of query from the Monetary Authority of your country. However, you will have to pay a sum of $205 US Dollars to the FedEx Delivery Department for the Security Keeping Fee of the FedEx Company as stated in our privacy terms & condition page. Also be informed that your colleague wished to pay for the Security Keeping charges, but we do not accept such payments considering the facts that all items & packages registered with us has a time limitation and we cannot accept payment not knowing when you will be picking up the package or even respond to us. So we cannot take the risk to have accepted such payment in case of any possible demurrage. Kindly note that your colleague did not leave us with any further information. We hope that you send your response to us as soon as possible because if you fail to respond until the expiry date of the foremost package, we may refer the package to the British Commission for Welfare as the package those not have a return address. Kindly contact the delivery department (FedEx Delivery Post) with the details given below:

FedEx Delivery Post
Mr. David Moore.
Email: fedexcourierservice924@yahoo.com.hk
Phone Number :+234 805 33 558 28

Kindly complete the below form and send it to the email address given above.This is mandatory to reconfirm your Postal address and telephone Number.

FULL NAMES:
POSTAL ADDRESS:
CITY:
STATE:
COUNTRY:
TELEPHONE:
SEX:
OCCUPATION:
AGE:
MARITAL STATUS:

As soon as your details are received, our delivery team will give you the necessary payment procedure so that you can effect the payment for the Security Keeping Fees. As soon as they confirm your payment receipt of $205 US Dollars.They will not hesitate to dispatch your package as well as the attached letter to your residence. which usually takes 24 hours being an overnight delivery service. Note that we were not instructed to email you, but due to the high priority of your package we had to inform you as your sender did not leave us with his phone number because he stated that he just already arrive Nigeria and he has not gotten a phone yet. We personally sealed your Bank Draft and we found your email contact in the attached letter as the recipient of the foremost package.Ensure to contact the delivery department with the email address given above and ensure to fill the above form as well to enable a successful reconfirmation.

Yours Faithfully,
Mr. David Moore.
FedEx Online Team Management.
All rights reserved. © 1995-2014.

This E-mail is only for the above addressees. It may contain confidential or privileged information. If you are not an addressee you must not copy, distribute, disclose or use any of the information in it or any attachments. FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CO-OPERATION>>>.

Your Fund Has Been Transferred To CIBC BANK Canada

Attn:Beneficiary

Dear Sir,

After my personal meeting with the Board and Management of ( CBN,in Abuja, this morning concerning your fund, it was concluded that your funds should be paid to you through our affiliate bank which is nearest to you in Canada, The CIBC AMICUS BANK CANADA, They have all the legal rights and back up to transfer your funds into your bank account without any delays or questions from any body or governments of any Nations. So please return back to me so I can forward to you immediately the contact information of the paying bank in Canada, and request how best you would like to receive your fund that is currently deposited in their STRONG ROOM for easy and onwards remittance into your account co-ordinates. You may also request for an account opening with the bank to enable you obtain the ( CIBC BANK EAZY CARD ) transaction ATM.

NO PAYMENT IS REQUIRED FROM YOU FOR THE ACCOUNT OPENING.

I await your urgent response.

Best regards,
Denisa Williams