Thursday, March 3, 2016

Vous avez reçu (1) un nouveau message. (Phishing LCL)

Bonjour,

Un conseiller LCL vous a adressé un message.

Pour le consulter et accéder à votre messagerie sécurisée, merci de vous connecter à votre espace en ligne LCL , rubrique ,
<< Accédez à vos comptes >>.

A très bientôt .

LCL

Attention, il est inutile de répondre à ce message, votre mail ne fera l'objet d'aucun traitement.

----------------------------
Crédit Lyonnais - SA au capital de 1 847 860 375 € - SIREN 954 509 741 - RCS Lyon.
Société de courtage d'assurance inscrite sous le numéro d'immatriculation d'intermédiaire en assurance ORIAS : 07001878 . Siège social : 18 rue de la République, 69002 Lyon . Pour tout courrier : LCL, 20 avenue de Paris, 94811 Villejuif Cedex.

Phishing analysis :

CLICK : Accédez à vos comptes >>
OPEN : http://bit.ly/1VMqAYK

SCREENSHOT :

CLICK : http://www.jewelglintz.com/errors/LCL/particulier/connexion.nouveau.messages/log/lcl/index.html

SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://particuliers.secure.lcl.fr/outil/UAUT/Accueil/preRoutageLogin


Email analysis :

NOTE : fr-messagerie.lcl.info@cavg.ifsul.edu.br
NOTE : X-Remote : 187.86.133.67 (dns1.cavg.ifsul.edu.br)


NOTE : Mime-Version : 1.0
NOTE : Received : from ns3005535 (ns3005535.ip-188-165-223.eu [188.165.223.131])


NOTE : by dns1.cavg.ifsul.edu.br
NOTE : Vous avez reçu (1) un nouveau message.


JEWELGLINTZ.COM WHOIS :

Domain Name: JEWELGLINTZ.COM
Registry Domain ID: 1751630867_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 24-Oct-2013
Creation Date: 12-Oct-2012
Registrar Registration Expiration Date: 12-Oct-2014
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
Domain Status: clientTransferProhibited
Registry Registrant ID: DI_23989872
Registrant Name: Rohin Digani
Registrant Organization: Shyam Nanda Jewels
Registrant Street: 952/7, main Market Mehrauli, New Delhi
Registrant City: New Delhi
Registrant State/Province: New Delhi
Registrant Postal Code: 110030
Registrant Country: IN
Registrant Phone: +91.9911110007
Registrant Email: rohin.0007@yahoo.com
Registry Admin ID: DI_23989872
Admin Name: Rohin Digani
Admin Organization: Shyam Nanda Jewels
Admin Street: 952/7, main Market Mehrauli, New Delhi
Admin City: New Delhi
Admin State/Province: New Delhi
Admin Postal Code: 110030
Admin Country: IN
Admin Phone: +91.9911110007
Admin Email: Email Masking Image@yahoo.com
Registry Tech ID: DI_23989872
Tech Name: Rohin Digani
Tech Organization: Shyam Nanda Jewels
Tech Street: 952/7, main Market Mehrauli, New Delhi
Tech City: New Delhi
Tech State/Province: New Delhi
Tech Postal Code: 110030
Tech Country: IN
Tech Phone: +91.9911110007
Tech Email: rohin.0007@yahoo.com
Name Server: ns1.asiawebnet.org
Name Server: ns2.asiawebnet.org
DNSSEC:Unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/


Scam.cz conclusion :

- LCL Phishing
- Instituto Federal de educaçao used to relay scam.


- Phishing was received 02/29/2016.
- Bitly link wasn't deleted.
- jewelglintz.com page wasn't deleted.

Thursday, July 2, 2015

Nota Fiscal de Serviços 29/06.

Nota Fiscal de Serviços Eletrônica
-------------------------
Série: 003
Número: 000.017.161
Data de emissão: 29/06/2015
Chave de acesso: Visualizar

Número do protocolo de autorização de uso: 1311310426761090
----------------------------------------
ROD FERNÃO DIAS, S/N, S/N - KM 813
CRUZ ALTA,
CEP: 37550-000 FONE: 3538298009

Virus Analysis :

NOTE : http://bit.ly/1NunmVk


NOTE : https://www.dropbox.com/s/kdp46m0rc2hjild/NFSe.0187317HA7Y3HA713123.rar?dl=1

Email analysis :

NOTE : renata.seixas@aggreko.com.br
NOTE : Received : from vps2370.vpsunit.com (83.125.87.20)
NOTE : Received : by vps2370.vpsunit.com

Thursday, December 11, 2014

Apple Global Service Exchange Application Pending Approval (Apple GSX Phishing)

Apple Global Service Exchange

Dear GSX User,
Application for access has been received and is pending approval by your account .

Thank you,
AppleCare

Apply for Access

Email analysis :

NOTE : Apple Global Service Exchange Application Pending Approval
NOTE : gsx_notifications@apple.com
NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < irfile@ir-file.com >
NOTE : Received : from VXGT001.local ([95.211.105.65])


NOTE : Received : from apache by VXGT001.local with local (Exim 4.76)
NOTE : (envelope-from < irfile@ir-file.com >)
NOTE : X-Php-Originating-Script : 503:mailer.php
NOTE : Apple Global Service Exchange Application Pending Approval

Phishing analysis :

CLICK : Apply for Access
OPEN : http://bit.ly/1yDFLGw
REDIRECT : http://applegsx.v90.us/IDMSWebAuth/
DIG : http://applegsx.v90.us/
SCREENSHOT :


NOTE : Phishing seems interrupted.... (Host,Conscious...)