Virus | Label

Monday, March 23, 2015

JP Morgan Access Secure Message (Virus)

Please check attached file(s) for your latest account documents regarding your online account.

Alex Puckett
Level III Account Management Officer
817-283-1539 office
817-878-6079 cell Alex.Puckett@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

JP Morgan Access - Secure.zip

Email analysis :

NOTE : service@jpmorgan.com
NOTE : tenqvist@cc.oulu.fi
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 108-84-212-41.lightspeed.hstntx.sbcglobal.net (108.84.212.41)

Virus analysis :

OPEN : JP Morgan Access - Secure.zip
RESULT : JP Morgan Access - Secure.zip is a VIRUS

ALYac : Trojan.GenericKD.2234787
AVG : FakeAlert
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Upatre-FAAR!05E6E33D4259
McAfee-GW-Edition : Upatre-FAAR!05E6E33D4259
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-JB
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Fhz
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0320
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2

Thursday, March 12, 2015

Please

Good Afternoon,

Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015. Please note, we are advising you of this filing in order to comply with FMC regulations. However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th. We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.

Phoenix Zhang-Shin

Director

P & J International Ltd
Calverley House, 55 Calverley Road
Tunbridge Wells, Kent, UK TN1 2TU

Tel: 0044 1892 525588
Fax: 0044 1892 522277
Mob: 0044 7771802252

This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site. Acknowledging receipt of and replying to this email constitutes acceptance of our STCs.

Email analysis :

NOTE : phoenix@pnjinternational.com

File analysis :

OPEN : documents-id323.zip
ANALYSIS : documents-id323.zip is a virus.

Virus analysis :

AVG : FakeAlert
Ad-Aware : Trojan.GenericKD.2214283
Avast : Win32:Malware-gen
Avira : TR/Rogue.pwsa
Baidu-International : Trojan.Win32.Waski.F
BitDefender : Trojan.GenericKD.2214283
ClamAV : Win.Trojan.Upatre-548
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.OSAT-0643
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2214283 (B)
F-Prot : W32/Trojan3.OKK
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2214283
Ikarus : Trojan-Downloader.Win32.Upatre
Kaspersky : Trojan-Downloader.Win32.Upatre.ffm
Malwarebytes : Trojan.Upatre.FD
McAfee : Artemis!56D11447DF79
MicroWorld-eScan : Trojan.GenericKD.2214283
Microsoft : TrojanDownloader:Win32/Upatre.AY
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/EncPk-ANE
Tencent : Win32.Trojan.Downloader-pdf.Auto

VIRUS ASM

To obtain the ASM version contact me scamcz@gmail.com

Tuesday, March 10, 2015

Emailing: Serv-Ware Credit Application.pdf

--
Thanks,
Clint Winstead
Manager
Serv-Ware Products
clint@servware.com
phone: 800.768.5953
fax : 800.976.1299
www.servware.com

File analysis :

OPEN : Serv-WareCreditApplication.zip
ANALYSIS : VIRUS DETECTED.

Virus analysis :

AVG Generic_s.EHT
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2209679
Avast Win32:Malware-gen
Avira TR/Rogue.1539.aia
BitDefender Trojan.GenericKD.2209679
CAT-QuickHeal (Suspicious) - DNAScan
Cyren W32/Upatre.E2.gen!Eldorado
DrWeb Trojan.Upatre.140
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Trojan.GenericKD.2209679 (B)
F-Prot W32/Upatre.E2.gen!Eldorado
F-Secure Trojan.GenericKD.2209679
Fortinet W32/Kryptik.DBDO!tr
GData Trojan.GenericKD.2209679
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.vjy
Malwarebytes Trojan.Email.FakeDoc
McAfee Upatre-FAAR!8BEDB116B2AE
MicroWorld-eScan Trojan.GenericKD.2209679
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Agent-ALYH
Symantec Downloader.Upatre
Tencent Win32.Trojan.Rogue.Lnef
TrendMicro TROJ_UP.AFEFD391
TrendMicro-HouseCall Suspicious_GEN.F47V0309
VIPRE Win32.Malware!Drop
ViRobot Trojan.Win32.S.Downloader.27392.D[h]
nProtect Trojan.GenericKD.2209679

Email analysis :

NOTE : X-Remote : 67.165.217.44 (c-67-165-217-44.hsd1.co.comcast.net)
NOTE : Return-Path : clint@servware.com
NOTE : Received : from c-67-165-217-44.hsd1.co.comcast.net
NOTE : (HELO servware.com) (67.165.217.44)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Emailing: Serv-Ware Credit Application.pdf

Payment copy

Dear Sir,

As directed by my manager, attached is the proof of payment made to your account yesterday.

Thanks

Regards,
Muhammad owais
Project Manager
Al Futtaim Carillion
Mobile:056 6560544

payment receipt.html

Email analysis :

NOTE : owaisklasson@gmail.com

File analysis :

DrWeb : SCRIPT.Virus
Qihoo-360 : html.redirector.an.gen

Sunday, March 8, 2015

HSBC Payment (Virus)

Sir/Madam

Upon your request, attached please find payment e-Advice for your reference.

HSBC

***************************************************************************

We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.

Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.

Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.

Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.

***************************************************************************

HSBC-2739.zip

Analysis :

OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus

Virus analysis :

ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment

Thursday, March 5, 2015

Air Canada e-ticket Virus

Dear client,

Your online order has been successfully completed and your credit card has been charged.

FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD

The seat number and additional information regarding the flight can be found on the attached e-ticket.

Thank you for choosing Air Canada
e-ticket_79010838.doc

Virus analysis :

OPEN : e-ticket_79010838.doc
ANALYSIS :

ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ

BBB SBQ Form #5488(Ref#83-497-0-4) (BBB VIRUS)

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services

SBQForm07182.zip

OPEN : SBQForm07182.zip

Virus Analysis :

OPEN : SBQForm07182.zip
RESULT :

Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto

Email analysis :

NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)

Saturday, February 28, 2015

Matthew Fleming your agent Fedex

Dear Customer,

We tried to deliver your item on February 25th, 2014, 09:45 AM. The delivery attempt failed because the address was business closed or nobody could sign for it. To pick up the parcel,please, print the receipt that is attached to this email and visit Fedex office indicated in the invoice.

If the package is not picked up within 48 hours, it will be returned to the sender.

Label/Receipt Number: 44364578782324450
Expected Delivery Date: February 25th, 2014
Class: International Package Service
Service(s): Delivery Confirmation
Status: Notification sent

Thank you

Copyright© 2015 FEDEX. All Rights Reserved.
*** This is an automatically generated email, please do not reply ***

Package.zip

Email analysis :

NOTE : fedexsupport@pack.net
NOTE : fedextechsupport@pack.com
NOTE : hastie@mareebakidscampus.com.au
NOTE : Received : from host-92-22-197-80.as13285.net
NOTE : ([92.22.197.80]:54492 helo=gzlvoyzrbwepqapwirs) by vps1.imagesmithhosting.com

Virus Analysis :

OPEN : Package.zip
RESULT :

ALYac : Trojan.GenericKD.2188524
AVG : Downloader.Small.NON
Ad-Aware : Trojan.GenericKD.2188524
Avast : Win32:Malware-gen
Avira : TR/Crypt.ZPACK.121693
BitDefender : Trojan.GenericKD.2188524
Cyren : W32/Injector.JMET-1851
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AK
Emsisoft : Trojan.GenericKD.2188524 (B)
F-Prot : W32/Injector.QL
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/Androm.AK!tr.bdr
GData : Trojan.GenericKD.2188524
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Backdoor.Win32.Androm.gjey
McAfee : RDN/Generic.dx!djn
MicroWorld-eScan : Trojan.GenericKD.2188524
Microsoft : Worm:Win32/Gamarue
Qihoo-360 : HEUR/QVM07.1.Malware.Gen
Sophos : Mal/Wonton-G
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_GE.ED42C15B
TrendMicro-HouseCall : Suspicious_GEN.F47V0228
VBA32 : BScope.Trojan-Spy.Zbot
VIPRE : Trojan.Win32.Generic!BT

{Filename?} Re Transfer Slip

Atención: Este mensaje contenía uno o más anexos que han sido eliminados
Atención: (TRF-CPY01099.zip, TRF-CPY01099.JPG.exe).
Atención: Por favor, lea el(los) anexo(s) "aviauto-Attachment-Warning.txt" para más información.

Good Day,

Kindly find attached swift copy for $200,000.00 paid into your account today. Balance will be remitted in coming week. Advice when money has been received.

Accounts Department
Chung Lin,
Country Manager
Kaiser Business Consulting
27th Floor, Quill 7 KL Sentral
Jalan Stesen Sentral 5
Kuala Lumpur 50470 Malaysia
Tel: + 60 3 2776 6834
Fax: + 60 3 2776 6999
Website www.kaiserassociates.com

Email analysis :

NOTE : trencin@ekoqelet.sk
NOTE : stanleymtanaka@yahoo.com
NOTE : Received : from User (213-151-202-20.static.orange.sk [213.151.202.20])
NOTE : (authenticated bits=0) by mail.aviauto.net

File analysis :

Este es un mensaje del Servicio de ProtecciÛn de Virus para Correo ElectrÛnico MailScanner El archivo anexado original "TRF-CPY01099.zip" est· en la lista de anexos inaceptables para este sitio y el mismo ha sido reemplazado por este mensaje de aviso. Si desea recibir una copia del archivo anexado original, por favor envÌe un correo electrÛnico al departamento de soporte incluyendo este mensaje. Alternativamente, puede llamar a dicho departamento, teniendo el contenido de este mensaje a mano.

El Fri Feb 27 15:42:01 2015 el analizador de virus dijo:

MailScanner: Executable DOS/Windows programs are dangerous in email (TRF-CPY01099.JPG.exe) No programs allowed (TRF-CPY01099.JPG.exe) Nota para el departamento de soporte: Revisar en the aviauto (mail.aviauto.net) MailScanner en /var/spool/MailScanner/quarantine/20150227 (mensaje t1RKdVkP012668). (Postmaster - AVIAUTO www.aviauto.net For all your IT requirements visit: http://www.transtec.co.uk )

Friday, February 13, 2015

Scanned Image

Please open the attached document.
This document was digitally sent to you using an HP Digital Sending device.

-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip

Image.zip analysis :

OPEN FILE : Image.zip
EXTRACT : Image.scr

AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)

NOTE : Scanned Image

Friday, January 30, 2015

Fax = Trojan

Fax message (Fax #0086091)

http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000

Fax message (Fax #0458849)

http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000

Fax message (Fax #3457735)

http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000

Fax message (Fax #4644306)

http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000

Fax message (Fax #6410561)

http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000

Email analysis for 5 emails :

NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)

pristineusa.com whois :

Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com

hifafarah.com whois :

Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com

get-the-best.com whois :

Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM

Analysis of link

- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.

Analysis of file

ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP

Thursday, January 22, 2015

Incoming Fax Report

************************************
INCOMING FAX REPORT
************************************

Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only

************************************

FAX-id9123912481712931.zip

Email analysis :

NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report

FAX-id9123912481712931.zip analysis :

AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122

Employee Documents - Internal Use

DOCUMENT NOTIFICATION, Powered by NetDocuments

DOCUMENT NAME: Employee Documents

DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html

Documents are encrypted in transit and store in a secure repository

---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.

Email analysis :

NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)

Process Analysis :

CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe

invoice_pdf40132.exe analysis :

AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122

Friday, November 14, 2014

Virus from Essex...

Virus relayed from essex.org.uk :

Voice Message #0168935504
====================================
NOTE : X-Remote : 208.118.175.61 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (208.118.175.61)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0168935504
====================================
Voice redirected message

http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:18:30 +0000
====================================

Voice Message #0461019860
====================================
NOTE : X-Remote : 50.246.114.145 (mail.nbaccorp.com)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from mail.nbaccorp.com (HELO essex.org.uk) (50.246.114.145)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path :
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0461019860
====================================
Voice redirected message

http://vsrwhitefish.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:16:02 +0000
====================================

Voice Message #0479943726
====================================
NOTE : X-Remote : 82.79.67.81 (impress.ro)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from impress.ro (HELO essex.org.uk) (82.79.67.81)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0479943726
====================================
Voice redirected message

http://vietnamflight.vn/bankline/message.php
Sent: Thu, 13 Nov 2014 12:38:01 +0000
====================================

Voice Message #0830285419
====================================
NOTE : X-Remote : 209.76.245.60 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (209.76.245.60)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0830285419
====================================
Voice redirected message

http://karich.com.my/bankline/message.php
Sent: Thu, 13 Nov 2014 11:59:55 +0000
====================================

Voice Message #1032155137
====================================
NOTE : X-Remote : 173.10.48.121 (173-10-48-121-michigan.hfc.comcastbusiness.net)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from 173-10-48-121-michigan.hfc.comcastbusiness.net (HELO essex.org.uk) (173.10.48.121)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #1032155137
====================================
Voice redirected message

http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:41:17 +0000
====================================

Domains related to scams :

====================================
http://karich.com.my/bankline/message.php
====================================
Registrant Name: Joanne Chin Karich
Registrant Street: Sdn Bhd No.1, Jalan 27 A, Kawasan 16, Sungai Rasa
Registrant City: 41300 Kuala Lumpur Wilayah Persekutuan
Registrant Country : Malaysia
Registrant Phone : (Tel) 03-33928488 (Fax) 03-33929069
Registrant Email : joanne@karich.com.my
====================================

====================================
http://zorcorp.com/bankline/message.php
====================================
Registrant Name : john zorbas
Registrant Street : 80 collard st. suite 200
Registrant City : toronto
Registrant State/Province : ON
Registrant Postal Code : m5r1g2
Registrant Country : CA
Registrant Phone : +1.4165646882
Registrant Email : zorcorp@rojers.blackberry.net
====================================

====================================
http://vietnamflight.vn/bankline/message.php
====================================
Registrant Name : Công ty NetNam
Registrant Owner Name : Công Ty TNHH Du Lịch Châu Á Thái Bình Dương
DNS : ns1.sapatours.com , ns2.sapatours.com
====================================

====================================
http://vsrwhitefish.com/bankline/message.php
====================================
Registrant Name : Betty Luderman
Registrant Organization : Village Square Realty
Registrant Street : 411 Spokane Ave
Registrant City : Whitefish
Registrant State/Province : MT
Registrant Postal Code : 59937
Registrant Country : US
Registrant Phone : +1.4068623541
Registrant Email : bettylud@bresnan.net
====================================

Scam.cz action :

====================================
- Clicking one of the link.
- Download : Secure-messageBankline_pdf.zip
- Open : Secure-messageBankline_pdf.zip
- Redirect to http://www.rbs.co.uk/corporate/electronic-services/g2/datalink.ashx
- Analysis : Secure-messageBankline_pdf.zip
====================================

Secure-messageBankline_pdf.zip is a trojan :

====================================
AVG : Luhe.Fiha.A
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.1973036
Avira : TR/Crypt.ZPACK.94167
Baidu-International : Trojan.Win32.Battdil.bI
BitDefender : Trojan.GenericKD.1973036
Cyren : W32/Trojan.YDSE-4442
DrWeb : Trojan.Upatre.115
ESET-NOD32 : Win32/Battdil.I
Emsisoft : Trojan.GenericKD.1973036 (B)
F-Prot : W32/Trojan3.MDD
F-Secure : Trojan-Downloader:W32/Upatre.I
Fortinet : W32/Upatre.BTC!tr
GData : Trojan.GenericKD.1973036
Ikarus : Trojan-Spy.Zbot
Kaspersky : Trojan.Win32.Staser.aqlf
Malwarebytes : Trojan.Upatre
McAfee : Artemis!C852DFF3E4DE
MicroWorld-eScan : Trojan.GenericKD.1973036
Microsoft : TrojanDownloader:Win32/Upatre
Norman : Upatre.FH
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Troj/Zbot-JFC
Symantec : Downloader.Upatre
TrendMicro : TROJ_INJECT.WJSP
====================================

Tuesday, October 28, 2014

Nota Fiscal Eletrônica

INFORMAMOS QUE O LINK DA NOTA FÍSCAL ENVIADA ANTERIORMENTE FOI CORROMPIDO,
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.

Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.

Este arquivo deve ser armazenado.

NF-E- Emitida.PDF

004361097000577215001000052842100874662-ProcNfe.PDF

Prezado Cliente(a)

Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!

Atenciosamente,
Ricardo B. Santos
Setor Financeiro.

Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.

Email analysis :

NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica

Link analysis :

CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar

Virus analysis :

Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028

Friday, October 17, 2014

Your document

To view your document, please open attachment.

< document_1425792.pdf.zip >

Virus analysis :

Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C

Email analysis :

NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)

NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)

NOTE : Your document

Thursday, October 16, 2014

Nota Fiscal Eletrônica

Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em AGOSTO/2014.

Este arquivo deve ser armazenado.

NF-E- Emitida.PDF

7004361097000577215001000052842100874662-ProcNfe.PDF

Prezado Cliente(a)

Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!

Atenciosamente,
Ricardo B. Santos
Setor Financeiro.

Email analysis :

NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br

NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica

CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1

No more dropbox file... (Nota_Eletronica_MFI015.rar)

Thursday, October 9, 2014

Alert Transactions Report by users from 2014-09-28 to 2014-09-28

Your requested report is attached here.

< transact_store.zip >

Email analysis :

NOTE : Return-Path :
NOTE : Received : from unknown (HELO pulik.in) (41.216.215.152)

NOTE : Received : from [177.140.36.115] (helo=mgroiipvpbw.iyxefpsmk.ua)

NOTE : X-Mailer : The Bat! (v3.71.14) Professional

NOTE : X-Priority : 3 (Normal)
NOTE : Message-Id : < *.*@nwhxppulruhvq.ecbucf.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----------*"
NOTE : Alert Transactions Report by users from 2014-09-28 to 2014-09-28

Virus analysis :

AVG : MSIL5.RCS
Ad-Aware : Trojan.Agent.BFYC
Avira : TR/Crypt.Xpack.98991
Baidu-International : Trojan.Win32.Wauchos.bAF
BitDefender : Trojan.Agent.BFYC
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AF
Emsisoft : Trojan.Agent.BFYC (B)
F-Secure : Trojan.Agent.BFYC
Fortinet : W32/Wauchos.AF!tr
GData : Trojan.Agent.BFYC
Ikarus : Win32.Outbreak
Kaspersky : Backdoor.Win32.Androm.fcxu
McAfee : Artemis!182EE0F73CD9
MicroWorld-eScan : Trojan.Agent.BFYC
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Troj/Zbot-JAQ
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TheHacker : W32/Bagle.gen.pwdzip5
TrendMicro : TROJ_WAUCHOS.WFB

Friday, October 3, 2014

Fax Report

*************************************
INCOMING FAX REPORT
*************************************

Date/Time: Thursday, 02.10.2014
Speed: 474bps
Connection time: 09:08
Page: 5
Resolution: Normal
Remote ID: 811-748-179982
Line number: 9
DTMF/DID:
Description: Internal only

*************************************
< fax00842121453281728.zip >

Virus analysis :
===================================================
AVG : Crypt3.ASZZ
Avast : Win32:Trojan-gen
Avira : TR/Crypt.ZPACK.102086
Baidu-International : Trojan.Win32.Filecoder.bCO
BitDefender : Trojan.GenericKD.1896987
Bkav : W32.HfsAutoA.D289
ClamAV : Zip.Suspect.ExecutableFax-zippwd-1
Cyren : W32/Trojan.GDDK-5927
ESET-NOD32 : Win32/Filecoder.CO
F-Prot : W32/Trojan3.LBO
F-Secure : Trojan:W32/Agent.DVSR
Ikarus : Trojan-Ransom.CryptoWall
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan (7000000c1)
McAfee : RDN/Generic.dx!dfz
Sophos : Mal/DrodZp-A
Symantec : Trojan.Cryptodefense
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_RANSOM.YMJJ
===================================================

Mail analysis :
===================================================
NOTE : ugo.orlando@toutattache.com
NOTE : Return-Path : < underwriteye@rjsinger.com >
NOTE : Received : from unknown (HELO KJIONYSKE) (91.186.207.186)

NOTE : Message-Id : < 94K3LVMS.2835547@rjsinger.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="------------020006060602000502040307"
NOTE : Fax Report
===================================================

Monday, September 29, 2014

BACS Transfer : Remittance for JSAG051GBP

We have arranged a BACS transfer to your bank for the following amount : 4298.00

Please find details at our secure link below:

http://peytansplace.com/Documents/payment26092014-12

peytansplace.com whois :

Domain Name: PEYTANSPLACE.COM
Registry Domain ID: 1606469297_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-07-15 08:51:51
Creation Date: 2010-07-14 12:55:20
Registrar Registration Expiration Date: 2015-07-14 12:55:20
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Stacy Gilmore
Registrant Organization: imaaxx
Registrant Street: 4981 Hwy #7 East
Registrant Street: Unit 12A, Suite 207
Registrant City: Markham
Registrant State/Province: Ontario
Registrant Postal Code: L3R1N1
Registrant Country: Canada
Registrant Phone: +1.9056407548
Registrant Email: sales@imaaxx.com
Registry Admin ID:
Admin Name: Stacy Gilmore
Admin Organization: imaaxx
Admin Street: 4981 Hwy #7 East
Admin Street: Unit 12A, Suite 207
Admin City: Markham
Admin State/Province: Ontario
Admin Postal Code: L3R1N1
Admin Country: Canada
Admin Phone: +1.9056407548
Admin Email: sales@imaaxx.com
Registry Tech ID:
Tech Name: Stacy Gilmore
Tech Organization: imaaxx
Tech Street: 4981 Hwy #7 East
Tech Street: Unit 12A, Suite 207
Tech City: Markham
Tech State/Province: Ontario
Tech Postal Code: L3R1N1
Tech Country: Canada
Tech Phone: +1.9056407548
Tech Email: sales@imaaxx.com
Name Server: NS1.MEGANAMESERVERS.COM
Name Server: NS2.MEGANAMESERVERS.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-9-29T10:00:00Z