(PDF Phishing):rramirez@expoatari.cl

E-mail:rramirez@expoatari.cl

Whois:

Registrant name: Alejandro Cobelli Castillo

Registrant organisation: 

Registrar name: NIC Chile

Registrar URL: https://www.nic.cl

Creation date: 2023-07-17 10:20:18 CLST

Expiration date: 2026-07-17 10:20:18 CLST

Name server: ns1.sitiodns.net

Name server: ns2.sitiodns.net

Name server: ns3.sitiodns.net

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49347

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;expoatari.cl. IN A

;; ANSWER SECTION:

expoatari.cl. 14400 IN A 186.64.119.175

;; Query time: 152 msec

;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

;; WHEN: Mon Apr 27 01:07:35 UTC 2026

;; MSG SIZE rcvd: 57

: "domain": "expoatari.cl",

  "base_domain": "expoatari.cl",

  "dnssec": false,

  "soa": {

    "record": "ns3.sitiodns.net. notificaciones_whm.haulmer.net. 2026042201 3600 7200 1209600 86400",

    "values": {

      "primary_nameserver": "ns3.sitiodns.net",

      "rname_email_address": "notificaciones_whm@haulmer.net",

      "serial": 2026042201,

      "refresh": 3600,

      "retry": 7200,

      "expire": 1209600,

      "minimum": 86400

    }

  },

  "ns": {

    "hostnames": [

      "ns2.sitiodns.net",

      "ns3.sitiodns.net",

      "ns1.sitiodns.net"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [

      {

        "preference": 0,

        "hostname": "mail.expoatari.cl",

        "addresses": [

          "186.64.119.175"

        ],

        "dnssec": false,

        "tls": false,

        "starttls": false

      }

    ],

    "warnings": [

      "mail.expoatari.cl: SMTP error code Connection unexpectedly closed: timed out"

    ]

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": "v=spf1 +a +mx +ip4:186.64.114.105 +ip4:186.64.114.109 +ip4: +ip4: +ip4: +ip4: ~all",

    "valid": false,

    "void_dns_lookups": null,

    "warnings": [],

    "error": " is not a valid ipv4 value."

  },

  "dmarc": {

    "record": "v=DMARC1; p=quarantine; rua=mailto:postmaster@expoatari.cl",

    "location": "expoatari.cl",

    "valid": true,

    "warnings": [],

    "tags": {

      "v": {

        "value": "DMARC1",

        "explicit": true

      },

      "p": {

        "value": "quarantine",

        "explicit": true

      },

      "rua": {

        "value": [

          {

            "scheme": "mailto",

            "address": "postmaster@expoatari.cl",

            "size_limit": null

          }

        ],

        "explicit": true

      },

      "adkim": {

        "value": "r",

        "explicit": false

      },

      "aspf": {

        "value": "r",

        "explicit": false

      },

      "fo": {

        "value": "0",

        "explicit": false

      },

      "pct": {

        "value": 100,

        "explicit": false

      },

      "psd": {

        "value": "u",

        "explicit": false

      },

      "rf": {

        "value": "afrf",

        "explicit": false

      },

      "ri": {

        "value": 86400,

        "explicit": false

      },

      "t": {

        "value": "n",

        "explicit": false

      },

      "sp": {

        "value": "quarantine",

        "explicit": false

      },

      "np": {

        "value": "quarantine",

        "explicit": false

      }

    }

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

phishing: Natura

Email:boletins@gold.venha.im

Link do phishing:https://s.pass.com.br/NaturaCadari/exz/m29/cyflqo/01.html

Estrutura do Phishing:

HTTP/2 301 

cache-control: private

content-length: 197

content-type: text/html; charset=utf-8

location: https://www.minhaloja.natura.com/c/promocoes?consultoria=cadari&marca=natura

server: Microsoft-IIS/10.0

set-cookie: ASP.NET_SessionId=kf3n4q5110wisnircmupn5py; path=/; HttpOnly; SameSite=Lax

x-aspnet-version: 4.0.30319

x-powered-by: ASP.NET

date: Mon, 27 Apr 2026 02:43:38 GMT

HTTP/2 503 

server: AkamaiGHost

mime-version: 1.0

content-type: text/html

content-length: 280

expires: Mon, 27 Apr 2026 00:43:37 GMT

cache-control: max-age=0, no-cache, no-store

pragma: no-cache

date: Mon, 27 Apr 2026 00:43:37 GMT

set-cookie: ab_home=b; path=/; secure

                

              

Domain Name: venha.im

Domain Managers

Name: Redacted

Address

Redacted

Domain Owners / Registrant

Name: Redacted

Address

Redacted

Administrative Contact

Name: Redacted

Address

Redacted

Billing Contact

Name: Redacted

Address

Redacted

Technical Contact

Name: Redacted

Address

Redacted

Domain Details

Expiry Date: 13/11/2026 00:59:52

Name Server:ns1.softlayer.com.

Name Server:ns2.softlayer.com

{

  "domain": "venha.im",

  "base_domain": "venha.im",

  "dnssec": false,

  "soa": {

    "record": "ns1.softlayer.com. support.softlayer.com. 2025030404 7200 600 1728000 43200",

    "values": {

      "primary_nameserver": "ns1.softlayer.com",

      "rname_email_address": "support@softlayer.com",

      "serial": 2025030404,

      "refresh": 7200,

      "retry": 600,

      "expire": 1728000,

      "minimum": 43200

    }

  },

  "ns": {

    "hostnames": [

      "ns1.softlayer.com",

      "ns2.softlayer.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

}

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35545

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;venha.im. IN A

;; ANSWER SECTION:

venha.im. 21600 IN A 74.63.196.62

;; Query time: 141 msec

;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

;; WHEN: Mon Apr 27 00:47:44 UTC 2026

;; MSG SIZE rcvd: 53

Phishing : Currículo Rafaela Gomes

Email:rafaelagomes@relatorios11k.spretocolor.cfd

Link do phishing:https://23.178.169.192.host.secureserver.net/Q069zynWFslz2lszsV9FW3zyz/4FkzzU9z8U3W9Y5/8DI/91937987/QYi9XYrj4W7MMLjy8QY/650382029945014

Estrutura do Phishing:

HTTP/1.1 302 Found

Date: Mon, 27 Apr 2026 00:31:16 GMT

Server: Apache/2.4.58 (Ubuntu)

Set-Cookie: PHPSESSID=6s59f67374krhoudl2h3v3ekco; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Location: https://redirector.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip

Content-Type: text/html; charset=UTF-8

HTTP/2 302 

date: Mon, 27 Apr 2026 00:31:21 GMT

pragma: no-cache

expires: Fri, 01 Jan 1990 00:00:00 GMT

cache-control: no-cache, must-revalidate

x-content-type-options: nosniff

location: https://r4---sn-8xa2gvcg-cnce.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?cms_redirect=yes&met=1777249881,&mh=vq&mip=192.145.214.0&mm=28&mn=sn-8xa2gvcg-cnce&ms=nvh&mt=1777249410&mv=u&mvi=4&pl=24&rms=nvh,nvh&shardbypass=sd

content-type: text/html; charset=UTF-8

server: ClientMapServer

content-length: 513

x-xss-protection: 0

x-frame-options: SAMEORIGIN

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:26 GMT

Expires: Mon, 27 Apr 2026 00:46:26 GMT

Cache-Control: public, max-age=900

Location: https://r5---sn-2obg05-ja.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249886,&mh=vq&pl=24&rms=onc,onc&shardbypass=sd&redirect_counter=1&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80&req_id=88dfa1a82be4173b&cms_redirect=yes&mip=192.145.214.0&mm=42&mn=sn-2obg05-ja&ms=onc&mt=1777249477&mv=m&mvi=5&rmhost=r1---sn-2obg05-ja.gvt1.com&smhost=r3---sn-bg0s7n7l.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:32 GMT

Expires: Mon, 27 Apr 2026 00:46:32 GMT

Cache-Control: public, max-age=900

Location: https://r1---sn-bg0e6nls.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249892,&mh=vq&pl=47&rms=onc,onc&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104&req_id=88dfa1a82be4173b&redirect_counter=2&rm=sn-bg0e6676&cms_redirect=yes&ipbypass=yes&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=42&mn=sn-bg0e6nls&ms=onc&mt=1777249477&mv=m&mvi=1&rmhost=r5---sn-bg0e6nls.gvt1.com&smhost=r3---sn-bg0e6nle.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:31:37 GMT

Expires: Mon, 27 Apr 2026 00:46:37 GMT

Cache-Control: public, max-age=900

Location: https://r4---sn-vgqsknld.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777249897,&mh=vq&pl=47&rms=ltu,ltu&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104,40&req_id=88dfa1a82be4173b&rm=sn-bg0e6676,sn-bg0ezs7e&ipbypass=yes&redirect_counter=3&cms_redirect=yes&cmsv=e&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=39&mn=sn-vgqsknld&ms=ltr&mt=1777249513&mv=u&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=86400

Content-Disposition: attachment

Content-Length: 1211065826

Content-Security-Policy: default-src 'none'

Content-Type: application/zip

Etag: "30cc26a"

Server: downloads

Vary: Accept-Encoding

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Identity-Content-Length: 1211065826

X-Xss-Protection: 0

Date: Mon, 27 Apr 2026 00:09:42 GMT

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT

Connection: keep-alive

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"

Whois:vgqsknld&ms=ltr&mt=1777248255&mv=m&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=86400

Content-Disposition: attachment

Content-Length: 1211065826

Content-Security-Policy: default-src 'none'

Content-Type: application/zip

Etag: "30cc26a"

Server: downloads

Vary: Accept-Encoding

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Identity-Content-Length: 1211065826

X-Xss-Protection: 0

Date: Mon, 27 Apr 2026 00:09:42 GMT

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT

Connection: keep-alive

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"

Whois:

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4515

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;sterracotacolor.cfd. IN A

;; ANSWER SECTION:

sterracotacolor.cfd. 300 IN A 104.21.11.24

sterracotacolor.cfd. 300 IN A 172.67.165.18

  "domain": "sterracotacolor.cfd",

  "base_domain": "sterracotacolor.cfd",

  "dnssec": false,

  "soa": {

    "record": "athena.ns.cloudflare.com. dns.cloudflare.com. 2402526591 10000 2400 604800 1800",

    "values": {

      "primary_nameserver": "athena.ns.cloudflare.com",

      "rname_email_address": "dns@cloudflare.com",

      "serial": 2402526591,

      "refresh": 10000,

      "retry": 2400,

      "expire": 604800,

      "minimum": 1800

    }

  },

  "ns": {

    "hostnames": [

      "athena.ns.cloudflare.com",

      "grant.ns.cloudflare.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

}

Golpe: Simples Nacional DAS Mensal disponível para pagamento!!

Email: documentos@relatorios07g.sterracotacolor.cfd

pgdas@relatorios07g.sterracotacolor.cfd

contato@relatorios07g.sterracotacolor.cfd

Link do phishing:https://13.49.167.72.host.secureserver.net/L105qsdMN6.qa.6q6D5NM4qsq/hN2qqJ5q9J4M6R2/ycldhia3C/31307033/yaNHOdvWXiOnKDVkhNqvNi/83500941043

Estrutura do phishing:

HTTP/1.1 302 Found

Date: Mon, 27 Apr 2026 00:09:15 GMT

Server: Apache/2.4.58 (Ubuntu)

Set-Cookie: PHPSESSID=m5p50pllkq5gj6u5s0bark76sa; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Location: https://redirector.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip

Content-Type: text/html; charset=UTF-8

HTTP/2 302 

date: Mon, 27 Apr 2026 00:09:21 GMT

pragma: no-cache

expires: Fri, 01 Jan 1990 00:00:00 GMT

cache-control: no-cache, must-revalidate

x-content-type-options: nosniff

location: https://r4---sn-8xa2gvcg-cnce.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?cms_redirect=yes&met=1777248561,&mh=vq&mip=192.145.214.0&mm=28&mn=sn-8xa2gvcg-cnce&ms=nvh&mt=1777248150&mv=u&mvi=4&pl=24&rms=nvh,nvh&shardbypass=sd

content-type: text/html; charset=UTF-8

server: ClientMapServer

content-length: 513

x-xss-protection: 0

x-frame-options: SAMEORIGIN

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:09:26 GMT

Expires: Mon, 27 Apr 2026 00:24:26 GMT

Cache-Control: public, max-age=900

Location: https://r5---sn-2obg05-ja.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248566,&mh=vq&pl=24&rms=onc,onc&shardbypass=sd&redirect_counter=1&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80&req_id=8dea52e8d443f611&cms_redirect=yes&mip=192.145.214.0&mm=42&mn=sn-2obg05-ja&ms=onc&mt=1777248274&mv=m&mvi=5&rmhost=r1---sn-2obg05-ja.gvt1.com&smhost=r3---sn-bg0s7n7l.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:09:31 GMT

Expires: Mon, 27 Apr 2026 00:24:31 GMT

Cache-Control: public, max-age=900

Location: https://r1---sn-bg0e6nls.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248571,&mh=vq&pl=47&rms=onc,onc&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104&req_id=8dea52e8d443f611&redirect_counter=2&rm=sn-bg0e6676&cms_redirect=yes&ipbypass=yes&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=42&mn=sn-bg0e6nls&ms=onc&mt=1777248254&mv=u&mvi=1&rmhost=r5---sn-bg0e6nls.gvt1.com&smhost=r3---sn-bg0e6nle.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 302 Found

Last-Modified: Wed, 02 May 2007 10:26:10 GMT

Date: Mon, 27 Apr 2026 00:09:37 GMT

Expires: Mon, 27 Apr 2026 00:24:37 GMT

Cache-Control: public, max-age=900

Location: https://r4---sn-vgqsknld.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248577,&mh=vq&pl=47&rms=ltu,ltu&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104,40&req_id=8dea52e8d443f611&rm=sn-bg0e6676,sn-bg0ezs7e&ipbypass=yes&redirect_counter=3&cms_redirect=yes&cmsv=e&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=39&mn=sn-vgqsknld&ms=ltr&mt=1777248255&mv=m&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com

Content-Length: 0

Connection: close

Vary: Origin

X-Content-Type-Options: nosniff

Content-Type: text/html

Server: gvs 1.0

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=86400

Content-Disposition: attachment

Content-Length: 1211065826

Content-Security-Policy: default-src 'none'

Content-Type: application/zip

Etag: "30cc26a"

Server: downloads

Vary: Accept-Encoding

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Identity-Content-Length: 1211065826

X-Xss-Protection: 0

Date: Mon, 27 Apr 2026 00:09:42 GMT

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT

Connection: keep-alive

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"

Whois:

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4515

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;sterracotacolor.cfd. IN A

;; ANSWER SECTION:

sterracotacolor.cfd. 300 IN A 104.21.11.24

sterracotacolor.cfd. 300 IN A 172.67.165.18

  "domain": "sterracotacolor.cfd",

  "base_domain": "sterracotacolor.cfd",

  "dnssec": false,

  "soa": {

    "record": "athena.ns.cloudflare.com. dns.cloudflare.com. 2402526591 10000 2400 604800 1800",

    "values": {

      "primary_nameserver": "athena.ns.cloudflare.com",

      "rname_email_address": "dns@cloudflare.com",

      "serial": 2402526591,

      "refresh": 10000,

      "retry": 2400,

      "expire": 604800,

      "minimum": 1800

    }

  },

  "ns": {

    "hostnames": [

      "athena.ns.cloudflare.com",

      "grant.ns.cloudflare.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

}

Golpe:Atualize a sua assinatura para continuar assistindo a Netflix

Email do Remetente:netflix17@aviso12.contavalidaseg.com

Dono do domínio:

Registry Registrant ID: 

Registrant Name: rafael, alex

Registrant Organization: 

Registrant Street: rua cole porter 17

Registrant City: sao paulo

Registrant State/Province: SP

Registrant Postal Code: 08255180

Registrant Country: BR

Registrant Phone: +55.11916822917

Registrant Phone Ext: 

Registrant Fax: 

Registrant Fax Ext: 

Registrant Email: alexrafaelars@gmail.com

Registry Admin ID: 

Registry Tech ID: 

Tech Name: rafael, alex

Tech Phone: +55.11916822917

Link da assinatura:https://fxn-te34t3k4eq-ew.a.run.app/

"domain": "contavalidaseg.com",

  "base_domain": "contavalidaseg.com",

  "dnssec": false,

  "soa": {

    "record": "NS1.BLUEHOST.com. root.BLUEHOST.com. 124080221 10800 3600 604800 3600",

    "values": {

      "primary_nameserver": "NS1.BLUEHOST.com",

      "rname_email_address": "root@BLUEHOST.com",

      "serial": 124080221,

      "refresh": 10800,

      "retry": 3600,

      "expire": 604800,

      "minimum": 3600

    }

  },

  "ns": {

    "hostnames": [

      "ns1.bluehost.com",

      "ns2.bluehost.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [],

    "warnings": []

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": null,

    "valid": false,

    "void_dns_lookups": null,

    "error": "An SPF record does not exist."

  },

  "dmarc": {

    "record": null,

    "location": null,

    "valid": false,

    "error": "A DMARC record does not exist."

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

  }

Estrutura do phishing:

content-type: text/html; charset=UTF-8

location: https://filmesflixuhdbr.reativeconta.com/wnf4e6d8717/d5e7f9a2b4c6e8f0a3b5c7d9e1f3a6b8/

x-cloud-trace-context: a2c1d2dff148d3553cf1e73238d6df20;o=1

date: Sun, 26 Apr 2026 14:24:58 GMT

server: Google Frontend

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/1.1 302 Found

Date: Sun, 26 Apr 2026 14:25:01 GMT

Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7

X-Powered-By: PHP/7.4.7

Location: https://google.com

Content-Type: text/html; charset=UTF-8

HTTP/2 301 

location: https://www.google.com/

content-type: text/html; charset=UTF-8

content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-1GfMzKLiIudpLhbnawgDNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp

date: Sun, 26 Apr 2026 14:25:10 GMT

expires: Tue, 26 May 2026 14:25:10 GMT

cache-control: public, max-age=2592000

server: gws

content-length: 220

x-xss-protection: 0

x-frame-options: SAMEORIGIN

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/2 200 

content-type: text/html; charset=ISO-8859-1

content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-LNFPKkmdecf3X1R4FpzfBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp

accept-ch: Sec-CH-Prefers-Color-Scheme

p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."

date: Sun, 26 Apr 2026 14:25:15 GMT

server: gws

x-xss-protection: 0

x-frame-options: SAMEORIGIN

expires: Sun, 26 Apr 2026 14:25:15 GMT

cache-control: private

set-cookie: AEC=AaJma5tEBi9VScbyAxxlLdOoAHmH_EkUD4DHgZrjqDeY8FnLcC0abrvmMfQ; expires=Fri, 23-Oct-2026 14:25:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax

set-cookie: NID=530=UiSYqDB3io9IlmoxKCLVdyC4_JtXnA0TqcUZAyiK_xi2TR8ah2i1Gp2i88pKOHFeyyyFuvDtUIMXaudiVqkwLueOZvs-QMjVk501BwOcbrtZBMWy9hu7p2ko5sjkiFw7iWvW1SzCuKD4pddQgSg5tFy40TRN-046VPGnMXNMpMmyeT3iLKgLAd7k0OQXaF6deVh8Iu0sK4EiVDSX1o4Cah0uHAkI5Q; expires=Mon, 26-Oct-2026 14:25:15 GMT; path=/; domain=.google.com; HttpOnly

set-cookie: __Secure-BUCKET=CKsF; expires=Fri, 23-Oct-2026 14:25:15 GMT; path=/; domain=.google.com; Secure; HttpOnly

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Golpe: Vivo Empresas:Sua fatura chegou !!!

Email remetente:

noreply@business.perfectlogisticsbd.com

Link da fatura:https://handbid.app.link/AStKfkntv2b

Estrutura do phishing:

HTTP/2 200 

content-type: text/html; charset=utf-8

content-length: 11988

server: openresty

date: Sun, 26 Apr 2026 13:05:33 GMT

accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model

set-cookie: _s=ddN2oCVpxMuuJG7DenAMwn8ZHGr2DUFNLsrkgSrSp9XyrEGC8rlaoLiida18X4Va; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Mon, 26 Apr 2027 13:05:33 GMT; Secure

last-modified: Sun, 26 Apr 2026 13:05:33 GMT

content-security-policy: frame-ancestors 'self'

etag: W/"2ed4-yuqzLk9uVrCNsr3aSzE8G9lutXg"

strict-transport-security: max-age=31536000; includeSubDomains

x-cache: Miss from cloudfront

via: 1.1 effdc374afee94e7da21facc30630a84.cloudfront.net (CloudFront)

x-amz-cf-pop: GIG52-P2

x-amz-cf-id: ke0p2r26Oeza1WqknoXtK-uIS8IrAifH78sMhTm1qEoJw9-5LnzMcA==

Whois Domínio:

Domain Name: perfectlogisticsbd.com

Registry Domain ID: 3013667069_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.discount-domain.com

Registrar URL: http://www.onamae.com

Updated Date: 2025-09-04T13:30:12Z

Creation Date: 2025-08-26T09:48:34Z

Registrar Registration Expiration Date: 2026-08-26T09:48:34Z

Registrar: GMO Internet, Inc.

Registrar IANA ID: 49

Registrar Abuse Contact Email: abuse@internet.gmo

Registrar Abuse Contact Phone: +81.337709199

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: Not Available From Registry

Registrant Name: Whois Privacy Protection Service by onamae.com

Registrant Organization: Whois Privacy Protection Service by onamae.com

Registrant Street: 26-1 Sakuragaoka-cho

Registrant Street: Cerulean Tower 11F

Registrant City: Shibuya-ku

Registrant State/Province: Tokyo

Registrant Postal Code: 150-8512

Registrant Country: JP

Registrant Phone: +81.354562560

Registrant Phone Ext:

Registrant Fax:

Registrant Fax Ext:

Registrant Email: proxy@whoisprotectservice.com

Registry Admin ID: Not Available From Registry

Admin Name: Whois Privacy Protection Service by onamae.com

Admin Organization: Whois Privacy Protection Service by onamae.com

Admin Street: 26-1 Sakuragaoka-cho

Admin Street: Cerulean Tower 11F

Admin City: Shibuya-ku

Admin State/Province: Tokyo

Admin Postal Code: 150-8512

Admin Country: JP

Admin Phone: +81.354562560

Admin Phone Ext:

Admin Fax:

Admin Fax Ext:

Admin Email: proxy@whoisprotectservice.com

Registry Tech ID: Not Available From Registry

Tech Name: Whois Privacy Protection Service by onamae.com

Tech Organization: Whois Privacy Protection Service by onamae.com

Tech Street: 26-1 Sakuragaoka-cho

Tech Street: Cerulean Tower 11F

Tech City: Shibuya-ku

Tech State/Province: Tokyo

Tech Postal Code: 150-8512

Tech Country: JP

Tech Phone: +81.354562560

Tech Phone Ext:

Tech Fax:

Tech Fax Ext:

Tech Email: proxy@whoisprotectservice.com

Name Server: nsbd1.hostseba.com

Name Server: nsbd2.hostseba.com

DNSSEC: unsigned

--------------------------------------------------

"domain": "perfectlogisticsbd.com",

  "base_domain": "perfectlogisticsbd.com",

  "dnssec": false,

  "soa": {

    "record": "nsbd1.hostseba.com. root.alpha.hostseba.com. 2026041849 3600 1800 1209600 86400",

    "values": {

      "primary_nameserver": "nsbd1.hostseba.com",

      "rname_email_address": "root@alpha.hostseba.com",

      "serial": 2026041849,

      "refresh": 3600,

      "retry": 1800,

      "expire": 1209600,

      "minimum": 86400

    }

  },

  "ns": {

    "hostnames": [

      "nsbd2.hostseba.com",

      "nsbd1.hostseba.com"

    ],

    "warnings": []

  },

  "mx": {

    "hosts": [

      {

        "preference": 0,

        "hostname": "perfectlogisticsbd.com",

        "addresses": [

          "103.65.138.22"

        ],

        "dnssec": false,

        "tls": false,

        "starttls": false

      }

    ],

    "warnings": [

      "perfectlogisticsbd.com: SMTP error code Connection unexpectedly closed: timed out"

    ]

  },

  "mta_sts": {

    "valid": false,

    "error": "An MTA-STS DNS record does not exist."

  },

  "spf": {

    "record": "v=spf1 +a +mx +ip4:103.65.138.22 +ip4:103.174.152.66 ~all",

    "valid": true,

    "dns_lookups": 2,

    "void_dns_lookups": 0,

    "warnings": [],

    "parsed": {

      "mechanisms": [

        {

          "action": "pass",

          "mechanism": "a",

          "value": "perfectlogisticsbd.com",

          "dns_lookups": 1,

          "void_dns_lookups": 0,

          "addresses": [

            "103.65.138.22"

          ]

        },

        {

          "action": "pass",

          "mechanism": "mx",

          "value": "perfectlogisticsbd.com",

          "dns_lookups": 1,

          "void_dns_lookups": 0,

          "hosts": [

            {

              "preference": 0,

              "hostname": "perfectlogisticsbd.com"

            }

          ]

        },

        {

          "action": "pass",

          "mechanism": "ip4",

          "value": "103.65.138.22"

        },

        {

          "action": "pass",

          "mechanism": "ip4",

          "value": "103.174.152.66"

        }

      ],

      "redirect": null,

      "exp": null,

      "all": "softfail"

    }

  },

  "dmarc": {

    "record": "v=DMARC1; p=none;",

    "location": "perfectlogisticsbd.com",

    "valid": true,

    "warnings": [

      "A p tag value of none makes DMARC unenforced on email sent as perfectlogisticsbd.com.",

      "rua tag (destination for aggregate reports) not found."

    ],

    "tags": {

      "v": {

        "value": "DMARC1",

        "explicit": true

      },

      "p": {

        "value": "none",

        "explicit": true

      },

      "adkim": {

        "value": "r",

        "explicit": false

      },

      "aspf": {

        "value": "r",

        "explicit": false

      },

      "fo": {

        "value": "0",

        "explicit": false

      },

      "pct": {

        "value": 100,

        "explicit": false

      },

      "psd": {

        "value": "u",

        "explicit": false

      },

      "rf": {

        "value": "afrf",

        "explicit": false

      },

      "ri": {

        "value": 86400,

        "explicit": false

      },

      "t": {

        "value": "n",

        "explicit": false

      },

      "sp": {

        "value": "none",

        "explicit": false

      },

      "np": {

        "value": "none",

        "explicit": false

      }

    }

  },

  "smtp_tls_reporting": {

    "valid": false,

    "error": "An SMTP TLS Reporting record does not exist."

  },

  "bimi": {

    "record": null,

    "valid": false,

    "selector": "default",

    "error": "A BIMI record does not exist at the default selector."

Golpe : PicPay - Seu PicPay Card ta liberado! Aproveite ainda hoje, pois a oferta sem anuidade pode expirar. Peça o seu!!!

Link :https://go.picpay.me/Up

Tipo do Golpe: Phishing/malware

Alvo: Clientes do Picpay

Estrutura do phishing:

date: Sun, 26 Apr 2026 02:29:39 GMT

content-type: text/html; charset=utf-8

content-length: 92

cache-control: private, max-age=90

content-security-policy: referrer always;

location: https://picpay.onelink.me/No7S/41wtcdcy

referrer-policy: unsafe-url

set-cookie: _bit=q3q2tD-b6ed1d570776f10734-00V; Domain=go.picpay.me; Expires=Fri, 23 Oct 2026 02:29:39 GMT

strict-transport-security: max-age=1209600

via: 1.1 google

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HTTP/2 301 

content-type: application/octet-stream

content-length: 0

location: https://picpay.com/baixar-o-app-picpay?source_caller=ui&shortlink=41wtcdcy&c=onelink_card_upgrade&pid=onelink_card_upgrade&deep_link_value=picpay%3A%2F%2Fpicpay%2Fcard%2Fregister%2Fhybrid&af_xp=custom&af_force_deeplink=true

date: Sun, 26 Apr 2026 02:29:45 GMT

strict-transport-security: max-age=31536000; includeSubDomains

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List

cache-control: no-cache, no-store

x-cache: Miss from cloudfront

via: 1.1 1854e234bfccfb7a387b67a7feff26d2.cloudfront.net (CloudFront)

x-amz-cf-pop: GRU3-P1

x-amz-cf-id: M6xlOVYBpdscH3sx5DGnqlPVjD-5EcWtkAFoyiMRzYmKvZjiuMihvQ==

HTTP/2 404 

content-type: text/html; charset=utf-8

content-length: 897

cache-control: max-age=7200, s-maxage=172800, must-revalidate

last-modified: Fri, 27 Mar 2026 19:40:10 GMT

x-error: Lambda: x-error: failed to load /baixar-o-app-picpay.md from content-bus: 404

via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 cbccd49f9035581311c7cf9544e6a602.cloudfront.net (CloudFront)

x-timer: S1777018957.005888,VS0,VE0

accept-ranges: bytes

date: Sun, 26 Apr 2026 02:29:50 GMT

x-served-by: cache-iad-kcgs7200114-IAD, cache-iad-kcgs7200114-IAD, cache-gru-sbgr1930055-GRU

x-cache-hits: 0, 9, 0

strict-transport-security: max-age=31557600

vary: Accept-Encoding

x-cache: Error from cloudfront

x-amz-cf-pop: GRU1-P2

x-amz-cf-id: Vbay4Ib-l3G8k9-3jbAb-cBGmwG4OYnDUeBOnrobs5mSZM5cxwBzhQ==