← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The French 2-Step: Exposing a Multi-stage Scam Targeting the National Railway Company in France
WHITE PetrP.73 2026-05-14 Modified: 2026-05-14
45
IOCs
MEDIUM VOLUME
A sophisticated and multi-stage scam targeting customers of the French national railway company, SNCF, exemplifies the current evolution of online fraud utilizing phishing and social engineering techniques. The scheme operates by exploiting both the emotional state of victims and brand recognition, leading to financial losses through a two-part approach that culminates in unauthorized transactions.
emailphonefraud
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (45)
All IPv4 URL domain email
TYPEINDICATORDESCRIPTIONCREATED
IPv4 185.178.208.163 CC=RU ASN=AS57724 ddos guard ltd 2026-05-14
IPv4 185.221.19.8 CC=ES ASN=AS201942 soltia consulting sl 2026-05-14
IPv4 185.225.210.8 CC=DE ASN=AS13213 uk-2 limited 2026-05-14
IPv4 103.224.182.242 CC=AU ASN=AS133618 trellian pty. limited 2026-05-14
IPv4 176.65.139.100 CC=DE ASN=ASNone 2026-05-14
IPv4 185.161.209.176 CC=NL ASN=AS42159 zemlyaniy dmitro leonidovich 2026-05-14
IPv4 193.143.1.151 CC=GB ASN=AS57271 bitweb llc 2026-05-14
IPv4 45.125.66.34 CC=LT ASN=AS133398 tele asia limited 2026-05-14
IPv4 91.215.85.183 CC=RU ASN=AS34665 petersburg internet network ltd. 2026-05-14
URL http://avantages-promotion-sncf.com/offres/ 2026-05-14
URL http://carte-avantage-promotion.com/offres/ 2026-05-14
URL http://lesavantagesdesoffres.com/ 2026-05-14
URL http://macarteavantage.live/promo/catalogue 2026-05-14
URL http://promotion-avantages.com/pages/login.php 2026-05-14
URL http://sncf-avantage.com/pages/login.php 2026-05-14
URL http://sncf-connect-affiliation.com/ 2026-05-14
URL http://sncf-espaceoffres.com/pages/login.php 2026-05-14
URL http://sncf-offre-avantages.com/pages/login.php 2026-05-14
URL http://sncf-pass-avantages.com/pages/login.php 2026-05-14
URL http://sncfcarte-avantages.com/pages/login.php 2026-05-14
URL http://sncfoffre-avantages.com/pages/login.php 2026-05-14
domain avantages-promotion-sncf.com 2026-05-14
domain carte-avantage-promotion.com 2026-05-14
domain lesavantagesdesoffres.com 2026-05-14
domain macarteavantage.live 2026-05-14
domain promotion-avantages.com 2026-05-14
domain sncf-avantage.com 2026-05-14
domain sncf-connect-affiliation.com 2026-05-14
domain sncf-espaceoffres.com 2026-05-14
domain sncf-offre-avantages.com 2026-05-14
domain sncf-pass-avantages.com 2026-05-14
domain sncfcarte-avantages.com 2026-05-14
domain sncfoffre-avantages.com 2026-05-14
email ebusinessgroup@zenithbank.com 2026-05-14
email equipe-sncf@carte-avantagepromo.eu1.r.hs-inbox.com 2026-05-14
email info@mail.sncfconnect.com 2026-05-14
email mail@info-sncf-connect.com 2026-05-14
email merci@mail-redirect-promotion.com 2026-05-14
email merci@mail-sncf-connect.com 2026-05-14
email merci@sncf.connect-commande.com 2026-05-14
email newsletter@businessmint.com 2026-05-14
email newsletter@zenithbank.com 2026-05-14
email no-reply@beyondcool.co.jp 2026-05-14
email noreply@ambassador-cloud.biz 2026-05-14
email sncfconnect@t-mail-avantages.com 2026-05-14
References (1)
↗ https://www.group-ib.com/blog/french-railway-two-step-scam/