Tuesday, September 19, 2023



Phishing analysis :

NOTE : S_57465594508@t-online.de
NOTE : antilles-guyane.bnpparibas@client.fr
NOTE : Received-Spf : ⁨None (mailfrom) identity=mailfrom;
NOTE : client-ip=; helo=mailout10.t-online.de;
NOTE : Received : ⁨from
NOTE : by cmpweb28.aul.t-online.de with HTTP/1.1
NOTE : (Lisa V7-5-8-0.0 on API V5-51-3-2);
NOTE : Received : ⁨from
NOTE : by spica03.mgt.mul.t-online.de:8080; NOTE : URL https://geniusinn.shop/
NOTE : +81354561601
NOTE : +81337805239
NOTE : newgtld@gmoregistry.com

Friday, September 8, 2023

Your Package Delivery (Scam)


I am writing you this email to bring to your attention that you have a package with us and we want to know when you will be available to receive it. Kindly reply back to us as soon as you receive this message.


Mr Patrick Clackson
Information Team
RoyalLink Cargo
And Logistics Company

Scam analysis :

NOTE : patrickclacksondelivery@outlook.com
NOTE : info@mail.com
NOTE : Your Package Delivery
NOTE : Received : ⁨from [] by simbioms.org with esmtpsa

Phishing Crédit Agricole (Phishing)

Crédit Agricole

Bonjour ,

Vous avez choisi de gérer vos comptes en ligne depuis le site credit-agricole.fr ou l'application Ma banque, mais vous n'avez pas encore activé votre numéro mobile dans votre profil.

ATTENTION : à partir du 10 Septembre 2023, l'accès à votre espace client et l'application mobile Ma Banque nécessiteront un code reçu par sms ou une notification d'authentification forte SécuriPass.

Ainsi, pour continuer à rester connecté sur votre compte , nous vous prions d'activer votre numéro de téléphone en cliquant ici.

Votre numéro de mobile est la première condition essentielle pour rester connecté. Pour toute question, vous pouvez contacter le numéro d'assistance 01 43 63 23 00 (appel local non surtaxé).

Merci de votre confiance,
Crédit Agricole.

©Crédit Agricole 2023
Ces nouvelles mesures renforcent la sécurité des accès en ligne à vos comptes par l'utilisation de l'authentification forte, conformément aux dernières exigences de la seconde directive européenne sur les services de paiements 2e version (dite DSP2) entrées en vigueur le 15/07/2023.

Email analysis :

NOTE : relation.clients@credit-agricole-ca.fr
NOTE : Received : ⁨from managergram.com ( by email.cloudflare.net (unknown) NOTE : smtp.remote-ip=⁩
Phishing analysis :

CLICK : "cliquant ici."
OPEN : https://sites.google.com/view/nkjui/accueil

CLICK : "cliquez ici"
OPEN : https://www.google.com/url?q=https%3A%2F%2Furlz.fr%2Fnr4w&sa=D&sntz=1&usg=AOvVaw2vya9EGOMkiYaRWszpmLcC
REDIRECT : Redirection to a corrupted Wordpress website.

Wednesday, August 23, 2023

Ne laissez pas les cybercriminels vous voler votre vie (Spam)

Cher ami,

Le mois dernier, j'ai fait une découverte qui a changé ma vie.

J'ai découvert que les cybercriminels ont été responsables de la plus grande fuite de données personnelles de l'histoire.

Des millions d'internautes ont été touchés par cette attaque, dont des milliers ont perdu leurs informations bancaires et leur sécurité financière.

Mais j'ai aussi découvert qu'il existe une solution.

Un service en ligne qui permet aux utilisateurs de vérifier si leurs données personnelles ont été compromis et qui leur donne les moyens d'assurer leur protection.

C'est une solution simple, pratique et efficace pour vous aider à prendre les précautions nécessaires pour protéger vos données personnelles et vos comptes en ligne.

Alors, si vous avez peur pour la sécurité de vos données personnelles, n'attendez plus et vérifiez-les aujourd'hui.

Entrez simplement votre adresse e-mail dans le formulaire ci-dessous et découvrez si vos données personnelles ont été compromis.

Se désabonner

Email analysis :

NOTE : Received : ⁨from 9hh00.yaatjam.info (ip167.ip-51-77-233.eu [])
NOTE : Return-Path : bounce@yaatjam.info⁩
NOTE : Pass (mailfrom) identity=mailfrom;
NOTE : client-ip=; helo=9hh00.yaatjam.info

Extractions :

DOM : ip167.ip-51-77-233.eu
IP :
LINK : https://www.kqzyfj.com/click-100942630-15494798
LINK : https://www.kqzyfj.com
LINK : https://legal.epsilon.com/us/privacy
LINK : https://yaatjam.info/
LINK : https://yaatjam.info/login
LINK : https://yaatjam.info/breach/
LINK : https://yaatjam.info/breach/?campaignid=cid*&userid=*
LINK : https://yaatjam.info/breach/privacy.php

Conclusions :

NOTE : Construction de fichiers PII.
NOTE : Inaction de la société OVH. (
NOTE : Utilisation de nombreux domaines.
NOTE : Rentablisation via des liens AFF.

Tuesday, August 22, 2023

Don't miss your unsettled payment. Complete your debt payment now. (BTC Scam)

Hi there!

I regret to inform you about some sad news for you.
Approximately a month or two ago I have succeeded to gain a total access to all your devices utilized for browsing internet.
Moving forward, I have started observing your internet activities on continuous basis.

Go ahead and take a look at the sequence of events provided below for your reference:
Initially I bought an exclusive access from hackers to a long list of email accounts (in today's world, that is really a common thing, which can arranged via internet).
Evidently, it wasn't hard for me to proceed with logging in your email account (*@*).

Within the same week, I moved on with installing a Trojan virus in Operating Systems for all devices that you use to login to email.
Frankly speaking, it wasn't a challenging task for me at all (since you were kind enough to click some of the links in your inbox emails before).
Yeah, geniuses are among us.

Because of this Trojan I am able to gain access to entire set of controllers in devices (e.g., your video camera, keyboard, microphone and others).
As result, I effortlessly downloaded all data, as well as photos, web browsing history and other types of data to my servers.
Moreover, I have access to all social networks accounts that you regularly use, including emails, including chat history, messengers, contacts list etc.
My unique virus is incessantly refreshing its signatures (due to control by a driver), and hence remains undetected by any type of antiviruses.

Hence, I guess by now you can already see the reason why I always remained undetected until this very letter...

During the process of compilation of all the materials associated with you,
I also noticed that you are a huge supporter and regular user of websites hosting nasty adult content.
Turns out to be, you really love visiting porn websites, as well as watching exciting videos and enduring unforgettable pleasures.
As a matter of fact, I was not able to withstand the temptation, but to record certain nasty solo action with you in main role,
and later produced a few videos exposing your masturbation and cumming scenes.

If until now you don't believe me, all I need is one-two mouse clicks to make all those videos with everyone you know,
including your friends, colleagues, relatives and others.
Moreover, I am able to upload all that video content online for everyone to see.
I sincerely think, you certainly would not wish such incidents to take place, in view of the lustful things demonstrated in your commonly watched videos,
(you absolutely know what I mean by that) it will cause a huge adversity for you.

There is still a solution to this matter, and here is what you need to do:
You make a transaction of $1490 USD to my account (an equivalent in bitcoins, which recorded depending on the exchange rate at the date of funds transfer),
hence upon receiving the transfer, I will immediately get rid of all those lustful videos without delay.
After that we can make it look like there was nothing happening beforehand.
Additionally, I can confirm that all the Trojan software is going to be disabled and erased from all devices that you use. You have nothing to worry about,
because I keep my word at all times.

That is indeed a beneficial bargain that comes with a relatively reduced price,
taking into consideration that your profile and traffic were under close monitoring during a long time frame.
If you are still unclear regarding how to buy and perform transactions with bitcoins - everything is available online.

Below is my bitcoin wallet for your further reference:1HTxR4q4vxQKxtCXB95tdSC5xtsa2uPcMP

All you have is 48 hours and the countdown begins once this email is opened (in other words 2 days).

The following list includes things you should remember and avoid doing:
There's no point to try replying my email (since this email and return address were created inside your inbox).
There's no point in calling police or any other types of security services either. Furthermore, don't you dare sharing this info with any of your friends.
If I discover that (taking into consideration my skills, it will be really simple, because I control all your systems and continuously monitor them) -
your nasty clip will be shared with public straight away.
There's no point in looking for me too - it won't result in any success. Transactions with cryptocurrency are completely anonymous and untraceable.
There's no point in reinstalling your OS on devices or trying to throw them away. That won't solve the issue,
since all clips with you as main character are already uploaded on remote servers.

Things that may be concerning you:
That funds transfer won't be delivered to me.
Breathe out, I can track down everything right away, so once funds transfer is finished,
I will know for sure, since I interminably track down all activities done by you (my Trojan virus controls all processes remotely, just as TeamViewer).
That your videos will be distributed, even though you have completed money transfer to my wallet.
Trust me, it is worthless for me to still bother you after money transfer is successful. Moreover, if that was ever part of my plan, I would do make it happen way earlier!

We are going to approach and deal with it in a clear manner!

In conclusion, I'd like to recommend one more thing... after this you need to make certain you don't get involved in similar kind of unpleasant events anymore!
My recommendation - ensure all your passwords are replaced with new ones on a regular basis.

Scam analysis :

NOTE : Spoofing
NOTE : Received : ⁨from 58-27-133-42.wateen.net (unknown [])
NOTE : BTC / 1HTxR4q4vxQKxtCXB95tdSC5xtsa2uPcMP

United Bank For Africa -dO--A-M


My Name is Kennedy Uzoka the director cash processing unit, united bank for Africa [UBA}.

The international monetary fund (I.M.F.) in conjunction with Organization of African Unity (O.A.U) has directed us to pay you One million five hundred thousand united state dollars ($1.500, 000.00/-USD) in cash through means of diplomatic courier service hand delivery.

Take note: Three thousand united state dollars ($3,000.00/- USD) have been mapped out for all expenses in taxes and other documents that matters.

Therefore, do forward your home address and direct phone number to me for quick delivery because time is not in our side.

Please reply/direct your email to this
Email: kenuzokaunitedbankforafrica@gmail.com


Kennedy Uzoka
Director cash processing unit
united bank for Africa. (U.B.A).
Email : kenuzokaunitedbankforafrica@gmail.com

Email analysis :

NOTE : kenuzokaunitedbankforafrica@gmail.com
NOTE : doris@mail.la-espero.cn
NOTE : Received : ⁨from mail.la-espero.cn (mail.la-espero.cn [])
NOTE : Received : ⁨from (HELO USER);