Thursday, April 27, 2017


Greeting !

How are you? My name is Kayla Morni Mohd, a Citizen of Syria lived in Aleppo- Syria., I'm one of the former senior inspector for Syria National Petroleum Company(Kawkab Oil Company). I have Business investment transaction worth $8.2 Million. I will like to relocate out from Syria, Because here in Syria is serious war here. I wait to hear from you as soon as you see this message


Kayla Morni Mohd

Email analysis :

NOTE : X-Originating-Ip : []

Crédit Mutuel de Bretagne


Nous tenons de vous informer que vous avez un nouveau message.
Pour consulter votre boite de messagerie cliquez sur le lien ci-dessous :

Consulter la boite de messagerie

Laurent Biojoux,
Directeur de la Relation Clients

Crédit Mutuel de Bretagne

Veuillez ne pas répondre à cet email car les messages reçus à cette adresse ne sont pas lus. Pour
nous contacter, connectez-vous à votre compte et cliquez sur Contact en bas de n'importe quelle page.

Email analysis :

NOTE : Cmm-Sending-Ip :

Phishing was sent via this ip :

Phishing analysis :

CLICK : Consulter la boite de messagerie

tinyurl hosted a redirect to a phishing

AUTOMATIC USPS statement: your package has been postponed

This is an automatic message: you are obliged to read this letter to accept
the order.
Please, use the link seen down below to contact the USPS support team.

Thanks and best regards.
Takeisha Wernecke - USPS Senior Station Manager.

Email analysis :

NOTE : USPS Priority
NOTE : Received : from (unknown [])
NOTE : User-Agent : Opera Mail/10.62 (Win32)

Phishing analysis :

RESULT : Phishing is unresponsive... analysis :

Registrant Email:
Updated Date: 2016-11-01T18:00:21
Creation Date: 2009-08-02T04:33:23
Registry Expiry Date: 2017-08-02T04:33:23 analysis :

Updated Date: 2017-04-24T17:04:10
Creation Date: 2017-04-24T00:00:00
Registrar Registration Expiration Date: 2018-04-24T00:00:00
Registrar Abuse Contact Email:
Registrant Name: Wuxi Yilian LLC
Registrant Organization: Wuxi Yilian LLC
Registrant Street: No.1001 Anling Road
Registrant City: Xiamen
Registrant State/Province: Fujian
Registrant Postal Code: 361008
Registrant Country: cn
Registrant Phone: +86.5922577888
Registrant Fax: +86.5922179606
Registrant Email:

Tuesday, April 25, 2017

Hi (Donation Scam)


Donation proposal for you, Contact me for more details.


Email analysis :

NOTE : Received : from ([::1])
NOTE : by ([::1])
NOTE : Received : from (
NOTE : by (
NOTE : Received : from (
NOTE : by (
NOTE : Received : from ( []) server was used to relay this scam.

NOTE : X-Originating-Ip : []

Scammer from

NOTE : server was used to relay this scam server was used to relay this scam

NOTE : jimenezm319 account was used to relay this scam.
NOTE : @collegedupage server was used to relay a scam.

Compensation Settlement On Escrow Accounts. (IMF Scam)


Attention Beneficiary

This is to formally inform you that your file on your fund transfer has reached Mr. Carla Grasso Managing Director of the IMF(The International Monetary Fund). We are also aware that your transaction has been dormant for a while now, and we will like to know why. It will be in your own interest to get back to the department director Mr David who is in charge of the transfer unit of IMF, get back to him as soon as possible, failure to do so we shall confiscate your funds to charity.

Fill Out the information to him if you are ready to get your FUNDS

Your Full Name:...............
Direct Phone:....................
Bank details.............
A Scan Copy Of Your Identity Card Or Drivers License.

And take note any other email you receive form anybody claiming to have your fund should be sent to this office and you are advised to stop any transaction or payment to the institutions who have been in contact with you lately for they are scam and the FBI and EFCC are after them,so be smart the IMF is now in-charge of all dept .

We await your reply.

Have a good day.

Department Director
Mr. David Hanks

Email analysis :

NOTE : Received : from
NOTE : ( [])

Scammer with the IP


Monday, April 24, 2017

Scan Data (VIRUS)

Number of images: 1
Attachment File Type: PDF

Description *

File analysis :

OPEN : Scan_*.pdf
SHA256 : d1efbca78f8847005a369ec24155723ccd257e58cd282429cc04f76f898743b7

Virus analysis :

Antiy-AVL : Trojan[Downloader]/MSWord.Agent.bgy
Baidu : Multi.Threats.InArchive
CAT-QuickHeal : O97M.Downloader.AJI
ClamAV : Doc.Dropper.Dridex-6260340-0
Fortinet : WM/TrojanDownloader.7A51!tr
McAfee : W97M/Downloader.brv
McAfee-GW-Edition : BehavesLike.PDF.Trojan.qb
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Qihoo-360 :
Rising : Heur.Macro.Downloader.d (cloud:UJEmOxwGVqO)
TrendMicro : HEUR_VBA.O2
ZoneAlarm by Check Point : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : Received : from (unknown [])
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1)
NOTE : Gecko/20110929 Thunderbird/7.0.1
NOTE : Received : from gra-PC (unknown [])

NOTE : Street view of

IP :



Congratulations! You e-mail has just won you the sum of $1,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you by the National Lottery Secretary, Barrister. Mark Knox. Please contact him with your Qualification Number[OXG /101/231/BDB] as soon as possible.

Barrister. Mark Knox
National Lotto Secretary

Email analysis :


A governmental vietnamese website was used to relay a scam.

NOTE : Received : from ([])
NOTE : by (IBM Domino Release 9.0 HF683)
NOTE : Received : from ( []) was used to relay a scam.

NOTE : A governmental vietnamese website was used to relay a scam.

Vous avez de nouveau message ( Phishing Société Générale )

Cher(e) Client(e),

Votre conseiller vous informe que vous avez reçu un message important

conçernant votrecPass ,


Société Générale


Email analysis :

NOTE : X-Php-Originating-Script : 0:njd.php
NOTE : Received : by (Postfix, from userid 33)
NOTE : Received : from ([])

Phishing from

Phishing analysis :

CLICK : eAccèsuàxvosxcomptes
RESULT : Phishing attempt...

Affected services :

NOTE : (Spoofed email.)
NOTE : ( (Relaying the phishing email.)
NOTE : (Hosting the redirect to the phishing.)
NOTE : (Hosting the phishing.)
NOTE : Société Générale (Victim.)

Banco Santander (Brasil) S.A. | Evite Bloqueio de sua conta (*) (Phishing Attempt)

Banco Santander S.A.

Prezado(a) Cliente,

Comunicamos que seus dados cadastrais encontram-se desatualizados em nosso sistema.Para que você possa desfrutar dos benefícios com comodidade e segurança, pedimos que você efetue a Atualização Cadastral de Segurança imposta pelo nosso sistema.

Este procedimento deve ser efetuado, evitando o bloqueio aos canais Santander tais como Telefone, Internet Banking e Caixas Eletrônicos.

Para evitar a suspensão automática desses serviços, habilite suas atualizações clicando no botão abaixo.
Este recurso só é ativado se você aceitar, e é atualizado a partir de servidores certificados..

Deseja confirmar suas definições de segurança?


Banco Santander (Brasil) S.A. CNPJ: 90.400.888/0001-42 Avenida Presidente Juscelino Kubitschek, 2041 e 2235 - Bloco A, Vila Olímpia, São Paulo/SP - CEP 04543-011

Screenshot of the phishing :


Email analysis :

NOTE : Received : by
NOTE : (Postfix, from userid 33)

NOTE : X-Mailer : Microsoft Office Outlook, Build 17.551210
NOTE : X-Mailer : iGMail []

Phishing analysis :

CLICK : Confirmar
RESULT : Phishing is unresponsive...