Thursday, January 22, 2015

Rép : Investment Proposal!!

Hello Dear

I crave your indulgence for the unsolicited nature of this letter, but it was borne out of desperation and current development. Please bear with me. I am Barrister Herbert Smith a solicitor at law, I have a client that wish to invest her financial estate in your Country.

This requires a private arrangement though details of the transaction will be furnish to you once you indicate positive interest in this proposal.

We have all the legal documents to back up this transaction, besides we have worked out the best possible means to ensure smooth and risk free transfer. We are willing to offer you 15% of the total fund and additional 10% from return on investment (ROI), the fund in question is quite large. All correspondences will be via email for now. I await your prompt reply, if you are willing to partner us on this project, do send your response to my private email address

Please note that this is not scam, but legitimate business offer.

Thanks,

Yours Faithfully,

Herbert Smith Esq

Email analyis :

NOTE : herbertsmith@zing.vn
NOTE : herbertsmith.careyolsenlawfirm@gmail.com
NOTE : REMOTE : 94.70.229.61 (mail.kaldi.gr)
NOTE : Received : from [10.187.252.230] ([41.203.64.132])


NOTE : by kaldi.gr with Microsoft SMTPSVC

Answer to : "Please note that this is not scam, but legitimate business offer"

Recipe for a good scam :

- Two fake emails.
- One hacked email server. (mail.kaldi.gr)
- One IP from Nigeria. (41.203.64.132)

PROPOSITION:..!

Mr. LEGAIL MARIE
Pretoria South Africa.

Greeting!!!

I am Mr. Legail Marie, The Bill and Exchange Manager of one Leading BANK in SOUTH AFRICA and I am contacting you on a business transfer of a huge sum of money from a Supposed deceased account. Though I know that a transaction of this magnitude will make any one apprehensive and worried, but I am assuring you that all will be well at the end of the day. I decided to contact you due to the urgency of this transaction.

PROPOSITION:

I discovered an abandoned sum of US$11,500,000.00 (Eleven Million Five hundred thousand United States dollars) in an account that belongs to one of our foreign customers who died along with his entire family with a Malaysian Airline Flight MH370, just recently Since his death, none of his next of kin or relations has come forward to lay claims for this money as the heir. We cannot release the fund from his account unless someone applies for claim as the next of kin to the deceased as indicated in our banking guidelines. Upon this discovery, I now seek your permission to have you stand as a next of kin to the deceased as all documentations will be carefully worked out by me for the funds of (US$11,500,000.00) to be released in your favor as the beneficiary's next of kin. It may interest you to know that I have secured from the probate an order of mandamus to locate any of deceased beneficiaries.

Please acknowledge receipt of this message in acceptance of our mutual business endeavor by furnishing me with the following:

1. Your full name and address:
2. Direct Telephone and fax numbers:

These requirements will enable me file letter of claim to the appropriate departments for necessary approvals in your favor before the transfer can be made. I shall be compensating you with three million five hundred thousand dollars on final conclusion of this project, while the rest shall be for my investment purposes in your country that you will propose to me. If this proposal is acceptable by you, I am waiting your positive respond with your full name and cell phone numbers so I can call you and explain more to you about the transfer modalities and procedures.

Please reply as soon as possible.

Best Regards,
Mr. Legail Marie.
Bill and Exchange Manager.

Email analysis :

NOTE : mr.legailmarie@virgilio.it
NOTE : wmichaelhimboah@webtgttt5.biz

Incoming Fax Report

************************************
INCOMING FAX REPORT
************************************

Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only

************************************

FAX-id9123912481712931.zip

Email analysis :

NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report

FAX-id9123912481712931.zip analysis :

AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122

Please help me urgently

Hi Dear,

I'm a lonely girl

The conflict in Ukraine occurred because of internal political developments.I am sitting on old wooden table in a cafe destroyed with bombardment,drinking from a little pot of tea, looking at my computer,and wondering whether you will decide to rescue me leave Ukraine.

I have now been here stranded for few weeks.I get little to eat and drink.I have seen some of my closest friends die in front of my eyes. My parents and only brother were killed in one day bombardment of the city hall.

This is a war crime who get to talk and who get to hear.Piles of bodies lie next to me at all times, wounded, dead, or even men and women whose minds have been destroyed by all that's going on around them.There are no words I could use to explain this disaster.Bombs are thrown around at every moment.I never know if one will hit me next.I fear I wont live to see tomorrow.Please pray for my life and well being.I’m not OK right now and I don’t know how long I can stay alive because of the amount of bombs they blown up over here.I can hardly sleep.It is so brutal down here Ukraine.

The scariest thing is when you get to know someone and then they just get killed right in front of you,that is very real and bloody. My parents and only brother become history.I can't believe I am here and I wake up every morning wondering if I will wake up tomorrow. Pray that the war is over soon so that I find way to the other part of Europe to claim my late father's money/gold.

I don't know if you can help me with money to try my escape route, if i have some money here, the red cross would help during seize fire windows which happens some days.if you can reply urgently i will be glad and explain to you how to get the money/gold to act as my investor when money/gold is retrieved from that holding company.

Please help me urgently.

Yours sincerely,

Ms. Alina Sushko

Email analysis :

NOTE : alinasushko@meta.ua
NOTE : w.u912@yahoo.pt

Assist Me And Benefit Allot !! 2015-22

Hi,

I am Capt. Benard R. Hall an officer of the U.S Army, I'm currently stationed in Aden city, Yemen and I need to know if you can assist me with the safe keeping of some packages. I'll give up more details as soon as I get a positive response, just bear in mind that this is not Illegal in anyway.

Yours in service

Capt. Benard R. Hall

Email analysis :

NOTE : infantry@gov.co.kr
NOTE : fightingstrong@surgical.net
NOTE : Received : from mail.finezone.co.kr (HELO finezone.co.kr) (211.239.155.132)
NOTE : Received : from ecodc01.ecowayllc.net
NOTE : (173-15-167-182-BusName-Philadelphia.hfc.comcastbusiness.net [173.15.167.182])
NOTE : (authenticated bits=0) by finezone.co.kr (8.14.5/8.14.4)
NOTE : Assist Me And Benefit Allot !! 2015-22

Peter Brien

Dear Sir,

My name is Peter O'Brien from Dublin , Ireland . Based on good recommendation that you are a straight forward fellow and reliable to do business with in areas of investment and financial partnering, I am writing to acquaint you of a transaction and monetary transfer of US$45 Million.

I need a partner to have custody of funds and we can invest on Real Estate which is at the low presently.

As long as trust and mutual goals applies we are already have all arrangement sorted to swiftly conclude this transfer with you.

I await your urgent response and give me your direct phone number.

Best Regards,

Mr.Peter O'Brien
peterbrien23@gmail.com

Loan

Good day,


We Offer Private, Commercial and Personal Loans with very Minimal annual Interest Rates as Low as 0.3% within a 1year to 50 years repayment duration period to any part of the world. We give out loans within the range of $5,000 to $90,000,000 USD. Our loans are well insured for maximum security is our priority Are you losing sleep at nights worrying how to get a Legit Loan Lender? Are you biting your fingernails to the quick? Instead of beating yourself up, call the Cindy Loan Investment now, Loan specialists who help stop Bad Credit History, to discover a win-win solution which is Our Mission.

* Are you financially squeezed?
* Do you seek funds to pay off credits and debts?
* Do you seek finance to set up your own business?
* Are you in need of private or business loans for various purposes?
* Do you seek loans to carry out large projects?
* Do you seek funding for various other processes?
* If you have any of the above problems, I can be of assistance to you but I want you to understand that I give out my loans at an interest rate of 0.4%.
* Borrow anything up to $90,000,000 USD.
* Choose between 1 to 50 years to repay.
* Choose between Monthly and Annual repayments Plan.
* Flexible Loan Terms.

Interested Persons should fill out the Application Form below.

APPLICATION:

1)Name
2)Prefix (Mr., Mrs., Ms., Dr., etc.):
3)First name:
4)Last name:
5)Business name(If Any):
6)Purpose of loan:
7)Date of birth (yyyy-mm-dd):
8)Gender:
9)Marital status:
10)Next Of Kin:
11)City:
12)State/Province:
13)Occupation:
14)Company name:(if Any )
15)Work address:
16)State/Province:
17)Zip/postal code:
18)Country:
19)Phone:
20)Fax:
21) Amount Needed As The Loan.......
22) Duration ---

Thanks For Your Co-operation
E-mail: loan.investment.bureau@gmail.com
(Loan Agent)

Employee Documents - Internal Use

DOCUMENT NOTIFICATION, Powered by NetDocuments

DOCUMENT NAME: Employee Documents

DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html

Documents are encrypted in transit and store in a secure repository

---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.

Email analysis :

NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)

Process Analysis :

CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe

invoice_pdf40132.exe analysis :

AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122

SEEKING A LOANS

UNIVERSAL HOME LOAN
Email: logvault1@cnegal.com
Web: http://www.***.com.au

We are the private investors we give out secured guarantee loans to Business Men and women who are into Business transaction, auto-mobile purchase, house purchase loan and other personal loans E.T.C. We give out long term loan for five to fifty years maximum with 3% interest rate in this you can as well tell us the amount you need so that we will send to you the terms and condition that is if you are really interested in getting a loan from us, Loans are given out in Great British Pounds and United States Dollar the maximum we give is 20,000,000 both in pounds and USD and the minimum 5,000 pounds.

APPLICATION DETAILS

First Name:___________________________
Last Name:____________________________
Gender:_______________________________
Marital status:_______________________
Contact Address:______________________
City/Zip code:________________________
Country:______________________________
Date of Birth:________________________
Amount Needed as Loan:________________
Loan Duration:________________________
Monthly Income/Yearly Income:_________
Occupation:___________________________
Purpose for Loan:_____________________
Phone:________________________________
Fax:__________________________________

Regards,

Universal Home Loan.

Whois :

Domain Name: ***.com.au
Last Modified: 25-Nov-2013 23:36:03 UTC
Status: ok
Registrar Name: TPP Wholesale Pty Ltd
Registrant: Universal Home Loans Pty Ltd
Registrant ID: OTHER 090 366 153
Eligibility Type: Other
Registrant Contact ID: DIT002050
Registrant Contact Name: Jay McNabb
Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Tech Contact ID: DIT-1143928
Tech Contact Name: Charlie Bevan
Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Name Server: ns1.***.com.au
Name Server IP: 118.127.30.35
Name Server: ns2.***.com.au
Name Server IP: 118.127.30.35
DNSSEC: unsigned

Investment Letter

Dear Sir/Madam,

My name is Mr. Alberto Lehmann, a business consultant and I have some investors who will like to move their funds out of Africa to abroad for investments because of the unstable economy of our nations. Do let me know if you would like to partner with him to receive the fund in your country for fruitful investment in your country and upon your interest on this, your share of the business will be mentioned to you. Indicate your direct contact numbers for effective communication.

I wait your early response.

Kind regards,

Mr. Alberto Lehmann.
E-mail: mralbertolehmann@gmail.com

PAYMENT AUTHENTICATION.

UNITED NATIONS / WORLD BANK ORGANIZATION / FBI
United Nations House, 617/618.
Diplomatic Zone,
Central Area District,
Federal Capital Territory,
Abuja, Nigeria.

Our Ref: YBNGWB/UN/2012.

Attention: Dear Beneficiary,

APPROVED COMPENSATION PAYMENT AWARD OF US$10M.

This is to inform you that a Debit Cash Card Number 7876310003001420 Valued at $10 Million United States Dollars has been accredited in your favour. Please contact Mr. Daniel Nelson, an Expertriate mandated by United to cover all outstanding claims due to foreigners since 1998 till date. Contact him on his Email: danielnelson917@gmail.com with the following information to facilitate your claims as the FBI, WORLD BANK and The United Nation has made every necessary provision to ensure that payment goes to you as the beneficiary:.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,

Sir. Goerge Wilkins.
CIV NAVSUBTORPFAC YORK.