Monday, August 28, 2017

Mercy Francis Brautigam

Good morning and how are you doing?... I am SGT. Mercy Francis. B.

Email analysis :

NOTE : frn6mercy.brautigam@gmail.com
NOTE : fran6mercy3@gmail.com
NOTE : mail-vk0-x242.google.com

Thursday, August 24, 2017

About Payment 23-08-2017

Good day,

We have been instructed by your customer to make this transfer to you. Please we are very sorry for the delay in the payment, it was due to the Holidays. Attached is the Payment remittance copy for your reference.Please confirm for errors and get back to us through email.

Best Regards,
DANIEL MURRAY
Sharaf Exchange LLC.
Address:Sharaf Exchange Shop No. G15,
Union Co-Op Society,
Al Aweer,Near Fruit and Vegetable Market, Ras Al Khor, Dubai - UAE
Phone No:04-3200698
Website: http://www.sharafexchange.com

IMG-051220378052.DOC

Email analysis :

NOTE : danielmurray@mail.ru
NOTE : Received : from [104.243.26.4] (port=51917 helo=User)


NOTE : by shared.buxar-host.in
NOTE : bylinkove-zdravi@seznam.cz

Virus analysis :

Ad-Aware W97m.Downloader.GCK
AhnLab-V3 W97M/Downloader
BitDefender W97m.Downloader.GCK
DrWeb W97M.DownLoader.1802
eScan W97m.Downloader.GCK
F-Secure W97m.Downloader.GCK
GData W97m.Downloader.GCK
Ikarus Trojan-Downloader.VBA.Agent
MAX malware (ai score=81)
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic

Verify your account™ (Phishing)

Hi *@*,

Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.

Please click here for confimation to avoid mail malfunction.

Regards
Mail sent to: *@*

© 2017 Online Office. All rights reserved. NMLSR ID 399801

Email analysis :

NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;


Phishing analysis :

CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :

317061979269082.doc (Virus)

317061979269082.doc

Email analysis :

NOTE : Return-Path: < noreply@xo.net >
NOTE : identity=mailfrom; client-ip=208.36.229.61;
NOTE : helo=xo.net; envelope-from=noreply@xo.net;
NOTE : Received: from xo.net (208.36.229.61.ptr.us.xo.net [208.36.229.61])
NOTE : Content-Type: application/msword; name="317061979269082.doc"
NOTE : From: < noreply@ulegv.com >
NOTE : 208.36.229.61.ptr.us.xo.net)

Virus analysis :

Ad-Aware W97M.Downloader.GDB
AegisLab Troj.Script.Agent!c
AhnLab-V3 W97M/Downloader
ALYac Trojan.Downloader.W97M.Gen
Arcabit HEUR.VBA.Trojan.e
Avast Other:Malware-gen [Trj]
AVG Other:Malware-gen [Trj]
Avira W97M/Dldr.Agent.mgjui
Baidu VBA.Trojan-Downloader.Agent.bup
BitDefender W97M.Downloader.GDB
Comodo UnclassifiedMalware
Cyren PP97M/Downldr
DrWeb W97M.DownLoader.1961
Emsisoft Trojan-Downloader.Agent (A)
eScan W97M.Downloader.GDB
ESET-NOD32 VBA/TrojanDownloader.Agent.DYZ
F-Prot New or modified PP97M/Downldr
F-Secure W97M.Downloader.GDB
Fortinet WM/Agent.Q!tr.dldr
GData W97M.Downloader.GDB
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky HEUR:Trojan.Script.Agent.gen
MAX malware (ai score=99)
McAfee W97M/Downloader.cfm
McAfee-GW-Edition W97M/Downloader.cfm
Microsoft TrojanDownloader:O97M/Donoff
Panda O97M/Downloader
Sophos AV Troj/DocDl-KBA
Symantec W97M.Downloader
Tencent Win32.Trojan-downloader.Agent.Sxyr
TrendMicro W2KM_DLOADR.YYTCY
TrendMicro-HouseCall W2KM_DLOADR.YYTCY
ViRobot W97M.S.Agent.76249
ZoneAlarm HEUR:Trojan.Script.Agent.gen

reply (Inheritance scam)

Based on our investigation of your payment, we want to find out if you're still alive or did you sign any deed of assignment with (Ms Grace Smith) to receive your contract /Inheritance payment worth of US$7.5M, reply to us with the following details, Your Name: ,Your Address ,Your Age/Sex,Your Mobile No: to email: imforangisation@gmail.com OR CALL +91-886 059 1944

Yours Sincerely,
Mr. Adrian Tobias
IMF Resident Representative
Tel:+91-886 059 1944

Email analysis :

NOTE : imforangisation@gmail.com
NOTE : albanizaluciano@agespisa.com.br
NOTE : Received : from mail.agespisa.com.br ([127.0.0.1])
NOTE : by localhost (mail.agespisa.com.br [127.0.0.1])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br [172.20.1.72])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br. [200.217.241.123])

Your PayPal account has been temporarily Locked! (PayPal Phishing)

paypal

Welcome

Dear *@*,

Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)

Activate

Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.

Yours sincerely,
PayPalYours sincerely,
PayPal

Email analysis :

NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])


Phishing analysis :

CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :


TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :


CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :


CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :

Wednesday, August 23, 2017

Antonin (Military Scam)

I am Sgt Antonin Andel, i have a project for you.

Email analysis :

NOTE : antonin.andel@outlook.fr
NOTE : postmaster@spamwall.quilmes.gov.ar
NOTE : designates 190.120.191.6 as permitted sender)
NOTE : client-ip=190.120.191.6;


NOTE : Received : from [192.168.0.100] (unknown [43.240.7.127])

Bonjour (Arnaque financement)

Bonjour,

Par respect, êtes-vous en besoin de financement ? Si oui, je vous expliquerai plus en détails dans mon prochain mail.

A vous lire,

Linette TROST

Email analysis :

NOTE : sperandeosnc@tin.it
NOTE : linette.trost@gmail.com
NOTE : X-Originating-Ip : 41.138.89.213:49283


NOTE : sperandeosnc@tin.it designates 212.216.176.195
NOTE : as permitted sender) client-ip=212.216.176.195;

Your response is highly appreciated!!

Hello ,

I am specifically contacting you in respect of a business proposal that I have for you as you appear very relevant in the proposal.

Please kindly reply back to me for further details.

Waiting to hear from you.

Regards,

Mr.Adams Salem

Email analysis :

NOTE : mradamssalem@mail.ru
NOTE : do.tapia@centrosur.gob.ec
NOTE : Received : from DESKTOP-THKGO5T.localdomain
NOTE : (unknown [169.159.126.174])


NOTE : by mail.iniciativa.cat (Postfix)

PRIVATE....

I am seeking your assistance in helping me receive a large amount of money and in giving a clear research and feasibility study on areas I could invest on. If you are interested then kindly send your feedback to this mailbox: mrmichealwuu14@yahoo.com.hk

Regards,
Micheal Wu

Email analysis :

NOTE : mrmichealwuu14@yahoo.com.hk
NOTE : drmartens.trinoma@cln.com.ph
NOTE : Received : from [74.208.131.168]
NOTE : (unknown [74.208.131.168])


NOTE : by mail.cln.com.ph (Postfix)

how are you doing my dear,

i have a personal reason of writing you now.write to me ok

Email analysis :

NOTE : davidmiller5113@gmail.com
NOTE : michael.un@yahoo.com
NOTE : Content-Type : text/plain; charset="UTF-8"
NOTE : 209.85.220.65 as permitted sender

Tuesday, August 22, 2017

This page was sent to you by Mr Jason Drew from CAHHALL MORTGAGE (Email Leak)

Mr Jason Drew from CAHHALL MORTGAGE I WANT YOU TO KNOW THAT WE ARE CURRENTLY GIVING OUT LOANS AT 3 INTEREST RATEAPPL NOW AND BE FINANCIALLY STABLED EMAIL CASHHALLORGGMAILCOM would like to let you know about his interesting page. Please click on the following link to view the page:

http://www.jnj.ch/en/careers/candidate-info-center.html

Johnson & Johnson AG

--------------------------

Johnson & Johnson AG
Rotzenbühlstrasse 55
CH – 8957 Spreitenbach

Tel. +41 56 417 33 33
Fax +41 56 417 35 00

Email analysis :

NOTE : CASHHALL.ORG@GMAIL.COM
NOTE : X-Php-Originating-Script : 1001:SimpleMailInvoker.php
NOTE : 148.251.83.5 (bplusd01.bplusd-interactive.de)


NOTE : Received : from cilag by jnj33.bplusd-interactive.de with local (Exim 4.82)

Email leak (504 emails) :

juve-ad@hotmail.com, cmbusi_sas@hotmail.com, mastermindbp@yahoo.com, dcarsurfgurl72@yahoo.com, kevinmj4@gmail.com, c3craske@hotmail.co.uk, jlluent@gmail.com, jerryl5511@aol.com, jjoseclararivera@gmail.com, ps3@live.com, mariza1987@gmail.com, yaonalejandro@yahoo.com, amotemarco@hotmail.com, jtennyson9@aol.com, dalmar_1995@hotmail.com, parthsoni_786@yahoo.com, chabelita85_1@yahoo.com, ferrary1970@hotmail.com, garcia.lais@gmail.com, britneybrit@msn.com, zacatac26@yahoo.com, gricelia_05@hotmail.com, imister2@hotmail.com, flor.i.94@hotmail.com, eriniboyd@gmail.com, legocow123@gmail.com, rosemarypena45@gmail.com, fakhir02@hotmail.com, rcrogers61@hotmail.com, jessicaryanwalker@gmail.com, hoangthangknh08@gmail.com, budhachic@hotmail.com, pelusina_73@hotmail.com, krystacoggin@hotmail.com, kenmasse@hotmail.com, herewearenow@hotmail.com, tylerlamlam@gmail.com, vananh_666@yahoo.com, pcermak@gmail.com, md1925@gmail.com, dennyp4work@gmail.com, pareja953@gmail.com, peggypotvin27@hotmail.com, st ring_4all@hotmail.com, weider.mcf@hotmail.com, nia_sya07@yahoo.com, orelie_meffe@hotmail.com, rohit_karanth@yahoo.com, umair.ikhlaq@yahoo.com, jordanstreeter9@gmail.com, mano_barbiedoll@hotmail.com, enos_enoc@yahoo.com, scottslaten@hotmail.com, aod2545@hotmail.com, n-hamdan2008@hotmail.com, adobe.yumos@hotmail.com, nicolo.defelice99@yahoo.com, agsfly1@gmail.com, unikcontent@gmail.com, acisternas50@hotmail.com, anairda_iaras@hotmail.com, lisiming714@gmail.com, terrencenurse@gmail.com, linam_amaya@hotmail.com, pedrito_96_07@hotmail.com, thisandthat100@gmail.com, lhighshaw@gmail.com, lakers_49ers@hotmail.com, slim-chic@live.com, miguel.852456@hotmail.com, alondriz_24@hotmail.com, hsfolck@hotmail.com, sol_veras_03@hotmail.com, thirumalaivkp@gmail.com, poloo_714@hotmail.com, mrcrusher236@gmail.com, chavanketki@yahoo.com, critii.mca@hotmail.com, marsjoan@msn.com, andresleoflorez@gmail.com, sierra.sonier@yahoo.com, nelsonmyc@hotmail.com, twochixlogistics@yahoo.com, sis_k0403@yahoo.com, edn a14426@hotmail.com, kybosports@gmail.com, cahmilla_rsfr@hotmail.com, kimberlybolden2011@gmail.com, zachthomas1207@gmail.com, kpxaznjung86@hotmail.com, smiku294@gmail.com, om3r4nn@hotmail.com, loveaddict_vs@hotmail.com, minaei.1981@gmail.com, shijukakkara@gmail.com, bigbrotheril@hotmail.com, rakesh.flair@gmail.com, n-eil_17@hotmail.com, margaretwhiting@hotmail.com, charudatta09@gmail.com, rahimbo@hotmail.com, rocio.munoz1996@gmail.com, nplessjensen2@googlemail.com, louisdung9x@gmail.com, zorachan99@gmail.com, princess_hermioninne@hotmail.com, sarahireland97@hotmail.com, gian_al_92@hotmail.com, beavolin1048@hotmail.co.uk, qyeb_boy@yahoo.com, smihtuncay06@hotmail.com, luciana_mp@hotmail.com, sundarbiswas@yahoo.co.in, jd_2274@yahoo.com, tom.shockman@gmail.com, marciobezerramarketeiro@hotmail.com, fabian260398@hotmail.com, mexicali_rap@hotmail.com, upsman132@yahoo.com, pao.r.r@hotmail.com, blankpeter58@yahoo.com, sucrylhas@hotmail.com, adri00@hotmail.com, workmncomp@aol.com, roland.mijar es@yahoo.com, guilhermegrandchase@hotmail.com, patel.vatsal16@yahoo.com, ebeville63@yahoo.com, baagiicccp@yahoo.com, huangzemin96@gmail.com, el_poeta_isaac@hotmail.com, johan-082010@hotmail.com, faikar.azim@yahoo.com, antopom@hotmail.com, emanbutt92@yahoo.com, aimstr8@gmail.com, ege_35-2@hotmail.com, andi.jagsch@gmail.com, amymear@gmail.com, mm66282@gmail.com, esirtgen@gmail.com, pysycutzapysy19@yahoo.com, fx_ym@yahoo.com, aryanblitar@yahoo.com, therciopbtjg@hotmail.com, ashleycat83@yahoo.com, calatayudweb1@gmail.com, thexikito-grone@hotmail.com, gideon.iii@gmail.com, loka-ariele@hotmail.com, danielle.gilopes@hotmail.com, disahign.estudio@gmail.com, craftdinner007@hotmail.com, bamf5285@gmail.com, demente.angl@hotmail.com, gaikwad71suraj@gmail.com, fifthmouse@gmail.com, gente.educada@gmail.com, angelicajoycortez@gmail.com, anhviet1505@gmail.com, danielhglendinning@gmail.com, choll.pu@gmail.com, timber_rat@yahoo.com, up2you26@live.com, abdulbasit.khidir@gmail.com, adamfarago@hotmail.c om, polciar@gmail.com, le.thanhhuyen1987@gmail.com, chrstphrwrght3@gmail.com, mlevex@gmail.com, dipti.gorecha@gmail.com, erictaro8@hotmail.com, kinder_teo@yahoo.com, ng1390@gmail.com, roman9686@gmail.com, thescotts108@gmail.com, muki_k1@hotmail.com, l.natasha.hay@gmail.com, arreokim@yahoo.com, sense_lu@hotmail.com, sweety.bangera@gmail.com, yulicarbb@hotmail.com, gildanasengoku@hotmail.com, mikafalck@yahoo.com, mennaabouzeid@gmail.com, ash3229@hotmail.com, revoloutionzz@gmail.com, cantrelljohn32@yahoo.com, kaylyn_armybrat@yahoo.com, amorimpt@gmail.com, cr7327@hotmail.com, tai_suke@hotmail.com, theguv86@gmail.com, peace_luvzed08@yahoo.com, ostpizzan@gmail.com, heeradevishairulla@gmail.com, tominespatrick@yahoo.com, mateen_sher@hotmail.com, tavo-3111@hotmail.com, deboradesigns@hotmail.com, guilherme609@yahoo.com, heathhgrayson@gmail.com, oshiris727@hotmail.com, gcpaprion@hotmail.com, egedirenc@gmail.com, francisco_valdi_718@hotmail.com, cara.sings@hotmail.com, freemugs@gmail.com, brad y_lyman77@hotmail.com, alys_start_6@hotmail.com, connor_sutherland@hotmail.com, lisa_orsini@hotmail.com, ole1047@msn.com, sailingsylke@hotmail.com, anthony_c_hill@hotmail.com, akrossen@msn.com, lyncht118@gmail.com, adellisarazu@yahoo.com, sqc1834@hotmail.com, akabueze99@yahoo.com, danydvc_231189@hotmail.com, smarte56@hotmail.com, pequetello@hotmail.com, emir_han1235@hotmail.com, llddrr@hotmail.co.uk, norkow@gmail.com, imperial_majesty2002@yahoo.com, ashley.j.keen@gmail.com, fhdesign@mindspring.com, thomas.trucks@us.army.mil, pgmhs@optonline.net, admin@globalinternetcorp.com, tejana@email.com, keith@newformula.org, andreas@freq.com, paris75@prisedevue.com, sam.gallina@ngc.com, vlad@e2creativegroup.com, howard.womboldt@pega.com, gpike@houston.rr.com, tlinn@npark.com, johngrantham@sbcglobal.net, stanfl@earthlink.net, akira@vcube.com, saudjawed@yhaoo.co.in, jdrouin@telus.net, davidwigington@sbcglobal.net, theberge.francis@uqam.ca, juan@calvillophoto.com, harold.lloyd@lloydcontrols.com, emil@beumers.org, colins@symmen.com.au, bigfella@dsl.pipex.com, info@digipictools.com, ruault@csnsm.in2p3.fr, jari.hannukainen@elisa.net, tgarrita@iupui.edu, sdfalk@telus.net, kp4bjd@direcway.com, sancho_panza@acampos.net, macromedia@squarewithin.com, nanou1@neuf.fr, info@bjbox.com, pb9000@comcast.net, billsmith@mmcd.biz, michael@strickslpgas.com, prairiefire@earthlink.net, ewestjohn@aug.edu, nicole@kierainedesign.com, bredvig@email.dk, dnadvornick@cox.net, johnmo@austin.utexas.edu, tony@imaker.ca, aaron.packard@usd.edu, rob@wehmeierphoto.com, diane@eoir.com, rpearsal@paulbunyan.net, nullmail@ooda.airpost.net, curry17@comcast.net, pubnb@videotron.ca, mikerodriguez@comcast.net, rogerwilson74@btopenworld.com, zibbi@zibbi.com, hvejle@post.tele.dk, utbeliever@soon.com, algane@algane.fr, jevanr@rediffmail.com, tim@swellpictures.com, john.warner@rrd.com, mindstream@btinternet.com, lgcmjw@ameritech.net, charleymeyer@earthlink.net, karolina.julia@poczta.onet.pl, john@seoft.com, syed@yorkc.c om, nokoston@nokoston.com, alexva@telusplanet.net, stills@matlock.com, rysiek@um.bielsko.pl, mail@rickrussie.com, cjones@chrisjonesstudios.com, babrams@v-tek.com, naf6@ix.netcom.com, deepforest@mindspring.com, occe3@spray.se, adobe@yorn.niroj.com, domifer@optonline.net, dicktracy@gmx.li, osalord@club-internet.fr, joeoutlaw@outlawproductions.com, speckschwarte@operamail.com, pcox@mlgw.org, tim.richard@crawfordmh.org, maronoff@littlepeople.net, lefeuvrest@wanadoo.fr, keving@dockwalker.com, bci2oo5@mailinator.com, tomekrossa@cox.net, adobe@versionke.com, danmc@jps.net, maria@frozenreflections.com, junk@de-online.co.uk, kronholm@mail.dk, fotografie@wilfriedoverwater.nl, johanna.markkanen@vti.fi, look@tyleryoungcreated.com, frenchspud@earthlink.net, hally166@mail.com, napoleon.1er@laposte.net, emig@infograu.com, arthur@costerus.eu, dannyf@summer.com, spieler@matrixstructural.com, mark.whitwham@btopenworld.com, macromedia@hpgx.net, mgravel@cox.net, carole.galassi@ucop.edu, scott@smith-nel son.com, schrody@fastmail.fm, wemarsh@comcast.net, jbrown@laphamsquarterly.org, rv.giovanelli@wanadoo.fr, r.houtum@home.nl, john@liz.lu, arjgolf@mindspring.com, tgarbutt@xplornet.com, roland.hoskins@virgin.net, kevin@kevinwickphotography.com, adam@adamangel.com, bbeazely@comcast.net, jean-louis.salvignol@wanadoo.fr, clifford.johansen@telia.com, gareth@woolridge.org.uk, mfgordon4@comcast.net, emusic@pobox.com, charcot@comcast.net, msaylor@adiginfo.com, sabloom@ufl.edu, rtweten@twetensphotography.com, lowell@sbcc.edu, glen@glenalmond.us, guru@mail.maclaunch.com, mail@andybarton.com, macromedia@lostinfo.com, admin@moissat.net, jhjunk@earthlink.net, adobe@vejce.com, don1@by-print.com, ray@fajita.net, whalli1@comcast.net, info@tonymayimages.com, folbert.boersma@12move.nl, wpaley@ix.netcom.com, bob@pixel-gym.com, shawnlierow@davidbowie.com, nhelm@nmu.edu, ncavalli@ryerson.ca, hurtig@vardgarden.se, david.sharp@autoexoposure.co.uk, adobe@nplawes.com, jaime@studiomio.com, diane.trentini@opti mation.us, younisse@greatbooks.org, daho@socal.rr.com, klicrobert@insightbb.com, bour.cy@caramail.fr, catephoto@cox.net, duane@aspenpress.com, nicke.jonsson@home.se, sgorham@hccfl.edu, benj@jabbawok.net, magohe18@ono.com, niels.christophersen@get2net.dk, rampel@bezeqint.net, justinp@thefamilychurch.net, usmetz@optonline.net, terje.storksen@h-avis.no, biosim@netbox.com, blivsupport@macktez.com, conrad@planept.com, xx_baybee_ash_xx@rangers.co.uk, david@davidgunter.com, eeeeeee@eeee.com, jojo_wong8738@yahoo.com.hk, 3424@hotmail.se, reguieg.fouad@caramail.com, info@phpbackend.com, naren320271@rediffmail.com, macromedia.com@freexxx.dyndns.org, 033255235@yahoo.com.tw, dcooper288@comcast.net, matthackney@kewsoft.com, gary-yamaha@hotmaill.co.uk, adobe@web.knobby.ws, efbertram@mail.com, janssens.vranckx@telenet.be, david.laborde@adidasus.com, oskar.lindell@home.se, jackshit@rogers.com, photo@lacerdas.com, dmalatesta@praxisoft.com, sky33940@skynet.be, amenblue@earthlink.net, ionut.vlad@rdslin k.ro, ervf@sbcglobal.net, mail@graphicsarena.com, josh.willis@hp.com, fnpjf@uaf.edu, mario@mariotoscani.com, boochon@skynet.be, colek@seznam.cz, wayratze@optonline.net, vipinvenu@poornam.com, cgood34@sbcglobal.net, tdhoss@yaoo.com, david@schooleyweb.com, me53@privacy.net, tomquinlan@charter.net, markgqs@erols.com, info@ceatrus.nl, efischer@phillyburbs.com, pete@endoran.com, darkpath@optonline.net, opr@opr1700.com, chris@primesolid.com, arush@bryant.edu, kaminski.172@osu.edu, bernards@tnt21.com, krismoore@comcast.net, muncher@eatbeef.com, ray_hewitt@btinternet.com, ljhpain1@tiscali.co.uk, alepacheco@itelcel.com, simon.kavanagh@btinternet.com, bloostater@comcast.net, woutyo@quicknet.nl, silvanal@optusnet.com.au, chris@portjeff.net, ews@evanwinslowsmith.com, dbtale@netscape.net, josuealcantara@prodigy.net.mx, post@thoirs.com, clee@ibahn.com, jtwms@triad.rr.com, stephen.green@computerland.co.nz, jason@bluemtnphoto.com, slehmann@sldnet.com, fmorales@htexas.com, sime n@fangel.no, wenk@stillsman.com, wally55@j-wave.net, ebelenski@optonline.net, wouter@d-block.nl, peterleyenaar@netscape.ca, info@upaphoto.com, hackie@prohost.org, bh@epilog.com, jonathan@kerstingarchitecture.com, pascal@fuelindustries.com, didier.eyer@wanadoo.fr, jdyrek@desertlightmedia.com, ehbds@gd.nl, benb@abcwarehouse.com, audiovideo.antibes@neuf.fr, ryan.s.russell@comcast.net, florent.parent@beon.ca, spencer@shepler.org, ville.salmi@helsinkilainen.com, fssfs@fdsf.sfds, j_azaceta@telefonica.net, jamthorpe@bellsouth.net, gryff2@wanadoo.fr, toto@zeriotzeri.com, iamb@razzolink.com, juitwijk@tiscali.nl, chagen@thepolicygroup.com, management@itonet-world.nl, pmanuel@bordernet.com.au, jo.pauwels@pandora.be

Saturday, August 19, 2017

BARCLAY,S BANK PLC,UK ( Scam )

KJHGFDDFGHJKLKJHGF
BARCLAY,S BANK PLC,UK
1 Churchill Place,
London, E14 5HP
Tel: (352) 437-8240
From The Desk Of:
Mr. Jimmy Johnson
Email(justiciaclient@gmail.com)

Attention,

I am Mr. Jimmy Johnson from Barclays Bank PLC,UK. we had just formed a new forum which is the newly inaugurated World Debt Recovery committee (WDRC). My committee has a mandate to recover unpaid debts associated with NNPC contracts, Lottery fund, inheritance fund, loans and grants etc ranging from $1M-$95.5M owed to various beneficiaries and companies across the globe (Asia, Europe, USA, Africa, and Australia) and submit the list of the unpaid beneficiaries/companies to the 2 appointed official paying Banks for immediate payment of the fund. In the course of our investigation, your email address/particulars were shortlisted among the first fifteen individuals yet to be paid hence this email. However, we received a petition today from one Mrs. Christina Morgan that you are dead. According to her, you died in a plane crash as such your fund should be paid to her as the apparent heir. She has also submitted her Bank account with Bank of America for the transfer of the fund to her. To avoid undue delay or paying the fund to wrong individual/beneficiary, we have decided to contact you for confirmation. If we fail to hear from you after 72 hours, it will be assumed that the petition of Mrs. Morgan is true and the fund will be paid to her without further delay. Therefore, We would like you to choose below your choice of fund transfer:

(A) Bank Transfer/Online Banking
(B) Certified Bank Draft/Cheque
(C) ATM Card
(D) Consignment

Your full personal information is also required as below which will be needed for the transfer of your fund.

(A) Full name and residential address
(B) Next of kin
(C) Occupation
(D) Nationality
(E) Bank Account Information
(F) Telephone numbers
(G) Scan the first page of your international passport or drivers license, recent passport photograph, send all via email attachment.

Email(justiciaclient@gmail.com)

Your urgent response is always required because you have a limited time to execute this fund. be free to call us any time for more information.

Sincerely Yours
Mr. Jimmy Johnson

Email analysis :

NOTE : client-ip=92.61.41.40;


NOTE : X-Originator-Ip : 41.86.234.171


NOTE : justiciaclient@gmail.com
NOTE : User-Agent : Roundcube Webmail/0.4.2
NOTE : Return-Path : < shadowmagic222@one.lt >
NOTE : Organization : Mr. Jimmy Johnson
NOTE : Mime-Version : 1.0
NOTE : X-Php-Originating-Script : 502:func.inc
NOTE : BARCLAY,S BANK PLC,UK

Your fund has been discovered (Scam from a zombie server)

Hello,
My name is Frank. I am a top-exec in a global bank here in Asia. I have an offer for you that will greatly benefit us both if we work together. Please, do get in touch with me so I can explain more about the deal.
Cordially,
Frank

Email analysis :

NOTE : p.pproject@outlook.com
NOTE : test@rachatcredits.ovh
NOTE : X-Ovh-Remote : 213.186.33.59 (b9.ovh.net)
NOTE : Mime-Version : 1.0
NOTE : Content-Description : Mail message body
NOTE : client-ip=91.121.204.118;


NOTE : helo=ns336204.ip-91-121-204.eu;
NOTE : Received : from [51.254.235.99] (ip99.ip-51-254-235.eu [51.254.235.99])


NOTE : by ns336204.ip-91-121-204.eu (Postfix)
NOTE : Rép :
NOTE : Scam from a zombie server hosted on OVH.

Votre demande d'ahésion ! (Phishing Société Générale)


vos information
SG

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < noreply@tix.fr >
NOTE : X-Sender-Info : < 349043243@infong732.kundenserver.de >
NOTE : Received : from mout.kundenserver.de ([212.227.126.133])
NOTE : Received : from infong732.kundenserver.de (infong732.kundenserver.de [212.227.29.55])
NOTE : by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis)
NOTE : Received : from 62.210.15.181 (IP may be forged by CGI script)
NOTE : by infong732.kundenserver.de
NOTE : Votre demande d'ahésion !

Phishing analysis :

CLICK : SG
OPEN : x-webdoc://***
OPEN : SOURCE CODE
EXTRACTED : http://apalomino.com/calson/ - http://peinturesdusud-avignon.com/sec
EXTRACTED : cyberzoide@multimanoi.com_body
OPEN : http://apalomino.com/calson/
REDIRECT : http://cubiertasbarcelona.es/eteg/nera/
SCREENSHOT :


Impacted services :

Relay : kundenserver.de
Open Redirect : apalomino.com
Phishing hosted on : cubiertasbarcelona.es
Victim : Société Générale

Tuesday, August 15, 2017

Is it a scam ? ( Vol 1 )


I received numerous questions on scam.cz. The most interesting is : "Is it a scam ?"

The answer is always the same.

Muqthar Ahmed


Subject : my number 9866900701 has been se;ected for 3.35crore BMW PROMO
Message : SIR WHAT SHOULD I DO TO CLAIM THIS OPPRUTNITY IF THIS IS NOT FAKE
Answer from Scam.cz : This is a fake.

Robert Siemen


Subject : uba atm center 4
Message : There is a Mark Gray who is working on setting up a atm card for me and wants my account numbers here so he can send my my atm card and join it with mine sounds not right so I am checking on this Please get back to me on this matter.THANK YOU Robert SIEMEN
Answer from Scam.cz : This is a scam.

Katja Aaltonen


Subject : got this kind of e-mail today. It was from "Mrs.......
Message : I got this kind of e-mail today. It was from "Mrs. Mary Bustamante". She asked to contact Barrister George Patropoulus (Esq), whose e-mail address is barristergeorgepetropoulos@gmail.com. This message came to me from e-mail address "www."@cube.ocn.ne.jp
Answer from Scam.cz : This is a scam.

Carol Domingos


Subject : WHEN CAN I GET THIS DELIVERED
Message : I WILL SEND THE MONEY. PLEASE CONTACT ME AT 2148087453
Answer from Scam.cz : This is a scam.

Muhamamd Irsyadi


Subject : i have fun in uba bank usd $8,500,000.00 it,s true?
Message : give me information asap.
Answer from Scam.cz : This is a scam.

Rita D Crumpton

Subject : do i rita crumpton have a cleared imf certificate signed by Christine Lagarde and being held for customs taxes?
Message : total tax is 95,000 and I owe 60000.I have paid 3000 for certificate clearance.Am I dealing with the cia?
Answer from Scam.cz : This is a scam.

FWD:TR:RE (Phishing attempt Société Générale)

SOCIETE GENERALE

Cher client,

Le département technique de Société Générale procède à une mise à jour de logiciel programmée de façon à améliorer la qualité des services bancaires.

Nous vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer vos détails bancaires.

https://www.societegenerale.fr/customercare/banque/confprocedure.asp

Nous nous excusons pour tout désagrément et vous remercions pour votre coopération.

© Société Générale 2017

Phishing screenshot :


Email analysis :

NOTE : natalia1@telus.net
NOTE : Natalia Toroshenko
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : X-Originating-Ip : [160.163.161.144]


Phishing analysis :

CLICK : https://www.societegenerale.fr/customercare/banque/confprocedure.asp
OPEN : http://www.cfa-sport.fr/wp-includes/Text/theme/
REDIRECT : http://www.anti-laser.at/wp-includes/css/theme/
NOTE : Not Found 404 / You are connected from a remote location.
RESULT : Phishing attempt.

Wednesday, August 9, 2017

RE: REPLY. Thoreen (US ARMY)

I seek your assistance to safe keep two military trunk boxes of values
that is of great benefit to we both. Do not panic as i do not pose any
threat to you neither do i mean harm on you whatsoever. Be patient to
hear details as soon as i see your reply to this my direct Email: caseythoreen2017@yandex.com

Email analysis :

NOTE : Thoreen (US ARMY)
NOTE : casey@fancy.ocn.ne.jp
NOTE : ME@mf-smf-ucb010.ocn.ad.jp
NOTE : casey2017thoreen@yandex.com
NOTE : Received : from User (p4220005-ipngn24501marunouchi.tokyo.ocn.ne.jp [118.8.137.5])


NOTE : by vcfancy.ocn.ne.jp (Postfix)

Tuesday, August 8, 2017

Rép : (BSN Solution Scam)

Hello,

On behalf of BSN Solution we want to take this opportunity to advertise our loan offer to those who need urgent financial assistance. I am a loan adviser for BSN Solution; and we seek for beneficial projects for the organizations; seeking means of expanding and relocating our business interest abroad in the following sectors: textile/garment manufacturing, oil/gas, banking, real estate, stock speculation and mining, transportation, health sector and tobacco, communication services, agriculture forestry & fishing; thus any sector. We are ready to fund projects in and out of the country in the form of 'Soft Loan'. We grant loan to both corporate and private entities at a very low interest rate of 3.00% ROI per annum. The terms are very flexible and interesting. If you are interested in our offer, please contact us for details.

Sincerely,
Management.

Email analysis :

NOTE : bsn-solution-ltd@rogers.com
NOTE : lyrivera@justicia.pr.gov
NOTE : Received : from owa.justicia.pr.gov (doj-exch1.justicia.pr.gov. [66.129.175.188])

FWD:RE (Phishing Société Générale)

Decouvrez Le Pass Securite

Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit

Notre systeme a detecte que vous n'avez pas active Pass securite

Cliquez ici Pour activez ce service

NOUVEAU: Votre identifiant evolue
NOTE : Ne pas repondre a ce courrier electronique car il est emis
automatiquement depuis une adresse technique

Cordialement
Alexandre krivine
Directeur de la relation clients

Merci pour choisire SOCIETE GENERALE!

Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.

Apply Now >

Facebook
Twitter
Instagram
RSS
Appstore
Android

This message was sent to ilyass-maradona@live.fr
If you would like to update your email address, please click here.

To unsubscribe from emails, please log in to your Mint account
where you can manage your email and mobile alerts setting.

©2007—2017 Mint Software, Inc. | All Rights Reserved.
Mint.com 2632 Marine Way, Mountain View, CA 94043
Privacy Policy | Terms and Conditions

Phishing screenshot :


Email analysis :

NOTE : ing22@telus.net
NOTE : ilyass-maradona@live.fr
NOTE : Received : from cmta16.telus.net ([209.171.16.89])
NOTE : Received : from mtlp000023.email.telus.net ([172.20.100.250])
NOTE : by cmsmtp with SMTP
NOTE : X-Originating-Ip : [105.149.30.122]


Phishing anaylsis :

CLICK : Cliquez ici Pour activez ce service
OPEN : http://www.goingesten.se/wp-snapshots/tmp/
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/Action.php?*
SCREENSHOT :


CLICK : VALIDATE WRONG CODE
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/
SCREENSHOT :


VALIDATE : FORM
REDIRECT : http://se.nickelmountain.se/wp-includes/theme/9f24e/dcr-web/deconnecter.php?date=0000000000&crd=0000&date-ex=00&year-ex=0000&cv=000&numo=0000000000&zob1=00000000&zob2=000000
REDIRECT : http://societegenerale.fr/

Monday, August 7, 2017

Payment Notification, (Western Union Scam)

Dear Western Union Customer,

You have been awarded with the sum of $360,000.00 USD. in the western
union money transfer program s one of our customers who use Western
Union in their daily business transaction,Please provide Mr.Dennis Woods
with the following details below so that your fund will be remitted to
you through Western Union Transfer.

(1)Names:
(2)Address:
(3)Phone Number:
(4)Sex:
(5)Age:
(6)Country:
(7)Occupation:

Mr.Dennis Woods
(Western Union Online coordinator)
E-mail: wu.moneytransfer_online1117@live.com
(Help Line: +254-7801-02173)

As soon as these details are received and verified, your
fund will be transferred to you. Thank you, for using
western union.

Email analysis :

NOTE : ECOLE MATERNELLE PUBLIQUE ROBERT DEBRE - SAINT-LOUIS
NOTE : ce.9740750X@ac-reunion.fr
NOTE : wu.moneytransfer_online11@msn.com
NOTE : Received : from [172.31.186.125] (Forwarded-For: 154.123.121.136)


NOTE : by store1.in.ac-reunion.fr (mshttpd);
NOTE : Received : from ac-reunion.fr (store1.ac-reunion.fr [172.31.186.61])


NOTE : by smtpout2.ac-reunion.fr (Postfix)
NOTE : client-ip=195.98.231.113;
NOTE : @educationfrance : Western Union Scam relayed from ce.9740750X / ac-reunion