Krung Thai Bank Headquarters (Scam)

Krung Thai Bank Headquarters
Head Office 35 Sukhumvit Road,
Khlong Toei Nuea, Wattana,
Bangkok, Thailand
Date:27/8/2019

Attention: Beneficiary

Your $5m Fund.

The World Bank have authorized Thailand Government to release every unclaimed fund to foreign beneficiaries which office of the accountant general of the federation have approved your fund and move to our bank for us to release your fund to you with normal bank procedures.

Kindly reconfirm the following information.

(1) Your full name and address
(2) Your phone and fax number
(3) Your ID Card or Drivers License
(4) Your age
(5) Your occupation

I await for your response to this message urgently.

Best regards,
Mr. Krairit Euchukanonchai
Chairman of the Risk Management Committee, Krung Thai Asset Management Pcl.

Email analysis :

NOTE : mrkrairit@rediffmail.com
NOTE : misayomatsumoto1@gmail.com
NOTE : 209.85.220.65

(Here Is Your Package Unlocking CODE (AWB33XZS)

Attention:Beneficiary,

I Am Ambassador /Diplomat Chris Gates, I have been trying to reach you
on your telephone about an hour now just to inform you about my
successful arrival in John F.Kennedy (JFK) International Airport,
(USA) with your
two Consignment boxes worth $45.4million USA dollars which I have
beeninstructed by the United Nations RED CROSS to deliver to you.

The Airport Authority here in United States demanded for all the
legalback up to proof to them that the fund is no way related with
drug nor fraud money, I have presented all the papers I have with me
and I
handed it over to them and they are very much pleased with the
papers,but the only thing that is still keeping me here at the Airport
is only the airport yellow Tag which is not placed on the boxes, one
of the Airport Authority have advise me that I can get the yellow Tag
from the Origin of the two consignment boxes so that I can exit the
Airport immediately and make my delivery successful.

I try to reason with the Airport Customs Authority and I have make
inquiries about what the airport yellow tags will cost you from the
concerned Authority in Nigeria and they stated that the yellow Tags
will only be obtain from Nigeria and the cost is the sum of $155.00
Dollars to get the Two Tags from the Origin of your two consignment
boxes in Lagos Nigeria and get it forwarded to me here in the Airport
so that I will place the Tags on the boxes as that tag will enable me
get to your house successfully without any interference while they
scanned the boxes and found out that the fund is 100% spend-able and
accepted by any bank in the whole world.

As I can not afford to spend more time here due to other delivery I
have to take care of in Bank ok. You have to be fast in sending the
required fees,and it may interest you that I can accompany you to your
bank were you will deposit The fund successfully with the legal papers
I have with me before I go back.

Reconfirm the following information below so that I can deliver your
Consignment boxes to you today.

Name: __________________
Address: __________________
Mobile No.:__________________
Name Of Your Nearest Airport:__________________
A Copy Of Your Identification: __________________

You can direct the Tag fee to the concerned Office in Lagos Nigeria as
they will get the Tags there for you and forward it to me here.Western
Union Payment Information For Sending The Two Demanded /Needful yellow
Tags Of Your Two Consignment Boxes Across The Origin in Lagos Nigeria
Are As Follows:

Receiver's Name: ______
Country: ______ Nigeria
City ______ Lagos
Text Question______when
Text Answer :______ Today
Amount:______$155
USD
Sender's Name_________
Mtcn#________________

After sending the payment to the concern authority Office at the UN
Office Lagos Nigeria, remember to email me back with the payment
information such as Mtcn# number also sender;s name text Question and
answer to enable me reach them with the payment details so they can
get the Tags obtain and forward it to me immediately so I can make my
Next step to your address today due to the Yellow Tags of the boxes
is my Only delay now.

(Here Is Your Package Unlocking CODE (AWB33XZS)

Regard,
Diplomat Chris Gates

Email analysis :

NOTE : diplomatchrisgates@gmail.com
NOTE : idrisibrahim071@gmail.com
NOTE : 209.85.220.65 as permitted sender

JOINT INVESTMENT OFFER

Dear Sir,

I have decided to contact you through this medium after reviewing your honorable and reputable profile and it is my belief that with your position as a professional in your sector/ Country, that you will be
in position to present us with solid investment opportunities in your Country, sector and other areas of investment.

To be explicit, I am the PRIVATE FAMILY WEALTH MANAGER and I have been mandated by the family of late Head of State whom I represent, to solicit for your able hand in partnership towards the immediate relocation and investment of their available substantial investment funds in projects that you will nominate and propose in your Country and it’s region.

And this brings me to ask if you will be interested in this mutual Joint Venture Partnership investment transaction. You will have the chance to confirm and receive the intended investment funds of the late Head of State’s family through a prime Bank.

Your immediate response and consideration will be appreciated.

CALL ME ON PHONE: +44 1173267640

REPLY TO MY PRIVATE EMAIL:HJHUK123456@outlook.com

Regards,

DR. ALBERT MEYERS

Email analysis :

NOTE : gorgew74@gmail.com
NOTE : HJHUK123456@outlook.com
NOTE : albertmeyers4422@gmail.com
NOTE : domain of gorgew74@gmail.com designates 209.85.220.65 as permitted sender)
NOTE : client-ip=209.85.220.65;⁩

Pending Mails (Gmail phishing)

Hi *

Due to the Routine checks on the mail servers,

Some of your mails might be on pending status...

Get started here validate and retrieve mail(s).

Also, Enter details once and correctly, then wait for response from Our Server.

Sincerely,
gmail.com Support Team

Phishing analysis :

CLICK : Get started here
OPEN : https://qidecul.ga/bin/others/?email=@
REDIRECT : https://qidecul.ga/bin/others/*.php?*
SCREENSHOT :

Email analysis :

NOTE : noreply@starslabels.ae
NOTE : 80.112.200.71

Warning Your test@test.com Shut Down !!! (Gmail phishing)

Server Message

Dear test@test.com

Our record indicates that you have recently made a request to deactivate email. This request will be processed shortly. If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

Cancel De-activation

However, if you do not cancel this request, your account will be de-activated shortly and all your email data will be permanently lost.

Regards.

Email Administrator

Message is auto This-generated from security server, and replies sent to this email can not be delivered. This email is meant for:

Email analysis :

NOTE : support@mailserver.com
NOTE : Received : from mailserver.com ([148.163.101.104])

Phishing analysis :

CLICK : Cancel De-activation
OPEN : http://www.ksawed.org/webmail.php?email=test@test.com
SCREENSHOT :

VALIDATE : FORM
REDIRECT : https://support.google.com/accounts/answer/141137?hl=&visit_id=0-636464428251608265-4216504168&rd=1
SCREENSHOT :

INFO : Gmail phishing...

VERY CONFIDENTIAL.

Compliment of the season,

I am contacting you regarding a venture through which we both can come on a substantial amount of money.

My name is Barad Fufana, I work with one of the reputable banks here in West Africa, and also as the personal banker to a customer of our bank who passed on heart-related condition. If you are interested please get back to me through this email: (barafufan@gmail.com) for a complete details.

Regards
Baradi Fufana.

Email analysis :

NOTE : barafufan@gmail.com
NOTE : Authentication-Results : mx.google.com; dkim=pass header.i=@yahoo.com; spf=softfail
NOTE : X-Yahoo-Newman-Property : ymail-4

Message notification *@gmail.com (Link to virus)

Google

Nddcole Watddson (Google Support) just sent you a message:

06/12/2016

Undeliverable messages (*@gmail.com).

Get more information

Don't want occasional updates about Gmail activity? Change what email Google Team sends you.

Email analysis :

NOTE : Received : from server.oeirasdigital.pt
NOTE : (server.oeirasdigital.pt. [213.229.111.207])
NOTE : client-ip=213.229.111.207;

NOTE : X-Php-Originating-Script : 10000:bisend.php

Link analysis :

CLICK : Get more information
OPEN : http://projetomac.org/wp/Undeliverable_messages.html
DOWNLOAD A FILE : Undeliverable_messages.zip
INFORMATION : Undeliverable_messages.zip is a virus
SHA256 : be0908fbf059517f8ea204d1636e00a7810146fb9c920fc01bb4315b8e8e0067

Virus analysis :

AegisLab Troj.Downloader.Script!c
Arcabit HEUR.JS.Trojan.ba
Cyren JS/Nemucod.EY!Eldorado
F-Prot JS/Nemucod.EY!Eldorado
Fortinet Malware_Generic.P0
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 ) 20161208
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Sophos Mal/DrodZp-A

Exposing virus :

PASTEBIN : http://pastebin.com/20PLKDCB
RAW : http://pastebin.com/raw/20PLKDCB

OFFER LATTER FROM HENK BOELENS,, /

Utility & Trust Deposit Fin. Inc.
7th Floor 2 George Yard
Lombard Street
London EC3V 9DH

Dear Friend

Please accept my apologies if this request does not meet your personal ethics as it is not intended to cause you any embarrassment in what ever form. I got your contact email address from the internet directory and decided to contact you for this transaction that is based on trust and your outstanding. I have an interesting business proposal for you that will be of immense benefit to both of us. Although this may be hard for you to believe because i know that there is absolutely going to be a great doubt and distrust in your heart in respect of this email as this might sound strange to you and coupled with the fact that, so many individuals have taken possession of the Internet to facilitate their nefarious deeds, thereby making it extremely difficult for genuine and legitimate persons to get attention and recognition. Please grant me the benefit of doubt and hear me out.

My name is Henk Boelens . I work with Utility and Trust Deposit Finance here in London-UK as a branch manager. I discovered an abandoned sum of GBP 19,850,000.00 (Nineteen Million Eight Hundred And Fifty Thousand British Pounds) in an account that belongs to one of our foreign customers, Late Dr. Erin Jacobson, an American citizen who unfortunately lost his life and his entire family in Montana plane crash on March 23, 2009, on their way to a group ski vacation. The choice of contacting you is aroused from the geographical nature of where you live, particularly due to the sensitivity of this transaction and the confidentiality herein. Now our bank has been waiting for any of the relatives to come up for the claim but nobody has done that. I personally tried to locate any member of his family but have been unsuccessful in locating the relatives for 7 years now, i have also checked the deposit documents and discovered that he did not declare any next of kin on the deposit.

Now the Management of our bank as instructed me to look for the next of kin or they will convert the funds into the Government Treasury Account as unclaimed funds and the funds will be wasted. Therefore, I cannot claim these funds without presenting a foreigner to stand as next of kin. This is the reason why I contacted you to seek your consent to present you as a next of kin so that the funds will be release to you, then we share it 50% for me and 50% for you and is deal between me and you. I have employed the service of an Attorney who will secure all necessary legal documents that could be used to back up this claim. All the attorney need to do is to fill in your names to the documents and legalize it in the Court here to prove you as the legitimate next of kin to the late depositor Dr. Erin Jacobson then the bank will release the funds to you as the rightful beneficiary.

This is a fair deal without any risk attached either on your part or on my part as long as we comply with the laws governing the claiming of funds in our establishment. All I require is your honest co-operation to enable us see this deal through, and with my position in the bank as a bank manager, I will do every thing possible to protect your interest and to make sure everything workout successfully. If you are interested in this deal, kindly send me your complete information, your full names and address, Your Private telephone and Fax numbers, and Cell phone so that the attorney will start processing the necessary paperwork that would facilitate the release of the funds to you.

Best regards,

Henk Boelen

Email analysis :

NOTE : henkboelens67@gmail.com
NOTE : sale@drysuit.ru
NOTE : Received : from [128.199.40.168] (helo=User)

NOTE : by f4.radisol.ru with esmtpa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
NOTE : (Exim 4.84_2) (envelope-from < sale@drysuit.ru >)
NOTE : Received : from unknown (HELO s3.radisol.ru) (95.213.144.13)

I NEED YOUR QUICK REPLY.

Dear Beloved,

Please this is important and urgent as well as confidential that is why I kindly ask you to reply via this my direct and personal email address: mrsgracammachel@gmail.com With due respect, I must apologize for this unsolicited message, I am aware that this is certainly not a conventional way of approaching an unknown person for establishment of project and investment. But I respectfully insist you read this message carefully before you either take a decision of proceeding or deleting my message as I am optimistic it will be successful for unimaginable financial benefit for both of us and our families. I am Mrs. Graca Machel Mandela the wife of South African icon and freedom fighter late Nelson Rotlatla Mandela The former President of the republic South Africa from 1994 till1999 who died on December 5, 2013 after a protracted lung infection contacted during his 27th years of incarceration in robin island prison. Actually, I managed to get your contact details online here in Johannesburg South Africa in my desperate search for a trustworthy person to assist me in this confidential business transaction. (http://en.wikipedia.org/wiki/Gra%C3%A7a_Machel) As the Third wife of late Nelson Mandela, he deposited cash in a trust account on my name here in south Africa, for self keeping, he did this because he knew that upon his death, his lioness x-wife Winnie Mandela might use all her structural contacts within the AFRICAN NATIONAL CONGRESS [ANC] to deny me what is due to me as his wife who looked after him all this period he was on sick bed. As his instinct pre-informed him, his fears is ongoing right now, and as a Mozambican, all the family members have swooped on me, Opposing me that I should hand over the asset to them, and good of a thing that when my late husband deposited the money into the trust fund account on my hand we used my sons name, Mr. Malengani Machel, who is currently living here in Johannesburg South Africa, for security reason. My late husband, Nelson Mandela, deposited US$60.5 MILLIONS (Sixty Millions, Five Hundred Thousand United States Dollars) in cash in a bank here in South Africa through diplomatic channel, After his death, I and my son being in Johannesburg South Africa, decided to transfer this money out of South Africa for my family use since it is the only confidential thing we benefited. I have relinquished and waved most of his assets /estate willed to me as we are married in community of property for the interest of peace. This is genuine and not of criminal origin. I must then emphasize that this transaction is highly confidential and it is to be kept as such confidential. Therefore indicate your full interest on assurance of trust, so that we can actualize this great opportunity together and share the benefit together by the help of God. And in the area whereby you are not interested in this deal please kindly delete it immediately from your email. If you are interested, kindly provide me with your full names and direct private phone numbers.

Regards in sincerity,

Mrs Graca Machel
4th Street Houghton Estates
Johannesburg South Africa
Phone: No. +27839733172
Email: mrsgracammachel@gmail.com

Email analysis :

NOTE : gracamachel@hotmail.com
NOTE : vw1@arcor.de
NOTE : X-Webmailclientip : 41.246.151.201

Vous avez 48 heures pour confirmer votre identité.

"Cher utilisateur"
Votre compte "Gmail" a expiré,

Veuillez nous répondre "ACTIF"pour éviter la clôture de votre compte.

Cordialement,
Services des comptes Google.

Email analysis :

NOTE : no.reply10@mynet.com
NOTE : X-Mynet-Mailborder-Ip-Protocol : IPv4
NOTE : X-Sender-Ip : 209.85.223.178

(=Protéger votre GMAIL=).

Cher utilisateur de "GMAIL"

Veuillez répondre "ACTIF"pour éviter la clôture de votre compte.

Cordialement
Service Comptes.

Email analysis :

NOTE : no.reply10@mynet.com
NOTE : X-Mynet-Mailborder-Ip-Protocol : IPv4

Best Regards,

Attention,

I have been mandated by the minister for finance Libya , Finance Prof. Dr. Kilani, Abdul Karim al-Kilani, to seek for your cooperation in the supply of your company products and other equipments to the Libyan Government! A consideration also is that your quotation must be CIF Port of commericale GABES Tunisia; we choose this port as result of the present security situation in Libya . I will reveal more procedural information to you upon your re-confirmation.

Best Regards,

Dr. Mohammed Abdelaziz, PHD
Director of Contract, Ministry of Finance Libya!

Email analysis :

NOTE : libya.contract@qq.com
NOTE : contract.libya@gmail.com
NOTE : client-ip=62.36.20.210;
NOTE : Received : from out10.wanadoo.es (out10.wanadoo.es. [62.36.20.210])
NOTE : X-Login :
NOTE : Received : from [74.93.194.113] (helo=sbs2003) by out10.wanadoo.es

GMAIL SERVICE AUX MEMBRES

Gmail!
Bonjour, Cher(e)s clients

Nous avons détecté une tentative de connexion à votre compte Gmail à partir d’un mobile non identifié. Date : Dim. 08 Novembre 2015 10:27 GMT+1, lieu : Bénin.

Était-ce vous ? Si oui, effectuez la vérification secondaire de connexion ou connectez-vous de votre terminal habituel.

Si cette connexion n’a pas été effectuée par vous, veuillez nous fournir les information ci-dessous pour apprendre à protéger votre compte Gmail :

Confirmation de votre identité.

Nom: ............................................................
Prénom : ...........................................................
Gmail ID!. ............................................................
Adresse Gmail! ...................................................
Mot de passe .......................................................
Occupation:.........................................................
Date de création du compte:........................................
Numéro de telephone: ............................................
Pays : .................................................................

Pour des raisons de sécurité, ce message de vérification vous servira à apprendre comment les alertes de ce type peuvent vous aider à protéger votre compte

Cordialement,
Gmail! Member Services
Merci !,
Services des comptes Gmail

Email analysis :

NOTE : X-Originating-Ip : [41.79.219.215]

***@gmail.com :Your Account Will Be Blocked!

dear ***@gmail.com

Your Account Will Be Blocked!
***@gmail.com
Your Account will EXPIRE in 2days.
If you would like to continue using your Email Address,

(mail center)

UPGRADE YOUR ACCOUNT NOW
YOU WILL LOSE YOUR EMAIL ADDRESS IF YOU DO NOT UPGRADE YOUR ACCOUNT.

UPGRADE IS FREE OFF CHARGE

Phishing analysis :

CLICK : UPGRADE YOUR ACCOUNT NOW
OPEN : http://www.igeveca.com/ckeditor/kcfinder/upload/files/mudf/auto/conflict.php?Email=***@gmail.com&.rand=13vqcr8bp0gud&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1

LINK : CAN BE REDUCED TO :

http://www.igeveca.com/ckeditor/kcfinder/upload/files/mudf/auto/conflict.php?Email=***@gmail.com

OR EVEN TO :

http://www.igeveca.com/ckeditor/kcfinder/upload/files/mudf/auto/conflict.php?Email=http://www.scam.cz

VALIDATE : FORM
REDIRECT : http://www.igeveca.com/ckeditor/kcfinder/upload/files/mudf/auto/loading.php
REDIRECT : https://godaddy.com/

Email analysis :

NOTE : Received : from mail.binhlongrubber.vn ([123.30.109.136])
NOTE : Received : from [169.254.47.55] by binhlongrubber.vn (MDaemon PRO v10.0.0)
NOTE : huutu@binhlongrubber.vn
NOTE : ***@gmail.com :Your Account Will Be Blocked!

All Gmail free account owners,

All Gmail free account owners,

We are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account
was among those to be deleted.We are sending you this email so that you can verify and let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below.Your User name,password,date of bith and your country information would be needed to verify your account.Due to the congestion in all Gmail users and removal of all unused Gmail Or Gmx Accounts,

Gmail Or Gmx would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons.

* Username: .......
* Password: .......
* Date of Birth: ......
* Country Or Territory:.....

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences. Warning!!! Account owner that refuses to update his/her account after two days of receiving this warning stands the risk of lossing his or her account permanently.

The Gmail Or Gmx Management
Custormer Care

Email analysis :

NOTE : custormercustormer@gmail.com
NOTE : info@rechargetime.net
NOTE : Received : from 41.138.181.74 ([41.138.181.74])
NOTE : (SquirrelMail authenticated user info@rechargetime.net)
NOTE : by 119.18.59.192 with HTTP;

[ALERTE]

Veuillez Cliquer sur la pièce jointe afin d'évité la suppression de votre login

1111111111111111.docx

Email analysis :

NOTE : INFO COMPTE
NOTE : fa940949@skynet.be
NOTE : Received : from mailsec118.isp.belgacom.be
NOTE : (mailsec118.isp.belgacom.be. [195.238.20.114])
NOTE : X-Mailer : Open-Xchange Mailer v7.2.2-Rev27

Email Storage Alert234 (Google phishing)

Your mailbox is almost full.

Dear ***@***.com,

3840MB 4096MB

Current size Maximum size

Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty your Deleted Items folder. Click here to do reduce size automatically.

Thanks,
Mail System Administrator

This notification was sent to %email%; Don't want occasional updates about subscription preferences and friendly suggestions? Change what email Google+ sends you. Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043 USA

Email analysis :

NOTE : Return-Path : < webmaster@socialshop.us >
NOTE : Received : from nofubu.be (70.32.77.185)
NOTE : Received : from ANTHORAZY-PC.www.huaweimobilewifi.com (unknown [41.58.76.5])
NOTE : X-No-Relay : not in my network
NOTE : Content-Type : text/html; charset="iso-8859-1"
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : Content-Description : Mail message body
NOTE : Email Storage Alert234

Phishing analysis :

CLICK : Click here
OPEN : http://www.sintsolar.com.ua/info/language/en/upgrade/ii.php
SCREENSHOT :

sintsolar.com.ua whois :

domain: sintsolar.com.ua
dom-public: NO
registrant: com-sint0-2
admin-c: com-sint0-2
tech-c: com-msl6-2
tech-c: com-rc-3
mnt-by: ua.forward
nserver: ns.radiocom.net.ua
nserver: ns.secondary.net.ua
status: ok
created: 2006-12-15 02:12:12+02
modified: 2013-11-27 01:57:46+02
expires: 2015-12-15 02:12:12+02
source: UAEPP
registrar: ua.forward
organization: FOP Cherkashin Vyacheslav Yurievich
organization-loc: ФОП Черкашин В'ячеслав Юрійович
url: http://forward.com.ua
city: Dnipropetrovsk
country: UA
source: UAEPP
contact-id: com-sint0-2
person: Industrial comercial company SINTEK Ltd.
organization: Industrial comercial company SINTEK Ltd.
e-mail: sintsolar@sintek.zp.ua
address: Patriotychna 64a 22
address: ZAPORIZHZHYA
postal-code: 69000
country: UA
country-loc: UA
phone: +380.612136116
fax: +380.612136116
mnt-by: ua.forward
status: ok
status: linked
created: 2013-03-31 19:15:51+03
source: UAEPP
contact-id: com-sint0-2
person: Industrial comercial company SINTEK Ltd.
organization: Industrial comercial company SINTEK Ltd.
e-mail: sintsolar@sintek.zp.ua
address: Patriotychna 64a 22
address: ZAPORIZHZHYA
postal-code: 69000
country: UA
country-loc: UA
phone: +380.612136116
fax: +380.612136116
mnt-by: ua.forward
status: ok
status: linked
created: 2013-03-31 19:15:51+03
source: UAEPP
contact-id: com-msl6-2
person: Microcom Sich Ltd.
organization: Microcom Sich Ltd.
e-mail: hostmaster@microcom.net.ua
address: P.O. 6493 -
address: ZAPORIZHZHYA
postal-code: 69035
country: UA
country-loc: UA
phone: +380.612202299
mnt-by: ua.forward
status: ok
status: linked
created: 2013-03-31 19:14:45+03
source: UAEPP
contact-id: com-rc-3
person: RadioCom ISP
organization: RadioCom ISP
e-mail: hostmaster@radiocom.net.ua
address: Krasnaya 22
address: ZAPOROZHYE
postal-code: 69068
country: UA
country-loc: UA
phone: +380.612148333
fax: +380.612148333
mnt-by: ua.forward
status: ok
status: linked
created: 2013-03-31 19:15:32+03
source: UAEPP

Google Phishing

Nous avons reçu le rapport de H24Staff_Mail que votre compte a été impliqué dans l'activité illégale qui viole nos conditions de service.

S'il vous plaît, veuillez prendre connaissance de la pièc[e] joint[e]

< Indications (1).pdf >

NOTE : verifinbox1@daum.net
NOTE : from wwl1737.hanmail.net ([117.52.3.197]) by smail-38.hanmail.net (8.12.1/8.9.1)
NOTE : from hanadmin@localhost by wwl1737.hanmail.net (8.12.9/8.9.1)
NOTE : 10.66.219.42
NOTE : 211.43.197.220
NOTE : X-Mailer : Daum Web Mailer 1.2
NOTE : Mime-Version : 1.0
NOTE : X-Hanmail-Attr : fc=1
NOTE : Content-Type : multipart/mixed; boundary="1407660650.DaumWebMailer."
NOTE : => Suspension de votre c/ompt/e
NOTE : servgool.hostingsiteforfree.com
NOTE : Hosted by 1freehosting.com

CLICKING THE LINK : servgool.hostingsiteforfree.com

CLICKING : VALIDER

NEW URI : servgool.hostingsiteforfree.com/formmail.php

HKEL Trading.Co Phishing

Please be advised that the following payment was made to you on behalf of L T LTD-ECC DIVISION-SSC(VENDOR)

Transaction Reference: BARCGB14448464128
Payer/Remitter's Reference No: 10/63771/1
Beneficiary Details: ********** / UBIN0532622
Payment method: Electronic Fund Transfer
Payment Amount: 4,977.00
Currency: USD
Processing Date: 29-Jul-2014
Payment Details: E7979PO4001105

Kindly contact your remitter directly for any queries on the payment advice.

View slideshow Download

NOTE : storestrade@gmail.com
NOTE : Info@hkeltrading.com
NOTE : HKEL Trading.Co
NOTE : Rép :Fw: Swift Payment
Note : View slideshow > http://www.simplysalvage.com/wordpress/wp-content/plugins/mail/index.htm
Note : Download > http://www.simplysalvage.com/wordpress/wp-content/plugins/mail/index.htm

simplysalvage.com WHOIS :
===============================================================
Domain Name: simplysalvage.com
Registry Domain ID: 1665278578_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.melbourneit.com
Registrar URL: http://www.melbourneit.com.au
Updated Date: 2014-06-20T16:35:08Z
Creation Date: 2011-07-05T01:44:48Z
Registrar Registration Expiration Date: 2015-07-05T01:44:48Z
Registrar: Melbourne IT Ltd
Registrar IANA ID: 13
Registrar Abuse Contact Email: abuse@melbourneit.com.au
Registrar Abuse Contact Phone: +61.386242300
Domain Status: ok
Registry Registrant ID:
Registrant Name: Lindsey Hamlin
Registrant Organization: Lindsey Hamlin
Registrant Street: 1600 Hawthorne Lane
Registrant City: Prattville
Registrant State/Province: AL
Registrant Postal Code: 36066
Registrant Country: US
Registrant Phone: +1.3216951072
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: lindsey.stephan@live.com
Registry Admin ID:
Admin Name: Lindsey Hamlin
Admin Organization: Lindsey Hamlin
Admin Street: 1600 Hawthorne Lane
Admin City: Prattville
Admin State/Province: AL
Admin Postal Code: 36066
Admin Country: US
Admin Phone: +1.3216951072
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: lindsey.stephan@live.com
Registry Tech ID:
Tech Name: Lindsey Hamlin
Tech Organization: Lindsey Hamlin
Tech Street: 1600 Hawthorne Lane
Tech City: Prattville
Tech State/Province: AL
Tech Postal Code: 36066
Tech Country: US
Tech Phone: +1.3216951072
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: lindsey.stephan@live.com
Name Server: NS.INMOTIONHOSTING.COM
Name Server: NS2.INMOTIONHOSTING.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdrprs.internic.net
===============================================================

http://www.simplysalvage.com/wordpress/wp-content/plugins/mail/index.htm :
===============================================================

===============================================================

Gmail clicked

http://www.simplysalvage.com/wordpress/wp-content/plugins/mail/index.htm :
===============================================================

===============================================================

Submit clicked.

A page open.

http://www.st-enodoc.co.uk/update/lib/kcfinder/upload/files/swift/Bank.jpg

st-enodoc.co.uk whois :
===============================================================
Domain name:
st-enodoc.co.uk
Registrant:
St Enodoc Golf Club
Registrant type:
Other UK Entity (e.g. clubs, associations, many universities)
Registrant's address:
St Enodoc G.C.
Rock
Wadebridge
PL27 6LD
United Kingdom
Data validation:
Registrant contact details validated by Nominet on 10-Dec-2012
Registrar:
1 & 1 Internet AG [Tag = SCHLUND]
URL: https://www.1and1.co.uk
Relevant dates:
Registered on: 17-Oct-2004
Expiry date: 17-Oct-2014
Last updated: 16-Oct-2012
Registration status:
Registered until expiry date.
Name servers:
ns33.1and1.co.uk 217.160.80.150 2001:08d8:00fe:0053:0000:d9a0:5096:0100
ns34.1and1.co.uk 217.160.81.150 2001:08d8:00fe:0053:0000:d9a0:5196:0100
===============================================================

http://www.st-enodoc.co.uk/update/lib/kcfinder/upload/files/swift/Bank.jpg
===============================================================

===============================================================

Notification Ref: GL/48F/UK/06/02

Please See Attachment To View Your Notification