CONFIDENTIAL INVESTMENT PROJECT.

DEAR PARTNER,

I HAVE A MUTUAL CONFIDENTIAL BUSINESS PROJECT FOR YOU FROM MR.HAMID HASSAN, REGARDING FUND I AND MY FAMILY WANT TO TRANSFER TO YOUR COUNTRY FOR INVESTMENT. KINDLY OPEN THE ATTACHMENT FILE YOUR URGENT RESPONSE IS NEEDED.
BEST REGARDS,
MR.HAMID HASSAN.

A MUTUAL CONFIDENTIAL BUSINESS PROJECT.pdf

Email analysis :

NOTE : zakamuka11@mkloikj.com
NOTE : zakamuka11@mkloikj.com
NOTE : Received : by 216.39.60.155;

NOTE : Received : from [98.137.12.56]

Fw: Copia de cheque devolvido - 06:19:25 14/10/2015

Copia-Cheque 2880520.PDF (326,4 KB)

Segue a copia do cheque devolvido dia 07/10 de numero 001288052042.
Favor entrar em contato.

File analysis :

CLICK : Copia-Cheque 2880520.PDF (326,4 KB)
OPEN : http://www.pathibharachannel.com.np/pecs/doc.php#Copia-Cheque-2880520.PDF

URL analysis :

Opera : Malicious site
Sophos : Malicious site
Kaspersky : Malware site
CLEAN MX : Phishing site
ESET : Phishing site
Fortinet : Phishing site

pathibharachannel.com.np whois :

Domain Name : pathibharachannel.com.np
Registered On 2013-09-13 11:04:06
Primary Name Server : ns1.imaginarycreation.info
Secondary Name Server : ns2.imaginarycreation.info
Tertiary Name Server : N/A
Administrator Email : media.pathibhara@gmail.com
Administrator : Sagar Subba
Organization : Pathibhara Channel
Organization Email : media.pathibhara@gmail.com

Email analysis :

NOTE : Received : from bol.com.br (a4-wakko5.host.intranet [10.131.140.94])
NOTE : by a4-salsa2.host.intranet (Postfix)
NOTE : financeiro.4dcw1@bol.com.br
NOTE : scalvenzi2500@bol.com.br
NOTE : client-ip=200.147.97.221;

Nota Fiscal Eletrônica

INFORMAMOS QUE O LINK DA NOTA FÍSCAL ENVIADA ANTERIORMENTE FOI CORROMPIDO,
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.

Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.

Este arquivo deve ser armazenado.

NF-E- Emitida.PDF

004361097000577215001000052842100874662-ProcNfe.PDF

Prezado Cliente(a)

Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!

Atenciosamente,
Ricardo B. Santos
Setor Financeiro.

Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.

Email analysis :

NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica

Link analysis :

CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar

Virus analysis :

Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028

Nota Fiscal Eletrônica

Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em AGOSTO/2014.

Este arquivo deve ser armazenado.

NF-E- Emitida.PDF

7004361097000577215001000052842100874662-ProcNfe.PDF

Prezado Cliente(a)

Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!

Atenciosamente,
Ricardo B. Santos
Setor Financeiro.

Email analysis :

NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br

NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica

CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1

No more dropbox file... (Nota_Eletronica_MFI015.rar)

From Mrs Rosemary Zandile

My Dearest one,

I have initially sent you this message but until now I have not heard from you.

< FROM MRS ROSEMARY ZANDILE121.pdf >

Email analysis :
========================================================================
NOTE : roserrmary56@gmail.com
NOTE : Return-Path : < webme160@azaswail.com >
NOTE : Received : from [127.0.0.1] by nm38.bullet.mail.ne1.yahoo.com with NNFMP
NOTE : Received : from [98.138.101.132] by nm38.bullet.mail.ne1.yahoo.com with NNFMP
NOTE : Received : from [98.138.89.254] by tm20.bullet.mail.ne1.yahoo.com with NNFMP
NOTE : Received : from [127.0.0.1] by omp1046.mail.ne1.yahoo.com with NNFMP
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Yahoo-Newman-Id : *.*.bm@omp*.mail.ne1.yahoo.com
NOTE : In-Reply-To : < *.*.*.JavaMail.yahoo@jws*.mail.ne1.yahoo.com >
NOTE : References : < *.*.YahooMailNeo@web*.mail.ne1.yahoo.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_Part_*_*.*"
NOTE : Content-Length : 10088
========================================================================

azaswail.com whois :
========================================================================
Domain Name: azaswail.com
Registry Domain ID: 1878242359_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.melbourneit.com
Registrar URL: http://www.melbourneit.com.au
Updated Date: 2014-09-30T03:15:10Z
Creation Date: 2014-09-30T03:14:45Z
Registrar Registration Expiration Date: 2015-09-30T03:14:45Z
Registrar: Melbourne IT Ltd
Registrar IANA ID: 13 Registrar
Abuse Contact Email: abuse@melbourneit.com.au
Registrar Abuse Contact Phone: +61.386242300
Domain Status: clientTransferProhibited
Registrant Name: ail xsz
Registrant Organization: azaswail
Registrant Street: PO Box 61359
Registrant City: Sunnyvale
Registrant State/Province: CA
Registrant Postal Code: 94088
Registrant Country: US
Registrant Phone: +1.5105952002
Registrant Email: contact@myprivateregistration.com
Admin Name: Admin PrivateReg
Contact Admin Organization: azaswail
Admin Street: PO Box 61359 registered post accepted only
Admin City: Sunnyvale Admin State/Province: CA
Admin Postal Code: 94088 Admin Country: US
Admin Phone: +1.5105952002
Admin Email: contact@myprivateregistration.com
Tech Name: TECH PrivateRegContact
Tech Organization: Yahoo! Inc
Tech Street: PO Box 61359 registered post accepted only
Tech City: Sunnyvale Tech
State/Province: CA Tech Postal Code: 94088
Tech Country: US
Tech Phone: +1.5105952002
Tech Email: contact@myprivateregistration.com
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
DNSSEC: unsigned
========================================================================

Puchase Order

Dear Sir / Madam,

We have seen your advertisement online and we are interested in your line of Product.

Please send us your quote,including shipping term [e.g. C.I.F.F.O.B.Please also indicate your shortest delivery time,terms of payment, and discounts for regular orders. Kindly go through our the attached file and find our products specification and target price. Please note that our IT manager has already registered your company e-mail address on our webpage which you will find on our website in the attached file, you are advice to login with your companies e-mail address and password in other to have access to our demand as you click to download the attach file. Thank you in advance and we earnestly await your reply.Please all replies should be direct to our export manager e-mail address stated below.

Sincerely

Lissa Davidson
Export Manager
Mc Wane, Inc.

PO Box. 61,
Morganville, NJ 07751, USA
tel. 702.601.0793, fax. 702.617.1120

< pdf file.htm >

SCAM.CZ DETECTED ONE URL IN A SPAN :
==============================================
http://jutdoco.cwsurf.de/doc/docx2014/index.php
==============================================

CWSURF.DE INFORMATIONS :
==============================================
Liebe CwCity-Besucher,

unter der Domain CwSurf.de werden kostenlose Homepages des Dienstes von CwCity gehostet. Das Angebot umfasst Folgendes:

Unlimitierter Speicherplatz
Unlimitierter Traffic
MySQL, PHP und FTP-Zugang
... und viele andere Features

Die Community findest Du hier! CwCity.de

Euer CwCity.de Team
==============================================

Puchase Order

Dear Sir / Madam,

We have seen your advertisement online and we are interested in your line of Product.

Please send us your quote,including shipping term [e.g. C.I.F.F.O.B.Please also indicate your shortest delivery time,terms of payment, and discounts for regular orders. Kindly go through our the attached file and find our products specification and target price.

Please note that our IT manager has already registered your company e-mail address on our webpage which you will find on our website in the attached file, you are advice to login with your companies e-mail address and password in other to have access to our demand as you click to download the attach file.

Thank you in advance and we earnestly await your reply.Please all replies should be direct to our export manager e-mail address stated below.

Sincerely

Lissa Davidson
Export Manager
Mc Wane, Inc.

PO Box. 61,
Morganville, NJ 07751, USA
tel. 702.601.0793, fax. 702.617.1120

< pdf file.htm >

Sample Confirmation.

Attachment ~ 38.62kb » Sample Confirmation.pdf «

Hi,

Thank you for your mail Indeed you have the exact quality we are in the market for.

We just received confirmation from our clients to proceed with the trial order .

Please confirm receipt of order.

Please forward P/I and I will proceed with payment.

Let me know if you need anything else.

Thanks

Rash Amid
Order Expeditor
GARGOUR TECHNOLOGIES
18A, 26th of July Street,
P.O. Box : 2448 Downtown
Moscow
Tel. : +7 20 2 2392 9305,
Fax : +7 20 2 2393 4623,