Friday, December 8, 2017

Agent

To whom it may concern:

We bring you genuine and certified credit offer. Contact us for more details if you are honestly interested please. You can send a whatsapp message for more info at +91-720-433-5745

Email analysis :

NOTE : maryjaynewise2342@gmail.com
NOTE : Received : from unknown (HELO acsgsemail1.acsgs.com)
NOTE : ([65.248.101.241])

Tuesday, August 15, 2017

Is it a scam ? ( Vol 1 )


I received numerous questions on scam.cz. The most interesting is : "Is it a scam ?"

The answer is always the same.

Muqthar Ahmed


Subject : my number 9866900701 has been se;ected for 3.35crore BMW PROMO
Message : SIR WHAT SHOULD I DO TO CLAIM THIS OPPRUTNITY IF THIS IS NOT FAKE
Answer from Scam.cz : This is a fake.

Robert Siemen


Subject : uba atm center 4
Message : There is a Mark Gray who is working on setting up a atm card for me and wants my account numbers here so he can send my my atm card and join it with mine sounds not right so I am checking on this Please get back to me on this matter.THANK YOU Robert SIEMEN
Answer from Scam.cz : This is a scam.

Katja Aaltonen


Subject : got this kind of e-mail today. It was from "Mrs.......
Message : I got this kind of e-mail today. It was from "Mrs. Mary Bustamante". She asked to contact Barrister George Patropoulus (Esq), whose e-mail address is barristergeorgepetropoulos@gmail.com. This message came to me from e-mail address "www."@cube.ocn.ne.jp
Answer from Scam.cz : This is a scam.

Carol Domingos


Subject : WHEN CAN I GET THIS DELIVERED
Message : I WILL SEND THE MONEY. PLEASE CONTACT ME AT 2148087453
Answer from Scam.cz : This is a scam.

Muhamamd Irsyadi


Subject : i have fun in uba bank usd $8,500,000.00 it,s true?
Message : give me information asap.
Answer from Scam.cz : This is a scam.

Rita D Crumpton

Subject : do i rita crumpton have a cleared imf certificate signed by Christine Lagarde and being held for customs taxes?
Message : total tax is 95,000 and I owe 60000.I have paid 3000 for certificate clearance.Am I dealing with the cia?
Answer from Scam.cz : This is a scam.

Tuesday, November 29, 2016

New incoming Fax from 908.8325722

You Have a new Fax message
From: 908.8145483
Receiving date: November 28, 2016
Pages: 3

You can view your message on our website:
https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802

Thank you for using RingCentral.

Link analysis :

CLICK : https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802
OPEN : http://787.vn/wp-content/themes/tourpackage-v1-02/backup/get.php?id=dGVzdEB0ZXN0LmNvbQ==
DOWNLOAD : fax_test.doc

File analysis :


OPEN : fax_test.doc
SHA256 : c0b3934b594a23dd88a42c0e96ccbbf7f88c633a19d82833d6d9bbf47630a0c1
RESULT : fax_test.doc is a virus

Virus analysis :

Avast : VBA:Downloader-DSL [Trj]
ClamAV : Doc.Dropper.Agent-1847249
Kaspersky : Trojan-Downloader.MSWord.Agent.avj
Qihoo-360 : virus.office.gen.70
Sophos : Troj/DocDl-FTZ
Symantec : W97M.Downloader

Email analysis :

NOTE : ringcentral@faxmessage.com
NOTE : 74.143.65.242 (rrcs-74-143-65-242.central.biz.rr.com)


NOTE : Mime-Version : 1.0

Friday, September 25, 2015

nouveau message vocal

SMS :
===========================
nouveau message vocal pour le +234**********
Duree: 29s Pour l'écouter; Cliquez sur ce lien: http://msgvocal.co/202-FG5VTF9
===========================

Open :
===========================
http://msgvocal.co/202-FG5VTF9
===========================

Result :
===========================
Vous avez (1) nouveau message vocal Emetteur: Béatrice Cliquez ci-dessous pour le consulter: (1) Message vocal - Cliquez ici reçu le
===========================

Result :
===========================
tel:+33899785310
===========================

WHOIS : msgvocal.co
======================================================================
Domain Name: MSGVOCAL.CO
Domain ID: D68265206-CO
Sponsoring Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Registrar URL (registration services): www.PublicDomainRegistry.com
Domain Status: clientTransferProhibited
Registrant ID: PP-SP-001
Registrant Name: Domain Admin
Registrant Organization: PrivacyProtect.org
Registrant Address1: ID#10760, PO Box 16
Registrant Address2: Note - All Postal Mails Rejected, visit Privacyprotect.org
Registrant City: Nobby Beach
Registrant Postal Code: QLD 4218
Registrant Country: Australia
Registrant Country Code: AU
Registrant Phone Number: +45.36946676
Registrant Email: contact@privacyprotect.org
Administrative Contact ID: PP-SP-001
Administrative Contact Name: Domain Admin
Administrative Contact Organization: PrivacyProtect.org
Administrative Contact Address1: ID#10760, PO Box 16
Administrative Contact Address2: Note - All Postal Mails Rejected, visit Privacyprotect.org
Administrative Contact City: Nobby Beach
Administrative Contact Postal Code: QLD 4218
Administrative Contact Country: Australia
Administrative Contact Country Code: AU
Administrative Contact Phone Number: +45.36946676
Administrative Contact Email: contact@privacyprotect.org
Billing Contact ID: PP-SP-001
Billing Contact Name: Domain Admin
Billing Contact Organization: PrivacyProtect.org
Billing Contact Address1: ID#10760, PO Box 16
Billing Contact Address2: Note - All Postal Mails Rejected, visit Privacyprotect.org
Billing Contact City: Nobby Beach
Billing Contact Postal Code: QLD 4218
Billing Contact Country: Australia
Billing Contact Country Code: AU
Billing Contact Phone Number: +45.36946676
Billing Contact Email: contact@privacyprotect.org
Technical Contact ID: PP-SP-001
Technical Contact Name: Domain Admin
Technical Contact Organization: PrivacyProtect.org
Technical Contact Address1: ID#10760, PO Box 16
Technical Contact Address2: Note - All Postal Mails Rejected, visit Privacyprotect.org
Technical Contact City: Nobby Beach
Technical Contact Postal Code: QLD 4218
Technical Contact Country: Australia
Technical Contact Country Code: AU
Technical Contact Phone Number: +45.36946676
Technical Contact Email: contact@privacyprotect.org
Name Server: NS8459.HOSTGATOR.COM
Name Server: NS8460.HOSTGATOR.COM
Created by Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Last Updated by Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Domain Registration Date: Wed Aug 12 17:55:08 GMT 2015
Domain Expiration Date: Thu Aug 11 23:59:59 GMT 2016
Domain Last Updated Date: Thu Aug 13 11:25:40 GMT 2015
DNSSEC: false
======================================================================

Thursday, October 16, 2014

read this

How are you today? I saw your contact while browsing online so I decided to write you despite that I have not met you in person. Please get back to me its very important. Caro

Email analysis :

NOTE : carojonesy@hotmail.com
NOTE : Return-Path : < cveenstra02@gmail.com >
NOTE : Mime-Version : 1.0
NOTE : read this

Wednesday, March 12, 2014

Urgent Message Inside..

I'll keep this short. I sent you this before and you haven't watched it and it's URGENT.

===> CLICK HERE - MESSAGE WAITING INSIDE

I need to know if you want the access OR If I should give it to someone else right away. It's probably wise that you claim it:

===> CLICK HERE - GET THE DETAILS NOW

Go now.

Mat G.

Thursday, October 24, 2013

get back to me asap.....

Hello

Please do condone me for invading your privacy through this medium. Nevertheless, I desire to convey a very important message which in the long run will be conjointly beneficial to us. This entails a business dealing which I will make known to you the full details in my next mail upon your response and readiness to work with me. Please do take this mail in earnest.

View attached link for proper understanding.

Respectfully Yours,
Major Irene Taylor

User :


Host :


E-mail : sarah.stm@hotmail.com
Note : from ool-4b7fb8e4.static.optonline.net (HELO wl-mail.wl.inc) (75.127.184.228)
Note : from [192.168.5.222] ([178.23.215.191]) by wl-mail.wl.inc with Microsoft SMTPSVC(6.0.3790.4675)
Note : Remote : 75.127.184.228 (ool-4b7fb8e4.static.optonline.net)