Your unclaimed Bank Draft is ready for delivery. Please read

DHL COURIER SERVICE,
Unit 98, VAUXHALL BRIDGE ROAD, ML4 3NP,
London. UNITED KINGDOM.

Dear Customer!!!

This is to notify you, that your Unclaimed Bank Draft for the sum of ($3.500.000.00 Million Dollars) has finally been signed and approved for express delivery.

Please get back to us for more details on this delivery.

Sir, Chris Walker.
Information Officer.
DHL Courier Management Team,
All rights reserved. 2016.

Email analysis :

NOTE : SERVICE.@grace.ocn.ne.jp
NOTE : dhlheadoffice@lycos.com
NOTE : Received : from mzcstore422.ocn.ad.jp
NOTE : (mz-fcb422p.ocn.ad.jp [153.149.245.37])

NOTE : by vcwebmail.ocn.ad.jp
NOTE : X-Originating-Ip : [23.247.147.2]

Hello Good Day

Stop contacting them. Because Your fund Is Not with them

I am Mrs Betty Rawlings; A United States Citizen, 58 years old. I reside here in Perth Amboy NJ, My residential address is as follows 482 SAYRE AVE NO,2 PERTH AMBOY 08861 Apt 305, New Jersey, United States. I am thinking of relocating since I am now wealthy.Well I will have to let the cat out of the bag and let this great news known to you, I am one of those that took part in the Compensation awards in Benin Republic many years ago and they refused to pay me, I had spent over $80,000.00 of my life savings while in the USA trying to get my payment but all to no avail.

After all this series of criminal acts that happened to me, I decided to travel down to Benin Republic with all my compensation documents as I was directed to meet with one Barrister Mensah  Baah who happens to be a member of the Compensation Award Committee in Benin. I contacted him and he explained everything to me in detailed information’s, He said whoever is contacting us through emails, Phone or whichever means are fake.

Barr. Mensah  Baah took me to the paying bank for the claim of my compensation payment. With great joy in my heart right now I am the happiest woman on planet earth, I received my compensation funds of Five Million Five Hundred Thousand United State Dollars (US$5,500,000.00).

Moreover, Barr. Mensah  Baah showed me the full list and information’s of receivers that has been scheduled to receive their payments but are yet to receive it, While going through this list carefully I saw your email address and other information’s as one of the beneficiaries, for this reason I have decided to email you to stop dealing with those people, they are not in any way with your funds and won't stop taking money from you, these people are only stealing from you.Right now I will advise that you contact Barrister Mensah  Baah, You can contact him directly on this information below.

COMPENSATION AWARD HOUSE Benin,
NAME: Mensah  Baah
Please Copy His Email: mensahbaah@yeah.net

You really have to stop dealing with those people that are contacting you and telling you all sort of lies as your funds is not in anyways with them. They are only taking advantage of you and they will not stop until you have nothing just like they did to me in the past, The only money I paid after I met Barrister Mensah  Baah is just $108 for the paper works, take note of that.

(NOTE: TELLING YOU TO PAY FOR ANY DELIVERY OR COURIER CHARGE IS ALL NOTHING BUT LIES, I REPEAT THE ONLY MONEY YOU WILL HAVE TO PAY AND WHICH I ALSO PAID IS $108 FOR THE ADMINISTRATIVE/ ENDORSEMENT CHARGE AS IMPOSED BY THE GOVERNMENT AND YOUR PACKAGE CONTAINING YOUR CERTIFIED BANK DRAFT CHEQUE WILL BE REACHING YOU THROUGH THE REGULAR MAIL SERVICE.)

Once again I urge you to stop contacting those people for your own good, I will advise you to contact Barr. Mensah  Baah so that he will help and give you guideline until your funds is delivered to you. Instead of dealing with those people that will be turning you around and asking for different kind of upfront money to complete your transaction, I will advise that you contact only Barr. Mensah  Baah.
Thank You and Remain Blessed.

Mrs Betty Rawlings

Email analysis :

NOTE : mensahbaah@yeah.net
NOTE : andre@tramandai.rs.gov.br
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : X-Php-Originating-Script : 1711:rcube.php
NOTE : Received : by pmt.tramandai.rs.gov.br (Postfix, from userid 33)
NOTE : Received : from pmt.tramandai.rs.gov.br (pmt.tramandai.rs.gov.br. [186.232.55.210])

NOTE : Prefeitura Municipal de Tramandaí was used to relay this scam, with account andre

Contact Mr.Shegun Akintomi(Skye bank ATM director)

Attention please!!!

We were authorized by the President, Federal Republic of Benin and the Governing Board of Central Bank to investigate the unnecessary delay of your payment,to also recommend and approve your claims for payment if the report of the unclaimed contract/inheritance funds is genuine. However, we discovered that your funds has been unnecessarily delayed by corrupt officials of some banks.

We have agreed with the authority that we will handle this payment ourselves to avoid the hopeless situation created by those officials. Currently your Inheritance/Contract fund of $7.5Million has been credited in ATM card.Contact Mr.Shegun Akintomi(Skye bank ATM director)with your details including phone lines for immediate delivery.

Contact Name: Mr.Shegun Akintomi
Email: atm78410@gmail.com
office line:+22999944906

Signed,
management of Skye Bank Plc.

Email analysis :

NOTE : yahagi@tunekawa.co.jp
NOTE : atm78410@gmail.com
NOTE : X-Mailer : Web de Mail, 1.0.0
NOTE : client-ip=216.230.254.50;

TR : !mp0rtant a L!RE.

bien aiméε‏

Excusεz-møi de vous contactεz de cette manièrε car nøus nε nous connaissøns pas.

En bref je me nommε LAURENT BOUDIER d'origine Françaisε et je vis à Londres. Je souffrε d'unε gravε maladiε et j'aimεrais vous faire une prøpøsition qui pourrait vous intéressεr.Il s'agit d'un døn d'une somme de850 000 de euro.

Vous trouverεz sur le documεnt en fichiεr joint plus de rensεignement concernant mon døn je vous prie de la lire lεttre en fichier jøint. Ceci n’étant pas un spam ni virus.

Pour avoir plus de rensεignement concernant cette dønatiøn je vous prie de me Contactεz moi a cette adrεssε. Ceci n’étant pas un spam ni virus :

Conctεz moi a cette adrεssε:

Mail!: laurent.boudier@outlook.com***laurent.boudier@outlook.com

T

Recevez encore une fois de mes salutations les plus distingués .

Cordialement

Monsieur Boudier

256931569426655689465(1).pdf

Email analysis :

NOTE : janujz5@orange.fr
NOTE : claouenan@cazes-goddyn.com
NOTE : clean@orange.com
NOTE : laurent.boudier@outlook.com
NOTE : X-Me-Ip : 86.206.187.80

Samantha Gann sent you "Scan001.zip"

Samantha Gann a file with you on Dropbox

The updated agreement with AlixPartners

Scan001.zip

Download

© 2016 Dropbox

Email screenshot :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from unknown (HELO NNZCABJO) (1.47.202.181)

NOTE : Samantha Gann sent you "Scan001.zip"

File analysis :

CLICK : DOWNLOAD
OPEN : https://www.cubbyusercontent.com/pl/Scan001.zip/_6ec59f8ef081469e9dba0d304a99cb9d
FILENAME : Scan001.zip
RESULT : File is a virus.

Virus analysis :

SHA256: e68dfb45eb15d675073486679ac94cac1788ea5c54a3e39cb9cddddaf73a179e
FILENAME : Scan001.zip
AVG : Downloader.Generic_c.ALTL
Ad-Aware : Trojan.GenericKD.3298975
AegisLab : Exploit.Script.Generic!c
Arcabit : Trojan.Generic.D32569F
Avast : Other:Malware-gen [Trj]
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3298975
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.ADU
Emsisoft : Trojan.GenericKD.3298975 (B)
F-Secure : Trojan.GenericKD.3298975
Fortinet : JS/Nemucod.ET!tr.dldr
GData : Trojan.GenericKD.3298975
Ikarus : JS.Trojan-Downloader.Rogue
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Exploit.Script.Generic
McAfee : Generic.yd
McAfee-GW-Edition : Generic.yd
eScan : Trojan.GenericKD.3298975
Microsoft : TrojanDownloader:JS/Nemucod.AT
Rising : Exploit.Generic!8.3E1-aXLPd6nZxPO (Cloud)
TrendMicro : JS_NEMUCOD.QDA
TrendMicro-HouseCall : JS_NEMUCOD.QDA

Un nouveau messange est disponible sur votre messagerie HelloBank (Phishing Hello bank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Clique Ici

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Email screenshot :

Email analysis :

NOTE : __Hello.Bank__@tix.nl
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < zend@tix.nl >
NOTE : Received : by tix.nl
NOTE : X-Php-Originating-Script : 0:zabo.php
NOTE : Un nouveau messange est disponible sur votre messagerie HelloBank

Phishing analysis :

CLICK : Clique Ici
OPEN : http://belmondo-gent.be/7
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/
SCREENSHOT :

CLICK : Accéder aux comptes
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/check.php?log=*
SCREENSHOT :

CLICK : Vérifier
REDIRECT : http://www.belmondo-gent.be/wp-includes/hello/HelloBank/checked.html

REDIRECT : https://www.hellobank.fr/fr/espace-client

[important (1)] Vous avez reçu un message : (Phishing CyberPlus)

Bonjour,

Le département technique procéde à une mise à jour importante de logiciel programmée de facon à améliorer la qualité de nos services .

Nos vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer votre PassCyberPlus :

Confirmer votre PassCyberPlus

Nous vous remercions pour la confiance que vous acordez à nous et restons à votre disposition .

Cordialement,

Ceci est un troisiéme et dernier rappel nous vous invitant a accéder a votre formulaire dés que possible,

dans le cas contraire nous ne somme pas responsables des debit inhabituels sur votre compte

BANQUEPOPULAIRE

Â
Â

Email screenshot :

Email analysis :

NOTE : _C_y_b_e_r_P_l_u_s@amazon.fr
NOTE : Content-Type : text/html;charset='iso-8859-1'
NOTE : X-Proxad-Sc : state=HAM score=0
NOTE : Return-Path : < www-data@regiesmtp505-1.odiso.net >
NOTE : X-Mailer : PHP/5.3.10-1ubuntu3.23
NOTE : Received : by regiesmtp505-1.odiso.net
NOTE : X-Php-Originating-Script : 0:zamailer.php
NOTE : [important (1)] Vous avez reçu un message :

Phishing analysis :

CLICK : Confirmer votre PassCyberPlus
OPEN : http://cyber-rts.com/
REDIRECT : http://livinggreenlandscaping.com/language/en-GB/var
RESULT : Phishing was removed...

my subject

I am Sgt Adams John , I have a Secured Monetary deal for you and it's
legitimate, 25,000,000,00 USD please for more information contact my private email: sgtadamsjohn444@gmail.com Sgt Adams John

Email analysis :

NOTE : my subject
NOTE : sgtadamsjohn444@gmail.com
NOTE : asparagus@unist.ac.kr
NOTE : X-Originating-Ip : [116.202.38.145]

J’ai Quelque Chose à Vous Dire...[IMPORTANT]

Bonjour,

Soyons RÉALISTES ! Si vous êtes encore en train de lutter pour perdre du poids, alors j’ai LA solution pour vous !

Mon ami Brian, qui est entraîneur personnel certifié et nutritionniste de niveau mondial, a créé un nouveau système pour une perte de poids rapide, qui GARANTIT LES RÉSULTATS !

Il l’appelle La Diète 3 Semaines. Il l'appelle comme ça car ce système peut vous aider à perdre jusqu’à 10 kilos de graisse corporelle pure, en 3 semaines seulement !

Je n’y ai pas cru non plus, dans un premier temps - mais après avoir constaté les preuves et l’avoir testé moi-même, j’ai été conquis !

COMMENT ÇA FONCTIONNE...

Le régime indique d'abord les heures de la journée où votre métabolisme brûle le plus, et ce sont celles où vous devriez manger pour brûler de la graisse. Le système est si précis et efficace que certaines personnes peuvent perdre jusqu’à 500 g par jour en le suivant. Combiné avec différents types d’aliments qu’il recommande, ce régime est donc quasi INFAILLIBLE !

Sans surprise, sa méthode complète est même approuvée par des médecins certifiés, afin que vous soyez assuré d’utiliser une méthode sûre et testée (allez sur le site pour le vérifier par vous-même).

Habituellement, il vend sa méthode à 97 €, mais aujourd’hui il fait une offre spéciale, juste pour mes contacts : Vous pouvez obtenir la méthode complète de La Diète 3 Semaines pour seulement 47 € ! C’est une offre vraiment unique et abordable mais elle n’est disponible que pendant une durée limitée.

De plus, Brian propose sa garantie « Perdez du poids ou c’est gratuit » - c’est-à-dire que si vous ne perdez pas le nombre de kilos que vous escomptiez pendant les 3 semaines - il vous remboursera personnellement chaque centime que vous avez dépensé pour ce régime. Vous ne pouvez pas obtenir beaucoup plus, n’est-ce pas ?

Alors, si vous êtes encore en train de vous débattre pour perdre du poids, je vous conseille fortement d’aller jeter un coup d'oeil à la présentation de de La Diète 3 Semaines en visitant ce lien :

http://www. livresduweb.top /index.php

Découvrez-le maintenant avant que l’offre spéciale expire !

Pour perdre du poids et se sentir en forme,

Sophie

Email analysis :

NOTE : fefou2005@yahoo.fr
NOTE : contact@ livresduweb.top

Attn: The Owner of this E-mail ID,

Attn: The Owner of this E-mail ID,

Your Name And Your Contact Details Was Given To This Office In Respect Of Your Total inherited/Compensation Sum Owed To You Which You Have Failed To Claim Because Of Either Non-Compliance Of Official Processes Or Because Of Your Unbelief Of The Reality Of Your Genuine Payment. We Wish To Bring To You The Solution To This Problem. Right Now We Have Arranged Your Payment Through Our Swift Card Payment Centers, That Is The Latest Instruction From Economic Community Of West African States (ECOWAS) This UBA ATM payment Center Will Send To You An ATM VISA Card Which You Will Use To Withdraw Your Money In Any ATM Machine In Any Part Of The World, So If You Like To Receive Your Fund In This Way, Please Let Us Know By Contacting Us Back on the following information:

CONTACT: Mr.Morgan Chambers.
PHONE NUMBER: +22961135739
Email: allusers.group79@gmail.com

And Also Send The Following Information As Listed Below.

1. Full Name
2. Phone And Fax Number
3. Delivery address
4. ATTACH COPY OF YOUR IDENTIFICATION/ If any available

We Have Been Mandated By The ECOWAS Parliament To Issue Out $7.5million USD in your favor This fiscal year. Also For Your Information, You Have To Stop Any Further Communication With Any Other Person (S) Or Office(S) To Avoid Any Hitches In Receiving Your Payment. Note That Because Of Impostors,We Hereby Issued You Our Code Of Conduct, Which Is (ATM-202) So You Have To Indicate This Code When Contacting The Card Center By Using It As Your Subject.

=======================================================

AS SOON AS I CONFIRM THE REQUIRED INFORMATION I WILL DIRECT YOU ON HOW TO PROCEED ON IMMEDIATE DISPATCHING OF YOUR ATM CARD PAYMENT.

=========================================================

Email analysis :

NOTE : allusersgroup@yandex.com
NOTE : rafi@maqsimum.pl
NOTE : Received : from User (unknown [130.185.159.11])

NOTE : by mps.maqsimum.pl (Postfix)

Sergeant Ann Hester Leigh

my name is Sergeant Ann Hester Leigh, United States military officer, looking for a reliable trust worthy person for a cordial relationship.

I'll be glad if you write me here for more details.

regard!
Sergeant Ann Hester Leigh

Email analysis :

NOTE : bean.an@outlook.com
NOTE : jameskibler52@gmail.com

Job representative needed,

TimeOne Group Ltd are in search of a competent individual or firm that will be responsible in handling payment on our behalf as a Sales Representative Officer, contact us for further information.

Thanks, and best regard,

Fabien Barbaud
TimeOne Technology Management.

Email analysis :

NOTE : fbarbaud023@gmail.com
NOTE : hrrdnld@gmail.com
NOTE : Received : from webmail.ps5.com.br (unknown [189.50.80.100])

NOTE : (Authenticated sender: elza@bew.net.br)
NOTE : by painel.bew.net.br (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTe : Organization : TimeOne Group

I AM SORRY TO ENCROACH INTO YOUR PRIVACY IN THIS MANNER REPLY .....

Dear sir/Ma

I am sorry to encroach into your privacy in this manner, I got your contact from the professional data base found in the internet Yahoo tourist search; I was searching for a foreign reliable partner., I find it pleasurable to offer you my partnership in business. I only pray at this time that your address is still valid. I want to solicit your attention to receive money on my behalf.

My name is . Richard Williams US ARMY MAJOR, I am serving in the US military in Afghanistan with the army infantry division, I have some amount of funds that I want to move out of the country for safe keep and investment.

if interested kindly reply via email for further details. ( richardwilliamsu00@gmail.com )

PLEASE, TREAT THIS PROPOSAL AS TOP SECRET.

God bless you and thanks for cooperation in advance.

Best Regards,

MAJOR. Richard Williams

Email analysis :

NOTE : info@lee.org
NOTE : richardwilliamsu00@gmail.com
NOTE : Received : from mail.com (unknown [50.255.40.77])

Urgent ! (Phishing Banque Populaire)

Bonjour,

Le département technique procède à une mise à jour 2016 de logiciel, programmée de façon à améliorer
la qualité de nos services.
Nous vous demandons avec bienveillance de procéder à la mise à jour en cliquant sur le lien ci-dessous et
de sécuriser votre PassCyberPlus:

ACCÉDER À MES COMPTE

Nous vous remercions pour la confiance que vous nous accordez et restons à votre disposition.

Cordialement
Directeur de la relation clients

Si vous ne voulez plus recevoir ce message automatique, connectez-vous à votre espace employeur et modifiez l'option de rappel de déclaration dans la rubrique

Email screenshot :

Email analysis :

NOTE : asadadass@bil.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < asadadass@bil.com >
NOTE : Received : from bil.com ([84.39.33.123])
NOTE : Received : by bil.com
NOTE : X-Php-Originating-Script : 0:xroot.php
NOTE : Urgent !

Phishing analysis :

CLICK : ACCÉDER À MES COMPTE
OPEN : http://shop.longavita-ug.ru/LICENSE/pop/
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php
SCREENSHOT :

CLICK : OK
REDIRECT http://personalcolor.co/facebook/pop/*/index.html
SCREENSHOT :

CLICK : VALIDER
REDIRECT : http://personalcolor.co/facebook/pop/*/login.php
REDIRECT : http://personalcolor.co/facebook/pop/*/index.php

ATTENTION BENEFICIARY,

WE THE WESTERN UNION REMMITTING OFFICE WERE HEREBY WRITE TO INFORM YOU THAT WE HAVE ALREADY SENT YOUR FULL COMPENSATION PAYMENT OF $6.800,000.00 TO YOU THROUGH WESTERN UNION, YOU WILL BE RECEIVING 10.000.00USD PER DAY, AND WE HAVE SEND THE FIRST PAYMENT TO YOU. SO CONTACT OUR DIRECTOR Dr.Peter Anthony AND ASK HIM TO GIVE YOU THE WESTERN UNION PAYMENT INFORMATION SO THAT YOU CAN BE ABLE TO PICK UP YOUR FUNDS THROUGH WESTERN UNION WITHOUT ANY PROBLEM.

CONTACT HIM WITH THE BELLOW INFORMATION.
(unionw633@gmail.com)
PHONE NUMBER (+22999165308)
AND CONTACT HIM WITH YOUR FULL INFORMATION.

Your name............
country.... ..........
phone ...........
address...............
city..........
age..................
sex..................

CALL OR EMAIL HIM NOW SO THAT HE CAN PROVIDE THE WESTERN UNION INFORMATION TO YOU AS SOON AS YOU CAN.

Thanks and Remain Blessed John Paul.
From WESTERN UNION.
YOUR FIRST PAYMENT THROUGH WESTERN UNION.

Email analysis :

NOTE : unionw633@gmail.com
NOTE : officefile112016@tochka.net
NOTE : dvmail.tochka.net (imap.tochka.net. [91.207.122.195])
NOTE : client-ip=91.207.122.195;

عاجل جدا

900،000 دولار أمريكي تمنح لك من قبل شركة شيفروليه. إرسال الاسم والعنوان والهاتف المحمول والجنسية عن طريق: chevroletcompany 34@gmail.com

Email analysis :

NOTE : chevroletcompany34@gmail.com
NOTE : botrach.qbh@moj.gov.vn
NOTE : Return-Path : < botrach.qbh@moj.gov.vn >
NOTE : X-Originating-Ip : [10.28.30.60]
NOTE : Mime-Version : 1.0
NOTE : X-Mailer : Zimbra 7 (zclient/7)
NOTE : Message-Id : < *-*@mail.moj.gov.vn >
NOTE : client-ip=203.113.130.106;

NOTE : Received : from Internal Mail-Server by Mail-SeCureOUT
NOTE : (envelope-from botrach.qbh@moj.gov.vn)
NOTE : Received : from mail.moj.gov.vn (mail1.moj.gov.vn [10.28.30.68])
NOTE : by mail.moj.gov.vn (Postfix)

What is moj.gov.vn ?

- MOJ is the Vietnamese Ministry of Justice.
- The server of the Vietnamese Ministry of Justice was used to relay this scam.
- Account : botrach.qbh

DRINGEND

Hallo Freund,

Mein Name ist Herr Richard Cody ich mit einer der führenden Banken hier in London, UK arbeiten. Ich würde benötigen, um Ihre Zustimmung an Sie als nächsten Angehörigen unserer späten Kunden zu präsentieren, die während des 11. März 2011 Erdbeben-Katastrophe in Japan gestorben. Er war ein reicher Geschäftsmann, der £ 38.000.000,00 (achtunddreißig Millionen britische Pfund) in unserer Bank hinterlegt. Er starb ohne nächsten Angehörigen registriert, wie er lange war geschieden und hatte kein Kind.

Ich war sein Konto Offizier und habe in meinem Besitz alle erforderlichen Unterlagen Sie als seine Nutznießer nächsten Angehörigen zu präsentieren. Ich kontaktierte Sie, weil Sie gleichen Namen Identität mit unserer späten Client und kann perfekt passen als nächsten Angehörigen, wir können zusammenarbeiten, diesen Fonds zu erreichen. Bitte hören Sie, das ist real und geht in Banken auf der ganzen Welt ohne Menschen zu kennen. Lassen Sie uns diese Gelegenheit nutzen, weil es nicht immer kommt.

Viele Kunden öffnen private Konten bei verschiedenen Banken ohne das Wissen ihrer Familien und wenn sie sterben, wird dieses Geld an die Bank verloren, es sei denn, jemand Anspruch kommt. Dies ist, wie viele Bankdirektoren so viel Geld silently.On Bestätigung dieser Meldung machen und Ihr Interesse angibt, werde ich Ihnen weitere Informationen zu liefern.

Bitte bemühen Sie mich mit der folgenden zur Verfügung zu stellen, damit wir in Details zu diskutieren:

1) Handy-Nummern:
2) Vollständiger Name:
3) Kontaktadresse und Beruf:

Ich dringend hoffen, Ihre Antwort zu bekommen, so bald wie möglich durch meine private E-Mail: (richardcody7@outlook.com).

Dein,

Herr Richard Cody.

Email analysis :

NOTE : richardcody7@outlook.com
NOTE : richardcody.1@hotmail.com
NOTE : client-ip=65.55.90.107;
NOTE : Received-Spf : SoftFail (protection.outlook.com:
NOTE : domain of transitioning hotmail.com discourages
NOTE : use of 25.152.0.52 as permitted sender)
NOTE : 25.152.0.52

Bonsoir très cher (e)

Bonsoir très cher (e)

Je suis Mr André ROY, ancien militaire en retraite. Durant ma carrière de militaire, je reconnais devant le seigneur créateur du Ciel et de la terre d'avoir effectué des trafics illégaux dans le domaine du trafic de drogue et des armes. En ce moment-là, tous mes virements bancaires se faisaient sur mon compte bancaire dans un Pays de l'Afrique de l'Ouest. Je suis maintenant frère Archevêque Métropolitain et Primat de France de l'Église catholique.

Mais suite à mon état critique dû au cancer du poumon et dont je serai en phase terminale, il m'a été conseillé par l'un des frères de mon église après confession de faire une charité avec une grande partie de ce fonds dont je dispose dans cette banque à de différentes personnes dans presque tous les pays du monde afin que le seigneur pardonne mes péchés, puisque je ne saurai pas dépenser toute cette fortune en moins d'un an. J’ai obtenu votre mail par le logiciel contact Express 2016 le moteur de recherche des adresses mail pour que vous puissiez bénéficier gratuitement d'un montant de 800.000 € (Huit Cent mille euros). Au nom du seigneur créateur du ciel et de la terre, cette somme vous aidera à régler une bonne partie de vos problèmes financiers. Dites-vous que vous ne courrez aucun risque en acceptant cette donation de ma part, car mes fonds déposés dans cette banque sont en toute sécurité et sont enregistrés entend que fonds légaux avec tous les documents à l'appui grâce à mon Avocat de ce Pays. Alors si vous pensez rentrer en possession de ces fonds, veuillez bien contacter mon notaire pour faire la réclamation de ce don afin qu'il vous fasse suivre les procédures afin que le chèque de Banque soit établi à votre nom.

Nom du notaire : VIGNON ROBERT

E-mail du notaire : cabinetvignon@hotmail.com

Site Web : cabinetvignon.onlc.fr

Merci d'avance de votre compréhension

Mr André ROY

Email analysis :

NOTE : kaselionel28@hotmail.com
NOTE : Received : from blu004-omc4s13.hotmail.com (65.55.111.152)
NOTE : Received : from BLU179-W28 ([65.55.111.137]) by BLU004-OMC4S13.hotmail.com

Norply

Your Account Will Be Closed !

Dear Customer,

We have noticed that some data from your account information seems inaccurate or unverified. You have to check your information in order to continue using our service smoothly. We need a little bit more information about you to help confirm your identity. Now check the account informations that belongs to you !

Update My Informations

Email screenshot :

Email analysis :

NOTE : Norply@cp2.tarhely.pw
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cp2.tarhely.pw:
NOTE : authenticated_id: bunmegelozesbeke/primary_hostname/system user
NOTE : Return-Path : < bunmegelozesbeke@cp2.tarhely.pw >
NOTE : X-Authenticated-Sender : cp2.tarhely.pw: bunmegelozesbeke
NOTE : X-Php-Script : www.bunmegelozesbekesmegye.hu/mangusta/upload/img/php.php
NOTE : for 105.105.26.151

NOTE : Received : from tomtech.hu (tomtech.hu. [185.112.156.244])
NOTE : Received : from bunmegelozesbeke
NOTE : by cp2.tarhely.pw with local (Exim 4.87)
NOTE : (envelope-from < bunmegelozesbeke@cp2.tarhely.pw >)
NOTE : Norply

Phishing analysis :

CLICK : Update My Informations
OPEN : http://www.handicraftdesignbank.in/upload/products/He/service/manage
RESULT : Phishing is unresponsive.

INVITATION TO ATTEND WORLD PEACE FOUNDATION (I.W.P.F) 2016

Dear Sir/Madam,

The International World Peace Foundation Conference (I.W.P.F) is pleased to invite you to participate in the forth-coming International Conference on Human Trafficking, Child Abuse, HIV/AIDS. Racism and Human Right.This event will commence from August 1st- 5th 2016 in California, United State of America and August 8th-12th to 2016 in Republic of Senegal. I am honored to invite you to attend these events as my guest.

For more details and requirements for your registration,

kindly contact the secretary Mrs Miret Johnson via E-mail:(secretary.info91@gmail.com)

Also feel free to contact me if you need any further details related to these events. Endeavor to inform the secretary that you were invited to participate by me (Ms.Isabella William)a staff member of the World Peace Foundation Conference. Note that the Organizing Committee and Our donor sponsors will take the full responsibility of all registered participants visa processing for the United States & Republic of Senegal respectively. That will include your Round trip air tickets to both events. While delegates will only be responsible for confirming their Hotel accommodation in Republic of Senegal where the second phase of the event will take place. I do hope you can make time in your busy schedule to attend these conferences and share your ideas on the listed topic above. Kindly keep me informed via (isabellawilliam91@outlook.com) if you will be able to make it to attend the events.


Thanks
Ms.Isabella William
The International World Peace Foundation Conference (I.W.P.F)
Los Angles, California
United State of America

Email analysis :

NOTE : rpriyanka@bajajcapital.com
NOTE : isabellawilliam91@outlook.com
NOTE : X-Originating-Ip : [41.82.33.17]

NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (ZimbraWebClient - FF46 (Win)/8.6.0_GA_1153)
NOTE : Received : from zimbra.bajajcapital.com (zimbra.bajajcapital.com [132.0.0.3])

NOTE : by zimbra.bajajcapital.com

Very Urgent (Chevrolet Scam)

900,000 usd award to you by chevrolet company. send name, address, mobile and nationality via:

Email analysis :

NOTE : chevrolet@zcs-mta01.apf.asso.fr
NOTE : company@zcs-mta01.apf.asso.fr
NOTE : chevroletcompany34@gmail.com
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < prvs=*=chevrolet@zcs-mta01.apf.asso.fr >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at zimbra.apf.asso.fr
NOTE : Authentication-Results : 46.228.131.242 is neither permitted nor denied
NOTE : Content-Description : Mail message body
NOTE : Message-Id : < *.*@zcs-mta01.apf.asso.fr >
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Antivirus : avast! (VPS 160603-1, 06/03/2016), Outbound message
NOTE : Content-Type : text/plain; charset="iso-8859-1"
NOTE : client-ip=46.228.131.242;
NOTE : Received : from FSMSG0548.sp.f-secure.com
NOTE : (fsmsg0548.sp.f-secure.com. [46.228.131.242])

NOTE : Received : from mx-out.apf.asso.fr (mx-out.apf.asso.fr [213.152.3.213])
NOTE : Received : from zcs-mta01.apf.asso.fr (zcs-mta01.apf.asso.fr [192.168.101.125])
NOTE : by mx-out.apf.asso.fr (Postfix)

NOTE : Received : from USER-PC.zuku.co.ke (unknown [196.207.187.23])

NOTE : by zcs-mta01.apf.asso.fr (Postfix)
NOTE : Very Urgent

FROM C.B.P {TREAT AS URGENT}!!

U.S. Customs and Border Protection
1300 Pennsylvania Ave NW, Washington, DC 20229,
United States.

Urgent Attention: Beneficiary,

I am Assistant Commissioner Kevin K. McAleenan head of Field Operations (OFO) of the U.S. Customs and Border Protection (CBP). We have just intercepted and confiscated two trunks at John F Kennedy International Airport in New York, NY 11430 coming from a foreign country. We crosschecked the content of the boxes and found it contained a total sum of $4.1 million dollars. Also with one of the trunks were documents with your name as the receiver of the money. As we progressed in our investigations of the Diplomat which accompanied the trunks into the United States we learned that he was to deliver these funds to your residence as payment of an inheritance/winning, which was due to you. Further checks on the consignment, we found out that the consignment paperwork lacked the PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE forms. We then confiscated both trunks and released the Diplomat.

The trunks According to section 229 subsection 31 of the International, Commerce Regulators Code Enforcement Guidelines, your consignment lacks PROOF OF OWNERSHIP CERTIFICATE AND LEGAL DELIVERY PERMIT CLEARANCE CERTIFICATE from the joint team of Homeland Security and therefore you must contact us for direction on how to procure the two certificates, so that you can be relieved of the charges of evading tax which is a jail offense under section 12 subsection 441 of the Tax Code. We will also be asking the IRS to launch an investigation of money laundering if you do not follow our instructions.

You are therefore required to contact me within 72 hours, at that point I will walk you through the process of clearing and claiming the money.

Failure to comply may lead to your arrest, interrogation and/or you being prosecuted in the Court of Law for tax evasion and or money laundering. You are also advised not to contact any bank in Africa, Europe or banking institution.

Yours in service,
Kevin K. McAleenan
Head of Field Operations (OFO),
U.S. Customs and Border Protection (CBP)

Email analysis :

NOTE : kevin@uscbp.com
NOTE : postmaster@gmx.net
NOTE : Received : from [222.124.18.76] (helo=fm1.smtp.telkom.net)

NOTE : by smtp-out091-sv3.telkom.net with esmtps
NOTE : Received : from User (74.subnet222-124-201.astinet.telkom.net.id [222.124.201.74]

NOTE : (may be forged)) by fm1.smtp.telkom.net

RE: TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA

MY NAME IS MR.FRANK .E RYAN OF TELEX/COMPUTER DEPARTMENT OF THE AFRI BANK, ACCRA- GHANA. I AM SENDING THIS PRIVATE EMAIL BASED ON THE CONFIDENTIALITY OF THE TRANSACTION. PLEASE, I WILL LIKE TO ADVISE; IF AFTER GOING THROUGH MY PROPOSAL AND YOU DO NOT ACCEPT IT, KINDLY KEEP IT TO YOURSELF.

AS OF THIS MOMENT, I AM STILL IN SERVICE WITH THE AB GHANA. AND I WILL NOT BY ANY MEANS LIKE TO LOSE MY JOB, SO IF YOU ARE NOT INTERESTED, KEEP THIS TO YOURSELF. I HAVE PUT IN OVER 23 YEARS IN THIS BANK BUT I DO NOT HAVE ANYTHING TO SHOW FOR IT. THIS IS JUST MY OPPORTUNITY TO MAKE SURE THAT I GIVE MY CHILDREN A DECENT TRAINING SINCE MY GOVT WHICH IS CORRUPT HAS REFUSED TO TAKE CARE OF ITS RESPONSIBILITY. INFANT I AM SICK AND TIRED OF EVERYTHING HERE AND I NEED TO GET OUT. I FOUND OUT THAT YOU ALMOST MET ALL THE STATUTORY REQUIREMENTS IN RESPECT OF YOUR PAYMENT. PLEASE BE EQUALLY ADVISED THAT NO SECURITY COMPANY IN AFRICA CAN HANDLE YOUR CONTRACT PAYMENT/INHERITANCE FUND WITH ANY BANK WITHOUT THE INSTRUCTIONS OF THE AFI BANK, YOUR PROBLEM IS THAT OF INTEREST GROUP IN THE FEDERAL MINISTRY OF FINANCE THAT IS SUPPOSED TO ORDER TRANSFER OF YOUR FUND WITH THE APPROVAL OF THE AB. A LOT OF PEOPLE ARE INTERESTED IN YOUR PAYMENT AND THAT EXPLAINS WHY YOU RECEIVE EMAILS AND PHONE CALLS FROM DIFFERENT PEOPLE EVERYDAY, THEIR WHOLE GAME PLAN IS TO FRUSTRATE YOU; IN-ORDER FOR YOU TO ABANDON THE PAYMENT AND THEN, THEY WILL BE COMFORTABLE AND BE FREE ENOUGH TO TRANSFER THE FUNDS INTO THEIR OVERSEAS ACCOUNT. THEIR AIM AND TARGET IS NOT THE MONEY YOU ARE GIVING THEM BUT TO FRUSTRATE YOU, HENCE, YOU HAVE LOST TRUST ON WHOM TO BELIEVE TO BE GENUINE. I CAN ASSURE YOU THAT THIS MAY LAST FOR YEARS, YET NOTHING HAPPENS,TO SUM IT UP, I WISH TO ASSURE YOU THAT WITH MY POSITION HERE IN THE TELEX DEPARTMENT, I CAN PUNCH THE COMPUTER AND CREDIT YOUR ACCOUNT STRAIGHT, I CAN ACCOMPLISH THIS UNDER FIVE WORKING DAYS, BUT WE HAVE TO REACH AN AGREEMENT. FIRST OF ALL, YOU HAVE TO LET ME KNOW HOW MUCH YOU WILL GIVE ME AT THE CONSUMMATION OF THIS DEAL. FINALLY, YOU WILL HAVE TO ACCEPT TO KEEP THIS TRANSACTION STRICTLY CONFIDENTIAL IF YOU ACCEPT MY PROPOSAL, KINDLY GET BACK TO ME IMMEDIATELY ON MY PRIVATE MAIL ADDRESS (frankryanbb@outlook.com) AND CONFIRM YOUR PARTICULARS ON REPLY.

REGARDS,

MR.FRANK RYAN
+233-541863101

Email analysis :

NOTE : frankryanbb@outlook.com
NOTE : FRANKMORGAN@AFRIBANK.COM.GH
NOTE : Received : from User (76-8-85-59.dbshosting.com [76.8.85.59])
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : by bsmtpd at dbshosting.com
NOTE : Authentication-Results : 76.8.85.230
NOTE : X-Priority : 3
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Barracuda-Connect : 76-8-85-59.dbshosting.com[76.8.85.59]

NOTE : Content-Type : text/plain; charset="Windows-1251"

Kindly respond for more detail

Am Gen John W Nicholson Jr. i am with the us army in Camp Abu Naji / FOB Garry Owen (Al Amarah)I need your assistant to move some funds out of Iraq.Kindly respond for more detail

Email analysis :

NOTE : Return-Path :
NOTE : X-Originatingip : 105.225.245.50 (printing)
NOTE : Mime-Version : 1.0
NOTE : smtp.mailfrom=Gen_John@us.army.mil
NOTE : Message-Id : < *.*@mgip.com >
NOTE : X-Mailer : OpenWebMail 2.53
NOTE : X-Col-Mta : smtp.colbd.com
NOTE : X-Col-Mta : dhs01.colbd.net
NOTE : Content-Type : text/plain; charset=utf-8
NOTE : Received-Spf : client-ip=202.65.168.39;
NOTE : Received : from mta.colbd.net (mta.colbd.net. [202.65.168.39])
NOTE : Received : from dhs01.colbd.net (mailx.regentfashion.com [202.65.168.44])
NOTE : Received : from mail.superknittingbd.com (mail.superknittingbd.com [202.65.169.46])
NOTE : Received : from superknittingbd.com (localhost [127.0.0.1] (may be forged))
NOTE : by mail.superknittingbd.com (8.14.4/8.14.4)
NOTE : Kindly respond for more detail

Please Act Accordingly

Dear Beneficiary,

I am Jacob J. Lew, Secretary of the Treasury under the U.S. Department of the Treasury. You can get more details about me here;

https://en.wikipedia.org/wiki/Jack_Lew

At the recently concluded meeting with the World Bank and the United Nations, an agreement was reached between both parties for us to settle all outstanding payments accrued to individuals/corporations with respect to local and overseas contract payment, debt re-scheduling and outstanding compensation payment. Fortunately, you have been selected alongside a few other beneficiaries to receive your own payment of $1.5million (One Million five hundred thousand United States Dollars only). We have been notified that you are yet to receive your fund valued at $1.5million This money will now be transferred to your nominated bank account. You are advised to kindly reply this email with the below details enclosed to help us process your payment;

(1) Full Names:
(2) Residential Address:
(3) Country of Residence:
(4) Age:
(5) Phone/Cell Number:
(6) Occupation:

Yours faithfully,

Jacob J. Lew
Secretary of the Treasury
(U.S. Department of the Treasury)

Note: The information contained in this e-mail is private & confidential and may also be legally privileged. If you are not the intended recipient, please notify us, preferably by e-mail, and do not read, copy or disclose the contents of this message to anyone.

Email analysis :

NOTE : info@usa.gov
NOTE : mrjacklew74@gmail.com
NOTE : X-Authenticated-Sender : vps.massautocomponents.com: info@massautocomponents.com
NOTE : X-Get-Message-Sender-Via : vps.massautocomponents.com:
NOTE : authenticated_id: info@massautocomponents.com
NOTE : Received : from [167.88.9.70] (port=54680 helo=User) by vps.massautocomponents.com

Notification (Phishing Crédit Agricole)

Cher(e) Client(e) :
Nous tenons de vous informer que vous avez un nouveau message.
Pour consulter votre boite de messagerie cliquez sur le lien ci-dessous :

Cliquez ici

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.

Pour être sûr de recevoir nos e‑mails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Email screenshot :

Phishing analysis :

CLICK : Cliquez ici
OPEN : http://hemval.se/media
REDIRECT : http://103.200.5.135/c/0x0/
SCREENSHOT :

FILL : Postal code
CLICK : Arrow
REDIRECT : http://103.200.5.135/c/0x0/auth.php
SCREENSHOT :

CLICK : Confirmer
REDIRECT : https://www.credit-agricole.fr/

Email analysis :

NOTE : "CREDIT AGRlCOLE"@kiabi.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < kjhsSjd@kiabi.com >
NOTE : Received : from kiabi.com ([84.39.40.155])
NOTE : Received : by kiabi.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:Yasodm.php
NOTE : Message-Id : < *.*@kiabi.com >
NOTE : Notification
NOTE : Kiabi.com servers were used to relay this scam.

Update Your Information Account !! (eBay Phishing attempt)

eBay

Account ID: 0073621101

We have reason to believe that your eBay account has been used fraudulently without your permission. In addition, any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

To secure your eBay account, you need to:

1 - Login to your account.
2 - Verify the contact information.
3 - Update your payment informations and other stored information on your eBay account is correct.

For detailed instructions, please visit: www.ebɑy.com/help/account/securing-account-ID-0073621101.html

We appreciate your understanding and thank you for being part of our community.

Regards, eBay

Please don't reply to this message. It was sent from an address that doesn't accept incoming email.

Copyright © 2016.

Phishing analysis :

CLICK : www.ebɑy.com/help/account/securing-account-ID-0073621101.html
OPEN : https://www.secure-account-update-online.aloobein.ga/
REDIRECT : Phishing was removed...

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : X-Get-Message-Sender-Via : cpanel.hostnet.ge: authenticated_id: hostnet/only user confirmed/virtual account not confirmed
NOTE : Return-Path :
NOTE : X-Authenticated-Sender : cpanel.hostnet.ge: hostnet
NOTE : Received : from cpanel.hostnet.ge (cpanel.hostnet.ge. [212.72.155.189])
NOTE : Received : from hostnet by cpanel.hostnet.ge with local (Exim 4.87) (envelope-from < hostnet@cpanel.hostnet.ge >)
NOTE : Message-Id : < *@cpanel.hostnet.ge >
NOTE : smtp.mailfrom=hostnet@cpanel.hostnet.ge
NOTE : Update Your Information Account !!

Phishing attempt on bitcointalk email addresses

Greetings,

We know that some of you have accounts on bitcointalk.org and we wanted to let you know that a phishing attempt was made on bitcointalk email addresses earlier today.
If you received an email with the subject Mtgox.Claim assessment process, delete it and do not click on the link it contains! This email did not come from Kraken, but was spoofed to look as though it came from our support email (support@kraken.com).

We do not know how the bitcointalk email addresses were obtained, however the bitcointalk database has been compromised in the past. You can be assured that this incident was not the result of any breach in Kraken’s database and your personal information with Kraken is safe.

Even if you did receive the email, you are safe so long as you do not click on the link (just delete the email and you will be fine). If you did click on the link and are concerned about it, please contact us at: support@kraken.com.

Stay safe,

The Kraken Team

no-reply (Hameçonnage Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello bank : Banque et assurance

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://comercialvans.com.mx/30
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/
SCREENSHOT :

CLICK : Accéder aux comptes

Screenshot :

CLICK : Vérifier
REDIRECT : http://puncofed.in/wp-includes/ok/HelloBank/checked.html

REDIRECT : https://www.hellobank.fr/fr/espace-client

Email analysis :

NOTE : __Hellobank__@swd.nl
NOTE : binc@swd.nl
NOTE : X-Php-Originating-Script : 0:send.php
NOTE : Received : from swd.nl ([185.48.33.90])

Lisez votre messagew (Phishing Crédit Agricole) (Attempt)

Cher(e)dClient(e)dd

Lors de votre dérnier achats,vous avez été averti par un message vous informant de l'obligation d'adhérer à la
nouvelledréglementation conçernant la flabilité pour les achats pardC.Bdsur internet et de la mise en place d'un
arrêt pour vos futursdachats.
Or,nousfn'avons pas, cefjour,d'adhésionfdefvotrefpart et nousfsommes aufregret de vousdinformer que vous
pouvez plus utiliser votredcarte surfinternet

Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici

Cordialementggg

Copyright © 2016 Crédit Agricole

Copyright © 2016 A2 Hosting, All rights reserved.
You are receiving this email because you are an A2 Hosting Customer. If you don't wish to be on the Newsletter you can easily unsubscribe here or by controlling your contact options at My A2 Hosting.

Our mailing address is:
A2 Hosting
PO Box 2998
Ann Arbor, MI 48106

Add us to your address book
Quick Links

We're Hiring
My A2 Hosting
Open a Support Ticket
Affiliate Program - Earn $85!
Refer a Friend - Earn $50!
Review A2 Hosting!
Unsubscribe from this List Update Subscription and Notification Settings

Phishing analysis :

CLICK : Adhésion;fFaitesfvotrefdemandefd'adhésionfenflignefenfcliquantfici
OPEN : http://www.dong3.com.au/acces/
RESULT : Phishing is unresponsive

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.132.93])
NOTE : Received : by nice.fr (Postfix, from userid 33)
NOTE : NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Message-Id : < *.*@nice.fr >
NOTE : Lisez votre messagew

Lisez votre message! (Phishing Hellobank)

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Pour le consulter, Veuiller Cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Phishing analysis :

CLICK : Accèdez à votre boite
OPEN : http://supportsinformation.com/hellobnk/
THE URL CHANGED TO :

data:text/html;base64,PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPiBzdHI9J0AzQ0A2OEA3NEA2REA2Q0AzRUAwQUAzQ0A2OEA2NUA2MUA2NEAzRUAwQUAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2OUA2NUA2RUA3NkA2NUA2RUA3NUA2NUAyMEA3M0A3NUA3MkAyMEA0M0A3OUA2MkA2NUA3MkA3MEA2Q0A3NUA3M0AzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAzQ0A3M0A3MEA2MUA2RUAzRUAzQ0A2Q0A2OUA2RUA2QkAyMEA3MkA2NUA2Q0AzREAyMkA3M0A2OEA2RkA3MkA3NEA2M0A3NUA3NEAyMEA2OUA2M0A2RkA2RUAyMkAyMEA2OEA3MkA2NUA2NkAzREAyMkA2OEA3NEA3NEA3MEA3M0AzQUAyRkAyRkA3N0A3N0A3N0AyRUA2OEA2NUA2Q0A2Q0A2RkA2MkA2MUA2RUA2QkAyRUA2NkA3MkAyRkA3MkA3M0A2M0AyRkA2M0A2RkA2RUA3NEA3MkA2OUA2MkAyRkA2OUA2REA2MUA2N0A2NUAyRkA2MUA3MEA3MEA2Q0A2OUA2M0A2MUA3NEA2OUA2RkA2RUAyRkA3N0A2MUA2Q0A2Q0A2NUA3NEAyREA0OEA0MkA1RkA2OUA2M0A2RkA2RUA2NUAyRUA3MEA2RUA2N0AyMkAyMEA3NEA3OUA3MEA2NUAzREAyMkA2OUA2REA2MUA2N0A2NUAyRkA3NkA2RUA2NEAyRUA2REA2OUA2M0A3MkA2RkA3M0A2RkA2NkA3NEAyRUA2OUA2M0A2RkA2RUAyMkAyMEAyRkAzRUAzQ0AyRkA3M0A3MEA2MUA2RUAzRUAwQUAwOUAzQ0A2REA2NUA3NEA2MUAyMEA2M0A2OEA2MUA3MkA3M0A2NUA3NEAzREAyMkA3NUA3NEA2NkAyREAzOEAyMkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2REA2NUA3NEA2MUAyMEA2OEA3NEA3NEA3MEAyREA2NUA3MUA3NUA2OUA3NkAzREAyMkA1OEAyREA1NUA0MUAyREA0M0A2RkA2REA3MEA2MUA3NEA2OUA2MkA2Q0A2NUAyMkAyMEA2M0A2RkA2RUA3NEA2NUA2RUA3NEAzREAyMkA0OUA0NUAzREA0NUA2NEA2N0A2NUAyMkAyMEAyRkAzRUAwQUAyMEAyMEAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A3NEA2OUA3NEA2Q0A2NUAzRUA0MkA2MUA2RUA3MUA3NUA2NUAyMEA2NEA2OUA2N0A2OUA3NEA2MUA2Q0A2NUAyMEA0OEA2NUA2Q0A2Q0A2RkAyMEA2MkA2MUA2RUA2QkAyMUAyMOKAk0AyMEA2M0A2RkA2RUA2RUA2NUA3OEA2OUA2RkA2RUAyMEBFMEAyMEA2Q+KAmUA2NUA3M0A3MEA2MUA2M0A2NUAyMEA2M0A2Q0A2OUA2NUA2RUA3NEAzQ0AyRkA3NEA2OUA3NEA2Q0A2NUAzRUAwOUAwOUAwQUAwOUAwOUAwQUAwOUAwOUAwQUAzQ0A3M0A3NEA3OUA2Q0A2NUAzRUAwQUAyQUAyMEAyMEAyMEAyMEAyMEAyMEA3QkA2REA2MUA3MkA2N0A2OUA2RUAzQUAzMEAzQkA3MEA2MUA2NEA2NEA2OUA2RUA2N0AzQUAzMEAzQkA3REAwQUA2OEA3NEA2REA2Q0AyQ0AwQUA2MkA2RkA2NEA3OUAyMEAyMEAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA2RkA3NkA2NUA3MkA2NkA2Q0A2RkA3N0AzQUA2OEA2OUA2NEA2NEA2NUA2RUAzQkA3REAwQUA3NEA2MUA2MkA2Q0A2NUAyMEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3NEA2MUA2MkA2Q0A2NUAyREA2Q0A2MUA3OUA2RkA3NUA3NEAzQUA3M0A3NEA2MUA3NEA2OUA2M0AzQkAwQUA2MkA2RkA3MkA2NEA2NUA3MkAyREA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQUA2M0A2RkA2Q0A2Q0A2MUA3MEA3M0A2NUAzQkA3REAwQUA2OUA2NkA3MkA2MUA2REA2NUAyMEAyMEA3QkA2NkA2Q0A2RkA2MUA3NEAzQUA2Q0A2NUA2NkA3NEAzQkAyMEA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkAyMEA3N0A2OUA2NEA3NEA2OEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAyRUA2OEA2NUA2MUA2NEA2NUA3MkAyMEA3QkA2MkA2RkA3MkA2NEA2NUA3MkAyREA2MkA2RkA3NEA3NEA2RkA2REAzQUAzMUA3MEA3OEAyMEA3M0A2RkA2Q0A2OUA2NEAyMEAyM0AzMEAzMEAzMEA3REAwQUAyRUA2M0A2RkA2RUA3NEA2NUA2RUA3NEAyMEA3QkA2OEA2NUA2OUA2N0A2OEA3NEAzQUAzMUAzMEAzMEAyNUAzQkA3REAwQUAzQ0AyRkA3M0A3NEA3OUA2Q0A2NUAzRUAwQUAzQ0AyRkA2OEA2NUA2MUA2NEAzRUAwQUAzQ0A2MkA2RkA2NEA3OUAzRUAwQUAyMEAyMEAyMEAwQUAyMEAyMEAyMEAyMEAyMEAyMEAzQ0A2OUA2NkA3MkA2MUA2REA2NUAyMEA3M0A3MkA2M0AzREAyMkA2OEA3NEA3NEA3MEAzQUAyRkAyRkA3N0A3N0A3N0AyRUA2NEA2RkA2RUA2N0AzM0AyRUA2M0A2RkA2REAyRUA2MUA3NUAyRkA2OEA2NUA2Q0A2Q0A2RkAyRkAyMkAyMEA2NkA3MkA2MUA2REA2NUA2MkA2RkA3MkA2NEA2NUA3MkAzREAyMkAzMEAyMkAzRUAzQ0AyRkA2OUA2NkA3MkA2MUA2REA2NUAzRUAwQUAzQ0AyRkA2MkA2RkA2NEA3OUAzRUAwQUAzQ0AyRkA2OEA3NEA2REA2Q0AzRSc7IGRvY3VtZW50LndyaXRlKHVuZXNjYXBlKHN0ci5yZXBsYWNlKC9AL2csJyUnKSkpOyA8L3NjcmlwdD4=

SCREENSHOT :

CLICK : Accéder aux comptes

Email analysis :

NOTE : Content-Type : text/html
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@nice.fr >
NOTE : Received : from nice.fr ([139.59.143.49])

NOTE : X-Php-Originating-Script : 0:map.php
NOTE : Lisez votre message!

2016 International Conference Program

Dear Sir/Madam,

On behalf of the International Economic Development on Human Security and Terrorism Organization, I am pleased to invite you to our conference that will be held from August 15th to 19th, 2016 @ the conference place in Dallas Texas USA and August 22th-26th 2016 @ in Republic of Senegal. The conference meeting will contain various talks and mini workshops related to the issues of Challenges to Economic Development & Human Security in our society.

The topic of the conference is "The Effect of Terrorism on Global Economy and Human Security " the sponsors of this event shall cover your round-trip air tickets from your country to the USA and from USA to Republic of Senegal back to your country and we shall also provide visa assistance with the U.S Embassy in your country of residence and your ground transportation from the airport to the conference venue. The hotel accommodation booking cost will be your own responsibility. Please contact the conference secretariat for more information and registration for participation: [iedhsto.officedesk@gmail.com].

We look forward to your confirmed presence at the conference.

Respectfully Yours,
Dr. Happy Wisdom,
Program Assistant.

Email analysis :

NOTE : iedhsto.officedesk@gmail.com
NOTE : nitu@bajajcapital.com
NOTE : Return-Path : < nitu@bajajcapital.com >
NOTE : X-Originating-Ip : [41.83.40.40]

NOTE : Mime-Version : 1.0
NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (zclient/8.6.0_GA_1153)
NOTE : Thread-Topic : 2016 International Conference Program
NOTE : client-ip=220.227.158.213;
NOTE : Received : from zimbra.bajajcapital.com (mail.bajajcapital.com. [220.227.158.213])

NOTE : 2016 International Conference Program

[Mail (1)] Vous avez reçu un message : (Phishing Banque Populaire)

Bonjour,

Le département technique procéde à une mise à jour importante de logiciel programmée de facon à améliorer la qualité de nos services .

Nos vous demandons avec bienveillance de cliquer sur le lien ci-dessous et de confirmer votre PassCyberPlus :

Confirmer votre PassCyberPlus

Nous vous remercions pour la confiance que vous acordez à nous et restons à votre disposition .

Cordialement,

Ceci est un troisiéme et dernier rappel nous vous invitant a accéder a votre formulaire dés que possible,

dans le cas contraire nous ne somme pas responsables des debit inhabituels sur votre compte

BANQUEPOPULAIRE

Phishing analysis :

CLICK : Confirmer votre PassCyberPlus
OPEN : http://eurotronic-arts.si/autocomplete
REDIRECT : http://livinggreenlandscaping.com/cli/pop1/index.php?id=25
NOTE : Phishing was removed...

Email analysis :

NOTE : _C_y_b_e_r_P_l_u_s@ovh.fr
NOTE : X-Mailer : PHP/5.3.10-1ubuntu3.23
NOTE : X-Php-Originating-Script : 0:zamailer.php
NOTE : [Mail (1)] Vous avez reçu un message :