Email analysis :
NOTE : kikioffice6@gmail.com
NOTE : x@x.com
NOTE : luisgonzalezjr@cantv.net
NOTE : Received : from 41.138.89.214 ([41.138.89.214])
NOTE : by webmail-02.datacenter.cha.cantv.net (Cantv Webmail) with HTTP;
Friday, November 18, 2016
ATM
Your ATM CARD of USD2.5.is with us with registration code of (Shipment Code 11684990)contact us with your delivery information such as, Your Name, Your Address and Your Telephone Number:Contact:(kikioffice6@gmail.com)
Email analysis :
NOTE : kikioffice6@gmail.com
NOTE : x@x.com
NOTE : luisgonzalezjr@cantv.net
NOTE : Received : from 41.138.89.214 ([41.138.89.214])
NOTE : by webmail-02.datacenter.cha.cantv.net (Cantv Webmail) with HTTP;
Email analysis :
NOTE : kikioffice6@gmail.com
NOTE : x@x.com
NOTE : luisgonzalezjr@cantv.net
NOTE : Received : from 41.138.89.214 ([41.138.89.214])
NOTE : by webmail-02.datacenter.cha.cantv.net (Cantv Webmail) with HTTP;
I will not fail to compersate you
Hello My Dear Beloved I'm happy to inform you about my getting those funds transferred under the co operation of a new business partner from Paraguay. I'm in Paraguay for treatment and investment but meanwhile, I didn't forget your past efforts and attempts to assist me in transferring those funds despite that it failed us some how, but without the your last name I would have not gotten the fund so I have left your compensation fund in a VISA ATM Card with my Secretary in Benin Republic. contact my secretary in Benin his name is Mr Edwin Onuga Hounn, Email: (edwinonunga22@yahoo.com) Ask him to send you the VISA ATM Card containing the total of 800.000.00 Euro which I kept for your compensation for all your past efforts and attempts to assist me in this matter. I appreciated your efforts at that time very much. so get in touch with my secretary Mr Fre Houn and instruct him where to send the VISA ATM Card containing the total of 800.000.00 Euro to you without any delay, Remember that I had forwarded instruction to Him on your behalf. My Best Regards, Writing from Paraguay
Email analysis :
NOTE : Return-Path : < craig.car@outlook.com >
NOTE : 181.196.51.229 ()
NOTE : Mime-Version : 1.0
NOTE : amavisd-new at tena.gob.ec
NOTE : Received : from mail.tena.gob.ec ([127.0.0.1])
NOTE : by localhost (mail.tena.gob.ec [127.0.0.1])
NOTE : Received : from [141.105.71.26] (unknown [141.105.71.26])
NOTE : by mail.tena.gob.ec (Postfix)
NOTE : I will not fail to compersate you
Email analysis :
NOTE : Return-Path : < craig.car@outlook.com >
NOTE : 181.196.51.229 ()
NOTE : Mime-Version : 1.0
NOTE : amavisd-new at tena.gob.ec
NOTE : Received : from mail.tena.gob.ec ([127.0.0.1])
NOTE : by localhost (mail.tena.gob.ec [127.0.0.1])
NOTE : Received : from [141.105.71.26] (unknown [141.105.71.26])
NOTE : by mail.tena.gob.ec (Postfix)
NOTE : I will not fail to compersate you
Shipment Code awb 33xzs (Email leak)
I have registered your ATM CARD of $8.5 with DHL Courier Company with registration code of ( Shipment Code awb 33xzs,ATM Card Registered Code No xgt442.Security Code sctc/2001dhx/567/;Transaction Code 233/cstc/101/33028/;Certificate Deposit code; sctc/bun/xxiv/-78/01). please Contact with your delivery information such as, Your Name, Your Address and Your Telephone Number:Courier Office: DHL
Name of Dir:Dr.Clarck Robert,
E-mail:(mr.johndavidson@outlook.com)
Tel:+229-98643209
I have paid for the Insurance & Delivery fee.The only fee you have to pay is their Security fee only.Please indicate the registration Number and ask Him how much is their Security fee so that you can pay it.
Best Regards,
Mrs.Anne Dinma
Email leak :
vcorningstone78@gmail.com, m.litoris224@gmail.com, marjac.1993@gmail.com, marjac.1995@gmail.com, oldmichaelhunt@gmail.com, hughjarce333@gmail.com, acaster247@gmail.com, marja.c1993@gmail.com, marjac1995@gmail.com, miakriskoff@gmail.com, pschlacter400@gmail.com, jennatulls27@gmail.com, gbreezy820@gmail.com, dr.richard.poke@gmail.com, sperks548@gmail.com, rich.dude.swag@gmail.com, rob.karhu@gmail.com, cartoonherodude@gmail.com, reverendtomjones@gmail.com, whiter958@gmail.com, jw508328@gmail.com, meandcecilia@gmail.com, marjac1997@gmail.com, jessicapierce318@gmail.com, webinis123@gmail.com, cj96050@gmail.com, taylorhelen66@gmail.com, harrold.fiducious@gmail.com, bofasaur@gmail.com, lucy04anderson@gmail.com, rhejean16@gmail.com, cruise19allyson@gmail.com, cherrybree289@gmail.com, chelleanderson12@gmail.com, jasminedelancey@gmail.com, hector.rowles@gmail.com, hugoferreiracamargo@gmail.com, mizra9062@gmail.com, hugo35mm@gmail.com, gary.roaster@gmail.com, jennyblack7272@gmail.com, saveourunionflag@gmail.com, buraktorun7@gmail.com, np.eccomiqua@gmail.com, madgekz3bonner@gmail.com, robinsavage447@gmail.com, kenneth.turse@gmail.com, bigmann768@gmail.com, stvesmthson33@gmail.com, ahdrianmallari14@gmail.com, mr04248@gmail.com, sessavivi@gmail.com, zuckuss1212@gmail.com, irvinggoldstein5@gmail.com, yanyanwong2005@gmail.com, troyllovell@gmail.com, bobjjmcgrath@gmail.com, theleroymister@gmail.com, tfuhlery@gmail.com, langitz@gmail.com, louellaalmeida@gmail.com, pastormax7777@gmail.com, hannahsilverson62@gmail.com, tonyraabit@gmail.com, springtimejeremy@gmail.com, clwabbit@gmail.com, wallbounce@gmail.com, hballsich@gmail.com, catharinestrauss@gmail.com, arturosear@gmail.com, nakulannanthakumar97@gmail.com, john.heissenberg@gmail.com, garylongmont135@gmail.com, jtrackster87@gmail.com, robin211985@gmail.com, rad.lad1156@gmail.com, nicolelsmith82@gmail.com, johnliu8513@gmail.com, diderdaniels@gmail.com, eylamao@gmail.com, templargoldencircle@gmail.com, lhbbooks@gmail.com, alwaysbeagiver@gmail.com, julietlovesbobmarley@gmail.com, dhoffman813@gmail.com, e.olsen.nimbus@gmail.com, spamus.det@gmail.com, bigtamedwards@gmail.com, edgar.broughton@gmail.com, fatheramp@gmail.com, pastor.ramen@gmail.com, shonimuronga@gmail.com, kableerm@gmail.com, quickcat8899@gmail.com, candimun@gmail.com, paul.treece.associates@gmail.com, marjac1999@gmail.com, cbradiochatapp@gmail.com, mr.johndavidson@outlook.com
Email analysis :
NOTE : X-Matched-Lists : []
NOTE : Return-Path : < andreiniesta@cantv.net >
NOTE : X-Originating-Ip : [197.234.219.95]
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at cantv.net
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : Cantv Webmail
NOTE : Content-Type : text/plain; charset=UTF-8
NOTE : Received : from webmail-02.datacenter.cha.cantv.net (webmail-02.datacenter.cha.cantv.net [200.11.153.85])
NOTE : (authenticated bits=0) by 10ibl21ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0)
NOTE : Received : from 197.234.219.95 ([197.234.219.95]) by webmail-02.datacenter.cha.cantv.net
NOTE : (Cantv Webmail) with HTTP; Mon, 7 Nov 2016 05:47:37 -0400 (VET)
NOTE : Shipment Code awb 33xzs
RE: shipping done
We shipped your crap.
Here s the tracking invoice :
https://www.ups.com/?tracking_invoice=219371293129312& action=download
Let us know when it arrives.
Thanks
Phishing analysis :
CLICK : https://www.ups.com/?tracking_invoice=219371293129312& action=download
OPEN : http://invoice-portal.com/invoices/get.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Download a file called : inv11172016.doc
File analysis :
ESET-NOD32 : VBA/Kryptik.T
F-Secure : Trojan:W97M/Nastjencro.A
Fortinet : WM/Agent.5110!tr
Kaspersky : HEUR:Trojan.Script.Agent.gen
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Panda : O97M/Downloader 20161117
Qihoo-360 : virus.office.gen.75
Symantec : W97M.Downloader
TrendMicro : W2KM_HANCITOR.YYSXC
TrendMicro-HouseCall : W2KM_HANCITOR.YYSXC
inv11172016.doc is a virus.
Email analysis :
NOTE : Return-Path : < rm@restaurantcocotte.com >
NOTE : 162.252.121.130 ()
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : iPad Mail (11D169)
NOTE : Message-Id : < *@restaurantcocotte.com >
NOTE : Content-Type : text/html; charset="utf-8"
NOTE : Received : from unknown (HELO restaurantcocotte.com) (162.252.121.130)
NOTE : RE: shipping done
Here s the tracking invoice :
https://www.ups.com/?tracking_invoice=219371293129312& action=download
Let us know when it arrives.
Thanks
Phishing analysis :
CLICK : https://www.ups.com/?tracking_invoice=219371293129312& action=download
OPEN : http://invoice-portal.com/invoices/get.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Download a file called : inv11172016.doc
File analysis :
ESET-NOD32 : VBA/Kryptik.T
F-Secure : Trojan:W97M/Nastjencro.A
Fortinet : WM/Agent.5110!tr
Kaspersky : HEUR:Trojan.Script.Agent.gen
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Panda : O97M/Downloader 20161117
Qihoo-360 : virus.office.gen.75
Symantec : W97M.Downloader
TrendMicro : W2KM_HANCITOR.YYSXC
TrendMicro-HouseCall : W2KM_HANCITOR.YYSXC
inv11172016.doc is a virus.
Email analysis :
NOTE : Return-Path : < rm@restaurantcocotte.com >
NOTE : 162.252.121.130 ()
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : iPad Mail (11D169)
NOTE : Message-Id : < *@restaurantcocotte.com >
NOTE : Content-Type : text/html; charset="utf-8"
NOTE : Received : from unknown (HELO restaurantcocotte.com) (162.252.121.130)
NOTE : RE: shipping done
Thursday, November 17, 2016
Rép : Bonjour cher correspondant (e)
Bonjour Je réponds au nom de Carolle Marran je suis de nationalité française, Je suis Veuve. Ex Ambassadrice de la France près du Bénin, d'où j'ai servis Pendant 3 ans de 1994 a 1997. J'ai décidé de vous légués ma fortune. Une somme de $ 800.000 usd dans une banque du Bénin avec toute la modestie et la sincérité d'une donation. Toute ma famille a qui je pouvais léguer cette fortune est mort suite à un Crash aérienne Boeing 772 qui s'est explosé en 1989 dans le désert de Ténéré au Niger. Cette vol avait quitté Brazzaville via N’Djamena pour Paris Celui-ci avait été explosé par un attentat libyen (la jamayiriya). mon mari avec mes deux enfants ont perdu la vie lors de cette accident. Actuellement je souffre du cancer de siens et du diabète. J'aimerai faire don de cette somme a une personne responsable humble qui pourra m'aider a créé des centre d'aide aux enfants pauvres, démunis et orphelins et même pour les personnes en difficultés. Contactez-moi à mon adresse émail: carollemarran@outlook.com pour que je sois rassurée de votre bonne personnalité afin de vous mettre en contact avec ma Banque et mon notaire.
Mme Carolle Marran
Les phrases chocs :
Email analysis :
NOTE : carollemarran@outlook.com
NOTE : Mime-Version : 1.0
NOTE : X-Sensitivity : 3
NOTE : Return-Path : < amministrazione@lifecostruzioni.it >
NOTE : X-Xam3-Api-Version : V3(R2)
NOTE : Received : from lifecostruzioni.it ([62.149.158.90])
NOTE : client-ip=62.149.156.78;
NOTE : X-Senderip : 41.86.238.84
NOTE : amministrazione@lifecostruzioni.it
NOTE : Rép : Bonjour cher correspondant (e)
Mme Carolle Marran
Les phrases chocs :
Actuellement je souffre du cancer de siens et du diabèteJ'ai décidé de vous légués ma fortune
Email analysis :
NOTE : carollemarran@outlook.com
NOTE : Mime-Version : 1.0
NOTE : X-Sensitivity : 3
NOTE : Return-Path : < amministrazione@lifecostruzioni.it >
NOTE : X-Xam3-Api-Version : V3(R2)
NOTE : Received : from lifecostruzioni.it ([62.149.158.90])
NOTE : client-ip=62.149.156.78;
NOTE : X-Senderip : 41.86.238.84
NOTE : amministrazione@lifecostruzioni.it
NOTE : Rép : Bonjour cher correspondant (e)
ACCESS YOUR FUND URGENT NOW !!! (BOA Phishing)
Good Day..
Please my Dear we are sorry for our delaying so far!!, you can now access your compensation of $10.5 million U.S Dollar which has been credited on online account, it was registered with your Email, so log in to access the fund online now, with your Email and its password to clarify that this Email that is used to set up your online bank account is still active and to help us verify the real beneficiary,for easy access to your fund online , click here Online Fund Status to start the process, remember you can only log in with your email address and its password because it was registered with your email, for recognition of the real beneficiary of the fund, Note; even if it the site doesn't log you in at the first attempt try continuously okay, it will log you in to access your fund online and get back to me once you transfer total amount into your Bank account thanks..
Thanks
God bless!
Online Fund Status
Await your reply
Mrs Sandra Sandra
Email analysis :
NOTE : customer.rbos@gmail.com
NOTE : < bergenoid@gmail.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative;
NOTE : ACCESS YOUR FUND URGENT NOW !!!
Phishing analysis :
CLICK : Online Fund Status
OPEN : http://bit.ly/2fp5j9R
REDIRECT : http://deregulatedfxsolous.top/ZW50OiAiXGUwNTEiOw0KfQ0KLmljb24tZ2xvYmFsOmJlZm9yZSB7DQoJY29udGVudDogI/
SCREENSHOT :
CLICK : Login Now!
RESULT : ERROR MESSAGE.
Please my Dear we are sorry for our delaying so far!!, you can now access your compensation of $10.5 million U.S Dollar which has been credited on online account, it was registered with your Email, so log in to access the fund online now, with your Email and its password to clarify that this Email that is used to set up your online bank account is still active and to help us verify the real beneficiary,for easy access to your fund online , click here Online Fund Status to start the process, remember you can only log in with your email address and its password because it was registered with your email, for recognition of the real beneficiary of the fund, Note; even if it the site doesn't log you in at the first attempt try continuously okay, it will log you in to access your fund online and get back to me once you transfer total amount into your Bank account thanks..
Thanks
God bless!
Online Fund Status
Await your reply
Mrs Sandra Sandra
Email analysis :
NOTE : customer.rbos@gmail.com
NOTE : < bergenoid@gmail.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/alternative;
NOTE : ACCESS YOUR FUND URGENT NOW !!!
Phishing analysis :
CLICK : Online Fund Status
OPEN : http://bit.ly/2fp5j9R
REDIRECT : http://deregulatedfxsolous.top/ZW50OiAiXGUwNTEiOw0KfQ0KLmljb24tZ2xvYmFsOmJlZm9yZSB7DQoJY29udGVudDogI/
SCREENSHOT :
RESULT : ERROR MESSAGE.
Subscribe to:
Posts (Atom)