RE: Financial Reimbursement

Trusted Lenders
Accessible Loans
No Surprises
No Hidden Cost

100% LENDER APPROVAL. Personal loan,Business loan,Home purchase loans and 2nd mortgages awaiting Approval with nothing to pay until February, 2017. Contact Us

Please disregard this email if you do not need a loan. For inquiries and application, just drop us a message at; larrysimthloan@gmail.com

Thanks and God bless you.

Email analysis :

NOTE : larrysimthloan@gmail.com
NOTE : postmaster@zmail.ipm.ir
NOTE : Received : from [10.169.248.175] (unknown [41.113.114.58])

NOTE : by zmail.ipm.ir (Postfix)

NOTE : Received : from zmail.ipm.ir (test.ipm.ac.ir. [194.225.73.156])

NOTE : A scam was relayed using the Iranian Instute for Research in Fundamental Sciences.

INFORMATION ABOUT IPM :

The Institute for research in fundamental sciences (previously the Institute for Studies in Theoretical Physics and Mathematics, often shortened to IPM (Persian: پژوهشگاه دانشهای بنیادی‎‎)) is an advanced research institute founded in 1989 in Tehran, Iran. The institute was the first Iranian organization to connect to the Internet.

It is also the domain name registry of .ir domain names. The institute has four main campuses, all north of Tehran in the Farmanieh district, immediately south of Niavaran. It offers advanced PhD degrees in areas such as Mathematical Logic and Plasma Physics among others.

IPM is directed by Mohammad Javad Larijani, its original founder.

Mr. X

Good Day! I am the Head of Corporate Finance at Shawbrook Asset Finance, Ltd here in UK, I handle all investment bankers, private investment groups and private investor's direct capital funds. I do have a private authorization of one of my clients (Mr.) Talal Ben Yushah who is from Libya with delicate political position to seek for individuals with sound financial management experiences to handle the investment and management of over US$500 Million devoid of his name. If you have fund management abilities or credible projects in need of funding, please let us a have brief description of your nature of business/professional experiences alongside your registered business name and physical address in a returned email so we can discuss further. NOTE: This mutual partnership is 100% legal, risk Call me +44 7937025283 or reply to: park_john@financier.com/parkohn10@gmail.com I will explain further when you respond. I count on your understanding and I would appreciate your urgent response. Note if you are not wily to handle the transaction don't border to reply me this is very serious thank you. Sincerely, Mr. Park John

Email analysis :

NOTE : gw.skauto.co.kr
NOTE : olaridnaf01@gmail.com
NOTE : Received : from [41.71.176.74] ([41.71.176.74])

NOTE : by spam.skauto.co.kr ([117.52.98.41])

Vital Update is Required (Lloyds Phishing)

Security Alert

Your Lloyds Online access need to be upgraded to match the details we hold on record for you. Failure to upgrade means you will encounter problem logging on to your online profile next time. Thanks for your co-operation.

Please update and verify your information.

Get Started ?

Please note: Failure to restore full access can lead to permanent suspension of access to our online banking service.

Best regards,
Lloyds Online Banking Team
Legal Privacy Security www.lloydsbankinggroup.com Rates and Charges

Phishing analysis :

CLICK : Get Started ?
OPEN : www.schlosserei-moser.it/wp-content/plugins/Lloyds(1)/
RESULT : Unresponsive

Email analysis :

NOTE : id-@hltv.org
NOTE : Mime-Version : 1.0
NOTE : smtp.mailfrom=id-@hltv.org
NOTE : Received : from nataraya.thirdeye.it (nataraya.thirdeye.it. [185.19.185.34])
NOTE : Received : from rudra.thirdeye.it (rudra.thirdeye.it [185.19.184.135])
NOTE : by nataraya.thirdeye.it
NOTE : Received : by rudra.thirdeye.it (Postfix)
NOTE : Received : from rudra.thirdeye.it ([127.0.0.1])
NOTE : by localhost (rudra.thirdeye.it [127.0.0.1])
NOTE : Received : from Admin-PC (unknown [41.207.200.91])

NOTE : by rudra.thirdeye.it (Postfix)
NOTE : X-Thirdeye-Mailscanner-From : id-@hltv.org
NOTE : Vital Update is Required

*.* (Facebook Likes Scam)

Ciao,

Io vi contatterà dopo aver visitato la pagina *.* .

Siamo in grado di aumentare il numero di calibro sulla tua pagina, per migliorare la vostra immagine e la fiducia dei vostri ospiti o clienti. La maggior parte degli utenti di Internet si sentono più sicuri e avere un quadro più preciso di un sito che visualizza un gran numero di calibro sulla sua pagina. È possibile ordinare i fan pack Facebook a un prezzo speciale sul webmaster nostro sito. Non esitate a contattarci per richiedere ulteriori informazioni

Cordiali saluti,
Benedetto Barattino

Hello,

I will contact you after visiting the *.* page.

We can increase the number of likes on your page, to improve your image and confidence of your visitors or customers. The majority of Internet users feel more confident and have a more accurate picture of a site that displays a large number of likes on his page. You can sort your Facebook fans pack at a special price on our website webmaster. Do not hesitate to contact us for more information

Best regards,
Benedict Barattino

Email analysis :

NOTE : mail@fbmarketingf.us
NOTE : 178.170.83.252

FSA-ReN0GFI

FROM THE DESK OF LORD ADAIR TURNER,
Chairman, Financial Services Authority (FSA),
Direct Telephone:(44)7031952253

ATTEN: BENEFICIARY

Previously I have sent this notification which you are yet to respond. With reference to the recall of your funds, it has come to our notice via our central monitoring computer that a huge fund has been credited in your name for transfer with a London Bank. Under the stipulated enabling Law of the Government of Great Britain and Wales and other Commonwealth States, any huge fund that has been found in our computer system waiting to be transferred without claims for a period of 6 months or less, shall be confiscated and forfeited to the Government of Great Britain and Wales.

We do hereby ask you to contact this office immediately for ratification within 3 days of this notice or consider your fund confiscated.

We appreciate your urgent co-operation.

LORD ADAIR TURNER, CHAIRMAN,
FINANCIAL SERVICES AUTHORITY (FSA).
LONDON, UNITED KINGDOM

Email analysis :

NOTE : info@nevajans.com
NOTE : mgguzman@difnl.gob.mx
NOTE : Content-Type : text/plain; charset="iso-8859-1"
NOTE : Mime-Version : 1.0
NOTE : Received : from email.difnl.gob.mx (email.difnl.gob.mx. [189.213.106.19])

NOTE : Received : from [100.101.158.18] ([106.198.255.21])

NOTE : (authenticated bits=0) by email.difnl.gob.mx
NOTE : client-ip=189.213.106.19;

NOTE : Content-Description : Mail message body
NOTE : FSA-ReN0GFI

ATM

Your ATM CARD of USD2.5.is with us with registration code of (Shipment Code 11684990)contact us with your delivery information such as, Your Name, Your Address and Your Telephone Number:Contact:(kikioffice6@gmail.com)

Email analysis :

NOTE : kikioffice6@gmail.com
NOTE : x@x.com
NOTE : luisgonzalezjr@cantv.net
NOTE : Received : from 41.138.89.214 ([41.138.89.214])

NOTE : by webmail-02.datacenter.cha.cantv.net (Cantv Webmail) with HTTP;

I will not fail to compersate you

Hello My Dear Beloved I'm happy to inform you about my getting those funds transferred under the co operation of a new business partner from Paraguay. I'm in Paraguay for treatment and investment but meanwhile, I didn't forget your past efforts and attempts to assist me in transferring those funds despite that it failed us some how, but without the your last name I would have not gotten the fund so I have left your compensation fund in a VISA ATM Card with my Secretary in Benin Republic. contact my secretary in Benin his name is Mr Edwin Onuga Hounn, Email: (edwinonunga22@yahoo.com) Ask him to send you the VISA ATM Card containing the total of 800.000.00 Euro which I kept for your compensation for all your past efforts and attempts to assist me in this matter. I appreciated your efforts at that time very much. so get in touch with my secretary Mr Fre Houn and instruct him where to send the VISA ATM Card containing the total of 800.000.00 Euro to you without any delay, Remember that I had forwarded instruction to Him on your behalf. My Best Regards, Writing from Paraguay

Email analysis :

NOTE : Return-Path : < craig.car@outlook.com >
NOTE : 181.196.51.229 ()

NOTE : Mime-Version : 1.0
NOTE : amavisd-new at tena.gob.ec

NOTE : Received : from mail.tena.gob.ec ([127.0.0.1])
NOTE : by localhost (mail.tena.gob.ec [127.0.0.1])
NOTE : Received : from [141.105.71.26] (unknown [141.105.71.26])

NOTE : by mail.tena.gob.ec (Postfix)
NOTE : I will not fail to compersate you

Shipment Code awb 33xzs (Email leak)

I have registered your ATM CARD of $8.5 with DHL Courier Company with registration code of ( Shipment Code awb 33xzs,ATM Card Registered Code No xgt442.Security Code sctc/2001dhx/567/;Transaction Code 233/cstc/101/33028/;Certificate Deposit code; sctc/bun/xxiv/-78/01). please Contact with your delivery information such as, Your Name, Your Address and Your Telephone Number:Courier Office: DHL

Name of Dir:Dr.Clarck Robert,
E-mail:(mr.johndavidson@outlook.com)
Tel:+229-98643209

I have paid for the Insurance & Delivery fee.The only fee you have to pay is their Security fee only.Please indicate the registration Number and ask Him how much is their Security fee so that you can pay it.

Best Regards,
Mrs.Anne Dinma

Email leak :

vcorningstone78@gmail.com, m.litoris224@gmail.com, marjac.1993@gmail.com, marjac.1995@gmail.com, oldmichaelhunt@gmail.com, hughjarce333@gmail.com, acaster247@gmail.com, marja.c1993@gmail.com, marjac1995@gmail.com, miakriskoff@gmail.com, pschlacter400@gmail.com, jennatulls27@gmail.com, gbreezy820@gmail.com, dr.richard.poke@gmail.com, sperks548@gmail.com, rich.dude.swag@gmail.com, rob.karhu@gmail.com, cartoonherodude@gmail.com, reverendtomjones@gmail.com, whiter958@gmail.com, jw508328@gmail.com, meandcecilia@gmail.com, marjac1997@gmail.com, jessicapierce318@gmail.com, webinis123@gmail.com, cj96050@gmail.com, taylorhelen66@gmail.com, harrold.fiducious@gmail.com, bofasaur@gmail.com, lucy04anderson@gmail.com, rhejean16@gmail.com, cruise19allyson@gmail.com, cherrybree289@gmail.com, chelleanderson12@gmail.com, jasminedelancey@gmail.com, hector.rowles@gmail.com, hugoferreiracamargo@gmail.com, mizra9062@gmail.com, hugo35mm@gmail.com, gary.roaster@gmail.com, jennyblack7272@gmail.com, saveourunionflag@gmail.com, buraktorun7@gmail.com, np.eccomiqua@gmail.com, madgekz3bonner@gmail.com, robinsavage447@gmail.com, kenneth.turse@gmail.com, bigmann768@gmail.com, stvesmthson33@gmail.com, ahdrianmallari14@gmail.com, mr04248@gmail.com, sessavivi@gmail.com, zuckuss1212@gmail.com, irvinggoldstein5@gmail.com, yanyanwong2005@gmail.com, troyllovell@gmail.com, bobjjmcgrath@gmail.com, theleroymister@gmail.com, tfuhlery@gmail.com, langitz@gmail.com, louellaalmeida@gmail.com, pastormax7777@gmail.com, hannahsilverson62@gmail.com, tonyraabit@gmail.com, springtimejeremy@gmail.com, clwabbit@gmail.com, wallbounce@gmail.com, hballsich@gmail.com, catharinestrauss@gmail.com, arturosear@gmail.com, nakulannanthakumar97@gmail.com, john.heissenberg@gmail.com, garylongmont135@gmail.com, jtrackster87@gmail.com, robin211985@gmail.com, rad.lad1156@gmail.com, nicolelsmith82@gmail.com, johnliu8513@gmail.com, diderdaniels@gmail.com, eylamao@gmail.com, templargoldencircle@gmail.com, lhbbooks@gmail.com, alwaysbeagiver@gmail.com, julietlovesbobmarley@gmail.com, dhoffman813@gmail.com, e.olsen.nimbus@gmail.com, spamus.det@gmail.com, bigtamedwards@gmail.com, edgar.broughton@gmail.com, fatheramp@gmail.com, pastor.ramen@gmail.com, shonimuronga@gmail.com, kableerm@gmail.com, quickcat8899@gmail.com, candimun@gmail.com, paul.treece.associates@gmail.com, marjac1999@gmail.com, cbradiochatapp@gmail.com, mr.johndavidson@outlook.com

Email analysis :

NOTE : X-Matched-Lists : []
NOTE : Return-Path : < andreiniesta@cantv.net >
NOTE : X-Originating-Ip : [197.234.219.95]

NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at cantv.net
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : Cantv Webmail
NOTE : Content-Type : text/plain; charset=UTF-8
NOTE : Received : from webmail-02.datacenter.cha.cantv.net (webmail-02.datacenter.cha.cantv.net [200.11.153.85])
NOTE : (authenticated bits=0) by 10ibl21ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0)
NOTE : Received : from 197.234.219.95 ([197.234.219.95]) by webmail-02.datacenter.cha.cantv.net
NOTE : (Cantv Webmail) with HTTP; Mon, 7 Nov 2016 05:47:37 -0400 (VET)
NOTE : Shipment Code awb 33xzs

RE: shipping done

We shipped your crap.
Here s the tracking invoice :
https://www.ups.com/?tracking_invoice=219371293129312& action=download

Let us know when it arrives.
Thanks

Phishing analysis :

CLICK : https://www.ups.com/?tracking_invoice=219371293129312& action=download
OPEN : http://invoice-portal.com/invoices/get.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : Download a file called : inv11172016.doc

File analysis :

ESET-NOD32 : VBA/Kryptik.T
F-Secure : Trojan:W97M/Nastjencro.A
Fortinet : WM/Agent.5110!tr
Kaspersky : HEUR:Trojan.Script.Agent.gen
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Panda : O97M/Downloader 20161117
Qihoo-360 : virus.office.gen.75
Symantec : W97M.Downloader
TrendMicro : W2KM_HANCITOR.YYSXC
TrendMicro-HouseCall : W2KM_HANCITOR.YYSXC

inv11172016.doc is a virus.

Email analysis :

NOTE : Return-Path : < rm@restaurantcocotte.com >
NOTE : 162.252.121.130 ()
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : iPad Mail (11D169)
NOTE : Message-Id : < *@restaurantcocotte.com >
NOTE : Content-Type : text/html; charset="utf-8"
NOTE : Received : from unknown (HELO restaurantcocotte.com) (162.252.121.130)

NOTE : RE: shipping done