FW: FTC subpoena (Phishing attempt)

You've been subpoenaed by the FTC.
FTC Subpoena

Please get back to me about this.
Thank you
Richard Kent
Senior Accountant
richard@*.*
Phone: 441-216-2849
Fax: 441-216-5880

Email analysis :

NOTE : richard@*.*
NOTE : Received : from unknown (HELO IEOSOZAX) (117.247.121.182)

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : BSNL was used to relay this phishing.

Phishing analysis :

CLICK : FTC Subpoena
OPEN : http://benxethainguyen.vn/api/get.php?id=dGVzdEB0ZXN0LmNvbQ==
RESULT : 404, removed...
WHOIS : benxethainguyen.vn

benxethainguyen.vn whois :

TÊN MIỀN benxethainguyen.vn
Ngày đăng ký: 16-03-2012
Ngày hết hạn : 16-03-2017
Tên chủ thể đăng ký sử dụng :Ông Nguyễn Sự
Trạng thái : clientTransferProhibited
Quản lý tại Nhà đăng ký: Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
Máy chủ DNS chuyển giao: + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn
Registration date : 16-03-2012
Expiration date : 16-03-2017
Registrant : Ông Nguyễn Sự
Status : clientTransferProhibited
Current Registrar : Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
DNS Server : + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn

Your FedEx International Cheque Of $4.180,000.00USD

FedEx Courier Service,
Address : Sheikh Zayed Road 26th Floor
Dubai Media City 9239 UAE Dubai
Tel: +971521079311
Fax: +971 4-331-0718
Fax: +971 4-332-2304
Email: fed.ex.ae@yandex.com
Website: http://www.fedex.com/ae/

Customers Service Days –Monday to Sunday

Attention: Valuable Customer,

We have a parcel for you containing a winning Cheque worth the sum of Four Million One Hundred And Eighty Thousand United State Dollars ($4.180,000.00USD) and also an Apple MacBook Pro and the new Apple iPhone (7) 120GB mobile phone added to your package which will be delivered to you after you provide all the required information to the FedEx Delivery Company before the parcel can be shipped to your own residential address in your country. Furthermore, you might be asking yourself how comes this email or your cheque. Your winning cheque was brought to our office by the Coca-Cola Bottling Company via a Lottery Fiduciary Claim Agent, signifying that you are a rightful winner to their Lottery Award Promo selected randomly which is powered by the Coca-Cola Bottling Company and also the Apple Company of United Arab Emirates. The main aim of this promo is to advertise the Coca-Cola Bottling Company product and the Apple Company product worldwide. Your e-mail address was amongst the (5) lucky email addresses that makes your email address as one of the lucky email address and they have decided to send your winning package to you through Federal Express Delivery Service. What you have to do now is to contact our Delivery Department for immediate dispatch of your winning package to your residential address.

For your information, the Lottery Fiduciary Company has paid the Delivery fee and Security keeping fee & Shipping charges as well as the Vat fees; you will have to pay a sum of $280.00 USD to the FedEx Delivery Department being payment for the Insuring of your package. All you have to do is to insure your winning parcel with the Insurance Company, which is registered with FedEx United Arab Emirates Dubai. The reason why you are been ask to pay for the Insurance fee is because of the fact that all items & packages that is not Insured by the insurance company of United Arab Emirates Dubai are not allowed to be delivered to their delivery address. So you are to pay the FedEx Courier Service the Insurance Fee to enable the insurance company insured your winnings for delivery.

As soon as you effect the payment our delivery team will take your Insurance fee, they will proceed to the insurance company to Insure your winning funds, as soon as it is been Insured by the insurance company of United Arab Emirates Dubai we shall commence with your delivery without any delay and also we shall provide you with the Insurance receipt that was given to us by the insurance company as a proof that you have Insured your package for delivery. The main reason why you are been ask to Insure your winning package is to certify that the package is not a Drug Affiliated Fund (DAF) neither is the funds to sponsor Terrorism in your country this will help you to avoid any form of query from the Monetary Authority of your country. And also we cannot take the risk to carry out the delivery of your winning package in-case of any possible demurrage. You have to contact our delivery team and ask them how you are going to make the payment of the Insurance fee of your package. We hope that you will respond to us as soon as possible because if you fail to respond until the expiry date of this package, we may refer the package to United Arab Emirates Dubai Commission of Welfare or better still to Coca-Cola Bottling Company or Apple Company. Kindly contact the delivery department (FedEx Delivery Post) with the details given below:

Delivery Manager.
Name: Mr. Kelvin Green.
Tel: +971521079311
Email: fed.ex.post@qq.com

You have to fill the form below and send back to us, and it's mandatory to reconfirm your postal address and telephone numbers to enable us commence with your delivery and mostly to enable us insure your Winning package and also do provide us with any scanned copy of any proof of your identification.

=========================================
Do Provide Us With The Information Below
=========================================
Your Full Names -------------
Your Home Address ----------------
Date of Birth ----------------------
Your Contact Phone or Mobile Number ------------------------
Occupation -------------------------
Marital Status ---------------------
Country ----------------
Your State ------------------
========================================

Kindly complete the above form and summit it to the delivery manager on fed.ex.post@qq.com) As soon as your details are received, our delivery team will give you the necessary payment procedure so that you can effect the payment for the Insurance fee. As soon as they confirm your payment of $280.00 USD, they will not hesitate to work straight to the insurance company and insure your winning for delivery. It usually takes 24 hours being an overnight delivery service to deliver your winning funds to you after it has been insured by the insurance company. Ensure to contact our delivery department with the email address given above and ensure to fill the form as well to enable a successful reconfirmation and a safe delivery of your winning package.

Yours Faithfully,
Mrs. Aisha Philips
FedEx Online Team Management®
© Copy Right Reserved 1994-2016.

Email analysis :

NOTE : post.fed.ex@qq.com
NOTE : mirta.morinigo@senac.gov.py
NOTE : Received : from [192.168.1.250] (96-88-46-89-static.hfc.comcastbusiness.net [96.88.46.89])

NOTE : by mail.presidencia.gov.py
NOTE : mail.presidencia.gov.py ?

NOTE : presidencia.gov.py ?

NOTE : mail.presidencia.gov.py server was used to relay a scam.

Greeting from ANNEBEL

My name is Annabel sorry I got your email address from mail Directory today i decieded to contact you and to know you more ,I have very important thing i will love to share with you .just to help me express my self well ,write me back i will give you full detail.thanks i will be waiting.Annabel

Email analysis :

NOTE : From Annabel
NOTE : anabelhassan2@hotmail.com
NOTE : maria.johnson749@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : Mime-Version : 1.0
NOTE : client-ip=98.139.213.55;

NOTE : Name is unclear : Annebel ? Annabel ? Annabelle ? Maria Johnson ? Scam !

CONGRATULATIONS FOR YOUR AWARD OF $18.5MILLION USD

Attention Please!!!

I have registered your ATM CARD of $18.5usd with Delivery Company, Please Contact with your delivery information such as, Your Name, Your Address and Your Telephone Number.

E-mail: (iinfoo.bankuba@gmail.com)
Tel:+229)-61431140

I have paid for the delivery fees and only what your paying for is the insurance fees,And Which is $85.Please forward your information to them immediately.

Best Regards,
Miss Sussane Harry

Email analysis :

NOTE : "officefile."@triton.ocn.ne.jp
NOTE : iinfoo.bankuba@gmail.com
NOTE : client-ip=153.149.230.41;

NOTE : *.*.*.JavaMail.root@triton.ocn.ne.jp
NOTE : X-Originating-Ip : [149.6.145.26]

Bernabe Saturno

Are you in need of a loan to pay off your bills, start up a business or do you need a loan to expand your existing business? Arrival Moniment Loan is offering out business and personal loans to individuals, companies and co-operate bodies in need of loans. We offer loans at 3% interest rate.

If interested, please get back to us with the following information's at arrivalmonimentloans@outlook.com

Name:.... Country:... Age:.... Loan Amount:.... Loan Duration:...Contact number:...

We will love to do business with you.

Email analysis :

NOTE : bsaturno@minsa.gob.pa
NOTE : arrivalmonimentloans@outlook.com
NOTE : X-Originating-Ip : [10.130.86.42]
NOTE : Received : from Mailbox1.minsa.gob.pa ([10.20.151.2])
NOTE : by Mailbox1.minsa.gob.pa ([10.20.151.2])
NOTE : ... ?
NOTE : minsa.gob.pa

NOTE : Mailbox1.minsa.gob.pa server was used to relay this scam.

Rappel ! (Phishing Carte Bleue)

Bonjour,

Une nouveau message en ligne est disponible sur votre Messagerie e-carte bleue.

Pour la consulter et accéder a votre messagerie sécurise.

veuillez vous adresser à https://service.e-cartebleue.com/fr/

Nous vous remercions par avance et restons bien sur à votre disposition pour
toute précision utile.

Cordialement.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique. Cette adresse e-mail ne peut pas recevoir de réponses.

Phishing screenshot :

Phishing analysis :

CLICK : https://service.e-cartebleue.com/fr/
OPEN : http://edilbarbetta.com/wp-content/them/
SCREENSHOT :

DETAIL : Wordpress website...

Domain analysis :

Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Expiration Date 11-sep-2017
Registrar Ascio Technologies, Inc
Registrant Name Luca Barbetta
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Domain Name EDILBARBETTA.COM
Sponsoring Registrar IANA ID 106
Whois Server whois.ascio.com
Referral URL http://www.ascio.com
Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Status ok https://icann.org/epp#ok
Updated Date 16-aug-2016
Creation Date 11-sep-2015
Expiration Date 11-sep-2017
Last update of whois database Fri, 02 Dec 2016 09:37:40 GMT
Registry Domain ID 1959304579_DOMAIN_COM-VRSN
Registrar WHOIS Server whois.ascio.com
Registrar URL http://www.ascio.com
Updated Date 2016-08-16T08:16:43Z
Creation Date 2015-09-11T00:00:00Z
Registrar Registration Expiration Date 2017-09-11T18:13:36Z
Registrar Ascio Technologies, Inc
Registrar IANA ID 106
Registrar Abuse Contact Email abuse@ascio.com
Registrar Abuse Contact Phone +44.2070159370
Domain Status OK
Registrant Name Luca Barbetta
Registrant Street via Tasso 8
Registrant Street Ve
Registrant City La Salute di Livenza
Registrant Postal Code 30029
Registrant Country IT
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Admin Name Master Host
Admin Organization One.com
Admin Street Kalvebod Brygge 24
Admin City Copenhagen V
Admin State/Province Copenhagen V
Admin Postal Code 1560
Admin Country DK
Admin Phone +45.46907100
Admin Fax +45.70205872
Admin Email hostmaster@one.com
Tech Name Master Host
Tech Organization One.com
Tech Street Kalvebod Brygge 24
Tech City Copenhagen V
Tech State/Province Copenhagen V
Tech Postal Code 1560
Tech Country DK
Tech Phone +45.46907100
Tech Fax +45.70205872
Tech Email hostmaster@one.com
DNSSEC unsigned
Last update of WHOIS database 2016-12-02T09:37:52 UTC

Email analysis :

NOTE : services.e-cartebleue@bell.net
NOTE : services.e-cartebleue@service.fr
NOTE : 184.150.200.79

CHECK YOUR BANK ACCOUNT, YOUR ACCOUNT HAS BEEN ACCREDITED WITH US$12.8 MILLION

Dear customer,

Congratulations please check your bank account,your fund of
US$12.8 million has been transferred to your bank account.

Gordon Williams
BARCLAYS BANK LONDON.
williamsgordon7@aol.com
+442038085314

Email analysis :

NOTE : williamsgordon7@aol.com
NOTE : X-Sender : INFO@BARCLAYSBANK.COM
NOTE : Organization : BARCLAYS BANK LONDON
NOTE : 91.135.16.19 is neither permitted
NOTE : Received : from pop.dtg.lv (pop.dtg.lv [91.135.16.4])

NOTE : by smtp.dtg.lv (Postfix)
NOTE : client-ip=91.135.16.19;

Transfer Notification/ Respond Now

NEEL KASHKARI
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Attn: Beneficiary,

This is to inform you that we have received a payment instruction from Mr. Chan Tak Kin, a Citizen of China demanding that we should transfer your funds to him, as you have given him the mandate and authorization for him to receive your funds interest.Note that he has given us a bank account in Hong-Kong, where we will transfer your funds to him without delay.

Bank of China (Hong Kong)
25 Wu Pak Street, Aberdeen, HK
Account Name: Chan Tak Kin
Swift code: BKCHHKHHCLS
Routing number: 026003269
Account number: 012-879-6-034422-0

Please let us know if you have truly instructed and directed him to receive your funds in Hong-Kong.We have informed him to get an official Power of Authorization from you, before we will release the funds to him, which we are still waiting for.However, we want to inform you that, you have within the next five (5) official working days to get back to us on this notice or we will release the funds to him.

Yours truly,

Neel Kashkari

FEDERAL RESERVE BANK
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Email analysis :

NOTE : neelkashkari@barid.com
NOTE : info@federalreserve.gov
NOTE : FEDERAL RESERVE BANK
NOTE : 51.15.42.116 ()

NOTE : Strange...
NOTE : UK Government Department for Work and Pensions
NOTE : Search Google for "UK Government Department for Work and Pensions IP"
NOTE : http://www.bbc.com/news/technology-32826353
NOTE : IP was sold off ?

NOTE : Informations about 51.15.42.116

inetnum: 51.15.0.0 - 51.15.63.255
org: ORG-ONLI2-RIPE
netname: ONLINE_NET_DEDICATED_SERVERS_NL
country: NL
admin-c: MM42047-RIPE
tech-c: MM42047-RIPE
status: LEGACY
mnt-by: ONLINESAS-MNT
created: 2016-10-28T11:18:17Z
last-modified: 2016-10-28T11:19:00Z
source: RIPE
organisation: ORG-ONLI2-RIPE
org-name: ONLINE SAS NL
org-type: OTHER
address: ONLINE SAS NL, EvoSwitch AMS1, J.W. Lucasweg 35 2031 BE Haarlem
abuse-c: AR32851-RIPE
mnt-ref: ONLINESAS-MNT
mnt-by: ONLINESAS-MNT
created: 2016-05-13T10:41:40Z
last-modified: 2016-05-13T10:41:40Z
source: RIPE # Filtered
person: Mickael Marchand
address: 8 rue de la ville l'eveque 75008 PARIS
phone: +33173502000
nic-hdl: MM42047-RIPE
mnt-by: MMA-MNT
created: 2015-07-10T15:02:32Z
last-modified: 2016-02-23T12:43:25Z
source: RIPE # Filtered

NOTE : Received : from User (unknown [104.238.195.195])

NOTE : (Authenticated sender: admin) by mail.dealer.com

Hello Dear

Dear Friend,

Your contact came to me through a friend who does international business between countries.

I am Ms Ashley William, of the Ministry of Health in Mauritius proposing a beneficial transaction to you.I am relying on your genuineness and sincerity,in all aspects of this proposal.

The transaction in question of which I am about to reveal to you,emanated from over-invoicing(COMMISSION) of contract awarded in my ministry for the supplies of medical equipment and quality health programs.The Contract payment were completed on the directives of Nicholas west: knowing fully that my commission will be paid out as agreed to a receiving vault as deposited valuables.

please kindly respond to my email addresses below for full details:
ashleywilliamz2000@hotmail.com

Thanks,
Ms Ashley Williams

Email analysis :

NOTE : ashleywilliamz2000@hotmail.com
NOTE : Shashi@studentmail.siit.tu.ac.th
NOTE : X-Mailer : Zimbra 8.6.0_GA_1194 (zclient/8.6.0_GA_1194)
NOTE : X-Originating-Ip : [166.88.123.62]

NOTE : Received : from mail.studentmail.siit.tu.ac.th
NOTE : (mail.studentmail.siit.tu.ac.th [103.253.75.124])
NOTE : by mail.studentmail.siit.tu.ac.th

NOTE : account Shashi
NOTE : siit.tu.ac.th

NOTE : mail.studentmail.siit.tu.ac.th server was used to relay this scam.