Tuesday, April 25, 2017

Hi (Donation Scam)

Hello,

Donation proposal for you, Contact me for more details.

Regards,
Greg.

Email analysis :

NOTE : gregoryniklos@gmail.com
NOTE : jimenezm319@cod.edu
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu ([::1])
NOTE : by MAIL13.cdnet-ad.ad.cod.edu ([::1])
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : by MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : by EDGE1.cod.edu (10.11.0.106)
NOTE : Received : from mail.cod.edu (edge1.cod.edu [192.203.136.103])

192.203.136.103 server was used to relay this scam.

NOTE : X-Originating-Ip : [105.112.35.87]

Scammer from 105.112.35.87

NOTE : cod.edu server was used to relay this scam

cod.edu server was used to relay this scam

NOTE : jimenezm319 account was used to relay this scam.
NOTE : @collegedupage server was used to relay a scam.

Compensation Settlement On Escrow Accounts. (IMF Scam)

INTERNATIONAL MONETARY FUND
1900 PENNSYLVANIA Ave NW
WASHINGTON DC.
20431.

Attention Beneficiary

This is to formally inform you that your file on your fund transfer has reached Mr. Carla Grasso Managing Director of the IMF(The International Monetary Fund). We are also aware that your transaction has been dormant for a while now, and we will like to know why. It will be in your own interest to get back to the department director Mr David who is in charge of the transfer unit of IMF, get back to him as soon as possible, failure to do so we shall confiscate your funds to charity.

Email.......imf_davidhanks147@yahoo.com

Fill Out the information to him if you are ready to get your FUNDS

Your Full Name:...............
Direct Phone:....................
Country.................
Occupation:.....................
Gender:.........
Age:..............
Bank details.............
A Scan Copy Of Your Identity Card Or Drivers License.

And take note any other email you receive form anybody claiming to have your fund should be sent to this office and you are advised to stop any transaction or payment to the institutions who have been in contact with you lately for they are scam and the FBI and EFCC are after them,so be smart the IMF is now in-charge of all dept .

We await your reply.

Have a good day.

Department Director
Mr. David Hanks

Email analysis :

NOTE : Received : from vizyontanitim.com
NOTE : (toroon12-1279381067.sdsl.bell.ca [76.65.206.75])

Scammer with the IP 76.65.206.75

NOTE : imf.davidhanks247@gmail.com
NOTE : info@vizyontanitim.com

Monday, April 24, 2017

Scan Data (VIRUS)

Number of images: 1
Attachment File Type: PDF

Description *

File analysis :

OPEN : Scan_*.pdf
SHA256 : d1efbca78f8847005a369ec24155723ccd257e58cd282429cc04f76f898743b7
RESULT : FILE IS A VIRUS

Virus analysis :

Antiy-AVL : Trojan[Downloader]/MSWord.Agent.bgy
Baidu : Multi.Threats.InArchive
CAT-QuickHeal : O97M.Downloader.AJI
ClamAV : Doc.Dropper.Dridex-6260340-0
Fortinet : WM/TrojanDownloader.7A51!tr
McAfee : W97M/Downloader.brv
McAfee-GW-Edition : BehavesLike.PDF.Trojan.qb
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Qihoo-360 : virus.office.obfuscated.1
Rising : Heur.Macro.Downloader.d (cloud:UJEmOxwGVqO)
TrendMicro : HEUR_VBA.O2
ZoneAlarm by Check Point : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : Received : from static.vnpt.vn (unknown [14.164.139.179])
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1)
NOTE : Gecko/20110929 Thunderbird/7.0.1
NOTE : Received : from gra-PC (unknown [114.31.8.46])


NOTE : Street view of 114.31.8.46


IP :

  • 114.31.8.46
  • 14.164.139.179

Congratulations!

Congratulations! You e-mail has just won you the sum of $1,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you by the National Lottery Secretary, Barrister. Mark Knox. Please contact him with your Qualification Number[OXG /101/231/BDB] as soon as possible.

Barrister. Mark Knox
National Lotto Secretary
Email: oxfaminternational9@gmail.com

Email analysis :

NOTE : oxfaminternational9@gmail.com
NOTE : buidoanquyet@hanam.gov.vn

A governmental vietnamese website was used to relay a scam.

NOTE : Received : from mail1.HaNam.gov.vn ([192.168.2.3])
NOTE : by MAIL2.HaNam.gov.vn (IBM Domino Release 9.0 HF683)
NOTE : Received : from mail.hanam.gov.vn (mail.hanam.gov.vn. [113.160.198.113])

mail.hanam.gov.vn was used to relay a scam.

NOTE : A governmental vietnamese website was used to relay a scam.

Vous avez de nouveau message ( Phishing Société Générale )

Cher(e) Client(e),

Votre conseiller vous informe que vous avez reçu un message important

conçernant votrecPass ,

eAccèsuàxvosxcomptes

Cordialement
Société Générale

sg

Email analysis :

NOTE : X-Php-Originating-Script : 0:njd.php
NOTE : e@atosucire.com
NOTE : Received : by batidocs.fr (Postfix, from userid 33)
NOTE : Received : from batidocs.fr ([46.101.97.198])

Phishing from 46.101.97.198

Phishing analysis :

CLICK : eAccèsuàxvosxcomptes
OPEN : http://ecodebredpasrapel.com/votrecode
REDIRECT : http://www.drivegeelong.com.au/journal/url/njd
RESULT : Phishing attempt...

Affected services :

NOTE : e@atosucire.com (Spoofed email.)
NOTE : batidocs.fr (46.101.97.198) (Relaying the phishing email.)
NOTE : ecodebredpasrapel.com (Hosting the redirect to the phishing.)
NOTE : drivegeelong.com.au (Hosting the phishing.)
NOTE : Société Générale (Victim.)

Banco Santander (Brasil) S.A. | Evite Bloqueio de sua conta (*) (Phishing Attempt)

Banco Santander S.A.

Prezado(a) Cliente,

Comunicamos que seus dados cadastrais encontram-se desatualizados em nosso sistema.Para que você possa desfrutar dos benefícios com comodidade e segurança, pedimos que você efetue a Atualização Cadastral de Segurança imposta pelo nosso sistema.

Este procedimento deve ser efetuado, evitando o bloqueio aos canais Santander tais como Telefone, Internet Banking e Caixas Eletrônicos.

Para evitar a suspensão automática desses serviços, habilite suas atualizações clicando no botão abaixo.
Este recurso só é ativado se você aceitar, e é atualizado a partir de servidores certificados..

Deseja confirmar suas definições de segurança?

Confirmar

Banco Santander (Brasil) S.A. CNPJ: 90.400.888/0001-42 Avenida Presidente Juscelino Kubitschek, 2041 e 2235 - Bloco A, Vila Olímpia, São Paulo/SP - CEP 04543-011

Screenshot of the phishing :

Santande

Email analysis :

NOTE : Received : by ip-160-153-226-153.ip.secureserver.net
NOTE : (Postfix, from userid 33)
NOTE : 160.153.226.184

160.153.226.184

NOTE : X-Mailer : Microsoft Office Outlook, Build 17.551210
NOTE : X-Mailer : iGMail [www.ig.com.br]

Phishing analysis :

CLICK : Confirmar
OPEN : http://ip-160-153-229-233.ip.secureserver.net/cadastro/*
RESULT : Phishing is unresponsive...