Thursday, August 24, 2017

About Payment 23-08-2017

Good day,

We have been instructed by your customer to make this transfer to you. Please we are very sorry for the delay in the payment, it was due to the Holidays. Attached is the Payment remittance copy for your reference.Please confirm for errors and get back to us through email.

Best Regards,
DANIEL MURRAY
Sharaf Exchange LLC.
Address:Sharaf Exchange Shop No. G15,
Union Co-Op Society,
Al Aweer,Near Fruit and Vegetable Market, Ras Al Khor, Dubai - UAE
Phone No:04-3200698
Website: http://www.sharafexchange.com

IMG-051220378052.DOC

Email analysis :

NOTE : danielmurray@mail.ru
NOTE : Received : from [104.243.26.4] (port=51917 helo=User)


NOTE : by shared.buxar-host.in
NOTE : bylinkove-zdravi@seznam.cz

Virus analysis :

Ad-Aware W97m.Downloader.GCK
AhnLab-V3 W97M/Downloader
BitDefender W97m.Downloader.GCK
DrWeb W97M.DownLoader.1802
eScan W97m.Downloader.GCK
F-Secure W97m.Downloader.GCK
GData W97m.Downloader.GCK
Ikarus Trojan-Downloader.VBA.Agent
MAX malware (ai score=81)
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
No comments:
Labels : , , , , ,

Verify your account™ (Phishing)

Hi *@*,

Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.

Please click here for confimation to avoid mail malfunction.

Regards
Mail sent to: *@*

© 2017 Online Office. All rights reserved. NMLSR ID 399801

Email analysis :

NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;


Phishing analysis :

CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :

No comments:
Labels : , , ,

317061979269082.doc (Virus)

317061979269082.doc

Email analysis :

NOTE : Return-Path: < noreply@xo.net >
NOTE : identity=mailfrom; client-ip=208.36.229.61;
NOTE : helo=xo.net; envelope-from=noreply@xo.net;
NOTE : Received: from xo.net (208.36.229.61.ptr.us.xo.net [208.36.229.61])
NOTE : Content-Type: application/msword; name="317061979269082.doc"
NOTE : From: < noreply@ulegv.com >
NOTE : 208.36.229.61.ptr.us.xo.net)

Virus analysis :

Ad-Aware W97M.Downloader.GDB
AegisLab Troj.Script.Agent!c
AhnLab-V3 W97M/Downloader
ALYac Trojan.Downloader.W97M.Gen
Arcabit HEUR.VBA.Trojan.e
Avast Other:Malware-gen [Trj]
AVG Other:Malware-gen [Trj]
Avira W97M/Dldr.Agent.mgjui
Baidu VBA.Trojan-Downloader.Agent.bup
BitDefender W97M.Downloader.GDB
Comodo UnclassifiedMalware
Cyren PP97M/Downldr
DrWeb W97M.DownLoader.1961
Emsisoft Trojan-Downloader.Agent (A)
eScan W97M.Downloader.GDB
ESET-NOD32 VBA/TrojanDownloader.Agent.DYZ
F-Prot New or modified PP97M/Downldr
F-Secure W97M.Downloader.GDB
Fortinet WM/Agent.Q!tr.dldr
GData W97M.Downloader.GDB
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky HEUR:Trojan.Script.Agent.gen
MAX malware (ai score=99)
McAfee W97M/Downloader.cfm
McAfee-GW-Edition W97M/Downloader.cfm
Microsoft TrojanDownloader:O97M/Donoff
Panda O97M/Downloader
Sophos AV Troj/DocDl-KBA
Symantec W97M.Downloader
Tencent Win32.Trojan-downloader.Agent.Sxyr
TrendMicro W2KM_DLOADR.YYTCY
TrendMicro-HouseCall W2KM_DLOADR.YYTCY
ViRobot W97M.S.Agent.76249
ZoneAlarm HEUR:Trojan.Script.Agent.gen
No comments:
Labels : , , ,

reply (Inheritance scam)

Based on our investigation of your payment, we want to find out if you're still alive or did you sign any deed of assignment with (Ms Grace Smith) to receive your contract /Inheritance payment worth of US$7.5M, reply to us with the following details, Your Name: ,Your Address ,Your Age/Sex,Your Mobile No: to email: imforangisation@gmail.com OR CALL +91-886 059 1944

Yours Sincerely,
Mr. Adrian Tobias
IMF Resident Representative
Tel:+91-886 059 1944

Email analysis :

NOTE : imforangisation@gmail.com
NOTE : albanizaluciano@agespisa.com.br
NOTE : Received : from mail.agespisa.com.br ([127.0.0.1])
NOTE : by localhost (mail.agespisa.com.br [127.0.0.1])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br [172.20.1.72])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br. [200.217.241.123])

No comments:
Labels : , ,

Your PayPal account has been temporarily Locked! (PayPal Phishing)

paypal

Welcome

Dear *@*,

Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)

Activate

Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.

Yours sincerely,
PayPalYours sincerely,
PayPal

Email analysis :

NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])


Phishing analysis :

CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :


TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :


CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :


CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :

No comments:
Labels : , , , , ,

Wednesday, August 23, 2017

Antonin (Military Scam)

I am Sgt Antonin Andel, i have a project for you.

Email analysis :

NOTE : antonin.andel@outlook.fr
NOTE : postmaster@spamwall.quilmes.gov.ar
NOTE : designates 190.120.191.6 as permitted sender)
NOTE : client-ip=190.120.191.6;


NOTE : Received : from [192.168.0.100] (unknown [43.240.7.127])

No comments:
Labels : , , ,

Bonjour (Arnaque financement)

Bonjour,

Par respect, êtes-vous en besoin de financement ? Si oui, je vous expliquerai plus en détails dans mon prochain mail.

A vous lire,

Linette TROST

Email analysis :

NOTE : sperandeosnc@tin.it
NOTE : linette.trost@gmail.com
NOTE : X-Originating-Ip : 41.138.89.213:49283


NOTE : sperandeosnc@tin.it designates 212.216.176.195
NOTE : as permitted sender) client-ip=212.216.176.195;

No comments:
Labels : , , , ,

Your response is highly appreciated!!

Hello ,

I am specifically contacting you in respect of a business proposal that I have for you as you appear very relevant in the proposal.

Please kindly reply back to me for further details.

Waiting to hear from you.

Regards,

Mr.Adams Salem

Email analysis :

NOTE : mradamssalem@mail.ru
NOTE : do.tapia@centrosur.gob.ec
NOTE : Received : from DESKTOP-THKGO5T.localdomain
NOTE : (unknown [169.159.126.174])


NOTE : by mail.iniciativa.cat (Postfix)
No comments:
Labels : , , ,

PRIVATE....

I am seeking your assistance in helping me receive a large amount of money and in giving a clear research and feasibility study on areas I could invest on. If you are interested then kindly send your feedback to this mailbox: mrmichealwuu14@yahoo.com.hk

Regards,
Micheal Wu

Email analysis :

NOTE : mrmichealwuu14@yahoo.com.hk
NOTE : drmartens.trinoma@cln.com.ph
NOTE : Received : from [74.208.131.168]
NOTE : (unknown [74.208.131.168])


NOTE : by mail.cln.com.ph (Postfix)
No comments:
Labels : , , ,
Subscribe to: Posts (Atom)
Copyright © Scam.cz | Created by Rbcafe