Tuesday, September 12, 2017

Please verify your email address *

The Dropbox logo

Hi *,

We just need to verify your email address before your sign up is complete!

Verify your email

Happy Dropboxing!

Email analysis :

NOTE : Received : from customer-PUE-207-103.megared.net.mx (unknown [177.245.207.103])


NOTE : verify@dropbox.com
LINK : http://floraisdobrasil.com.br/dropbox.html

NOTE : Received : from 189.89.7.60.telesa.com.br (unknown [189.89.7.60])


NOTE : verify@dropbox.com
LINK : http://basedow-bilder.de/dropbox.html

Phishing analysis :

CLICK : Verify your email
OPEN : http://floraisdobrasil.com.br/dropbox.html
SCREENSHOT :


CLICK : Verify your email
OPEN : http://basedow-bilder.de/dropbox.html
SCREENSHOT :


REDIRECT : http://wittinhohemmo.net/drop.php

OPEN : http://wittinhohemmo.net/drop.php
DOWNLOAD : Dropbox-MSGCODE-*.js
RESULT : Dropbox-MSGCODE-*.js is a virus

Virus analysis :

Arcabit HEUR.JS.Trojan.ba
Avira HTML/ExpKit.Gen2
Baidu JS.Trojan-Downloader.Nemucod.yo
Cyren JS/Agent.AAO1!Eldorado
F-Prot JS/Agent.AAO1!Eldorado
Qihoo-360 virus.js.qexvmc.1075
Rising Malware.Undefined!8.C (cloud:CVrV9ZfawJI)
Symantec JS.Downloader.D
TrendMicro Possible_Cerber-JS03b1
TrendMicro-HouseCall Possible_Cerber-JS03b1
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic

Conclusion :

Virus stored for analysis...

Saturday, September 9, 2017

Bank of America Corporate Office Headquarters

Bank of America Corporate Office Headquarters
100 N.Tryon St Charlotte,NC 28255
Our Ref:BOA/IRU/SFE/15.5/WD/011
United States of America
Monday-Friday
8 a.m.-9 p.m. Eastern Daylight Time(EDT)
Saturday and Sunday
8 a.m.-4 p.m. Eastern Daylight Time(EDT)

The Management of the Bank of America Corporate Office Headquarters here in 100 N.Tryon St Charlotte,NC 28255 wishes to inform you that after a brief meeting held by the Bank executives yesterday,We deem it appropriate to intimate you that your funds will be transferred into the United States Treasury Account with the JP Morgan Chase Headquarters at 270 Park Avenue in New York according to the record we got due to your inability to complete the transaction and your failure to meet up with a minor payment obligation.The actual transfer of your funds($20,500,000.00) into the government account comes up next week.

This is in line with the instructions of the USA Treasurer,Mrs.Rosa Gumataotao Rios that all unclaimed funds be paid into the United States Government Treasury Account as unserviceable funds in compliance to section 3 subsection 1(a) of the United States Financial Law enacted in 2001 after an attack on our dear country on September 11,2001.

Find below the profile of the banking institution where your funds will be transferred into following the government directive:, And note to responds to us with below Email ( officemails@hot.ee ) Name of Bank: JP Morgan Chase Headquarters at 270 Park Avenue in New York. JP Morgan Chase Official Bankers for the United States Treasury Department

AC NO: 68302345093
Routing NO:JPM109593
Account Name: United States Treasury Department,USA

Note that if you still wish to receive your actual donation payment ( $20,500,000.00) do get back to us Immediately so that we will remove your funds transfer from the list of those transactions to be seized by the United States Government. Also be Informed that we need only a DIPLOMATIC IMMUNITY SEAL OF TRANSFER (DIST DOCUMENT) to complete the wire transfer direct to your personal bank account if you agree.The fee to obtain the SEAL was reduced from $600 to $296 and no other fee is involved.

You are required to send the fee of $296 by WESTERN UNION or Walmart to walmart to the issuing officer at the bank where your transaction originated as stated below INFORMATION.

If we receive the MTCN today along with your bank details,we will transfer your funds ( $20,500,000.00 ) before we close office and the funds will reflect 3hours after the transfer.We will send you all the transfer documents to enable you start making cash withdrawals from your account same day the funds are transferred. We have waited for so long and we cannot continue to wait.

Thank you for giving us the opportunity to serve your banking needs.

Yours faithfully,

Brian Moynihan
Chairman of the Board, Chief Executive Officer
Bank of America® Corporation head Office
Email ( officemails@hot.ee )
Corporate Office Headquarters,Charlotte,N.C.
Bank of America, N.A. Member FDIC.
© 2011 Bank of America Corporation. All rights reserved.

Email analysis :

NOTE : officemails@hot.ee
NOTE : invector@anagg.com
NOTE : emails@hot.ee
NOTE : Received : (from tomorevo@localhost)
NOTE : by www1032.sakura.ne.jp
NOTE : client-ip=219.94.129.42;

Tuesday, September 5, 2017

Rép : Investment Opportunity/Deal

From Desk of: Davis Mark
Benin Communications Commission (BCC).
+229-68650268

Hello dear,

It is my pleasure to acknowledge your warm response to my enduring business deal proposal. Firstly, I must appreciate you for your kind response to my proposal and I will sincerely clear you on this deal without prejudice. I also have noted your advice in good faith but will use this opportunity to enlighten you more about this deal.

Like I explained in my first proposal to you, in the year 2007 we offered license to one Mubadala development Company and the business was a spectrum in our Global Service for mobile (AKA GSM) telecommunication under 1800/900MHz at the rate of US$400million only which goes into the Federation account.

During this exercise, we agreed with Mubadala that we are entitle to US$20million as facilitation to enhance the release of the license to them which was paid and deposited under the Alexio Consultant Limited in a Security Vault (Financial Institution) just to avoid tresses of the Federal Government agency. Having said this, the (Alexio Consultant limited) was incorporated as a foreign firm in (based Jordan) then just to leave no tress on the deal for us to excel in our mission. This fund has been under the Alexio Consultant limited since then without no claim since we as civil Servant has not right to operate a foreign account as the law of the land stipulates and my boss (Dr.Bashir Gwandu, the Executive Commissioner then) whose name was used in the agreement with the Mubadala was no more (he died).

What I want from you is to stand as the CEO/Director of the Alexio Consultant Limited and we will front you for the claim of the US$20million and the Vault where the money is been deposited. Honestly, It has taken me over 5years looking for a honest and sincere person who will handle this deal for our mutual benefit without jeopardy and here God directed me to you with the believe that you will not let me down. I would want you to reassure me your capability and capacity to handle this deal effectively for our mutual benefit.

In nutshell, I propose that we reach an understanding (MOU) which will protect our (You & Me) right and responsibilities in this project. Prior to this I will advice that you provide me your physical address and your preferred identity (International Passport/driver’s license) while I direct my family lawyer to draft the Memorandum of Understanding (MOU) to international standard.

I wait your telephone call for oral discussion.

Warm regards,
Davis Mark.
Direct Tel: +229 68650268

Email analysis :

NOTE : davismarkprivate68@yahoo.com
NOTE : wwww."@ivy.ocn.ne.jp
NOTE : X-Originating-Ip : [197.234.219.36]

Monday, September 4, 2017

TR :lmportant (Phishing Banque Postale)

Cher(e) Client(e),

Dans le cadre de l'amélioration continue de nos services, nos conseilles est à votre écoute.
La Banque Postale effectuent un mise a niveau du logiciel prevu.

Nous vous demandons instamment de visiter le lien suivant pour commencer la confirmation de votre login.

Pour commencer, s'il vous plait cliquer sur le lien ci-dessous:

Cliquez ici

Si vous souhaitez prendre contact avec nous, veuillez Contacter nous sur «Aide et contact».

Email analysis :

NOTE : p.vloon@home.nl
NOTE : 212.54.34.166


NOTE : Received : from vm4.bonachats.net
NOTE : ([52.169.121.142] helo=52.169.121.142)


Screenshot of the Phishing :


Phishing analysis :

CLICK : Cliquez ici
OPEN : https://goo.gl/d9zaHc
SCREENSHOT :


COPY LINK : http://tunarp.se/wp-content/labanquepostale/
OPEN : http://tunarp.se/wp-content/labanquepostale/
RESULT : Phishing attempt

Sunday, September 3, 2017

Notification(1) (PayPal Phishing Attempt)

ΡayΡal

PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?

Whаt dο i need tο dο ?

In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.

Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.

[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.

Email analysis :

NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;


Screenshot of the Phishing :


Phishing analysis :

CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt