http://www.scam.cz
Saturday, December 23, 2017
the Former United States Ambassador
This is Mr. Good Luck the Former United States Ambassador Republic of Benin, I came down here in Cotonou Benin Republic for an ECOWAS meeting and I was searching for some files that I left in this office before I left and found out that you have not received your fund, and I asked the present ambassador Mr Smith John what happened that you have not receive your fund and he said that you refused to pay the required fee for the delivery of your ATM CARD.amount of money $5.8m
I'm contacting you this morning because the director of the ATM CARD center here in Benin Republic said that they will divert your ATM CARD to the Government Treasury just because that you cannot pay for the service fee of your ATM CARD which is $150 only according to them.
But I told them to wait until I hear from you today so that I will know the reason why you rejected such amount of money $5.8m which will change your life just because of $150
I want your urgent response as soon as you receive this email and explain to me the reason why you have abandon your ATM CARD because of $150. But if you don't need it then I can change your name to another person so that this Government will not claim this money but I know that you will love to have it.
Please my dear I want to help you to receive this fund because it was a big shock to me that you have not receive your ATM CARD and withdraw your money since 1 year now and I'm very sorry for that and you will receive your fund before the end of this meeting which will take us 4 days and I will be here to monitor it until you everything is get done.
This is where you should send the fee today and don't fail to do that as I have said.But remember you are advise to send via money gram transfer or RIA due to they have problem going to western union they case with western union is at the court.
Receiver Name====NWAKWU HYCENTH
Country =======Benin Republic
City ============= Cotonou
Text Question ===== today
Answer ============ Yes
Amount ======== $150
Sender Name ====
Mtcn ====
I will wait to hear from you today with the mtcn number.
Call Me or text me +1(917) 708-7874
Finally, make sure that you reconfirm your full details.
1) FULL NAMES:
2) DELIVERY ADDRESS:
3) PHONE NUMBER/
4) COUNTRY:
Mr.Good Luck
the Former United States Ambassador to Republic of Benin,
u.ambassador19@yahoo.com
Email analysis :
NOTE : u.ambassador19@yahoo.com
NOTE : "www."@tempo.ocn.ne.jp
NOTE : Received : from mzcstore412.ocn.ad.jp (mz-fcb412p.ocn.ad.jp
NOTE : [153.149.245.10]) by vcwebmail.ocn.ad.jp (Postfix)
NOTE : X-Originating-Ip : [5.62.43.32]
I'm contacting you this morning because the director of the ATM CARD center here in Benin Republic said that they will divert your ATM CARD to the Government Treasury just because that you cannot pay for the service fee of your ATM CARD which is $150 only according to them.
But I told them to wait until I hear from you today so that I will know the reason why you rejected such amount of money $5.8m which will change your life just because of $150
I want your urgent response as soon as you receive this email and explain to me the reason why you have abandon your ATM CARD because of $150. But if you don't need it then I can change your name to another person so that this Government will not claim this money but I know that you will love to have it.
Please my dear I want to help you to receive this fund because it was a big shock to me that you have not receive your ATM CARD and withdraw your money since 1 year now and I'm very sorry for that and you will receive your fund before the end of this meeting which will take us 4 days and I will be here to monitor it until you everything is get done.
This is where you should send the fee today and don't fail to do that as I have said.But remember you are advise to send via money gram transfer or RIA due to they have problem going to western union they case with western union is at the court.
Receiver Name====NWAKWU HYCENTH
Country =======Benin Republic
City ============= Cotonou
Text Question ===== today
Answer ============ Yes
Amount ======== $150
Sender Name ====
Mtcn ====
I will wait to hear from you today with the mtcn number.
Call Me or text me +1(917) 708-7874
Finally, make sure that you reconfirm your full details.
1) FULL NAMES:
2) DELIVERY ADDRESS:
3) PHONE NUMBER/
4) COUNTRY:
Mr.Good Luck
the Former United States Ambassador to Republic of Benin,
u.ambassador19@yahoo.com
Email analysis :
NOTE : u.ambassador19@yahoo.com
NOTE : "www."@tempo.ocn.ne.jp
NOTE : Received : from mzcstore412.ocn.ad.jp (mz-fcb412p.ocn.ad.jp
NOTE : [153.149.245.10]) by vcwebmail.ocn.ad.jp (Postfix)
NOTE : X-Originating-Ip : [5.62.43.32]
Activate your Email Subscription to: THIS IS THE LAST WARNING, BE CAREFUL (Blackmail)
You received this message because someone requested an email subscription for *@* to a FeedBurner feed. If you did not make this request, please ignore the rest of this message.
(YOU SHOULD NOT IGNORE THIS MESSAGE OTHERWISE ALL YOUR PRIVACY WILL BE EXPOSED)
I guess there isnt good news
I setup an very small malware in a porn website (adult videowebsite) and you viewed the videos (you know what im talking,).
While you were watching the videos my malvware started to work as a RDP (remote desktop view) with a keylogger and i had access to your device screen and camera.
My malvware also collected your contacts (from email, social network, etc...)
After this i started to record your screen and your camera at the same time. So i created an double-screen video (half side your camera watching porn and half side your screen).
As you might be thinking i had a lot of trouble doing all this.
You might be worried at this point but dont be, its simple to fix all this mess, all you have to do is pay me U$350, this value is enough to keep our little secret safe.
You will make my payment through Bitcoin (if you dont know how to buy Bitcoin search on google, its fast and easy, i recommend localbitcoins).
The Bitcoin address you have to send the money is: 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR
You only have 24 hours to send my money after reading this e-mail (i setup an special tracking pixel in this message and i will know when you read it).
If i do not receive my Bitcoins i will send your double-screen video to all contacts that i collected from you (including friends, co-workers, family).
If you are wise enough and send my money all the material will be deleted and you will not hear from me again.
--
This message was sent to you by FeedBurner (feedburner.google.com)
You received this message because someone requested a subscription to the feed, THIS IS THE LAST WARNING, BE CAREFUL.
If you received this in error, please disregard. Do not reply directly to this email.
Email analysis :
NOTE : 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR
NOTE : Scam
NOTE : noreply+feedproxy@google.com
(YOU SHOULD NOT IGNORE THIS MESSAGE OTHERWISE ALL YOUR PRIVACY WILL BE EXPOSED)
I guess there isnt good news
I setup an very small malware in a porn website (adult videowebsite) and you viewed the videos (you know what im talking,).
While you were watching the videos my malvware started to work as a RDP (remote desktop view) with a keylogger and i had access to your device screen and camera.
My malvware also collected your contacts (from email, social network, etc...)
After this i started to record your screen and your camera at the same time. So i created an double-screen video (half side your camera watching porn and half side your screen).
As you might be thinking i had a lot of trouble doing all this.
You might be worried at this point but dont be, its simple to fix all this mess, all you have to do is pay me U$350, this value is enough to keep our little secret safe.
You will make my payment through Bitcoin (if you dont know how to buy Bitcoin search on google, its fast and easy, i recommend localbitcoins).
The Bitcoin address you have to send the money is: 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR
You only have 24 hours to send my money after reading this e-mail (i setup an special tracking pixel in this message and i will know when you read it).
If i do not receive my Bitcoins i will send your double-screen video to all contacts that i collected from you (including friends, co-workers, family).
If you are wise enough and send my money all the material will be deleted and you will not hear from me again.
--
This message was sent to you by FeedBurner (feedburner.google.com)
You received this message because someone requested a subscription to the feed, THIS IS THE LAST WARNING, BE CAREFUL.
If you received this in error, please disregard. Do not reply directly to this email.
Email analysis :
NOTE : 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR
NOTE : Scam
NOTE : noreply+feedproxy@google.com
Monday, December 18, 2017
Attention: Your account status change ! (PayPal Phishing attempt)
PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?
Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.
Phishing screenshot :
Email analysis :
NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php
Phishing analysis :
CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt
Sunday, December 10, 2017
Final reminder: update your payment details
Please Update Your Payment Method Now
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.
Email analysis :
NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])
Phishing screenshot :
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :
Dear Valued Netflix User
Sorry for the interruption, but we are having trouble authorizing your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.
When you have finished, we will try to verify your account again.
If it still does not work, you will want to contact your credit card company.
To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.
Log In To account
If you have any questions, we are happy to help. Simply call us at 0800-917812.
The Netflix Team
Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.
Email analysis :
NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])
Phishing screenshot :
Phishing analysis :
CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :
VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :
MFL Company
ARE YOU IN NEED OF A LOAN? IF YES EMAIL US FOR MORE INFO WE ARE LOCATED HERE IN UNITED STATES. EMAIL US AT: (mflcompany1960@gmail.com) NAME...................... COUNTRY............ STATE............ LOAN AMOUNT NEEDED........... DURATION OF LOAN............. PHONE NUMBER............. WE ARE LOCATED HERE IN UNITED STATES. EMAIL US AT: (mflcompany1960@gmail.com)
Email analysis :
NOTE : mflcompany1960@gmail.com
NOTE : fsantamariaj@hnn.sa.cr
NOTE : Received : from zimbra-correo.hnn.sa.cr (zimbra-correo.hnn.sa.cr [10.122.0.180])
NOTE : by zimbra-proxy.hnn.sa.cr
NOTE : client-ip=68.232.147.136;
Email analysis :
NOTE : mflcompany1960@gmail.com
NOTE : fsantamariaj@hnn.sa.cr
NOTE : Received : from zimbra-correo.hnn.sa.cr (zimbra-correo.hnn.sa.cr [10.122.0.180])
NOTE : by zimbra-proxy.hnn.sa.cr
NOTE : client-ip=68.232.147.136;
Would you want to be a crude oil license Operator ?
Hello, Have you ever thought of becoming a crude oil license operator ? I can guide you to acquire a crude oil seller mandate at ease with a known National Oil Company. I will give you details as soon as I hear from you. Best Regards Engr. Marcs Herman marcsherman@alumni.com
Email analysis :
NOTE : Received : from mail.wt.co.th (171-100-57-206.static.asianet.co.th. [171.100.57.206])
NOTE : client-ip=171.100.57.206;
Email analysis :
NOTE : Received : from mail.wt.co.th (171-100-57-206.static.asianet.co.th. [171.100.57.206])
NOTE : client-ip=171.100.57.206;
Payment
Hello, are you still interested in the transaction?
Please e-Mail me immediately with your full address and Phone #. So I can re-communicate the transaction details to you.
God bless America !!
Respectfully,
Lt. Gen. Wendy Barnett (Mrs.),
APO 1256, SD...Delta Force 18 TG Airborne Corps, United States
e-Mail: w.mbarnett2@gmail.com
Email analysis :
NOTE : hamaoka.gb@grandbowl.jp
NOTE : noreply@us.army.mil
NOTE : aucvamos@aol.com
NOTE : Received : (from grandbowl@localhost) by www326b.sakura.ne.jp (8.14.5/8.14.5/Submit)
NOTE : X-Authentication-Warning : www326b.sakura.ne.jp: grandbowl set sender to hamaoka.gb@grandbowl.jp using -f
NOTE : Received : from www326b.sakura.ne.jp (www326b.sakura.ne.jp. [219.94.155.156])
Please e-Mail me immediately with your full address and Phone #. So I can re-communicate the transaction details to you.
God bless America !!
Respectfully,
Lt. Gen. Wendy Barnett (Mrs.),
APO 1256, SD...Delta Force 18 TG Airborne Corps, United States
e-Mail: w.mbarnett2@gmail.com
Email analysis :
NOTE : hamaoka.gb@grandbowl.jp
NOTE : noreply@us.army.mil
NOTE : aucvamos@aol.com
NOTE : Received : (from grandbowl@localhost) by www326b.sakura.ne.jp (8.14.5/8.14.5/Submit)
NOTE : X-Authentication-Warning : www326b.sakura.ne.jp: grandbowl set sender to hamaoka.gb@grandbowl.jp using -f
NOTE : Received : from www326b.sakura.ne.jp (www326b.sakura.ne.jp. [219.94.155.156])
W-II
W-IISent: Sun, 10 Dec 2017 06:59:26 -0500 (EST)
Subject: Re: W-II
Your Email Has Won
Email analysis :
NOTE : bmwautomobileprize@hotmail.com
NOTE : bcknew@centurylink.net
NOTE : eseosaa00@gmail.com
NOTE : X-Mailer : Zimbra 8.7.6_GA_1776 (zclient/8.7.6_GA_1776)
NOTE : Received : from [10.41.66.0] ([10.41.66.0:53450]
NOTE : Received : from smtp.centurylink.net (mail.onyx.syn-alias.com. [206.152.134.66])
Subject: Re: W-II
Your Email Has Won
Email analysis :
NOTE : bmwautomobileprize@hotmail.com
NOTE : bcknew@centurylink.net
NOTE : eseosaa00@gmail.com
NOTE : X-Mailer : Zimbra 8.7.6_GA_1776 (zclient/8.7.6_GA_1776)
NOTE : Received : from [10.41.66.0] ([10.41.66.0:53450]
NOTE : Received : from smtp.centurylink.net (mail.onyx.syn-alias.com. [206.152.134.66])
Friday, December 8, 2017
Agent
To whom it may concern:
We bring you genuine and certified credit offer. Contact us for more details if you are honestly interested please. You can send a whatsapp message for more info at +91-720-433-5745
Email analysis :
NOTE : maryjaynewise2342@gmail.com
NOTE : Received : from unknown (HELO acsgsemail1.acsgs.com)
NOTE : ([65.248.101.241])
We bring you genuine and certified credit offer. Contact us for more details if you are honestly interested please. You can send a whatsapp message for more info at +91-720-433-5745
Email analysis :
NOTE : maryjaynewise2342@gmail.com
NOTE : Received : from unknown (HELO acsgsemail1.acsgs.com)
NOTE : ([65.248.101.241])
Tuesday, November 28, 2017
Anko Ship / export inquiry (Virus)
Dear sir/Madam
Thank you for doing business with us in the past. My name is Tonia and i am representing Anko Ship & Export. Please find attached our updated company profile with required technical details and contract terms for attached inquiry.
Please review the contract and also quote your best quote and payment terms.
Thanks and kind regards.
Mrs Tonia
Anko inquiry 1511855105.jar
ANKO DOC.rar
File analysis (Virus) :
Anko inquiry 1511855105.jar
Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
ANKO DOC.rar :
Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
Sophos AV : Mal/DrodZp-A
Email analysis :
NOTE : import@bondagency.com
NOTE : User-Agent : Roundcube Webmail/1.2.7
NOTE : Received : from pleskbusinessweb.if1.housing.ehiweb.it
NOTE : (pleskbusinessweb.if2.housing.ehiweb.it [79.98.45.57])
Thank you for doing business with us in the past. My name is Tonia and i am representing Anko Ship & Export. Please find attached our updated company profile with required technical details and contract terms for attached inquiry.
Please review the contract and also quote your best quote and payment terms.
Thanks and kind regards.
Mrs Tonia
Anko inquiry 1511855105.jar
ANKO DOC.rar
File analysis (Virus) :
Anko inquiry 1511855105.jar
Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
ANKO DOC.rar :
Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
Sophos AV : Mal/DrodZp-A
Email analysis :
NOTE : import@bondagency.com
NOTE : User-Agent : Roundcube Webmail/1.2.7
NOTE : Received : from pleskbusinessweb.if1.housing.ehiweb.it
NOTE : (pleskbusinessweb.if2.housing.ehiweb.it [79.98.45.57])
In accordance to my religious persuasion
Hello my dear,
In accordance to my religious persuasion, I felt expedient to write and inform you on the wicked conspiracy hatched by the duo of (Mr.Anthony and Mr. Hassan ) from Ministry Of Finance to divert your funds to their designated account in Cayman Island but unfortunately, they begin to find it difficult to divert the funds due to their inability to provide an adequate identity of the funds, they now moved the funds down to Africa and hide it in a security company in other to buy time to enable them embezzle the funds at their own convenient time, but God stopped them.
From my position as a lowly clerk in this office, Miami Finance Department (444 SW 2nd Ave, Miami, FL 33130, USA), I discovered that the duo criminals moved the fund from United States to China, and then moved it again to Banco Italiano in ITALY. Yesterday, I found out through the Central computer database that they are about to reroute the funds to a security company in Republique Du Benin where they will be able to maneuver the strict IMF money laundering regulatory orders. With this, I felt that it is important for me to alert you on this development. They are still using your name and contract/inheritance identification number as the beneficiary but they have changed the account co-ordinate and this is the reason why they are frustrating you by delaying the transfer of your funds to you, so in order to buy time pending on when they will transfer your funds to their designated account.
I have the reference number of the transaction and also I have the number of the official who is directly in charge at the SECURITY COMPANY. Your payment is supposed to go through the Euro-Asia Credit Control Financial Clearing Department before final Lodgement into the security company. All the data/information about your funds file are within my reach. I do not need gratification from you either in cash or kind. I can never be a part of evil because the bible said YE SHALL KNOW THE TRUTH AND THE TRUTH SHALL SET YOU FREE.
Please respect my discretion in this matter! I will send you the reference number, the name and contact information of the officials of the security company were they kept your funds in Republique Du Benin when I receive your response. I repeat, please do not expose my person, it is not easy to get employment around here and I cannot contend with these powerful individuals because they can eliminate me.
You are advice to reply me immediately at (mollyvariantofmary@aol.com) as I access this e-mail more often.
God bless you,
Molly Variant Of Mary
Email analysis :
NOTE : mollyvariantofmary@yahoo.com
NOTE : mollyvariantofmary@aol.com
NOTE : client-ip=74.6.130.125;
In accordance to my religious persuasion, I felt expedient to write and inform you on the wicked conspiracy hatched by the duo of (Mr.Anthony and Mr. Hassan ) from Ministry Of Finance to divert your funds to their designated account in Cayman Island but unfortunately, they begin to find it difficult to divert the funds due to their inability to provide an adequate identity of the funds, they now moved the funds down to Africa and hide it in a security company in other to buy time to enable them embezzle the funds at their own convenient time, but God stopped them.
From my position as a lowly clerk in this office, Miami Finance Department (444 SW 2nd Ave, Miami, FL 33130, USA), I discovered that the duo criminals moved the fund from United States to China, and then moved it again to Banco Italiano in ITALY. Yesterday, I found out through the Central computer database that they are about to reroute the funds to a security company in Republique Du Benin where they will be able to maneuver the strict IMF money laundering regulatory orders. With this, I felt that it is important for me to alert you on this development. They are still using your name and contract/inheritance identification number as the beneficiary but they have changed the account co-ordinate and this is the reason why they are frustrating you by delaying the transfer of your funds to you, so in order to buy time pending on when they will transfer your funds to their designated account.
I have the reference number of the transaction and also I have the number of the official who is directly in charge at the SECURITY COMPANY. Your payment is supposed to go through the Euro-Asia Credit Control Financial Clearing Department before final Lodgement into the security company. All the data/information about your funds file are within my reach. I do not need gratification from you either in cash or kind. I can never be a part of evil because the bible said YE SHALL KNOW THE TRUTH AND THE TRUTH SHALL SET YOU FREE.
Please respect my discretion in this matter! I will send you the reference number, the name and contact information of the officials of the security company were they kept your funds in Republique Du Benin when I receive your response. I repeat, please do not expose my person, it is not easy to get employment around here and I cannot contend with these powerful individuals because they can eliminate me.
You are advice to reply me immediately at (mollyvariantofmary@aol.com) as I access this e-mail more often.
God bless you,
Molly Variant Of Mary
Email analysis :
NOTE : mollyvariantofmary@yahoo.com
NOTE : mollyvariantofmary@aol.com
NOTE : client-ip=74.6.130.125;
TR :Rappel (Tentative de Phishing Société Générale)
Phishing Société Générale
Email analysis :
NOTE : crommentuijn@home.nl
NOTE : Received : from [212.54.34.114] (helo=smtp6.mnd.mail.iss.as9143.net)
NOTE : by smtpq4.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
NOTE : (envelope-from < crommentuijn@home.nl >)
NOTE : X-Sourceip : 195.88.51.10
Phishing analysis :
CLICK : IMG
OPEN : http://flygplats.sjoboflyg.se/temp/
SCREENSHOT :
Email analysis :
NOTE : crommentuijn@home.nl
NOTE : Received : from [212.54.34.114] (helo=smtp6.mnd.mail.iss.as9143.net)
NOTE : by smtpq4.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
NOTE : (envelope-from < crommentuijn@home.nl >)
NOTE : X-Sourceip : 195.88.51.10
Phishing analysis :
CLICK : IMG
OPEN : http://flygplats.sjoboflyg.se/temp/
SCREENSHOT :
*@* - recibo de pago según lo acordado!
Hola.
Como habíamos conversado el día 21/11/2017 Se ha efectuado la transferencia a su cuenta sobre la anulación de la compra, Por favor verifique.
Nota: Usted puede imprimir el recibo Clicando Aquí
B&F - Abogados Asociados - CL
Email analysis :
NOTE : abogados82734.com@live.com
NOTE : root@live.com
NOTE : root@live.com does not designate 173.255.211.90 as permitted sender
Phishing analysis :
CLICK : Clicando Aquí
STUDY LINK : https://bit.do/dUvpv?*@*.com
REMOVE EMAIL : https://bit.do/dUvpv
ADD - : https://bit.do/dUvpv-
SCREENSHOT :
DOWNLOAD : http://inmisrad.org/Comprobante.zip
FILE : VIRUS
Virus :
Cyren : JS/Downldr.ES2!Eldorado
DrWeb : VBS.Psyme.126
ESET-NOD32 : JS/TrojanDownloader.Banload.RM
F-Prot : JS/Downldr.ES2!Eldorado
Ikarus : Win32.Outbreak
Kaspersky : HEUR:Trojan.Script.Agent.gen
NANO-Antivirus : Trojan.Script.Heuristic-js.iacgm
Qihoo-360 : virus.js.qexvmc.1080
Rising : Downloader.Banload!8.15B (TOPIS:acBkcffG9cJ)
Symantec : JS.Downloader!gen40
ZoneAlarm : HEUR:Trojan.Script.Agent.gen
Paste :
PASTE : https://pastebin.com/upZWkBFT
Como habíamos conversado el día 21/11/2017 Se ha efectuado la transferencia a su cuenta sobre la anulación de la compra, Por favor verifique.
Nota: Usted puede imprimir el recibo Clicando Aquí
B&F - Abogados Asociados - CL
Email analysis :
NOTE : abogados82734.com@live.com
NOTE : root@live.com
NOTE : root@live.com does not designate 173.255.211.90 as permitted sender
Phishing analysis :
CLICK : Clicando Aquí
STUDY LINK : https://bit.do/dUvpv?*@*.com
REMOVE EMAIL : https://bit.do/dUvpv
ADD - : https://bit.do/dUvpv-
SCREENSHOT :
DOWNLOAD : http://inmisrad.org/Comprobante.zip
FILE : VIRUS
Virus :
Cyren : JS/Downldr.ES2!Eldorado
DrWeb : VBS.Psyme.126
ESET-NOD32 : JS/TrojanDownloader.Banload.RM
F-Prot : JS/Downldr.ES2!Eldorado
Ikarus : Win32.Outbreak
Kaspersky : HEUR:Trojan.Script.Agent.gen
NANO-Antivirus : Trojan.Script.Heuristic-js.iacgm
Qihoo-360 : virus.js.qexvmc.1080
Rising : Downloader.Banload!8.15B (TOPIS:acBkcffG9cJ)
Symantec : JS.Downloader!gen40
ZoneAlarm : HEUR:Trojan.Script.Agent.gen
Paste :
PASTE : https://pastebin.com/upZWkBFT
Subscribe to:
Posts (Atom)