Thursday, October 30, 2014

U.S ARMY IN AFGHANISTAN

Hi My Friend,

I am Col Brian D Kent, Commander of the, 3rd HBCT/ 3ID Sledgehammer Peace keeping Force deployed to Kabul, Afghanistan from Iraq. Can you be trusted? I have some Important items to ship to you, get back to me as per for more information Through my private mail { colbrian_dkent@aol.co.uk } I will explain further when I get a response from you.

Respectfully,
Col Brian D Kent
US 3rd HBCT Corps. Kabul

Email analysis :

NOTE : Content-Type : text/plain; charset="iso-8859-1"
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < info@captain.com >
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : Received : from zcs.gov.mg ([127.0.0.1])
NOTE : Received : from [180.215.247.79] (unknown [180.215.247.79]) by zcs.gov.mg
NOTE : X-Virus-Scanned : amavisd-new at gov.mg
NOTE : client-ip=41.190.238.151;


NOTE : Content-Description : Mail message body
NOTE : U.S ARMY IN AFGHANISTAN

Alert From Alibaba (Alibaba phishing)

Alibaba

Dear Valued User:

Alibaba service verification !

Your Alibaba service account needs an important email verification due to the new upgrade on our system security server. you are therefore required to verify your email account by following the reference below:

Click here now to get your email verified >>

Wishing you the very best of business!
Alibaba.com’s Service Team
This is an automated email. Please do not reply directly.

If you have any questions, please review the privacy protection rules
Hotline: 0571-85027110 E-mail: ali@alibaba-inc.com Service Center

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html
NOTE : Return-Path : < http@neo.backiel.com.pl >
NOTE : Received : from neo.backiel.com.pl (neo.backiel.com.pl. [194.88.154.10])
NOTE : Received : by neo.backiel.com.pl (Postfix, from userid 51)
NOTE : X-Php-Originating-Script : 51:mailer.php
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Alert From Alibaba

Phishing analysis :

CLICK : Click here now to get your email verified >>
OPEN : http://shopzza.com/alibaba/index.html
VALIDATE :


REDIRECT : http://shopzza.com/alibaba/processing.html

shopzza.com whois :

Domain Name: SHOPZZA.COM
Registry Domain ID: 1749924326_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2014-10-06T18:34:16Z
Creation Date: 2012-10-04T19:31:54Z
Registrar Registration Expiration Date: 2015-10-04T19:31:54Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
Domain Status: clientTransferProhibited
Registry Registrant ID: PP-SP-001
Registrant Name: Domain Admin
Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Registrant City: Nobby Beach
Registrant State/Province: Queensland
Registrant Postal Code: QLD 4218
Registrant Country: AU
Registrant Phone: +45.36946676
Registrant Email: contact@privacyprotect.org
Registry Admin ID: PP-SP-001
Name Server: ns1.gvodns.com
Name Server: ns2.gvodns.com
DNSSEC:Unsigned
Registration Service Provided By: HOST-CARE.COM

Contact Michael Tim (Esq)

Irregular check card activity
American Express

Dear Customer,

We detected irregular card activity on your American Express Check Card on 21 October, 2014. As the Primary Contact, you must verify your credit card activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your card. To review your account as soon as possible please click on the link below.

http://ucsdiagnostic.com/qlgsqpsvgk/wigzbftlar.html

Thank you for your Card Membership.

-------------
American Express Customer Care
Fraud Department:
Erica Bermudez
Level III Security Officer

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ywvh@boston.sisna.com >
NOTE : Received : from host29.181-14-177.telecom.net.ar (181.14.177.29)
NOTE : Irregular card activity

Phishing analysis :

CLICK : http://ucsdiagnostic.com/qlgsqpsvgk/wigzbftlar.html
NOTE : page was corrected by admin

ucsdiagnostic.com whois :

Domain Name: UCSDIAGNOSTIC.COM
Registrar URL: http://www.wildwestdomains.com
Registrant Name: Antonio Santoro
Registrant Organization: UCS DIAGNOSTIC S.R.L.
Name Server: NS1.OMNIBUS.NET
Name Server: NS2.OMNIBUS.NET
DNSSEC: unsigned

your payment is available.

Western Union®Welcome to Western Union
Send Money Worldwide
Our Ref:WUMT0XX2/987
Email; (richardwhite595@gmail.com).
Telephone: +22999867970.

Attention Dear Value Customer,

Welcome to Western Union Money Transfer Agent, We wish to inform you that the IMF have release your fund sum of $2,8 million US dollars issued on your name the money was deposited with us in this Office as MTCN credit card, we shall be sending the money to you everyday $5000.00usd until we complete the total payment. We are very glad to inform you that we have credit your first payment of $5000.00usd, but bare it in mind that the $5000.00usd will not be given to you except you pay for transfer charge which is $68.00, you have to pay the money through our service western union to the information we give you here, then after confirm the payment of $68.00 from you, we shall release your first $5000.00usd to enable you pick it up and get back to us for the second payment,As you can see here is the MTCN Number of your first payment which we credited for you today, track it with our website: www.westernunion.com, to confirm that your payment is available.

1)Senders Name::Godwin Onyia
2)MTCN Number::: 6890479748
3)Amount::: $5000.00 USD.

Track it with our website: www.westernunion.com

Note that on your reply this massage make sure you send the full information to this E-mail here(richardwhite595@gmail.com) Remember that the full details you can use to pick up this first payment will be send to you once we receive the transfer charge of $68.00, You have to treat urgent by reconfirming your full information to us immediately you receive this massage to enable us start the process of your payment immediately.

1.Your Full Name...
2.Your Address...
3.Your Tel Number....
4.Occupation.......
5.Country....
6.City.........
7.Age..........

These are the information about your money you can go to any western union to pick up the money, don't forget that you have to settle for the transfer charge before we can give the full information of your first payment of $5000.oousd we waiting to receive the above information from your so that we can direct you where to send the transfer charge of $68.00 which is only delay now, kindly get back to us with the required information so that we can direct you where to send the fee of $68.00. We looks forward to receive the transfer charge together with your full information, to enable us release this first $5000.00usd for you to pick it up and get back to us for the second payment ok. For more information's Call +229 9986-7970. Get Back ASAP.

Yours in service
MR. richard white.
Tel: +229 99867970..
E-MAIL:(richardwhite595@gmail.com)
Western Union Benin Republic Manager.

ADMIN.IN.TH

Whois Server Version 2.1.2

Domain: ADMIN.IN.TH
Registrar: T.H.NIC Co., Ltd.
Name Server: NS1.ADMIN.IN.TH
Name Server: NS2.ADMIN.IN.TH
Status: ACTIVE
Updated date: 15 May 2014
Created date: 2 Nov 2005
Renew date: 2 Nov 2014
Exp date: 1 Nov 2015
Domain Holder: Suphachai Phirungreng ( คุณศุภชัย ไพรรุ่งเรือง )
846/121 Bongmod Tungkru Bangkok
10140 TH

Tech Contact: 68990
บริษัท แอดมิน ซิสเต็มท์ อินเตอร์เน็ต โซลูชั่น จำกัด
511/15 ถ.ประชาอุทิศ แขวงทุ่งครุ เขตทุ่งครุ กทม.
10140 TH