Tuesday, October 27, 2015

We were unable to process your most recent payment... (Amazon Phishing)

Amazon.com

Today's Deals See All Departments

= = = = = = = = = = = = = = = = = = = =

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?. To ensure that your service is not interrupted, please update your billing information today.

Confirm your account now

We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. If you need further assistance with your order.

= = = = = = = = = = = = = = = = = = = =

Amazon.com
Connect with us

Phishing analysis :

CLICK : Confirm your account now
OPEN : http://www.intellectualjourneyofenlightenment.org/admin/css/amazon.com-verification/id/
RESULT : This Account Has Been Suspended

intellectualjourneyofenlightenment.org whois :

Registrant ID:DI_41908394
Registrant Name:Atul Kumar Jain
Registrant Organization:intellectualjourneyofenlightenment.org
Registrant Street: 363, sec 15
Registrant City:Panchkula
Registrant State/Province:Haryana
Registrant Postal Code:134114
Registrant Country:IN
Registrant Phone:+91.9888054461
Registrant Email:atul.jain2711@gmail.com
Admin ID:DI_41908394

Email analysis :

NOTE : noreply@amzon.support82.e-i.com
NOTE : 192.163.247.190 (ami.amiableargument.com)
NOTE : X-Source-Args : /usr/bin/php /home/wwwtheiv/public_html/clientscript/ie7/wp-confiiig.php
NOTE : Received : from wwwtheiv by ami.amiableargument.com
NOTE : (envelope-from < wwwtheiv@ami.amiableargument.com >)
NOTE : X-Mailer : theivoryquill.com
NOTE : X-Php-Script : theivoryquill.com/clientscript/ie7/wp-confiiig.php
NOTE : for 185.109.161.21


NOTE : X-Get-Message-Sender-Via : ami.amiableargument.com:
NOTE : authenticated_id: wwwtheiv/only
NOTE : user confirmed/virtual account not confirmed

Payment Swift Copy

sir,

Upon request,Your customer has advised for your payment. Be informed that the following payment is made to your account as per attached HSBC payment swift copy. You are adviced to confirm receipt of payment as detailed.

Yours faithfully,
Global Payments and Cash Management.

HSBC

1 HSBC Payment Swift copy.doc (total 1.3KB)

View slide show (1)Download

Link analysis :

NOTE : http://peridotsgroup.com/colins/HSBC%20Payment%20Swift%20copy.doc
NOTE : BitDefender : Malware site
NOTE : Emsisoft : Malware site

File analysis :

Avira : EXP/CVE-2012-0158
CAT-QuickHeal : Exp.RTF.CVE-2012-0158
DrWeb : Exploit.Rtf.CVE2012-0158
Kaspersky : Exploit.Win32.CVE-2012-0158.j
Qihoo-360 : virus.exp.20120158
Rising : NORMAL:Hack.CVE-2012-0158.a!1614593 [F]
Sophos : Troj/DocDrop-DT
Symantec : Bloodhound.RTF.3
TrendMicro : HEUR_RTFMALFORME

Email analysis :

NOTE : purchasemanager@tescogroup.com
NOTE : Received : by endpoint708401cf.chios.panth.io
NOTE : 162.242.168.6 ()

Openings? (Virus)

Hi there.

I saw your business today Sat, 24 Oct 2015 and found it very likeable.
I was praying there was any possibility of employment, just to prove my competence.

As you will see in my resume, I am very qualified and have a very sweeping experience in this field of work. I am confident it will be worth your time reviewing it, and I am even more positive you will find me very suitable in your corporation.

Please see my CV.

I'm very much looking forward to hearing from you.

Thanks,

Theda Deisch

My_Resume_64004.doc

My_Resume_64004.doc analysis :

My_Resume_64004.doc is a virus.

Virus analysis :

AVware LooksLike.Macro.Malware.h (v)
AhnLab-V3 : DOC/Downloader
Arcabit : HEUR.VBA.Trojan
CAT-QuickHeal : O97M.Dropper.LQ
Fortinet : WM/Agent!tr
Ikarus : Trojan-Downloader.VBA.Agent
Sophos : Troj/DocDl-AFA
Symantec : W97M.Downloader
TrendMicro : TROJ_FRS.0NA004JP15
TrendMicro-HouseCall : TROJ_FRS.0NA004JP15
VIPRE : LooksLike.Macro.Malware.h (v)

Email analysis :

NOTE : thedaobmhf@rambler.ru
NOTE : Mime-Version : 1.0
NOTE : 81.19.67.206


NOTE : X-Rambler-User : thedaobmhf@rambler.ru/117.253.216.19


NOTE : X-Mailer : Rambler WebMail, http://mail.rambler.ru/
NOTE : Received : from [117.253.216.19] by mail.rambler.ru
NOTE : Openings?

LUCRATIVE DISTRIBUTORSHIPS AVAILABLE

We are a U.S. company looking for distributors worldwide. We have been manufacturing and distributing slip-resistant floor treatments for more than 26 years! One 30 minute application with our Amazing Anti-Slip Floor Treatment will make floors slip-resistant and safe for 4 years - Guaranteed! Indoors or Outdoors No Change in Appearance For use on: Ceramic, Marble, Granite, Porcelain and Quarry Tiles Concrete, etc.. Typical Applications: Restaurant Kitchen Floors, Office Buildings, Hotels, Hospitals, etc.

Some of our satisfied customers: , Kroger, Holiday Inn, McDonald's, Miami Children's Hospital Pfizer, etc. Please contact us for details and to see if there is a distributorship available in your country. For an Exclusive Distributorship, an Initial Inventory Investment of $5,000 USD - $20,000 USD is required, depending upon the country.

Best regards,
Jeremy
Email: ydiney@tom.com

PLEASE INCLUDE YOUR NAME, COUNTRY & E-MAIL ADDRESS

Email analysis :

NOTE : diurios@mail.com
NOTE : Received : from lydia.pu88.net (31.220.42.101)

Private Investment Placement

Welcome to our Private Placement Portfolio.

I am a Staff of a Venture Capital Firm specializing in Growth Capital Investments/Loans.We seek to invest in Projects with Public and Private sectors in a broad range of areas including Real estate,Agriculture, Energy, Oil and Gas ,emerging markets and high-technology. Within the technology sector, the firm focuses on communications, software,digital content and services.

We wish to invest between $1Million-$500Million in any viable projects that your company requires funding on investment capacity/Loan Application. Upon the review of your company's Project Business Plan we shall determine on the projects possible funding. This will be a silent and Private Placement Investments.

Endeavor to respond promptly if the investment proposal meets your company's approval.

Kind Regards,
Lopati T

Email analysis :

NOTE : lopatit@mail.notes.cc
NOTE : ltuala225@gmail.com
NOTE : client-ip=46.22.145.69;
NOTE : Private Investment Placement

Reference to your Payment

To Your Attention;

On behalf of the board and management of Foreign Payment Department, I Mrs. Kathryn Bennett,the Managing Director of Foreign Payment Department wishes to inform you that your contractual payment w hich was suspended by the Nigerian government is due for Immediate collection.

Be informed that we have concluded all arrangements to transfer your fund to your account through Sterling Bank Plc. In line with the binding contractual payment policies, kindly furnish us with the following as set forth.

Your complete Banking details where you want the fund to be transfer and a copy of your international passport or any other means of identification as the true Beneficiary .your telephone number. The Contract Amount is $2.7Million, You shall required Setting up a Non Resident Account with Sterling Bank Plc, before your fund will be release transfer to your account in your country.

Your immediate response is needed.

Best Regards
Mrs. Kathryn Bennett.
Director Foreign Payment Department

Email analysis :

NOTE : fplc379@gmail.com
NOTE : dondonthecat22@yahoo.co.jp
NOTE : Received : from [41.71.163.249]
NOTE : by web102019.mail.ssk.yahoo.co.jp

Your account expires in less than 48 hours .

Hello,

please, kindly quote your best prices for our attached order.Your company came higly recommeded for this order. For item No 1,4,6 & 7..give your best prices for we wish to make large order. Add me on Skype for detailed discussion

Awaiting your urgent confirmation

Thanks & Best Regards
NAZIR AHMED
PHONE: +92-222-633263, +92-222-617906,
FAX: +92-222-612877
Mobile : +92-300-3010717
EMAIL: info@almarryamint.com afintpk@yahoo.com
SKYPE: afintpk

subject...Order No. 1,4,6 & 7

ORDER.ace

File analysis :

ORDER.ace : virus.
ORDER.ace : Qihoo-360 : htm.faceliker.d.39

Email analysis :

NOTE : arabico2222@gmail.com
NOTE : Mime-Version : 1.0
NOTE : User-Agent : SquirrelMail/1.5.2 [SVN]
NOTE : Received : from march.alignhosting.com
NOTE : (march.alignhosting.com. [67.205.123.150])
NOTE : authenticated_id: info@stcotransport.com

Our awesome financial scheme.

Good day,

Are you Interested in awesome financial scheme and loan offer at interest rate of 3%? Contact us for more details.

Sincerely,

Mr. Wolfgang . U. Fischer.

FIRM ALLIANCE UK LIMITED

Email analysis :

NOTE : info@alliancelf.com
NOTE : Received : from mailer-72.eaudiencemarketing.com (192.228.96.154)
NOTE : Received : from unknown (HELO User)
NOTE : (test3@findersmedia.com@85.16.128.242)
NOTE : by -X with ESMTPA

INFORMATION

Hello,

I will like us to discuss some important business issues that will be of mutual benefit to us. Please, kindly confirm your name and email address to enable me ascertain that my mail is to the correct person.

Do send me mail: gordch01@yahoo.com.hk

Thank you.

Gordon C.

Email analysis :

NOTE : scottie@hibs.net
NOTE : gordch01@yahoo.com.hk
NOTE : Received : from User (unknown [168.187.246.41])
NOTE : by hibs-net.nh-serv.co.uk (Postfix)

Your account will expire in 48 hours. (Apple Phishing)

dear client ,

We inform you that your account will expire in 48 hours, it is imperative to conduct an audit of your information to the Now, using your iTunes ID.

Check now

The sending of this email applies when the expiration date of your
account expires,

For more information, see the Security Center category.

thank you,
Apple Support

Phishing analysis :

CLICK : Check now
OPEN : http://bomcity.co/main/iTunes.htm
REDIRECT : http://unlocksuccessmembers.com/iTunes/***/
SCREENSHOT :


VALIDATE : FORM
REDIRECT : http://unlocksuccessmembers.com/iTunes/***/Verification.php
SCREENSHOT :


NOTE : unlocksuccessmembers.com redirect to fiverchamp.com

Whois analysis :

bomcity.co :

Domain Name: BOMCITY.CO
Domain ID: D1433807-CO
Sponsoring Registrar: INSTRA CORPORATION PTY LTD
Sponsoring Registrar IANA ID: 1376
Registrar URL (registration services): whois.instra.net
Domain Status: ok
Registrant ID: TUHAFHUSFMUH682Z
Registrant Name: Dominic Tong
Registrant Address1: Flat F, 42/F, Tower 5
Registrant Address2: Ocean Shores, TKO
Registrant City: Hong Kong
Registrant Postal Code: 000
Registrant Country: Hong Kong
Registrant Country Code: HK
Registrant Phone Number: +852.90348565
Registrant Email: codomains@instra.com
Administrative Contact ID: TUSUQQUY9AQN00ME
Administrative Contact Name: Dominic Tong
Administrative Contact Address1: Flat F, 42/F, Tower 5
Administrative Contact Address2: Ocean Shores, TKO
Administrative Contact City: Hong Kong
Administrative Contact Postal Code: 000
Administrative Contact Country: Hong Kong
Administrative Contact Country Code: HK
Administrative Contact Phone Number: +852.90348565
Administrative Contact Email: codomains@instra.com
Billing Contact ID: TUJQANM3X6PC71J4
Billing Contact Name: Dominic Tong
Billing Contact Address1: Flat F, 42/F, Tower 5
Billing Contact Address2: Ocean Shores, TKO
Billing Contact City: Hong Kong
Billing Contact Postal Code: 000
Billing Contact Country: Hong Kong
Billing Contact Country Code: HK
Billing Contact Phone Number: +852.90348565
Billing Contact Email: codomains@instra.com
Technical Contact ID: TURJGNWGXN7HO1OW
Technical Contact Name: Dominic Tong
Technical Contact Address1: Flat F, 42/F, Tower 5
Technical Contact Address2: Ocean Shores, TKO
Technical Contact City: Hong Kong
Technical Contact Postal Code: 000
Technical Contact Country: Hong Kong
Technical Contact Country Code: HK
Technical Contact Phone Number: +852.90348565
Technical Contact Email: codomains@instra.com
Name Server: NS1.INSTRADNS.COM
Name Server: NS2.INSTRADNS.COM
Name Server: NS3.INSTRADNS.COM
Created by Registrar: TUCOWS DOMAINS INC.
Last Updated by Registrar: INSTRA CORPORATION PTY LTD
Last Transferred Date: Thu Apr 19 12:26:36 GMT 2012
Domain Registration Date: Wed Jul 21 05:10:16 GMT 2010
Domain Expiration Date: Wed Jul 20 23:59:59 GMT 2016
Domain Last Updated Date: Mon Jul 13 01:05:35 GMT 2015
DNSSEC: false

unlocksuccessmembers.com :

Domain Name: UNLOCKSUCCESSMEMBERS.COM
Registry Domain ID: 1909356745_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-03-12T05:42:16Z
Creation Date: 2015-03-12T05:42:16Z
Registrar Registration Expiration Date: 2016-03-12T05:42:16Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registrant Name: Morrison Publishing, LLC
Registrant Street: 965 Hwy 51n ste 4-100
Registrant City: madison
Registrant State/Province: Mississippi
Registrant Postal Code: 39110
Registrant Country: United States
Registrant Phone: +1.6014881062
Registrant Email: anthony@anthonymorrison.com
Admin Name: Morrison Publishing, LLC
Admin Street: 965 Hwy 51n ste 4-100
Admin City: madison
Admin State/Province: Mississippi
Admin Postal Code: 39110
Admin Country: United States
Admin Phone: +1.6014881062
Admin Email: anthony@anthonymorrison.com
Tech Name: Morrison Publishing, LLC
Tech Street: 965 Hwy 51n ste 4-100
Tech City: madison
Tech State/Province: Mississippi
Tech Postal Code: 39110
Tech Country: United States
Tech Phone: +1.6014881062
Tech Email: anthony@anthonymorrison.com
Name Server: NS1.MYLAUNCHMEMBERS.COM
Name Server: NS2.MYLAUNCHMEMBERS.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

fiverchamp.com :

Domain Name: FIVERCHAMP.COM
Registrar: GODADDY.COM, LLC
Sponsoring Registrar IANA ID: 146
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1527.WEBSITEWELCOME.COM
Name Server: NS1528.WEBSITEWELCOME.COM
Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Updated Date: 30-mar-2014
Creation Date: 05-jan-2013
Expiration Date: 05-jan-2016

Email analysis :

NOTE : Account.Apple@mail.apple-id.com
NOTE : client-ip=64.191.157.113;
NOTE : Received : from webmail.netgainit.com ([64.191.157.113])
NOTE : Received : from HVPS-LaneWeb (10.50.87.1) by ssexch3.ssad2.com (10.50.3.3)

Contact ATM Director to load your Fund in your ATM

Attention!

This is to inform you officially that Benin Presidency Office has approved sums of $8.500,000,00 USD to you as inheritance Overdue fund, after verification, your name was found in the list of scam victim, IMF has signed your payment file to immediate release your fund to your ATM through new system to help you get your Fund immediately.Note, IMF has approved this $8.500, 000, 00 USD to transfer to your ATM Debit in your country without issue new ATM here. If you have any ATM in your country, Kindly forward ATM information such as below to load this fund to your ATM Account in your country, with the same Pin Number and also the same amount you withdraw per day.

As matter of fact, Bank will activate your ATM after confirmation of your ATM information to start daily withdrawing.
(1) Your Full Name: ____
(2) Your Address: ____
(3) You’re Phone Contact: ____
(4) You’re ATM Serial Number: ____
(5) The type of your ATM: ____
(6) The name of Bank issued your ATM: ____
(7) Three Numbers in back of your ATM: ____
(8) Amount you withdraw per day: ____
(9) A Copy of your ID/ Your Bank address:____

Benin ATM Director: Rev. Frank K. Musa
Phone Number: +229 98498627

And once we receive above Information we activate this Fund to your ATM to start withdrawing your fund in your country to help you receive your Inheritance.Finally, you can contact ATM HEAD OFFICE for immediate transfer your fund to your ATM account in your country.
You're in service
Mr. Benson Van.

Email analysis :

NOTE : bensonvan1@outlook.com
NOTE : miss_tina080@yahoo.co.jp
NOTE : Received : from [41.138.90.66]


NOTE : by web101314.mail.kks.yahoo.co.jp via HTTP;

Are you still ALIVE Or Dead ???

From The Desk Of: Mr. Sirawit Phasali
Foreign Remittance Department
1 Soi Rat Burana 27/1, Rat Burana Road, Khwaeng
Rat Burana, Khet Rat Burana, Bangkok 10140, Thailand.
Tel:+66843557713 / Tel:+(66)930157732

Attn: Fund Beneficiary: Payment Code: R578906K

Dear Sir,

Following the recent meeting held by the board members of this esteemed financial institution, the new Board of Directors of the world Bank, the Financial Adviser to the President, members of audit Committee on Foreign Payment and in conjunction with International Community Delegates, international monetary fund {IMF}. We are very pleased to contact you due to a report reaching us regarding your OUTSTANDING FUND ($10.500,000,00) Ten Million Five Hundred Thousand United States Dollars only, which has been long over due for payment but was made impossible by some corrupt officials. In the course of our General Auditing and Account revision of the first quarter of 2015,we discovered that the Bank Accounts belonging to some Benefactors have been changed on the basis that the owners have died some time last year or have given out an authorization note of change of data. After the investigations however, it was revealed that there are Foreigners who are collaborating with Retired Staffs to make these changes illegally without the knowledge of the Benefactors and one traced to your own change is this (MR. RONALD LAMB) who said you are dead, hence they have forwarded some documents/Death certificate so as to divert your fund. The bank account below was forwarded/presented by (MR. RONALD LAMB) as the new account for receipt of the funds:

Bank Name: NAVY FEDERAL CREDIT UNION
Bank Address: 820 Follin Lane Vienna, Virginia 22180 USA
Telephone: 888-542-6326
Routing Number: 256-074-974
Account Name: MR.RONALD LAMB
Account Number: 703-444-3742
Type of Account: Checking

In order confirm if actually this is true and hence decided to write to your email address which after 7 days from now and there is no response, it will be ascertained that you are truly DEAD, then proceed with the telegraphic transfer. If proved otherwise by you to be ALIVE?, please forward to us all the related Benefactors particulars including your Telephone numbers, contact address, these details from you will help reach a conclusion that you still ALIVE. Because this MAN'S message brought shock to our minds. And we just can't proceed with him until we confirm if this is a reality OR not, But if it happened we did not hear from you after 7days, then we say: MAY YOUR SOUL REST IN PERFECT PEACE" YOUR JOY AND SUCCESS REMAINS OUR GOAL.

Feel free to call on us for more clarification +66843557713

Yours Faithfully,

Mr. Sirawit Phasali.
Foreign Remittance Department Telex Transfer Section,
Kasikorn Bank Pcl.

Email analysis :

NOTE : spam@esalmaty.kz
NOTE : foreignoperations@126.com
NOTE : Received : from static-173-62-16-178.pghkny.fios.verizon.net
NOTE : (HELO User) (mac@mypcstv.com@173.62.16.178) by 0 with SMTP;