Wednesday, December 28, 2016

VERY CONFIDENTIAL.

Compliment of the season,

I am contacting you regarding a venture through which we both can come on a substantial amount of money.

My name is Barad Fufana, I work with one of the reputable banks here in West Africa, and also as the personal banker to a customer of our bank who passed on heart-related condition. If you are interested please get back to me through this email: (barafufan@gmail.com) for a complete details.

Regards
Baradi Fufana.

Email analysis :

NOTE : barafufan@gmail.com
NOTE : Authentication-Results : mx.google.com; dkim=pass header.i=@yahoo.com; spf=softfail
NOTE : X-Yahoo-Newman-Property : ymail-4

YOUR FUND THE SUM OF $2.5MILLION

I'm diplomatic John Peter, I have just arrived at the airport with your valued consignment box the sum of $2.5Million in 30 mins ago, please reconfirm your home address/ direct phone number to me so that I can proceed to your home right away. you can contact this email ( diplomaticjohnpeter583@gmail.com ) or call on:(706) 622-9261

Email analysis :

NOTE : maria.peccatiello@alice.it
NOTE : diplomaticjohnpeter583@gmail.com
NOTE : X-Originating-Ip : 197.234.219.94

Bilski Frank

Do you need life time opportunity loans?
Do you need Business or Personal Loan?
Do you wish to refinance your company?
Do you need a consolidation loan or mortgage?
We give out loan to any individual and company at 3%
interest rate yearly. For more information, Contact Email : georgemicrofinance001@gmail.com

Name:
amount:
loan duration:
country:
Mobile number:
address:
warm regards
Mr. Bilski Frank

Email analysis :

NOTE : georgemicrofinance001@gmail.com
NOTE : Received : from [197.210.227.83]


NOTE : (port=30127 helo=[192.168.0.2])
NOTE : by server.unlembilisim.com

Dear Beneficiary Fund,

THE DESK OF the FROM THE ADMINISTRATIVE DIRECTOR GENERAL
OF UNITED BANK FOR AFRICA BENIN
REPUBLIC.: TEL / FAX NUMBERS: +229 97246155
PAYMENT NOTIFICATION OF CLAIM YOUR INHERITANCE FUNDS
Dr.George Akosa < georgeakosa202@hotmail.com >

Dear Beneficiary Fund,

Definitely, I Know That This Letter Will Be A Surprising One To You . Firstly, I will like to introduce myself formally as the Newly Appointed Administrative General Director of united bank for Africa. You Are Been Officially Contacted By Me Today Because Your Inheritance Funds Were Re-Deposited Into The "Federal Suspense Account" Of United Bank For Africa Last Month, Because You Did Not Claim Your Funds As The Rightful Beneficiary In Our Corresponding Bank. Well Known To all, The united bank for Africa is the pan Bank of all commercial Banks here in West Africa. This morning about (9:00 am Standard Pacific Time) I was alerted by my Secretary that three men were at my Office reception waiting to see me and so I told my Secretary to let them in, to my surprise they were two Americans and one Canada Attorney, and they introduced themselves as (Mr. Jackson Helm, Mr. Roland Gulf, both from the USA) third is (BARRISTER JAMES WILLIAMS) really these men were unexpected by me because their visit was impromptu. I had to ask them why they came to see me in person and they said that they were here to collect the Inheritance Sum of ($ 2.5Million Dollars) which rightfully belongs to you. These Foreigners Actually Claimed This Beyond Reasonable Doubts And Which You Have Been Trying To Claim For Some Time Over Here In United Bank For Africa. At This Development I Asked Them Who Authorized Them To Come Down To West Africa For The Collection Of This Payment DVD Nasser And They told me that you asked them to come and collect this funds on your Behalf. In fact this was the biggest shock that this Bank have ever received so far because your Inheritance funds of the sum ($ 2.5Million Dollars) is still in the "Federal Suspense Account" of united bank for Africa, yet you sent these men to come and Funds On This Collect Your Behalf Without Notifying Us. We In This Bank, Do Not Understand Why You Sent These Men To Come And Collect Your Inheritance Funds On Your Behalf. If actually you want them to help you collect your Inheritance Sum of $ 2.5Million Dollars, at least you should have informed united bank for Africa before their arrival. They actually tendered some vital documents / Bank account which proved that you actually sent them for the collection of these Funds. Honestly, it really baffles me that you took such decision without united bank for Africa consent. Very Carefully To Listen Enable Us Know The Truth In This Matter.

Here Is The Documents / Bank Account Which They Tendered To This Bank Today:

1. LETTER OF AUTHORIZATION
2. GUARANTEE PAYMENT IRREVOCABLE.
NAME MR JACKSON HELM
BANK NAME: CITIBANK NEW YORK
BANK ADDRESS: 476 Broadway, New York, NY 10013, USA.
ACCOUNT NUMBER: 6504809009.
ROUTING NUMBER: 760098241

Actually, These Documents Which They Tendered To This Noble Bank Are A clear Proof that you sent them to Collect this Funds for you. Finally, (I told them to come back within three working days and they promised to come back to enable them claim the inheritance fund sum of ($ 2.5MD). As the General Director of united bank for Africa, I was supposed to Release this Funds to them but I refused to do so because I wanted to hear from you first to enable us release this inheritance claim sum of ($ 2.5Million Dollars) to them. Due to the Nature of my job, I will not want to make any mistake in releasing these funds to anyone except you whom is the recognized confide beneficiary to This Fund, so get back to united bank for Africa immediately to enable us instruct you on what to do on this issue. Kindly clarify us on this issue before we make release of These Fund To The Foreigners Who Came On Your Behalf.

In Receipt Of This Confidential Letter, You Are Required To Respond To This Email Immediately Bonfire OFFICIALLY SIGNED.

DR.George Akosa < georgeakosa202@hotmail.com >
THE GENERAL DIRECTOR OF
UNITED BANK FOR AFRICA
PHONE NUMBER +229 97246155

Email analysis :

NOTE : georgeakosa202@hotmail.com
NOTE : ".765.WWW."@carol.ocn.ne.jp
NOTE : X-Originating-Ip : [41.79.217.156]

Thursday, December 22, 2016

Alsham Ashraf

I am Hou Weidong reply back for a business proposal.

Email analysis :

NOTE : alsham.a@GhantootGroup.ae
NOTE : howweidong@outlook.com
NOTE : X-Originating-Ip : [41.190.2.103]

Monday, December 19, 2016

Your account will be blocked!!! (Dropbox Phishing)

Dear User,

Your Mail Storage Limit has exceeded you might not be able to send or receive new messages; Click or Copy the link below onto your browser to verify your email and increase storage limit.

http://www.powerline.or.kr/zboard/data/dpbx/index.php

Note: Failure to heed strictly to this notification will lead to Email Account deletion thereby causing lost of files.

Thank you for using our mail system

Mail Administrator

Email analysis :

NOTE : hr@mail.com
NOTE : Received : from User (unknown [104.194.2.16])
NOTE : (Authenticated sender: admin) by mail.vps.com (Postfix)

Phishing analysis :

CLICK : http://www.powerline.or.kr/zboard/data/dpbx/index.php
OPEN : http://www.powerline.or.kr/zboard/data/dpbx/index.php
SCREENSHOT :


RESULT : Dropbox phishing
CLICK : Other Emails
SCREENSHOT :


CLICK : Submit
REDIRECT : https://www.dropbox.com/

Here is the information;MTCN; 2133097115

your first payment $5,000.00 sent to your name today and Here is the information;MTCN; 2133097115 SENDER NAME:Marcel Kimelman , track it now (www.westernunion.com) I told him to keep sending you $5,000.00 daily until the payment of ($1.200.000.00 usd dollars) is completed transfer to you and again forward them your Telephone number and adress so that they will be sure.
Contact Person:Dr.BERNARD ANDRE
E-mail (westeruniontransfer65@gmail.com)
Phone Number: +229-99060543
Thanks and hope to read from you soon,
PASTOR FRED WILSON
hope to read from you soon

Email analysis :

NOTE : westeruniontransfer65@gmail.com
NOTE : "W.W.W."@movie.ocn.ne.jp
NOTE : X-Originating-Ip : [64.134.96.77]

Friday, December 16, 2016

Attention. Beneficiary Your fund {$2.5,Million USD

Attention. Beneficiary Your fund {$2.5,Million USD

I write to inform you that your inheritance fund worth US$2.5,000.000.00 which has been delayed by these officers who claim to be in position,Now i write to inform you that the fund file has been transferred and confirms here in our Bank,and it has Approved today to issue out ATM CARD in your favor and send to you which is the easier way you can receive your fund in any atm machine all over the world,

Therefore you are warned to stop any further communication with anybody to avoid distraction on receiving your ATM CARD your inheritance fund to avoid distraction because they will lie and get money from you.All we need now to start up the process is your information.

Full Name:__________
Delivery Address:_
Country:_______
City:_______
Occupation:_____
Phone Number:____
Age:______
sex:______

Sincerely
Mis, Angela Kenneth
Tel Phone +229 66873450
Email/ atmcarddepartment53@yahoo.fr

Email analysis :

NOTE : atmcarddepartment53@yahoo.fr
NOTE : "www."@eos.ocn.ne.jp
NOTE : X-Originating-Ip : [41.216.50.78]

Dear friend

Dear Friend,

We have concluded to effect your payment of $1.8Million, through western union, but the maximum amount you will be receiving each day starting from tomorrow is $5000 daily until the funds is completely transferred.

The transfer department has started processing the transfer of your $1.8 Million Either by Bank to Bank wire transfer/ ATM Card or Diplomatic Means. If you inquire to know more about this transaction, It is all about the funds that have been due for transfer to some beneficiaries over the years that was unsuccessful, and we have been authorized to review and ensure that every beneficiary is being paid the due amount.

Our attorney will go to the Inland Revenue tax office to obtain a letter of administration tax clearance approval on your behalf from high Court.

Endeavor to send the following information to Transfer Officer Smith Qualen for the activation of this payment above in the right data.

Kindly Contact Western Union Transfer Officer;
Mr; Smith Qualen
Email; (squalen8@gmail.com)

Also reconfirm your information below

YOUR NAME----------------------
YOUR ADDRESS-----------
YOUR PHONE-------------
OCCUPATION-----------------

Thank you.
Mrs. Lisa Carson.

Email analysis :

NOTE : squalen8@gmail.com
NOTE : jndife1@yahoo.com

Thursday, December 15, 2016

Xmas loan

RELIABLE LOAN OFFERS AT CHEAP RATE, FOR MORE INFORMATION CONTACT OUR PRIVATE EMAIL : dicksonfinance2016@gmail.com

NAME:
AMOUNT:
LOAN DURATION:
COUNTRY:
PHONE NUMBER:

WARM REGARDS
MR.MICHAEL DICKSON

Email analysis :

NOTE : dicksonfinance2016@gmail.com
NOTE : dicksonfinance2017@gmail.com
NOTE : Received : from [197.210.226.141]

Tuesday, December 13, 2016

How are you today?

Attention My Dear

I have registered your winning Price of $4.5USD with DHL Express Company with registration code of ( DCJKT00617G). please Contact with your delivery information such as, Your Name, Your Address ID CARD COPY and Your Telephone Number:

DHL Express Company Office:
Contact Person: Mr. David Candy
E-mail: dhlcourircompany@gmail.com
PHONE: NO+229-636 90 566

I have paid for the Security fee.The only fee you have to pay is their Insurance & Delivery fee only.Please indicate the registration Number and ask Him how much is their Insurance & Delivery fee so that you can pay it.

Best Regards,
Mrs. Jolie Davis

Email analysis :

NOTE : dhlcourircompany@gmail.com
NOTE : micaela@speedy.com.ar
NOTE : X-Origin : 41.79.217.134

Monday, December 12, 2016

Attention Winner,

World Lottery Association (WLA)
Basel CH-4002,
Switzerland

Attention Winner,

This is to inform you that your One Million Five Thousand United States Dollar ($1.5M) Lottery Win will be send to you via ATM MASTER CARD or Certified bank draft Cheque so that there will not be any delay or much tax's as this lottery organizer want you to receive your winning prize within 30 days before the expiring date of the bank draft. The total amount mentioned above was awarded to your Facebook email address for winning a first category in the 2016 draw; your payment is available at one of the PRIME Bank here in Benin Republic where your payment file was allocated (NAME OF THE BANK WITH HOLD FOR SECURITY REASON).

It was decided to use ATM VISA CARD or Certified Bank Draft payment to pay our winners which you are one of them to avoid difficulties in receiving winning funds; this award came to you Curtsy of FACEBOOK and GOOGLE. Note that your ATM VISA CARD was powered by Gold MasterCard which is accepted at over 900,000 Automated Teller Machines payment centers in over 210 countries worldwide and the CARD withdrawal daily limit is $10,000USD until you withdraw all your total winner amount of $1,500,000.00USD, And note that the only and last money you are going to pay to receive your payment is $99USD courier shipment charges. To receive your winning payment,you are advised to contact the Fiduciary with your following information

Your Receiving Name..: Your Receiving Address..: Your Country..: Your Tel..: Your Sex..: Your Age..: Your Occupation..:

Note: the Ninety nine dollars is the last and only fee associated to this delivery of your package,(IMPORTANT) Winners are mandated to keep this notification private to avoid fraudulent claim pending the transfer.

Contact your payment fiduciary at: (info70857@gmail.com )

Yours Faithfully; WLA ANNOUNCING TEAM, SWITZERLAND

Email analysis :

NOTE : info70857@gmail.com
NOTE : "www."@beetle.ocn.ne.jp
NOTE : X-Originating-Ip : [84.53.238.158]

Thursday, December 8, 2016

Message notification *@gmail.com (Link to virus)


Google

Nddcole Watddson (Google Support) just sent you a message:

06/12/2016

Undeliverable messages (*@gmail.com).

Get more information

Don't want occasional updates about Gmail activity? Change what email Google Team sends you.

Email analysis :

NOTE : Received : from server.oeirasdigital.pt
NOTE : (server.oeirasdigital.pt. [213.229.111.207])
NOTE : client-ip=213.229.111.207;


NOTE : X-Php-Originating-Script : 10000:bisend.php

Link analysis :

CLICK : Get more information
OPEN : http://projetomac.org/wp/Undeliverable_messages.html
DOWNLOAD A FILE : Undeliverable_messages.zip
INFORMATION : Undeliverable_messages.zip is a virus
SHA256 : be0908fbf059517f8ea204d1636e00a7810146fb9c920fc01bb4315b8e8e0067

Virus analysis :

AegisLab Troj.Downloader.Script!c
Arcabit HEUR.JS.Trojan.ba
Cyren JS/Nemucod.EY!Eldorado
F-Prot JS/Nemucod.EY!Eldorado
Fortinet Malware_Generic.P0
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 ) 20161208
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Sophos Mal/DrodZp-A

Exposing virus :

PASTEBIN : http://pastebin.com/20PLKDCB
RAW : http://pastebin.com/raw/20PLKDCB



Hello/Urgent

Dear Friend,

I am Barrister Obinna Jude, a Solicitor and the Personal attorney to Mr. Hoel Paul Edouard, a national of France, who died in a Plane crash on Monday 2nd September 1998 GMT 14:22 UK while they were flying from New York to Geneva. You can see the news or report on the below site.

http://www.cnn.com/WORLD/9809/swissair.victims.list/index.html

My client his wife and three children lost their lives on that plane crash.Since then,i have made several enquiries to the embassy to locate anyof my clients extended relatives, this has proved unsuccessful. After several unsuccessful attempts, I decided to trace his relatives over the internet, so as to locate any member of his family but to no avail.

I have contacted you to assist in repatriating the money that belonged to my late client before they get confiscated or declared as unserviceable by the bank where this huge deposit were lodged. Particularly, the Bank where the deceased had an account valued at about US$15 Million Dollars, has issued me a notice to provide the next of kin or have the account confiscated within the next ten official working days.

Since i have been unsuccessful in locating the relatives for over 3 years now therefore, I have decided to seek your consent to present you as the next of kin of the deceased, so that the proceeds of this account valued at US$15 Million Dollars, can be paid to you and then you and me can share the money 50% to me and 45% to you, while 5% will be mapped out for any expenses during the process or tax as your government may require. I have the certificate of deposit that can be used to back up any claim we may make.All I require is your honest cooperation to enable us see the deal
through.

I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law. Please get in touch with me strictly via this email (obinna.jude@yandex.com) to enable us discuss further.

Best regards.
Obinna Jude
Principal Attorney.

Email analysis :

NOTE : obinna.jude@yandex.com
NOTE : ludo@fcvnet.net
NOTE : Received : from [104.247.196.21]
NOTE : (unknown [104.247.196.21])


NOTE : by mail.fcvnet.net (Postfix)

FW: FTC subpoena (Phishing attempt)

You've been subpoenaed by the FTC.
FTC Subpoena

Please get back to me about this.
Thank you
Richard Kent
Senior Accountant
richard@*.*
Phone: 441-216-2849
Fax: 441-216-5880

Email analysis :

NOTE : richard@*.*
NOTE : Received : from unknown (HELO IEOSOZAX) (117.247.121.182)




NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : BSNL was used to relay this phishing.

Phishing analysis :

CLICK : FTC Subpoena
OPEN : http://benxethainguyen.vn/api/get.php?id=dGVzdEB0ZXN0LmNvbQ==
RESULT : 404, removed...
WHOIS : benxethainguyen.vn

benxethainguyen.vn whois :

TÊN MIỀN benxethainguyen.vn
Ngày đăng ký: 16-03-2012
Ngày hết hạn : 16-03-2017
Tên chủ thể đăng ký sử dụng :Ông Nguyễn Sự
Trạng thái : clientTransferProhibited
Quản lý tại Nhà đăng ký: Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
Máy chủ DNS chuyển giao: + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn
Registration date : 16-03-2012
Expiration date : 16-03-2017
Registrant : Ông Nguyễn Sự
Status : clientTransferProhibited
Current Registrar : Công ty TNHH Một thành viên Viễn thông Quốc tế FPT
DNS Server : + ns2008.nhanhoa.com.vn + ns2009.nhanhoa.com.vn

Your FedEx International Cheque Of $4.180,000.00USD

FedEx Courier Service,
Address : Sheikh Zayed Road 26th Floor
Dubai Media City 9239 UAE Dubai
Tel: +971521079311
Fax: +971 4-331-0718
Fax: +971 4-332-2304
Email: fed.ex.ae@yandex.com
Website: http://www.fedex.com/ae/

Customers Service Days –Monday to Sunday

Attention: Valuable Customer,

We have a parcel for you containing a winning Cheque worth the sum of Four Million One Hundred And Eighty Thousand United State Dollars ($4.180,000.00USD) and also an Apple MacBook Pro and the new Apple iPhone (7) 120GB mobile phone added to your package which will be delivered to you after you provide all the required information to the FedEx Delivery Company before the parcel can be shipped to your own residential address in your country. Furthermore, you might be asking yourself how comes this email or your cheque. Your winning cheque was brought to our office by the Coca-Cola Bottling Company via a Lottery Fiduciary Claim Agent, signifying that you are a rightful winner to their Lottery Award Promo selected randomly which is powered by the Coca-Cola Bottling Company and also the Apple Company of United Arab Emirates. The main aim of this promo is to advertise the Coca-Cola Bottling Company product and the Apple Company product worldwide. Your e-mail address was amongst the (5) lucky email addresses that makes your email address as one of the lucky email address and they have decided to send your winning package to you through Federal Express Delivery Service. What you have to do now is to contact our Delivery Department for immediate dispatch of your winning package to your residential address.

For your information, the Lottery Fiduciary Company has paid the Delivery fee and Security keeping fee & Shipping charges as well as the Vat fees; you will have to pay a sum of $280.00 USD to the FedEx Delivery Department being payment for the Insuring of your package. All you have to do is to insure your winning parcel with the Insurance Company, which is registered with FedEx United Arab Emirates Dubai. The reason why you are been ask to pay for the Insurance fee is because of the fact that all items & packages that is not Insured by the insurance company of United Arab Emirates Dubai are not allowed to be delivered to their delivery address. So you are to pay the FedEx Courier Service the Insurance Fee to enable the insurance company insured your winnings for delivery.

As soon as you effect the payment our delivery team will take your Insurance fee, they will proceed to the insurance company to Insure your winning funds, as soon as it is been Insured by the insurance company of United Arab Emirates Dubai we shall commence with your delivery without any delay and also we shall provide you with the Insurance receipt that was given to us by the insurance company as a proof that you have Insured your package for delivery. The main reason why you are been ask to Insure your winning package is to certify that the package is not a Drug Affiliated Fund (DAF) neither is the funds to sponsor Terrorism in your country this will help you to avoid any form of query from the Monetary Authority of your country. And also we cannot take the risk to carry out the delivery of your winning package in-case of any possible demurrage. You have to contact our delivery team and ask them how you are going to make the payment of the Insurance fee of your package. We hope that you will respond to us as soon as possible because if you fail to respond until the expiry date of this package, we may refer the package to United Arab Emirates Dubai Commission of Welfare or better still to Coca-Cola Bottling Company or Apple Company. Kindly contact the delivery department (FedEx Delivery Post) with the details given below:

Delivery Manager.
Name: Mr. Kelvin Green.
Tel: +971521079311
Email: fed.ex.post@qq.com

You have to fill the form below and send back to us, and it's mandatory to reconfirm your postal address and telephone numbers to enable us commence with your delivery and mostly to enable us insure your Winning package and also do provide us with any scanned copy of any proof of your identification.

=========================================
Do Provide Us With The Information Below
=========================================
Your Full Names -------------
Your Home Address ----------------
Date of Birth ----------------------
Your Contact Phone or Mobile Number ------------------------
Occupation -------------------------
Marital Status ---------------------
Country ----------------
Your State ------------------
========================================

Kindly complete the above form and summit it to the delivery manager on fed.ex.post@qq.com) As soon as your details are received, our delivery team will give you the necessary payment procedure so that you can effect the payment for the Insurance fee. As soon as they confirm your payment of $280.00 USD, they will not hesitate to work straight to the insurance company and insure your winning for delivery. It usually takes 24 hours being an overnight delivery service to deliver your winning funds to you after it has been insured by the insurance company. Ensure to contact our delivery department with the email address given above and ensure to fill the form as well to enable a successful reconfirmation and a safe delivery of your winning package.

Yours Faithfully,
Mrs. Aisha Philips
FedEx Online Team Management®
© Copy Right Reserved 1994-2016.

Email analysis :

NOTE : post.fed.ex@qq.com
NOTE : mirta.morinigo@senac.gov.py
NOTE : Received : from [192.168.1.250] (96-88-46-89-static.hfc.comcastbusiness.net [96.88.46.89])


NOTE : by mail.presidencia.gov.py
NOTE : mail.presidencia.gov.py ?


NOTE : presidencia.gov.py ?


NOTE : mail.presidencia.gov.py server was used to relay a scam.

Greeting from ANNEBEL

My name is Annabel sorry I got your email address from mail Directory today i decieded to contact you and to know you more ,I have very important thing i will love to share with you .just to help me express my self well ,write me back i will give you full detail.thanks i will be waiting.Annabel

Email analysis :

NOTE : From Annabel
NOTE : anabelhassan2@hotmail.com
NOTE : maria.johnson749@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : Mime-Version : 1.0
NOTE : client-ip=98.139.213.55;


NOTE : Name is unclear : Annebel ? Annabel ? Annabelle ? Maria Johnson ? Scam !

CONGRATULATIONS FOR YOUR AWARD OF $18.5MILLION USD

Attention Please!!!

I have registered your ATM CARD of $18.5usd with Delivery Company, Please Contact with your delivery information such as, Your Name, Your Address and Your Telephone Number.

E-mail: (iinfoo.bankuba@gmail.com)
Tel:+229)-61431140

I have paid for the delivery fees and only what your paying for is the insurance fees,And Which is $85.Please forward your information to them immediately.

Best Regards,
Miss Sussane Harry

Email analysis :

NOTE : "officefile."@triton.ocn.ne.jp
NOTE : iinfoo.bankuba@gmail.com
NOTE : client-ip=153.149.230.41;


NOTE : *.*.*.JavaMail.root@triton.ocn.ne.jp
NOTE : X-Originating-Ip : [149.6.145.26]

Wednesday, December 7, 2016

Bernabe Saturno

Are you in need of a loan to pay off your bills, start up a business or do you need a loan to expand your existing business? Arrival Moniment Loan is offering out business and personal loans to individuals, companies and co-operate bodies in need of loans. We offer loans at 3% interest rate.

If interested, please get back to us with the following information's at arrivalmonimentloans@outlook.com

Name:.... Country:... Age:.... Loan Amount:.... Loan Duration:...Contact number:...

We will love to do business with you.

Email analysis :

NOTE : bsaturno@minsa.gob.pa
NOTE : arrivalmonimentloans@outlook.com
NOTE : X-Originating-Ip : [10.130.86.42]
NOTE : Received : from Mailbox1.minsa.gob.pa ([10.20.151.2])
NOTE : by Mailbox1.minsa.gob.pa ([10.20.151.2])
NOTE : ... ?
NOTE : minsa.gob.pa


NOTE : Mailbox1.minsa.gob.pa server was used to relay this scam.

Friday, December 2, 2016

Rappel ! (Phishing Carte Bleue)


Bonjour,

Une nouveau message en ligne est disponible sur votre Messagerie e-carte bleue.

Pour la consulter et accéder a votre messagerie sécurise.

veuillez vous adresser à https://service.e-cartebleue.com/fr/

Nous vous remercions par avance et restons bien sur à votre disposition pour
toute précision utile.

Cordialement.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique. Cette adresse e-mail ne peut pas recevoir de réponses.

Phishing screenshot :


Phishing analysis :

CLICK : https://service.e-cartebleue.com/fr/
OPEN : http://edilbarbetta.com/wp-content/them/
SCREENSHOT :


DETAIL : Wordpress website...

Domain analysis :

Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Expiration Date 11-sep-2017
Registrar Ascio Technologies, Inc
Registrant Name Luca Barbetta
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Domain Name EDILBARBETTA.COM
Sponsoring Registrar IANA ID 106
Whois Server whois.ascio.com
Referral URL http://www.ascio.com
Name Server NS01.ONE.COM
Name Server NS02.ONE.COM
Status ok https://icann.org/epp#ok
Updated Date 16-aug-2016
Creation Date 11-sep-2015
Expiration Date 11-sep-2017
Last update of whois database Fri, 02 Dec 2016 09:37:40 GMT
Registry Domain ID 1959304579_DOMAIN_COM-VRSN
Registrar WHOIS Server whois.ascio.com
Registrar URL http://www.ascio.com
Updated Date 2016-08-16T08:16:43Z
Creation Date 2015-09-11T00:00:00Z
Registrar Registration Expiration Date 2017-09-11T18:13:36Z
Registrar Ascio Technologies, Inc
Registrar IANA ID 106
Registrar Abuse Contact Email abuse@ascio.com
Registrar Abuse Contact Phone +44.2070159370
Domain Status OK
Registrant Name Luca Barbetta
Registrant Street via Tasso 8
Registrant Street Ve
Registrant City La Salute di Livenza
Registrant Postal Code 30029
Registrant Country IT
Registrant Phone +39.3489532272
Registrant Email edilbarbetta@gmail.com
Admin Name Master Host
Admin Organization One.com
Admin Street Kalvebod Brygge 24
Admin City Copenhagen V
Admin State/Province Copenhagen V
Admin Postal Code 1560
Admin Country DK
Admin Phone +45.46907100
Admin Fax +45.70205872
Admin Email hostmaster@one.com
Tech Name Master Host
Tech Organization One.com
Tech Street Kalvebod Brygge 24
Tech City Copenhagen V
Tech State/Province Copenhagen V
Tech Postal Code 1560
Tech Country DK
Tech Phone +45.46907100
Tech Fax +45.70205872
Tech Email hostmaster@one.com
DNSSEC unsigned
Last update of WHOIS database 2016-12-02T09:37:52 UTC

Email analysis :

NOTE : services.e-cartebleue@bell.net
NOTE : services.e-cartebleue@service.fr
NOTE : 184.150.200.79

CHECK YOUR BANK ACCOUNT, YOUR ACCOUNT HAS BEEN ACCREDITED WITH US$12.8 MILLION

Dear customer,

Congratulations please check your bank account,your fund of
US$12.8 million has been transferred to your bank account.

Gordon Williams
BARCLAYS BANK LONDON.
williamsgordon7@aol.com
+442038085314

Email analysis :

NOTE : williamsgordon7@aol.com
NOTE : X-Sender : INFO@BARCLAYSBANK.COM
NOTE : Organization : BARCLAYS BANK LONDON
NOTE : 91.135.16.19 is neither permitted
NOTE : Received : from pop.dtg.lv (pop.dtg.lv [91.135.16.4])


NOTE : by smtp.dtg.lv (Postfix)
NOTE : client-ip=91.135.16.19;

Transfer Notification/ Respond Now

NEEL KASHKARI
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Attn: Beneficiary,

This is to inform you that we have received a payment instruction from Mr. Chan Tak Kin, a Citizen of China demanding that we should transfer your funds to him, as you have given him the mandate and authorization for him to receive your funds interest.Note that he has given us a bank account in Hong-Kong, where we will transfer your funds to him without delay.

Bank of China (Hong Kong)
25 Wu Pak Street, Aberdeen, HK
Account Name: Chan Tak Kin
Swift code: BKCHHKHHCLS
Routing number: 026003269
Account number: 012-879-6-034422-0

Please let us know if you have truly instructed and directed him to receive your funds in Hong-Kong.We have informed him to get an official Power of Authorization from you, before we will release the funds to him, which we are still waiting for.However, we want to inform you that, you have within the next five (5) official working days to get back to us on this notice or we will release the funds to him.

Yours truly,

Neel Kashkari

FEDERAL RESERVE BANK
90 HENNEPIN AVENUE
MINNEAPOLIS
MN 55401. USA

Email analysis :

NOTE : neelkashkari@barid.com
NOTE : info@federalreserve.gov
NOTE : FEDERAL RESERVE BANK
NOTE : 51.15.42.116 ()


NOTE : Strange...
NOTE : UK Government Department for Work and Pensions
NOTE : Search Google for "UK Government Department for Work and Pensions IP"
NOTE : http://www.bbc.com/news/technology-32826353
NOTE : IP was sold off ?

NOTE : Informations about 51.15.42.116

inetnum: 51.15.0.0 - 51.15.63.255
org: ORG-ONLI2-RIPE
netname: ONLINE_NET_DEDICATED_SERVERS_NL
country: NL
admin-c: MM42047-RIPE
tech-c: MM42047-RIPE
status: LEGACY
mnt-by: ONLINESAS-MNT
created: 2016-10-28T11:18:17Z
last-modified: 2016-10-28T11:19:00Z
source: RIPE
organisation: ORG-ONLI2-RIPE
org-name: ONLINE SAS NL
org-type: OTHER
address: ONLINE SAS NL, EvoSwitch AMS1, J.W. Lucasweg 35 2031 BE Haarlem
abuse-c: AR32851-RIPE
mnt-ref: ONLINESAS-MNT
mnt-by: ONLINESAS-MNT
created: 2016-05-13T10:41:40Z
last-modified: 2016-05-13T10:41:40Z
source: RIPE # Filtered
person: Mickael Marchand
address: 8 rue de la ville l'eveque 75008 PARIS
phone: +33173502000
nic-hdl: MM42047-RIPE
mnt-by: MMA-MNT
created: 2015-07-10T15:02:32Z
last-modified: 2016-02-23T12:43:25Z
source: RIPE # Filtered

NOTE : Received : from User (unknown [104.238.195.195])


NOTE : (Authenticated sender: admin) by mail.dealer.com

Hello Dear

Dear Friend,

Your contact came to me through a friend who does international business between countries.

I am Ms Ashley William, of the Ministry of Health in Mauritius proposing a beneficial transaction to you.I am relying on your genuineness and sincerity,in all aspects of this proposal.

The transaction in question of which I am about to reveal to you,emanated from over-invoicing(COMMISSION) of contract awarded in my ministry for the supplies of medical equipment and quality health programs.The Contract payment were completed on the directives of Nicholas west: knowing fully that my commission will be paid out as agreed to a receiving vault as deposited valuables.

please kindly respond to my email addresses below for full details:
ashleywilliamz2000@hotmail.com

Thanks,
Ms Ashley Williams

Email analysis :

NOTE : ashleywilliamz2000@hotmail.com
NOTE : Shashi@studentmail.siit.tu.ac.th
NOTE : X-Mailer : Zimbra 8.6.0_GA_1194 (zclient/8.6.0_GA_1194)
NOTE : X-Originating-Ip : [166.88.123.62]


NOTE : Received : from mail.studentmail.siit.tu.ac.th
NOTE : (mail.studentmail.siit.tu.ac.th [103.253.75.124])
NOTE : by mail.studentmail.siit.tu.ac.th


NOTE : account Shashi
NOTE : siit.tu.ac.th


NOTE : mail.studentmail.siit.tu.ac.th server was used to relay this scam.

Contact Diplomat John Now

We wish to inform you that the diplomatic agent conveying the consignment box valued at the sum of $2.5 Million is currently at John F Kennedy International Airport. We required you to reconfirm the following information below so that he can deliver your consignment box to you today. Contact Diplomat John DeJohn and also make sure that you forward your Code Number registration to him because it is very important to enable him locate your address.

I require your urgent response to this email with below stated information

Full Name=========
Home Address=======
City==========
Country========
ID============
Telephone =========

Bank REGISTRATION NO :EG58945
Bank CODE NUMBER: 0140479

Make sure you don't let the agent know the content of the consignment box for security purposes and i want this to be within you and us to avoid another person contacting the agent over your fund. Immediately you contact him, he will deliver your consignment box to you.

Contact Email ; dejohnjohnm@gmail.com
Mobile Number:(+1 646 513 5132)

Best Regards

Director Albert F. Cuthbert
Foreign Operation department
United State Embassy West Africa
+22962329600

Email analysis :

NOTE : albertcuthbert@yahoo.com
NOTE : dejohnjohnm@gmail.com
NOTE : "www."@gaea.ocn.ne.jp
NOTE : Fedex
NOTE : Mr Albert Cuthbert
NOTE : X-Originating-Ip : [41.86.234.171]

RE: CHARITY WORK AND NEEDY....

My Dear Beloved ,

Greetings and many thanks my dear for your urgent response to my proposal. I will also thank you for your concern. Am in Scotland now receiving my treatment, I have been here for pass Two years and Eight Months. From my proposal you can understand what i am going through.I have been bed-ridden for a very longtime now. I only need someone whom i will trust this fund so that it will be used the way i want.. I will also send you the certificate of deposit and the bank will educate you more concerning the fund, am old woman seeking for your help before i die because i don't want to lose the fund with the bank.

If you can assist me to receive this fund , you should give me your full name and address with your ID CARD, your telephone And Your Age for easy communication so that i will send it to the Bank to enable them change all the documentations to your name as the beneficiary of the fund. The above documents will stand you as the beneficiary to the fund and will empower the Bank to send the funds to you without any delay.

I was restricted by the doctors from using phone because of my health. But I will be communicating with you regularly through mail because i know that with your honesty and trust, the funds will get to you within three workers days from now.

Thanks and my regards,

Madam Elizabeth Benedicta

Email analysis :

NOTE : elizabethbenedicta@yahoo.com
NOTE : elizybe343322@hotmail.com
NOTE : Received : from User (unknown [197.211.56.16])


NOTE : by macareo.pucp.edu.pe


NOTE : pucp.edu.pe


NOTE : macareo.pucp.edu.pe server was used to relay this scam.

Tuesday, November 29, 2016

PayPal & Bank - haccking Transfer (+10.000 usd daily)

Western Union, Bank, Paypal transfer - Haacking and Caarding transfer. Maximum 9.999$ daily.

More details on our underground market:
http://***.cc/showthread.php?tid=1201

Email analysis :

NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < admin@black-hack.su >
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V15.4.3538.513
NOTE : X-Remote : 66.42.85.200 (keevan.fire2wire.com)
NOTE : Organization : DarkMarket
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Windows Live Mail 15.4.3538.513
NOTE : Received : from keevan.fire2wire.com (66.42.85.200)


NOTE : Received : from [155.133.82.113] (helo=155.133.82.113)


NOTE : by keevan.fire2wire.com with esmtpsa (TLSv1:AES256-SHA:256)
NOTE : (Exim 4.69) (envelope-from < admin@black-hack.su >)
NOTE : PayPal & Bank - haccking Transfer (+10.000 usd daily)

New incoming Fax from 908.8325722

You Have a new Fax message
From: 908.8145483
Receiving date: November 28, 2016
Pages: 3

You can view your message on our website:
https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802

Thank you for using RingCentral.

Link analysis :

CLICK : https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802
OPEN : http://787.vn/wp-content/themes/tourpackage-v1-02/backup/get.php?id=dGVzdEB0ZXN0LmNvbQ==
DOWNLOAD : fax_test.doc

File analysis :


OPEN : fax_test.doc
SHA256 : c0b3934b594a23dd88a42c0e96ccbbf7f88c633a19d82833d6d9bbf47630a0c1
RESULT : fax_test.doc is a virus

Virus analysis :

Avast : VBA:Downloader-DSL [Trj]
ClamAV : Doc.Dropper.Agent-1847249
Kaspersky : Trojan-Downloader.MSWord.Agent.avj
Qihoo-360 : virus.office.gen.70
Sophos : Troj/DocDl-FTZ
Symantec : W97M.Downloader

Email analysis :

NOTE : ringcentral@faxmessage.com
NOTE : 74.143.65.242 (rrcs-74-143-65-242.central.biz.rr.com)


NOTE : Mime-Version : 1.0

Compensation Payment,

Attn: Beneficiary

I wish to inform you were among the scam victims listed to be released their overdue funds by the UNITED NATIONS in conjunction with the International Monetary Fund (IMF) after the last encounter we held concerning your funds. As directed by UN secretary General Ban Ki-Moon in collaborations with the IRS, I wish to state categorically that a transfer of $10,500,000.00 will be made to your bank account as almost 99% cost associated with the transfer of your funds has been prepaid by the U.S. Government. The only fee you will pay is the cost of processing a "Fund Clearance Certificate" by the paying bank. The "Fund Clearance Certificate" is required in accordance with the U.S. Monetary Transfer or deposit Policy and it is the only fee you will have to pay before your funds can be transferred to your account. After you have paid for the above mentioned certificate, the paying bank will process it and send a copy of it to you for your perusal.

Note once again that your overdue payment will be credited into your account you will furnish with the Bank without any delay as approved by United Nations, International Monetary Fund, World Bank, and United States Government.

However, this is to inform you that we have been mandated by the United Nations Compensation Commission (UNCC) department through the Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasury to release your overdue funds directly from the United Nations Compensation Fund Account via Telegraphic Transfer into your designated bank account. Note that the above sum is the payment of compensation awarded to you for losses and trauma resulting directly from scam committed against you in line with the Resolution 1483 (2012) adopted by the United Nations Security Council Headquarters in New York following series of complaints by the victims of scam.

Urgently respond with your full name, full address, copy of identification and direct phone number so that I will furnish you with the contact information of the paying bank. Remember, they will instruct you on how to send the money to them as soon as you contact them.

Yours Sincerely,

Ms. Heidi Mendoza
Head Of United Nations Under-Secretary- General
For Internal Oversight Services.

Email analysis :

NOTE : office1001967@gmail.com
NOTE : mra0@un.org
NOTE : Received : from User (host-185-13-247-42.razorblue.net.uk [185.13.247.42])


NOTE : by mx-out-b.razorblue.net.uk (Postfix)

Monday, November 28, 2016

miracle omani


I want to tell you something respond to me

Email analysis :

NOTE : miracloem@gmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : queetqueem@yahoo.com
NOTE : Content-Type : text/plain; charset=UTF-8

Attension

Attension,

This is to brought to your notice that i am the new manager of united bankf for african and here i go through bank draft and i can see that you have not receive your over drawft payment which it has been program for transfer into your norminated bank account. Has i go throught your dafault file,i can see your that your total fund is $6.5milion united sates dollars, Please you are advise to get us the requested information below.

Your Full Name=================
Your Direct Phone No.==========
Your Bank Account No.==========
Swift Code=====================
Occupation==========
Bank Address/Bank Phone No.====

Copy of your identity/driving licence

Once this require information are provided, we shall commence on the next step of your transaction. You are advise to contact us through our bank e-mail (united.bankforafrica@mail.ru )or via phone contact +229-98-328-353

WE REMAIN TO SERVE YOU BETTER IN BANKING SECTOR.

THANKS BEST REGARD

Dr. Philip Ezeson
EXECUTIVE GOVERNOR FUND RECOVERY COMITTEE
E-MAIL: ( united.bankforafrica@mail.ru )
TELL +229 98-328-353
FAX +229 0 01 63 802

Email analysis :

NOTE : united.bankforafrica@mail.ru
NOTE : "WW."@sage.ocn.ne.jp
NOTE : Received : from mzkstore613.ocn.ad.jp
NOTE : (mz-ukg613p.ocn.ad.jp [153.149.211.230])
NOTE : X-Originating-Ip : [62.75.138.143]

Friday, November 25, 2016

Dear in Christ.

Donation From Mrs Jessica Sebastian
BP [38 Rue Des Martyrs Cocody)
Abidjan, Cote d'Ivoire,

Dear in Christ.

I am Mrs Jessica Sebastian an ageing widow suffering from long time illness. I am currently admitted in a private hospital in Abidjan Cote d‘Ivoire,I have some funds I inherited from my late loving husband Mr Raymond Sebastian, the sum of £ 5.200.000 ( Five Million Two Hundred Thousand Euro ) which he deposited in bank here and I need a very honest and God fearing Christian that can use these funds for God's work and 15% out of the total funds will be for your compensation for doing this work of God.I found your email address from the internet and decided to contact you

Please if you would be able to use these funds for the Lord's work kindly reply me.

Send me the following information's as per below.

Your full names........................
Address .......................
Age ...............................
Occupation ....................................
photo................................

Your Sister in the Lord.
Mrs. Jessica Sebastian

Email analysis :

NOTE : sabastian_jessica@yahoo.com
NOTE : jessica.sabastian13@gmail.com
NOTE : X-Rocketymmf : gojo_t
NOTE : X-Mailer : YahooMailWebService/0.8.111_70
NOTE : Received : from [178.162.216.35]

Toyota Job Recruitment Offer

Attention;

Toyota Motor Corporation is glad to inform you that you have been shortlisted to work with our company in the UK. For more details, see attached letter and confirm your acceptance by email as soon as possible.

Sincerely,
David Crouch,
General Recruitment Manager, PR

Email analysis :

NOTE : toyota.recruitments@gmail.com
NOTE : admin@noreply.com
NOTE : 94.182.146.33 ()

MRS.INNA KHODORKOVSKY GREETINGS

DR. WEST PRIVATE MEDICAL
CENTER PETROVERIGSKY PER.10
101990 MOSCOW RUSSIAN FEDERATION

Dear

I AM MRS.INNA KHODORKOVSKY WIFE TO LATE MR. MIKHAIL BORIS KHODORKOVSKY OF BLESSED MEMORY WHO IS AN OIL EXPLORER IN SINGAPORE AND KUWAIT FOR TWENTY FIVE YEARS AND FOUR MONTHS. BEFORE HE DIED IN THE YEAR 2010.WE WERE MARRIED FOR TWELVE YEARS WITHOUT A CHILD. HE DIED AFTER A BRIEF ILLNESS THAT LASTED FOR ONLY FOUR DAYS AFTER HIS DEATH I TOO HAVE BEEN BATTLING WITH BOTH CANCER AND FIBROID PROBLEMS.WHEN MY HUSBAND WAS ALIVE HE DEPOSITED THE SUM OF $38,000,000 (THIRTY EIGHT MILLION UNITED STATE DOLLARS) SOME WERE IN OVERSEAS. RECENTLY MY DOCTOR TOLD ME THAT I HAVE ONLY SIX MONTHS TO LIVE DUE TO CANCER PROBLEM, THOUGH WHAT DISTURBS ME MOST IS MY CANCER SICKNESS AND HAVING KNOWN MY CONDITION I DECIDED TO DONATE THIS FUND TO EITHER A CHRISTIAN OR MUSLIM ORGANIZATION OR A DEVOTED CHRISTIAN OR MUSLIM INDIVIDUAL WHO WILL UTILIZE THIS MONEY THE WAY I AM GOING TO INSTRUCT HEREIN. I WANT THIS CHRISTIAN OR MUSLIM ORGANIZATION OR INDIVIDUAL TO USE THIS MONEY IN ALL SINCERITY TO FUND MOSQUE OR CHURCHES, ORPHANAGE, WIDOWS AND GENERALLY PEOPLE IN NEED. I TOOK THIS DECISION BECAUSE I DON'T HAVE ANY CHILD THAT WILL INHERIT THIS MONEY AND MY HUSBANDS RELATIVES ARE SO SELFISH AND HAVE LOATHED THE REST OF MY LATE HUSBANDS PROPERTIES. SO I DON'T WANT A SITUATION WHERE BY THIS MONEY WILL BE USED IN WASTEFUL MANNER, HENCE THE REASONS FOR THIS BOLD DECISION. I DON'T NEED ANY TELEPHONE COMMUNICATION IN THIS REGARD BECAUSE OF MY HEALTH, AND ALSO BECAUSE OF THE PRESENCE OF MY HUSBAND'S RELATIVES AROUND ME ALWAYS. I DON' T WANT THEM TO KNOW ABOUT THIS DEVELOPMENT, AS SOON AS I RECEIVE YOUR REPLY, I SHALL GIVE YOU THE CONTACT INFORMATION AND THE COUNTRY IN OVERSEAS WHERE THE MONEY WAS DEPOSITED.I WILL ALSO ISSUE A LETTER OF AUTHORIZATION TO YOU AUTHORIZING THEM TO RELEASE MY FUND TO YOU.I WANT YOU AND THE CHRISTIAN OR MUSLIM COMMUNITY WHERE YOU RESIDE TO ALWAYS PRAY FOR ME. ANY DELAY IN YOUR REPLY WILL GIVE ROOM IN SEARCHING FOR ANOTHER CHRISTIAN OR MUSLIM ORGANIZATION OR A DEVOTED MAN OF GOD FOR SAME PURPOSE. THIS MONEY WILL BE USED TO OPEN A CHARITY ORGANIZATION IN MY NAME WHICH WILL BE CALLED (INNA HOME) IN YOUR COUNTRY BUT WILL BE MANAGED BY YOU.SECONDLY YOU WILL HELP TRANSFER ME TO A BETTER HOSPITAL IN YOUR COUNTRY THAT IS STANDARD AND WELL EQUIPPED BECAUSE WERE I AM PRESENTLY DON’T HAVE STANDARD EQUIPMENTS TO TREAT ME. YOU WILL DO THIS WHEN YOU RECEIVE MY MONEY SO THAT I CAN SEE IF I WILL LIVE MORE DAYS. DUE I WILL TELL YOU HOW MUCH YOU WILL TAKE FROM THIS MONEY FOR YOUR OWN PERSONAL USE AND THE REST WILL BE USED AS I HAVE INSTRUCTED. TILL I HEAR FROM YOU, MY DREAMS WILL REST SQUARELY ON YOUR SHOULDERS. I WILL SEND YOU MY PICTURE IN THE HOSPITAL, AND MY CERTIFICATE OF DEPOSIT AS AT THE TIME OF DEPOSIT. PLEASE MY DEAR, AM SORRY TO TELL YOU THIS, THERE WILL BE A LITTLE EXPENSES TO BE MADE BY BOTH OF US, SINCE MY LATE HUSBAND DEPOSITED THIS $38 MILLION IN A SECURITY COMPANY IN THE YEAR 2010 AND IT HAS ACCUMULATED A DEMURRAGE FEE.

IF ALL I HAVE WRITTEN IS OK WITH YOU, SEND ACROSS TO ME THE FOLLOWING

(1) YOUR FULL NAMES
(2) YOUR TELEPHONE NUMBER
(3) AGE AND OCCUPATION
(4) MARITAL STATUS AND ADDRESS

FOR FURTHER PROCESSING TO RECEIVE MY FUND ON YOUR NAME. AS I READ FROM YOU I WILL FEED YOU WITH MORE DETAILS PLEASE
REGARDS.

MRS. INNA KHODORKOVSKY

Email analysis :

NOTE : mnnakhodorkosky@gmail.com
NOTE : mnnakhodorkosky@mail.com.ru
NOTE : 46.36.217.65 ()

Thursday, November 24, 2016

bill 73726332

See you in court !!!

Subpoena for

Matthew Riley

Link analysis :

CLICK : Subpoena for
OPEN : http://techsmart.vn/backup/get.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
RESULT : 404 Error...

Email analysis :

NOTE : matthew@trattnerlaw.com
NOTE : Received : from unknown (HELO trattnerlaw.com) (190.108.92.109)

,

Cash Grant

Hello.

I'm Raymond Scott Bells, My wife and I won $50-million Lotto Max cheque,in Edmonton,we have decided to donate to the less privileged and charity projects all over the world, and make at least 5 people millionaires.

To verify, please see our interview by visiting the web page below.

http://www.ctvnews.ca/canada/after-life-of-struggle-alberta-truck-driver-wife-win-50m-lotto-prize-1.2526163

Get back to me with your name,address,Gender,Country and phone number for more details on how you can receive

your Cash Grant.

Here is my personal email raymondsbells@yandex.com contact me as soon as possible.

Stay Bless

Mr Raymond Scott Bells

Email analysis :

NOTE : raymondsbells@yandex.com
NOTE : maggib@btnet.is
NOTE : client-ip=5.23.79.39;

Tuesday, November 22, 2016

Maerskline Shipping BL (Phishing + Virus)

FYI

Please see attached shipping documents.

1 attachment(s)
Download | View

Best Regards

MAERSK LINE
One Commercial Place, 20th Floor
Norfolk, VA 23510
Phone: 757-857-4800
Fax: 757-852-3232
© Maersk Group.

Virus :

CLICK : DOWNLOAD
OPEN : http://original-documents.alkhalifa.pw/document/FAX_001.zip
RESULT : UNRESPONSIVE

Phishing analysis :

CLICK : View
OPEN : http://eretailday.org/img/shippingdoc/index.html
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://my.maerskline.com/?_nfpb=true&_pageLabel=page_tracking3_trackSimple

Email analysis :

NOTE : logistics@maerskline.com
NOTE : Received : from unknown (HELO ?192.168.2.254?)
NOTE : (198.72.31.234)