Thursday, June 30, 2016

Account Alert: Personal Safe Key (PSK)

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance. American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. to create your PSK (Personal Safe Key).
Note: You will be redirected to a secure encrypted website. The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

Create your PSK

Kind regards,
Dave Barry

American Express. All rights reserved.

Screenshot of the email :


Email analysis :

NOTE : AmericanExpress@welcome.aexp.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from adsl-97.79.107.137.tellas.gr (79.107.137.97)


NOTE : Account Alert: Personal Safe Key (PSK)

Phishing analysis :

CLICK : Create your PSK
OPEN : http://verifybyamericanexpress.com/create
NOTE : Website is unresponsive...
NOTE : Domain name analysis...

verifybyamericanexpress.com analysis :

Domain name: verifybyamericanexpress.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-06-27T16:00:00Z
Creation Date: 2016-06-28T14:44:31Z
Registrar Registration Expiration Date: 2017-06-27T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Registrant Name: Mong Lwan
Registrant Organization: n\\a
Registrant Street: 33 Xiamen road
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350318
Registrant Country: CN
Registrant Phone: +86.7543376322
Registrant Fax: +86.7543376322
Registrant Email: cs@now.cn
Admin Name: Mong Lwan
Admin Organization: n\\a
Admin Street: 33 Xiamen road
Admin City: Xiamen
Admin Province/state: FJ
Admin Postal Code: 350318
Admin Country: CN
Admin Phone: +86.7543376322
Admin Fax: +86.7543376322
Admin Email: cs@now.cn
Tech Name: Mong Lwan
Tech Organization: n\\a
Tech Street: 33 Xiamen road
Tech City: Xiamen
Tech Province/state: FJ
Tech Postal Code: 350318
Tech Country: CN
Tech Phone: +86.7543376322
Tech Fax: +86.7543376322
Tech Email: cs@now.cn
Name Server: a.dnspod.com
Name Server: b.dnspod.com
DNSSEC: unsigned
Billing Name: Mong Lwan
Billing Organization: n\\a
Billing Street: 33 Xiamen road
Billing City: Xiamen
Billing Province/state: FJ
Billing Postal Code: 350318
Billing Country: CN
Billing Phone: +86.7543376322
Billing Fax: +86.7543376322
Billing Email: cs@now.cn

FROM:..USA DEPARTMENT OF HOMELAND SECURITY!!!.

I,m Jeh Charles. Johnson. The secretary of the U.S Department of Homeland security Washington DC. Office Address: 3801 Nebraska Ave NW, Washington, DC 20016, United States. We received a report from ECOWAS that you have an abandoned fund worth $4.5 Million in West Africa. I have instructed ECOWAS and the concerned authorities to bring the consignment box to our Head office in Washington DC. the fund will arrive my office today. I want you to kindly Reconfirm Your Full Name, Current Home Address, Nearest Airport and your Direct Cell Phone # So that arrangement can be made for the delivery of the consignment to your home address. You can reach me on this email: Hon.jehjohnson01@gmail.com

I can be reached at: (202) 753_0288. Leave me a text or Voice Message if i am unavailable to answer.

(1)Your Full Name: _______________
(2)Current complete Home Address: ___________
(3)Direct tel/mobile Phone Number: ______________
(4)Name of your Nearest Airport: _______________________
(56)A Copy of Your ID for Identification: _____________________

I wait to hear from you.

Honorable Jeh C. Johnson
The secretary of
the U.S Department of
Homeland security
Washington DC
Office Address:
3801 Nebraska Ave NW,
Washington, DC 20016,
United States.

Email analysis :

NOTE : makeobi@azdiamondbacks.com
NOTE : X-Originating-Ip : [41.86.234.171]


NOTE : 63.144.116.250

From Dr.Isabella Jefferson

Hello dear friend,

I'm Dr.Isabella Jefferson I am a UNITED STATES MILITARY NURSE

From united states of America. Am supportive and caring, looking forward to get a nice friend. I read your profile from professional link network and pick interest on you. I will like to establish mutual friendship with you. Please let continue our conversation through my private email box.Here is my email address ( drisabellajeffersonus@gmail.com ) I will introduce myself better and tell you the reason why i contact you also send you my picture as soon as i receive your mail.Thanks and regards.

Dr.Isabella Jefferson

Email analysis :

NOTE : drisabellajeffersonus@gmail.com
NOTE : aminadukson760@asia.com
NOTE : Received : from 41.82.51.166 ([41.82.39.175])


NOTE : by mail.gmx.com (mrgmxus002)

Attention To This Urgent Message!

UNITED NATIONS / WORLD BANK ORGANIZATION / FBI
UNITED NATIONS HOUSE, 617/618.
BA ZENTRAL BANK, OAK-HILL HOUSE,
130 TON-BRIDGE ROAD, HILDENBOROUGH, TONBRIDGE, KENT TN11 9DZ

Our Ref: YBNGWB/UN/2016.

Attention: Dear Beneficiary,

APPROVED COMPENSATION PAYMENT AWARD OF US$1.5M.

This is to inform you that a Debit Cash Card Number 7876310003001420 Valued at US$1.5 Million United States Dollars has been accredited in your favour.Be aware that you were listed among many who have had various transactions by Republic Du Benin Cotonou banks stalled due to the inability of the corruption riddled past government. Details of the cleared proceedings were erased in a bid to loot funds. As a measure to resolve and correct these mishaps, the present government of the Federal Republic Du Benin Cotonou has approved your bank transaction and certified you to receive the money without hitch. Please contact Barrister.Gilbert Jean, an expertriate mandated by United Nations to cover all outstanding claims due to foreigners since 2014 till date. Contact him via Email:(barrister.gilbert.j.esq.org@gmail.com) with the following information to facilitate your claims as the FBI, WORLD BANK and UNITED NATIONS AUTHORITIES has made every necessary provision to ensure that payment goes to you as the beneficiary:.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,

Sir. Mike Dave.
CIV NAVSUBTORPFAC YORK.
UN ASSIGNED AGENT.

-----------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This message may contain any discussion of legal matters, hence should be taken as an authoritative interpretation of the law.
-----------------------------------------------------------------------------------------------------------------------

Email analysis :

NOTE : barrister.gilbert.j.esq.org@gmail.com
NOTE : comautomotor@speedy.com.ar
NOTE : Received : from localhost (1n1.terra.com [208.84.242.167])


NOTE : (authenticated user comautomotor!speedylm)

Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Dear valued clients,

Our company is a professional manufacturer for Bluetooth earphone,Bluetooth hearing protection earphone, Bluetooth noise cancellation headphone etc., products section, We have been a pioneer for Bluetooth earphone, hearing protection earphone, Active noise cancellation headphone etc., since 2006.

Trust our 10 years of manufacturing experience and strong R & D capability, our professional and powerful 8 members in house R & D team will make your OEM/ODM orders happen!

Contact us today for more our products information and prices lists, look forward receiving your feedback!

Warmest regards,
Frank Young,

Email analysis :

NOTE : huixinsoft41@foxmail.com
NOTE : Return-Path : < tzvseqjkp@wlrl.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : base64
NOTE : Sender : Frank
NOTE : Received : from unknown (HELO wlrl.com) (60.167.133.108)


NOTE : Received : from PC-20150903UGRM ([127.0.0.1])
NOTE : Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Good Day How are you doing.

Good Day,

My name is Miss Ayeisha Nafisa Muhammad a 22 years old girl from Syria, and my father is late Hafez Amin Muhammad who was killed on August 2015 by the Islamic State Terrorist.

I saw your email profile on Google search and I become interested to know you more. I will be very happy to know more about you because I have some thing very important to tell you.

Attachment here is my photo; please reply me so that we can know each other and exchange pleasantries and more photos

Regards
Ayeisha Nafisa Muhammad.

my photo1.jpg

File analysis :

File seems clean : my photo1.jpg
Transmission Reference : UXta1tuzNqKzviXdJnfx
IPTC Digest : b634d4e5e8b221057ad73dd3236c03a6

Instructions :

FBMD01000abf030000e6080000ab100000b6110000ed120000f11700000522000017230000882400001e26000063370000

Special Instructions :

%14%13%03%d3]4%d1%a6%df%d3}4%d3G%ba%d3%cd4%d3F%9b%d7M4%d3F%fa%d7]4%d3G%9d%d7m4%d3G%f5%d7%bd4%d3M9%dbm4%d3M{%db}4%d3O<%db%8d4%d3M^%db%ad4%d3N%b7%df%bd4%d3

Email analysis :

NOTE : ayeishanafisa@yahoo.com
NOTE : Return-Path : < ayeishanafisa@yahoo.com >
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Disposition à prסpos de la ligne mobile (Phishing Free)

Bon jour

CFR

( Centre

Francais de

Recouvrement )

Screenshot of the email :


Email analysis :

NOTE : infos@titowape.com
NOTE : Content-Type : text/html; charset=UTF-8
NOTE : Content-Type : application/xhtml+xml
NOTE : Content-Disposition : inline
NOTE : Return-Path : < prefet@paroles-musique.com >
NOTE : Content-Transfer-Encoding : base64
NOTE : Received : from paroles-musique.com ([104.36.17.205])
NOTE : Disposition à prסpos de la ligne mobile

Phishing analysis :

CLICK : Se connecter
OPEN : http://dakarp.com/jame*.asp
RESULT : Phishing was removed
RESULT : Phishing attempt...

Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Iazalde.Ludwig@alpestour.com
sent you some files
The updated agreement with RTS Consulting

Download

Files (6.24 MB total)
SageAccts 2016-06-29.zip
Will be deleted on
30 June, 2016

Get more out of WeTransfer, get Plus

About WeTransfer Contact Legal Powered by Amazon Web Services To make sure you can receive our emails, please add noreply@wetransfer.com to your trusted contacts

Link analysis :

CLICK : Download
OPEN : https://www.cubbyusercontent.com/pl/SageAccts+2016-06-29.zip/_24cfcb038b1b4223ae0b4d0cc41ecdbe
DOWNLOAD FILE : SageAccts 2016-06-29.zip

File analysis :

FILE : SageAccts 2016-06-29.zip
SHA256 : b50fe4e0b2bfa1e8157c306e7293fb9d097a91b99bf34621a3246211bb5368e2

FILE IS A TROJAN !!!

Avira (no cloud) : HEUR/Suspar.Gen
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@alpestour.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : 1.161.133.80;


NOTE : Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Kindly respond for more details

Am Captain Kelvin Ken Miller currently I need you assistant to move some funds out of Iraq

Email analysis :

NOTE : genjohnwnicholson@ighomail.com
NOTE : abruant@virgilio.it
NOTE : Received : from User (unknown [105.227.180.214])


NOTE : by neptune.exsilia.net (Postfix)

Wednesday, June 29, 2016

My Name is Sr. ADALBERTO CESÁRIO

My Name is Sr. ADALBERTO CESÁRIO

I am from Portugal I have been diagnosed with cancer. It has defiled all forms of medical treatment, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone (not even myself) but my business. Though I am very rich, I was never generous, I was always hostile to People and only focused on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. I would want to have a Personal and Trustworthy Relationship with you, as I intend and willing to empower the change of ownership for the transfer of my Deposits to your personal possession for further Investment and Charity Disbursement to the Less Privilege and Homeless. This is my private email address adalcesario93@gmail.com,write to me urgently.

I will send you the photos of me and my very hopeless and selfish family members, including my wife, who I learnt is getting married to my personal friend and attorney,

Thank you for your due consideration. God be with you.

Yours Brother.

Sr. ADALBERTO CESÁRIO

Email analysis :

NOTE : adalcesario91@hotmail.com
NOTE : client-ip=65.55.90.91;


NOTE : sender IP is 25.152.2.59


NOTE : Thread-Topic : My Name is Sr. ADALBERTO CESÁRIO
NOTE : Content-Language : en-US
NOTE : Mime-Version : 1.0
NOTE : X-Ms-Has-Attach :

Catering

Hello my name is Charles i will like to know if you do catering service and can i know if you are the owner or manager, what is your name and do you accept credit card ?

Email analysis :

NOTE : ccarson5524@gmail.com
NOTE : claudesq@outlook.com
NOTE : kcarson0007@gmail.com

Low Mailbox Space (Update Your Mailbox To Avoid Error) (Phishing)

Dear User,

Your mailbox quota is full
This may cause your mailbox fault or you may not be able to receive more e-mail

To continue using your mailbox, you need to immediately upgrade your mailbox quota. This service is free.

Upgrade mailbox quota here

Once the upgrade is complete, your mailbox will work effectively.

Mail Administrator 2016

Screenshot of the email :


Email analysis :NOTE :

NOTE : Return-Path : < hazmi@almadar-group.net >
NOTE : Mime-Version : 1.0
NOTE : X-Authenticated-Sender : host.arabsgate115.com: hazmi@almadar-group.net
NOTE : X-Get-Message-Sender-Via : host.arabsgate115.com:
NOTE : authenticated_id: hazmi@almadar-group.net
NOTE : Received-Spf : client-ip=209.59.186.52;
NOTE : Received : from host.arabsgate115.com (host.arabsgate115.com. [209.59.186.52])
NOTE : Received : from [95.141.31.22] (port=59484 helo=[10.129.123.246])


NOTE : by host.arabsgate115.com
NOTE : Low Mailbox Space (Update Your Mailbox To Avoid Error)

Phishing analysis :

CLICK : Upgrade mailbox quota here
OPEN : http://ftxvisualprint.com.br/payment/2015alldomain/connectID.php
REDIRECT : http://ftxvisualprint.com.br/payment/2015alldomain/9vk88r49xgk3k5jjmf9lycov.php

PARAMETERS : ?rand=13InboxLightaspxn.*
PARAMETERS : &fid.*.*
PARAMETERS : &fid=1
PARAMETERS : &fav.1
PARAMETERS : &rand.13InboxLight.aspxn.*
PARAMETERS : &fid.*
PARAMETERS : &fid.1
PARAMETERS : &fav.1
PARAMETERS : &email=
PARAMETERS : &.rand=13InboxLight.aspx
PARAMETERS : ?n=*
PARAMETERS : &fid=4#n=*
PARAMETERS : &fid=1
PARAMETERS : &fav=1

SCREENSHOT :


CLICK : Login to continue
REDIRECT : http://ftxvisualprint.com.br/payment/2015alldomain/connect_phone.php
SCREENSHOT :


CLICK : Verify to continue
REDIRECT : TO THE PREVIOUS PAGE

Alice Watson

MY NAME IS MRS ALICE HUTTON WATSON.WIFE OF LATE AMBASSADOR OF JAMAICA FROM IVORY COAST, PLEASE I WANT YOU TO REPLY ME BACK AS SOON AS YOU READ THIS MESSAGE BECAUSE I WANT TO DISCUSS SOMETHING VERY IMPORTANT WITH YOU, I AM A CANCER PATIENT WITH A VERY SHORT TIME TO LIVE AND I AM CONTACTING YOU BECAUSE I WANT TO ENTRUST THE SUM OF USD 12.7MILLION TO YOUR HAND AS A DONATION FOR CHARITY WORK., TO HELP THE MOTHERLESS CHILDREN AROUND YOU, THIS MONEY WAS DEPOSITED BY MY LATE HUSBAND IN ONE OF THE BANK HERE IN ABIDJAN, AND I AM WAITING FOR YOUR REPLY FOR MORE INSTRUCTION AND INFORMATION ABOUT THIS FUND, REGARD MRS ALICE HUTTON WATSON

Email analysis :

NOTE : phili.gordon73@yahoo.com
NOTE : beccab077@outlook.fr
NOTE : Received : from [98.138.88.237]


NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Sarah Ibrahim

How are you?

My name is Sarah.I am a woman and I would like to add you as my friend and establish a lasting relationship with you please If you are interested to know more about me write i will send you my picture and tell you more about me. I'll be waiting to hear from you soon,

Sarah

Email analysis :

NOTE : theenchantedcat@yahoo.com
NOTE : sarahibrahim10@hotmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Rép : Urgent Response

Salam - Greetings,

May the peace and blessings of Allah be with you. It's nice to have you as a contact. I'm Dr. Mohammed Khalid, from Benghazi - Libya. I'm a private investor and a retired financial expert, I'm interested in investing in any lucrative investment opportunity in the sectors such as Pharmaceutical industry, Resort/real estate, production, technology, start-ups, Cosmetics, Medical center/Clinics, agriculture, mining or any other lucrative business proposal, business plan or business concept would be welcomed.

Send me your business proposal via email to discuss the investment possibilities and terms of cooperation. More details that will assist this investment project would be much welcomed. Shokran!!

I hope to hear from you as soon as possible.

Kind Regards,
Dr. Mohammed Khalid
Benghazi - Libya
+218-6899-37388

Email analysis :

NOTE : mohdkhalid78@yahoo.com
NOTE : no.reply@drkhalid.co.uk
NOTE : Received : from User ([223.197.151.47])


NOTE : by imsantv99.netvigator.com

johnson helen

Hello, My name is Helen i will be very happy to know you and have you as my good friend, And also have important thing to share with you . Have a nice day .

Your new friend
Helen

Email analysis :

NOTE : johnsonhelen16@hotmail.com
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : client-ip=216.109.115.62;

: Congratulation you are one of BMW Lucky Winner Contact: davideric431@gmail.com

Congratulation You are one of the ten(10) lucky 2016 end of the year promo winner, please contact Game Manager to claim your price: bmw davideric431@gmail.com

NOTE; delivery charges are winner responsibility

Email analysis :

NOTE : davideric431@gmail.com
NOTE : pop03.mail.atl.earthlink.net@lhr.comsats.net.pk
NOTE : Organization : BWM AUTOMOBIL
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at trancom.ru
NOTE : User-Agent : RoundCube Webmail/0.2.2
NOTE : X-Sender : pop03.mail.atl.earthlink.net@lhr.comsats.net.pk
NOTE : Received : from mail.trancom.ru (mail.trancom.ru. [93.188.188.10])

Tuesday, June 28, 2016

FROM JIMMY CHIEN.

Mr. Jimmy Chien
Vice President/Branch Manager
Industrial and Commercial Bank of China (USA) NA
South San Francisco Branch
235 Grand Avenue, Suite No. 101
South San Francisco, CA 94080, USA

Greetings,

I am Mr. Jimmy Chien, Vice President /Branch Manager ICBC South San Francisco Branch here in California. I am contacting you base on my facts finding about your reputation and someone I can trust for this purpose. The content of my email is a bit detailed that is why I first seek your permission, to let you know before emailing my proposal so that you won't trash it when I do. Please grant me your permission to email you my proposal of which I know will be acceptable to you if you are willing to be honest with me.

Waiting for your response.

Mr. Jimmy Chien,
Vice President/Branch Manager
Industrial and Commercial Bank of China (USA) NA
South San Francisco Branch.

Email analysis :

NOTE : jmmchien@gmail.com
NOTE : 2055@charter.net
NOTE : 164.132.34.5


NOTE : Received : from drennydread.name
NOTE : (ns3266123.ip-5-39-79.eu [5.39.79.125])

Top Rank in Google

Hi,

I hope you are doing great.

We can get your website on the first page of Google, Yahoo, Bing. Kindly reply us on this e-mail for more info. If you can give me a website URL I can do a detailed analysis and send quotes accordingly

Best Regards,

Sapna Rani

PS: I will be happy to send the “Proposal” and “Pricing” furthermore

Email analysis :

NOTE : sapnarani876@outlook.com
NOTE : client-ip=65.55.34.205;

Can You Handle This?

Hello,

Greetings! Although, I do not know you in person; I am Mrs. Suzanne Mubarak from Egypt. There uncertainty in Egypt. As a result of political crisis and my husband have a serious problem with the government, for this l need your assistance to receive my reserved fund for safe keeping or for reinvestment in your country.

Be inform, all requirement to transfer the fund to you little by little will be in your name as l will tell my bank you are my foreign manager. If you will render your service to me I will pay you 30% percentage out of the total amount of (50,000,000.00) (U.S.D)

The fund is deposited in Standard Chartered bank Asia, notify me if you can handle my fund as l have made inquiring on how l can transfer the fund to your country for investment and l was advised that l must employed a services of local Citizen in your country.

Email analysis :

NOTE : susane.m@mail.com
NOTE : khailijunai@gmx.com
NOTE : Received : from User ([42.153.57.10] unverified)


NOTE : by angelina.baramultigroup.co.id

Régulariser votre situation (Phishing CIC)

correttamente , on

Bonjour,

Un nouveau Message est disponible sur votre Messagerieo
Nous venons de nous apercevoir que vous avez ete debite deux fois l'ors de votre achats.
Regler votre situation en Cliqueant sur le lien ce-dessous :

Regler votre situation

Nous vous remercions de votre confiance.

Ce courriel vous a été envoyé par un système automatique d'émission de messages.
L'adresse d'émission n'est pas une adresse de courriel classique.
Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

LINGE DE LIT LINGE DE BAIN LINGE DE TABLE LES ENFANTS

Email screenshot :


Email analysis :

NOTE : serviice@modele-lettre-type.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < www-data@modele-lettre-type.com >
NOTE : Received : from modele-lettre-type.com ([185.107.213.241])
NOTE : Received : by modele-lettre-type.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:ao.php
NOTE : Régulariser votre situation

Phishing analysis :

CLICK : Regler votre situation
OPEN : http://elbandito.com.pl/apis.php
REDIRECT :

data:text/html;https://www.cic.fr/fr/banques/particuliers/;base64,PFNjcmlwdCBMYW5ndWFnZT0nSmF2YXNjcmlwdCc+DQo8IS0tINiq2LTZgdmK2LEgQW0zUmVmaC5Db20gLS0+DQo8IS0tDQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgnJTNDJTY4JTc0JTZEJTZDJTNFJTNDJTY4JTY1JTYxJTY0JTNFJTNDJTJGJTY4JTY1JTYxJTY0JTNFJTNDJTYyJTZGJTY0JTc5JTNFJTBBJTNDJTc0JTY5JTc0JTZDJTY1JTNFJTQzJTQ5JTQzJTIwJTNFJTIwJTQ5JTY0JTY1JTZFJTc0JTY5JTY2JTY5JTYzJTYxJTc0JTY5JTZGJTZFJTNDJTJGJTc0JTY5JTc0JTZDJTY1JTNFJTBBJTA5JTA5JTNDJTZDJTY5JTZFJTZCJTIwJTcyJTY1JTZDJTNEJTIyJTczJTY4JTZGJTcyJTc0JTYzJTc1JTc0JTIwJTY5JTYzJTZGJTZFJTIyJTIwJTc0JTc5JTcwJTY1JTNEJTIyJTY5JTZEJTYxJTY3JTY1JTJGJTc4JTJEJTY5JTYzJTZGJTZFJTIyJTIwJTY4JTcyJTY1JTY2JTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTcwJTYxJTZDJTY5JTYzJTZCJTZGJTc2JTYxJTY2JTZGJTc0JTZGJTJFJTYzJTdBJTJGJTZDJTZGJTY3JTczJTJGJTZDJTZGJTY3JTJGJTY5JTZEJTY3JTJGJTY2JTYxJTc2JTY5JTYzJTZGJTZFJTJFJTY5JTYzJTZGJTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTIyJTc1JTc0JTY2JTJEJTM4JTIyJTNFJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTU4JTJEJTU1JTQxJTJEJTQzJTZGJTZEJTcwJTYxJTc0JTY5JTYyJTZDJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTQ5JTQ1JTNEJTQ1JTZEJTc1JTZDJTYxJTc0JTY1JTQ5JTQ1JTM3JTIyJTNFJTBBJTBBJTBBJTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTQzJTZGJTZFJTc0JTY1JTZFJTc0JTJEJTU0JTc5JTcwJTY1JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTc0JTY1JTc4JTc0JTJGJTY4JTc0JTZEJTZDJTNCJTIwJTYzJTY4JTYxJTcyJTczJTY1JTc0JTNEJTU1JTU0JTQ2JTJEJTM4JTIyJTNFJTBBJTIwJTNDJTczJTc0JTc5JTZDJTY1JTNFJTBBJTIwJTIwJTdCJTZEJTYxJTcyJTY3JTY5JTZFJTNBJTMwJTNCJTcwJTYxJTY0JTY0JTY5JTZFJTY3JTNBJTMwJTNCJTdEJTBBJTY4JTc0JTZEJTZDJTJDJTBBJTYyJTZGJTY0JTc5JTIwJTIwJTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTZGJTc2JTY1JTcyJTY2JTZDJTZGJTc3JTNBJTY4JTY5JTY0JTY0JTY1JTZFJTNCJTdEJTBBJTc0JTYxJTYyJTZDJTY1JTIwJTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc0JTYxJTYyJTZDJTY1JTJEJTZDJTYxJTc5JTZGJTc1JTc0JTNBJTczJTc0JTYxJTc0JTY5JTYzJTNCJTBBJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNBJTYzJTZGJTZDJTZDJTYxJTcwJTczJTY1JTNCJTdEJTBBJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTIwJTdCJTY2JTZDJTZGJTYxJTc0JTNBJTZDJTY1JTY2JTc0JTNCJTIwJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTIwJTc3JTY5JTY0JTc0JTY4JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTJFJTY4JTY1JTYxJTY0JTY1JTcyJTIwJTdCJTYyJTZGJTcyJTY0JTY1JTcyJTJEJTYyJTZGJTc0JTc0JTZGJTZEJTNBJTMxJTcwJTc4JTIwJTczJTZGJTZDJTY5JTY0JTIwJTIzJTMwJTMwJTMwJTdEJTBBJTJFJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTIwJTdCJTY4JTY1JTY5JTY3JTY4JTc0JTNBJTMxJTMwJTMwJTI1JTNCJTdEJTBBJTNDJTJGJTczJTc0JTc5JTZDJTY1JTNFJTBBJTBBJTBBJTIwJTIwJTIwJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTNDJTY5JTY2JTcyJTYxJTZEJTY1JTIwJTczJTcyJTYzJTNEJTIyJTY4JTc0JTc0JTcwJTNBJTJGJTJGJTc3JTc3JTc3JTJFJTcwJTYxJTZDJTY5JTYzJTZCJTZGJTc2JTYxJTY2JTZGJTc0JTZGJTJFJTYzJTdBJTJGJTZDJTZGJTY3JTczJTJGJTZDJTZGJTY3JTJGJTIyJTIwJTY2JTcyJTYxJTZEJTY1JTYyJTZGJTcyJTY0JTY1JTcyJTNEJTIyJTMwJTIyJTNFJTNDJTJGJTY5JTY2JTcyJTYxJTZEJTY1JTNFJTBBJTA5JTIwJTIwJTBBJTNDJTJGJTYyJTZGJTY0JTc5JTNFJTNDJTJGJTY4JTc0JTZEJTZDJTNFJykpOw0KLy8tLT4NCjwvU2NyaXB0Pg==

DATAS EXTRACTED : تشفير Am3Refh.Com
DATAS EXTRACTED : http://www.palickovafoto.cz/logs/log/
DATAS EXTRACTED : http://www.palickovafoto.cz/logs/log/first.php?token=*&default=*

SCREENSHOT :


CLICK : OK
REDIRECT + SCREENSHOT :


CLICK : Confirmer
SCREENSHOT :


Domain analyis palickovafoto.cz :

domain: palickovafoto.cz
registrant: FORPSI-C8V-S503870
nsset: NSS:ISOL:1
registrar: REG-INTERNET-CZ
contact: FORPSI-C8V-S503870
name: Mgr.Pavla Pali??kov??
address: Ben??tsk?? 296
address: Krmel??n
address: 73924
address: CZ
registrar: REG-INTERNET-CZ
created: 05.04.2014 14:32:05
nsset: NSS:ISOL:1
nserver: ns1.isol.cz (89.187.131.40)
nserver: ns2.isol.cz (89.187.131.41)
tech-c: FORPSI-LAZ-C151031
registrar: REG-INTERNET-CZ
contact: FORPSI-LAZ-C151031
org: ISOL Int. s.r.o.
name: ISOL Int. s.r.o.
address: Borivojova 35/878
address: Praha 3
address: 13000
address: CZ
phone: +420.724979858
registrar: REG-GRANSY

Domain analysis elbandito.com.pl :

DOMAIN NAME: elbandito.com.pl
registrant type: individual
nameservers: ns1.dahost.pl. [91.228.199.2]
ns2.dahost.pl. [91.228.196.26]
no option
dnssec: Unsigned
TECHNICAL CONTACT:
company: Biznes-Host.pl sp. z o.o.
street: Grottgera 16/1
city: 60-758 Pozna??
location: PL
phone: +48.618667050
last modified: 2011.02.17
REGISTRAR:
Biznes-Host.pl sp. z o.o.
Grodziska 17a/4
60-363 Pozna??
Tel: +48.616624200
bok@biznes-host.pl

During your last purchase (Phishing Paypal)

Header Image

Privacy Policy for PayPal Services Copyright ©2016

PayPal fraud prevention set standards by presenting the best security solution in the industry that make your business more secure.If you do not renew your paypal account will be limited or closed permanently

Update Your Account Info. Please click below.

Thank you for choosing PayPal

border

Copyright ©2016 All rights reserved.

Email analysis :NOTE :

NOTE : Return-Path : < *@sendgrid.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : ColdFusion 9 Application Server
NOTE : client-ip=50.31.42.127;
NOTE : Received : from o1.email.britishsoapawards.tv ([50.31.42.127])
NOTE : Received : by filter0036p1las1.sendgrid.net
NOTE : Received : from vaya-backend09-optusrts (unknown [103.1.216.177])
NOTE : by ismtpd0018p1sin1.sendgrid.net (SG)
NOTE : During your last purchase

Phishing analysis :

CLICK : THE BUTTON
OPEN : https://bit.ly/1RFlDg4
REDIRECT : http://64.71.78.238/CFIDE/web.html
REDIRECT : http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php
SCREENSHOT :


CLICK : Log In
REDIRECT http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php?error_login_id=*#


NOTE : THE LOGIN ASK FOR A VALID PASSWORD...
NOTE : SHORT THE URI TO http://horseridingholidaysgb.co.uk/php/update_info/
SCREENSHOT :


NOTE : FUNNY...
NOTE : CHANGE IP
SCREENSHOT :


NOTE : LAUGHT...

Do you need a loan? $5,000.00 to $1,000,000.00 at 2%

Do you need a loan? $5,000.00 to $1,000,000.00 at 2%, Interested and serious person contact us.

Name:
Amount needed:
Duration:
country:
Mobile Number:

Thanks.

Email analysis :

NOTE : unbloaninvestment@gmail.com
NOTE : phong_tdda_skhdt@bacgiang.gov.vn
NOTE : Return-Path : < phong_tdda_skhdt@bacgiang.gov.vn >
NOTE : X-Originating-Ip : [10.9.11.2]
NOTE : Dkim-Filter : OpenDKIM Filter v2.9.2 mta1.bacgiang.gov.vn E73EA1220B5
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*.*.JavaMail.zimbra@bacgiang.gov.vn >
NOTE : X-Mailer : Zimbra 8.6.0_GA_1153 (ZimbraWebClient - GC51 (Win)/8.6.0_GA_1153)
NOTE : Thread-Topic :
NOTE : client-ip=125.212.128.218;
NOTE : Received : from mta1.bacgiang.gov.vn (mail.bacgiang.gov.vn. [125.212.128.218])

NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : Received : from mta1.bacgiang.gov.vn ([127.0.0.1])
NOTE : by localhost (mta1.bacgiang.gov.vn [127.0.0.1])
NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : Received : from mta1.bacgiang.gov.vn ([127.0.0.1])
NOTE : by localhost (mta1.bacgiang.gov.vn [127.0.0.1])
NOTE : Received : from mailstore1.bacgiang.gov.vn (unknown [10.9.11.12])
NOTE : by mta1.bacgiang.gov.vn (Postfix)
NOTE : The bacgiang.gov.vn servers were used to relay this scam.

vous avez un nouveau ✉ (Phishing CIC)

CI C

Cher(e) Client(e),

Lors de votre dérnier achat, vous avez été averti par un message vous informant de l'obligation d'adhérer à la nouvelle réglementation concernant la fiabilité pour les achats par C.B sur internet et de la mis en place d'un arrét pour vos futurs achats

Or, nous n'avons pas, ce jour , d'adhésion de votr part et nous sommes ou regret de vous informer que vous pouvez plus utiliser votr cart sur internet

Adhésion : cIiquant ici

Merci de la confiance que vous nous témoignez

Cordialement

Conseil d'administration

Email screenshot :


Email analysis :

NOTE : mdl@geosoc.fr
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Return-Path : < www-data@geosoc.fr >
NOTE : Received : from geosoc.fr ([84.39.46.170])
NOTE : Received : by geosoc.fr (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:lkhourza.php
NOTE : Message-Id : < 20160628050458.0648121078@geosoc.fr >
NOTE : vous avez un nouveau ✉

Phishing analysis :

CLICK : Adhésion : cIiquant ici
OPEN : http://royalapparels.com/cgi/
REDIRECT : http://marcellocampos.com.br/loja/magmi/state/-/mpl/lpf/zero/normal42/accorde/*
REDIRECT : http://marcellocampos.com.br/loja/magmi/state/-/mpl/lpf/zero/normal42/accorde/*/lb.php?id=*&default=*
SCREENSHOT :


CLICK : OK
SCREENSHOT :


NOTE : ANALYSIS WITH NO REDIRECT IF THE PASSWORD IS WRONG

Domain analysis : marcellocampos.com.br

domain: marcellocampos.com.br
owner: Marcelo Campos
responsible: Turbo Web Internet
country: BR
owner-c: MAACA45
admin-c: ZAB
tech-c: WAA218
billing-c: MAACA45
nserver: nsbra16.hostgator.com.br
nsstat: 20160627 AA
nslastaa: 20160627
nserver: nsbra17.hostgator.com.br
nsstat: 20160627 AA
nslastaa: 20160627
created: 20070704 #3724896
expires: 20220704
changed: 20150719
status: published
nic-hdl-br: MAACA45
person: Marcelo Andr? de Campos
created: 20070109
changed: 20160126
nic-hdl-br: WAA218
person: Willianson de Almeida Araujo
created: 20050409
changed: 20130401
nic-hdl-br: ZAB
person: Zilda Aparecida Bagattini
created: 19971223
changed: 20151230

Monday, June 27, 2016

Dr. David Patrick

Read carefully ,

This is to inform you that International Monetary Fund IMF is compensating all the scam victims $2.700,000.00USD each, and your email address was found in the scam victim's list. This Western Union head office has been mandated by the IMF Director to transfer your compensation fund to you via Western Union Transfer Daily. We the western union office here stated that you will be receiving your fund $2.700.000.00 at the maximum of $5,000.00 daily until the whole money is completely transfer to you. We have sent out your first payment $5,000 but it placed on hold because your payment is not yet activated. BELOW IS YOUR FIRST PAYMENT $5,OOO.OOUSD but still on hold

MTCN#________________________ 8860-3341-09#
Sender’s First Name:------- David
Sender’s Last Name:------Patrick
Sender’s Location:------- Seattle,Benin Republic
Amount sent:------- $5000

Remember we need your full information as where we will be sending the funds, such as to avoid wrong transfer,

Receiver name:-________
Address:-__________
Country:-____________
Phone number:-_____________

Note that you are not expected to pay for transfer charges all the fee has been paid by International Monetary Fund the depositor. The only fee you will you send before you will start picking up your daily payment $5,000.00 as it was sign is only $105.00 for the activation of your western union payment transfer files. Note that your payment files will be returned to the IMF within 72 hours if we did not hear from you, this was the instruction given to us by the IMF.

Contact us Below:westernunionm4@gmail.com
Call me now +229-98151176

Thanks,
Dr.David Patrick
The Western Union Director Benin Republic
Call me now +229-98151176

Email analysis :

NOTE : westernunionm4@gmail.com
NOTE : massage.@ocn.ne.jp
NOTE : X-Originating-Ip : [104.167.217.234]

Steiner, D Ms : Dir NEPAD, Africa Multilateral, DIRCO

Hello, can i share with you a business? kindly reply!! (sergio_bed111@163.com)

Disclaimer: This email and files transmitted with it contain confidential and privileged information and are intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please -

- do not read, disseminate, distribute, copy or take action in reliance on this email and
- delete it immediately and arrange for the deletion thereof on your server, and
- notify the administrator of the Department of International Relations and Cooperation at postmaster@dirco.gov.za immediately.

Any unauthorised, use duplication or interception of this e-mail or any files transmitted with it is expressly and strictly prohibited. No representation, guarantee or undertaking (expressed or implied) is made or given

- As to the confidentiality or security of the e-mail system' Or
- As to the accuracy of the information in this email and any files transmitted with it is virus-free.

No responsibility or liability is accepted for:

- the proper, complete transmission of the information contained in this email or any files transmitted with it or any delay in its receipt; or rising from or as a result of the use of or reliance on the content of this email or any files transmitted with it. Any views expressed in this email or any files transmitted with it are not necessarily the views of the Department of International Relations and Cooperation. Queries regarding this emails or any files transmitted with it, should be directed to postmaster@dirco.gov.za.

This disclaimer forms part of the content of this e-mail for purposes of section 11 of the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Email analysis :

NOTE : SteinerD@dirco.gov.za
NOTE : Content-Language : en-ZA
NOTE : Mime-Version : 1.0
NOTE : client-ip=196.14.41.164;

FW: Your Shipping Documents (DHL Phishing)

Shipping Documents Receiver's eMail: ***@***.com

Greetings,

As instructed by your shipper, we have attached below the secured PDF copies of your shipping documents and your shipment tracking details from our international logistic partner, DHL Epress.

Click Here To View Your Documents And Shipment Tracking Details : www.dhl.com/documents/0094325.pdf

At Co-Logistics we offer best Service Delivery Commitment with shipper & client.

*´¨)
¸.• ´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•'* Best Regards
(¸.•'* .•*´¨)
Smith Wan *
(¸.•'*
Sales Excutive

Cooperate Logistics Co.,Ltd
************************

Head Office
Rm 2401-2502,Guidu Bld, Chungfeng Rd,
Luohu, Shenzhen, China
Phone: (86) 755 88863799
Email: info@co-logistics.com
URL: www.co-logistics.com
Image result for Carrier: DHL FedEx UPS TNT

Phishing analysis :

CLICK : www.dhl.com/documents/0094325.pdf
REDIRECT : http://namaren.com/jyg/DHL/tracking.php?userid=***@***.com

Email analysis :

NOTE : jbarba@morsco.com
NOTE : Mime-Version : 1.0
NOTE : X-Originating-Ip : [14.139.59.197]


NOTE : client-ip=157.56.111.70;

Phyllis  Riccia

Greetings, We've obtained your details from career builder Inc, Database, and considered you as an ideal representative for the HOME-BASED job position detailed below. I am Mr Phyllis  Riccia, Chief Executive Officer of Equator Oil and Gas Ltd. We are an OPEC member that deals on crude oil, raw materials and export to Canada, United Kingdom, America,Europe and Asia.We are searching for receiving/payment officer who can help us establish a medium of getting to our customers as well as making payments through you to us. Also as part of our vision to help in eradicating JOBLESSNESS in the global world. We are now seeking qualified personnel to be our company offshore REPRESENTATIVE. We would like to use this medium to inform you that a vacant position exists for you in our CREDIT and PAYMENT COLLECTION DEPARTMENT. Export Company. Fill the details below FULL NAME................. FULL HOME ADDRESS.......... CITY....... STATE..... ZIP CODE.... AGE... PHONE/FAX NUMBERS............ OCCUPATION................. Mr Barriter Christian Paul Chief Executive Officer Equator Oil and Gas Ltd. N:B:  All we need is your Trust, Honesty & Communication.    Mr, Phyllis  Riccia.

Email analysis :

NOTE : phriccia@yahoo.com
NOTE : ricciap@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : Mime-Version : 1.0
NOTE : 98.138.91.114

Private Discussion

Hello,
I am looking for a joint business partner to invest $ 26 million value.

Find my private e-mail: jo853268074_3442145@yahoo.com , to reply if you are interested.

Dr. Jorasse

Email analysis :

NOTE : emp.tihc@yahoo.ca
NOTE : info@expo-viagens.pt
NOTE : client-ip=213.13.175.87;


NOTE : Received : from [192.168.8.100]
NOTE : (unknown [41.85.189.163])

United Nations Compensation Commission (UNCC)

Attention;

This is coming to you in regards to the recent meeting within the United Nations based on the Agreement with the World Bank Assistance Project. This email come to those who are yet to receive their compensation/inheritance/winnings and who have been scammed in any part of the world, this includes every foreign contractors that may have not received their contract sum, and people who had unfinished transaction or Compensation payments which failed due to Government problems etc. The UNITED NATIONS have agreed to compensate you with the sum of $4,700,000.00 USD (Four Million, Seven Hundred Thousand United States Dollars). Your name and email was in the list submitted by our Monitoring Team observers and this is why we are contacting you, this has been agreed upon and signed. You are advised to contact Mr. Alex Bates, as he is our representative in the USA. Contact him immediately for your Compensation payment of $4,700,000.00 USD (Four Million, Seven Hundred Thousand United States Dollars) which will be released directly to you through an ATM MasterCard in accordance with legal clearance and procedures. However, you should send him your Full Name/Telephone Number/Residential Address/Gender and Occupation. Contact Mr. Alex Bates immediately for your compensation payment by replying to this email or emailing the address below:

Mr. Alex Bates
Email Address: info.alexbates@gmail.com

I expect your urgent attention to this email to enable me monitor this payment effectively. Most importantly you shall be requested to pay the sum of $350 only covering the application fee, processing fee, evaluation fee and mailing cost of your ATM MasterCard with 100% no extra charge or hidden fees involved. Payment will be made to our payment office in the USA only.

Good luck and kind regards,
Making the world a better place!

Yours Faithfully,

Dr. Joan Clos I Matheu.
Executive Director United Nations Human Settlements Programme
United Nations Compensation Commission (UNCC)

Email analysis :

NOTE : info.alexbates@gmail.com
NOTE : Received : from mail.com
NOTE : (158.ip-149-56-134.net [149.56.134.158])

Promo Telecom - TIM

Vuoi navigare alla massima velocità e chiamare tutti illimitatamente? Scegli la qualità! Passa a Tim Impresa Semplice, il partner ideale per il tuo Business. Ecco l'offerta di rete fissa riservata ai nuovi clienti (valida sia per i nuovi impianti telefonici sia per i passaggi da altro gestore)

TUTTO

1 LINEA: 35 euro al mese + iva per SEMPRE
2 LINEE (ISDN): 60 euro al mese + iva per SEMPRE

- Internet ILLIMITATO fino a 30 Mega in copertura Fibra
- Telefonate ILLIMITATE verso tutti i numeri Fissi e Mobili nazionali
- Router WiFi con installazione inclusa
- 1 indirizzo IP statico
- Chi è, Avviso di chiamata e Trasferimento di chiamata inclusi
- No canone Telecom
- Nessuna quota di attivazione
- Assistenza garantita in 24 h

E per il tuo cellulare scopri i vantaggi della PROMO VIP e della PROMO CRASH che ti consentono di avere chiamate ed SMS illimitati e internet a volontà con velocità 4G RISPONDICI via EMAIL rilasciandoci un tuo recapito telefonico per essere contattato da un nostro Consulente e approfondire senza impegno le offerte di rete fisse e mobile.

Cordiali Saluti

Business Partner Telecom-TIM
Commerciale Multibrand
Soluzioni per la Telefonia & Energia

Email analysis :

NOTE : 164.132.34.3
NOTE : info@sfcmultibrand.it
NOTE : client-ip=95.227.233.46;

Rép : Confirm Your Payment With United Nations 511

Our Ref: CITI/BKL/STB
Your Ref:

======================================================

WORLD BANK GROUP AND UNITED NATION ORGANIZATION do hereby give this irrevocable approval order with Release Code: GNC/3480/02/00 in your favor for your contract entitlement/award winning payment with the UNITED NATION to your nominated bank account.. Now your new Payment, United nation Approval No;UN5685P,White House Approved No:WH44CV, Reference No.-35460021, Allocation No: 674632 Password No: 339331 ,Pin Code No: 55674 and your Certificate of Merit Payment No : 103 ,Released Code No:0763; Immediate Citibank Telex confirmation No:-1114433 ; Secret Code No: XXTN013, Having received these vital payment number , therefore You are qualified now to received and confirm Your payment with the United Nation immediately within the next 72 hrs. As a matter of fact, you are required to Deal and Communicate only with MR SCOTT PETERS, DIRECTOR INTERNATIONAL REMITTANCE CITIBANK OF UNITED KINGDOM, with the help and monitory team from the CITIBANK OF NEW YORK which is our official remitting bank, Committee On Foreign Payment Matters in United Nation, has look up to make sure you receive your fund valued $8.3m. So contact: MR SCOTT PETERS on his contact information, Direct Telephone Number: +447087645791 Email: scott.peters36@aol.com for immediate release of your contract/inheritance/Award Winning claim Be informed that you are not allowed to correspond with any person or office anymore, You are required to send bellow information for your transfer.

1) YOUR FULL NAME:
2) ADDRESS, CITY, STATE AND COUNTRY.
3) PHONE, FAX AND MOBILE
4) COMPANY NAME (IF ANY) POSITION AND ADDRESS
5) BANK DETAILS, BANK NAME ACCOUNT NO, ROUTING NO, /SWIFT CODE AND BANK ADDRESS.
6) PROFESSION, AGE AND MARITAL STATUS MARRIED
7) COPY OF YOUR INT'L PASSPORT/DRIVERS LICENSE

NOTE: YOUR PERSONAL CONTACT/COMMUNICATION CODE WITH CITIBANK IS(511),YOU ARE ADVICE TO SEND YOU FULL BANKING INFORMATION TO THE CITIBANK OF LONDON INTERNATIONAL REMITTANCE DIRECTOR HEADED BY MR SCOTT PETERS AND MAKE SURE YOU SPEAK WITH HIM, WITH YOUR NEW PAYMENT CODE FOR RELEASE OF YOUR PAYMENT AND SEND HIM ALL YOUR BANKING
INFORMATION NOW.

CONTACT CODE (511)
OFFICER: MR SCOTT PETERS.
POSITION: DIRECTOR, INTL, REMITTANCE CITIBANK LONDON.
Telephone No +447087645791.
Fax Number: +448435622418,
EMAIL: scott.peters36@aol.com

MR. MARCEL A.BOISARD.
(CHAIRMAN COMMITTEE ON FOREIGN CONTRACT/AWARD WINNING PAYMENT UNITED NATION AND USA GOVERNMENT).

Email analysis :

NOTE : umi-bun@apricot.ocn.ne.jp
NOTE : scott.peter778@yahoo.es
NOTE : notice@citibank.co.uk
NOTE : Received : from wsip-70-169-155-102.hr.hr.cox.net
NOTE : ([70.169.155.102]:53335 helo=User)


NOTE : by default.servername.com with esmtpa (Exim 4.87)

HBR Shared Content from Mr. Ayoo Blah Vincent


From Mr. Ayoo Blah Vincent Abidjan, Côte d'Ivoire West Africa. E-mail:ayooblahvincent@vfemail.net Tel: 225 40 18 10 95 AgriBusiness Partner Needed. DEAR SIR How are you, I hope you are well and fine. I came to know of you while making a private search for agribusiness partner, I am Mr. Ayoo Blah Vincent a native of Baoule, most popular tribes here in my country cote d'iviore, I study here in the university and will be graduating in the next year, i have come to understand that an investor doesn't rely on good luck. Instead, they take the time to consider their investment goals. Then they develop a plan and choose investments that align with their needs and objectives. This is the reason why i am writing you this mail to seek your cooperation in developing the resourcess in my care, I stand as the eldest son of my parent ,late Mr and Mrs Ayoo Blah the rightfull owner of many forest in the west and north of COTE D'IVIORE , my father while still alive sold some potions of lands and forest to chinest investors,and to government the most recongnised forest in the capital city of the economic capital of the country known as BANCO FOREST here in abidjan.and kept the money in suspense accord which is duelly for onward transfer for investment. Sir, its with the vission of becoming an international business investor and i wish to seek collarboration with you to invest in AgriBusiness parternship , the forest exploration,Raw minierals and also lands development with the funds already deposited in the bank by our late parent,therefore, our business plan is to associate with a capable hands to transfer this funds to a secure account abroad. i will be very happy to work with you with all sincerity as i can assure you of good benefits if you can stand as our family business partner and secure this funds to your account for the investment. Looking forward to your soonest response. Yours sincerely. Mr. Ayoo Blah Vincent E-mail:ayooblahvincent@vfemail.net Tel: 225 40 18 10 95

To Develop Cultural Dexterity, Seek It Out
What military service taught me about bridging diverse groups.

HBR content shared by Mr. Ayoo Blah Vincent
VIEW LIST ON HBR.ORG
Interested in creating, editing and sharing content lists of your own?
Set up your free account and start using My Library on HBR.org today.

GO TO MY LIBRARY ON HBR.ORG NOW >

Email analysis :

NOTE : reply@hbr.messages5.com
NOTE : email@hbr.messages5.com
NOTE : client-ip=74.112.71.186;

I NEED YOUR QUICK REPLY.

Dear Beloved,

Please this is important and urgent as well as confidential that is why I kindly ask you to reply via this my direct and personal email address: mrsgracammachel@gmail.com With due respect, I must apologize for this unsolicited message, I am aware that this is certainly not a conventional way of approaching an unknown person for establishment of project and investment. But I respectfully insist you read this message carefully before you either take a decision of proceeding or deleting my message as I am optimistic it will be successful for unimaginable financial benefit for both of us and our families. I am Mrs. Graca Machel Mandela the wife of South African icon and freedom fighter late Nelson Rotlatla Mandela The former President of the republic South Africa from 1994 till1999 who died on December 5, 2013 after a protracted lung infection contacted during his 27th years of incarceration in robin island prison. Actually, I managed to get your contact details online here in Johannesburg South Africa in my desperate search for a trustworthy person to assist me in this confidential business transaction. (http://en.wikipedia.org/wiki/Gra%C3%A7a_Machel) As the Third wife of late Nelson Mandela, he deposited cash in a trust account on my name here in south Africa, for self keeping, he did this because he knew that upon his death, his lioness x-wife Winnie Mandela might use all her structural contacts within the AFRICAN NATIONAL CONGRESS [ANC] to deny me what is due to me as his wife who looked after him all this period he was on sick bed. As his instinct pre-informed him, his fears is ongoing right now, and as a Mozambican, all the family members have swooped on me, Opposing me that I should hand over the asset to them, and good of a thing that when my late husband deposited the money into the trust fund account on my hand we used my sons name, Mr. Malengani Machel, who is currently living here in Johannesburg South Africa, for security reason. My late husband, Nelson Mandela, deposited US$60.5 MILLIONS (Sixty Millions, Five Hundred Thousand United States Dollars) in cash in a bank here in South Africa through diplomatic channel, After his death, I and my son being in Johannesburg South Africa, decided to transfer this money out of South Africa for my family use since it is the only confidential thing we benefited. I have relinquished and waved most of his assets /estate willed to me as we are married in community of property for the interest of peace. This is genuine and not of criminal origin. I must then emphasize that this transaction is highly confidential and it is to be kept as such confidential. Therefore indicate your full interest on assurance of trust, so that we can actualize this great opportunity together and share the benefit together by the help of God. And in the area whereby you are not interested in this deal please kindly delete it immediately from your email. If you are interested, kindly provide me with your full names and direct private phone numbers.

Regards in sincerity,

Mrs Graca Machel
4th Street Houghton Estates
Johannesburg South Africa
Phone: No. +27839733172
Email: mrsgracammachel@gmail.com

Email analysis :

NOTE : gracamachel@hotmail.com
NOTE : vw1@arcor.de
NOTE : X-Webmailclientip : 41.246.151.201

no-reply (Phishing Hellobank > Free)

Hellobank!

Chère(e) Abonnée

vous avez un error de prélèvment freemobile , veuillez vérifier votre espace client dans le plus tot possible :

Montant : 32.01 €

vérifier maintenant

Hellobank!, SA au capital de 2 492 770 306 euros - Siège social : 16, boulevard des Italiens - 75009 PARIS. Immatriculée sous le n° 662 042 449 RCS PARIS - Identifiant CE FR76 662 042 449 - ORIAS n° 07 022 73.

Email screenshot :


Email analysis :

NOTE : no-reply@crypt.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < webmaster@web.pharmalink.cz >
NOTE : Received : from ispc03.suptech.cz ([81.19.11.204])
NOTE : Received : by ispc03.suptech.cz (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 33:admin.php
NOTE : no-reply

Phishing analysis :

CLICK : vérifier maintenant
OPEN : http://www.bollettiamo.it/
REDIRECT : http://www.bollettiamo.it/.../aa/HelloEspace/*/
SCREENSHOT :


CLICK : Accéder aux comptes

REDIRECT : http://www.bollettiamo.it/.../aa/HelloEspace/*/free/moncompte/index.php
SCREENSHOT :


Domain analysis :

Domain: bollettiamo.it
Status: ok
Organization: Luca Santaniello
Name: Luca Santaniello
Organization: Luca Santaniello
Name: Luca Santaniello
Organization: Luca Santaniello
Organization: Aruba Business s.r.l.
Name: WIDE-REG
Web: http://www.arubabusiness.it
Nameservers dns.widhost.net
Nameservers dns2.widhost.net