Saturday, December 23, 2017

Merry Christmas

Merry Christmas to all...


http://www.scam.cz

the Former United States Ambassador

This is Mr. Good Luck the Former United States Ambassador Republic of Benin, I came down here in Cotonou Benin Republic for an ECOWAS meeting and I was searching for some files that I left in this office before I left and found out that you have not received your fund, and I asked the present ambassador Mr Smith John what happened that you have not receive your fund and he said that you refused to pay the required fee for the delivery of your ATM CARD.amount of money $5.8m

I'm contacting you this morning because the director of the ATM CARD center here in Benin Republic said that they will divert your ATM CARD to the Government Treasury just because that you cannot pay for the service fee of your ATM CARD which is $150 only according to them.

But I told them to wait until I hear from you today so that I will know the reason why you rejected such amount of money $5.8m which will change your life just because of $150

I want your urgent response as soon as you receive this email and explain to me the reason why you have abandon your ATM CARD because of $150. But if you don't need it then I can change your name to another person so that this Government will not claim this money but I know that you will love to have it.

Please my dear I want to help you to receive this fund because it was a big shock to me that you have not receive your ATM CARD and withdraw your money since 1 year now and I'm very sorry for that and you will receive your fund before the end of this meeting which will take us 4 days and I will be here to monitor it until you everything is get done.

This is where you should send the fee today and don't fail to do that as I have said.But remember you are advise to send via money gram transfer or RIA due to they have problem going to western union they case with western union is at the court.

Receiver Name====NWAKWU HYCENTH
Country =======Benin Republic
City ============= Cotonou
Text Question ===== today
Answer ============ Yes
Amount ======== $150
Sender Name ====
Mtcn ====
I will wait to hear from you today with the mtcn number.

Call Me or text me +1(917) 708-7874

Finally, make sure that you reconfirm your full details.
1) FULL NAMES:
2) DELIVERY ADDRESS:
3) PHONE NUMBER/
4) COUNTRY:

Mr.Good Luck
the Former United States Ambassador to Republic of Benin,

u.ambassador19@yahoo.com

Email analysis :

NOTE : u.ambassador19@yahoo.com
NOTE : "www."@tempo.ocn.ne.jp
NOTE : Received : from mzcstore412.ocn.ad.jp (mz-fcb412p.ocn.ad.jp
NOTE : [153.149.245.10]) by vcwebmail.ocn.ad.jp (Postfix)
NOTE : X-Originating-Ip : [5.62.43.32]

Activate your Email Subscription to: THIS IS THE LAST WARNING, BE CAREFUL (Blackmail)

You received this message because someone requested an email subscription for *@* to a FeedBurner feed. If you did not make this request, please ignore the rest of this message.

(YOU SHOULD NOT IGNORE THIS MESSAGE OTHERWISE ALL YOUR PRIVACY WILL BE EXPOSED)

I guess there isnt good news

I setup an very small malware in a porn website (adult videowebsite) and you viewed the videos (you know what im talking,).

While you were watching the videos my malvware started to work as a RDP (remote desktop view) with a keylogger and i had access to your device screen and camera.

My malvware also collected your contacts (from email, social network, etc...)

After this i started to record your screen and your camera at the same time. So i created an double-screen video (half side your camera watching porn and half side your screen).

As you might be thinking i had a lot of trouble doing all this.

You might be worried at this point but dont be, its simple to fix all this mess, all you have to do is pay me U$350, this value is enough to keep our little secret safe.

You will make my payment through Bitcoin (if you dont know how to buy Bitcoin search on google, its fast and easy, i recommend localbitcoins).

The Bitcoin address you have to send the money is: 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR

You only have 24 hours to send my money after reading this e-mail (i setup an special tracking pixel in this message and i will know when you read it).

If i do not receive my Bitcoins i will send your double-screen video to all contacts that i collected from you (including friends, co-workers, family).

If you are wise enough and send my money all the material will be deleted and you will not hear from me again.

--

This message was sent to you by FeedBurner (feedburner.google.com)
You received this message because someone requested a subscription to the feed, THIS IS THE LAST WARNING, BE CAREFUL.
If you received this in error, please disregard. Do not reply directly to this email.

Email analysis :

NOTE : 1EQ1SWvxFHfCq3ENjrCUN1KKwdK8XnrgkR
NOTE : Scam
NOTE : noreply+feedproxy@google.com

Monday, December 18, 2017

Attention: Your account status change ! (PayPal Phishing attempt)


PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?

Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.

Phishing screenshot :


Email analysis :

NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php

Phishing analysis :

CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt

Sunday, December 10, 2017

Final reminder: update your payment details

Please Update Your Payment Method Now

Dear Valued Netflix User

Sorry for the interruption, but we are having trouble authorizing your Payment Method.

Please visit the account payment page at

https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.

When you have finished, we will try to verify your account again.

If it still does not work, you will want to contact your credit card company.

To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.

Log In To account

If you have any questions, we are happy to help. Simply call us at 0800-917812.

The Netflix Team

Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.

Email analysis :

NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])


Phishing screenshot :


Phishing analysis :

CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :


VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :


VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :


VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :

MFL Company

ARE YOU IN NEED OF A LOAN? IF YES EMAIL US FOR MORE INFO WE ARE LOCATED HERE IN UNITED STATES. EMAIL US AT: (mflcompany1960@gmail.com) NAME...................... COUNTRY............ STATE............ LOAN AMOUNT NEEDED........... DURATION OF LOAN............. PHONE NUMBER............. WE ARE LOCATED HERE IN UNITED STATES. EMAIL US AT: (mflcompany1960@gmail.com)

Email analysis :

NOTE : mflcompany1960@gmail.com
NOTE : fsantamariaj@hnn.sa.cr
NOTE : Received : from zimbra-correo.hnn.sa.cr (zimbra-correo.hnn.sa.cr [10.122.0.180])
NOTE : by zimbra-proxy.hnn.sa.cr
NOTE : client-ip=68.232.147.136;

Would you want to be a crude oil license Operator ?

Hello, Have you ever thought of becoming a crude oil license operator ? I can guide you to acquire a crude oil seller mandate at ease with a known National Oil Company. I will give you details as soon as I hear from you. Best Regards Engr. Marcs Herman marcsherman@alumni.com

Email analysis :

NOTE : Received : from mail.wt.co.th (171-100-57-206.static.asianet.co.th. [171.100.57.206])
NOTE : client-ip=171.100.57.206;

Payment

Hello, are you still interested in the transaction?

Please e-Mail me immediately with your full address and Phone #. So I can re-communicate the transaction details to you.

God bless America !!

Respectfully,
Lt. Gen. Wendy Barnett (Mrs.),
APO 1256, SD...Delta Force 18 TG Airborne Corps, United States
e-Mail: w.mbarnett2@gmail.com

Email analysis :

NOTE : hamaoka.gb@grandbowl.jp
NOTE : noreply@us.army.mil
NOTE : aucvamos@aol.com
NOTE : Received : (from grandbowl@localhost) by www326b.sakura.ne.jp (8.14.5/8.14.5/Submit)
NOTE : X-Authentication-Warning : www326b.sakura.ne.jp: grandbowl set sender to hamaoka.gb@grandbowl.jp using -f
NOTE : Received : from www326b.sakura.ne.jp (www326b.sakura.ne.jp. [219.94.155.156])

W-II

W-IISent: Sun, 10 Dec 2017 06:59:26 -0500 (EST)
Subject: Re: W-II

Your Email Has Won

Email analysis :

NOTE : bmwautomobileprize@hotmail.com
NOTE : bcknew@centurylink.net
NOTE : eseosaa00@gmail.com
NOTE : X-Mailer : Zimbra 8.7.6_GA_1776 (zclient/8.7.6_GA_1776)
NOTE : Received : from [10.41.66.0] ([10.41.66.0:53450]
NOTE : Received : from smtp.centurylink.net (mail.onyx.syn-alias.com. [206.152.134.66])

Friday, December 8, 2017

Agent

To whom it may concern:

We bring you genuine and certified credit offer. Contact us for more details if you are honestly interested please. You can send a whatsapp message for more info at +91-720-433-5745

Email analysis :

NOTE : maryjaynewise2342@gmail.com
NOTE : Received : from unknown (HELO acsgsemail1.acsgs.com)
NOTE : ([65.248.101.241])