Tuesday, July 20, 2021

Votre certificat SSL a expiré (Phishing OVH)

S​​AS O​​V​​H - https://ww​​w.ov​​h.co​​m
2 r​​ue ‫Ke​​lle​​rman
BP 80157
591​​00 Ro​​ubaix

Le 18.07.2021 05:16

Madame, Monsieur,

A notre connaissance, nous n'avons toujours pas reçu le p​​​​​​​​​​​​​​aiem​​​​​​​​​​​​​​ent
d'un montant de 12,68€ pour votre r​​​en​​​​​​​​​​​​​​​ouv​​​​​ellem​​​ent du certificat SSL .

Nous attirons votre attention sur le fait que, si votre r​​​en​​​​​​​​​​​​​​​ouv​​​​​ellem​​​ent n'est pas réglée sous 2 jours,
Votre site web sera s​​​usp​​​endu
jusqu'a la reception de votre r​​​en​​​​​​​​​​​​​​​ouv​​​​​ellem​​​ent.

Vous pouvez procéder directement au r​​​en​​​​​​​​​​​​​​​ouv​​​​​ellem​​​ent par c​​​ar​​​te ban​​​caire à l'adresse suivante:

https://ww​​w.ov​​h.co​​m/fr/c​​gi-b​​in/order/r​​ene​​w.cgi?id=31IDL16nKT31sdOd89tjJtPBhu31HUYUhuhuyUIUt
(Cliquez directement sur le lien ou faites un copier/coller
directement dans votre navigateur Internet)

Cordialement,

L'équipe OVHcloud

[ref=1.31M16s3ih]

Email analysis :

NOTE : postmaster@fr.ovhservices.net
NOTE : client@mail.ovh
NOTE : Received : ⁨from bsmtp4.bon.at (bsmtp4.bon.at [195.3.86.186])
NOTE : Received : ⁨from bsmtp3.bon.at (unknown [192.168.182.108])

Phishing analysis :

SCREENSHOT :
CLICK : https://ww​​w.ov​​h.co​​m/fr/c​​gi-b​​in/order/r​​ene​​w.cgi?id=31IDL16nKT31sdOd89tjJtPBhu31HUYUhuhuyUIUt
OPEN : http://ar4.fre-pic.net/05:16/18.07.2021/?CVGYHJ90SW=78WSHKKL09
REDIRECT : PHISHING CLOSED.
REDIRECT : https://href.li/?https://www.ivrose.com
REDIRECT : https://www.ivrose.com

Friday, July 16, 2021

Partnership/ Greetings (Scam)

Dear Friend

My names are Mr Omar Ibrahim .G, I am from Syria, due to the brutal war in my country, i seek for your help in business investment in your country.

Please kindly get back to me for more details

Best Regards

Mr Omar Ibrahim .G

Email analysis :

NOTE : bb6706090@gmail.com
NOTE : X-Feas-Auth-User : ⁨testmail@mvd.kz⁩
NOTE : client-ip=84.240.207.29
NOTE : Received : ⁨from User ([27.109.115.141])
NOTE : (user=testmail@mvd.kz mech=LOGIN bits=0)
NOTE : by fortimail.mvd.kz
NOTE : Mr Omar Ibrahim .G

Important Updates (BTC Scam)

I am sorry to inform you that your device was compromised.

I'll explain what led to all of this. I have used a Zero Day vulnerability with a special code to infect your device through a website.
This is a complicated software that requires precise skills that I have. It works as a chain with specially crafted and unique code and that’s why this type of an attack can go undetected.
You only need one not patched vulnerability to be infected, and unfortunately for you – it works that simple.

You were not targeted specifically, but just became one of the quite a few unlucky people who got hacked that day.
All of this happened a few month ago. So I’ve had time to collect information on you.

I think you already know what is going to happen next.
During that time, my software was quietly collecting information about your habits, websites that you visit, searches you do, texts you send.
There is more to it, but I have listed a few reasons for you to understand how serious this is.

For you to clearly understand, my software controlled your camera and microphone as well and it was impossible for you to know about it.
It was just about right timing for me to get you privacy violated.

I’ve been waiting enough and have decided that it’s time to put an end to this.
So here is my offer. I need a consulting fee to delete the media content I have been collecting.
Your privacy stays untouched, if I get paid.
Otherwise, I will leak the most damaging content to your contacts and post it to a public tube for perverts to explore.

I understand how damaging this will be for you, and amount is not that big for you to keep your privacy.
Please dont blame me – we all have different ways of making a living.

I have no intention of destroying your reputation or life, but only if I get paid.
I don’t care about you personally, that's why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1650 US Dollars transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: 17U1BaXwyuxeX2sZyMjC25G8skrZ8mtTdz

The fee is non negotiable, to be transferred within 2 business days.
We use Bitcoin to protect my identity.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care.

Email analysis :

NOTE : client-ip=179.215.29.139
NOTE : virtua.com.br

Wednesday, July 14, 2021

Do you need a loan ? (Scam)

Dear Interested Applicant,

Are you looking for a loan or investment loan? We are a well reputable and registered company located in Greece. We can grant you the loan with an interest rate of 2.5%. We give loans to qualified applicants from 10.000 to 100.000.000,00 Euro/Dollars with a loan duration of 15 years.

If you are interested, kindly contact us via email.

MRS. KATIRA ANXHELA | LOAN ADVERT MANAGER

o: +30 699-665-5761 | f: 631-883-8536
HL.katira.hellenicloans@gmail.com
www.hellenicloans.webs.com

We provide much more than financing, work with our very own Shark @hellenicloans.webs.com

Notice to Recipient: This email is meant for only the intended recipient of the transmission, and maybe a communication privileged by law. If you received this email in error; you are hereby notified that any review, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message, all copies, and backups from your system.

This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Email analysis :

NOTE : loan@imixsolutions.com
NOTE : HL.katira.hellenicloans@gmail.com
NOTE : vps.vps.tonershop.com.mx NOTE : client-ip=44.227.17.73

Tuesday, July 13, 2021

Arnaque Sinexa

Mal au dos ?
Vous travaillez des heures au bureau ?
Des solutions existent !

> DÉCOUVRIR MAINTENANT

Les douleurs dorsales et lombaires, les sciatiques, peuvent être extrêmement gênantes au travail. Ce sur-siège lombaire s’adapte à n’importe quel siège, en voiture, au travail ou à la maison.

Ces deux supports (assise et dossier) peuvent vous suivre partout grâce à leur facilité de transport.

SATISFACTION
GARANTIE
EXPEDITION DE
FRANCE
TELEPHONE POUR NOUS JOINDRE
LIVRAISON
GRATUITE
SATISFAIT OU REMOURSÉ

Email analysis :

NOTE : PrevDos@dsd.coceare.icu
NOTE : http://dsd.coceare.icu/asumxytjghubxxnvkv-72014993-bbnditmk1o-16137-24359-0.php NOTE : https://sinexa.net/product/coussin-lombaire-chaise-de-bureau/

Phishing Crédit Agricole

Cher(e) Client(e),

Suite au changement de la réglementation concernant la fiabilité pour les achats avec votre carte bancaire sur internet, nous vous prions d'accepter les conditions de cette nouvelle réglementation et activer le service SecuriPass afin de garantir la sécurité de votre compte de toutes les actions frauduleuses .

Au lien suivant : https://www.credit-agricole.fr

Or si nous recevons pas de confirmation d'adhésion de votre part nous serons dans l'obligation de suspendre toute les achats avec votre carte bancaire et débloquer toute l'utilistation de votre carte sur internet.

Merci de la confiance que vous nous témoignez.

Cordialement,

© Crédіt AgricօIe 2021

Phishing analysis :

CLICK : https://www.credit-agricole.fr
OPEN : https://secure.ndcollege.in/img/credit/Agricole/Authentification/regionale.php
SCREENSHOT :



Email analysis :

NOTE : Younespedro2019@gmail.com
NOTE : SécuriPass- CERT°3208059248092
NOTE : Crédit Agricole: mise à jour obligatoir
NOTE : X-Mailer : ⁨PHPMailer logger for Apix Log 12.7.5
NOTE : (https://github.com/PHPMailer/apix-log-phpmailer)⁩
NOTE : client-ip=165.232.182.183