Hello,
Donation proposal for you, Contact me for more details.
Regards,
Greg.
Email analysis :
NOTE : gregoryniklos@gmail.com
NOTE : jimenezm319@cod.edu
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu ([::1])
NOTE : by MAIL13.cdnet-ad.ad.cod.edu ([::1])
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : by MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : Received : from MAIL13.cdnet-ad.ad.cod.edu (10.11.0.3)
NOTE : by EDGE1.cod.edu (10.11.0.106)
NOTE : Received : from mail.cod.edu (edge1.cod.edu [192.203.136.103])
NOTE : X-Originating-Ip : [105.112.35.87]
NOTE : cod.edu server was used to relay this scam
NOTE : jimenezm319 account was used to relay this scam.
NOTE : @collegedupage server was used to relay a scam.
Tuesday, April 25, 2017
Compensation Settlement On Escrow Accounts. (IMF Scam)
INTERNATIONAL MONETARY FUND
1900 PENNSYLVANIA Ave NW
WASHINGTON DC.
20431.
Attention Beneficiary
This is to formally inform you that your file on your fund transfer has reached Mr. Carla Grasso Managing Director of the IMF(The International Monetary Fund). We are also aware that your transaction has been dormant for a while now, and we will like to know why. It will be in your own interest to get back to the department director Mr David who is in charge of the transfer unit of IMF, get back to him as soon as possible, failure to do so we shall confiscate your funds to charity.
Email.......imf_davidhanks147@yahoo.com
Fill Out the information to him if you are ready to get your FUNDS
Your Full Name:...............
Direct Phone:....................
Country.................
Occupation:.....................
Gender:.........
Age:..............
Bank details.............
A Scan Copy Of Your Identity Card Or Drivers License.
And take note any other email you receive form anybody claiming to have your fund should be sent to this office and you are advised to stop any transaction or payment to the institutions who have been in contact with you lately for they are scam and the FBI and EFCC are after them,so be smart the IMF is now in-charge of all dept .
We await your reply.
Have a good day.
Department Director
Mr. David Hanks
Email analysis :
NOTE : Received : from vizyontanitim.com
NOTE : (toroon12-1279381067.sdsl.bell.ca [76.65.206.75])
NOTE : imf.davidhanks247@gmail.com
NOTE : info@vizyontanitim.com
1900 PENNSYLVANIA Ave NW
WASHINGTON DC.
20431.
Attention Beneficiary
This is to formally inform you that your file on your fund transfer has reached Mr. Carla Grasso Managing Director of the IMF(The International Monetary Fund). We are also aware that your transaction has been dormant for a while now, and we will like to know why. It will be in your own interest to get back to the department director Mr David who is in charge of the transfer unit of IMF, get back to him as soon as possible, failure to do so we shall confiscate your funds to charity.
Email.......imf_davidhanks147@yahoo.com
Fill Out the information to him if you are ready to get your FUNDS
Your Full Name:...............
Direct Phone:....................
Country.................
Occupation:.....................
Gender:.........
Age:..............
Bank details.............
A Scan Copy Of Your Identity Card Or Drivers License.
And take note any other email you receive form anybody claiming to have your fund should be sent to this office and you are advised to stop any transaction or payment to the institutions who have been in contact with you lately for they are scam and the FBI and EFCC are after them,so be smart the IMF is now in-charge of all dept .
We await your reply.
Have a good day.
Department Director
Mr. David Hanks
Email analysis :
NOTE : Received : from vizyontanitim.com
NOTE : (toroon12-1279381067.sdsl.bell.ca [76.65.206.75])
NOTE : imf.davidhanks247@gmail.com
NOTE : info@vizyontanitim.com
Monday, April 24, 2017
Scan Data (VIRUS)
Number of images: 1
Attachment File Type: PDF
Description *
File analysis :
OPEN : Scan_*.pdf
SHA256 : d1efbca78f8847005a369ec24155723ccd257e58cd282429cc04f76f898743b7
RESULT : FILE IS A VIRUS
Virus analysis :
Antiy-AVL : Trojan[Downloader]/MSWord.Agent.bgy
Baidu : Multi.Threats.InArchive
CAT-QuickHeal : O97M.Downloader.AJI
ClamAV : Doc.Dropper.Dridex-6260340-0
Fortinet : WM/TrojanDownloader.7A51!tr
McAfee : W97M/Downloader.brv
McAfee-GW-Edition : BehavesLike.PDF.Trojan.qb
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Qihoo-360 : virus.office.obfuscated.1
Rising : Heur.Macro.Downloader.d (cloud:UJEmOxwGVqO)
TrendMicro : HEUR_VBA.O2
ZoneAlarm by Check Point : HEUR:Trojan-Downloader.Script.Generic
Email analysis :
NOTE : Received : from static.vnpt.vn (unknown [14.164.139.179])
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1)
NOTE : Gecko/20110929 Thunderbird/7.0.1
NOTE : Received : from gra-PC (unknown [114.31.8.46])
NOTE : Street view of 114.31.8.46
IP :
Attachment File Type: PDF
Description *
File analysis :
OPEN : Scan_*.pdf
SHA256 : d1efbca78f8847005a369ec24155723ccd257e58cd282429cc04f76f898743b7
RESULT : FILE IS A VIRUS
Virus analysis :
Antiy-AVL : Trojan[Downloader]/MSWord.Agent.bgy
Baidu : Multi.Threats.InArchive
CAT-QuickHeal : O97M.Downloader.AJI
ClamAV : Doc.Dropper.Dridex-6260340-0
Fortinet : WM/TrojanDownloader.7A51!tr
McAfee : W97M/Downloader.brv
McAfee-GW-Edition : BehavesLike.PDF.Trojan.qb
NANO-Antivirus : Trojan.Ole2.Vbs-heuristic.druvzi
Qihoo-360 : virus.office.obfuscated.1
Rising : Heur.Macro.Downloader.d (cloud:UJEmOxwGVqO)
TrendMicro : HEUR_VBA.O2
ZoneAlarm by Check Point : HEUR:Trojan-Downloader.Script.Generic
Email analysis :
NOTE : Received : from static.vnpt.vn (unknown [14.164.139.179])
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1)
NOTE : Gecko/20110929 Thunderbird/7.0.1
NOTE : Received : from gra-PC (unknown [114.31.8.46])
NOTE : Street view of 114.31.8.46
IP :
- 114.31.8.46
- 14.164.139.179
Congratulations!
Congratulations! You e-mail has just won you the sum of $1,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you by the National Lottery Secretary, Barrister. Mark Knox. Please contact him with your Qualification Number[OXG /101/231/BDB] as soon as possible.
Barrister. Mark Knox
National Lotto Secretary
Email: oxfaminternational9@gmail.com
Email analysis :
NOTE : oxfaminternational9@gmail.com
NOTE : buidoanquyet@hanam.gov.vn
NOTE : Received : from mail1.HaNam.gov.vn ([192.168.2.3])
NOTE : by MAIL2.HaNam.gov.vn (IBM Domino Release 9.0 HF683)
NOTE : Received : from mail.hanam.gov.vn (mail.hanam.gov.vn. [113.160.198.113])
NOTE : A governmental vietnamese website was used to relay a scam.
Barrister. Mark Knox
National Lotto Secretary
Email: oxfaminternational9@gmail.com
Email analysis :
NOTE : oxfaminternational9@gmail.com
NOTE : buidoanquyet@hanam.gov.vn
NOTE : Received : from mail1.HaNam.gov.vn ([192.168.2.3])
NOTE : by MAIL2.HaNam.gov.vn (IBM Domino Release 9.0 HF683)
NOTE : Received : from mail.hanam.gov.vn (mail.hanam.gov.vn. [113.160.198.113])
NOTE : A governmental vietnamese website was used to relay a scam.
Vous avez de nouveau message ( Phishing Société Générale )
Cher(e) Client(e),
Votre conseiller vous informe que vous avez reçu un message important
conçernant votrecPass ,
eAccèsuàxvosxcomptes
Cordialement
Société Générale
sg
Email analysis :
NOTE : X-Php-Originating-Script : 0:njd.php
NOTE : e@atosucire.com
NOTE : Received : by batidocs.fr (Postfix, from userid 33)
NOTE : Received : from batidocs.fr ([46.101.97.198])
Phishing analysis :
CLICK : eAccèsuàxvosxcomptes
OPEN : http://ecodebredpasrapel.com/votrecode
REDIRECT : http://www.drivegeelong.com.au/journal/url/njd
RESULT : Phishing attempt...
Affected services :
NOTE : e@atosucire.com (Spoofed email.)
NOTE : batidocs.fr (46.101.97.198) (Relaying the phishing email.)
NOTE : ecodebredpasrapel.com (Hosting the redirect to the phishing.)
NOTE : drivegeelong.com.au (Hosting the phishing.)
NOTE : Société Générale (Victim.)
Votre conseiller vous informe que vous avez reçu un message important
conçernant votrecPass ,
eAccèsuàxvosxcomptes
Cordialement
Société Générale
sg
Email analysis :
NOTE : X-Php-Originating-Script : 0:njd.php
NOTE : e@atosucire.com
NOTE : Received : by batidocs.fr (Postfix, from userid 33)
NOTE : Received : from batidocs.fr ([46.101.97.198])
Phishing analysis :
CLICK : eAccèsuàxvosxcomptes
OPEN : http://ecodebredpasrapel.com/votrecode
REDIRECT : http://www.drivegeelong.com.au/journal/url/njd
RESULT : Phishing attempt...
Affected services :
NOTE : e@atosucire.com (Spoofed email.)
NOTE : batidocs.fr (46.101.97.198) (Relaying the phishing email.)
NOTE : ecodebredpasrapel.com (Hosting the redirect to the phishing.)
NOTE : drivegeelong.com.au (Hosting the phishing.)
NOTE : Société Générale (Victim.)
Banco Santander (Brasil) S.A. | Evite Bloqueio de sua conta (*) (Phishing Attempt)
Banco Santander S.A.
Prezado(a) Cliente,
Comunicamos que seus dados cadastrais encontram-se desatualizados em nosso sistema.Para que você possa desfrutar dos benefícios com comodidade e segurança, pedimos que você efetue a Atualização Cadastral de Segurança imposta pelo nosso sistema.
Este procedimento deve ser efetuado, evitando o bloqueio aos canais Santander tais como Telefone, Internet Banking e Caixas Eletrônicos.
Para evitar a suspensão automática desses serviços, habilite suas atualizações clicando no botão abaixo.
Este recurso só é ativado se você aceitar, e é atualizado a partir de servidores certificados..
Deseja confirmar suas definições de segurança?
Confirmar
Banco Santander (Brasil) S.A. CNPJ: 90.400.888/0001-42 Avenida Presidente Juscelino Kubitschek, 2041 e 2235 - Bloco A, Vila Olímpia, São Paulo/SP - CEP 04543-011
Screenshot of the phishing :
Email analysis :
NOTE : Received : by ip-160-153-226-153.ip.secureserver.net
NOTE : (Postfix, from userid 33)
NOTE : 160.153.226.184
NOTE : X-Mailer : Microsoft Office Outlook, Build 17.551210
NOTE : X-Mailer : iGMail [www.ig.com.br]
Phishing analysis :
CLICK : Confirmar
OPEN : http://ip-160-153-229-233.ip.secureserver.net/cadastro/*
RESULT : Phishing is unresponsive...
Prezado(a) Cliente,
Comunicamos que seus dados cadastrais encontram-se desatualizados em nosso sistema.Para que você possa desfrutar dos benefícios com comodidade e segurança, pedimos que você efetue a Atualização Cadastral de Segurança imposta pelo nosso sistema.
Este procedimento deve ser efetuado, evitando o bloqueio aos canais Santander tais como Telefone, Internet Banking e Caixas Eletrônicos.
Para evitar a suspensão automática desses serviços, habilite suas atualizações clicando no botão abaixo.
Este recurso só é ativado se você aceitar, e é atualizado a partir de servidores certificados..
Deseja confirmar suas definições de segurança?
Confirmar
Banco Santander (Brasil) S.A. CNPJ: 90.400.888/0001-42 Avenida Presidente Juscelino Kubitschek, 2041 e 2235 - Bloco A, Vila Olímpia, São Paulo/SP - CEP 04543-011
Screenshot of the phishing :
Email analysis :
NOTE : Received : by ip-160-153-226-153.ip.secureserver.net
NOTE : (Postfix, from userid 33)
NOTE : 160.153.226.184
NOTE : X-Mailer : Microsoft Office Outlook, Build 17.551210
NOTE : X-Mailer : iGMail [www.ig.com.br]
Phishing analysis :
CLICK : Confirmar
OPEN : http://ip-160-153-229-233.ip.secureserver.net/cadastro/*
RESULT : Phishing is unresponsive...
Subscribe to:
Posts (Atom)