MRS.MELANIA TRUMP (Melania Trump Scam)

October 17, 2017, 10:06 pm

≫ Next: please add me on your LinkedIn network (LinkedIn Phishing)

≪ Previous: MRS MELANIA TRUMP GREETINGS MY DEAREST! ( Melania Trump Scam )

$

0

0

I'M MRS.MELANIA TRUMP AND THE CONTENT OF BELLOW MESSAGE IS SIGNED AND APPROVED BY UNITED BANK OF AMERICA.moreover,in respect of fact the sum of $50 million united dollars was instructed to transfer on your favor through check draft,And i wish to let you know that every necessary things has been accessed by IMF on the economic recovery program done by united state embassy in government house of Benin republic for victim who lost fund to con African artist ,And you have nothing to be worried about. Bellow is the required information i need from you so that the delivery of your check draft will commence immediately today

Home address:...........................................
Cell phone number:......................................
City:...................................................
valid Email Address................................

We advice you to prohibit any other transaction you are having with an unknown source to avoid regret there after.And we urge you to comply fast with the managerial demands so that you can have your legit check book with immediate effect as instructed from White house(Washington DC)

Thanks and always be bless

Email analysis :

NOTE : "ww1."@abeam.ocn.ne.jp
NOTE : X-Originating-Ip : [41.216.50.153]

Email leak :

timmy.t4@gmx.com, dave@ruraloregon.net, retiab_trevrep_corp@yahoo.com, sessavivi@gmail.com, montanahunter2015@yahoo.com, mr04248@gmail.com, ahdrianmallari14@gmail.com, stvesmthson33@gmail.com, praisethelord@maildrop.cc, maggiemcgill@hushmail.com, asiuk@live.co.uk, Dr.ivorbigone@yahoo.co.uk, bigmann768@gmail.com, poochie768@yahoo.com, stevecammer@outlook.com, kenneth.turse@gmail.com, takalanideki@mail.com, robinsavage447@gmail.com, aimerettromper@funmailx.com, becart.p@outlook.fr, madgekz3bonner@gmail.com, Woodsalex21@inbox.com, 15654@oakham.rutland.sch.uk, yannbongba@yahoo.fr, NP.eccomiqua@gmail.com, hughjanus@photographer.net, mikelitoris@consultant.com, theasmits@gmx.co.uk, buraktorun7@gmail.com, saveourunionflag@gmail.com, Enquiries@amc.edu.my, Troels.n.pedersen@danbolig.dk, sarah.dragsdahl@danbolig.dk, Alliross@hotmail.com, domagoj.rubesa@fh-joanneum.at, Jennyblack7272@gmail.com, gary.roaster@gmail.com, hugo35mm@gmail.com, dick838@spainmail.com, jswaglord@yahoo.com, pleasefillintheblank@hotmail.com, mizra9062@gmail.com, hugoferreiracamargo@gmail.com, hector.rowles@gmail.com, fisherm@sgaweb.net, mattallegra@mail.com, jasminedelancey@gmail.com, chelleanderson12@gmail.com, pegidaunited@outlook.com, frederic@hotmail.com, cherrybree289@gmail.com, cruise19allyson@gmail.com, rhejean16@gmail.com, lucy04anderson@gmail.com, happyatlast0@yahoo.co.uk, bsartstudios@outlook.com, aaronreid@windowslive.com, bofasaur@gmail.com, sergeikurkov@yahoo.co.uk, dionnex18@hotmail.co.uk, harrold.fiducious@gmail.com, johnnyjones101@mail.com, ChuckNorris1940official@outlook.com, realfakedocs@live.fr, taylorhelen66@gmail.com, cj96050@gmail.com, fransi@fransimalin.co.uk, drachenlords1510@live.de, engr.hanks@yahoo.co.za, Webinis123@gmail.com, jessicapierce318@gmail.com, marjac1997@gmail.com, meandcecilia@gmail.com, jw508328@gmail.com, whiter958@gmail.com, reverendtomjones@gmail.com, Jerry.fring@yahoo.com, Salamallikki@hotmail.com, cartoonherodude@gmail.com, richiecool84@hotmail.com, laurenmachan@hotmail.com, garywelburn@hotmail.com, realtopdocument@outlook.com, whiter958@msn.com, rob.karhu@gmail.com, keithspr3@hotmail.com, bill.martins@hotmail.com, rich.dude.swag@gmail.com, sperks548@gmail.com, mimsy_wimsy@hotmail.co.uk, Dr.Richard.Poke@gmail.com, rosettareiter@gmx.ch, matthew.g10025@yahoo.com, parkhurstrobert112@yahoo.com, aamirarais@yahoo.com, gbreezy820@gmail.com, jennatulls27@gmail.com, mikeandrewsma@yahoo.com

---

please add me on your LinkedIn network (LinkedIn Phishing)

October 24, 2017, 12:09 am

≫ Next: Hi User, you have 2 important invitations on your LinkedIn network

≪ Previous: MRS.MELANIA TRUMP (Melania Trump Scam)

$

0

0

LinkedIn

Hi ,

Debbie Wilkes want to add you to their network

Debbie Wilkes
CEO,at Rio trade Business Group
USA:5,640 connection

Accept
View Profile

© 2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.

You are receiving Invitation emails. Unsubscribe
This email was intended for you. Learn why we included this.

LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: 70 Sir John Roberson's Quay, Dublin 2

Email analysis :

NOTE : service-member@linkedln.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : X-Sender : LinkedInCorporation2017@service.net

Phishing screenshot :

Phishing analysis :

CLICK : View Profile
OPEN : http://yb82.myjino.ru/tt/linkedln/www.linkedin/Linkedin1/
SCREENSHOT :

Hi User, you have 2 important invitations on your LinkedIn network

October 24, 2017, 12:23 am

≫ Next: ATM CARD READY FOR DELIVERY

≪ Previous: please add me on your LinkedIn network (LinkedIn Phishing)

$

0

0

LinkedIn

These invitations are expiring this month.
Remember, each connection extends the reach of your network.

Dale Christel
CEO, Perm Mold Alum Castings and Machining at Watry Ind. 920-457-4886
Invitation expires: November 14
Yes, connect

Scott Fraser SIOR, CCIM
Senior Vice President at Kidder Mathews
Invitation expires: November 9
Yes, connect

See all invitations

Unsubscribe | Help
You are receiving Invitation emails.
This email was intended for LinkedIn user. Learn why we included this.
LinkedIn
© 2017 LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.

Email analysis :

NOTE : chair-e.business@meu.edu.jo
NOTE : X-Originating-Ip : [105.112.16.129]

Phishing screenshot :

Phishing analysis :

CLICK : Yes, connect
OPEN : https://pt-ipm.co.id/imcp2/wp-admin/includes/lm/js/i.php
REDIRECT : https://tachimitatape.co.id/xc/www.linkedin/53f12518b4dce443ab52eb662098f8cf/
SCREENSHOT :

ATM CARD READY FOR DELIVERY

October 31, 2017, 12:25 am

≫ Next: Bonjour ! (Arnaque)

≪ Previous: Hi User, you have 2 important invitations on your LinkedIn network

$

0

0

Greetings,

This is to officially inform you that ATM card number: 3774 2856 7847 9006 worth Eight Million Five Hundred Thousand($8.5 Million usd) has been credited in your favor in bid to compensate you on your contract payment since you are next on our inheritance file for the second part of this fiscal Year 2017.The card centre will send you an ATM CARD which you will use to withdraw your money in any ATM MACHINE in the world.

Your personal identification is ATM- 7997. Contact the verification officer BILL PETER (Mr.) on: (billpeter156@gmail.com) with the following for proper verification and claim processing:

Full Name:
Delivery Address:
Country:
Occupation:
Phone Number:
Fax Number:
Age:

NOTE:

You are also required to send to the verification officer/agent a means of Identification which should be a scan copy of your Driver’s License or International Passport for proper verification and authentication.

Regards

STATE INHERITANCE COMMITTEE.

Email analysis :

NOTE : teste@satconecta.com.br
NOTE : atmcentre@yahoo.com
NOTE : Received : from [41.230.9.124] (helo=User) by srv01.satconecta.com.br

Bonjour ! (Arnaque)

October 31, 2017, 4:15 am

≫ Next: Good Morning

≪ Previous: ATM CARD READY FOR DELIVERY

$

0

0

MINISTERE DE LA CITOYENNETE ET DE L'IMMIGRATION
DIRECTION GÉNÉRALE S.N.C-LAVALIN
Siège social de SNC-Lavalin, Boulevard René-Lévesque, à Montréal
Service Renseignement ! Tél : (+1) 815 242 7439 Tour de 22 étages 390,rue Bay, bureau 1600
E-mail: direction.snc.ca@gmail.com

*********************************

Accord de publication N° 001/GC/DRH/GOV- CA-CIC-2017

A votre Attention !!!

Cadres et Jeunes diplômés Bienvenus, Dans le souci de lutter contre le voyage clandestin, la pauvreté, de promouvoir l'emploi et à l'intégration Africaine au processus de la mondialisation, La Compagnie SNC-LAVALIN International en collaboration avec le service de Citoyenneté et Immigration au Canada lance une grande session de recrutement en cette d'année 2017.

En effet nous recherchons avant tout des personnes capables sans distinction de sexe qui pourront s'adapter à notre environnement de travail.

CONDITION A REMPLIR POUR TOUTE PERSONNE INTÉRESSÉE

1- Être âgé(e) entre 18 et 65 ans
2- Être titulaire au moins du BEPC BAC ou autres Diplômes Professionnels
3- Savoir parler le français ou l'anglais
4- Avoir de bonnes qualités relationnelles
5- Avoir une bonne moralité

PS: Pour plus d'informations et le retrait du formulaire, veuillez nous

envoyer vos coordonnées

Si vous êtes intéressés veuillez nous envoyer: NOM; PRÉNOMS; AGE; PAYS;NATIONALITÉ; PROFESSION; SEXE; NUMÉRO TÉLÉPHONE; ADRESSE: à l'adresse de la direction par Émail qui est la suivant: direction.snc.
ca@gmail.com puis nous contacter sur (+1) 815 242 7439 pour confirmation de votre inscription et pour plus d'informations sur les conditions à remplir et les pièces à fournir pour votre dossier de candidature.

Le chargé de l'information

Cordialement !!

Email analysis :

NOTE : Received : from (207.198.108.65) by wmlighttin.pc.tim.it;
NOTE : francesco.silvester@tin.it
NOTE : direction.snc.ca@gmail.com
NOTE : X-Originating-Ip : 207.198.108.65

Good Morning

November 2, 2017, 2:33 am

≫ Next: YOU COMPASATION (Scam)

≪ Previous: Bonjour ! (Arnaque)

$

0

0

Hello

You are not required to pay any FEES before your Inheritance Claim of UD$3.1M is paid to you as only a High Court sworn affidavit is needed.Respond so that we can proceed

Justice Mohammed Idris

Chief Judge, High Court of Justice

Email analysis :

NOTE : buba.marwa@aol.com
NOTE : arbitragesolicitors@gmail.com
NOTE : 217.64.113.210

YOU COMPASATION (Scam)

November 2, 2017, 2:38 am

≫ Next: Emailing: MD10 - 01.11.2017 (Virus)

≪ Previous: Good Morning

$

0

0

YOU COMPASATION

Nations (UN), European Union (EU) and FBI.We have been able to track down some scam artist in various parts of African countries which includes (Nigeria, Ghana and Senegal with cote d'ivoire ) and they are all in Government custody now, they will appear at International Criminal Court (ICC) soon for Justice. During the course of investigation, they were able to recover some funds from these scam artists and IMF organization have ordered the funds recovered to be shared among the 100 Lucky people listed around the World as a compensation. This notice is been directed to you because your email address was found in one of the scam Artists file and computer hard-disk while the investigation, maybe you have been scammed. You are therefore being compensated with sum of $3.8million US Dollars valid into an (ATM Card Number 506119102227). Since your email address is among the lucky beneficiaries who will receive a compensation funds, we have arranged your payment to be paid to you through ATM VISA CARD and deliver to your postal address with the Pin Numbers as to enable you withdrawal maximum of $4,000 on each withdrawal from any Bank ATM Machine of your choice, until all the funds are exhausted.

The package is coming from Cotonou, Republic of Benin. don't forget to reconfirm your following information.

1. Your Full Name:
2. Address Where You want us to Send Your ATM Card
3. Cell/Mobile Number:
contact Mr Dominic Fabian on his email address( barristermichealdestiny@yahoo. com) or you call him on
phone +229 99621178

Yours in Services
Barrister Micheal Destiny
MINISTERE DES FINANCES
ET DE L'ECONOMIE(M.F.E)
REPUBLIQUE DU BENIN

Email analysis :

NOTE : barristermichealdestiny@yahoo.com
NOTE : "www."@lily.ocn.ne.jp
NOTE : X-Originating-Ip : [197.234.219.110]

Emailing: MD10 - 01.11.2017 (Virus)

November 3, 2017, 12:48 am

≫ Next: DHL Shipment Notification (Phishing)

≪ Previous: YOU COMPASATION (Scam)

$

0

0

Your message is ready to be sent with the following file or link
attachments:
MD10 - 01.11.2017

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your
e-mail security settings to determine how attachments are handled.

--
Thanks & Regards
Eric Sherwin
Senior Officer
Accounts & Finacne

MD10 - 01.11.2017.doc

Email analysis :

NOTE : Eric_dhiman@dickscheid.net
NOTE : Received : from 84.120.144.159.dyn.user.ono.com
NOTE : (84.120.144.159.dyn.user.ono.com [84.120.144.159])

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Thunderbird/27.0

File analysis :

- OPEN : MD10 - 01.11.2017.doc
- FILE MD10 - 01.11.2017.doc is a virus

Virus analysis :

{"scans": {"Bkav": {"detected": false, "version": "1.3.0.9367", "result": null, "update": "20171102"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20171102"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20171103"}, "nProtect": {"detected": false, "version": "2017-11-03.01", "result": null, "update": "20171103"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20171102"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20171102"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20171031"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20171103"}, "VIPRE": {"detected": false, "version": "62170", "result": null, "update": "20171103"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20171103"}, "TheHacker": {"detected": false, "version": "6.8.0.5.2121", "result": null, "update": "20171102"}, "Alibaba": {"detected": false, "version": "1.0", "result": null, "update": "20170911"}, "K7GW": {"detected": false, "version": "10.29.25124", "result": null, "update": "20171102"}, "K7AntiVirus": {"detected": false, "version": "10.29.25131", "result": null, "update": "20171102"}, "Baidu": {"detected": true, "version": "1.0.0.2", "result": "Win32.Trojan-Downloader.Agent.kn", "update": "20171103"}, "F-Prot": {"detected": true, "version": "4.7.1.166", "result": "LNK/Downldr.gen", "update": "20171103"}, "Symantec": {"detected": true, "version": "1.4.0.0", "result": "Trojan.Mdropper", "update": "20171102"}, "ESET-NOD32": {"detected": true, "version": "16347", "result": "LNK/TrojanDownloader.Agent.HW", "update": "20171103"}, "TrendMicro-HouseCall": {"detected": true, "version": "9.950.0.1006", "result": "TROJ_POWLOAD.AUSJSH", "update": "20171103"}, "Avast": {"detected": true, "version": "17.7.3660.0", "result": "Other:Malware-gen [Trj]", "update": "20171103"}, "ClamAV": {"detected": true, "version": "0.99.2.0", "result": "Img.Dropper.PhishingLure-6362648-0", "update": "20171102"}, "Kaspersky": {"detected": true, "version": "15.0.1.13", "result": "Trojan-Downloader.MSWord.Agent.bqe", "update": "20171102"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Trojan.Agent.CPMC", "update": "20171103"}, "NANO-Antivirus": {"detected": false, "version": "1.0.100.19905", "result": null, "update": "20171103"}, "ViRobot": {"detected": true, "version": "2014.3.20.0", "result": "DOC.Z.Agent.132562", "update": "20171103"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20171103"}, "Ad-Aware": {"detected": false, "version": "3.0.3.1010", "result": null, "update": "20171103"}, "Emsisoft": {"detected": true, "version": "4.0.1.883", "result": "Trojan.Agent.CPMC (B)", "update": "20171103"}, "Comodo": {"detected": false, "version": "27990", "result": null, "update": "20171103"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Trojan.Agent.CPMC", "update": "20171103"}, "DrWeb": {"detected": true, "version": "7.0.28.2020", "result": "PowerShell.DownLoader.455", "update": "20171103"}, "Zillya": {"detected": false, "version": "2.0.0.3420", "result": null, "update": "20171102"}, "TrendMicro": {"detected": true, "version": "9.862.0.1074", "result": "TROJ_POWLOAD.AUSJSH", "update": "20171103"}, "McAfee-GW-Edition": {"detected": false, "version": "v2015", "result": null, "update": "20171103"}, "Sophos": {"detected": true, "version": "4.98.0", "result": "Mal/DownLnk-D", "update": "20171103"}, "Cyren": {"detected": true, "version": "5.4.30.7", "result": "ZIP/Trojan.VNUH-5", "update": "20171103"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20171103"}, "Webroot": {"detected": false, "version": "1.0.0.207", "result": null, "update": "20171103"}, "Avira": {"detected": true, "version": "8.3.3.6", "result": "TR/Agent.cznoe", "update": "20171103"}, "Fortinet": {"detected": true, "version": "5.4.247.0", "result": "LNK/Agent.AG!tr.dldr", "update": "20171103"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20171103"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20171103"}, "Arcabit": {"detected": true, "version": "1.0.0.827", "result": "Trojan.Agent.CPMC", "update": "20171103"}, "AegisLab": {"detected": true, "version": "4.2", "result": "Troj.Winlnk.Agent!c", "update": "20171103"}, "ZoneAlarm": {"detected": true, "version": "1.0", "result": "Trojan-Downloader.MSWord.Agent.bqe", "update": "20171103"}, "Avast-Mobile": {"detected": false, "version": "171102-04", "result": null, "update": "20171102"}, "Microsoft": {"detected": true, "version": "1.1.14306.0", "result": "TrojanDownloader:O97M/Donoff!lnk", "update": "20171103"}, "AhnLab-V3": {"detected": true, "version": "3.10.1.19128", "result": "LNK/Autorun.Gen", "update": "20171102"}, "ALYac": {"detected": false, "version": "1.1.1.2", "result": null, "update": "20171103"}, "AVware": {"detected": false, "version": "1.5.0.42", "result": null, "update": "20171102"}, "MAX": {"detected": true, "version": "2017.6.26.1", "result": "malware (ai score=99)", "update": "20171103"}, "VBA32": {"detected": false, "version": "3.12.26.4", "result": null, "update": "20171102"}, "WhiteArmor": {"detected": false, "version": null, "result": null, "update": "20171024"}, "Zoner": {"detected": true, "version": "1.0", "result": "LNKScript", "update": "20171103"}, "Rising": {"detected": true, "version": "25.0.0.1", "result": "Trojan.Downloader!1.A420 (CLASSIC)", "update": "20171103"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20171102"}, "Ikarus": {"detected": true, "version": "0.1.5.2", "result": "Trojan-Downloader.PS.Agent", "update": "20171102"}, "GData": {"detected": true, "version": "A:25.14678B:25.10801", "result": "Trojan.Agent.CPMC", "update": "20171103"}, "AVG": {"detected": true, "version": "17.7.3660.0", "result": "Other:Malware-gen [Trj]", "update": "20171103"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20171102"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20171103"}}, "scan_id": "db1d501eb2218c68be3b21f047195ac9c4b4420e6e66172d1a03fb99e4235d7f-1509678306", "sha1": "c10cb42d1ba7732c73c9928bd16ccfd1a161f6d6", "resource": "db1d501eb2218c68be3b21f047195ac9c4b4420e6e66172d1a03fb99e4235d7f", "response_code": 1, "scan_date": "2017-11-03 03:05:06", "permalink": "https://www.virustotal.com/file/db1d501eb2218c68be3b21f047195ac9c4b4420e6e66172d1a03fb99e4235d7f/analysis/1509678306/", "verbose_msg": "Scan finished, information embedded", "total": 61, "positives": 29, "sha256": "db1d501eb2218c68be3b21f047195ac9c4b4420e6e66172d1a03fb99e4235d7f", "md5": "a54eae632f1557f5104f57c2a87fd144"}

---

DHL Shipment Notification (Phishing)

November 3, 2017, 1:03 am

≫ Next: OVH (Phishing)

≪ Previous: Emailing: MD10 - 01.11.2017 (Virus)

$

0

0

Dear customers,

A package is coming your way through DHL Express, shipment is on transit and ready for tracking. You can request for tracking details .
Sender Account ending-> *****04291
For full tracking information please click here and follow the process.
Kindly keep the downloaded documents safe, we will need you to provide them
for confirmation before delivering your parcel.
For complaints or further support kindly contact our 24/7 support team .
With kind regards,
2017 © DHL International GmbH. All rights reserved.
DHL Worldwide Delivery ©

htytytytolop

Phishing screenshot :

Email analysis :

NOTE : pjatania@atulauto.co.in
NOTE : Received : from mail.atulauto.co.in ([27.54.160.78])

NOTE : Received : from atulauto.co.in (unknown [192.95.20.146])

NOTE : by mail.atulauto.co.in

Phishing analysis :

CLICK : click here
OPEN : http://workingin-visas.com.au/track/dhl/index.php?email=0
REDIRECT : http://workingin-visas.com.au/track/dhl/tracking.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=0
SCREENSHOT :

OVH (Phishing)

November 8, 2017, 10:10 am

≫ Next: HELLO GOOD DAY (Rosneft Scam)

≪ Previous: DHL Shipment Notification (Phishing)

$

0

0

Phishing analysis :

OPEN : http://pasalo-bien.de/html/cliente/ES/?https://paiment.ovh.net/espaceclient
SCREENSHOT :

REDIRECT : http://pasalo-bien.de/html/cliente/ES/sn.php
REDIRECT : http://pasalo-bien.de/html/cliente/ES/index1.html
SCREENSHOT :

REDIRECT : http://pasalo-bien.de/html/cliente/ES/sn1.php
REDIRECT : http://pasalo-bien.de/html/cliente/ES/index11.html
REDIRECT : http://pasalo-bien.de/html/cliente/ES/sn11.php
REDIRECT : http://pasalo-bien.de/html/cliente/ES/index2.html
SCREENSHOT :

CLICK : TERMINAR
REDIRECT : https://www.ovh.com/

HELLO GOOD DAY (Rosneft Scam)

November 15, 2017, 10:51 pm

≫ Next: Warning Your test@test.com Shut Down !!! (Gmail phishing)

≪ Previous: OVH (Phishing)

$

0

0

Hello and good day.

I am looking to work with a reputable individual/firm to engage in a profit oriented ventures in your country and perhaps with your assistance, we could get low tax rates.

I have the directive of Mr. Mikhail Khodorkovsky to source for partner abroad who can accommodate and manage 150M & 350M USD respectively. The sums are derived from an executed project with Yukos Oil Company before the company was change merged into Rosneft Oil Corporation in Russia.

We shall apply for the necessary paper work required to re-profile your name as the receipient and also ensure payment is carried out by Rosneft into a bank account in your name. I guaranty we would execute this business under a legitimate arrangement without breach of the law.

Further details will follow upon your positive reply.

Regards,

ALEXANDER KORIKOV

Email analysis :

NOTE : info@s41.coreserver.jp
NOTE : alexanderkorikov2747@gmail.com
NOTE : Received : from 204.44.78.199.static.greencloudvps.com
NOTE : (HELO User) (204.44.78.199)

NOTE : by s41.coreserver.jp
NOTE : client-ip=202.172.28.42;

Warning Your test@test.com Shut Down !!! (Gmail phishing)

November 16, 2017, 7:33 am

≫ Next: Promocao Netflix 2 Meses Gratuitos (78091) (Netflix Phishing)

≪ Previous: HELLO GOOD DAY (Rosneft Scam)

$

0

0

Server Message

Dear test@test.com

Our record indicates that you have recently made a request to deactivate email. This request will be processed shortly. If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

Cancel De-activation

However, if you do not cancel this request, your account will be de-activated shortly and all your email data will be permanently lost.

Regards.

Email Administrator

Message is auto This-generated from security server, and replies sent to this email can not be delivered. This email is meant for:

Email analysis :

NOTE : support@mailserver.com
NOTE : Received : from mailserver.com ([148.163.101.104])

Phishing analysis :

CLICK : Cancel De-activation
OPEN : http://www.ksawed.org/webmail.php?email=test@test.com
SCREENSHOT :

VALIDATE : FORM
REDIRECT : https://support.google.com/accounts/answer/141137?hl=&visit_id=0-636464428251608265-4216504168&rd=1
SCREENSHOT :

INFO : Gmail phishing...

Promocao Netflix 2 Meses Gratuitos (78091) (Netflix Phishing)

November 16, 2017, 8:02 am

≫ Next: Verify Your PayPal Account! (PayPal Phishing Attempt)

≪ Previous: Warning Your test@test.com Shut Down !!! (Gmail phishing)

$

0

0

Prezado Cliente: Email Cadastrado - Caso nao esteja visualizando a imagem .
Exibir Imagens

Email analysis :

NOTE : ip-160-153-231-135.ip.secureserver.net
NOTE : www-data@ip-160-153-231-135.ip.secureserver.net
NOTE : Received : from ip-160-153-231-135.ip.secureserver.net
NOTE : (ip-160-153-231-135.ip.secureserver.net [160.153.231.135])

Phishing analysis :

CLICK : Exibir Imagens
OPEN : https://graficagibin.com.br/VELHO/beta/images/content/02/?
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/index.php
SCREENSHOT :

VALIDATE FORM WITH WRONG EMAIL
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/payment.php?form=*.scr
SCREENSHOT :

CLICK : VISA
SCREENSHOT :

FILL : FAKE DATA
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/terminor.php?form=*.scr
SCREENSHOT :

REDIRECT : https://www.netflix.com/getstarted?locale=pt-BR&action=startAction

Verify Your PayPal Account! (PayPal Phishing Attempt)

November 17, 2017, 12:55 am

≫ Next: Account status has been changed (invoice 02574) (PayPal Phishing)

≪ Previous: Promocao Netflix 2 Meses Gratuitos (78091) (Netflix Phishing)

$

0

0

Dear PayPal user,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

To proceed to confirm your account information please click on the link below and follow the instructions that will be required.This will help protect you in the future. The process does not take more than 3 minutes.

Confirm your account

Click here to verify

Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

Sincerely,
PayPal Account Review Department
(Case ID #PP-003-498-237-832)

Email analysis :

NOTE : sal.moncalieri@engim.it
NOTE : Received : from zimbra.engim.it (zimbra.engim.it [192.168.67.112])

NOTE : 192.168.67.112

Phishing screenshot :

Phishing analysis :

CLICK : Click here to verify
OPEN : http://rederswhitesincs.com/secure_pp
RESULT : PayPal Phishing attempt

Account status has been changed (invoice 02574) (PayPal Phishing)

November 17, 2017, 1:08 am

≫ Next: System Upgrade (Standard Bank Phishing)

≪ Previous: Verify Your PayPal Account! (PayPal Phishing Attempt)

$

0

0

Dear PayPal Customer ,

We detected something unusual about a recent sign-in for the PayPal account . For example, you might be signing in from a new location, device, or app.

To help keep you safe, we've blocked access to your PayPal account , Billing Info, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.

Review recent activity

Thanks,
The PayPal account team

Copyright© 1996-2017 PayPal.com, Inc. All right reserved

Email analysis :

NOTE : support@vweb12.nitrado.net
NOTE : Received : by vweb12.nitrado.net

Phishing screenshot :

Phishing analysis :

CLICK : Review recent activity
OPEN : www.update-service.clanonzj.beget.tech/
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/login.php?cmd=_account-details&session=*
SCREENSHOT :

NOTE : FILL FAKE INFO
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/Billing.php?cmd=_account-details&session=*&dispatch=*
SCREENSHOT :

NOTE : PayPal Phishing

---

System Upgrade (Standard Bank Phishing)

November 17, 2017, 1:16 am

≫ Next: Deposit Notification

≪ Previous: Account status has been changed (invoice 02574) (PayPal Phishing)

$

0

0

Dear Valued Customer,

ACCOUNT E-MAILS ALERT

We’re sorry to inform you that we are unable to verify your account identity. In order to protect the security of your account.

We have terminated your ATM account banking session.

In order to resolve this situation,

We implore you to click on the SECURE link below to CONFIRM any possible findings.

http://bebesysalud.com/wp-includes/pomo/numsurver.php

Thank you for choosing Standard Bank.

Standrad Bank Team.

Email analysis :

NOTE : kurt.kemper@dfafrica.co.za
NOTE : info@Standarddbank.co.za
NOTE : Received : from null (za-sl-23.za.mimecast.lan [10.32.36.72]) (Using TLS)
NOTE : by za-smtp-1.mimecast.co.za

Phishing screenshot :

Phishing analysis :

CLICK : http://bebesysalud.com/wp-includes/pomo/numsurver.php
SCREENSHOT :

NOTE : Standard Bank Phishing

Deposit Notification

November 21, 2017, 1:47 am

≫ Next: Your Urgent Attention Is Needed!

≪ Previous: System Upgrade (Standard Bank Phishing)

$

0

0

Deposit Notification
This is to notify you of a deposit in your favor with Arab Bank, with details below:
Transaction Type: DEPOSIT
Transaction Amount: 15,500,000.00
Transaction Currency USD
Account Number 3XX..06X
Transaction Narration WEB Dr @ 29866007-NEXT OF KIN*DEPOSIT 18006994264 800-699
Transaction Remarks 413618896864 / 000000000730
Date and Time 17-November-2017. 05:22:26
Deposit charges: 2,345.97
Cleared Balance 15,497,654.03
Uncleared 0.00

For any other inquiries and log in details to your account, please contact our Customer Fulfillment Center (CFC) at arabbnking.customerservice@yandex.com Legal This email message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please delete it from your computer. Arab Bank does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Arab Bank in this regard and the recipient should carry out such virus and other checks as it considers appropriate.

Email analysis :

NOTE : yanagisawa@vc-s.jp
NOTE : arabbnking.customerservice@yandex.com
NOTE : Received : from c15brzfw.mwprem.net (c15brzfw.mwprem.net. [60.43.159.237])

Your Urgent Attention Is Needed!

November 21, 2017, 1:50 am

≫ Next: !!! FELICITATIONS A VOUS CHER(E) GAGNANT(E)!!!!

≪ Previous: Deposit Notification

$

0

0

Attention. Beneficiary,

We thank you for your co-operation on the successful transfer of first batch of your part payment of One Million five Hundred Thousand US Dollar ($1,500,000.00) transferred into your bank account as stated below which your NEXT OF KIN have acknowledged receipt of the fund.

NAME OF BANK: CAPITAL ONE BANK
BANK ADDRESS: N.Y. 11373, USA.
ACCOUNT NO: 580294045
ACCOUNT NAME: MARIA T. EL-ZEIN
ROUTING CODE: 021407912
SWIFT CODE: NFBKWS22

However, we write to inform you that the remaining balance of your fund has been approved for payment again and would be transferred to the same bank account as stated above which you provided in the course of the former payment received. Kindly notify us of a change in your banking information if there is any mistake before we proceed with the transfer. Please note that the transfer shall be the same way we made the first payment to you thus; telegraphic transfer and shall be confirm within three (3) banking days from the date of the transfer. Give this matter urgent attention it demands so that you can receive your payment within the time frame of the approval. You are advised to deal directly to this department is my contact email address where you can reach us(centralbnk@accountant.com).

KINDLY NOTIFY US OF ANY MISTAKE OR CHANGES IN YOUR RECEIVING BANK ACCOUNT INFORMATION IF THEY IS ANY.
Yours Faithfully,
Sir.Chucks Adagu
Secretary of Central Bank Benin

Email analysis :

NOTE : centralbnk@accountant.com
NOTE : officefile11102@gmail.com
NOTE : client-ip=209.85.220.41;

!!! FELICITATIONS A VOUS CHER(E) GAGNANT(E)!!!!

November 21, 2017, 2:00 am

≫ Next: System Bounce Reset (Email Phishing)

≪ Previous: Your Urgent Attention Is Needed!

$

0

0

HONORABLE INTERNAUTE

Nous venons par cette correspondance vous adresser toutes nos félicitations et vous informez par la suite que vous êtes l'heureux gagnant de la Promotion HEINEKEN LOTERIE PRIZE. Suite au tirage effectué d'un lot de 100.000 adresses e-mails mise en tri par le robot de sélection automatisé ce jour, votre adresse e-mail a été tirée au sort parmi tant et vous êtes l'heureux(se) gagnant(e) du 4ème prix de la Promotion HEINEKEN LOTERIE.

1er Prix: " 1.000.000 d'euros et un voyage à Hawaï "
2ème Prix: " 500.000 euros "
3ème Prix: " 250.000 euros "
4ème Prix: " 150.000 euros "
5ème Prix: " 100.000 euros "

Votre N° GAGNANT est le " HESAS0082147PUYHK " Vous devez saisir ce code sur le formulaire ci dessous mail. Vous devez garder jalousement ce code parce qu’on aura besoin de votre code après votre confirmation. La réclamation de votre prix se fera auprès de la Direction des Opérations de la Promotion HEINEKEN LOTERIE PRIZE. Vous devez complétez le formulaire ci-dessous ainsi que votre Code Gagnant et l'adressé à la Directrice des Opérations (Mme Mary Rosanna BIANCO) à l’émail : hesas.bianco@hotmail.com

Nom :......................
Prénom :...................
N° GAGNANT:................
Pays :.....................
Age :......................
Profession :...............
Sexe :.....................
N° de Téléphone :..........

Merci de nous contacter le plus vite possible pour la réclamation de votre gain.
© 2017 Copyright Heineken HeSas N.V. All Rights Reserved | Legal disclaimer | Cookie and privacy policy

Email analysis :

NOTE : hesas.bianco@hotmail.com
NOTE : heineken.departementremisegain@hotmail.com
NOTE : info.heineken@dr.com
NOTE : 23.27.244.241

System Bounce Reset (Email Phishing)

November 21, 2017, 2:20 am

≫ Next: *@* - recibo de pago según lo acordado!

≪ Previous: !!! FELICITATIONS A VOUS CHER(E) GAGNANT(E)!!!!

$

0

0

Email Security Alert

for - Account User: *

Access to your E-mail (* ) will expire today 20/11/2017,please renew to avoid account deactivation. For your account security, we strongly recommend that you Renew your account now, else you account will be schedule for termination .

Click here to renew your E-mail account

After renewal/verification, extra security features will be activated in your email settings and your account will be safe for use again.

2017 Email Administrator

Email analysis :

NOTE : feedback@service.alibaba.com
NOTE : Received : by casidrup.localdomain (Postfix, from userid 48)
NOTE : apache@casidrup.localdomain
NOTE : X-Mailer : www.casi.com.ar

Phishing analysis :

CLICK : Click here to renew your E-mail account
OPEN : https://quadrivalent-harbor.000webhostapp.com/email/index.php?email=*
SCREENSHOT :

FILL : FAKE FORM
CLICK : Upgrade Now
REDIRECT : https://quadrivalent-harbor.000webhostapp.com/email/thankyou.php
SCREENSHOT :

REDIRECT : https://technet.microsoft.com/en-us/library/dd351283%28v=exchg.141%29.aspx