Skip to content

Instantly share code, notes, and snippets.

@fedelemantuano

fedelemantuano/1471832668.1377_3.ivanova.orig_complete.json

Created August 13, 2017 14:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fedelemantuano/830df0601cf5572ed9a0084d38675cad to your computer and use it in GitHub Desktop.
Save fedelemantuano/830df0601cf5572ed9a0084d38675cad to your computer and use it in GitHub Desktop.
Download ZIP
Raw
1471832668.1377_3.ivanova.orig_complete.json
{
"attachments": [
{
"files": [
{
"sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb",
"virustotal": {
"response_code": 200,
"results": {
"scan_id": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01-1487943477",
"sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01",
"resource": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb",
"response_code": 1,
"scan_date": "2017-02-24 13:37:57",
"permalink": "https://www.virustotal.com/file/d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01/analysis/1487943477/",
"verbose_msg": "Scan finished, information embedded",
"sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb",
"positives": 44,
"total": 58,
"md5": "c106f9bc7174402b582cffc1d6399b46",
"scans": [
{
"version": "12.0.250.0",
"result": "Trojan.GenericKD.3479134",
"antivirus": "MicroWorld-eScan",
"update": "20170224"
},
{
"version": "14.00",
"result": "Trojan.Dynamer",
"antivirus": "CAT-QuickHeal",
"update": "20170223"
},
{
"version": "6.0.6.653",
"result": "RDN/Generic PWS.y",
"antivirus": "McAfee",
"update": "20170224"
},
{
"version": "2.1.1.1115",
"result": "Trojan.Zbot",
"antivirus": "Malwarebytes",
"update": "20170224"
},
{
"version": "56208",
"result": "Trojan.Win32.Generic.pak!cobra",
"antivirus": "VIPRE",
"update": "20170224"
},
{
"version": "10.2.22532",
"result": "Trojan ( 004f66491 )",
"antivirus": "K7GW",
"update": "20170224"
},
{
"version": "10.2.22530",
"result": "Trojan ( 004f66491 )",
"antivirus": "K7AntiVirus",
"update": "20170224"
},
{
"version": "9.740.0.1012",
"result": "TROJ_FRS.0NA003HL16",
"antivirus": "TrendMicro",
"update": "20170224"
},
{
"version": "4.7.1.166",
"result": "W32/Trojan3.WXC",
"antivirus": "F-Prot",
"update": "20170224"
},
{
"version": "1.2.1.0",
"result": "Infostealer.Limitail",
"antivirus": "Symantec",
"update": "20170224"
},
{
"version": "9.900.0.1004",
"result": "TROJ_FRS.0NA003HL16",
"antivirus": "TrendMicro-HouseCall",
"update": "20170224"
},
{
"version": "8.0.1489.320",
"result": "Win32:Malware-gen",
"antivirus": "Avast",
"update": "20170224"
},
{
"version": "15.0.1.13",
"result": "UDS:DangerousObject.Multi.Generic",
"antivirus": "Kaspersky",
"update": "20170224"
},
{
"version": "7.2",
"result": "Trojan.GenericKD.3479134",
"antivirus": "BitDefender",
"update": "20170224"
},
{
"version": "1.0.70.15190",
"result": "Trojan.Win32.Stealer.eloogm",
"antivirus": "NANO-Antivirus",
"update": "20170224"
},
{
"version": "4.2",
"result": "Uds.Dangerousobject.Multi!c",
"antivirus": "AegisLab",
"update": "20170224"
},
{
"version": "1.0.0.1",
"result": "Win32.Trojan.Inject.Auto",
"antivirus": "Tencent",
"update": "20170224"
},
{
"version": "3.0.3.794",
"result": "Trojan.GenericKD.3479134",
"antivirus": "Ad-Aware",
"update": "20170224"
},
{
"version": "4.98.0",
"result": "Troj/Fareit-BCY",
"antivirus": "Sophos",
"update": "20170224"
},
{
"version": "11.0.19100.45",
"result": "Trojan.GenericKD.3479134",
"antivirus": "F-Secure",
"update": "20170224"
},
{
"version": "7.0.27.12160",
"result": "Trojan.PWS.Stealer.17779",
"antivirus": "DrWeb",
"update": "20170224"
},
{
"version": "6.2.2.24419",
"result": "virtool.win32.injector.fq",
"antivirus": "Invincea",
"update": "20170203"
},
{
"version": "v2015",
"result": "BehavesLike.Win32.PWSZbot.gc",
"antivirus": "McAfee-GW-Edition",
"update": "20170224"
},
{
"version": "4.0.0.834",
"result": "Trojan.GenericKD.3479134 (B)",
"antivirus": "Emsisoft",
"update": "20170224"
},
{
"version": "5.4.16.7",
"result": "W32/Trojan.MLZK-1378",
"antivirus": "Cyren",
"update": "20170224"
},
{
"version": "1.0.0.207",
"result": "W32.Trojan.Gen",
"antivirus": "Webroot",
"update": "20170224"
},
{
"version": "8.3.3.4",
"result": "TR/Dropper.VB.iunj",
"antivirus": "Avira",
"update": "20170224"
},
{
"version": "5.4.233.0",
"result": "W32/Injector.DEKC!tr",
"antivirus": "Fortinet",
"update": "20170224"
},
{
"version": "1.0.0.1",
"result": "Trojan/Win32.TSGeneric",
"antivirus": "Antiy-AVL",
"update": "20170224"
},
{
"version": "0.1.1",
"result": "malicious (high confidence)",
"antivirus": "Endgame",
"update": "20170222"
},
{
"version": "1.0.0.795",
"result": "Trojan.Generic.D35165E",
"antivirus": "Arcabit",
"update": "20170224"
},
{
"version": "5.6.0.1032",
"result": "Trojan.Agent/Gen-VB",
"antivirus": "SUPERAntiSpyware",
"update": "20170224"
},
{
"version": "1.1.13504.0",
"result": "Trojan:Win32/Dynamer!ac",
"antivirus": "Microsoft",
"update": "20170224"
},
{
"version": "3.8.3.16811",
"result": "Trojan/Win32.ZBot.C1530633",
"antivirus": "AhnLab-V3",
"update": "20170224"
},
{
"version": "1.0.1.9",
"result": "Trojan.GenericKD.3479134",
"antivirus": "ALYac",
"update": "20170224"
},
{
"version": "1.5.0.42",
"result": "Trojan.Win32.Generic.pak!cobra",
"antivirus": "AVware",
"update": "20170224"
},
{
"version": "14989",
"result": "a variant of Win32/Injector.DDZN",
"antivirus": "ESET-NOD32",
"update": "20170224"
},
{
"version": "28.0.0.1",
"result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ",
"antivirus": "Rising",
"update": "20170224"
},
{
"version": "5.5.1.3",
"result": "Trojan.Injector!RxvLSVNo9PA",
"antivirus": "Yandex",
"update": "20170222"
},
{
"version": "0.1.5.2",
"result": "Trojan.VB.Inject",
"antivirus": "Ikarus",
"update": "20170224"
},
{
"version": "25",
"result": "Trojan.GenericKD.3479134",
"antivirus": "GData",
"update": "20170224"
},
{
"version": "16.0.0.4756",
"result": "Inject3.BBKO",
"antivirus": "AVG",
"update": "20170224"
},
{
"version": "4.6.4.2",
"result": "Trj/GdSda.A",
"antivirus": "Panda",
"update": "20170224"
},
{
"version": "1.0",
"result": "malicious_confidence_100% (D)",
"antivirus": "CrowdStrike",
"update": "20170130"
}
]
}
},
"extension": ".exe",
"Content-Type": "application/x-dosexec",
"analisys_date": "2017-08-13T14:41:03.804051",
"filename": "IMG-PO-492384BA_outputB93880.exe",
"is_filtered": [
false
],
"ssdeep": "6144:UB0Qyhp5axJdq3PHo0Tq54BoSoUNRGui+YvEc8xoQAe6J+z/I93xgH38IN8I:UHIp5UqvdK4BoaREhEO5e6Jg/I93iXr",
"sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01",
"sha512": "59af8a425dee54609707079ac04b3645753f6101f794cb3738cdab575f0d5805d073bf0b10224a77e44fd28d687ff677a199df42eefe98879852351b3d5dca68",
"payload": "TVqQAAMAAA...",
"md5": "c106f9bc7174402b582cffc1d6399b46",
"size": 449368
}
],
"Content-Type": "application/zip",
"sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6",
"virustotal": {
"response_code": 200,
"results": {
"scan_id": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44-1487945645",
"sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44",
"resource": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6",
"response_code": 1,
"scan_date": "2017-02-24 14:14:05",
"permalink": "https://www.virustotal.com/file/122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44/analysis/1487945645/",
"verbose_msg": "Scan finished, information embedded",
"sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6",
"positives": 41,
"total": 59,
"md5": "2723dd2e5ce2b21b7df8e8f43121032c",
"scans": [
{
"version": "1.3.0.8871",
"result": "HW32.Packed.8CC2",
"antivirus": "Bkav",
"update": "20170224"
},
{
"version": "12.0.250.0",
"result": "Trojan.GenericKD.3479134",
"antivirus": "MicroWorld-eScan",
"update": "20170224"
},
{
"version": "14.00",
"result": "Trojan.Dynamer",
"antivirus": "CAT-QuickHeal",
"update": "20170223"
},
{
"version": "6.0.6.653",
"result": "RDN/Generic PWS.y",
"antivirus": "McAfee",
"update": "20170224"
},
{
"version": "2.1.1.1115",
"result": "Trojan.Zbot",
"antivirus": "Malwarebytes",
"update": "20170224"
},
{
"version": "56208",
"result": "Trojan.Win32.Generic.pak!cobra",
"antivirus": "VIPRE",
"update": "20170224"
},
{
"version": "7.2",
"result": "Trojan.GenericKD.3479134",
"antivirus": "BitDefender",
"update": "20170224"
},
{
"version": "10.2.22532",
"result": "Trojan ( 004f66491 )",
"antivirus": "K7GW",
"update": "20170224"
},
{
"version": "10.2.22530",
"result": "Trojan ( 004f66491 )",
"antivirus": "K7AntiVirus",
"update": "20170224"
},
{
"version": "9.740.0.1012",
"result": "TROJ_FR.0DA9DC19",
"antivirus": "TrendMicro",
"update": "20170224"
},
{
"version": "4.7.1.166",
"result": "W32/Trojan3.WXC",
"antivirus": "F-Prot",
"update": "20170224"
},
{
"version": "1.2.1.0",
"result": "SecurityRisk.gen1",
"antivirus": "Symantec",
"update": "20170224"
},
{
"version": "9.900.0.1004",
"result": "TROJ_FRS.0NA003HL16",
"antivirus": "TrendMicro-HouseCall",
"update": "20170224"
},
{
"version": "8.0.1489.320",
"result": "Win32:Malware-gen",
"antivirus": "Avast",
"update": "20170224"
},
{
"version": "1.0.70.15190",
"result": "Trojan.Win32.Stealer.eloogm",
"antivirus": "NANO-Antivirus",
"update": "20170224"
},
{
"version": "28.0.0.1",
"result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ",
"antivirus": "Rising",
"update": "20170224"
},
{
"version": "3.0.3.794",
"result": "Trojan.GenericKD.3479134",
"antivirus": "Ad-Aware",
"update": "20170224"
},
{
"version": "4.98.0",
"result": "Troj/Fareit-BCY",
"antivirus": "Sophos",
"update": "20170224"
},
{
"version": "11.0.19100.45",
"result": "Trojan.GenericKD.3479134",
"antivirus": "F-Secure",
"update": "20170224"
},
{
"version": "7.0.27.12160",
"result": "Trojan.PWS.Stealer.17779",
"antivirus": "DrWeb",
"update": "20170224"
},
{
"version": "6.2.2.24419",
"result": "virtool.win32.injector.fq",
"antivirus": "Invincea",
"update": "20170203"
},
{
"version": "v2015",
"result": "BehavesLike.Trojan.fc",
"antivirus": "McAfee-GW-Edition",
"update": "20170224"
},
{
"version": "4.0.0.834",
"result": "Trojan.GenericKD.3479134 (B)",
"antivirus": "Emsisoft",
"update": "20170224"
},
{
"version": "5.4.16.7",
"result": "W32/Trojan.MLZK-1378",
"antivirus": "Cyren",
"update": "20170224"
},
{
"version": "1.0.0.207",
"result": "W32.Trojan.Gen",
"antivirus": "Webroot",
"update": "20170224"
},
{
"version": "8.3.3.4",
"result": "TR/Dropper.VB.iunj",
"antivirus": "Avira",
"update": "20170224"
},
{
"version": "5.4.233.0",
"result": "W32/Injector.DEKC!tr",
"antivirus": "Fortinet",
"update": "20170224"
},
{
"version": "1.0.0.1",
"result": "Trojan/Win32.TSGeneric",
"antivirus": "Antiy-AVL",
"update": "20170224"
},
{
"version": "1.0.0.795",
"result": "Trojan.Generic.D35165E",
"antivirus": "Arcabit",
"update": "20170224"
},
{
"version": "4.2",
"result": "Troj.Generickd!c",
"antivirus": "AegisLab",
"update": "20170224"
},
{
"version": "1.1.13504.0",
"result": "Trojan:Win32/Dynamer!ac",
"antivirus": "Microsoft",
"update": "20170224"
},
{
"version": "3.8.3.16811",
"result": "Trojan/Win32.ZBot.C1530633",
"antivirus": "AhnLab-V3",
"update": "20170224"
},
{
"version": "1.0.1.9",
"result": "Trojan.GenericKD.3479134",
"antivirus": "ALYac",
"update": "20170224"
},
{
"version": "1.5.0.42",
"result": "Trojan.Win32.Generic.pak!cobra",
"antivirus": "AVware",
"update": "20170224"
},
{
"version": "14990",
"result": "a variant of Win32/Injector.DDZN",
"antivirus": "ESET-NOD32",
"update": "20170224"
},
{
"version": "1.0.0.1",
"result": "Win32.Trojan.Inject.Auto",
"antivirus": "Tencent",
"update": "20170224"
},
{
"version": "5.5.1.3",
"result": "Trojan.Injector!RxvLSVNo9PA",
"antivirus": "Yandex",
"update": "20170222"
},
{
"version": "0.1.5.2",
"result": "Trojan.VB.Inject",
"antivirus": "Ikarus",
"update": "20170224"
},
{
"version": "25",
"result": "Trojan.GenericKD.3479134",
"antivirus": "GData",
"update": "20170224"
},
{
"version": "16.0.0.4756",
"result": "Inject3.BBKO",
"antivirus": "AVG",
"update": "20170224"
},
{
"version": "4.6.4.2",
"result": "Trj/GdSda.A",
"antivirus": "Panda",
"update": "20170224"
}
]
}
},
"extension": ".zip",
"is_archive": true,
"sha512": "37e93b79707b56afeb91a4a3ee8c2180e5137b6a3912db46b5e58bd412d9295f3c14e123271ac0fb6b8db22572e6d67c054efda90ee4618fbf94faaeff1bc08b",
"analisys_date": "2017-08-13T14:41:03.741653",
"filename": "Payment Invoice.zip",
"mail_content_type": "application/x-zip-compressed",
"tika": [
{
"Content-Length": "350899",
"X-TIKA:content": "\n\n\n\n\n\n\n\n\n\nIMG-PO-492384BA_outputB93880.exe\n\n",
"X-TIKA:parse_time_millis": "103",
"resourceName": "tmpbbXZWU",
"Content-Type": "application/zip",
"X-Parsed-By": [
"org.apache.tika.parser.DefaultParser",
"org.apache.tika.parser.pkg.PackageParser"
]
},
{
"machine:endian": "Little",
"machine:machineType": "x86-32",
"Content-Length": "449368",
"embeddedRelationshipId": "IMG-PO-492384BA_outputB93880.exe",
"modified": "2016-08-18T14:42:54Z",
"X-TIKA:embedded_resource_path": "/IMG-PO-492384BA_outputB93880.exe",
"meta:save-date": "2016-08-18T14:42:54Z",
"machine:architectureBits": "32",
"Last-Modified": "2016-08-18T14:42:54Z",
"Creation-Date": "2016-08-18T21:42:53Z",
"X-TIKA:parse_time_millis": "23",
"date": "2016-08-18T14:42:54Z",
"resourceName": "IMG-PO-492384BA_outputB93880.exe",
"machine:platform": "Windows",
"dcterms:modified": "2016-08-18T14:42:54Z",
"Content-Type": "application/x-msdownload",
"Last-Save-Date": "2016-08-18T14:42:54Z",
"X-Parsed-By": [
"org.apache.tika.parser.DefaultParser",
"org.apache.tika.parser.executable.ExecutableParser"
]
}
],
"is_filtered": false,
"ssdeep": "6144:KbMHo7O8JQbO4sMZ8EJqhLTKE1hNRGui+YvEsRqoh84Ll7Jy:KIHmKDs8Nq1TDREhEyqALZM",
"sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44",
"content_transfer_encoding": "base64",
"payload": "UEsDBBQAAA...",
"md5": "2723dd2e5ce2b21b7df8e8f43121032c",
"size": 350899
}
],
"analisys_date": "2017-08-13T14:41:03.490180",
"date": "2016-08-19T14:33:29",
"anomalies": [
"mail_without_message-id"
],
"has_defects": false,
"subject": "PI",
"from": "\"Anabel Gonzalo\"<anabelgonzalo@fanox.com>",
"network": {
"is_filtered": false,
"virustotal": "{\"response_code\": 200, \"results\": {\"response_code\": 0, \"verbose_msg\": \"Missing IP address\"}}"
},
"path_mail": "/mnt/mails/untroubled.org/1471832668.1377_3.ivanova.orig",
"with_attachments": true,
"priority": 1,
"to": "bruce@untroubled.org",
"sha256": "948455f40fe7bb6cd7ecb573ba98ad5ec5537fc5bbab12661a947ef21b29e7f7",
"sha512": "28a38068ce78e116939a2027d2aedc4ac382f481a1b03c3022bb0e35384ab58059abbd263808b700d31feb0c6ca888242ab375ae8bcd5b8a3ddaa67eefb1ebb8",
"message_id": null,
"body": "<HTML><HEAD><TITLE></TITLE>\n</HEAD>\n<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nDear All,</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nWe have made the payment of USD 103,349,35. TT copy attached for full payment details.</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n<FONT size=4><B>Document&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; N.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; AMOUNT DIV.</B></FONT></DIV>\n<DIV>\n<FONT size=3>&nbsp;</FONT></DIV>\n<DIV>\n<FONT size=3>INVOICE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5328&nbsp; 103548,25 USD</FONT></DIV>\n<DIV>\n<FONT size=3>&nbsp;</FONT></DIV>\n<DIV>\n<FONT size=3>CREDIT NOTE ECS/CN/06&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -198,9 USD</FONT></DIV>\n<DIV>\n<FONT size=3>&nbsp;</FONT></DIV>\n<DIV>\n<FONT size=3><B>TOTAL AMOUNT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 103349,35</B></FONT><FONT size=3> USD</FONT></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nI am forwarding you the e-mail that the brokering company has sent us. You will receive the money into your account in a couple of days.</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n<TABLE border=2 cellpadding=0 bordercolorlight=#FFFFFF bordercolordark=#000000 cellspacing=0>\n <TR valign=top>\n <TD width=118 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Booked Date</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Foreign Currency Payment Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Rate Booked</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Base Currency Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>&nbsp;&nbsp;&nbsp; Fees</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>&nbsp;</B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Settlement Amount</B></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n <TR valign=top>\n <TD width=118 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>19/08/2016 08:11:28</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103349.35 (USD )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>1.11127</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103314.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>5 (EUR )</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103319.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n</TABLE>\n</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV align=center>\n<B>Nominated Account:</B></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Account Name</B></FONT><FONT size=3>: Interpay Limited</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank</B></FONT><FONT size=3>: CAIXABANK, S.A.</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Country</B></FONT><FONT size=3>: Spain</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>IBAN</B></FONT><FONT size=3>: ES67 2100 3467 1007 0001 6539 </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Account Number</B></FONT><FONT size=3>: 0700016539</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Currency</B></FONT><FONT size=3>: EUR </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>SWIFT/BIC Code</B></FONT><FONT size=3>: CAIXESBBXXX</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>National Bank Code</B></FONT><FONT size=3>: 21003467</FONT></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nPlease ensure to use the Booking Reference Number quoted below:</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nBooking Reference Number: B210154</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nPlease Complete TT details attached.</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nBest regards</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n </DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n<B>Anabel Gonzalo</B></DIV>\n<DIV>\n<B>&nbsp;</B></DIV>\n<DIV>\n<B>Responsable de Compras / Purchasing Manager</B></DIV>\n<DIV>\n<B>&nbsp;</B></DIV>\n<DIV>\n<B>&nbsp;</B></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n<IMG align=baseline border=0 width=226 height=65 src=\"cid:00A3761D82D4$04826125$0100007f@bjjmucqlfpofxjh\"></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\n<B>Fabricante especialista en ProtecciГіn &amp; Control / Manufacturer specialized in Protection &amp; Control</B></DIV>\n<DIV>\n<B>&nbsp;</B></DIV>\n<DIV>\n<B>Certified ISO 9001:2008</B></DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nFANOX ELECTRONIC, S.L.</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nParque TecnolГіgico de Bizkaia</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nAstondo bidea, Edificio 604 </DIV>\n<DIV>\n48160 Derio - Spain</DIV>\n<DIV>\nT. +34 944 711 411</DIV>\n<DIV>\nF. +34 944 710 431</DIV>\n<DIV>\n&nbsp;</DIV>\n<DIV>\nwww.fanox.com</DIV>\n</FONT>\n</BODY></HTML>",
"mailbox": "untroubled",
"sender_ip": "69.5.6.174",
"raw_mail": {
"is_filtered": false,
"spamassassin": {
"X-Spam-Level": "****************",
"X-Spam-Checker-Version": "SpamAssassin 3.4.1 (2015-04-28) on 75d9f2ebf044",
"score": 16.1,
"X-Spam-Status": "Yes, score=16.1 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,\n\tAXB_XMAILER_MIMEOLE_OL_024C2,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,\n\tFORGED_OUTLOOK_TAGS,FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,\n\tFROM_MISSP_XPRIO,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,\n\tMISSING_HEADERS,MISSING_MID,MONEY_FROM_MISSP,NSL_RCVD_HELO_USER,\n\tREPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,URIBL_BLOCKED\n\tautolearn=no autolearn_force=no version=3.4.1",
"details": [
{
"rule name": "NSL_RCVD_HELO_USER",
"pts": 2.5,
"description": "Received from HELO User"
},
{
"rule name": "MISSING_HEADERS",
"pts": 1.2,
"description": "Missing To: header"
},
{
"rule name": "URIBL_BLOCKED",
"pts": 0.0,
"description": "ADMINISTRATOR NOTICE: The query to URIBL was block See http://wiki.apache.org/spamassassin/DnsBlocklists# for more information. [URIs: fanox.com]"
},
{
"rule name": "HTML_MESSAGE",
"pts": 0.0,
"description": "BODY: HTML included in message"
},
{
"rule name": "MIME_HTML_ONLY",
"pts": 1.1,
"description": "BODY: Message only has text/html MIME parts"
},
{
"rule name": "MISSING_MID",
"pts": 0.1,
"description": "Missing Message-Id: header"
},
{
"rule name": "LOTS_OF_MONEY",
"pts": 0.0,
"description": "Huge... sums of money"
},
{
"rule name": "FROM_MISSP_XPRIO",
"pts": 0.0,
"description": "Misspaced FROM + X-Priority"
},
{
"rule name": "FROM_MISSP_MSFT",
"pts": 0.0,
"description": "From misspaced + supposed Microsoft tool"
},
{
"rule name": "AXB_XMAILER_MIMEOLE_OL",
"pts": 0.0,
"description": "024C2 Yet another X header trait"
},
{
"rule name": "FORGED_OUTLOOK_TAGS",
"pts": 0.6,
"description": "Outlook can't send HTML in this format"
},
{
"rule name": "FSL_NEW_HELO_USER",
"pts": 0.6,
"description": "Spam's using Helo and User"
},
{
"rule name": "FORGED_OUTLOOK_HTML",
"pts": 0.0,
"description": "Outlook can't send HTML message only"
},
{
"rule name": "REPLYTO_WITHOUT_TO_CC",
"pts": 1.9,
"description": "No description available."
},
{
"rule name": "MONEY_FROM_MISSP",
"pts": 0.0,
"description": "Lots of money and misspaced From"
},
{
"rule name": "FROM_MISSPACED",
"pts": 0.0,
"description": "From: missing whitespace"
},
{
"rule name": "FROM_MISSP_REPLYTO",
"pts": 0.0,
"description": "From misspaced, has Reply-To"
},
{
"rule name": "TO_NO_BRKTS_FROM_MSSP",
"pts": 0.7,
"description": "Multiple formatting errors"
},
{
"rule name": "FORGED_MUA_OUTLOOK",
"pts": 2.8,
"description": "Forged mail pretending to be from MS Outlook"
},
{
"rule name": "TO_NO_BRKTS_MSFT",
"pts": 2.5,
"description": "To: misformatted and supposed Microsoft tool"
},
{
"rule name": "ADVANCE_FEE_2_NEW_MONE",
"pts": 2.0,
"description": "Advance Fee fraud and lots of money"
}
],
"X-Spam-Flag": "YES"
}
},
"ssdeep": "96:+LhGNddddddNddddddddWdddddddddddqddddddddddddZddddddddYP2QmCdSg9:+LFeQZHwd8brQEwwn",
"has_anomalies": true,
"md5": "46baea921a4efebea85895d7a0bf2764",
"sha1": "0931a46eb80784978689ca7371352d2851953c7d",
"phishing": {
"score": 1,
"score_expanded": [
"mail_body"
],
"targets": [
"Booking"
],
"with_phishing": false
},
"headers": "Delivered-To bruce@untroubled.org\nReceived (fqmail 26559 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from mx03.futurequest.net (mx03.futurequest.net [69.5.6.174])\n by pt02.futurequest.net ([69.5.6.173])\n with FQDP via TCP; 21 Aug 2016 10:49:40 -0000\nReceived (qmail 19675 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from localhost.localdomain.com (mail.revesoft.com [208.74.72.248])\n by mx03.futurequest.net ([69.5.6.174])\n with ESMTP via TCP; 21 Aug 2016 10:49:39 -0000\nReceived from host86-187-174-57.range86-187.btcentralplus.com ([86.187.174.57]:45321 helo=User)\n\tby localhost.localdomain.com with esmtpa (Exim 4.87)\n\t(envelope-from <anabelgonzalo@fanox.com>)\n\tid 1bakrE-000291-LF; Fri, 19 Aug 2016 20:34:52 +0600\nReply-To <anabelgonzalo@fanox.com>\nFrom \"Anabel Gonzalo\"<anabelgonzalo@fanox.com>\nSubject PI\nDate Fri, 19 Aug 2016 15:33:29 +0100\nMIME-Version 1.0\nContent-Type multipart/mixed;\n\tboundary=\"----=_NextPart_000_0121_01C2A9A6.50D724E0\"\nX-Priority 3\nX-MSMail-Priority Normal\nX-Mailer Microsoft Outlook Express 6.00.2600.0000\nX-MimeOLE Produced By Microsoft MimeOLE V6.00.2600.0000\nX-AntiAbuse This header was added to track abuse, please include it with any abuse report\nX-AntiAbuse Primary Hostname - localhost.localdomain.com\nX-AntiAbuse Original Domain - untroubled.org\nX-AntiAbuse Originator/Caller UID/GID - [47 12] / [47 12]\nX-AntiAbuse Sender Address Domain - fanox.com\nX-Get-Message-Sender-Via localhost.localdomain.com: authenticated_id: quazi.limon@revesoft.com\nX-Authenticated-Sender localhost.localdomain.com: quazi.limon@revesoft.com\n",
"is_filtered": false,
"mail_server": "untroubled.org"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment