PayPal
Notification : janvier 02, 2018
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?
Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.
Phishing screenshot :
Email analysis :
NOTE : no-reply@server5.floathosting1.com
NOTE : Account Notification
Phishing analysis :
CLICK : Reload my account
OPEN : http://bksvm.in/includes/.international/Login-account/
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?country.x=*&ACCT.x=*
SCREENSHOT :
CLICK : Einloggen
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?log=*
SCREENSHOT :
NOTE : PayPal phishing at : http://bksvm.in/
Friday, January 5, 2018
Friday, November 17, 2017
Account status has been changed (invoice 02574) (PayPal Phishing)
Dear PayPal Customer ,
We detected something unusual about a recent sign-in for the PayPal account . For example, you might be signing in from a new location, device, or app.
To help keep you safe, we've blocked access to your PayPal account , Billing Info, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.
Review recent activity
Thanks,
The PayPal account team
Copyright© 1996-2017 PayPal.com, Inc. All right reserved
Email analysis :
NOTE : support@vweb12.nitrado.net
NOTE : Received : by vweb12.nitrado.net
Phishing screenshot :
Phishing analysis :
CLICK : Review recent activity
OPEN : www.update-service.clanonzj.beget.tech/
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/login.php?cmd=_account-details&session=*
SCREENSHOT :
NOTE : FILL FAKE INFO
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/Billing.php?cmd=_account-details&session=*&dispatch=*
SCREENSHOT :
NOTE : PayPal Phishing
We detected something unusual about a recent sign-in for the PayPal account . For example, you might be signing in from a new location, device, or app.
To help keep you safe, we've blocked access to your PayPal account , Billing Info, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.
Review recent activity
Thanks,
The PayPal account team
Copyright© 1996-2017 PayPal.com, Inc. All right reserved
Email analysis :
NOTE : support@vweb12.nitrado.net
NOTE : Received : by vweb12.nitrado.net
Phishing screenshot :
Phishing analysis :
CLICK : Review recent activity
OPEN : www.update-service.clanonzj.beget.tech/
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/login.php?cmd=_account-details&session=*
SCREENSHOT :
NOTE : FILL FAKE INFO
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/Billing.php?cmd=_account-details&session=*&dispatch=*
SCREENSHOT :
NOTE : PayPal Phishing
Verify Your PayPal Account! (PayPal Phishing Attempt)
Dear PayPal user,
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.
To proceed to confirm your account information please click on the link below and follow the instructions that will be required.This will help protect you in the future. The process does not take more than 3 minutes.
Confirm your account
Click here to verify
Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.
Sincerely,
PayPal Account Review Department
(Case ID #PP-003-498-237-832)
Email analysis :
NOTE : sal.moncalieri@engim.it
NOTE : Received : from zimbra.engim.it (zimbra.engim.it [192.168.67.112])
NOTE : 192.168.67.112
Phishing screenshot :
Phishing analysis :
CLICK : Click here to verify
OPEN : http://rederswhitesincs.com/secure_pp
RESULT : PayPal Phishing attempt
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.
To proceed to confirm your account information please click on the link below and follow the instructions that will be required.This will help protect you in the future. The process does not take more than 3 minutes.
Confirm your account
Click here to verify
Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.
Sincerely,
PayPal Account Review Department
(Case ID #PP-003-498-237-832)
Email analysis :
NOTE : sal.moncalieri@engim.it
NOTE : Received : from zimbra.engim.it (zimbra.engim.it [192.168.67.112])
NOTE : 192.168.67.112
Phishing screenshot :
Phishing analysis :
CLICK : Click here to verify
OPEN : http://rederswhitesincs.com/secure_pp
RESULT : PayPal Phishing attempt
Sunday, September 3, 2017
Notification(1) (PayPal Phishing Attempt)
ΡayΡal
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?
Whаt dο i need tο dο ?
In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.
Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.
[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.
Email analysis :
NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;
Screenshot of the Phishing :
Phishing analysis :
CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt
Thursday, August 24, 2017
Your PayPal account has been temporarily Locked! (PayPal Phishing)
paypal
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Tuesday, July 11, 2017
Rappel : mettez à jour vos informations de carte sur PayPal
PayPal
Informations concernant votre compte:
Dans le cadre de nos mesures de sécurité, Nous vérifions régulièrement l'activité de l'écran PayPal. Nous avons demandé des informations à vous pour la raison suivante:
Notre système a détecté des charges inhabituelles à une carte de crédit liée à votre compte PayPal.
Numéro de Référence: PP-259-187-991
C'est le dernier rappel pour vous connecter à PayPal, le plus tôt possible. Une fois que vous serez connecter. PayPal vous fournira des mesures pour rétablir l'accès à votre compte.
une fois connecté, suivez les étapes pour activer votre compte . Nous vous remercions de votre compréhension pendant que nous travaillons à assurer la sécurité compte.
Cliquer ici pour vérifier votre compte
Nous vous remercions de votre grande attention à cette question. S’il vous plaît comprenez que c'est une mesure de sécurité destinée à vous protéger ainsi que votre compte. Nous nous excusons pour tout inconvénient..
Département de revue des comptes PayPal
Copyright © 2017 PayPal. Tous droits réservés.
PayPal (Europe) S.à r.l. & Cie, S.C.A. Société en Commandite par
Actions Siège social : 5ème étage 22-24 Boulevard Royal L-2449,
Luxembourg RCS Luxembourg B 118 349
Email PayPal n° PP059
Protégez votre compte
Assurez-vous de ne jamais donner votre mot de passe pour les sites Web frauduleux.
Toute sécurité d'accès au site PayPal ou à votre compte, ouvrez une fenêtre de navigateur Web (Internet Explorer ou Netscape) et tapez dans la page de connexion de PayPal (http://paypal.fr/) afin de vous assurer que vous êtes sur le véritable PayPal Site.
Pour plus d'informations sur la protection contre la fraude, s’il vous plaît consulter nos conseils de sécurité
Protégez votre mot de passe
Vous ne devriez jamais donner votre mot de passe PayPal à personne.
Phishing screenshot :
Email analysis :
NOTE : Paypal@contact.ca
NOTE : Received : from User ([105.73.26.254])
NOTE : by mail.xinyiglass.com with Microsoft SMTPSVC(6.0.3790.3959);
Phishing analysis :
CLICK : Cliquer ici pour vérifier votre compte
OPEN : http://lelogisbranche.fr/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/Notification-servier-compte-demande.php
REDIRECT : http://www.sagarparaptti.org.in/cgi-sys/suspendedpage.cgi
NOTE : Phishing was removed.
Informations concernant votre compte:
Dans le cadre de nos mesures de sécurité, Nous vérifions régulièrement l'activité de l'écran PayPal. Nous avons demandé des informations à vous pour la raison suivante:
Notre système a détecté des charges inhabituelles à une carte de crédit liée à votre compte PayPal.
Numéro de Référence: PP-259-187-991
C'est le dernier rappel pour vous connecter à PayPal, le plus tôt possible. Une fois que vous serez connecter. PayPal vous fournira des mesures pour rétablir l'accès à votre compte.
une fois connecté, suivez les étapes pour activer votre compte . Nous vous remercions de votre compréhension pendant que nous travaillons à assurer la sécurité compte.
Cliquer ici pour vérifier votre compte
Nous vous remercions de votre grande attention à cette question. S’il vous plaît comprenez que c'est une mesure de sécurité destinée à vous protéger ainsi que votre compte. Nous nous excusons pour tout inconvénient..
Département de revue des comptes PayPal
Copyright © 2017 PayPal. Tous droits réservés.
PayPal (Europe) S.à r.l. & Cie, S.C.A. Société en Commandite par
Actions Siège social : 5ème étage 22-24 Boulevard Royal L-2449,
Luxembourg RCS Luxembourg B 118 349
Email PayPal n° PP059
Protégez votre compte
Assurez-vous de ne jamais donner votre mot de passe pour les sites Web frauduleux.
Toute sécurité d'accès au site PayPal ou à votre compte, ouvrez une fenêtre de navigateur Web (Internet Explorer ou Netscape) et tapez dans la page de connexion de PayPal (http://paypal.fr/) afin de vous assurer que vous êtes sur le véritable PayPal Site.
Pour plus d'informations sur la protection contre la fraude, s’il vous plaît consulter nos conseils de sécurité
Protégez votre mot de passe
Vous ne devriez jamais donner votre mot de passe PayPal à personne.
Phishing screenshot :
Email analysis :
NOTE : Paypal@contact.ca
NOTE : Received : from User ([105.73.26.254])
NOTE : by mail.xinyiglass.com with Microsoft SMTPSVC(6.0.3790.3959);
Phishing analysis :
CLICK : Cliquer ici pour vérifier votre compte
OPEN : http://lelogisbranche.fr/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/Notification-servier-compte-demande.php
REDIRECT : http://www.sagarparaptti.org.in/cgi-sys/suspendedpage.cgi
NOTE : Phishing was removed.
Tuesday, May 23, 2017
Confirme your account ! (PayPal Phishing)
Important Notification : We Need To Validate Your ΡΑΥΡΑL Information
If you are seeing the messages this means that your account has been visited from an unusual place given below :
IP : 67.86.204.244
Country : United States
City : New York, Ossining
As a security measure, your account has been Iimited.
Case id : PP-801-707-047
Don't worry, you will be able to get your account back just after finishing this steps.
Continue
Email analysis :NOTE :
NOTE : Received : from d793.dinaserver.com (d793.dinaserver.com. [82.98.157.143])
NOTE : firstsunmallorca@d793.dinaserver.com
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : firstsunmallorca@d793.dinaserver.com designates 82.98.157.143 as permitted sender)
Phishing screenshot :
Phishing analysis :
CLICK : Continue
OPEN : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/signin/
NOTE : VALIDATE FORM
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/settings/?verify_account=session=NL&*&dispatch=*
SCREENSHOT :
If you are seeing the messages this means that your account has been visited from an unusual place given below :
IP : 67.86.204.244
Country : United States
City : New York, Ossining
As a security measure, your account has been Iimited.
Case id : PP-801-707-047
Don't worry, you will be able to get your account back just after finishing this steps.
Continue
Email analysis :NOTE :
NOTE : Received : from d793.dinaserver.com (d793.dinaserver.com. [82.98.157.143])
NOTE : firstsunmallorca@d793.dinaserver.com
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : firstsunmallorca@d793.dinaserver.com designates 82.98.157.143 as permitted sender)
Phishing screenshot :
Phishing analysis :
CLICK : Continue
OPEN : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/signin/
NOTE : VALIDATE FORM
REDIRECT : https://dhartiagro.net/aspnet_client/system_web/4_0_30319/HTTPS/Myaccount/home/new/Update/myaccount/settings/?verify_account=session=NL&*&dispatch=*
SCREENSHOT :
PayPal Phishing
PayPal
Informations concernant votre compte:
Dans le cadre de nos mesures de sécurité, Nous vérifions régulièrement l'activité de l'écran PayPal. Nous avons demandé des informations à vous pour la raison suivante:
Notre système a détecté des charges inhabituelles à une carte de crédit liée à votre compte PayPal.
Numéro de Référence: PP-259-187-991
C'est le dernier rappel pour vous connecter à PayPal, le plus tôt possible. Une fois que vous serez connecter. PayPal vous fournira des mesures pour rétablir l'accès à votre compte.
une fois connecté, suivez les étapes pour activer votre compte . Nous vous remercions de votre compréhension pendant que nous travaillons à assurer la sécurité compte.
Cliquer ici pour vérifier votre compte
Nous vous remercions de votre grande attention à cette question. Sil vous plaît comprenez que c'est une mesure de sécurité destinée à vous protéger ainsi que votre compte. Nous nous excusons pour tout inconvénient..
Département de revue des comptes PayPal
Copyright © 2017 PayPal. Tous droits réservés.
PayPal (Europe) S.à r.l. & Cie, S.C.A. Société en Commandite par
Actions Siège social : 5ème étage 22-24 Boulevard Royal L-2449,
Luxembourg RCS Luxembourg B 118 349
Email PayPal n° PP059
Protégez votre compte
Assurez-vous de ne jamais donner votre mot de passe pour les sites Web frauduleux.
Toute sécurité d'accès au site PayPal ou à votre compte, ouvrez une fenêtre de navigateur Web (Internet Explorer ou Netscape) et tapez dans la page de connexion de PayPal (http://paypal.fr/) afin de vous assurer que vous êtes sur le véritable PayPal Site.
Pour plus d'informations sur la protection contre la fraude, sil vous plaît consulter nos conseils de sécurité
Protégez votre mot de passe
Vous ne devriez jamais donner votre mot de passe PayPal à personne.
--
This email was Virus checked by Astaro Security Gateway. http://www.sophos.com
Email analysis :
NOTE : Paypal@contact.ca
NOTE : Received : from [200.107.238.35] (port=2757 helo=User) by mx1.shary.com.sa
NOTE : client-ip=94.77.230.169;
Phishing screenshot :
Phishing analysis :
CLICK : Cliquer ici pour vérifier votre compte
OPEN : http://mir-pchelovoda.ru/components/com_acepolls/views/poll/tmpl/Notifications-service-demande-compte-ca.php
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/
SCREENSHOT :
CLICK : CONNEXION
RESULT : BAD PASSWORD...
REDIRECT : http://www.sunshinetravel.az/js/tinymce/plugins/autoresize/ooo412312aaaa/Notifications-compte-Canada-quebec-verified-moi-information.ca/comfirmetions-service-information-compte-demande.ca/error.php
The website sunshinetravel was used to store this PayPal phishing :
Friday, May 12, 2017
Update Your Account Information Now !! (PayPal Phishing Attempt)
PayPal
Warning : Account Issue !
Your account is limited untill you update your information because some one requested acces to your account, here is the infos :
Location : Russia
IP adress : 176.96.80.140
Navigator : Mozilla Firefox 48.0 on Windows
The restore the access to your account please click on the link below :
Update My Account
This is an email sent automatically. Please do not reply to this letter, because the e-mail address is only configured to send but not to receive e-mails.
Copyright © 2017 All rights reserved.
Phishing screenshot :
Email analysis :
NOTE : morag@g-p-t.co.uk
NOTE : Received : from RDT.spectra.local (unknown [80.229.37.167])
NOTE : by cust-smtp-auth2.fasthosts.net.uk (Postfix)
NOTE : client-ip=213.171.216.60;
Phishing analysis :
CLICK : Update my Account
OPEN : http://sadagatismayilova.com/update-your-account-information-now/myaccount/
SCREENSHOT :
NOTE : Phishing was removed.
Warning : Account Issue !
Your account is limited untill you update your information because some one requested acces to your account, here is the infos :
Location : Russia
IP adress : 176.96.80.140
Navigator : Mozilla Firefox 48.0 on Windows
The restore the access to your account please click on the link below :
Update My Account
This is an email sent automatically. Please do not reply to this letter, because the e-mail address is only configured to send but not to receive e-mails.
Copyright © 2017 All rights reserved.
Phishing screenshot :
Email analysis :
NOTE : morag@g-p-t.co.uk
NOTE : Received : from RDT.spectra.local (unknown [80.229.37.167])
NOTE : by cust-smtp-auth2.fasthosts.net.uk (Postfix)
NOTE : client-ip=213.171.216.60;
Phishing analysis :
CLICK : Update my Account
OPEN : http://sadagatismayilova.com/update-your-account-information-now/myaccount/
SCREENSHOT :
NOTE : Phishing was removed.
Friday, February 17, 2017
Important Message from PayPal ! (PayPal Phishing)
Your PayPaI Account logged form another device !
If you are seeing the messages this means that your account has been visited from an another place given below :
IP : 176.97.103.90
Country : Ukrania
Ville : Odessa
As a security measure, your account has been Iimited.
Case id : PP-801-707-057
Don't worry, you will be able to get your account back just after finishing this steps.
To continue follow this link : :Click Here✔
Notice :If you receive this email in the SPAM folder,click on "Not Spam" button to fix it
Email analysis :
NOTE : Received : from cptweb02 ([77.95.37.80])
NOTE : PayPal@service.com
Phishing analysis :
CLICK : Click Here✔
OPEN : https://jasper.nswebhost.com/~brainrec/paypal-support/
REDIRECT : https://jasper.nswebhost.com/~brainrec/paypal-support/paypal/login.php
SCREENSHOT :
If you are seeing the messages this means that your account has been visited from an another place given below :
IP : 176.97.103.90
Country : Ukrania
Ville : Odessa
As a security measure, your account has been Iimited.
Case id : PP-801-707-057
Don't worry, you will be able to get your account back just after finishing this steps.
To continue follow this link : :Click Here✔
Notice :If you receive this email in the SPAM folder,click on "Not Spam" button to fix it
Email analysis :
NOTE : Received : from cptweb02 ([77.95.37.80])
NOTE : PayPal@service.com
Phishing analysis :
CLICK : Click Here✔
OPEN : https://jasper.nswebhost.com/~brainrec/paypal-support/
REDIRECT : https://jasper.nswebhost.com/~brainrec/paypal-support/paypal/login.php
SCREENSHOT :
Tuesday, August 2, 2016
[Alert] Account Notification ( PayPal Phishing )
PayPal
Access a new device
A device or website that we do not know request access to your account :
Location : Ukraine
IP adress : 176.97.101.83
Navigator : Chrome (Windows)
If you were not please update your account information from the link below:
Update My Account
If you are not responsible for this operation, contact us support@paypal.com.
© PayPal 2016
Email screenshot :
Email analysis :
NOTE : servi@updat.admin.com
NOTE : Received : from sagitta by serwer.hosting-desire.pl with local (Exim 4.87)
NOTE : (envelope-from < sagitta@serwer.hosting-desire.pl >)
NOTE : X-Php-Originating-Script : 1168:rebels.php
NOTE : client-ip=176.112.79.50;
Phishing analysis :
CLICK : Update My Account
OPEN : http://antikytheramech.culture.gr/sites/default/files/Redirect.php
NOTE : Phishing was removed...
Access a new device
A device or website that we do not know request access to your account :
Location : Ukraine
IP adress : 176.97.101.83
Navigator : Chrome (Windows)
If you were not please update your account information from the link below:
Update My Account
If you are not responsible for this operation, contact us support@paypal.com.
© PayPal 2016
Email screenshot :
Email analysis :
NOTE : servi@updat.admin.com
NOTE : Received : from sagitta by serwer.hosting-desire.pl with local (Exim 4.87)
NOTE : (envelope-from < sagitta@serwer.hosting-desire.pl >)
NOTE : X-Php-Originating-Script : 1168:rebels.php
NOTE : client-ip=176.112.79.50;
Phishing analysis :
CLICK : Update My Account
OPEN : http://antikytheramech.culture.gr/sites/default/files/Redirect.php
NOTE : Phishing was removed...
Thursday, July 28, 2016
Security update regarding your account (PayPal Phishing)
This is an automated email, please do not reply
Dear User
(*@* ),
Our advanced security system detected that your account information has been compromised, We need to verify your account in order to continue using your Paypal services, Please understand that this is a security measure to protect you & your account. We apologize for any inconvenience.
Check your account
Thanks for choosing us,
PayPal Team
© 1999-2016 PayPal. All rights reserved.
Email ID: 865009
2016/07/28 00:15:00
Email analysis :
NOTE : support@estet.az
NOTE : Mime-Version : 1.0
NOTE : Authentication-Results : support@estet.az designates 94.20.30.223
NOTE : X-Priority : 1
NOTE : Content-Transfer-Encoding : 8bit
NOTE : X-Mailer : PHPMailer 5.2.8Wahib Priv8 Mailer
NOTE : X-Php-Script : estet.az/aa.php for 117.244.23.108
NOTE : X-Get-Message-Sender-Via : ns001.datacenter.az: authenticated_id: estet/from_h
NOTE : X-Authenticated-Sender : ns001.datacenter.az: support@estet.az
NOTE : Received-Spf : client-ip=94.20.30.223;
NOTE : Security update regarding your account
Phishing analysis :
CLICK : Check your account
OPEN : http://cirt.mx//images/Secure//
REDIRECT : http://cirt.mx/images/Secure//MGen/*/?dispatch=*
SCREENSHOT :
CLICK : Log In
SCREENSHOT :
Monday, April 25, 2016
PayPal : User Agreement Changed (PayPal Phishing)
logo
Welcome
Some information on your account appears to be missing or incorrect. Please update your information promptly so that you can continue to enjoy all the benefits of your PayPal account. If you don't update your information within 2 days, we'll limit what you can do with your PayPal account.
Resolve the Security Issue.
If you need help logging in, go to our Help Center by clicking the Help link located in the upper right-hand corner of any PayPal page. .
Paypal
orth San Jose. 2211 N 1st St (btwn Charcot & Karina)
Paypal Co.
Phishing analysis :
CLICK : Resolve the Security Issue.
OPEN : http://www.tripidipi.cz/css
REDIRECT : http://www.tripidipi.cz/css/*/login.php?run=_login&session=*&access=*
SCREENSHOT :
VALIDATE : FORM
SCREENSHOT :
REDIRECT : AGAIN
SCREENSHOT :
VALIDATE : FORM
REDIRECT : AGAIN
SCREENSHOT :
VALIDATE : FORM
REDIRECT : AGAIN
SCREENSHOT :
REDIRECT : AGAIN
SCREENSHOT :
REDIRECT : https://secure.opinionlab.com/ccc01/comment_card.asp?time1=1402969318872&time2=1402969372567&prev=&referer=https:%2F%2FUS%2Epaypal%2Ecom%2Fen%5FUS%2F00%2FLog%5FIn%2Epage&height=768&width=1366&custom_var=kx3fhVVgW8gMa0n7M3NIPcBg7XZ2KBu2BcI5nN2fD2%252fd%252ffvYhBp7rQ%253d%253d_146aca2e3e4|Unknown|Log%20In|US|en_US|Unknown|Unknown|Unknown|Unknown
SCREENSHOT :
Email analysis :
NOTE : ersbys1@viagogo.com
NOTE : john2001barton@hotmail.com does not designate 94.126.40.172
NOTE : X-Canit-Geo : ip=94.126.40.140;
NOTE : country=GB;
NOTE : region=England;
NOTE : city=Stevenage;
NOTE : latitude=51.9022; longitude=-0.2026;
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : Received : from smarthost.hostingweb.co.uk (webpool1.lcn.com [94.126.40.140])
NOTE : by outscan2.ai270.net
NOTE : X-Php-Originating-Script : 317960:sm.php
Welcome
Some information on your account appears to be missing or incorrect. Please update your information promptly so that you can continue to enjoy all the benefits of your PayPal account. If you don't update your information within 2 days, we'll limit what you can do with your PayPal account.
Resolve the Security Issue.
If you need help logging in, go to our Help Center by clicking the Help link located in the upper right-hand corner of any PayPal page. .
Paypal
orth San Jose. 2211 N 1st St (btwn Charcot & Karina)
Paypal Co.
Phishing analysis :
CLICK : Resolve the Security Issue.
OPEN : http://www.tripidipi.cz/css
REDIRECT : http://www.tripidipi.cz/css/*/login.php?run=_login&session=*&access=*
SCREENSHOT :
VALIDATE : FORM
SCREENSHOT :
REDIRECT : AGAIN
SCREENSHOT :
VALIDATE : FORM
REDIRECT : AGAIN
SCREENSHOT :
VALIDATE : FORM
REDIRECT : AGAIN
SCREENSHOT :
REDIRECT : AGAIN
SCREENSHOT :
REDIRECT : https://secure.opinionlab.com/ccc01/comment_card.asp?time1=1402969318872&time2=1402969372567&prev=&referer=https:%2F%2FUS%2Epaypal%2Ecom%2Fen%5FUS%2F00%2FLog%5FIn%2Epage&height=768&width=1366&custom_var=kx3fhVVgW8gMa0n7M3NIPcBg7XZ2KBu2BcI5nN2fD2%252fd%252ffvYhBp7rQ%253d%253d_146aca2e3e4|Unknown|Log%20In|US|en_US|Unknown|Unknown|Unknown|Unknown
SCREENSHOT :
Email analysis :
NOTE : ersbys1@viagogo.com
NOTE : john2001barton@hotmail.com does not designate 94.126.40.172
NOTE : X-Canit-Geo : ip=94.126.40.140;
NOTE : country=GB;
NOTE : region=England;
NOTE : city=Stevenage;
NOTE : latitude=51.9022; longitude=-0.2026;
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : Received : from smarthost.hostingweb.co.uk (webpool1.lcn.com [94.126.40.140])
NOTE : by outscan2.ai270.net
NOTE : X-Php-Originating-Script : 317960:sm.php
Sunday, March 13, 2016
PayPal Limited Your Account (PayPal phishing)
Dear Customer:
Our 24-7 monitoring security system indicates that someone could be trying to use your account without your knowledge of approval.
PayPal may limit your account as a security measure to protect you and your account. It is part of our safeguard plan.
To lift a limitation, you usually need to provide information to PayPal. We'll ask you to fill in a form that could verify your account as part of our Resolution Center plan.
PayPal Case ID: PP-310-910-479-534
By downloading and filling in the form that we have provided in the 'attachment', you may proceed to verifying your account to remove these limitations.
Our sophisticated technology, well-engineered processes and top notch fraud intelligence remain vigilant 24-7 to safeguard your account and money at no additional cost.
Please do understand that this is a security measure intended to protect your account.
Thank you,
PayPal Security Team
2016 PayPal Inc. Our team of dedicated security professionals works vigilantly to help keep customer information secure.
Email analysis :
NOTE : members7@accounts.net
NOTE : Mime-Version : 1.0
NOTE : Remote : 64.34.208.23 ()
NOTE : Received : from unknown (HELO mail.freshfooddelivered.net) (64.34.208.23)
NOTE : Received : from 64.34.208.23 ([123.1.181.134])
NOTE : by freshfooddelivered.net
NOTE : PayPal Limited Your Account
PayPal phishing analysis :
- The phishing was an html page.
- The page is available for download : http://megabitload.com/download/index/55253876/
- The page is also available as a raw file : http://pastebin.com/raw/v4rPN5mF
Our 24-7 monitoring security system indicates that someone could be trying to use your account without your knowledge of approval.
PayPal may limit your account as a security measure to protect you and your account. It is part of our safeguard plan.
To lift a limitation, you usually need to provide information to PayPal. We'll ask you to fill in a form that could verify your account as part of our Resolution Center plan.
PayPal Case ID: PP-310-910-479-534
By downloading and filling in the form that we have provided in the 'attachment', you may proceed to verifying your account to remove these limitations.
Our sophisticated technology, well-engineered processes and top notch fraud intelligence remain vigilant 24-7 to safeguard your account and money at no additional cost.
Please do understand that this is a security measure intended to protect your account.
Thank you,
PayPal Security Team
2016 PayPal Inc. Our team of dedicated security professionals works vigilantly to help keep customer information secure.
Email analysis :
NOTE : members7@accounts.net
NOTE : Mime-Version : 1.0
NOTE : Remote : 64.34.208.23 ()
NOTE : Received : from unknown (HELO mail.freshfooddelivered.net) (64.34.208.23)
NOTE : Received : from 64.34.208.23 ([123.1.181.134])
NOTE : by freshfooddelivered.net
NOTE : PayPal Limited Your Account
PayPal phishing analysis :
- The phishing was an html page.
- The page is available for download : http://megabitload.com/download/index/55253876/
- The page is also available as a raw file : http://pastebin.com/raw/v4rPN5mF
Thursday, March 10, 2016
Account Notification (PayPal Phishing)
PayPal Case ID: PP-799-230-585-604
Dear Valued Customer,
Our account review team have currently set a limitation on your account. This may mean someone has used your PayPal account without your knowledge or approval. From time to time, limitations may be placed on accounts when unusual or suspicious activities are detected, to safeguard you from potential losses. We know this can be frustrating, but limitations were set to protect you and your account. To lift the limitations, please download the attached material that we have provided in this email. You may then fill in the form that we have supplied. After PayPal verifies your information, the limitations will be lifted. However, if we request more information, continue to respond promptly to speed up the resolution process. Please do understand that this is a security measure intended to protect your account.
Thank you,
PayPal Security Team
Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, you may download the attachment and follow the steps.
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < staff2@reports.com >
NOTE : X-Remote : 173.244.162.229
NOTE : (e5.a2.f4.static.xlhost.com)
NOTE : (HELO WIN-38GA3HC4B51.domain.com)
NOTE : Received : from 173.244.162.229 ([140.117.156.191])
NOTE : Account Notification
Phishing analysis :
- The phishing was an html page.
- The page is available here : http://pastebin.com/raw/1BsLNUUu
Dear Valued Customer,
Our account review team have currently set a limitation on your account. This may mean someone has used your PayPal account without your knowledge or approval. From time to time, limitations may be placed on accounts when unusual or suspicious activities are detected, to safeguard you from potential losses. We know this can be frustrating, but limitations were set to protect you and your account. To lift the limitations, please download the attached material that we have provided in this email. You may then fill in the form that we have supplied. After PayPal verifies your information, the limitations will be lifted. However, if we request more information, continue to respond promptly to speed up the resolution process. Please do understand that this is a security measure intended to protect your account.
Thank you,
PayPal Security Team
Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, you may download the attachment and follow the steps.
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < staff2@reports.com >
NOTE : X-Remote : 173.244.162.229
NOTE : (e5.a2.f4.static.xlhost.com)
NOTE : (HELO WIN-38GA3HC4B51.domain.com)
NOTE : Received : from 173.244.162.229 ([140.117.156.191])
NOTE : Account Notification
Phishing analysis :
- The phishing was an html page.
- The page is available here : http://pastebin.com/raw/1BsLNUUu
Monday, February 22, 2016
Limitation ! (Don't Ignore This E-mail )
Hello Client, Your Account logged from another device
IP Address Of Device : 180.151.40.175
Country : India
Fix It : http://tinyurl.com/PayTeam
Signed,
Security Team
all copyrights reserved ,call us at 65-6510-4584, 7:00 WIB to 21:00 WIB from Monday to Friday.
Phishing analysis :
CLICK : http://tinyurl.com/PayTeam
REDIRECT : http://just-eat.pk/Verification/Update/
SCREENSHOT :
CLICK : Log In
SCREENSHOT :
Email analysis :
NOTE : paypal@team.com
NOTE : X-Source : /usr/bin/php
NOTE : Sender Address Domain - server.bargainistascloset.com
NOTE : X-Source-Args : /usr/bin/php
NOTE : Return-Path : bargaini@server.bargainistascloset.com
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : bargainistascloset.com:/public_html/barksdalemarine
NOTE : X-Priority : 1
NOTE : Message-Id : < *@barksdalemarine.com >
NOTE : X-Mailer : PHPMailer (phpmailer.sourceforge.net) [version ]
NOTE : X-Authenticated-Sender : server.bargainistascloset.com: bargaini
NOTE : Content-Transfer-Encoding : 8bit
NOTE : X-Get-Message-Sender-Via : server.bargainistascloset.com:
NOTE : authenticated_id: bargaini/only user confirmed/virtual account not confirmed
NOTE : Content-Type : text/html; charset="iso-8859-1"
NOTE : client-ip=162.144.77.64;
NOTE : Received : from bargaini
NOTE : by server.bargainistascloset.com with local (Exim 4.86)
NOTE : Limitation ! (Don't Ignore This E-mail )
just-eat.pk whois :
Contact Person : Enhance Technologies - eteck Imran Imran
Address : Rawalpindi
Country : Pakistan
Registered On : 11/12/2010
Expired On : 11/12/2016
Agent Name : eteck
Organization : Enhance Technologies - eteck
Name : Imran Faryad Imran Faryad
Address : Rawalpindi Punjab46000
Company : Enhance Technologies - eteck Imran Imran
Hosting Server Address : dns.site5.com
Hosting Server Address : dns2.site5.com
Subscribe to:
Posts (Atom)