Monday, March 12, 2018

Pending Mails (Gmail phishing)

Hi *

Due to the Routine checks on the mail servers,

Some of your mails might be on pending status...

Get started here validate and retrieve mail(s).

Also, Enter details once and correctly, then wait for response from Our Server.

Sincerely,
gmail.com Support Team

Phishing analysis :

CLICK : Get started here
OPEN : https://qidecul.ga/bin/others/?email=@
REDIRECT : https://qidecul.ga/bin/others/*.php?*
SCREENSHOT :


Email analysis :

NOTE : noreply@starslabels.ae
NOTE : 80.112.200.71

Bitcoin Wallet Notification (Phishing)

Bitcoin Wallet Notification

Your bitcoin wallet is due for validation.
This is a compulsory security routine to help us add extra security features to your wallet.

Click Here to validate your Bitcoin Wallet now.

*Note: If you ignore this warning, we will shutdown your account without further notice,
............and the funds in your wallet will be permanently lost.

-- Wallet Security Team --

Phishing Screenshot :


Phishing analysis :

CLICK : Click Here
OPEN : http://www.oriondentalcare.com/wp-includes/js/kel/index.php
REDIRECT : http://www.oriondentalcare.com/wp-includes/js/kel/*.php?*
SCREENSHOT :


NOTE : #oriondentalcare

Email analysis :

NOTE : nilanga.abhayarathna@redcross.lk
NOTE : X-Originating-Ip : ⁨[66.150.174.79]⁩

Thursday, February 22, 2018

veuillez lire ce mail


Chèr(e) client(e),

Votre conseiller Crédit Mutuel de Bretagne vous a adressé un nouveau mail important,

Pour le consuter veuillez cliquer sur le lien ci-dessous:

Cliquez içi

Cordialement

Phishing screenshot :


Email analysis :

NOTE : oidn@xtra.co.nz
NOTE : X-Mailer : ⁨Open-Xchange Mailer v7.8.3-Rev22⁩
NOTE : X-Sender-Ip : ⁨210.55.143.52⁩


Phishing analysis :

Click : Cliquez içi
OPEN : http://www.childrens-paradise.at/1
REDIRECT : http://www.josefinodenring.com/sd/cmb/*/conixion.html?*
SCREENSHOT :


POST : FORM
REDIRECT : http://www.josefinodenring.com/sd/cmb/*/post.php?hello_marco_sbou
REDIRECT : https://www.cmb.fr/banque/assurance/credit-mutuel/web/j_6/accueil

Friday, January 5, 2018

Account Notification (PayPal Phishing)

PayPal
Notification : janvier 02, 2018

Beloved , Costumer(s)

Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:

Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?

Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.

Reload my account

Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.

Phishing screenshot :


Email analysis :

NOTE : no-reply@server5.floathosting1.com
NOTE : Account Notification

Phishing analysis :

CLICK : Reload my account
OPEN : http://bksvm.in/includes/.international/Login-account/
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?country.x=*&ACCT.x=*
SCREENSHOT :


CLICK : Einloggen
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?log=*
SCREENSHOT :


NOTE : PayPal phishing at : http://bksvm.in/

Monday, December 18, 2017

Attention: Your account status change ! (PayPal Phishing attempt)


PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?

Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.

Phishing screenshot :


Email analysis :

NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php

Phishing analysis :

CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt

Sunday, December 10, 2017

Final reminder: update your payment details

Please Update Your Payment Method Now

Dear Valued Netflix User

Sorry for the interruption, but we are having trouble authorizing your Payment Method.

Please visit the account payment page at

https://www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method.

When you have finished, we will try to verify your account again.

If it still does not work, you will want to contact your credit card company.

To protect the informations of our customers, our system has temporarily placed restrictions on your account until your informations has been validated against our system. You can validate your informations by either clicking on the link above or below, this will only take a few minutes and your account functions will be fully restored.

Log In To account

If you have any questions, we are happy to help. Simply call us at 0800-917812.

The Netflix Team

Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Circle Los Gatos, CA 95032. You can un-subscribe to security alerts by configuring your online account. We are sending this email to provide support for your personal online Netflix account.

Email analysis :

NOTE : support@vweb11.nitrado.net
NOTE : Received : from vweb11.nitrado.net (vweb11.nitrado.net. [194.169.211.12])


Phishing screenshot :


Phishing analysis :

CLICK : https://www.netflix.com/YourAccountPayment
OPEN : http://signin-accnt.app10.beget.tech/app/user
SCREENSHOT :


VALIDATE : FORM
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/billing.php?ip=*
SCREENSHOT :


VALIDATE : FORM
CLICK : Update Billing Address
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/payment.php?ip=*
SCREENSHOT :


VALIDATE : FORM
CLICK : Update Payment Method
REDIRECT : http://signin-accnt.app10.beget.tech/app/user/finish.php
SCREENSHOT :

Tuesday, November 28, 2017

TR :Rappel (Tentative de Phishing Société Générale)

Phishing Société Générale

Email analysis :

NOTE : crommentuijn@home.nl
NOTE : Received : from [212.54.34.114] (helo=smtp6.mnd.mail.iss.as9143.net)
NOTE : by smtpq4.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
NOTE : (envelope-from < crommentuijn@home.nl >)
NOTE : X-Sourceip : 195.88.51.10

Phishing analysis :

CLICK : IMG
OPEN : http://flygplats.sjoboflyg.se/temp/
SCREENSHOT :

Tuesday, November 21, 2017

System Bounce Reset (Email Phishing)

Email Security Alert

for - Account User: *

Access to your E-mail (* ) will expire today 20/11/2017,please renew to avoid account deactivation. For your account security, we strongly recommend that you Renew your account now, else you account will be schedule for termination .

Click here to renew your E-mail account

After renewal/verification, extra security features will be activated in your email settings and your account will be safe for use again.

2017 Email Administrator

Email analysis :

NOTE : feedback@service.alibaba.com
NOTE : Received : by casidrup.localdomain (Postfix, from userid 48)
NOTE : apache@casidrup.localdomain
NOTE : X-Mailer : www.casi.com.ar

Phishing analysis :

CLICK : Click here to renew your E-mail account
OPEN : https://quadrivalent-harbor.000webhostapp.com/email/index.php?email=*
SCREENSHOT :


FILL : FAKE FORM
CLICK : Upgrade Now
REDIRECT : https://quadrivalent-harbor.000webhostapp.com/email/thankyou.php
SCREENSHOT :

REDIRECT : https://technet.microsoft.com/en-us/library/dd351283%28v=exchg.141%29.aspx

Friday, November 17, 2017

System Upgrade (Standard Bank Phishing)

Dear Valued Customer,

ACCOUNT E-MAILS ALERT

We’re sorry to inform you that we are unable to verify your account identity. In order to protect the security of your account.

We have terminated your ATM account banking session.

In order to resolve this situation,

We implore you to click on the SECURE link below to CONFIRM any possible findings.

http://bebesysalud.com/wp-includes/pomo/numsurver.php

Thank you for choosing Standard Bank.

Standrad Bank Team.

Email analysis :

NOTE : kurt.kemper@dfafrica.co.za
NOTE : info@Standarddbank.co.za
NOTE : Received : from null (za-sl-23.za.mimecast.lan [10.32.36.72]) (Using TLS)
NOTE : by za-smtp-1.mimecast.co.za

Phishing screenshot :


Phishing analysis :

CLICK : http://bebesysalud.com/wp-includes/pomo/numsurver.php
SCREENSHOT :


NOTE : Standard Bank Phishing

Account status has been changed (invoice 02574) (PayPal Phishing)

Dear PayPal Customer ,

We detected something unusual about a recent sign-in for the PayPal account . For example, you might be signing in from a new location, device, or app.

To help keep you safe, we've blocked access to your PayPal account , Billing Info, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.

Review recent activity

Thanks,
The PayPal account team

Copyright© 1996-2017 PayPal.com, Inc. All right reserved

Email analysis :

NOTE : support@vweb12.nitrado.net
NOTE : Received : by vweb12.nitrado.net

Phishing screenshot :


Phishing analysis :

CLICK : Review recent activity
OPEN : www.update-service.clanonzj.beget.tech/
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/login.php?cmd=_account-details&session=*
SCREENSHOT :


NOTE : FILL FAKE INFO
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/Billing.php?cmd=_account-details&session=*&dispatch=*
SCREENSHOT :


NOTE : PayPal Phishing

Thursday, November 16, 2017

Promocao Netflix 2 Meses Gratuitos (78091) (Netflix Phishing)

Prezado Cliente: Email Cadastrado - Caso nao esteja visualizando a imagem .
Exibir Imagens

Email analysis :

NOTE : ip-160-153-231-135.ip.secureserver.net
NOTE : www-data@ip-160-153-231-135.ip.secureserver.net
NOTE : Received : from ip-160-153-231-135.ip.secureserver.net
NOTE : (ip-160-153-231-135.ip.secureserver.net [160.153.231.135])

Phishing analysis :

CLICK : Exibir Imagens
OPEN : https://graficagibin.com.br/VELHO/beta/images/content/02/?
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/index.php
SCREENSHOT :


VALIDATE FORM WITH WRONG EMAIL
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/payment.php?form=*.scr
SCREENSHOT :


CLICK : VISA
SCREENSHOT :


FILL : FAKE DATA
REDIRECT : https://graficagibin.com.br/loja/downloader/lib/Mage/Autoload/netflix/terminor.php?form=*.scr
SCREENSHOT :


REDIRECT : https://www.netflix.com/getstarted?locale=pt-BR&action=startAction

Friday, November 3, 2017

DHL Shipment Notification (Phishing)

Dear customers,

A package is coming your way through DHL Express, shipment is on transit and ready for tracking. You can request for tracking details .
Sender Account ending-> *****04291
For full tracking information please click here and follow the process.
Kindly keep the downloaded documents safe, we will need you to provide them
for confirmation before delivering your parcel.
For complaints or further support kindly contact our 24/7 support team .
With kind regards,
2017 © DHL International GmbH. All rights reserved.
DHL Worldwide Delivery ©

htytytytolop

Phishing screenshot :

Email analysis :

NOTE : pjatania@atulauto.co.in
NOTE : Received : from mail.atulauto.co.in ([27.54.160.78])


NOTE : Received : from atulauto.co.in (unknown [192.95.20.146])


NOTE : by mail.atulauto.co.in

Phishing analysis :

CLICK : click here
OPEN : http://workingin-visas.com.au/track/dhl/index.php?email=0
REDIRECT : http://workingin-visas.com.au/track/dhl/tracking.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=0
SCREENSHOT :

Tuesday, October 24, 2017

Hi User, you have 2 important invitations on your LinkedIn network

LinkedIn

These invitations are expiring this month.
Remember, each connection extends the reach of your network.

Dale Christel
CEO, Perm Mold Alum Castings and Machining at Watry Ind. 920-457-4886
Invitation expires: November 14
Yes, connect

Scott Fraser SIOR, CCIM
Senior Vice President at Kidder Mathews
Invitation expires: November 9
Yes, connect

See all invitations

Unsubscribe | Help
You are receiving Invitation emails.
This email was intended for LinkedIn user. Learn why we included this.
LinkedIn
© 2017 LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.

Email analysis :

NOTE : chair-e.business@meu.edu.jo
NOTE : X-Originating-Ip : [105.112.16.129]


Phishing screenshot :


Phishing analysis :

CLICK : Yes, connect
OPEN : https://pt-ipm.co.id/imcp2/wp-admin/includes/lm/js/i.php
REDIRECT : https://tachimitatape.co.id/xc/www.linkedin/53f12518b4dce443ab52eb662098f8cf/
SCREENSHOT :

please add me on your LinkedIn network (LinkedIn Phishing)

LinkedIn

Hi ,

Debbie Wilkes want to add you to their network

Debbie Wilkes
CEO,at Rio trade Business Group
USA:5,640 connection

Accept
View Profile

© 2017 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn Corporation in the United States and/or other countries. All rights reserved.

You are receiving Invitation emails. Unsubscribe
This email was intended for you. Learn why we included this.

LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: 70 Sir John Roberson's Quay, Dublin 2

Email analysis :

NOTE : service-member@linkedln.com
NOTE : User-Agent : Roundcube Webmail/1.2.4
NOTE : X-Sender : LinkedInCorporation2017@service.net

Phishing screenshot :


Phishing analysis :

CLICK : View Profile
OPEN : http://yb82.myjino.ru/tt/linkedln/www.linkedin/Linkedin1/
SCREENSHOT :

Wednesday, October 18, 2017

New transaction (MyEtherWallet Phishing)

You have a new transaction on your Ethereum Wallet.

Login to check your balance:

https://mymyetherwallet.com/#view-wallet-info

Phishing screenshot :


Email analysis :

NOTE : vebj@striker.ottawa.on.ca
NOTE : Received : from static-186-121-254-194.acelerate.net
NOTE : (static-186-121-254-194.acelerate.net [186.121.254.194])


NOTE : allero@striker.ottawa.on.ca
NOTE : Received : from b1ebd3e6.virtua.com.br (unknown [177.235.211.230])


Phishing analysis :

CLICK : https://mymyetherwallet.com/#view-wallet-info
OPEN : https://mymyetherwallet.com/#view-wallet-info

Friday, October 13, 2017

Vous avez un nouveau message (Phishing Société Générale)

Bonjour,

Vous avez (1) nouveaux messages sur votre messagerie.
Consulter votre Messagerie en cliquant sur le lien ci-dessous :

(Consultezhici)

Nousivousiremercionsideivotreiconfiance.

Email analysis :

NOTE : info@societegenerale.fr
NOTE : Return-Path : < apache@admiral.anchor.net.au >
NOTE : X-Remote : 202.4.239.210 (admiral.anchor.net.au)


NOTE : Mime-Version : 1.0
NOTE : Received : from admiral.anchor.net.au (admiral.anchor.net.au [202.4.239.210])
NOTE : Received : by admiral.anchor.net.au (Postfix, from userid 48)
NOTE : Vous avez un nouveau message

Phishing screenshot :


Phishing analysis :

CLICK : (Consultezhici)
OPEN : starrdental.com/html/websms/index.htm
RESULT : Unresponsive
RESULT : Phishing attempt.

Thursday, October 12, 2017

Richard Gross's invitation is waiting for your response (LinkedIn Phishing)

LinkedIn
Richard Gross invited you to connect 3 days ago.

Accept

View Invitation

Richard Gross
CEO at HOC Trading LLC
More people who want to connect with you

Frank White
CONTRACTOR

View Message Here

Unsubscribe | Help
You are receiving LinkedIn notification emails.
This email was intended for User. Learn why we included this.
LinkedIn
© LinkedIn. Mailing address: Room 817, 18F, Building 18, #1 DiSheng Bei Road, Bejing Yizhuang Development Area, China. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.

Email analysis :

NOTE : chair-curricula@meu.edu.jo
NOTE : X-Originating-Ip : [105.112.23.133]


Phishing screenshot :



Phishing analysis :

CLICK : ACCEPT
OPEN : https://maralspa.cl/LNKD/i.php
REDIRECT : https://lincoln-institute.com.ar/img/logos/www.linkedin/5e48c0aef72e80880ea2117442efdb31/
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://lincoln-institute.com.ar/img/logos/www.linkedin/5e48c0aef72e80880ea2117442efdb31/index2.html
SCREENSHOT :


VALIDATE : FORM
REDIRECT : https://www.linkedin.com/start
SCREENSHOT :