Monday, October 19, 2015

Update Your Expedia Account (Expedia Phishing


Expedia Customer Experience

Dear user,

We take our community's security seriously, so under certain circumstances, we'll ask you to confirm your account. Once you're confirmed, you'll be on your way.As a security precaution we ask you to link your e-mail account using our secure link bellow:

Verify Account.

TO RESPOND TO THIS TICKET, REPLY TO THIS EMAIL 124973883747617948747316447971

Phishing analysis :

CLICK : Verify Account
OPEN : http://expediacentral87487447732506331787partner.senteservices.net/email/partner/user/www.expediapartnercentral.com//
SCREENSHOT :


REDIRECT : https://www.expediapartnercentral.com/Account/Logon?MESSAGE=T3UtIakIzb%2b2VN2xVTBJUcbiraHuTzUu0Se27HZlMjkzvJP98UuQz9KF7I6BQhxGlYIRk5XL%2fwoHUFWFTDTmQBeu%2bs8NldSQ7XRMRVeQfgsMaM96LdwKb4Ftcb%2fmrMAj%2bxT2UBN1cdYUAI6NNibBZ2ZHBE%2bMM69C%2bA%2b%2bNrKqEvc%3d&RP_ID=1

senteservices.net whois :

Domain Name: SENTESERVICES.NET
Registry Domain ID: 1696298025_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.aerotek.com.tr
Updated Date: 2015-01-11T16:49:54Z
Creation Date: 2012-01-10T12:16:12Z
Registrar Registration Expiration Date: 2016-01-10T12:16:12Z
Registrar: Aerotek Bilisim Taahut Sanayi Ve Ticaret Ltd Sti.
Registrar IANA ID: 1534
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: neslihan bukumcu
Registrant Organization: Senteservices - Neslihan Bukumcu
Registrant Street: Kukurtlu mah.basaran sk.yesildeniz apt. No: 8/a
Registrant City: Bursa
Registrant Postal Code: 16080
Registrant Country: TR
Registrant Phone: +90.2242335626
Registrant Fax: +90.2242335609
Registrant Email: neslihanbukumcu@gmail.com
Admin Name: neslihan bukumcu
Admin Organization: Senteservices - Neslihan Bukumcu
Admin Street: Kukurtlu mah.basaran sk.yesildeniz apt. No: 8/a
Admin City: Bursa
Admin Postal Code: 16080
Admin Country: TR
Admin Phone: +90.2242335626
Admin Fax: +90.2242335609
Admin Email: neslihanbukumcu@gmail.com
Name Server: cpns1.turdns.com
Name Server: cpns2.turdns.com
DNSSEC:Unsigned

Email analysis :

NOTE : test@finartserramenti.it
NOTE : Received : from [212.125.105.153]
NOTE : (helo=[127.0.0.1]) by web1.host-it.it
NOTE : client-ip=46.28.5.157;

No comments:

Post a Comment