Monday, April 11, 2016

Amazon account statut has been changed (Amazon Phishing Attempt)


Dear customer,

To get back into your account, you'll need to confirm your account . It's easy: Click the link below to open a secure browser window. Confirm that you're the owner of the account and then follow the instructions. .

By Clicking Here

Or contact Amazon Member Services Team. We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

-The Amazon Team

(EMID: CM_M_3.0_500_X_M_EN)(MD: 2014071907341)(EPID: 181719754)(ETID: 906330)

Phishing analysis :

CLICK : By Clicking Here
OPEN : http://www.lavandariatamico.com/aze/test@test.com
REDIRECT : http://mairie-thurey.fr/amz/
RESULT : Internal Server Error

Email analysis :

NOTE : xx@yy
NOTE : Mime-Version : 1.0
NOTE : Received : from CFHTERMINAL.COOKIESFROMHOME.COM ([68.15.179.5])


NOTE : Received : from CFHTERMINAL.COOKIESFROMHOME.COM ([127.0.0.1])
No comments:
Labels : , , ,

Tuesday, October 27, 2015

We were unable to process your most recent payment... (Amazon Phishing)

Amazon.com

Today's Deals See All Departments

= = = = = = = = = = = = = = = = = = = =

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?. To ensure that your service is not interrupted, please update your billing information today.

Confirm your account now

We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. If you need further assistance with your order.

= = = = = = = = = = = = = = = = = = = =

Amazon.com
Connect with us

Phishing analysis :

CLICK : Confirm your account now
OPEN : http://www.intellectualjourneyofenlightenment.org/admin/css/amazon.com-verification/id/
RESULT : This Account Has Been Suspended

intellectualjourneyofenlightenment.org whois :

Registrant ID:DI_41908394
Registrant Name:Atul Kumar Jain
Registrant Organization:intellectualjourneyofenlightenment.org
Registrant Street: 363, sec 15
Registrant City:Panchkula
Registrant State/Province:Haryana
Registrant Postal Code:134114
Registrant Country:IN
Registrant Phone:+91.9888054461
Registrant Email:atul.jain2711@gmail.com
Admin ID:DI_41908394

Email analysis :

NOTE : noreply@amzon.support82.e-i.com
NOTE : 192.163.247.190 (ami.amiableargument.com)
NOTE : X-Source-Args : /usr/bin/php /home/wwwtheiv/public_html/clientscript/ie7/wp-confiiig.php
NOTE : Received : from wwwtheiv by ami.amiableargument.com
NOTE : (envelope-from < wwwtheiv@ami.amiableargument.com >)
NOTE : X-Mailer : theivoryquill.com
NOTE : X-Php-Script : theivoryquill.com/clientscript/ie7/wp-confiiig.php
NOTE : for 185.109.161.21


NOTE : X-Get-Message-Sender-Via : ami.amiableargument.com:
NOTE : authenticated_id: wwwtheiv/only
NOTE : user confirmed/virtual account not confirmed
No comments:
Labels : , , , ,

Monday, February 9, 2015

Amazon Phishing

CONFIRM ACCOUNT

This is a random validation check on your account, to continue using the Amazon service you must confirm your account. Please follow the steps in the next window that opens.

Confirm Account

We thank you for your patience regarding this matter, this is done to protect our customers. Failure to confirm will mean suspension of these services.

Processing at Amazon.

Phishing analysis :

CLICK : Confirm Account
OPEN : http://www.serviceamz.website/
RESULT : Phishing was deleted...

Email analysis :

NOTE : X-Msmail-Priority : High
NOTE : Return-Path : laura@sohospices.com
NOTE : X-Originating-Ip : 23.249.163.137
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 1
NOTE : X-Mailer : Smart_Send_3_1_6
NOTE : Received : from mail4.onnetsecure.net ([74.118.69.248])
NOTE : Received : from mail.expertmail80.co.uk (laura@sohospices.com@23.249.163.137)
NOTE : by mail4.onnetsecure.net with ESMTPAM
NOTE : Please Validate
No comments:
Labels : , ,

Monday, December 29, 2014

Verify your Amazon account ! (Amazon Phishing)

Your Account Has Been Blocked!
Dear Customer ,

We take you to note that your account has been suspended for protection , your password was entered more than once .
In order to protect you ,your account has been suspended .Please update your Account Information to unsuspend the account.

http://amazon.com/account-protection

Thanks for Update at Amazon.com.

-------------------------------------------------------------
Amazon.com
http://www.amazon.com
-------------------------------------------------------------

Please note: This e-mail message was sent from a notification-only address that
cannot accept incoming e-mail. Please do not reply to this message.

Phishing analysis :

CLICK : http://amazon.com/account-protection
OPEN : http://allsystemsgo.ee/sites/default/files/color/business-4907d2b9/please.verify.your.amazon.account.or.we.will.have.to.suspend.your.account/amazon/Billing_Center/
RESULT : Phishing was removed...

allsystemsgo.ee analysis :

% This Whois Server contains information on
% Estonian Top Level Domain ee TLD

domain : allsystemsgo.ee
registrant : CID:ZONE:392805
admin-c : CID:ZONE:392806
nsset : NSSID:ZONE:97730
registrar : zone
status : paid and in zone
registered : 19.07.2013 16:55:11
expire : 19.07.2015
outzone : 03.08.2015
delete : 02.09.2015
Domeeninimi : allsystemsgo.ee
Staatus Makstud : ja tsoonis
Registreeritud : 19.07.2013 16:55:11
Aegub : 19.07.2015
Nimeserverid : ns1.flamingo.arvixe.com / ns2.flamingo.arvixe.com
DNSSEC : Allkirjastamata
Registripidaja : Zone Media OÜ
Registreerija andmed : All Systems Go OÜ / jelena_ljalik@hotmail.com
Halduskontakti andmed : Jelena Ljalik / jelena_ljalik@hotmail.com
Tehnilise kontakti andmed : Jelena Ljalik / jelena_ljalik@hotmail.com
nsset : NSSID:ZONE:97730
nserver : ns1.flamingo.arvixe.com
nserver : ns2.flamingo.arvixe.com
tech-c : CID:ZONE:392807
registrar : zone

Email analysis :

NOTE : Amazon Anti Fraud < anti-fraud@earthlink.net >
NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < anti-fraud@earthlink.net >
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : X-Remote : 207.69.195.67 (pop-tawny.atl.sa.earthlink.net)
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : Content-Type : text/html; charset="Windows-1251"
NOTE : Received : from pop-tawny.atl.sa.earthlink.net (207.69.195.67)
NOTE : Received : from in-69-69-173-134.sta.embarqhsd.net ([69.69.173.134] helo=User)
NOTE : by pop-tawny.atl.sa.earthlink.net with smtp (Exim 3.36 #1)
NOTE : Verify your Amazon account !
No comments:
Labels : ,
Subscribe to: Posts (Atom)
Copyright © Scam.cz | Created by Rbcafe