Monday, December 18, 2017
Attention: Your account status change ! (PayPal Phishing attempt)
PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?
Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.
Phishing screenshot :
Email analysis :
NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php
Phishing analysis :
CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt
Thursday, August 24, 2017
Your PayPal account has been temporarily Locked! (PayPal Phishing)
paypal
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Welcome
Dear *@*,
Your paypal account has been blocked temporarily . It usually means that we need some more information about your account or recent transactions please Activate your account so we can confirm that you own the account
To activate your account, just confirm your information.(It only takes a minute.)
Activate
Once you've activated your account, you can shop online without exposing your financial information. PayPal is accepted worldwide at millions of sites - including some of your favorites, like Dell.com, iTunes, and more.
Yours sincerely,
PayPalYours sincerely,
PayPal
Email analysis :
NOTE : service@paypal.coml
NOTE : Received : from MSSQL-HP3
NOTE : (aazo117.neoplus.adsl.tpnet.pl. [83.6.152.117])
Phishing analysis :
CLICK : the activate button
OPEN : https://www.balharbourshops.com/images/ujn///
REDIRECT : http://www.antichitachiossone.com/bn/
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/websrc
SCREENSHOT :
TEST : FAKE ACCOUNT
REDIRECT : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : Try again.
OPEN : http://www.antichitachiossone.com/bn/home/webapps/72dfb/webscr?cmd=_login-run&dispatch=*
SCREENSHOT :
CLICK : CONTINUE
REDIRECT : http://www.antichitachiossone.com/bn/home/myaccount/28eb3/websrc?cmd=_update-information&account_address=*&session=*
SCREENSHOT :
Friday, February 17, 2017
Important Message from PayPal ! (PayPal Phishing)
Your PayPaI Account logged form another device !
If you are seeing the messages this means that your account has been visited from an another place given below :
IP : 176.97.103.90
Country : Ukrania
Ville : Odessa
As a security measure, your account has been Iimited.
Case id : PP-801-707-057
Don't worry, you will be able to get your account back just after finishing this steps.
To continue follow this link : :Click Here✔
Notice :If you receive this email in the SPAM folder,click on "Not Spam" button to fix it
Email analysis :
NOTE : Received : from cptweb02 ([77.95.37.80])
NOTE : PayPal@service.com
Phishing analysis :
CLICK : Click Here✔
OPEN : https://jasper.nswebhost.com/~brainrec/paypal-support/
REDIRECT : https://jasper.nswebhost.com/~brainrec/paypal-support/paypal/login.php
SCREENSHOT :
If you are seeing the messages this means that your account has been visited from an another place given below :
IP : 176.97.103.90
Country : Ukrania
Ville : Odessa
As a security measure, your account has been Iimited.
Case id : PP-801-707-057
Don't worry, you will be able to get your account back just after finishing this steps.
To continue follow this link : :Click Here✔
Notice :If you receive this email in the SPAM folder,click on "Not Spam" button to fix it
Email analysis :
NOTE : Received : from cptweb02 ([77.95.37.80])
NOTE : PayPal@service.com
Phishing analysis :
CLICK : Click Here✔
OPEN : https://jasper.nswebhost.com/~brainrec/paypal-support/
REDIRECT : https://jasper.nswebhost.com/~brainrec/paypal-support/paypal/login.php
SCREENSHOT :
Tuesday, August 2, 2016
[Alert] Account Notification ( PayPal Phishing )
PayPal
Access a new device
A device or website that we do not know request access to your account :
Location : Ukraine
IP adress : 176.97.101.83
Navigator : Chrome (Windows)
If you were not please update your account information from the link below:
Update My Account
If you are not responsible for this operation, contact us support@paypal.com.
© PayPal 2016
Email screenshot :
Email analysis :
NOTE : servi@updat.admin.com
NOTE : Received : from sagitta by serwer.hosting-desire.pl with local (Exim 4.87)
NOTE : (envelope-from < sagitta@serwer.hosting-desire.pl >)
NOTE : X-Php-Originating-Script : 1168:rebels.php
NOTE : client-ip=176.112.79.50;
Phishing analysis :
CLICK : Update My Account
OPEN : http://antikytheramech.culture.gr/sites/default/files/Redirect.php
NOTE : Phishing was removed...
Access a new device
A device or website that we do not know request access to your account :
Location : Ukraine
IP adress : 176.97.101.83
Navigator : Chrome (Windows)
If you were not please update your account information from the link below:
Update My Account
If you are not responsible for this operation, contact us support@paypal.com.
© PayPal 2016
Email screenshot :
Email analysis :
NOTE : servi@updat.admin.com
NOTE : Received : from sagitta by serwer.hosting-desire.pl with local (Exim 4.87)
NOTE : (envelope-from < sagitta@serwer.hosting-desire.pl >)
NOTE : X-Php-Originating-Script : 1168:rebels.php
NOTE : client-ip=176.112.79.50;
Phishing analysis :
CLICK : Update My Account
OPEN : http://antikytheramech.culture.gr/sites/default/files/Redirect.php
NOTE : Phishing was removed...
Thursday, July 28, 2016
Security update regarding your account (PayPal Phishing)
This is an automated email, please do not reply
Dear User
(*@* ),
Our advanced security system detected that your account information has been compromised, We need to verify your account in order to continue using your Paypal services, Please understand that this is a security measure to protect you & your account. We apologize for any inconvenience.
Check your account
Thanks for choosing us,
PayPal Team
© 1999-2016 PayPal. All rights reserved.
Email ID: 865009
2016/07/28 00:15:00
Email analysis :
NOTE : support@estet.az
NOTE : Mime-Version : 1.0
NOTE : Authentication-Results : support@estet.az designates 94.20.30.223
NOTE : X-Priority : 1
NOTE : Content-Transfer-Encoding : 8bit
NOTE : X-Mailer : PHPMailer 5.2.8Wahib Priv8 Mailer
NOTE : X-Php-Script : estet.az/aa.php for 117.244.23.108
NOTE : X-Get-Message-Sender-Via : ns001.datacenter.az: authenticated_id: estet/from_h
NOTE : X-Authenticated-Sender : ns001.datacenter.az: support@estet.az
NOTE : Received-Spf : client-ip=94.20.30.223;
NOTE : Security update regarding your account
Phishing analysis :
CLICK : Check your account
OPEN : http://cirt.mx//images/Secure//
REDIRECT : http://cirt.mx/images/Secure//MGen/*/?dispatch=*
SCREENSHOT :
CLICK : Log In
SCREENSHOT :
Tuesday, June 28, 2016
During your last purchase (Phishing Paypal)
Header Image
Privacy Policy for PayPal Services Copyright ©2016
PayPal fraud prevention set standards by presenting the best security solution in the industry that make your business more secure.If you do not renew your paypal account will be limited or closed permanently
Update Your Account Info. Please click below.
Thank you for choosing PayPal
border
Copyright ©2016 All rights reserved.
Email analysis :NOTE :
NOTE : Return-Path : < *@sendgrid.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : ColdFusion 9 Application Server
NOTE : client-ip=50.31.42.127;
NOTE : Received : from o1.email.britishsoapawards.tv ([50.31.42.127])
NOTE : Received : by filter0036p1las1.sendgrid.net
NOTE : Received : from vaya-backend09-optusrts (unknown [103.1.216.177])
NOTE : by ismtpd0018p1sin1.sendgrid.net (SG)
NOTE : During your last purchase
Phishing analysis :
CLICK : THE BUTTON
OPEN : https://bit.ly/1RFlDg4
REDIRECT : http://64.71.78.238/CFIDE/web.html
REDIRECT : http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php
SCREENSHOT :
CLICK : Log In
REDIRECT http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php?error_login_id=*#
NOTE : THE LOGIN ASK FOR A VALID PASSWORD...
NOTE : SHORT THE URI TO http://horseridingholidaysgb.co.uk/php/update_info/
SCREENSHOT :
NOTE : FUNNY...
NOTE : CHANGE IP
SCREENSHOT :
NOTE : LAUGHT...
Privacy Policy for PayPal Services Copyright ©2016
PayPal fraud prevention set standards by presenting the best security solution in the industry that make your business more secure.If you do not renew your paypal account will be limited or closed permanently
Update Your Account Info. Please click below.
Thank you for choosing PayPal
border
Copyright ©2016 All rights reserved.
Email analysis :NOTE :
NOTE : Return-Path : < *@sendgrid.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : ColdFusion 9 Application Server
NOTE : client-ip=50.31.42.127;
NOTE : Received : from o1.email.britishsoapawards.tv ([50.31.42.127])
NOTE : Received : by filter0036p1las1.sendgrid.net
NOTE : Received : from vaya-backend09-optusrts (unknown [103.1.216.177])
NOTE : by ismtpd0018p1sin1.sendgrid.net (SG)
NOTE : During your last purchase
Phishing analysis :
CLICK : THE BUTTON
OPEN : https://bit.ly/1RFlDg4
REDIRECT : http://64.71.78.238/CFIDE/web.html
REDIRECT : http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php
SCREENSHOT :
CLICK : Log In
REDIRECT http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php?error_login_id=*#
NOTE : THE LOGIN ASK FOR A VALID PASSWORD...
NOTE : SHORT THE URI TO http://horseridingholidaysgb.co.uk/php/update_info/
SCREENSHOT :
NOTE : FUNNY...
NOTE : CHANGE IP
SCREENSHOT :
NOTE : LAUGHT...
Subscribe to:
Posts (Atom)