Apple: Order Number: 103993128
iTunes Store
Dear
Thank you for buying the following product on 18/01/2016
Product Name: F1-Pilot Premium(R)
Order Number: 103993128
Receipt Date: 18/01/2016
Order total: 14.02 EUR.
We hope that our tools and solutions have improved the way you do business this year.
If you did not authorize this purchase, please proceed with "Cancellation Form"
Cancel this Purchase
Phishing analysis :
CLICK : Cancel this Purchase
OPEN : https://directcabcall.com/dcc/cron/Update/login/
REDIRECT : http://https.paypatl.com.leodimiranda.com/nl/webapps/mf2f/home
Email analysis :
NOTE : Return-Path : < voveriukas@jml-group.lt >
NOTE : X-Php-Script : jml-group.lt/wp-content/files_mf/send.php for 105.108.42.181
NOTE : Received : from mail.ledinis.lt (mail.ledinis.lt. [109.235.64.119])
NOTE : Your Order Has Been Placed
Conclusion :
- iTunes Store phishing turning to Paypal phishing.
Hijacked websites :
directcabcall.com : owner : DIRECTCABCALL.COM@domainsbyproxy.com
leodimiranda.com : owner Irene Perrin / +61.386242485 / contact@myprivateregistration.com
jml-group.lt : UAB "Interneto vizija" / hostmaster@iv.lt
jml-group.lt : ress website / account voveriukas
ledinis.lt : UAB "Interneto vizija" / hostmaster@iv.lt
Phisher's origin :
IP : 105.108.42.181
Provider : Telecom Algeria
Country : Algeria
Latitude : 28
Longitude : 3