Paypal Phish
Posted by Dave Yadallee on
From - Fri Jul 26 11:10:38 2013
X-Account-Key: account1
X-UIDL: 0000204b4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 Jul 2013 08:25:20 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.80.1)
(envelope-from)
id 1V2iwo-00008m-IH
for dave@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 08:24:46 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Fri, 26 Jul 2013 08:24:46 -0600
Resent-Message-ID: <20130726142446.GA26659@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
Received: from nereid.lunarpages.com ([216.97.225.85])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from)
id 1V2eMU-0002wU-BH
for doctor@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 03:31:17 -0600
Received: from ccofr2 by nereid.lunarpages.com with local (Exim 4.77)
(envelope-from)
id 1V2eMP-0005ZD-5T
for doctor@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 02:30:53 -0700
To: doctor@doctor.nl2k.ab.ca
Subject: Case #PP-002-095-706-877 Breach of Contract
From: PayPal
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Fri, 26 Jul 2013 02:30:53 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - nereid.lunarpages.com
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [32396 500] / [47 12]
X-AntiAbuse: Sender Address Domain - nereid.lunarpages.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/ccofr2/public_html/wp-content/plugins/11.php
X-Source-Dir: ccofr.org:/public_html/wp-content/plugins
X-Antivirus: AVG for E-mail 10.0.1432 [3209/6023]
X-AVG-ID: ID1662C251-60C51171
PayPal Notification Service / Account Notification! / PayPal Online Banking - 3rd attempt failed !
Dear Customer,
Within PayPal latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account.
For your safety, PayPal set your account status to limited. For your account status to get back to normal, you will have
to Sign In correctly at: https://www.paypal.com.cgi.bin-login/webscr?cmd=_login-submit
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from:
.*.121.39 nelly.il
Invalid login from:
.*.191.137 bitssh.bg
Invalid login from:
*.*.170.137 net.dk
Protect Yourself from Fraud: Don't send money to someone you don't know. Find out how to help safeguard your transactions and your personal information to avoid online fraud.
This message is mandatory, if you do not complete it in less then 24 hours, your account may get deactivate.
Copyright 1999-2013 PayPal. All rights reserved.
X-Account-Key: account1
X-UIDL: 0000204b4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 Jul 2013 08:25:20 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.80.1)
(envelope-from
id 1V2iwo-00008m-IH
for dave@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 08:24:46 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Fri, 26 Jul 2013 08:24:46 -0600
Resent-Message-ID: <20130726142446.GA26659@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
Received: from nereid.lunarpages.com ([216.97.225.85])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from
id 1V2eMU-0002wU-BH
for doctor@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 03:31:17 -0600
Received: from ccofr2 by nereid.lunarpages.com with local (Exim 4.77)
(envelope-from
id 1V2eMP-0005ZD-5T
for doctor@doctor.nl2k.ab.ca; Fri, 26 Jul 2013 02:30:53 -0700
To: doctor@doctor.nl2k.ab.ca
Subject: Case #PP-002-095-706-877 Breach of Contract
From: PayPal
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Fri, 26 Jul 2013 02:30:53 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - nereid.lunarpages.com
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [32396 500] / [47 12]
X-AntiAbuse: Sender Address Domain - nereid.lunarpages.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/ccofr2/public_html/wp-content/plugins/11.php
X-Source-Dir: ccofr.org:/public_html/wp-content/plugins
X-Antivirus: AVG for E-mail 10.0.1432 [3209/6023]
X-AVG-ID: ID1662C251-60C51171
Dear Customer,
Within PayPal latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account.
For your safety, PayPal set your account status to limited. For your account status to get back to normal, you will have
to Sign In correctly at: https://www.paypal.com.cgi.bin-login/webscr?cmd=_login-submit
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from:
.*.121.39 nelly.il
Invalid login from:
.*.191.137 bitssh.bg
Invalid login from:
*.*.170.137 net.dk
Protect Yourself from Fraud: Don't send money to someone you don't know. Find out how to help safeguard your transactions and your personal information to avoid online fraud.
This message is mandatory, if you do not complete it in less then 24 hours, your account may get deactivate.
Copyright 1999-2013 PayPal. All rights reserved.
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1432 / Virus Database: 3209/6023 - Release Date: 07/26/13
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments