PayPal Phish
Posted by Dave Yadallee on
From - Mon Jun 22 21:37:23 2015
X-Account-Key: account2
X-UIDL: 0005d4c7501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: sales@nk.ca
Delivery-date: Mon, 22 Jun 2015 21:36:31 -0600
Received: from [193.169.188.113] (helo=server98.asx1.com)
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.86_RC3)
(envelope-from)
id 1Z7F0f-0000g3-PR
for sales@nk.ca; Mon, 22 Jun 2015 21:36:31 -0600
X-BitdefenderWKS-SpamStamp: Build: [Engines: 2.15.6.731, Dats: 322160,
Stamp: 3], Multi: [Enabled, t: (0.002058,0.002050)], BW: [Enabled, t:
(0.000014,0.000002)], RTDA: [Enabled, t: (0.153384), Hit: Yes,
Details: v2.2.9; Id: 2m1gh1t.19o5ofstr.1gpqj;
fipr(106l0bcef414bf7b6fab6d0826be7efabbf7:998;);
fz(101nbe35f3d766fb7d67ee88d627d9ed83ac:998;); ip(1); url(1)], total:
1000(775)
X-BitdefenderWKS-Spam: Yes - 1000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=particuliers.fr; s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject:From:Reply-To; bh=HpIOEIJ6F/ELvYe2crqWK36YEnWSMXNfzHjGT/wa8WA=;
b=sf4ER+A/pKG2W0eDgrNGRDylmv+C/k6DkTKeOwoC0Xv15eyS5VWc1CYMzVjxZDOAogDs1C9wGbL8xLqGySOieUjRv01vo87MHz6ZUfga5ZaugrGwRBbNX1PnTg1EHaos6UwO5XLSQF5M4BjD/p0AdNccDLOK+RQ3G1lemum7IyU=;
Received: from vps-6391.fhnet.fr ([185.41.154.247]:59126 helo=User)
by server98.asx1.com with esmtpa (Exim 4.80.1)
(envelope-from)
id 1Z7Ez0-0002qY-Cd; Tue, 23 Jun 2015 03:34:46 +0000
Reply-To:
From: "PayPal - Customer Service"
Subject: Important Update Required To Your Paypal Account =?UTF-8?Q?=E2=9C=94_?=
Date: Tue, 23 Jun 2015 05:34:46 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server98.asx1.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - particuliers.fr
X-Get-Message-Sender-Via: server98.asx1.com: authenticated_id: service@particuliers.fr
X-Spam_score: 5.2
X-Spam_score_int: 52
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Paypal Member. Unfortunately, Your online access has
been blocked. It has come to our attention that your Paypal Billing Information
records are out of date. That requires you to verify the BiIIing Information.
Failure to verify your records will result in account suspension. click the
link, below and enter your login information on the following page to confirm
your Billing Information records.. To verify your identity, kindly follow
reference below and take the directions to instant activation. [...]
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RELAY_CHECKER_BADDNS Doesn't have full circle DNS
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=193.169.188.113,rdns=new.1hour-mail.com,baddns]
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Important Update Required To Your Paypal Account =?UTF-8?Q?=E2=9C=94_?=
Dear Paypal Member.
Unfortunately, Your online access has been blocked.
It has come to our attention that your Paypal Billing Information records are out of date.
That requires you to verify the BiIIing Information.
Failure to verify your records will
result in account suspension. click the link,
below and enter your login information on the
following page to confirm your Billing Information records..
To verify your identity, kindly follow reference below and take the directions to
instant activation.
Verify Your
Account
Thank You.
Accounts Management As outlined in our User Agreement, will
periodically send you information about site changes and enhancements.
Copyright Paypal 1999-2015. All rights reserved.
X-Account-Key: account2
X-UIDL: 0005d4c7501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: sales@nk.ca
Delivery-date: Mon, 22 Jun 2015 21:36:31 -0600
Received: from [193.169.188.113] (helo=server98.asx1.com)
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.86_RC3)
(envelope-from
id 1Z7F0f-0000g3-PR
for sales@nk.ca; Mon, 22 Jun 2015 21:36:31 -0600
X-BitdefenderWKS-SpamStamp: Build: [Engines: 2.15.6.731, Dats: 322160,
Stamp: 3], Multi: [Enabled, t: (0.002058,0.002050)], BW: [Enabled, t:
(0.000014,0.000002)], RTDA: [Enabled, t: (0.153384), Hit: Yes,
Details: v2.2.9; Id: 2m1gh1t.19o5ofstr.1gpqj;
fipr(106l0bcef414bf7b6fab6d0826be7efabbf7:998;);
fz(101nbe35f3d766fb7d67ee88d627d9ed83ac:998;); ip(1); url(1)], total:
1000(775)
X-BitdefenderWKS-Spam: Yes - 1000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=particuliers.fr; s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject:From:Reply-To; bh=HpIOEIJ6F/ELvYe2crqWK36YEnWSMXNfzHjGT/wa8WA=;
b=sf4ER+A/pKG2W0eDgrNGRDylmv+C/k6DkTKeOwoC0Xv15eyS5VWc1CYMzVjxZDOAogDs1C9wGbL8xLqGySOieUjRv01vo87MHz6ZUfga5ZaugrGwRBbNX1PnTg1EHaos6UwO5XLSQF5M4BjD/p0AdNccDLOK+RQ3G1lemum7IyU=;
Received: from vps-6391.fhnet.fr ([185.41.154.247]:59126 helo=User)
by server98.asx1.com with esmtpa (Exim 4.80.1)
(envelope-from
id 1Z7Ez0-0002qY-Cd; Tue, 23 Jun 2015 03:34:46 +0000
Reply-To:
From: "PayPal - Customer Service"
Subject: Important Update Required To Your Paypal Account =?UTF-8?Q?=E2=9C=94_?=
Date: Tue, 23 Jun 2015 05:34:46 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server98.asx1.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - particuliers.fr
X-Get-Message-Sender-Via: server98.asx1.com: authenticated_id: service@particuliers.fr
X-Spam_score: 5.2
X-Spam_score_int: 52
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Paypal Member. Unfortunately, Your online access has
been blocked. It has come to our attention that your Paypal Billing Information
records are out of date. That requires you to verify the BiIIing Information.
Failure to verify your records will result in account suspension. click the
link, below and enter your login information on the following page to confirm
your Billing Information records.. To verify your identity, kindly follow
reference below and take the directions to instant activation. [...]
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RELAY_CHECKER_BADDNS Doesn't have full circle DNS
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=193.169.188.113,rdns=new.1hour-mail.com,baddns]
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Important Update Required To Your Paypal Account =?UTF-8?Q?=E2=9C=94_?=
Dear Paypal Member.
Unfortunately, Your online access has been blocked.
It has come to our attention that your Paypal Billing Information records are out of date.
That requires you to verify the BiIIing Information.
Failure to verify your records will
result in account suspension. click the link,
below and enter your login information on the
following page to confirm your Billing Information records..
To verify your identity, kindly follow reference below and take the directions to
instant activation.
Verify Your
Account
Thank You.
Accounts Management As outlined in our User Agreement, will
periodically send you information about site changes and enhancements.
Copyright Paypal 1999-2015. All rights reserved.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments