Paypal phishing scam supposedly from firstname.lastname@example.org, actually sent by authenticated User email@example.com ; with redirect URL at phishing website, crosspointlife.com
Source IP: 22.214.171.124 (This IP address belongs to a High Risk Hosting Provider -refer http://www.abuseipdb.com/check/126.96.36.199).
ISP: Hetzner Online AG
Host Name: h4.d2.pl
Received: from h4.d2.pl ([188.8.131.52]) by COL0-MC1-F36.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 7 Mar 2013 07:41:57 -0800
Received: from pzhgp by h4.d2.pl with local (Exim 4.80)
for*****; Thu, 07 Mar 2013 16:41:56 +0100
Subject: Multiple invalid attempts...
Date: Thu, 07 Mar 2013 16:41:56 +0100
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - h4.d2.pl
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [956 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - h4.d2.pl
X-Get-Message-Sender-Via: h4.d2.pl: authenticated_id: pzhgp/only user confirmed/virtual account not confirmed
X-Source-Args: /bin/sh -p /usr/sbin/sendmailphp -t -i
X-OriginalArrivalTime: 07 Mar 2013 15:41:58.0249 (UTC) FILETIME=[4D862590:01CE1B4A]
Your account access has been restricted.
After our screening process this month, we've discovered some invalid entries on your account that got our attention. It seems like someone
else then you tried to access your PayPal account. We need you to work
with us and make sure this doesn't happend.
We need to confirm some of your account information.
Please update your profile with your current address and provide some
documentation to help confirm your identity.
To solve this issue, go to our Resolution Center:
http://crosspointlife.com... http://images.paypal.com/... http://images.paypal.com/... http://crosspointlife.com... |