Well,
I recieved this spam email in my mailbox.
And I was like, uhm, this is fake.
Well,
This email contained an HTML file, which was encrypted with Unescape.
http://pastebin.com/zR20Ujs5 <- Encrypted unescape.
As we decrypt this, we will come out at:
http://pastebin.com/qhepQeAY <- decrypted output.
Well, that didn't turned out in anything.
Let's go to the original email:
Well, if we go to that IP adress, we come at a pakistani store, which is very sketchy.
Now time for some reverse IP lookup:
http://reverseip.domaintools.com/search/?q=62.75.252.78
First domain: http://whois.domaintools.com/priceinlahore.com.pk
Check the green sentence: Reverse Whois: "Rupya" is associated with about 3 other domains.
After googling Rupya, I found their website. Rupya.pk
As they list an image with their email on their contact page, to not get it scraped, smart.
10 Mins of research..
GG Pakis.
Cheers.
( I did this one awhile ago. )
I recieved this spam email in my mailbox.
And I was like, uhm, this is fake.
Code:
Dear PayPal Customer,
On March 11, 2014, We recently have determined that different computers have logged in your PayPal account.
And multiple password failures were present before the logo's. We now need you to re-confirm your account information to us.
If this is not completed by 15-03-2014, we will be forced to suspend your account indefinitely.
Case ID Number : PP-001-544-591
To restore your account,
Please download the attached form to verify your Profile information and restore your account access.
Make sure you enter the information accurately, and according to the formats required.
Fill in all the required fields.
It's usually pretty easy to take care of things like this. Most of the
time, we just need a little more information about your account or latest
transactions.
To help us with this and to see what you can and can't do with your account
until the issue is resolved, log in to your account and go to the
Resolution Center.
Yours sincerely,
PayPal
----------------------------------------------------------------------
Help Center:
https://www.paypal.com/cgi-bin/helpweb?cmd=_help
Security Center:
https://www.paypal.com/security
Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page.
Copyright © 2014 PayPal Inc. All rights reserved.
Consumer advisory: PayPal Pte Ltd, the Holder of the PayPal™ payment service stored value facility, does not require the approval of the Monetary Authority of Singapore. Consumers (users) are advised to read the terms and conditions: https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/ua-outside carefully.
PayPal Email ID PP076Well,
This email contained an HTML file, which was encrypted with Unescape.
http://pastebin.com/zR20Ujs5 <- Encrypted unescape.
As we decrypt this, we will come out at:
http://pastebin.com/qhepQeAY <- decrypted output.
Well, that didn't turned out in anything.
Let's go to the original email:
Code:
Received: from london254.server4you.net (london254.server4you.net. [62.75.252.78])Well, if we go to that IP adress, we come at a pakistani store, which is very sketchy.
Now time for some reverse IP lookup:
http://reverseip.domaintools.com/search/?q=62.75.252.78
First domain: http://whois.domaintools.com/priceinlahore.com.pk
Check the green sentence: Reverse Whois: "Rupya" is associated with about 3 other domains.
After googling Rupya, I found their website. Rupya.pk
As they list an image with their email on their contact page, to not get it scraped, smart.
10 Mins of research..
GG Pakis.
Cheers.
( I did this one awhile ago. )
