188). PayPal - HTML.Phishing.Pay-151
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Pay-151 |
| Origin: |  France |
| Date first seen: | 17/07/2006 06:50:06 |
| From: | PayPal <receipts@paypal.com> |
| Subject: | Your ATTWireless receipt from paypal.com |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
17/07/2006 06:58:06 | 19/07/2006 20:49:58 |  200.242.179.11 |
http://200.242.179.11:8000/ | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1]PayPal
This email confirms that you have paid ATTWireless
([2]victim-188@phishtank.internetdefence.net) $270.80 USD using PayPal.
This transaction will appear on your bill as "PAYPAL ATTSALES.*"
_________________________________________________________________
_________________________________________________________________
PayPal Shopping Cart Contents
Transaction ID: 52B33954AF427542H
Total: $270.80 USD
Item/Product Name: Nokia 7280 - Color Screen , Camera Built-In
_________________________________________________________________
Business Information
Business: ATTWireless
Contact E-Mail: victim-188@phishtank.internetdefence.net
_________________________________________________________________
Shipping Information
Shipping From: Andrew Trent
4965 Dunlay Ave.
Fresno , CA , 93726
United States
_________________________________________________________________
If you haven't authorized this charge, click the link below to cancel the
payment and get a full refund.
[3]www.paypal.com/confirm-pp 4145570
Log in and follow the instructions.
_________________________________________________________________
Thank you for using PayPal!
The PayPal Team
Your monthly account statement is available anytime; just log in to your
account at https://www.paypal.com/us/HISTORY. To correct any errors, please
contact us through our Help Center at https://www.paypal.com/us/HELP.
Please do not reply to this email. This mailbox is not monitored and you
will not receive a response. For assistance, [4]log in to your PayPal
account and choose the Help link located in the top right corner of any
PayPal page.
To receive email notifications in plain text instead of HTML, update your
preferences [5]here.
PayPal Email ID PP120
References
1. https://www.paypal.com/us
2. mailto:victim-188@phishtank.internetdefence.net
3. http://200.242.179.11:8000/
4. https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run
5. https://www.paypal.com/us/PREFS-NOTI