Apple, iTunes, iPhone & iCloud

Subject: Account Status Changed.
From: Support <info@mistramites.pe>
Date: Sat, 14 Jul 2018 20:10:12 -0500 (PET)

AppIe lnc.

Account Status Changed.

Dear customer,

We've temporarely locked your membership to keep your account in safe.
You must re-activate your account within 24 hours to restore
your Membership.

Verify Your Account --> http://shotmessenger.com/wp-includes/Text/Diff - BLOCKED
 

Hua Mulan

Administrator
Staff member
From: 120.188.85.127,
Indonesia, Ungaran, Pt Indosat

Return-Path: postmaster@network-system13.business
From: Apple mail.apple-secure.apple-idoooxytjvfolqrkcvbrkvhpynzoooxytjvfolqrkcvbrkv@apple.com
Date: 3 Aug 2018
Subject: We detected unusual activity from your Apple ID, update your Apple ID and checking account data.

The following changes were made to your account

VERIFY YOUR ACCOUNT http://ht.ly/kBGe30lf2Wd
 
From: apple.support@cgv.int.net

Dear Customer,

We've noticed that some of your account information appears to be missing or incorrect, to avoid interruption of your account please sign in to the Apple ID and secure your account. If we don't receive the information before this deadline, we will disable your account for security reasons.

Please secure your account information by clicking on the link below :

Sign In and Review (site dead for phishing)

Note:
IF YOUR ACCOUNT HAS LOCKED, YOU CAN NOT USING ICLOUD, UNLOCK YOUR IPHONE WHEN FORGOT PIN AND CAN'T DOWNLOAD FROM ITUNES OR APP STORE.

Thank you for your patience and understanding. If you need further assistance, please click Help at the bottom of Apple page.

Sincerely,
Apple Inc.
_____________________________________________________________________

This is an automatically generated email, Please do not reply

Read our privacy policy, Security and Protection if you have any questions

Copyright © 1999-2018 Apple Inc All Rights Reserved.
 

Naruto

Administrator
Staff member
Return-Path: <904370382235455@hotelpousadadoararas.com.br>
Received: from (EHLO shared-hm4319.locaweb.com.br) (186.202.9.94)
Subject: Please Update Your Payment Method Now
Date: Fri, 14 Sep 2018
From: Apple Online Customer Service <904370382235455@hotelpousadadoararas.com.br>

This is an automated email, please do not reply

Dear Client
We've noticed that some of your account information appears to be missing or incorrect We need to verify your account information in order to continue using your Apple ID, Please Verify your account information by clicking on the link below

Click here to Verify your ID http://bit.do/ewRAm

Thanks for choosing Apple,
Apple Team

© 2018 Apple. All rights reserved.

Email ID: 163327
 
From: AppIe Service <your-state.bz7sagk6n5vwrwfxyjjo@ reviewtravelupdatejosyaterbangamanenak. com>
(209.85.167.66 - US - SCAMMER RANGE)
To: cservice@ mail. applemail. netcraft .ca
Subject: Caution - [CaseNummer 92177301] Your account is not yet eligible using our service.

(ATTACHMENT)

Your AppIe ID is not yet eligible to using our service
This message is to inform you that your AppIe account has been temporarily locked until you can provide a valid information details on file.

This is a security measure to protect our customers from unapproved use.
We apologies for the incovenience.

You won't be able to access our service until you validate additional
information that we need . After receive this message , All of devices linked to your account will be automatically logged out.

We advise you to complete validations as soon as possible , any attempt failure validaton can result in termination of your account by safeguard
our system.

How do I validate my AppIe account?
Just follow to the link below or go to iforgot. apple .com to verify your ID, then follow the prompts.

>Validate My Account Details

Sincerely,
The App Store Team.

Note: All links are pointing to the url: http:// 1b. yt/ePR4N (Is not a short url)


SCUMWARE Detected View More Details
BitDefender Detected View More Details
DNS-BH Detected View More Details
 

Maya

Member
Return-Path: <9614646517646028927137@hotelpousadadoararas.com.br>
Received: from (EHLO shared-hm4319.locaweb.com.br) (186.202.9.107)
Subject: Please Update Your Payment Method Now
Date: Sat, 15 Sep 2018
From: Apple Online Customer Service <9614646517646028927137@hotelpousadadoararas.com.br>
Message-ID: <34135cff2cf2d738c79970e4d33f4948@www.hotelpousadadoararas.com.br>

This is an automated email, please do not reply

Dear Client
We've noticed that some of your account information appears to be missing or incorrect We need to verify your account information in order to continue using your Apple ID, Please Verify your account information by clicking on the link below

Click here to Verify your ID http://bit.do/ewRAm

Thanks for choosing Apple,
Apple Team
© 2018 Apple. All rights reserved.
Email ID: 163327
 

Sphinx

Administrator
Staff member
Received: from 127.0.0.1 (EHLO mail-io1-f53.google.com) (209.85.166.53)
From: Apple Support <admin.security-account.live-mail-support-noreply41536587@appwebass.com>
Date: Tue, 27 Nov 2018
Subject: Re: [New Added Information] [ Alert Noticed ] [ Informed Changed ]: Successfully changed on your account Information. [Mail Delivery FWD. #1326554720453]
To: support@apple.com

Dear Customers,

RecentIy there was an attempt to changes in your account.

For further lnformation, please read the PDF file.

Sincerely,

Apple Support

New-Detail_Confirmation-ID38729761.pdf
 

Central Scrutinizer

Administrator
Staff member
Return-Path: <receipt.appstore-6054216464965@maileservcee8240.com>
Received: from (EHLO mail-ot1-f41.google.com) (209.85.210.41)
From: AppleReceipt Store <receipt.appstore-6054216464965@maileservcee8240.com>
Date: Tue, 4 Dec 2018
Subject: We're processing your order sent via email. Order Number: #RX86G67SGF4Q paid on Sunday, December 02, 2018
To: icloud@apple.com, supportcs@apple.com

Order confirmed, open attachment for details.

Receipt-Order#RX86G89TRF4W.pdf
 

Sphinx

Administrator
Staff member
Return-Path: <norepmail.resolvacccustusualuseryahoo23456122@accesslockedresolv.com>
Received: from (EHLO mail-qt1-f195.google.com) (209.85.160.195)
Return-Path: <norepmail.resolvacccustusualuseryahoo23456122@accesslockedresolv.com>
Received: from instance-3 (224.39.199.35.bc.googleusercontent.com. [35.199.39.224])
Date: Wed, 12 Dec 2018
Subject: Reminder: We just automatically locked your account due to unusual location.

Dear Custelursatubutirtomer,Your ApLXoNEVILaWpIe lLXoNEVILaWD has beLXoNEVILaWen locLXoNEVILaWked for secLXoNEVILaWuriLXoNEVILaWty reLXoNEVILaWasLXoNEVILaWons. We noLXoNEVILaWticed your acLXoNEVILaWcoLXoNEVILaWunt was loLXoNEVILaWgged in from unusual devLXoNEVILaWice. and for your saLXoNEVILaWfety your acLXoNEVILaWcoLXoNEVILaWunt has been autLXoNEVILaWomatically locLXoNEVILaWked.

PleLXoNEVILaWase veLXoNEVILaWrifLXoNEVILaWy your ideLXoNEVILaWntLXoNEVILaWity as soonLXoNEVILaW as you receive this email or your acLXoNEVILaWcoLXoNEVILaWunt will be disLXoNEVILaWabLXoNEVILaWled due to concLXoNEVILaWernLXoNEVILaWs we haLXoNEVILaWve for the safLXoNEVILaWety and intLXoNEVILaWergrLXoNEVILaWity of the ApLXoNEVILaWpILXoNEVILaWe ComLXoNEVILaWmuniLXoNEVILaWty. Go to htLXoNEVILaWtpLXoNEVILaWs://LXoNEVILaWappLXoNEVILaWIeiLXoNEVILaWd.appLXoNEVILaWIe.LXoNEVILaWcoLXoNEVILaWm to veLXoNEVILaWriLXoNEVILaWfy yoLXoNEVILaWur acLXoNEVILaWcoLXoNEVILaWunt.

SinLXoNEVILaWcerLXoNEVILaWely,
ApLXoNEVILaWpIeLXoNEVILaW SupLXoNEVILaWporLXoNEVILaWt

This is the link ---> https://t.co/bTPLbkkxtE?verification_id=054178&allconfirmed=1&session=ok
 

Kat

Administrator
Staff member
These are looking strange.

Return-Path: <postmaster@cintakamuua.business>
Received: from (EHLO mail-io1-f100.google.com) (209.85.166.100)
Return-Path: <postmaster@cintakamuua.business>
Date: Sun, 9 Dec 2018
To: "support@apple.com" <labambina32@yahoo.com>
From: Apple <not-reply.qwpxgtnpownucjfzthf@customers.rnzasiou.zvghpwkxzfrryapzlktkyvj.bnvmn>
Subject: Your Αρplе ID has been lоскеd.

[LEFT]CaG0oDse Number: 068636052192
You're receiving this email to inform you that you have reqG0oDuested to resG0oDet your ApG0oDple ID pasG0oDswoG0oDrd from devG0oDice or locG0oDation you do not usuG0oDally use.
We just maG0oDke suG0oDre that is you.
If you acG0oDcess your accG0oDount now, may be you will get noG0oDtificG0oDation that your Apple ID (labambina32@yahoo.com) has been locG0oDked for protG0oDected your accoG0oDunt always saG0oDfety.
Do not worry, because it is only tempG0oDorary. Please clG0oDick the liG0oDnk below to verG0oDify and open your teG0oDmporarG0oDily loG0oDcked accouG0oDnt.

VerG0oDify IdentiG0oDty

http://back.ly/XU3Xn?amp=3dV04XNMvcrKdKd3I3zyL

IMPOG0oDRTANT: If you do not verG0oDify your ideG0oDntity witG0oDhin 24 hours, your AppG0oDle ID will be peG0oDrmanG0oDently loG0oDcked.
Thanks for taking the time to verG0oDify your ideG0oDntity.
Sincerely,
ApG0oDple Support[/LEFT]
 

Miyuki

Administratrix
Staff member
Return-Path: <nq6ax0-uGSBDn34hSn.rigayunah42@1270-politikus53.nq6ax0i.bygtfvg3gsniu.updtadaappscrwelw.com>
Received: from (EHLO mail-ua1-f66.google.com) (209.85.222.66)
From: "Apple lnc." <nq6ax0-uGSBDn34hSn.rigayunah42@1270-politikus53.nq6ax0i.ByGtfVg3gSniu.updtadaappscrwelw.com>
Date: 14 Jan 2019
Subject: RЕ: [Rеmіndег] асtіνіtу dеtесt оn уоuг ассоunt fгоm China 47.58.207.4
 

Jessica

Administrator
Staff member
Mine is just like Sphinx's with lots of encoding garbage as the body text.

Return-Path: <6j03YX-Mlafn82JkY71.kintiljaran@8178-hairdrayer.6j03yxe.kmnj9naj80yis.updtaccntrewnbil.com>
Received: from (EHLO mail-qt1-f170.google.com) (209.85.160.170)
From: "Apple Support" <6j03YX-Mlafn82JkY71.kintiljaran@8178-hairdrayer.6j03yxe.KmnJ9Naj80YIs.updtaccntrewnbil.com>
Date: 21 Jan 2019
Subject: [ Ѕtаtеmеnt ] : RΕ : уоu јuѕt lоgіn fгоm Uruguay 241.36.221.230

http://s.id/36GsU?id.....@yahoo.com
 

Jessica

Administrator
Staff member
Garbage encoding again.

Return-Path: <message.0211405@amjgxbesnp.2atification.net>
Received: from (EHLO mail-wm1-f47.google.com) (209.85.128.47)
Return-Path: <message.0211405@amjgxbesnp.2atification.net>
From: "Apple" <message.0211405@amjgxbesnp.2atification.net>
Date: 4 Feb 2019
Subject: Please verify your account to continue logging in. Received on

http://kid.bz/8wgbaf8kshj?arniHcQ=sento.....@yahoo.com
 

Garreg Ddu

Gweinyddwr
Staff member
Sender has used a VPN so no meaningful IP address.

To: customer@live.com, customer@live.com.apple.com
From: Apps Store <3vrgfqblaepzfoieznbfntmrpqyix@ogedna7.me>
Subject: Re: [ Payment Statement Update ] Summarry Transaction Report - Payment has been submitted to being Processed on Fri, April 12, 2019 10:41 PM

Dear Client,
IDNUMBER : RECEIPT-545562
Please click the attached file and verify your apple id before 24 hours or your apple id will be disabled.
Payment ID : PAYMENT-IJTECGHGJJ
Thank You,
App Store
Apple ID Summary • Purchase History • Terms of Sale • Privacy Policy
Copyright © 2019 Apple Inc. All rights reserved.


The attached file is a Microsoft Word .dot document, with an embedded link to a phishing site asking for details of Credit Card used for supposed payment.

Receipt Purchase
Fornite Battle Royale
1.000 V-Buks

Dear customers,
You have made the following purchase with details:

App Fornite Battle Royale
Content Provider Epic Games
Date Friday, 12 April 2019
Items 1.000 V-Buks
Price $45
Payment Method Credit Card Linked

This is a notification you recently ordered on an Apple ID
If you don't make a purchase or you believe an unauthorized person has accessed your account, You must cancel the purchase as soon as possible,

To cancel your purchase within 24 hours of receiving this invoice, go to Cancel and Manage Orders >

Sincerely,

App Store

Copyright © 2019 . AppIe Inc.
All rights reserved.
 

Sphinx

Administrator
Staff member
Return-Path: <N3H23ULM2W3EV4F40D6@bnfmnoibmi.my.kcantikhariini.net>
Return-Path: <N3H23ULM2W3EV4F40D6@bnfmnoibmi.my.kcantikhariini.net>
Received: from instance-1 (218.56.74.34.bc.googleusercontent.com. [34.74.56.218])
From: "Apple lD" <N3H23ULM2W3EV4F40D6@bnfmnoibmi.my.kcantikhariini.net>
Date: 7 May 2019
Subject: We've been disabled your Apple ID. [Reference : 4606621]

link; https://plu.sh/ceu8j?BNfMN=n3h23ul
 

Maya

Member
Return-Path: <bounces+802669-18ea-....=yandex.ru@mail.protovate.com>
Received: from (EHLO o1.mail.btc.com) (168.245.100.182)
From: Apple ID <5443210027@xn--qkcxkabt5-vpb.com>
Date: Sun, 05 May 2019
Subject: [ Important ] : There was suspicious activity in your Apple ID. #5443210027

There was suspicious activity in your Apple ID.

Login Details :
Date : 5.5.2019 16:40:55
Browser : Internet Explorer
Operating system : Windows
Country : Moldova, Republic of

Your account will be protected until you confirm this message within 24 hours.
If we do not receive the information by the deadline, you can permanently lock access to your account. Please click the button to verify your account.

Verify My Apple ID http://soglobal.us/jpn3?.....yandex.ru

Sincerely,
Apple Support.
 

Garreg Ddu

Gweinyddwr
Staff member
Date: Tue, 21 May 2019 04:01:43 -0700 (PDT)
Return-Path:
From: "App iCloud" <slebew-1999771@emangnyaharuspakaikah.com>
Subject: [ Result Statement Mail ] Alert login on Firefox , Hamburg at Tuesday , May 21 2019
To: customer@email.apple.com

Your Apple ID was locked

Dear Customer,

Your Apple ID has been locked for security reason.
It looks like your account is outdated and requies to updated account ownership, so we can protect your account and improve our service to maintenance your privacy.

To continue using your account again, we advise you to update the information before 24 hours or your account will be permanently locked.

Verification Account https://bch.gg/13r

Sincerely
Apple Support
 

Garreg Ddu

Gweinyddwr
Staff member
Identical message to previous reply but different email address.

Date: Mon, 20 May 2019 17:31:14 -0700 (PDT)
Return-Path: Microsoft Outlook Express 6.00.5120010230698
X-Facebook: xrsturcp:SAIDZ;
Calendar: Mon, 20 May 2019 17:31:14 -0700
From: "info@apple.email.com" <slebew-7685429@yapicamadinda.tech>
Subject: Re : [New Update Result] About your account login, the results of your statement have been made 75143103 QFJLVLHI on May 21, 2019.
To: customer@email.apple.com
 

Kat

Administrator
Staff member
Return-Path: <postmaster@taperwerbeuh.com>
Received: from (EHLO mail-ua1-f102.google.com) (209.85.222.102)
Return-Path: <postmaster@taperwerbeuh.com>
Received: from vultr-guest ([140.82.28.7])
X-Relaying-Domain: tipikalorangmiskin.com
From: "Apple Support" <VqymXm-AmsfkJasi28ak.jablaymurah@5231-purelitil.vqymxmt.JbhKs62Apyr3Js.tipikalorangmiskin>
Date: 29 May 2019
Subject: [ Rесеnt Αсtіνіtу ] : Υоuг ассоunt hаѕ Ьееn lосκеd duе tо ѕuѕρісіоuѕ асtіνіtу.

If you don't update your billing information, your Apple ID will be locked. You can unlock your Apple ID after you update your billing information. https://s.id/5cd2Z?....@yahoo.com

Sincerely,
Apple Support
 

Jessica

Administrator
Staff member
Return-Path: <fjQ380-h8SLyDKj48zdf6kjh47dsSjh3.rigayunah42@0156-politikus53.fjq3802.7yskvdjh38zvdsdxfkhg467.ultramilkplain.pw>
Received: from (EHLO mail-qk1-f229.google.com) (209.85.222.229)
X-Relaying-Domain: ultramilkplain.pw
From: "AppleID Service"
<fjQ380-h8SLyDKj48zdf6kjh47dsSjh3.rigayunah42@0156-politikus53.fjq3802.7ySKvDJh38zVdSDxFkhg467.ultramilkplain.pw>
Date: 23 Jun 2019
Subject: [RE] Your Apple ID has been locked [CASEID 015676686232]

Link: https://lnkd.in/fqNEv3F?id....@yahoo.com
 
Top