Phishing attempt to get Netknow user passwords
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 02 May 2022 21:54:03 -0600
Received: from relay0188a.smtpx.saremail.com ([195.16.132.187]:60653)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nljbY-0006Tw-Lx
for dave@doctor.nl2k.ab.ca;
Mon, 02 May 2022 21:53:48 -0600
Received-SPF: none (ihug.co.nz: No applicable sender policy available) receiver=smtp-out3.sarenet.es; identity=mailfrom; envelope-from="brizod@ihug.co.nz"; helo=posta.iurretalhi.eus; client-ip=212.81.219.101
Received: from posta.iurretalhi.eus (posta.iurretalhi.eus [212.81.219.101])
by smtp-out3a.sarenet.es (Postfix) with ESMTPS id 8BF9333C33F;
Mon, 2 May 2022 23:40:27 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by posta.iurretalhi.eus (Postfix) with ESMTP id B6C5E289209;
Mon, 2 May 2022 22:14:10 +0200 (CEST)
Received: from posta.iurretalhi.eus ([127.0.0.1])
by localhost (posta.iurretalhi.eus [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id egXxhvF-Xfrm; Mon, 2 May 2022 22:14:10 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by posta.iurretalhi.eus (Postfix) with ESMTP id 74858289215;
Mon, 2 May 2022 21:56:53 +0200 (CEST)
X-Virus-Scanned: amavisd-new at iurretalhi.eus
Received: from posta.iurretalhi.eus ([127.0.0.1])
by localhost (posta.iurretalhi.eus [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id 6Iv_wHDkmpGs; Mon, 2 May 2022 21:56:53 +0200 (CEST)
Received: from [103.1.179.201] (unknown [103.1.179.201])
by posta.iurretalhi.eus (Postfix) with ESMTPSA id 812832881C6;
Mon, 2 May 2022 21:44:39 +0200 (CEST)
Content-Type: multipart/alternative; boundary="===============0562156884=="
MIME-Version: 1.0
Subject: Re:Validate
To: Recipients
From: "Admin"
Date: Tue, 03 May 2022 01:14:33 +0530
Message-Id: <20220502194439.812832881C6@posta.iurretalhi.eus>
You will not see this in a MIME-aware mail reader.
--===============0562156884==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, =A92022 Zimbra Customer Care=20
--===============0562156884==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
ial, helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TR=
ANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORP=
HANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,2=
55); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=
ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial">
=3D"FONT-SIZE: 12pt">Dear&=
nbsp;Zimbra mail users:
noreferrer noreferrer">
derline; FONT-FAMILY: verdana, sans-serif">
0)">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 02 May 2022 21:54:03 -0600
Received: from relay0188a.smtpx.saremail.com ([195.16.132.187]:60653)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nljbY-0006Tw-Lx
for dave@doctor.nl2k.ab.ca;
Mon, 02 May 2022 21:53:48 -0600
Received-SPF: none (ihug.co.nz: No applicable sender policy available) receiver=smtp-out3.sarenet.es; identity=mailfrom; envelope-from="brizod@ihug.co.nz"; helo=posta.iurretalhi.eus; client-ip=212.81.219.101
Received: from posta.iurretalhi.eus (posta.iurretalhi.eus [212.81.219.101])
by smtp-out3a.sarenet.es (Postfix) with ESMTPS id 8BF9333C33F;
Mon, 2 May 2022 23:40:27 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by posta.iurretalhi.eus (Postfix) with ESMTP id B6C5E289209;
Mon, 2 May 2022 22:14:10 +0200 (CEST)
Received: from posta.iurretalhi.eus ([127.0.0.1])
by localhost (posta.iurretalhi.eus [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id egXxhvF-Xfrm; Mon, 2 May 2022 22:14:10 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by posta.iurretalhi.eus (Postfix) with ESMTP id 74858289215;
Mon, 2 May 2022 21:56:53 +0200 (CEST)
X-Virus-Scanned: amavisd-new at iurretalhi.eus
Received: from posta.iurretalhi.eus ([127.0.0.1])
by localhost (posta.iurretalhi.eus [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id 6Iv_wHDkmpGs; Mon, 2 May 2022 21:56:53 +0200 (CEST)
Received: from [103.1.179.201] (unknown [103.1.179.201])
by posta.iurretalhi.eus (Postfix) with ESMTPSA id 812832881C6;
Mon, 2 May 2022 21:44:39 +0200 (CEST)
Content-Type: multipart/alternative; boundary="===============0562156884=="
MIME-Version: 1.0
Subject: Re:Validate
To: Recipients
From: "Admin"
Date: Tue, 03 May 2022 01:14:33 +0530
Message-Id: <20220502194439.812832881C6@posta.iurretalhi.eus>
You will not see this in a MIME-aware mail reader.
--===============0562156884==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, =A92022 Zimbra Customer Care=20
--===============0562156884==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
ial, helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TR=
ANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORP=
HANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,2=
55); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=
ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial">
=3D"FONT-SIZE: 12pt">Dear&=
nbsp;Zimbra mail users:
noreferrer noreferrer">
derline; FONT-FAMILY: verdana, sans-serif">
0)">
HITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 4=
00; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SP=
ACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-v=
ariant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wi=
dth: 0px; text-decoration-thickness: initial; text-decoration-style: initia=
l; text-decoration-color: initial">
ILY: verdana, sans-serif; COLOR: rgb(255,0,0)">
ON: underline">
OLOR: rgb(0,0,0)">
Your=
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
IV>
OLOR: rgb(0,0,0)">
OLOR: rgb(0,0,0)">
hed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; BORDER-COLLAPSE: collapse; =
BORDER-BOTTOM: rgb(187,187,187) 1px dashed; BORDER-LEFT: rgb(187,187,187) 1=
px dashed">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(240,240,24=
0) 1pt inset; WIDTH: 105.85pt; BACKGROUND: red; BORDER-BOTTOM: rgb(240,240,=
240) 1pt solid; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt;=
BORDER-LEFT: rgb(240,240,240) 1pt solid; PADDING-RIGHT: 5.4pt" width=3D141>
GIN-RIGHT: 0px">
verdana, sans-serif">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,18=
7) 1pt solid; WIDTH: 35.4pt; BACKGROUND-IMAGE: none; BACKGROUND-REPEAT: rep=
eat; BORDER-BOTTOM: rgb(187,187,187) 1pt solid; BACKGROUND-POSITION: 0% 0%;=
PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt; BORDER-LEFT: r=
gb(187,187,187); PADDING-RIGHT: 5.4pt" width=3D47>
GIN-RIGHT: 0px">
serif">
OLOR: rgb(0,0,0)">
To r=
e-validate your account, please
e-validate your account, please
OLOR: rgb(0,0,0)">
,187,187) 1px dashed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; WIDTH: 300=
px; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM: 0px; PADDIN=
G-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1px dashed; MA=
RGIN: 0px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(8,75,138); border-radi=
us: 5px">
-FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,1=
87) 1px dashed; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM:=
0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1p=
x dashed; PADDING-RIGHT: 0px">
ACKGROUND: none transparent scroll repeat 0% 0%; OUTLINE-WIDTH: medium; PAD=
DING-BOTTOM: 0px; PADDING-TOP: 0px; OUTLINE-STYLE: none; PADDING-LEFT: 0px;=
MARGIN: 0px; PADDING-RIGHT: 0px" href=3D"http://energymin.gov.lk/mail1.php=
" rel=3D"nofollow%20noopener%20nofollow%20noopener%20noreferrer nofollow no=
opener noreferrer nofollow noopener noreferrer nofollow noopener noreferrer=
noreferrer noreferrer noreferrer noreferrer nofollow noopener noreferrer" =
target=3D_blank>
-FAMILY: verdana, sans-serif">CLICK HERE TO VE
5321923m_3054015556958039049m_-1391893868802809595m_8710498082380162426m_87=
59714186932824562goog_1244613476>
3054015556958039049m_-1391893868802809595m_8710498082380162426m_87597141869=
32824562goog_1244613477>RIFY
/TBODY>
OLOR: rgb(0,0,0)">
(0,0,0)'>click on the above link to verify<=
/SPAN>
(0,0,0)'>
(0,0,0)'>Failure to verify, Your accou=
nt will be permanently disable and deleted from our database.
DIV>
(0,0,0)'>Respectfully yours,
(0,0,0)'>
(0,0,0)'>
s-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=
-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; LETTER-SPACING: normal=
; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px"> =A92022 Zimbra Cu=
stomer Care
--===============0562156884==--
And we do not use Zimbra
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments