E-mail credential phishing from Indonesia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Feb 2023 23:14:23 -0700
Received: from mx10.ssp.co.id ([180.178.98.90]:34574 helo=mail.ssp.co.id)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pSB3H-000Gnh-0F
for dave@doctor.nl2k.ab.ca;
Tue, 14 Feb 2023 23:13:52 -0700
Received: from localhost (localhost [127.0.0.1])
by mail.ssp.co.id (Postfix) with ESMTP id 2718C6069E860;
Wed, 15 Feb 2023 10:03:39 +0700 (WIB)
Received: from mail.ssp.co.id ([127.0.0.1])
by localhost (mail2020.ssp.co.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id 50L1_tkEI2dc; Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.ssp.co.id (Postfix) with ESMTP id 8D5136069E852;
Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ssp.co.id 8D5136069E852
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssp.co.id;
s=2FAF0898-8B55-11E9-BA94-6A591D0F20AF; t=1676430218;
bh=gRgkDlr2QC160aJPfGhDFXp358cjg0syFVDESa7daqQ=;
h=MIME-Version:To:From:Date:Message-Id;
b=CMiiBwyQpxUhV7Knle1LpCdf/p05VP+LGcBvzrlVs5yWkoFX1RnAEa/QHqClBxLSY
jv6F8M644BV5pg6E97RaLryim1/GzgzD9nc06XV/N/kdgjsMt+hSE6WtWaJ6EYEgFT
L9TIYKOsaCuPnkW9j4KUq12LQeVij53DpyhCTHjREKmPkOke9qu54lS2fj7r9MT9MS
pvV3tqZGN7izI39QBrgCxF4jUL9uqZOWs3myeHvanAptopYP/DhiQ1FDdEU9mXT/3r
1VWQ+GzOybOMgdxCkOlWFMydtS6XKGCpLroRKnI6RdEKftChtATjF6o/MhalwXtPS6
Uql2SLKUQkzTw==
X-Virus-Scanned: amavisd-new at ssp.co.id
Received: from mail.ssp.co.id ([127.0.0.1])
by localhost (mail2020.ssp.co.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id sJpoLL0zPUkf; Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
Received: from [103.1.179.222] (unknown [103.1.179.222])
by mail.ssp.co.id (Postfix) with ESMTPSA id 1C8BD6069E85B;
Wed, 15 Feb 2023 10:03:33 +0700 (WIB)
Content-Type: multipart/alternative; boundary="===============1166511186=="
MIME-Version: 1.0
Subject: info
To: Recipients
From: "Zimbra"
Date: Wed, 15 Feb 2023 08:33:25 +0530
Message-Id: <20230215030334.1C8BD6069E85B@mail.ssp.co.id>
You will not see this in a MIME-aware mail reader.
--===============1166511186==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, ?2022 Zimbra Customer Care=20
--===============1166511186==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFO=
RM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS:=
2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); =
TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=
; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=
decoration-style: initial; text-decoration-color: initial">
ONT-SIZE: 12pt">Dear =
Zimbra mail users:
ferrer noreferrer">
ne; FONT-FAMILY: verdana, sans-serif"><=
/SPAN>
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Feb 2023 23:14:23 -0700
Received: from mx10.ssp.co.id ([180.178.98.90]:34574 helo=mail.ssp.co.id)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pSB3H-000Gnh-0F
for dave@doctor.nl2k.ab.ca;
Tue, 14 Feb 2023 23:13:52 -0700
Received: from localhost (localhost [127.0.0.1])
by mail.ssp.co.id (Postfix) with ESMTP id 2718C6069E860;
Wed, 15 Feb 2023 10:03:39 +0700 (WIB)
Received: from mail.ssp.co.id ([127.0.0.1])
by localhost (mail2020.ssp.co.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id 50L1_tkEI2dc; Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.ssp.co.id (Postfix) with ESMTP id 8D5136069E852;
Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.ssp.co.id 8D5136069E852
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssp.co.id;
s=2FAF0898-8B55-11E9-BA94-6A591D0F20AF; t=1676430218;
bh=gRgkDlr2QC160aJPfGhDFXp358cjg0syFVDESa7daqQ=;
h=MIME-Version:To:From:Date:Message-Id;
b=CMiiBwyQpxUhV7Knle1LpCdf/p05VP+LGcBvzrlVs5yWkoFX1RnAEa/QHqClBxLSY
jv6F8M644BV5pg6E97RaLryim1/GzgzD9nc06XV/N/kdgjsMt+hSE6WtWaJ6EYEgFT
L9TIYKOsaCuPnkW9j4KUq12LQeVij53DpyhCTHjREKmPkOke9qu54lS2fj7r9MT9MS
pvV3tqZGN7izI39QBrgCxF4jUL9uqZOWs3myeHvanAptopYP/DhiQ1FDdEU9mXT/3r
1VWQ+GzOybOMgdxCkOlWFMydtS6XKGCpLroRKnI6RdEKftChtATjF6o/MhalwXtPS6
Uql2SLKUQkzTw==
X-Virus-Scanned: amavisd-new at ssp.co.id
Received: from mail.ssp.co.id ([127.0.0.1])
by localhost (mail2020.ssp.co.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id sJpoLL0zPUkf; Wed, 15 Feb 2023 10:03:38 +0700 (WIB)
Received: from [103.1.179.222] (unknown [103.1.179.222])
by mail.ssp.co.id (Postfix) with ESMTPSA id 1C8BD6069E85B;
Wed, 15 Feb 2023 10:03:33 +0700 (WIB)
Content-Type: multipart/alternative; boundary="===============1166511186=="
MIME-Version: 1.0
Subject: info
To: Recipients
From: "Zimbra"
Date: Wed, 15 Feb 2023 08:33:25 +0530
Message-Id: <20230215030334.1C8BD6069E85B@mail.ssp.co.id>
You will not see this in a MIME-aware mail reader.
--===============1166511186==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, ?2022 Zimbra Customer Care=20
--===============1166511186==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFO=
RM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS:=
2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); =
TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=
; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=
decoration-style: initial; text-decoration-color: initial">
ONT-SIZE: 12pt">Dear =
Zimbra mail users:
ferrer noreferrer">
ne; FONT-FAMILY: verdana, sans-serif"><=
/SPAN>
HITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 4=
00; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SP=
ACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-v=
ariant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wi=
dth: 0px; text-decoration-thickness: initial; text-decoration-style: initia=
l; text-decoration-color: initial">
ILY: verdana, sans-serif; COLOR: rgb(255,0,0)">
ON: underline">
OLOR: rgb(0,0,0)">
Your=
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
IV>
OLOR: rgb(0,0,0)">
OLOR: rgb(0,0,0)">
hed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; BORDER-COLLAPSE: collapse; =
BORDER-BOTTOM: rgb(187,187,187) 1px dashed; BORDER-LEFT: rgb(187,187,187) 1=
px dashed">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(240,240,24=
0) 1pt inset; WIDTH: 105.85pt; BACKGROUND: red; BORDER-BOTTOM: rgb(240,240,=
240) 1pt solid; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt;=
BORDER-LEFT: rgb(240,240,240) 1pt solid; PADDING-RIGHT: 5.4pt" width=3D141>
GIN-RIGHT: 0px">
verdana, sans-serif">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,18=
7) 1pt solid; WIDTH: 35.4pt; BACKGROUND-IMAGE: none; BACKGROUND-REPEAT: rep=
eat; BORDER-BOTTOM: rgb(187,187,187) 1pt solid; BACKGROUND-POSITION: 0% 0%;=
PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt; BORDER-LEFT: r=
gb(187,187,187); PADDING-RIGHT: 5.4pt" width=3D47>
GIN-RIGHT: 0px">
serif">
OLOR: rgb(0,0,0)">
To r=
e-validate your account, please
e-validate your account, please
OLOR: rgb(0,0,0)">
,187,187) 1px dashed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; WIDTH: 300=
px; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM: 0px; PADDIN=
G-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1px dashed; MA=
RGIN: 0px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(8,75,138); border-radi=
us: 5px">
-FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,1=
87) 1px dashed; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM:=
0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1p=
x dashed; PADDING-RIGHT: 0px">
ACKGROUND: none transparent scroll repeat 0% 0%; OUTLINE-WIDTH: medium; PAD=
DING-BOTTOM: 0px; PADDING-TOP: 0px; OUTLINE-STYLE: none; PADDING-LEFT: 0px;=
MARGIN: 0px; PADDING-RIGHT: 0px" href=3D"http://amoola.tk/mail1.php" rel=
=3D"nofollow%20noopener%20nofollow%20noopener%20noreferrer nofollow noopene=
r noreferrer nofollow noopener noreferrer nofollow noopener noreferrer nore=
ferrer noreferrer noreferrer noreferrer nofollow noopener noreferrer" targe=
t=3D_blank>
LY: verdana, sans-serif">CLICK HERE TO VE
23m_3054015556958039049m_-1391893868802809595m_8710498082380162426m_8759714=
186932824562goog_1244613476>
15556958039049m_-1391893868802809595m_8710498082380162426m_8759714186932824=
562goog_1244613477>RIFY
Y>
OLOR: rgb(0,0,0)">
(0,0,0)'>click on the above link to verify<=
/SPAN>
(0,0,0)'>
(0,0,0)'>Failure to verify, Your accou=
nt will be permanently disable and deleted from our database.=
DIV>
(0,0,0)'>Respectfully yours,
(0,0,0)'>
(0,0,0)'>
s-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=
-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; LETTER-SPACING: normal=
; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px"> ?2022 Zimbra Cust=
omer Care
--===============1166511186==--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments