E-mail phish from the Netherlands
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 Sep 2023 07:25:24 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qgPec-0007Kx-2C
for dave@doctor.nl2k.ab.ca;
Wed, 13 Sep 2023 07:11:38 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 Sep 2023 07:11:38 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.211.59.27] (port=48428 helo=ptr.tajerhost.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qgNun-000JZd-0y
for root@doctor.nl2k.ab.ca;
Wed, 13 Sep 2023 05:20:21 -0600
Received: from [185.36.188.35] (port=54151 helo=dns.mta5.bellnet.ca)
by cp.tajerhost.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1qgBTt-001o69-1t
for root@doctor.nl2k.ab.ca;
Tue, 12 Sep 2023 22:03:38 +0000
From: "DoctorSupport- PortalNotification"
Subject: {Action Required} IT.Request.Notice for root@doctor.nl2k.ab.ca
9/12/2023
To:
Content-Type: text/html; charset=utf-8
Reply-To: <1523544434@olypen.com>
Date: Tue, 12 Sep 2023 23:03:37 +0100
Priority: urgent
X-Priority: 2
Importance: high
Message-Id: <12352023090323BF94F3C3EE$90879DD18B@tivatraide.com>
X-Mailer: PHP
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp.tajerhost.com
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tivatraide.com
X-Get-Message-Sender-Via: cp.tajerhost.com: authenticated_id: user@tivatraide.com
X-Authenticated-Sender: cp.tajerhost.com: user@tivatraide.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Antivirus: AVG (VPS 230912-0, 9/11/2023), Inbound message
X-Antivirus-Status: Clean
min-scale="0.49642857142857144">
cellspacing="0" cellpadding="0">
bgcolor="#ffffff">
cellspacing="0" cellpadding="0">
bgcolor="#ffffff">
data-linkindex="0" data-auth="NotApplicable">
alt="Doctor).png" src="https://logo.clearbit.com/doctor.nl2k.ab.ca"
border="0" hspace="160">
style="border-collapse: collapse;" cellspacing="0" cellpadding="0">
Your
aria-hidden="true">
href="http://click.comparyson.com/t.php?u=https%3A%2F%2F24hr36.codesandbox.io?0=cm9vdEBkb2N0b3Iubmwyay5hYi5jYQ=="
target="_blank" rel="noopener noreferrer" data-linkindex="0"
data-auth="NotApplicable">
width="500" style="border-collapse: collapse;" cellspacing="0"
cellpadding="0">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 Sep 2023 07:25:24 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qgPec-0007Kx-2C
for dave@doctor.nl2k.ab.ca;
Wed, 13 Sep 2023 07:11:38 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 Sep 2023 07:11:38 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.211.59.27] (port=48428 helo=ptr.tajerhost.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qgNun-000JZd-0y
for root@doctor.nl2k.ab.ca;
Wed, 13 Sep 2023 05:20:21 -0600
Received: from [185.36.188.35] (port=54151 helo=dns.mta5.bellnet.ca)
by cp.tajerhost.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1qgBTt-001o69-1t
for root@doctor.nl2k.ab.ca;
Tue, 12 Sep 2023 22:03:38 +0000
From: "DoctorSupport- PortalNotification"
Subject: {Action Required} IT.Request.Notice for root@doctor.nl2k.ab.ca
9/12/2023
To:
Content-Type: text/html; charset=utf-8
Reply-To: <1523544434@olypen.com>
Date: Tue, 12 Sep 2023 23:03:37 +0100
Priority: urgent
X-Priority: 2
Importance: high
Message-Id: <12352023090323BF94F3C3EE$90879DD18B@tivatraide.com>
X-Mailer: PHP
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp.tajerhost.com
X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tivatraide.com
X-Get-Message-Sender-Via: cp.tajerhost.com: authenticated_id: user@tivatraide.com
X-Authenticated-Sender: cp.tajerhost.com: user@tivatraide.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Antivirus: AVG (VPS 230912-0, 9/11/2023), Inbound message
X-Antivirus-Status: Clean
min-scale="0.49642857142857144">
cellspacing="0" cellpadding="0">
bgcolor="#ffffff">
cellspacing="0" cellpadding="0">
bgcolor="#ffffff">
data-linkindex="0" data-auth="NotApplicable">
alt="Doctor).png" src="https://logo.clearbit.com/doctor.nl2k.ab.ca"
border="0" hspace="160">
style="border-collapse: collapse;" cellspacing="0" cellpadding="0">
Your
Doctor password has expired.
Your password for
root@doctor.nl2k.ab.ca expire today.
9/12/2023.
aria-hidden="true">
href="http://click.comparyson.com/t.php?u=https%3A%2F%2F24hr36.codesandbox.io?0=cm9vdEBkb2N0b3Iubmwyay5hYi5jYQ=="
target="_blank" rel="noopener noreferrer" data-linkindex="0"
data-auth="NotApplicable">
KEEP
CURRENT PASSWORD
CURRENT PASSWORD
Note: This is an automated message and it does not require you to
reply.
reply.
Regards,
Doctor Team
width="500" style="border-collapse: collapse;" cellspacing="0"
cellpadding="0">
Disclaimer: The information on this
mail has been compiled with the utmost care. However, it can always
happen that information is outdated or incorrect. Therefore, no rights can
be derived from this information
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments