Phishing attempt to get Netknow user passwords from Indonesia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 22 May 2022 03:49:01 -0600
Received: from [103.5.148.88] (port=16052 helo=bpomsvr-1588.pom.go.id)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nsiBs-000GgT-9Q
for dave@doctor.nl2k.ab.ca;
Sun, 22 May 2022 03:48:09 -0600
Received: from zmtaproxy.pom.go.id ([172.16.3.47])
by bpomsvr-1588.pom.go.id with ESMTP id 24M9hV9P018057-24M9hV9R018057
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sun, 22 May 2022 16:43:32 +0700
Received: from localhost (localhost [127.0.0.1])
by zmtaproxy.pom.go.id (Postfix) with ESMTP id AB62083220C2;
Sun, 22 May 2022 15:23:35 +0700 (WIB)
Received: from zmtaproxy.pom.go.id ([127.0.0.1])
by localhost (zmtaproxy.pom.go.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id tvnDwujFcXi5; Sun, 22 May 2022 15:23:35 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by zmtaproxy.pom.go.id (Postfix) with ESMTP id 8F9C1832FF37;
Sun, 22 May 2022 15:22:13 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.10.3 zmtaproxy.pom.go.id 8F9C1832FF37
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=pom.go.id; s=DKIM_selector; c=relaxed/relaxed;
h=content-type:mime-version:subject:to:from:date:message-id;
bh=uZuwRDBHngXzq2AiTaqF+B8p5jZpyqpC6+vbvDM5r/8=;
b=fIghA0BctHD9u+5wOzpvmbT5oXSOb8vH0oewWlJoYSScbLWRsaESGVKJ7jY+5hR0vEJ4YTGotJYH
HKFLsQMCOHtct4nmpbgckC/VUNBXiaVDpvO+ZnRswH1KSQ3ndAthdsvWZMbukdm8PhYXF5BZa+Fe
8B6iKyvq26mQcInbzAGEtzIha97uv2brjh293179J/EWr2r55WzCV539uE+QmBFwpUWPWDY9uxeN
Ms3wElwy6IBC/6r5NsWQk6LxEbAwPlEuhcRFI7sxOpnr+UhH94nF+55ZBxOrzYNnSy93njQqVR5B
piHBeUJkI+X2nldIIE6LyLSgAGatsaq/tZUxtw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pom.go.id;
s=9454298A-CE88-11EC-8243-7A809184C385; t=1653207733;
bh=uZuwRDBHngXzq2AiTaqF+B8p5jZpyqpC6+vbvDM5r/8=;
h=MIME-Version:To:From:Date:Message-Id;
b=WJ6U81r1CYxAA9F8qQbqdkaMmjV+WRjbo/lPn1ABGjXnm6N5t4CYIUFGG7NFEg2Q9
t7gY4rbdrfIYyRUwUkKbt7hGv080lz/feBkhYb9NkW26v2bc/UhHSSthEttCxrHMaf
yJbgDg75XAck1M1KxxUWaKkTg+eAjomA1zv/yPAE=
X-Virus-Scanned: amavisd-new at
Received: from zmtaproxy.pom.go.id ([127.0.0.1])
by localhost (zmtaproxy.pom.go.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id R-XkIeQ-nR86; Sun, 22 May 2022 15:22:13 +0700 (WIB)
Received: from [103.1.179.201] (unknown [103.1.179.201])
by zmtaproxy.pom.go.id (Postfix) with ESMTPSA id 0DCDA8329D1D;
Sun, 22 May 2022 15:20:54 +0700 (WIB)
Content-Type: multipart/alternative; boundary="===============1124542109=="
MIME-Version: 1.0
Subject: Re:Validate
To: Recipients
From: "Admin"
Date: Sun, 22 May 2022 13:51:20 +0530
Message-Id: <20220522082055.0DCDA8329D1D@zmtaproxy.pom.go.id>
X-FEAS-DKIM: Invalid Public Key
Authentication-Results: bpomsvr-1588.pom.go.id;
dkim=neutral (Could not retrieve key) header.i=@pom.go.id
X-FE-Policy-ID: 9:3:2:SYSTEM
You will not see this in a MIME-aware mail reader.
--===============1124542109==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, =A92022 Zimbra Customer Care=20
--===============1124542109==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
ial, helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TR=
ANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORP=
HANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,2=
55); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=
ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial">
=3D"FONT-SIZE: 12pt">Dear&=
nbsp;Zimbra mail users:
noreferrer noreferrer">
derline; FONT-FAMILY: verdana, sans-serif">
0)">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 22 May 2022 03:49:01 -0600
Received: from [103.5.148.88] (port=16052 helo=bpomsvr-1588.pom.go.id)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nsiBs-000GgT-9Q
for dave@doctor.nl2k.ab.ca;
Sun, 22 May 2022 03:48:09 -0600
Received: from zmtaproxy.pom.go.id ([172.16.3.47])
by bpomsvr-1588.pom.go.id with ESMTP id 24M9hV9P018057-24M9hV9R018057
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sun, 22 May 2022 16:43:32 +0700
Received: from localhost (localhost [127.0.0.1])
by zmtaproxy.pom.go.id (Postfix) with ESMTP id AB62083220C2;
Sun, 22 May 2022 15:23:35 +0700 (WIB)
Received: from zmtaproxy.pom.go.id ([127.0.0.1])
by localhost (zmtaproxy.pom.go.id [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id tvnDwujFcXi5; Sun, 22 May 2022 15:23:35 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by zmtaproxy.pom.go.id (Postfix) with ESMTP id 8F9C1832FF37;
Sun, 22 May 2022 15:22:13 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.10.3 zmtaproxy.pom.go.id 8F9C1832FF37
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=pom.go.id; s=DKIM_selector; c=relaxed/relaxed;
h=content-type:mime-version:subject:to:from:date:message-id;
bh=uZuwRDBHngXzq2AiTaqF+B8p5jZpyqpC6+vbvDM5r/8=;
b=fIghA0BctHD9u+5wOzpvmbT5oXSOb8vH0oewWlJoYSScbLWRsaESGVKJ7jY+5hR0vEJ4YTGotJYH
HKFLsQMCOHtct4nmpbgckC/VUNBXiaVDpvO+ZnRswH1KSQ3ndAthdsvWZMbukdm8PhYXF5BZa+Fe
8B6iKyvq26mQcInbzAGEtzIha97uv2brjh293179J/EWr2r55WzCV539uE+QmBFwpUWPWDY9uxeN
Ms3wElwy6IBC/6r5NsWQk6LxEbAwPlEuhcRFI7sxOpnr+UhH94nF+55ZBxOrzYNnSy93njQqVR5B
piHBeUJkI+X2nldIIE6LyLSgAGatsaq/tZUxtw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pom.go.id;
s=9454298A-CE88-11EC-8243-7A809184C385; t=1653207733;
bh=uZuwRDBHngXzq2AiTaqF+B8p5jZpyqpC6+vbvDM5r/8=;
h=MIME-Version:To:From:Date:Message-Id;
b=WJ6U81r1CYxAA9F8qQbqdkaMmjV+WRjbo/lPn1ABGjXnm6N5t4CYIUFGG7NFEg2Q9
t7gY4rbdrfIYyRUwUkKbt7hGv080lz/feBkhYb9NkW26v2bc/UhHSSthEttCxrHMaf
yJbgDg75XAck1M1KxxUWaKkTg+eAjomA1zv/yPAE=
X-Virus-Scanned: amavisd-new at
Received: from zmtaproxy.pom.go.id ([127.0.0.1])
by localhost (zmtaproxy.pom.go.id [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id R-XkIeQ-nR86; Sun, 22 May 2022 15:22:13 +0700 (WIB)
Received: from [103.1.179.201] (unknown [103.1.179.201])
by zmtaproxy.pom.go.id (Postfix) with ESMTPSA id 0DCDA8329D1D;
Sun, 22 May 2022 15:20:54 +0700 (WIB)
Content-Type: multipart/alternative; boundary="===============1124542109=="
MIME-Version: 1.0
Subject: Re:Validate
To: Recipients
From: "Admin"
Date: Sun, 22 May 2022 13:51:20 +0530
Message-Id: <20220522082055.0DCDA8329D1D@zmtaproxy.pom.go.id>
X-FEAS-DKIM: Invalid Public Key
Authentication-Results: bpomsvr-1588.pom.go.id;
dkim=neutral (Could not retrieve key) header.i=@pom.go.id
X-FE-Policy-ID: 9:3:2:SYSTEM
You will not see this in a MIME-aware mail reader.
--===============1124542109==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Dear Zimbra mail users: =
Your account has exceeded the quota limit set by the Administrator, and y=
ou may not be able to send or receive new mail until you re-validate your a=
ccount =
=
=
=
To re-validate your account, please =
=
=
CLICK HERE TO VERIFY
=
click on the above link to verify =
Failure to verify, Your account will be permanently disable and deleted fr=
om our database. Respectfully yours, =A92022 Zimbra Customer Care=20
--===============1124542109==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
ial, helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TR=
ANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORP=
HANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,2=
55); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=
ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial">
=3D"FONT-SIZE: 12pt">Dear&=
nbsp;Zimbra mail users:
noreferrer noreferrer">
derline; FONT-FAMILY: verdana, sans-serif">
0)">
HITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 4=
00; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SP=
ACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-v=
ariant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wi=
dth: 0px; text-decoration-thickness: initial; text-decoration-style: initia=
l; text-decoration-color: initial">
ILY: verdana, sans-serif; COLOR: rgb(255,0,0)">
ON: underline">
OLOR: rgb(0,0,0)">
Your=
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
account has exceeded the quota limit set by the Administrator, and you may=
not be able to send or receive new mail until you re-validate yo=
ur account
IV>
OLOR: rgb(0,0,0)">
OLOR: rgb(0,0,0)">
hed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; BORDER-COLLAPSE: collapse; =
BORDER-BOTTOM: rgb(187,187,187) 1px dashed; BORDER-LEFT: rgb(187,187,187) 1=
px dashed">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(240,240,24=
0) 1pt inset; WIDTH: 105.85pt; BACKGROUND: red; BORDER-BOTTOM: rgb(240,240,=
240) 1pt solid; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt;=
BORDER-LEFT: rgb(240,240,240) 1pt solid; PADDING-RIGHT: 5.4pt" width=3D141>
GIN-RIGHT: 0px">
verdana, sans-serif">
FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,18=
7) 1pt solid; WIDTH: 35.4pt; BACKGROUND-IMAGE: none; BACKGROUND-REPEAT: rep=
eat; BORDER-BOTTOM: rgb(187,187,187) 1pt solid; BACKGROUND-POSITION: 0% 0%;=
PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 5.4pt; BORDER-LEFT: r=
gb(187,187,187); PADDING-RIGHT: 5.4pt" width=3D47>
GIN-RIGHT: 0px">
serif">
OLOR: rgb(0,0,0)">
To r=
e-validate your account, please
e-validate your account, please
OLOR: rgb(0,0,0)">
,187,187) 1px dashed; BORDER-RIGHT: rgb(187,187,187) 1px dashed; WIDTH: 300=
px; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM: 0px; PADDIN=
G-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1px dashed; MA=
RGIN: 0px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(8,75,138); border-radi=
us: 5px">
-FAMILY: verdana, arial, helvetica, sans-serif; BORDER-RIGHT: rgb(187,187,1=
87) 1px dashed; BORDER-BOTTOM: rgb(187,187,187) 1px dashed; PADDING-BOTTOM:=
0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: rgb(187,187,187) 1p=
x dashed; PADDING-RIGHT: 0px">
ACKGROUND: none transparent scroll repeat 0% 0%; OUTLINE-WIDTH: medium; PAD=
DING-BOTTOM: 0px; PADDING-TOP: 0px; OUTLINE-STYLE: none; PADDING-LEFT: 0px;=
MARGIN: 0px; PADDING-RIGHT: 0px" href=3D"http://energymin.gov.lk/mail1.php=
" rel=3D"nofollow%20noopener%20nofollow%20noopener%20noreferrer nofollow no=
opener noreferrer nofollow noopener noreferrer nofollow noopener noreferrer=
noreferrer noreferrer noreferrer noreferrer nofollow noopener noreferrer" =
target=3D_blank>
-FAMILY: verdana, sans-serif">CLICK HERE TO VE
5321923m_3054015556958039049m_-1391893868802809595m_8710498082380162426m_87=
59714186932824562goog_1244613476>
3054015556958039049m_-1391893868802809595m_8710498082380162426m_87597141869=
32824562goog_1244613477>RIFY
/TBODY>
OLOR: rgb(0,0,0)">
(0,0,0)'>click on the above link to verify<=
/SPAN>
(0,0,0)'>
(0,0,0)'>Failure to verify, Your accou=
nt will be permanently disable and deleted from our database.=
DIV>
(0,0,0)'>Respectfully yours,
(0,0,0)'>
(0,0,0)'>
s-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=
-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; LETTER-SPACING: normal=
; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px"> =A92022 Zimbra Cu=
stomer Care
--===============1124542109==--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments