|
Post by kas on Nov 15, 2021 16:52:21 GMT -5
My mother almost fell for this scam but was smart enough to check the sending email address as it was from hotmail.co.uk (glad it was not spoofed) as well as to ask a few questions such as the expected date of her delivery not matching the printed out receipt for her order from amazon.
This time of year scams are higher because of online gift purchases for Christmas and beating the delays in shipping to recipients. Also especially due to the Pandemic more people are purchasing online.
2 links in email:
One for the text SEE MORE: hxxps://s3.amazonaws.com/zaeouybv/EdmUSHJa.html And one for Request new delivery: Same link as above.
The Unsubscribe from this mailing list has no link which I am not sure Canada Post would have that at the bottom anyway. Tracing the link from the email shows that it redirects to another. wheregoes.com/trace/202110413151/Various scans show that the particular page ( http://rtyuioomgrdsewvc.merseine.com/onmse/) is down (error code 500: Internal Server Error) where the site itself is not showing anything virus wise. Possibly a phishing site but looks like I would have to investigate closer to confirm this. However, I am pretty sure going by the phishing email itself that the site is designed to steal your information. validator.w3.org/check?uri=http%3A%2F%2Frtyuioomgrdsewvc.merseine.comwww.urlvoid.com/scan/rtyuioomgrdsewvc.merseine.com/The link is shown to be malicious but most security scans show it as being down due to server error (possibly taken down by Webroot): www.virustotal.com/gui/url/8eb328272fd0716e29664efbb320651886080ba25dceb0e13ee2804c219a1451/detailsscanurl.net/u/rtyuioomgrdsewvc-merseine-com-onmseIt is possible that the site or page at least got taken down after the email was sent out: www.phishtank.com/phish_detail.php?phish_id=7351847
|
|
|
Post by kas on Nov 15, 2021 17:10:21 GMT -5
|
|
|
Post by kas on Dec 11, 2021 17:31:19 GMT -5
|
|
|
Post by kas on Feb 17, 2022 6:26:36 GMT -5
Just got one today which somehow bypassed my spam filter (while in Canada using Cogeco Cable Forwarded to Yahoo while traveling) even though it is the same type of format as others which have been caught. I have omitted any permanent private info. (Link went to hxxps://javicasado.es/it.html?101736477/OTUwNDYzMTQ2MzY4NjM1) Scanners that show it is not a safe site to visit: Norton:safeweb.norton.com/report/show?url=https%3A%2F%2Fjavicasado.es%2Fit.html%3F101736477%2FOTUwNDYzMTQ2MzY4NjM1Google Transparency Report:transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fjavicasado.es%2Fit.html%3F101736477%2FOTUwNDYzMTQ2MzY4NjM1ScanURL does not yet detect any danger. It checks PhishTank and WOT. I have submitted just now to PhishTank and will to WOT as well. scanurl.net/u/javicasado-es-it-html-101736477-OTUwNDYzMTQ2MzY4NjM1URLVoidwww.urlvoid.com/scan/javicasado.es/FortiGuardwww.fortiguard.com/ip_rep/index.php?data=javicasado.esHeaders: Received: from 10.217.136.215 by atlas125.free.mail.ne1.yahoo.com with HTTPS; Thu, 17 Feb 2022 00:41:49 +0000 Return-Path: <mondo92@hotmail.com> X-Originating-Ip: [66.226.81.39] Received-SPF: softfail (domain of transitioninghotmail.com does not designate 66.226.81.39 as permitted sender) Authentication-Results: atlas125.free.mail.ne1.yahoo.com; dkim=pass header.i=@cogeco.ca header.s=email; dkim=perm_fail header.i=@hotmail.com header.s=selector1; spf=softfail smtp.mailfrom=hotmail.com; dmarc=fail(p=NONE) header.from=hotmail.com; X-Apparently-To: [b]OMITTED[/b]; Thu, 17 Feb 2022 00:41:50 +0000 X-YMailISG: n7xcucsWLDtaZ744edzksGrCGfOFlAyCzr.LGIfOqkoeo4X2 F.nUE0gZ8bIiW8UdKIcWm0u8tcyKkOXKM5LjbARCEXL9NUdHYyE0H.4W6kxZ U58uMqgMT7pnaUvbXBbZhRFunXRvVcv3wswyDjb62lMVnp4MM7NJD2pxYUET bgbQPidtdS2pUen54gz0TwogGHoFiQ9WTQBPUrxUWsBhwNXI.mOxlzM8q7aI OISLxhflncwMBa46QxvF24ycJ9jVh3CeSFa9FHVqwhYmcMfyE3RAY4xxxDS4 yBmMgW918cq0c_pud9it55Ihh9wVWCI2mhtZHZaxYDcaHjO7B1vwNFuNFVB. 7GQPjpjmUagypM6X9To55wVpEKUUZRXrh0L6yI2K.TKUEvbGFAYXzowfwB6F VOyaRejGKxU3IpIbemM5jz7alI_mkP.qvEH0TiPYZOn.GxKER7mWPlY2YWvd ky83olQ8gMqw0sWOpqen8_z1wDrJbwCebgDHsC7kc2ipI7lpprYCJt_PIOyQ hY6VVuYh2Xbb_wY_8uBykGcwKHT7qfY1LY5MqpSiYUzstGu7nG9Z048ihMfR h3lOQKirrPQaf8ukNv6cYMpfnLJgUgZWi56tS3erM23xf.QpDV8unAe1sLoe VvWJh3x5z2MVDqBYsowszbdQe5a1bHO4h8x0hnDy92PY6CZzCQ_vdLEHgXrp 0uzPfZclldyKfdd1M9wdOX0cLoArgOjQsfLCQTvmPELkPlcsPkL9pjDXLaJk HK0Z.PXUrXhzw0_C1B5rrI085.bm48KU1Gg1Xgtgbvz0dz7NKo5uXrYYhopp VJm634_4QYYYlHLV6Qj5r9lTcZ6M152nD5bJVhCXLPuOQ30SQWrQ_NUoeyv. 7Z1H1JV6b07Co1w8SGhuY.jtXM2iPuhyusWqP20NW5VUDNAm01C4dopO70h2 3QcTfjSke5Ux2SWxOKUksV3QQy4LGm_xoX4mK_CXQbIKiL0SQ6cr5OFHaNfQ 67ArcI4STKb3nhx4LYsZ69.aFSrJr7VHCPseg7fET00BIde1XJAjPh_layYE nC5azBG41e8ol9Fol8LkwS3BzRJsqOrgtMVDNuV1CQ_II3EgiuxqM2vzVtfr TeOQpdwz6Y_mTtZ70AVK6bFlnN3rM0b.DBe8afheSemT.CaQcLumqmtDV837 T6S8HYqALhjreE4h0.tYdF2URuurofvL6r7C3QrwaZgRD9aZ.ey4nZ9R6sZm Mce3p4E_HbWPzA_bVQEQP5Z94A_IqE0- Received: from 66.226.81.39 (EHLO mail8139c14.megamailservers.com) by 10.217.136.215 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Thu, 17 Feb 2022 00:41:49 +0000 Received: from mail81138c14.megamailservers.com (mail81138c14.megamailservers.com [66.226.81.138]) by mail81203c14.megamailservers.com (mail81203c14) with ESMTPS id 788B6923D13A8 for <[b]OMITTED[/b]>; Wed, 16 Feb 2022 19:41:49 -0500 (EST) Received: from busymta02 (smtp4.cogeco.ca [216.221.81.70]) by mail81138c14.megamailservers.com (mail81138c14) with ESMTP id F293C922B028C for <[b]OMITTED[/b]>; Wed, 16 Feb 2022 19:41:48 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cogeco.ca; s=email; t=1645058509; bh=OXix3XQrDiWFWIlWToduRsFiZcaVUwU7xpqHH+MxY0k=; h=Date:Subject:From:To:From; b=z3vAyfFIDgN4BzRziN8z4/lBAJR7ZNikTHQ+bmgkOdSifYa2WJdi46dHRCwzcpRqZ evAU7+nj+JX5IXXHnwaxDgAYlg/YJ72nSrnAmb6UyIbO/qpLH3w5eEw1X944cq8rh2 zsZQQSF9SnP9/4kXYi8hBzaBm0voPERqpu0kaYAM= Feedback-ID:mondo92@hotmail MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_nPvnQQrqXO6snae71S7lkg)" Received: from mail8112c14.megamailservers.com ([192.168.200.190]) by busymta02.int.cogeco.net (Oracle Communications Messaging Server 7u4-27.01(7.0.4.27.0) 64bit (built Aug 30 2012)) with ESMTP id <0R7F004T9B9OQA70@busymta02.int.cogeco.net> for [b]OMITTED[/b] (ORCPT [b]OMITTED[/b]); Wed, 16 Feb 2022 19:41:48 -0500 (EST) DMARC-Filter: OpenDMARC Filter v1.3.2 mail8112c14.megamailservers.com E1F48924845F6 ARC-Seal: i=2; a=rsa-sha256; d=cogeco.ca; s=email; t=1645058508; cv=fail; b=h6qyJaSTeSxUB0f6LTxO5UDQ71B9iTdqi7wdq8RnLFGyxF0m4OG1Lbvq1LI220UuaSzYkaeJk2XHwi6jNng8DaaUOgRXY4Uk7KLRNgJjfYAWiFzkWqXu0xUdcs12lWj3U6XPHtD8wobZ7yZzR1+4x/+Wh842oc+PqkcS5m3bfcc= ARC-Message-Signature: i=2; a=rsa-sha256; d=cogeco.ca; s=email; t=1645058508; c=relaxed/simple; bh=tSrYkvsak0dSYMmlxWNVqFOCPafYNHUt7wucfsMtQJg=; h=Received-SPF:ARC-Message-Signature:ARC-Authentication-Results: DKIM-Signature:Received:Received:Date:Subject:Message-ID:From:To: Content-Type:X-TMN:X-ClientProxiedBy: X-Microsoft-Original-Message-ID:MIME-Version: X-MS-Exchange-MessageSentRepresentingType:X-MS-PublicTrafficType: X-MS-Office365-Filtering-Correlation-Id:X-MS-TrafficTypeDiagnostic: X-Microsoft-Antispam:X-Microsoft-Antispam-Message-Info: X-MS-Exchange-AntiSpam-MessageData-ChunkCount: X-MS-Exchange-AntiSpam-MessageData-0:X-OriginatorOrg: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-AuthSource: X-MS-Exchange-CrossTenant-AuthAs: X-MS-Exchange-CrossTenant-OriginalArrivalTime: X-MS-Exchange-CrossTenant-FromEntityHeader: X-MS-Exchange-CrossTenant-Id: X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: X-MS-Exchange-Transport-CrossTenantHeadersStamped; b=i0uv0+z8YaKisKcbZVyS3F2xIi2rS2tpkMIpWGQXdvAKVzEsYc2ghQtX9lhRnQ4vjkMZXL6nLrk5eCiD5KnHBhm8NSGZmcWbx3dks5wWBvVm8qa8+4faHftbeKm5OU5U6HkFFR7yjsB8n0uIbqFfBI93bOtdBGnef3Ixmtanbis= ARC-Authentication-Results: i=2; mx.cogeco.ca; arc=fail smtp.client-ip=40.92.66.62 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066062.outbound.protection.outlook.com [40.92.66.62]) by mail8112c14.megamailservers.com (mail8112c14) with ESMTP id E1F48924845F6 for <[b]OMITTED[/b]>; Wed, 16 Feb 2022 19:41:47 -0500 (EST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=houQ4EYRGAEYqWIR1cXVDc9QvBRZbj4BF6p4pChKFi2vr45bhZM2xmDde3vlLt0UWTKYg8rDNvrVTdHNXQsPNf8QLG7+dmup706FauSLRj/RRf58l7EqygtTsCsbLpFYm9HrPGOh+M38GOyDf634m4M/2zCZIqMSbv2pNZtE14D+CZlff4inje8mFBZnrfzIIAkRX6p89OCQOy4ROj0Nvu5AZTpGXUHXcHmgTjuULOcFd3DKbFeagbcdsbmm4ZmJbMTxdlRf6Zz5igcLF/H83eb+mwMcQ4vvidad+eFqVB9v9J8VXIEYLE4gu+rxGRYYQkO220Od+ElBusgSEEy3zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tSrYkvsak0dSYMmlxWNVqFOCPafYNHUt7wucfsMtQJg=; b=iD8Y7xe2qonE+Y348NYgTKyvEcwOzNTa1mfoJ4P7oPQEvRrG2RkYGdtDrv8Dx+Umv0mnwrpFQMV5tRgZz+cpfmDPiEuyEv1daKt7q5KZ1/FBFVl+M3Uob82kpRVmCDW6yWQTLSIgPJSUCl7LwboV1tXuZihSkC6ddq8vt5rQzPrEPr6oWS8YIOSw/2L1AZYwZH5ZU7b69mC5iLBHQzXK5NBZywRkflNFvU3d6kHpAng3LelvlIQnC13OAtT92kbOLccpZDVk+eC28P5YW1aUwFMG5gPB/YUcCKrE7dYKubq4jkdo41lGMLFt/dEl5SuRTtbw0YTklzjUxWv0YzvWwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tSrYkvsak0dSYMmlxWNVqFOCPafYNHUt7wucfsMtQJg=; b=XHRaFN2Ui2bQ2gTFkaUDJ5WNyr4cU5hNQNearTx0enolXdXLpdePITy27NNtaVYQTih4W0Y6OHTzaLc85xSoKXGn398Dehkwv9FHGXp6NaBjPOMzAeoTh5IUo20ZBYthzgAaql420PxIttiVrFAK1MpxYcToYFREcwNyHCweYuEjI62pLvT0X7gB5m77rh8dYtH/nclkdyoL4Cis+RWQcoByEagleicrYQj3gQsfklgzVMNxJHE7lfsucajZ/1zOSUGxw7wm2EXJBqXU7y1qNMBRytdrGNtlcOwUyUBDVVqPDbe3atAy1q6t22+GGwu53FyvoX0wLMdYT76xwThHkg== Received: from DB7PR07MB4491.eurprd07.prod.outlook.com (2603:10a6:5:37::25) by PA4PR07MB7232.eurprd07.prod.outlook.com (2603:10a6:102:fb::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.8; Thu, 17 Feb 2022 00:41:40 +0000 Received: from DB7PR07MB4491.eurprd07.prod.outlook.com ([fe80::fca4:d7ba:c29f:7f1]) by DB7PR07MB4491.eurprd07.prod.outlook.com ([fe80::fca4:d7ba:c29f:7f1%6]) with mapi id 15.20.5017.007; Thu, 17 Feb 2022 00:41:40 +0000 Date: Thu, 17 Feb 2022 01:41:18 +0100 Subject: [97557177] Please correct the delivery address. 2/17/2022-01:41:18 Message-id: <DB7PR07MB4491DC19B8C867EBF060F8C3A3369@DB7PR07MB4491.eurprd07.prod.outlook.com> From: =?utf-8?B?ZS1UaWNrZXQgQ0JGOTI4?= <mondo92@hotmail.com> To: [b]OMITTED[/b] X-TMN: [BuzCqc/0IVcYZXlFUAd9P7ZWTe5nqATR] X-ClientProxiedBy: ZR0P278CA0167.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:45::15) To DB7PR07MB4491.eurprd07.prod.outlook.com (2603:10a6:5:37::25) X-Microsoft-Original-Message-ID: <7BCF281CCA52678F33-EDF50F2BF085257D5784460D15C6B3B83671D487B-0FD29979639A4A-17C51D1E9EBCF2-65BF326E2DE1@oracle.com> X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2ff55d4-5713-4808-9062-08d9f1ae361f X-MS-TrafficTypeDiagnostic: PA4PR07MB7232:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VFgW7qmUqbui/bSHvxmqGodrR1HZBWwn4UCs+BZX3CPZu00DZ+2WbzI7it9xIsSvewrUqCArY8CMKXrTpRiZtimshOhhoYAc05CTpgNJO2x0JDSShWti0F+LEQy0Yr1sCQJR8XB23Ll4nfblPMLJdLLKSaAj3OovlfNoU/3hRrEHPa6v1H1ozNs+8b2ABMG5mTusjmzSMdDYxKY9Jt6KgYoOzn2Z7Y4w4kYTFx7zPm6w2Gzfm+14eryfIXv7GHz8Ksa/Mt3Jd/Kr+WZ/h3QxkCamf3+kB9budySO99CDX3VGjhrsJ/FYlno4sNl2di7sbGDl/o1AcqJvrD7TRtHCmXPVMXEwfa/ITQggDmb4kQoDsVTUXjcUHZYpUmDA5cYUIju/UPvaa1dSiYImNDu4qLz68nJCqmQPdfDHtCL/iQXugdJNFH8zFXHhFNU1zmkX8O+NM5GABOT7PNJecprkhJYX0WF0j14OuKtHpOQ1Mo4rCmJFx4sS4ow4GbwsBuz1vqloMIa8FVfsnjr0rfewu8/kAdlvalwSRxGwUb0Q6oPFv2VZ16zL0blV2QeQbX5aXGKQoJ1mVQ+e2DgK7vi11g== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MkJZRXpZUVVVSHNIbHVxajZYV3dzUzk4bnVtcTFLUXBSMjFENHpodWVMR0w1?= =?utf-8?B?V25tQWVXRnB5UW0xdVFnSnBvT1FvNkxPWjBGVmhkY08vSUJPSFdXeG1QRTA1?= =?utf-8?B?dzF2aTlmTmVudzlES3NFWU5wTUJsaHRRRGU3aWR0MGJsMk0yM0M4NUJuUUpu?= =?utf-8?B?bTRSOERmVll0amhXSlhkdHpKYzRBL01hK3E5NUtRT3hWdGhVMkNIZmRoWTNO?= =?utf-8?B?V29iL3lWWW90UHROcW9uREJrZTk2bFJGdEZZZmRwd3hJNnR4Y3kvRU1TYzAw?= =?utf-8?B?WjlhdUhOdThROW94MDVwb2dLYUVOLzRMK01MM041UVNKTDdGTmlTd3VPbCtK?= =?utf-8?B?ZGxtenNYcjFZSW1ibEZWVmtVM3o0dVZUbnpTNnNraUNKcW5nQnVFcXJRWVhX?= =?utf-8?B?b1BXZUh6aTd2SSs0TGE1QUZkcSsrR1BKUEJXUWJDeW0zNkJaaERiSkwxVXl6?= =?utf-8?B?Z0ZGbHkway9QRXFWaSsxamhVck1ORDZXeWViV2t3SmduVDNDVTVrUGZmak8r?= =?utf-8?B?MkQvWkdoRExmcktaYWt4UldjRXhwRXk5bTJpellTeDVWY2M2OEIxd3FqRXdX?= =?utf-8?B?ME9lS00rNkQyaWdjWGV1M29RQzdDc2lVZGt1L3dUeS91eXRqRzBrc3VnTUFm?= =?utf-8?B?TERvYlZHNmJ0M2NKSFJhTTVEZ09iVGZDYWswZFhFVDl3dlFuQ3VoQzcxVGxV?= =?utf-8?B?cFI3cXl4TnQxTC9aNHRUODF2Vmc0VktHYlNZYUY1NTBrdkVJdElCMENOazZa?= =?utf-8?B?c1hjQjFqUm0yQlJidzRpUHZhd0lFc3k3TExvS2dCdmF0dXQ1WjZOZEQxQWV4?= =?utf-8?B?RXkzUjgrYVYwV3ZUZktqRm5iMHlsRXRxRjZieFVYb2V1SE9PWlJhelBxNDRZ?= =?utf-8?B?Vm1JOFM1VDh2aTE0cE9scFd6ZmQwU2hHS09EZjIzcnBnajRtbUNBYld5ajd5?= =?utf-8?B?NzRrQ0dGS3Z1aVNRejVOYXJSTzhHZU5FNW5UWTlSQitxajc5aloydUdkdU9l?= =?utf-8?B?UmRVSERUSnZkSWN4Z0QvSWZ2YmJ3dDdCWVNMbGd6Mm44Tnlrbi9LbzhEeVAz?= =?utf-8?B?dFh4d3h6elZOYWxCckhLak1memx1NXJxaER2S2dFT2ZoLzlaTjIza3AwYjlB?= =?utf-8?B?YkZBOTBaekNPMjVlUWZUeUc4ZXJXUVpIKzZmTFkxVTNpUGJPa2duR2x4Unpy?= =?utf-8?B?dXN2Y2hRMzJTQXppblMyVXVZbXJ5M0ZFc09yZm5HZzVSTFp0OEJNeW5lYWpW?= =?utf-8?B?Z2NrcUYvamdXNmtXUGxpT1BKSGdIWnF4ZzRPTlB2Zkp4eWhzdz09?= X-OriginatorOrg: sct-15-20-4778-2-msonline-outlook-1105a.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: b2ff55d4-5713-4808-9062-08d9f1ae361f X-MS-Exchange-CrossTenant-AuthSource: DB7PR07MB4491.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2022 00:41:18.9433 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB7232 X-DA-Pass: W0T0 X-VADE-SPAMSTATE: clean X-VADE-SPAMSCORE: 0 X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvvddrjeejgddvhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfjqffuvffqrffktedpgffpggdqvedugeenuceurghilhhouhhtmecufedtudenucenucfjughrpeffuffkhffvtgggsegrtddtredttdejnecuhfhrohhmpegvqdfvihgtkhgvthcuveeuhfelvdekuccuoehmohhnugholedvsehhohhtmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpedvgfffveeggedtiefgfefgteelkeektefhgefgudejudfgtdekudduudfhffegheenucffohhmrghinhepjhgrvhhitggrshgrughordgvshenucfkphepgedtrdelvddrieeirdeivddpvdeitdefmedutdgrieemheemfeejmeemvdehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedtrdelvddrieeirdeivddphhgvlhhopefgfgfttdduqdgggfduqdhosggvrdhouhhtsghouhhnugdrphhrohhtvggtthhiohhnrdhouhhtlhhoohhkrdgtohhmpdhmrghilhhfrhhomhepmhhonhguohelvdeshhhothhmrghilhdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopegrvghsshgvrhihsegtohhgvggtohdrtggr X-CTCH-Spam: Unknown X-CTCH-VOD: Unknown X-CTCH-RefID: str=0001.0A742F1B.620D99CC.004C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Origin-Country: AT X-VADE-SPAMSTATE: clean X-VADE-SPAMSCORE: 0 X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvvddrjeejgddvhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfjqffuvffqrffktedpqfgfvfdpgffpggdqvedugeenuceurghilhhouhhtmecufedtudenucenucfjughrpeffuffkhffvsegrtddtlhdttdejnecuhfhrohhmpegvqdfvihgtkhgvthcuveeuhfelvdekuceomhhonhguohelvdeshhhothhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepueduudfggedukeefteeflefhueeggefgiedvveejvdefueevvdfghfekgfeukeevnecuffhomhgrihhnpehjrghvihgtrghsrgguohdrvghsnecukfhppedvudeirddvvddurdekuddrjedtpddviedtfeemuddtrgeimeehmeefjeemmedvheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvudeirddvvddurdekuddrjedtpdhhvghlohepsghushihmhhtrgdtvddpmhgrihhlfhhrohhmpehmohhnugholedvsehhohhtmhgrihhlrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtoheprghnghgvlhgrvghsshgvrhihseihrghhohhordgtrg X-CTCH-RefID: str=0001.0A742F1E.620D99CD.0023,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-Origin-Country: CA Content-Length: 968
--Boundary_(ID_nPvnQQrqXO6snae71S7lkg) Content-type: text/plain; CHARSET=US-ASCII Content-transfer-encoding: 7BIT
--Boundary_(ID_nPvnQQrqXO6snae71S7lkg) Content-type: text/html; CHARSET=US-ASCII Content-transfer-encoding: 7BIT
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><p style="display: none;">9366615440875803071516364449660263770974696875 </p> <p> Dear Customer [b]OMITTED[/b] , [392876] <p style="display: none;">822217430655454845541 </p> <p> Today 2/17/2022-01:41:18 we couldn't find you at the destination. AWB:[20847628620583] <p style="display: none;">9871469488379016392415367233594558824 </p> <p> Please correct the delivery address: [01242257] <p style="display: none;">826766391011041200493929906347258425673739076089990259078787832 </p> <p> <a href="https://javicasado.es/it.html?101736477/OTUwNDYzMTQ2MzY4NjM1">Schedules Now</a> <p style="display: none;">58298 </p> <p>
--Boundary_(ID_nPvnQQrqXO6snae71S7lkg)--
Screenshot of the Phishing attempt:The email: The website if you click the link in the email:
|
|