funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Spam removal spam?

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Mon, 5 Jan 2015 11:25:04 -0800
OK, now *this* is an email account phishing message trick I haven't often seen 
before:

<a 
href="hxxps://194.100.100.254:443/quarantine/manageuser?tkn=ZW1tYa8OVj1L
o2ZFs7uuKV8M1VALgSyPfsKVJg%3D%3D&action=viewibx">Click here to 
access your spam quarantine.</a>

The Website seems to be ruin out of Finalnd:

inetnum: 194.100.100.224 - 194.100.100.255
netname: IISALMI
descr: Iisalmen Kaupunki
person: Hannu Tenhunen
address: Iisalmen kaupunki / ATK-osasto
address: Riistakatu 5
address: 74101 Iisalmi
address: FINLAND
phone: +358 17 272 3400
phone: +358 400 545 586


Return-Path: <untangle () example com>
Received: from untangle (mail.hes.pt [83.240.161.140])
        by vcn.bc.ca (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id 
t0565a7F015726
        for <rslade () vcn bc ca>; Sun, 4 Jan 2015 22:05:36 -0800
Received: from localhost ([127.0.0.1])
        by untangle with esmtp (Exim 4.72)
        (envelope-from <untangle () example com>)
        id 1Y80nE-0006Pg-Oj
        for rslade () vcn bc ca; Mon, 05 Jan 2015 06:05:32 +0000
Message-ID: <153892.47021420437932767.JavaMail.untangle () example com>
Date: Mon, 5 Jan 2015 06:05:32 +0000 (WET)
From: untangle () example com
To: rslade () vcn bc ca
Subject: Quarantine Digest
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: UVM MailSender
X-DSPAM-Result: Spam
X-DSPAM-Processed: Sun Jan  4 22:05:38 2015
X-DSPAM-Confidence: 0.7260
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 3756,54aa29b176364983319483


<html>
  <head>
    <title>Quarantine Digest for rslade () vcn bc ca</title>
  </head>

  <body>

  <h3>Quarantine Digest for rslade () vcn bc ca</h3>

  <a 
href="hxxps://194.100.100.254:443/quarantine/manageuser?tkn=ZW1tYa8OVj1L
o2ZFs7uuKV8M1VALgSyPfsKVJg%3D%3D&action=viewibx">Click here to 
access your spam quarantine.</a>
  <br/>
  The spam quarantine contains emails that are being held from your email 
account.
  <br/>
  Quarantined emails can be released to your inbox or deleted using the spam 
quarantine link.
  
  
!DSPAM:3756,54aa29b176364983319483!

</body>
</html>

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
    Key escrow to rule them all; key escrow to find them.
    Key escrow to bring them all and in the darkness bind them.
    In the land of surveillance where Big Brother lies.
                                                     - Peter Gutmann
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: