Scare-ware e-mail from a "hacker" pretending to have compromised a recipients account and trying to ...
show moreScare-ware e-mail from a "hacker" pretending to have compromised a recipients account and trying to extort him/her.
show less
Scare-ware e-mail pretending to be from a "hacker" who have compromised the recipients computer/mail ...
show moreScare-ware e-mail pretending to be from a "hacker" who have compromised the recipients computer/mailbox.
show less
QR code in the form of a .png attachment redirecting the user to the malicious domain for Microsoft ...
show moreQR code in the form of a .png attachment redirecting the user to the malicious domain for Microsoft credential harvesting.
Details:
Sender address: [email protected]
From: "UantwerpenSecurityScan < >" <[email protected]>
Reply to: <[email protected]>
Authentication-Results: spf=pass (sender IP is 54.240.4.7) smtp.mailfrom=eu-west-1.amazonses.com; dkim=pass (signature was verified) header.d=ubiweb.io;dmarc=bestguesspass action=none header.from=ubiweb.io;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of eu-west-1.amazonses.com designates 54.240.4.7 as permitted sender) receiver=protection.outlook.com; client-ip=54.240.4.7; helo=a4-7.smtp-out.eu-west-1.amazonses.com; pr=C
show less
Header - SMTP mail from address - nnatr@xhwcu[.]vn
Payload - URL in messsage body "http://eernail[. ...
show moreHeader - SMTP mail from address - nnatr@xhwcu[.]vn
Payload - URL in messsage body "http://eernail[.]cn/#username"
show less
PhishingSpoofing
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.