| Path : /home/kohli/mail/kohli.cards/info/new/ |
|
|
| Current File : /home/kohli/mail/kohli.cards/info/new/1583525317.M339042P29582.server.makingyoulive.com,S=6351,W=6477 |
Return-Path: <takedown-response+8620672@netcraft.com>
Delivered-To: info@kohli.cards
Received: from server.makingyoulive.com
by server.makingyoulive.com with LMTP
id 0wacEcWtYl6OcwAASuaV8A
(envelope-from <takedown-response+8620672@netcraft.com>)
for <info@kohli.cards>; Sat, 07 Mar 2020 01:38:37 +0530
Return-path: <takedown-response+8620672@netcraft.com>
Envelope-to: info@kohli.cards
Delivery-date: Sat, 07 Mar 2020 01:38:37 +0530
Received: from mail2.netcraft.com ([52.31.138.216]:45561)
by server.makingyoulive.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <takedown-response+8620672@netcraft.com>)
id 1jAJGs-0007gT-Vn
for info@kohli.cards; Sat, 07 Mar 2020 01:38:37 +0530
Received: from barbel.netcraft.com (unknown [10.8.0.252])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail2.netcraft.com (Postfix) with ESMTPS id 0836F37DA56
for <info@kohli.cards>; Fri, 6 Mar 2020 20:08:32 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.netcraft.com 0836F37DA56
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default; t=1583525312;
bh=1eVGIXao1+i2O4gLsAARzE1JhvwDEekEv2y1RLZEMM8=;
h=Date:From:Subject:To:From;
b=xA/V0OJTb75LkA5NWHmtf9ax3SSxDyactOrdvyVlIfhJ4SKpf4JktLPEP46aNy+Ze
nWuCa/CaZF+iv9ZvTNeCGMQ9y12Oy2518NuniCNq5+Z8/RCy2pIZ/7DfLysO6R0U/9
Qp4a1RiFPmgPrFMtCR5C21BFAOIbYcUhE8pjylIM=
Received: by barbel.netcraft.com (Postfix, from userid 507)
id 06AAF319373; Fri, 6 Mar 2020 20:08:32 +0000 (GMT)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_15835253111999545"
MIME-Version: 1.0
Date: Fri, 6 Mar 2020 20:08:31 +0000
From: Netcraft Takedown Service <takedown-response+8620672@netcraft.com>
Subject: Issue 8620672: phishing attack at hxxps://www.kohli[.]cards/pack/Adobe-Document.html?_encoding=UTF8&9f507ab904f8c334dcaae8b7df7a5bb6&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=1.0&openid.pape.max_auth_age=
To: info@kohli.cards
Message-Id: <de92cc41ab9c2eee55afa42d9bf5e7fc@takedown.netcraft.com>
Auto-Submitted: auto-generated
X-Xarf: PLAIN
X-Arf: yes
X-Mailer: MIME::Lite 3.030 (F2.84; T1.38; A2.18; B3.13; Q3.13)
X-Spam-Status: No, score=1.8
X-Spam-Score: 18
X-Spam-Bar: +
X-Ham-Report: Spam detection software, running on the system "server.makingyoulive.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Hello, We have discovered a phishing attack located on your
network: hxxps://www.kohli[.]cards/pack/Adobe-Document.html?_encoding=UTF8&9f507ab904f8c334dcaae8b7df7a5bb6&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2
[...]
Content analysis details: (1.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Flag: NO
This is a multi-part message in MIME format.
--_----------=_15835253111999545
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Hello,
We have discovered a phishing attack located on your network:
hxxps://www.kohli[.]cards/pack/Adobe-Document.html?_encoding=UTF8&9f507ab904f8c334dcaae8b7df7a5bb6&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=1.0&openid.pape.max_auth_age= [52.26.37.44]
We believe that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Germany
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Microsoft, website URL https://www.microsoft.com/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.
More information about the detected issue is provided at https://incident.netcraft.com/4cbe9373087c/
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 8620672
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_15835253111999545
Content-Disposition: attachment; filename="report.txt"
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8; name="report.txt"; name="report.txt"
---
Attachment: none
Category: fraud
Date: 2020-03-06T20:06:20+00:00
Domain: kohli.cards
Port: 443
Report-ID: takedown-response+8620672@netcraft.com
Report-Type: phishing
Reported-From: takedown@netcraft.com
Schema-URL: http://www.xarf.org/schema/fraud_0.1.4.json
Service: https
Source: https://www.kohli.cards/pack/Adobe-Document.html?_encoding=UTF8&9f507ab904f8c334dcaae8b7df7a5bb6&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=1.0&openid.pape.max_auth_age=
Source-Type: uri
User-Agent: Netcraft Takedown
--_----------=_15835253111999545--
@KyuuKazami