Phishing¶
<phishing id="cz.vsb.netis.phishing.20111004.15075">
<received>Mon, 04 Apr 2011 11:25:03 +0200</received>
<from>mamatais@sercomtel.com.br</from>
<replyto>mamatais@sercomtel.com.br</replyto>
<websites>
<website>
<url>http://www.circleoflifeceremonies.com/contact/use/upgrd/form1.html</url>
<hostname>www.circleoflifeceremonies.com</hostname>
<ip>
<ipv4>65.254.248.140</ipv4>
</ip>
<blocked>true</blocked>
<reported>
<service>spamcop</service>
<service>phishtank</service>
<service>google</service>
<reported>
</website>
<website>
<url>https://docs.google.com/spreadsheet/viewform?formkey=dE1RV3JoclNoTkhEWDVmejYyNzVZYUE6MQ</url>
<hostname>docs.google.com</hostname>
<ip>
<ipv4>74.125.39.100</ipv4>
<ipv4>74.125.39.101</ipv4>
<ipv4>74.125.39.102</ipv4>
<ipv4>74.125.39.113</ipv4>
<ipv4>74.125.39.138</ipv4>
<ipv4>74.125.39.139</ipv4>
<ipv6>2a00:1450:4008:c00::65</ipv6>
</ip>
<blocked>false</blocked>
<reported>
<service>spamcop</service>
<service>phishtank</service>
<service>google</service>
<reported>
</website>
</websites>
<webmail>
<name>squirrelmail</name>
<url>https://www.szentesikabel.hu</url>
<hostname>www.szentesikabel.hu</hostname>
<user>amanteatrade</user>
<attacker>
<ip>
<ipv4>41.73.17.34</ipv4>
</ip>
<blocked>true</blocked>
</attacker>
<reported>
<service>abusepoc@afrinic.net</service>
<reported>
</webmail>
<smtp>
<hostname>stargate.szentesikabel.hu</hostname>
<ip>
<ipv4>89.147.80.99</ipv4>
</ip>
<blocked>false</blocked>
</smtp>
<clamav>cz.vsb.netis.phishing.20111004.15075:4:*:6473686168616E406D6F756E7461696E73746174652E656475</clamav>
<message>
<header><![CDATA[Return-Path: <mamatais@sercomtel.com.br>
Received: from mailbox.vsb.cz ([unix socket])
by mailbox (Cyrus v2.2.13-Debian-2.2.13-14+lenny3) with LMTPA;
Mon, 04 Apr 2011 11:25:03 +0200
X-Sieve: CMU Sieve 2.2
Received: from smtp.vsb.cz (smtp-ha1.vsb.cz [158.196.149.153])
by mailbox.vsb.cz (Postfix) with ESMTP id A985D9C019;
Mon, 4 Apr 2011 11:25:02 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by smtp.vsb.cz (Postfix) with ESMTP id B02211E1CA8;
Mon, 4 Apr 2011 11:25:02 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at smtp.vsb.cz
Received: from smtp.vsb.cz ([127.0.0.1])
by localhost (smtp-ha1.vsb.cz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Y9dxH+AA8+p5; Mon, 4 Apr 2011 11:25:02 +0200 (CEST)
X-Greylist: delayed 1129 seconds by postgrey-1.32 at smtp-ha1; Mon, 04 Apr
2011 11:24:58 CEST
Received: from smtps-2.sercomtel.com.br (smtps-2.sercomtel.com.br
[200.155.34.148])
by smtp.vsb.cz (Postfix) with ESMTP id D1D821E0204;
Mon, 4 Apr 2011 11:24:58 +0200 (CEST)
Received: from webmail.sercomtel.com.br (smtps-3.sercomtel.com.br
[200.155.34.91])
by smtps-2.sercomtel.com.br (Postfix) with ESMTP id 7EB743E800D;
Mon, 4 Apr 2011 06:06:03 -0300 (BRT)
Received: from 41.73.17.34
by webmail.sercomtel.com.br with HTTP;
Mon, 4 Apr 2011 06:06:04 -0300 (BRT)
Message-ID: <1583.41.73.17.34.1301907964.squirrel@webmail.sercomtel.com.br>
Date: Mon, 4 Apr 2011 06:06:04 -0300 (BRT)
Subject: =?utf-8?B?UG96b3I6IHphc3Rhdml0IMWhw63FmWVuw60gdmlydSB0ZcSPISAg?=
From: =?utf-8?B?V2VibWFpbCB0ZWNobmlja8O9IHTDvW0=?=
<mamatais@sercomtel.com.br>
User-Agent: SquirrelMail/1.4.8-4.0.1.el4
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;]]></header>
<body><![CDATA[Webmail technický tým
Virus byl zjištěn DGTFX ve vašich složkách.
E-mailový účet musí být aktualizován, aby naše nové
zabezpečené DGTFX anti-virus 2011 verze, aby se zabránilo poškození našeho
webmailu přihlásit a vaše důležité soubory. Klikněte na odkaz níže zabezpečit svůj
e-mailový účet, a aby se zabránilo šíření viru.
http://www.circleoflifeceremonies.com/contact/use/upgrd/form1.html
Všimněte si, že vaše heslo bude šifrována 1024-bit RSA klíčů pro bezpečnost vašeho hesla.
Děkujeme Vám za Vaši spolupráci.
© 2011 Webmail technický tým.]]></body>
</message>
</phishing>