09-21-2022, 08:03 PM
Nasao sam taj email, evo original header:
Delivered-To: irrelevant - had to remove source
Received: by 2002:a17:90a:e2d1:0:0:0:0 with SMTP id fr17csp546978pjb;
Tue, 28 Jun 2022 06:34:35 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uDBYX/4Tfgs3tGMmhiv/P6k4DIjVJNEQ7Byi3A0UpC9a0j8U6kzUab6tO1feFk5tpOfp+H
X-Received: by 2002:a5d:59af:0:b0:21d:21ca:32af with SMTP id p15-20020a5d59af000000b0021d21ca32afmr1731385wrr.145.1656423275024;
Tue, 28 Jun 2022 06:34:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1656423275; cv=none;
d=google.com; s=arc-20160816;
b=oSDFhgFGI2MeYiXRoPoif0HAu8ppTWsKpLnAVr7vO4hEgxPk1nSeVe/UFe1oHm4R83
lSqMFROOAkBqADQJtXd6BKwT6+UN3lE9WjNvK5SLeQR5HuVFxb/aVSlBcFemijtzrQEf
6E935TuZj6cDGjO+o3adqFMQfIvbWD5uKDdBPMeB7rtkNhglvlLNMfuJ7D1lKE5WASrh
cRWqLYkzg9uTtP2SKg+4x1A2NK2frv68F39A8+mRvEeEF6K+BaGKTjT3OO5rL8k+tuVc
UgqjVGiB1nCZYZ0kVfN2M1JSe2aM4Rd+a889pF4DITfMjCpcG9pO7Qib3kyzP42TaNza
FOVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=message-id
ubject:to:from:content-transfer-encoding:date
:mime-version:dkim-signature;
bh=Gx1O2uDSD00fdeId42Zz3/ocxTejA0KkE7p+6N7aXUI=;
b=U1EgWCH3Ptn2A4pHvTEuIcjtwFRQFzS+Y5iLJIA9WJvtryeNxsWGhUq10HbJJr5zT8
OkF1YV7EGp/6OoiIAlqWOKTB5z5yqXuw1Mvqlw8Ji6zIFLl0mDLx5s6QMm90IaHW+1D5
4nIPeNtYaY2coIlVoFnl1QfUz0LibE/8ScmPdb+WucKjG6f06P/yguYhOnBO9i2IXt3Z
bOdUJASoNOk7eyfQPnwk8uPYGXDkFzZtqIYezc2ecvMItiq6JWctZ/ibtDm6tpL3r04B
2jPw+exdimT52/YoyuKVQzfLF9Q5Rlb15uSAlTq2Eam9dOJVyF6ku0MS9aPucierJYDp
m6OQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=MkECjmuP;
spf=neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Return-Path: <[email protected]>
Received: from s64.himihan.com (s64user2.mylittledatacenter.com. [46.4.22.177])
by mx.google.com with ESMTPS id g18-20020a05600c141200b003a02cd14d9dsi16089612wmi.96.2022.06.28.06.34.34
for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 28 Jun 2022 06:34:34 -0700 (PDT)
Received-SPF: neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=46.4.22.177;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=MkECjmuP;
spf=neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=strumlineco.com; s=default; h=Message-ID:Subject:To:From:
Content-Transfer-Encoding:Content-Type
ate:MIME-Version:Sender:Reply-To:Cc:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Gx1O2uDSD00fdeId42Zz3/ocxTejA0KkE7p+6N7aXUI=; b=MkECjmuPo49u/k3pn300LqkAub
01vKqZZuFAhnLahgZutFIbT6tv+w2uyGWJB6/Tv0Abjv/bBqfrIAp3yPcQIVVT57t/KcR8btiveTE
NSqYYAs1gbYWadO+v9kxQfCpgE6Vhf3Cg+cHRdPkytCvIpSqitLvAR3naMoyUV5BJZXKIcmOVIbPy
20SVSxcF6hYLnWIZTb9Cdk0LDGkhUi1zizW9WNzZASCradWV+O/g65SRpXEEIj+aEHJw/Cos/cEIa
IR4vWPjoGTEyUa79Xn7F+JxOUVqGeHOj0+AkYWB1QG0aRrPwEK114572neUKIdLEbkHFra6rOwfyt
3odIilPQ==;
Received: from [219.138.44.15] (port=12242 helo=s64.himihan.com)
by s64.himihan.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1o6BMO-006tQC-KK
for ; Tue, 28 Jun 2022 18:04:33 +0430
MIME-Version: 1.0
Date: Tue, 28 Jun 2022 05:34:31 -0800
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
From: "Bojan Despic" <[email protected]>
To:
Subject: Re: Kreiran ugovor eKatastar
Message-ID: <[email protected]>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - s64.himihan.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strumlineco.com
X-Get-Message-Sender-Via: s64.himihan.com: authenticated_id: [email protected]
X-Authenticated-Sender: s64.himihan.com: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
Trazili su da korisnik klikne na sledeci link: https://iktoffice.com/ru/inqteusne i unese pass za arhivu koju bi preuzeo sa sajta: U523
Goedemorgen
Met deze brief stuur ik u alle nodige documentatie over onze komende bijeenkomst, precies zoals we onlangs hebben besproken. Bekijk de nodige gegevens via de volgende link:
https://iktoffice.com/ru/inqteusne
Wachtwoord: U523
Ovo je poprilicno zastarelo, ali ako neko zeli da proveri celu pricu. Sve se manje vise vrti oko domena: dbspssre.com/oelnrsotsud/ i
strumlineco.com/laedlmsu/yh_3215567430.zip
Taj malware koji cete naci na tim domenima, je poprilicno isti koji je distribuiran kao "RGZ" mail poruka.
Delivered-To: irrelevant - had to remove source
Received: by 2002:a17:90a:e2d1:0:0:0:0 with SMTP id fr17csp546978pjb;
Tue, 28 Jun 2022 06:34:35 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uDBYX/4Tfgs3tGMmhiv/P6k4DIjVJNEQ7Byi3A0UpC9a0j8U6kzUab6tO1feFk5tpOfp+H
X-Received: by 2002:a5d:59af:0:b0:21d:21ca:32af with SMTP id p15-20020a5d59af000000b0021d21ca32afmr1731385wrr.145.1656423275024;
Tue, 28 Jun 2022 06:34:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1656423275; cv=none;
d=google.com; s=arc-20160816;
b=oSDFhgFGI2MeYiXRoPoif0HAu8ppTWsKpLnAVr7vO4hEgxPk1nSeVe/UFe1oHm4R83
lSqMFROOAkBqADQJtXd6BKwT6+UN3lE9WjNvK5SLeQR5HuVFxb/aVSlBcFemijtzrQEf
6E935TuZj6cDGjO+o3adqFMQfIvbWD5uKDdBPMeB7rtkNhglvlLNMfuJ7D1lKE5WASrh
cRWqLYkzg9uTtP2SKg+4x1A2NK2frv68F39A8+mRvEeEF6K+BaGKTjT3OO5rL8k+tuVc
UgqjVGiB1nCZYZ0kVfN2M1JSe2aM4Rd+a889pF4DITfMjCpcG9pO7Qib3kyzP42TaNza
FOVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=message-id
ubject:to:from:content-transfer-encoding:date:mime-version:dkim-signature;
bh=Gx1O2uDSD00fdeId42Zz3/ocxTejA0KkE7p+6N7aXUI=;
b=U1EgWCH3Ptn2A4pHvTEuIcjtwFRQFzS+Y5iLJIA9WJvtryeNxsWGhUq10HbJJr5zT8
OkF1YV7EGp/6OoiIAlqWOKTB5z5yqXuw1Mvqlw8Ji6zIFLl0mDLx5s6QMm90IaHW+1D5
4nIPeNtYaY2coIlVoFnl1QfUz0LibE/8ScmPdb+WucKjG6f06P/yguYhOnBO9i2IXt3Z
bOdUJASoNOk7eyfQPnwk8uPYGXDkFzZtqIYezc2ecvMItiq6JWctZ/ibtDm6tpL3r04B
2jPw+exdimT52/YoyuKVQzfLF9Q5Rlb15uSAlTq2Eam9dOJVyF6ku0MS9aPucierJYDp
m6OQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=MkECjmuP;
spf=neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Return-Path: <[email protected]>
Received: from s64.himihan.com (s64user2.mylittledatacenter.com. [46.4.22.177])
by mx.google.com with ESMTPS id g18-20020a05600c141200b003a02cd14d9dsi16089612wmi.96.2022.06.28.06.34.34
for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 28 Jun 2022 06:34:34 -0700 (PDT)
Received-SPF: neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=46.4.22.177;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=MkECjmuP;
spf=neutral (google.com: 46.4.22.177 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=strumlineco.com; s=default; h=Message-ID:Subject:To:From:
Content-Transfer-Encoding:Content-Type
ate:MIME-Version:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Gx1O2uDSD00fdeId42Zz3/ocxTejA0KkE7p+6N7aXUI=; b=MkECjmuPo49u/k3pn300LqkAub
01vKqZZuFAhnLahgZutFIbT6tv+w2uyGWJB6/Tv0Abjv/bBqfrIAp3yPcQIVVT57t/KcR8btiveTE
NSqYYAs1gbYWadO+v9kxQfCpgE6Vhf3Cg+cHRdPkytCvIpSqitLvAR3naMoyUV5BJZXKIcmOVIbPy
20SVSxcF6hYLnWIZTb9Cdk0LDGkhUi1zizW9WNzZASCradWV+O/g65SRpXEEIj+aEHJw/Cos/cEIa
IR4vWPjoGTEyUa79Xn7F+JxOUVqGeHOj0+AkYWB1QG0aRrPwEK114572neUKIdLEbkHFra6rOwfyt
3odIilPQ==;
Received: from [219.138.44.15] (port=12242 helo=s64.himihan.com)
by s64.himihan.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1o6BMO-006tQC-KK
for ; Tue, 28 Jun 2022 18:04:33 +0430
MIME-Version: 1.0
Date: Tue, 28 Jun 2022 05:34:31 -0800
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
From: "Bojan Despic" <[email protected]>
To:
Subject: Re: Kreiran ugovor eKatastar
Message-ID: <[email protected]>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - s64.himihan.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strumlineco.com
X-Get-Message-Sender-Via: s64.himihan.com: authenticated_id: [email protected]
X-Authenticated-Sender: s64.himihan.com: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
Trazili su da korisnik klikne na sledeci link: https://iktoffice.com/ru/inqteusne i unese pass za arhivu koju bi preuzeo sa sajta: U523
Goedemorgen
Met deze brief stuur ik u alle nodige documentatie over onze komende bijeenkomst, precies zoals we onlangs hebben besproken. Bekijk de nodige gegevens via de volgende link:
https://iktoffice.com/ru/inqteusne
Wachtwoord: U523
Ovo je poprilicno zastarelo, ali ako neko zeli da proveri celu pricu. Sve se manje vise vrti oko domena: dbspssre.com/oelnrsotsud/ i
strumlineco.com/laedlmsu/yh_3215567430.zip
Taj malware koji cete naci na tim domenima, je poprilicno isti koji je distribuiran kao "RGZ" mail poruka.