phish source

Also phish domain on Namecheap: mailerdrop.xyz

=============================================================================
Return-Path: <expojtrk@business90.web-hosting.com>
Received: from business90-1.web-hosting.com (business90-1.web-hosting.com [162.213.251.133])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by x (Postfix) with ESMTPS id x
for <x>; Sun, 26 Dec 2021 xx:xx:xx +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=exponets.xyz; s=default; h=Date:Sender:Message-Id:From:Content-type:
MIME-Version:Subject:To:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=x=; b=x==;
Received: from expojtrk by business90.web-hosting.com with local (Exim 4.94.2)
(envelope-from <expojtrk@business90.web-hosting.com>)
id x
for x; Sun, 26 Dec 2021 xx:xx:xx -0500
To: x
Subject: Important
MIME-Version: 1.0
Content-type: text/html;charset=UTF-8
From: «x» <expojtrk@business90.web-hosting.com>
Message-Id: <x@business90.web-hosting.com>
Sender: expojtrk@business90.web-hosting.com
Date: Sun, 26 Dec 2021 xx:xx:xx -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname — business90.web-hosting.com
X-AntiAbuse: Original Domain — x
X-AntiAbuse: Originator/Caller UID/GID — [1677 495] / [47 12]
X-AntiAbuse: Sender Address Domain — business90.web-hosting.com
X-Get-Message-Sender-Via: business90.web-hosting.com: authenticated_id: expojtrk/primary_hostname/system user
X-Authenticated-Sender: business90.web-hosting.com: expojtrk
X-Source:
X-Source-Args:
X-Source-Dir: exponets.xyz:/public_html/dynamic_sender_php
X-From-Rewrite: rewritten was: [x@business90.web-hosting.com], actual sender is not the same system user

Hello <strong>x</strong>,<br/><br/>Your email account has run into an authentication error, We have suspended some of your important incoming emails until you are authenticated. <br/><br/><b>To continue sending and receiving messages, Please verify your x account

[…]

<a href=»https://mailerdrop.xyz/webm/message/centerme/centercm/x==/?email=x
«

[…]

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *