Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
phishing
462 views
Skip to first unread message
Lemat
Aug 29, 2021, 8:55:17 AM8/29/21
to
Przyszedł taki email:
Return-Path: <aryni...@pwsz-ns.edu.pl>
Delivered-To: spam-quarantine
X-Envelope-From: <aryni...@pwsz-ns.edu.pl>
X-Envelope-To: <le...@lemat.priv.pl>
X-Envelope-To-Blocked: <le...@lemat.priv.pl>
X-Quarantine-ID: <OwvwmYlbVzQF>
X-Spam-Flag: YES
X-Spam-Score: 23.054
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.054 tag=-9999 tag2=6.31 kill=6.31
tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001,
MISSING_HEADERS=1.207, RCVD_IN_DNSWL_MED=-2.3,
REPLYTO_WITHOUT_TO_CC=1.946, SPF_HELO_NONE=0.5, SPF_PASS=-0.001,
SUBJ_ALL_CAPS=0.5, URIBL_BLOCKED=0.001, URIBL_WS_TLD=20,
_URIBL_WS_TLD=1] autolearn=no autolearn_force=no
Received: from unknown by localhost (amavisd-new, unix socket) id
OwvwmYlbVzQF
for <le...@lemat.priv.pl>; Sun, 29 Aug 2021 11:10:22 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl (poczta.pwsz-ns.edu.pl [195.117.226.2])
by mail.lemat.priv.pl (amavisd-milter);
Sun, 29 Aug 2021 11:10:20 +0200 (CEST)
(envelope-from <aryni...@pwsz-ns.edu.pl>)
Authentication-Results: mail.lemat.priv.pl; spf=pass (sender SPF
authorized) smtp.mailfrom=pwsz-ns.edu.pl (client-ip=195.117.226.2;
helo=poczta.pwsz-ns.edu.pl; envelope-from=aryni...@pwsz-ns.edu.pl;
receiver=<UNKNOWN>)
Authentication-Results: mail.lemat.priv.pl; dmarc=none (p=none dis=none)
header.from=pwsz-ns.edu.pl
Authentication-Results: mail.lemat.priv.pl;
dkim=fail reason="key not found in DNS" header.d=pwsz-ns.edu.pl
header.i=@pwsz-ns.edu.pl header.a=rsa-sha256
header.s=0D5A4204-0521-11E9-B2E6-BD8463DE288D header.b=KFNQnOyq;
dkim-atps=neutral
X-Greylist: delayed 00:10:10 by SQLgrey-1.8.0
Received: from localhost (localhost.localdomain [127.0.0.1])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id 118D22102133;
Sun, 29 Aug 2021 11:00:10 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl ([127.0.0.1])
by localhost (poczta.pwsz-ns.edu.pl [127.0.0.1]) (amavisd-new,
port 10032)
with ESMTP id BuD64I2bmy-g; Sun, 29 Aug 2021 11:00:06 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id 18A5C2102131;
Sun, 29 Aug 2021 11:00:06 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 poczta.pwsz-ns.edu.pl 18A5C2102131
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pwsz-ns.edu.pl;
s=0D5A4204-0521-11E9-B2E6-BD8463DE288D; t=1630227606;
bh=Fuwbd+IFBO4ill2OphG2UE3EYIMXIMG0g1ws37zYpK0=;
h=Date:From:Reply-To:Message-ID:Subject:MIME-Version:Content-Type;
b=KFNQnOyqeByIElNU7l5xmUlHo7UaRyHA/AL+hQBqweNi4HLhEx4KwlThdSd99ec5r
U176uqFDPnCvcr1ij1A51wTphtcEulZ6UoNCcKndZnhea9AXRLEhVPvUgd0QfU77pw
zGarr//3yGPvQJzAQPSOwtLcDEjpSbQXrgnJTIOM=
X-Virus-Scanned: amavisd-new at poczta.pwsz-ns.edu.pl
Received: from poczta.pwsz-ns.edu.pl ([127.0.0.1])
by localhost (poczta.pwsz-ns.edu.pl [127.0.0.1]) (amavisd-new,
port 10026)
with ESMTP id Wzsbz6iEwiFW; Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl (poczta.pwsz-ns.edu.pl [195.117.226.2])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id E10BA2102127;
Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
Date: Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
From: Administracja Publiczna <aryni...@pwsz-ns.edu.pl>
Reply-To: Administracja Publiczna <nor...@webmaster.pl>
Message-ID:
<1409228712.2414540.16302...@pwsz-ns.edu.pl>
Subject: =?utf-8?Q?W=C5=81=C4=84CZANIE_ELEKTRONICZNEJ_POCZTY!!!?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_2414539_2072053552.1630227605901"
X-Originating-IP: [45.128.38.67]
X-Mailer: Zimbra 8.0.9_GA_6191 (zclient/8.0.9_GA_6191)
Thread-Topic: =?utf-8?B?V8WBxIRDWkFOSUU=?= ELEKTRONICZNEJ POCZTY!!!
Thread-Index: zDHkgnbBw4FS3IKfL2547YchUvXpGw==
W=C5=81=C4=84CZANIE ELEKTRONICZNEJ POCZTY
4,5 GB 0,5 GB
Przekroczy=C5=82e=C5=9B limit miejsca w skrzynce pocztowej
zdefinio=
wany przez administratora i nie b=C4=99dziesz w stanie odbiera=C4=87 nowych=
wiadomo=C5=9Bci e-mail, dop=C3=B3ki ich ponownie nie aktywujesz. Aby
ponow=
nie aktywowa=C4=87, kliknij
Pozdrowienia=20
Administracja Publiczna
<html><head><style> body {height: 100%; color:#000000; font-size:12pt; font=
-family:times new roman,new york,times,serif;}</style></head><body><div><br=
></div><div><br></div><div><br></div><div
class=3D"x_Vzh05neKQu87GUy5UviOc =
x_QMubUjbS-BOly_BTHEZj7 x_allowTextSelection"><div class=3D"x_rps_a583"><p>=
W=C5=81=C4=84CZANIE ELEKTRONICZNEJ POCZTY<br>4,5 GB 0,5 GB<br></p><div><br>=
</div><p><br> Przekroczy=C5=82e=
=C5=9B limit miejsca w skrzynce pocztowej zdefiniowany przez administratora=
i nie b=C4=99dziesz w stanie odbiera=C4=87 nowych wiadomo=C5=9Bci
e-mail, =
dop=C3=B3ki ich ponownie nie aktywujesz. Aby ponownie aktywowa=C4=87, <a hr=
ef=3D"http://pocztaadminhelpunit1.moonfruit.com/" target=3D"_blank" rel=3D"=
noopener noreferrer" data-auth=3D"NotApplicable" data-linkindex=3D"0" data-=
mce-href=3D"http://pocztaadminhelpunit1.moonfruit.com/">kliknij</a></p><p><=
br></p><p><br>Pozdrowienia <br>Administracja Publiczna</p></div></div></bod=
y></html>
Więc podałem dane na tej stronie logowania i chwilę później miałem
nieudane logowanie z tego adresu IP:
# whois 45.128.38.67
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '45.128.38.0 - 45.128.38.255'
% Abuse contact for '45.128.38.0 - 45.128.38.255' is 'ab...@m247.ro'
inetnum: 45.128.38.0 - 45.128.38.255
netname: M247-LTD-Warsaw
descr: M247 LTD Warsaw Infrastructure
org: ORG-MLA26-RIPE
country: PL
geoloc: 52.155630 21.002753
admin-c: GBXS29-RIPE
tech-c: GBXS29-RIPE
status: ASSIGNED PA
mnt-by: GLOBALAXS-MNT
remarks: ---- LEGAL CONCERNS ----
remarks: For any legal requests, please send an email to
remarks: ro-l...@m247.ro for a maximum 48hours response.
remarks: ---- LEGAL CONCERNS----
created: 2021-03-23T10:44:11Z
last-modified: 2021-03-23T10:44:11Z
source: RIPE
organisation: ORG-MLA26-RIPE
org-name: M247 Ltd Warsaw
org-type: OTHER
address: Poleczki 23,
address: 02-822 Warszawa, Poland
abuse-c: ME5262-RIPE
mnt-ref: GLOBALAXS-MNT
mnt-by: GLOBALAXS-MNT
created: 2018-05-24T08:32:08Z
last-modified: 2018-05-24T08:32:08Z
source: RIPE # Filtered
role: GLOBALAXS Warsaw NOC
address: Poleczki 23, 02-822 Warszawa, Poland
abuse-mailbox: ab...@m247.com
nic-hdl: GBXS29-RIPE
mnt-by: GLOBALAXS-MNT
created: 2018-02-07T13:56:25Z
last-modified: 2018-02-07T13:56:25Z
source: RIPE # Filtered
% Information related to '45.128.38.0/24AS9009'
route: 45.128.38.0/24
descr: M247 Europe
origin: AS9009
mnt-by: GLOBALAXS-MNT
created: 2021-03-08T14:36:58Z
last-modified: 2021-03-08T14:36:58Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.101
(WAGYU)
--
Pozdrawiam
Lemat
Return-Path: <aryni...@pwsz-ns.edu.pl>
Delivered-To: spam-quarantine
X-Envelope-From: <aryni...@pwsz-ns.edu.pl>
X-Envelope-To: <le...@lemat.priv.pl>
X-Envelope-To-Blocked: <le...@lemat.priv.pl>
X-Quarantine-ID: <OwvwmYlbVzQF>
X-Spam-Flag: YES
X-Spam-Score: 23.054
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.054 tag=-9999 tag2=6.31 kill=6.31
tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001,
MISSING_HEADERS=1.207, RCVD_IN_DNSWL_MED=-2.3,
REPLYTO_WITHOUT_TO_CC=1.946, SPF_HELO_NONE=0.5, SPF_PASS=-0.001,
SUBJ_ALL_CAPS=0.5, URIBL_BLOCKED=0.001, URIBL_WS_TLD=20,
_URIBL_WS_TLD=1] autolearn=no autolearn_force=no
Received: from unknown by localhost (amavisd-new, unix socket) id
OwvwmYlbVzQF
for <le...@lemat.priv.pl>; Sun, 29 Aug 2021 11:10:22 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl (poczta.pwsz-ns.edu.pl [195.117.226.2])
by mail.lemat.priv.pl (amavisd-milter);
Sun, 29 Aug 2021 11:10:20 +0200 (CEST)
(envelope-from <aryni...@pwsz-ns.edu.pl>)
Authentication-Results: mail.lemat.priv.pl; spf=pass (sender SPF
authorized) smtp.mailfrom=pwsz-ns.edu.pl (client-ip=195.117.226.2;
helo=poczta.pwsz-ns.edu.pl; envelope-from=aryni...@pwsz-ns.edu.pl;
receiver=<UNKNOWN>)
Authentication-Results: mail.lemat.priv.pl; dmarc=none (p=none dis=none)
header.from=pwsz-ns.edu.pl
Authentication-Results: mail.lemat.priv.pl;
dkim=fail reason="key not found in DNS" header.d=pwsz-ns.edu.pl
header.i=@pwsz-ns.edu.pl header.a=rsa-sha256
header.s=0D5A4204-0521-11E9-B2E6-BD8463DE288D header.b=KFNQnOyq;
dkim-atps=neutral
X-Greylist: delayed 00:10:10 by SQLgrey-1.8.0
Received: from localhost (localhost.localdomain [127.0.0.1])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id 118D22102133;
Sun, 29 Aug 2021 11:00:10 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl ([127.0.0.1])
by localhost (poczta.pwsz-ns.edu.pl [127.0.0.1]) (amavisd-new,
port 10032)
with ESMTP id BuD64I2bmy-g; Sun, 29 Aug 2021 11:00:06 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id 18A5C2102131;
Sun, 29 Aug 2021 11:00:06 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 poczta.pwsz-ns.edu.pl 18A5C2102131
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pwsz-ns.edu.pl;
s=0D5A4204-0521-11E9-B2E6-BD8463DE288D; t=1630227606;
bh=Fuwbd+IFBO4ill2OphG2UE3EYIMXIMG0g1ws37zYpK0=;
h=Date:From:Reply-To:Message-ID:Subject:MIME-Version:Content-Type;
b=KFNQnOyqeByIElNU7l5xmUlHo7UaRyHA/AL+hQBqweNi4HLhEx4KwlThdSd99ec5r
U176uqFDPnCvcr1ij1A51wTphtcEulZ6UoNCcKndZnhea9AXRLEhVPvUgd0QfU77pw
zGarr//3yGPvQJzAQPSOwtLcDEjpSbQXrgnJTIOM=
X-Virus-Scanned: amavisd-new at poczta.pwsz-ns.edu.pl
Received: from poczta.pwsz-ns.edu.pl ([127.0.0.1])
by localhost (poczta.pwsz-ns.edu.pl [127.0.0.1]) (amavisd-new,
port 10026)
with ESMTP id Wzsbz6iEwiFW; Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
Received: from poczta.pwsz-ns.edu.pl (poczta.pwsz-ns.edu.pl [195.117.226.2])
by poczta.pwsz-ns.edu.pl (Postfix) with ESMTP id E10BA2102127;
Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
Date: Sun, 29 Aug 2021 11:00:05 +0200 (CEST)
From: Administracja Publiczna <aryni...@pwsz-ns.edu.pl>
Reply-To: Administracja Publiczna <nor...@webmaster.pl>
Message-ID:
<1409228712.2414540.16302...@pwsz-ns.edu.pl>
Subject: =?utf-8?Q?W=C5=81=C4=84CZANIE_ELEKTRONICZNEJ_POCZTY!!!?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_2414539_2072053552.1630227605901"
X-Originating-IP: [45.128.38.67]
X-Mailer: Zimbra 8.0.9_GA_6191 (zclient/8.0.9_GA_6191)
Thread-Topic: =?utf-8?B?V8WBxIRDWkFOSUU=?= ELEKTRONICZNEJ POCZTY!!!
Thread-Index: zDHkgnbBw4FS3IKfL2547YchUvXpGw==
W=C5=81=C4=84CZANIE ELEKTRONICZNEJ POCZTY
4,5 GB 0,5 GB
Przekroczy=C5=82e=C5=9B limit miejsca w skrzynce pocztowej
zdefinio=
wany przez administratora i nie b=C4=99dziesz w stanie odbiera=C4=87 nowych=
wiadomo=C5=9Bci e-mail, dop=C3=B3ki ich ponownie nie aktywujesz. Aby
ponow=
nie aktywowa=C4=87, kliknij
Pozdrowienia=20
Administracja Publiczna
<html><head><style> body {height: 100%; color:#000000; font-size:12pt; font=
-family:times new roman,new york,times,serif;}</style></head><body><div><br=
></div><div><br></div><div><br></div><div
class=3D"x_Vzh05neKQu87GUy5UviOc =
x_QMubUjbS-BOly_BTHEZj7 x_allowTextSelection"><div class=3D"x_rps_a583"><p>=
W=C5=81=C4=84CZANIE ELEKTRONICZNEJ POCZTY<br>4,5 GB 0,5 GB<br></p><div><br>=
</div><p><br> Przekroczy=C5=82e=
=C5=9B limit miejsca w skrzynce pocztowej zdefiniowany przez administratora=
i nie b=C4=99dziesz w stanie odbiera=C4=87 nowych wiadomo=C5=9Bci
e-mail, =
dop=C3=B3ki ich ponownie nie aktywujesz. Aby ponownie aktywowa=C4=87, <a hr=
ef=3D"http://pocztaadminhelpunit1.moonfruit.com/" target=3D"_blank" rel=3D"=
noopener noreferrer" data-auth=3D"NotApplicable" data-linkindex=3D"0" data-=
mce-href=3D"http://pocztaadminhelpunit1.moonfruit.com/">kliknij</a></p><p><=
br></p><p><br>Pozdrowienia <br>Administracja Publiczna</p></div></div></bod=
y></html>
Więc podałem dane na tej stronie logowania i chwilę później miałem
nieudane logowanie z tego adresu IP:
# whois 45.128.38.67
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '45.128.38.0 - 45.128.38.255'
% Abuse contact for '45.128.38.0 - 45.128.38.255' is 'ab...@m247.ro'
inetnum: 45.128.38.0 - 45.128.38.255
netname: M247-LTD-Warsaw
descr: M247 LTD Warsaw Infrastructure
org: ORG-MLA26-RIPE
country: PL
geoloc: 52.155630 21.002753
admin-c: GBXS29-RIPE
tech-c: GBXS29-RIPE
status: ASSIGNED PA
mnt-by: GLOBALAXS-MNT
remarks: ---- LEGAL CONCERNS ----
remarks: For any legal requests, please send an email to
remarks: ro-l...@m247.ro for a maximum 48hours response.
remarks: ---- LEGAL CONCERNS----
created: 2021-03-23T10:44:11Z
last-modified: 2021-03-23T10:44:11Z
source: RIPE
organisation: ORG-MLA26-RIPE
org-name: M247 Ltd Warsaw
org-type: OTHER
address: Poleczki 23,
address: 02-822 Warszawa, Poland
abuse-c: ME5262-RIPE
mnt-ref: GLOBALAXS-MNT
mnt-by: GLOBALAXS-MNT
created: 2018-05-24T08:32:08Z
last-modified: 2018-05-24T08:32:08Z
source: RIPE # Filtered
role: GLOBALAXS Warsaw NOC
address: Poleczki 23, 02-822 Warszawa, Poland
abuse-mailbox: ab...@m247.com
nic-hdl: GBXS29-RIPE
mnt-by: GLOBALAXS-MNT
created: 2018-02-07T13:56:25Z
last-modified: 2018-02-07T13:56:25Z
source: RIPE # Filtered
% Information related to '45.128.38.0/24AS9009'
route: 45.128.38.0/24
descr: M247 Europe
origin: AS9009
mnt-by: GLOBALAXS-MNT
created: 2021-03-08T14:36:58Z
last-modified: 2021-03-08T14:36:58Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.101
(WAGYU)
--
Pozdrawiam
Lemat
KIKI
Aug 29, 2021, 9:49:25 AM8/29/21
to
On 29.08.2021 14:55, Lemat wrote:
> Przyszedł taki email:
>
> Return-Path: <aryni...@pwsz-ns.edu.pl>
https://dmarcian.com/domain-checker/?domain=pwsz-ns.edu.pl
> Przyszedł taki email:
>
> Return-Path: <aryni...@pwsz-ns.edu.pl>
v=spf1 ip4:195.117.226.0/25 mx a -all
I ty możesz zostać serwerem MTA :-) DMARC-u niet.
0 new messages