Attempt to phish nk.ca accounts
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 29 Apr 2022 15:32:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nkYD1-0008dh-W7
for dave@doctor.nl2k.ab.ca;
Fri, 29 Apr 2022 15:31:28 -0600
Resent-From: The Doctor
Resent-Date: Fri, 29 Apr 2022 15:31:27 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [87.246.7.50] (port=57158 helo=nk.ca)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nkTNz-000CR1-CM
for sales@nk.ca;
Fri, 29 Apr 2022 10:22:31 -0600
From: Email Support
To: sales@nk.ca
Subject: WARNING : Activate sales@nk.ca
Date: 29 Apr 2022 09:21:59 -0700
Message-ID: <20220429092159.EB3D141BDE628B81@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_AC5A2FCF.ECEA7AC1"
X-Spam_score: 13.5
X-Spam_score_int: 135
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear, sales Email ID: sales@nk.ca Please click the button
below to confirm your email address and activate your account to avoid loss
of your account.
Content analysis details: (13.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[87.246.7.50 listed in bb.barracudacentral.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=nk.ca;ip=87.246.7.50;r=doctor.nl2k.ab.ca]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=noreply%40nk.ca;ip=87.246.7.50;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.4 FSL_BULK_SIG Bulk signature with no Unsubscribe
3.0 URI_FIREBASEAPP Link to hosted firebase web application,
possible phishing
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} WARNING : Activate sales@nk.ca
------=_NextPart_000_0012_AC5A2FCF.ECEA7AC1
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Dear, sales
------=_NextPart_000_0012_AC5A2FCF.ECEA7AC1
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hemas-microsoft-com:vml" xmlns=3D"http://www.w3.org/1999/xhtml">
ale=3D1">
=20=20=20=20=20=20=20=20
d>
margin:0;
padding:0;
width:100%; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; /*@editable*/background-color:#ffffff;
/*@editable*/background-image:none;
/*@editable*/background-repeat:no-repeat;
/*@editable*/background-position:center;
/*@editable*/background-size:cover">
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%">
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%" align=3D"center">
=3D"4">Email ID: sales@nk.ca
=3D"padding: 0px 20px; direction: ltr;">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 29 Apr 2022 15:32:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nkYD1-0008dh-W7
for dave@doctor.nl2k.ab.ca;
Fri, 29 Apr 2022 15:31:28 -0600
Resent-From: The Doctor
Resent-Date: Fri, 29 Apr 2022 15:31:27 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [87.246.7.50] (port=57158 helo=nk.ca)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1nkTNz-000CR1-CM
for sales@nk.ca;
Fri, 29 Apr 2022 10:22:31 -0600
From: Email Support
To: sales@nk.ca
Subject: WARNING : Activate sales@nk.ca
Date: 29 Apr 2022 09:21:59 -0700
Message-ID: <20220429092159.EB3D141BDE628B81@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_AC5A2FCF.ECEA7AC1"
X-Spam_score: 13.5
X-Spam_score_int: 135
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear, sales Email ID: sales@nk.ca Please click the button
below to confirm your email address and activate your account to avoid loss
of your account.
Content analysis details: (13.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[87.246.7.50 listed in bb.barracudacentral.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=nk.ca;ip=87.246.7.50;r=doctor.nl2k.ab.ca]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=noreply%40nk.ca;ip=87.246.7.50;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.4 FSL_BULK_SIG Bulk signature with no Unsubscribe
3.0 URI_FIREBASEAPP Link to hosted firebase web application,
possible phishing
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} WARNING : Activate sales@nk.ca
------=_NextPart_000_0012_AC5A2FCF.ECEA7AC1
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Dear, sales
------=_NextPart_000_0012_AC5A2FCF.ECEA7AC1
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hemas-microsoft-com:vml" xmlns=3D"http://www.w3.org/1999/xhtml">
ale=3D1">
=20=20=20=20=20=20=20=20
d>
margin:0;
padding:0;
width:100%; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; /*@editable*/background-color:#ffffff;
/*@editable*/background-image:none;
/*@editable*/background-repeat:no-repeat;
/*@editable*/background-position:center;
/*@editable*/background-size:cover">
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%">
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%" align=3D"center">
=3D"4">Email ID: sales@nk.ca
=3D"padding: 0px 20px; direction: ltr;">
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; margin: 0px; padding: 0px 20px 16px; text=
-align: center; line-height: 1.5; font-size: 18px; direction: ltr;" align=
=3D"center">Please click the button below to confirm your =
email address and activate your account to avoid loss of your account.
t>
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; margin: 0px; padding: 24px 0px 16px; text=
-align: center; line-height: 1.5; font-size: 18px; direction: ltr;" align=
=3D"center">
-webkit-text-size-adjust:100%; border-width: 1px 1px 2px; border-style: =
solid; border-color: rgb(2, 135, 190); padding: 10px 30px; border-radius: 4=
px; color: rgb(255, 255, 255); font-weight: 600; display: inline-block; min=
-width: 180px; background-color: rgb(3, 170, 220); text-decoration-line: no=
ne;" href=3D"https://mik0495.web.app/01mik04953984.html#iuser=3Dsales@nk.ca=
" target=3D"_blank" rel=3D"noopener noreferrer">
-> Confirm sales@nk.ca Now <-
10px 0;
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%">
=
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; margin: 0px; padding: 0px 20px 16px; line=
-height: 1.5; font-size: 18px; direction: ltr;" align=3D"center"> =
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%; margin: 0px; padding: 0px 20px 16px; line=
-height: 1.5; font-size: 18px; direction: ltr;" align=3D"center">
=3D"4">Helpful reminder: At any time, log into your account with your sales=
@nk.ca.
padding:0; mso-line-height-rule:exactly; -ms-text-size-adjust:100%;
-webkit-text-size-adjust:100%">
------=_NextPart_000_0012_AC5A2FCF.ECEA7AC1--