credential phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 19 Sep 2022 07:12:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oaGYP-000LQT-UM
for dave@doctor.nl2k.ab.ca;
Mon, 19 Sep 2022 07:11:17 -0600
Resent-From: The Doctor
Resent-Date: Mon, 19 Sep 2022 07:11:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail0.gobaxte.com ([85.31.46.32]:38516)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oaFAE-00089D-85
for doctor@nl2k.ab.ca;
Mon, 19 Sep 2022 05:42:18 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=gobaxte.com;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:
Content-Transfer-Encoding; i=contatti@gobaxte.com;
bh=JlGpXpFdiHpnn5klaXE8kPNhkkiEqz34o1yPJ+sjDBs=;
b=GdzAROf6xTKvdLQPld7ImFbbhyFIq1dBmgF7l63HTzcV55rsU7PaetYb6u2FanMAUSw2o2GYckVZ
nO4zBOcPuR1UO8BwHSqQ865/9+LuUhN/z9uMRIZGAX/dfTUjElGBX+2bxTMhhqbJXxQ7mWBVSbp7
oydF4Y0RWsBcNmLi128=
From: Email Serverinfo
To: doctor@nl2k.ab.ca
Subject: doctor@nl2k.ab.ca Urgent: Emails Waiting on Server
Date: 19 Sep 2022 04:26:06 -0700
Message-ID: <20220919042606.E4B3ADF925A0BE49@gobaxte.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.5
X-Spam_score_int: 95
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear doctor You have some messages waiting on your server.
Please VERIFY YOURSELF doctor@nl2k.ab.ca Use the following account to access
standby messages.
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: gobaxte.com]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[85.31.46.32 listed in ix.dnsbl.manitu.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
2.2 GOOG_STO_EMAIL_PHISH Possible phishing with google hosted
content URI having email address
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to
avoid URIBL
Subject: {SPAM?} doctor@nl2k.ab.ca Urgent: Emails Waiting on Server
Registration Team.
you can visit
ty/">https://www.nl2k.ab.ca/check-activity/ to view email activity
&=
copy; 2021 .nl2k.ab.ca All rights reserved.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 19 Sep 2022 07:12:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oaGYP-000LQT-UM
for dave@doctor.nl2k.ab.ca;
Mon, 19 Sep 2022 07:11:17 -0600
Resent-From: The Doctor
Resent-Date: Mon, 19 Sep 2022 07:11:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail0.gobaxte.com ([85.31.46.32]:38516)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oaFAE-00089D-85
for doctor@nl2k.ab.ca;
Mon, 19 Sep 2022 05:42:18 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=gobaxte.com;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:
Content-Transfer-Encoding; i=contatti@gobaxte.com;
bh=JlGpXpFdiHpnn5klaXE8kPNhkkiEqz34o1yPJ+sjDBs=;
b=GdzAROf6xTKvdLQPld7ImFbbhyFIq1dBmgF7l63HTzcV55rsU7PaetYb6u2FanMAUSw2o2GYckVZ
nO4zBOcPuR1UO8BwHSqQ865/9+LuUhN/z9uMRIZGAX/dfTUjElGBX+2bxTMhhqbJXxQ7mWBVSbp7
oydF4Y0RWsBcNmLi128=
From: Email Serverinfo
To: doctor@nl2k.ab.ca
Subject: doctor@nl2k.ab.ca Urgent: Emails Waiting on Server
Date: 19 Sep 2022 04:26:06 -0700
Message-ID: <20220919042606.E4B3ADF925A0BE49@gobaxte.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.5
X-Spam_score_int: 95
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear doctor You have some messages waiting on your server.
Please VERIFY YOURSELF doctor@nl2k.ab.ca Use the following account to access
standby messages.
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: gobaxte.com]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[85.31.46.32 listed in ix.dnsbl.manitu.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
2.2 GOOG_STO_EMAIL_PHISH Possible phishing with google hosted
content URI having email address
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to
avoid URIBL
Subject: {SPAM?} doctor@nl2k.ab.ca Urgent: Emails Waiting on Server
Dear doctor
You have some messages waiting on your server.<=
/P>
Please VERIFY YOURSELF doctor@nl2k.ab.ca Use the following accoun=
t to access standby messages.
Activation expires after 12 hours 9/19=
/2022 4:26:06 a.m. and your domain name nl2k.ab.ca will be =
blocked
E>
t to access standby messages.
Activation expires after 12 hours 9/19=
/2022 4:26:06 a.m. and your domain name nl2k.ab.ca will be =
blocked
arent" border=3D"0"> | ||
wbsh.appspot.com/o/BGFtkkuhy.html?alt=3Dmedia&token=3D0de3ab42-1ab5-48f= f-adc3-a34f435978f8#doctor@nl2k.ab.ca" rel=3Dnoreferrer target=3D_blank>VER= IFY ACCOUNT HERE |
E>
Registration Team.
you can visit
ty/">https://www.nl2k.ab.ca/check-activity/ to view email activity
&=
copy; 2021 .nl2k.ab.ca All rights reserved.