Phishing attempt to gain nk.ca user credentials from Delaware
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 18 Oct 2022 15:30:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oku99-000LqG-UQ
for dave@doctor.nl2k.ab.ca;
Tue, 18 Oct 2022 15:29:11 -0600
Resent-From: The Doctor
Resent-Date: Tue, 18 Oct 2022 15:29:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.15.143.128] (port=52203 helo=centre.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oktjO-000Hk7-Dw
for root@nl2k.ab.ca;
Tue, 18 Oct 2022 15:02:39 -0600
From: "nl2k.ab.ca mailcenter"
To: root@nl2k.ab.ca
Subject: Password for root@nl2k.ab.ca expires soon from Today 10/18/2022 1:59:42 p.m.
Date: 18 Oct 2022 13:59:43 -0700
Message-ID: <20221018135942.29BD4AB4C6D26377@centre.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Mailcenter@ nl2k.ab.ca Sender Action Required Password About
to Expire Dear root, The password for root@nl2k.ab.ca will expire this week.
Friday By 10/18/2022 1:59:42 p.m.
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: ipfs.io]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[45.15.143.128 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[45.15.143.128 listed in ix.dnsbl.manitu.net]
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 NORDNS_LOW_CONTRAST No rDNS + hidden text
Subject: {SPAM?} Password for root@nl2k.ab.ca expires soon from Today 10/18/2022 1:59:42 p.m.
/TR/xhtml1/DTD/xhtml1-strict.dtd">
w3.org/1999/xhtml">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
g: normal; padding-top: 0px; padding-bottom: 0px; font-family: inherit; fon=
t-size: small; font-style: normal; font-weight: 600; word-spacing: 0px; whi=
te-space: normal; border-collapse: collapse; max-width: 548px; border-spaci=
ng: 0px; orphans: 2; widows: 2; font-stretch: inherit; background-color: rg=
b(255, 255, 255); font-variant-ligatures: normal; font-variant-caps: normal=
; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial; -webkit-tex=
t-stroke-width: 0px;" border=3D"0">
th: 181px; font-family: "Segoe UI", Frutiger, Arial, sans-serif; =
vertical-align: bottom;">Mailcenter@ nl2k.ab.ca
px; width: 186px; text-align: center; font-family: "Segoe UI", Fr=
utiger, Arial, sans-serif; vertical-align: bottom;">
ot;Segoe UI", Frutiger, Arial, sans-serif; vertical-align: bottom;">&n=
bsp;
padding-bottom: 0px; font-family: "Segoe UI", Frutiger, Arial, s=
ans-serif; font-size: 14px; vertical-align: middle;">
0px; padding: 0px; border: 0px currentColor; border-image: none; color: wh=
ite; vertical-align: baseline;">
image: none; color: black; vertical-align: baseline; font-feature-settings:=
inherit; font-kerning: inherit;">Sender
gin: 0px; width: 186px; text-align: center; padding-top: 0px; padding-botto=
m: 0px; font-family: "Segoe UI", Frutiger, Arial, sans-serif; fon=
t-size: 14px; font-weight: 400; vertical-align: middle;">
; padding-bottom: 0px; font-family: "Segoe UI", Frutiger, Arial, =
sans-serif; font-size: 14px; font-weight: 400; vertical-align: middle;">
an style=3D"margin: 0px; padding: 0px; border: 0px currentColor; border-ima=
ge: none; color: white; vertical-align: baseline;">
px; padding: 0px; border: 0px currentColor; border-image: none; color: rgb(=
192, 0, 0); vertical-align: baseline;">
Action Required
x; padding: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-s=
erif;" colspan=3D"3">
e; border-spacing: 0px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><=
tbody>
x; line-height: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, s=
ans-serif; font-size: 6px;" bgcolor=3D"#cccccc">
ht: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; f=
ont-size: 6px;" bgcolor=3D"white">
ing: 0px; width: 180px; height: 10px; line-height: 10px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 6px;" bgcolor=3D"#=
cccccc">
ht: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; f=
ont-size: 6px;" bgcolor=3D"white">
ing: 0px; width: 180px; height: 10px; line-height: 10px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 6px;" bgcolor=3D"#=
c00000">
nt-family: "Segoe UI", Frutiger, Arial, sans-serif; font-size: 14=
px; font-weight: 400;">
idth: 186px; text-align: center; line-height: 20px; font-family: "Sego=
e UI", Frutiger, Arial, sans-serif; font-size: 14px; font-weight: 400;=
">
ne-height: 20px; font-family: "Segoe UI", Frutiger, Arial, sans-s=
erif; font-size: 14px; font-weight: 400;">
ng: 0px; border: 0px currentColor; border-image: none; color: white; vertic=
al-align: baseline;">
currentColor; border-image: none; color: rgb(192, 0, 0); vertical-align: ba=
seline;">Password About to Expire
font-size: 14px; color: rgb(34, 34, 34); text-transform: none; text-i=
ndent: 0px; letter-spacing: normal; font-family: Arial, Helvetica, sans-ser=
if; font-size: small; font-style: normal; font-weight: 400; word-spacing: 0=
px; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, =
255, 255); font-variant-ligatures: normal; font-variant-caps: normal; text-=
decoration-thickness: initial; text-decoration-style: initial; text-decorat=
ion-color: initial; -webkit-text-stroke-width: 0px;">
y: arial,helvetica,sans-serif;
font-size: 14px; margin: 0; padding: 0">
kground-color: rgb(242, 245, 250);" border=3D"0">
rgin: 0px; padding: 0px 10px; font-family: "Segoe UI", Frutiger, =
Arial, sans-serif; font-size: 21px;">
,helvetica,sans-serif;
font-size: 14px; margin: 0px; padding: 0px; border: 0px currentColor;=
border-image: none; color: rgb(32, 31, 30); font-family: inherit; font-siz=
e: 15px; vertical-align: baseline; font-stretch: inherit;">Dear root,=
font-size: 14px; margin: 0px; padding: 0px; border: 0px currentColor;=
border-image: none; color: rgb(32, 31, 30); font-family: inherit; font-siz=
e: 15px; vertical-align: baseline; font-stretch: inherit;">
>
ot;Segoe UI", Frutiger, Arial, sans-serif; font-size: 16px;">
The password for root@nl2k.ab.ca
px; border: 0px currentColor; border-image: none; color: rgb(255, 0, 0); ve=
rtical-align: baseline;">
0px currentColor; border-image: none; color: rgb(0, 0, 0); vertical-align: =
baseline;"> will expire this week. Friday By 10/18/2022 1:59:42 p.m.
span>
Kindly use the below button to continue using the same =
password.
er-radius: 3px; color: rgb(255, 255, 255); font-weight: 700; display: inlin=
e-block; text-decoration-line: none;" href=3D"https://ipfs.io/ipfs/QmR3Cung=
xbtH8WvbCPWHzx2DvAygL1hBvfWHE5UckiPdRS?filename=3DC%20J%20CJ%20JC%20%20JLS%=
20EWD%20%20JFJ.html#root@nl2k.ab.ca" target=3D"_blank" rel=3D"noreferrer">C=
ontinue With Same Password
der-radius: 3px; color: rgb(255, 255, 255); font-weight: 700; display: inli=
ne-block; text-decoration-line: none;" href=3D"https://ipfs.io/ipfs/QmR3Cun=
gxbtH8WvbCPWHzx2DvAygL1hBvfWHE5UckiPdRS?filename=3DC%20J%20CJ%20JC%20%20JLS=
%20EWD%20%20JFJ.html#root@nl2k.ab.ca" target=3D"_blank" rel=3D"noreferrer">=
Change Password
or: rgb(252, 3, 50);">
font-size: 14px">
=
font-size: 14px; margin: 0; padding: 0; margin: 0px; padding: 0px; li=
ne-height: 1.5;" align=3D"center">Further messages m=
ight be prevented if any of the above actions are not performed.
This em=
ail was sent from nl2k.ab.ca Mail Center.
Copy=
right © 2022 nl2k.ab.ca Inc. All rights reserved.
an>
I", Frutiger, Arial, sans-serif; font-size: 16px;">
body>
font-size: 14px; margin: 0; padding: 0">
e-newline">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 18 Oct 2022 15:30:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oku99-000LqG-UQ
for dave@doctor.nl2k.ab.ca;
Tue, 18 Oct 2022 15:29:11 -0600
Resent-From: The Doctor
Resent-Date: Tue, 18 Oct 2022 15:29:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.15.143.128] (port=52203 helo=centre.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oktjO-000Hk7-Dw
for root@nl2k.ab.ca;
Tue, 18 Oct 2022 15:02:39 -0600
From: "nl2k.ab.ca mailcenter"
To: root@nl2k.ab.ca
Subject: Password for root@nl2k.ab.ca expires soon from Today 10/18/2022 1:59:42 p.m.
Date: 18 Oct 2022 13:59:43 -0700
Message-ID: <20221018135942.29BD4AB4C6D26377@centre.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Mailcenter@ nl2k.ab.ca Sender Action Required Password About
to Expire Dear root, The password for root@nl2k.ab.ca will expire this week.
Friday By 10/18/2022 1:59:42 p.m.
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: ipfs.io]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[45.15.143.128 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[45.15.143.128 listed in ix.dnsbl.manitu.net]
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 NORDNS_LOW_CONTRAST No rDNS + hidden text
Subject: {SPAM?} Password for root@nl2k.ab.ca expires soon from Today 10/18/2022 1:59:42 p.m.
/TR/xhtml1/DTD/xhtml1-strict.dtd">
w3.org/1999/xhtml">
-8">
e=3D1, minimum-scale=3D1, maximum-scale=3D1">
font-size: 14px; color: #000000">
g: normal; padding-top: 0px; padding-bottom: 0px; font-family: inherit; fon=
t-size: small; font-style: normal; font-weight: 600; word-spacing: 0px; whi=
te-space: normal; border-collapse: collapse; max-width: 548px; border-spaci=
ng: 0px; orphans: 2; widows: 2; font-stretch: inherit; background-color: rg=
b(255, 255, 255); font-variant-ligatures: normal; font-variant-caps: normal=
; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial; -webkit-tex=
t-stroke-width: 0px;" border=3D"0">
th: 181px; font-family: "Segoe UI", Frutiger, Arial, sans-serif; =
vertical-align: bottom;">Mailcenter@ nl2k.ab.ca
px; width: 186px; text-align: center; font-family: "Segoe UI", Fr=
utiger, Arial, sans-serif; vertical-align: bottom;">
ot;Segoe UI", Frutiger, Arial, sans-serif; vertical-align: bottom;">&n=
bsp;
padding-bottom: 0px; font-family: "Segoe UI", Frutiger, Arial, s=
ans-serif; font-size: 14px; vertical-align: middle;">
0px; padding: 0px; border: 0px currentColor; border-image: none; color: wh=
ite; vertical-align: baseline;">
image: none; color: black; vertical-align: baseline; font-feature-settings:=
inherit; font-kerning: inherit;">Sender
gin: 0px; width: 186px; text-align: center; padding-top: 0px; padding-botto=
m: 0px; font-family: "Segoe UI", Frutiger, Arial, sans-serif; fon=
t-size: 14px; font-weight: 400; vertical-align: middle;">
; padding-bottom: 0px; font-family: "Segoe UI", Frutiger, Arial, =
sans-serif; font-size: 14px; font-weight: 400; vertical-align: middle;">
an style=3D"margin: 0px; padding: 0px; border: 0px currentColor; border-ima=
ge: none; color: white; vertical-align: baseline;">
px; padding: 0px; border: 0px currentColor; border-image: none; color: rgb(=
192, 0, 0); vertical-align: baseline;">
Action Required
x; padding: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-s=
erif;" colspan=3D"3">
e; border-spacing: 0px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><=
tbody>
x; line-height: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, s=
ans-serif; font-size: 6px;" bgcolor=3D"#cccccc">
ht: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; f=
ont-size: 6px;" bgcolor=3D"white">
ing: 0px; width: 180px; height: 10px; line-height: 10px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 6px;" bgcolor=3D"#=
cccccc">
ht: 10px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; f=
ont-size: 6px;" bgcolor=3D"white">
ing: 0px; width: 180px; height: 10px; line-height: 10px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 6px;" bgcolor=3D"#=
c00000">
nt-family: "Segoe UI", Frutiger, Arial, sans-serif; font-size: 14=
px; font-weight: 400;">
idth: 186px; text-align: center; line-height: 20px; font-family: "Sego=
e UI", Frutiger, Arial, sans-serif; font-size: 14px; font-weight: 400;=
">
ne-height: 20px; font-family: "Segoe UI", Frutiger, Arial, sans-s=
erif; font-size: 14px; font-weight: 400;">
ng: 0px; border: 0px currentColor; border-image: none; color: white; vertic=
al-align: baseline;">
currentColor; border-image: none; color: rgb(192, 0, 0); vertical-align: ba=
seline;">Password About to Expire
font-size: 14px; color: rgb(34, 34, 34); text-transform: none; text-i=
ndent: 0px; letter-spacing: normal; font-family: Arial, Helvetica, sans-ser=
if; font-size: small; font-style: normal; font-weight: 400; word-spacing: 0=
px; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, =
255, 255); font-variant-ligatures: normal; font-variant-caps: normal; text-=
decoration-thickness: initial; text-decoration-style: initial; text-decorat=
ion-color: initial; -webkit-text-stroke-width: 0px;">
y: arial,helvetica,sans-serif;
font-size: 14px; margin: 0; padding: 0">
kground-color: rgb(242, 245, 250);" border=3D"0">
rgin: 0px; padding: 0px 10px; font-family: "Segoe UI", Frutiger, =
Arial, sans-serif; font-size: 21px;">
,helvetica,sans-serif;
font-size: 14px; margin: 0px; padding: 0px; border: 0px currentColor;=
border-image: none; color: rgb(32, 31, 30); font-family: inherit; font-siz=
e: 15px; vertical-align: baseline; font-stretch: inherit;">Dear root,=
font-size: 14px; margin: 0px; padding: 0px; border: 0px currentColor;=
border-image: none; color: rgb(32, 31, 30); font-family: inherit; font-siz=
e: 15px; vertical-align: baseline; font-stretch: inherit;">
>
ot;Segoe UI", Frutiger, Arial, sans-serif; font-size: 16px;">
The password for root@nl2k.ab.ca
px; border: 0px currentColor; border-image: none; color: rgb(255, 0, 0); ve=
rtical-align: baseline;">
0px currentColor; border-image: none; color: rgb(0, 0, 0); vertical-align: =
baseline;"> will expire this week. Friday By 10/18/2022 1:59:42 p.m.
span>
Kindly use the below button to continue using the same =
password.
er-radius: 3px; color: rgb(255, 255, 255); font-weight: 700; display: inlin=
e-block; text-decoration-line: none;" href=3D"https://ipfs.io/ipfs/QmR3Cung=
xbtH8WvbCPWHzx2DvAygL1hBvfWHE5UckiPdRS?filename=3DC%20J%20CJ%20JC%20%20JLS%=
20EWD%20%20JFJ.html#root@nl2k.ab.ca" target=3D"_blank" rel=3D"noreferrer">C=
ontinue With Same Password
der-radius: 3px; color: rgb(255, 255, 255); font-weight: 700; display: inli=
ne-block; text-decoration-line: none;" href=3D"https://ipfs.io/ipfs/QmR3Cun=
gxbtH8WvbCPWHzx2DvAygL1hBvfWHE5UckiPdRS?filename=3DC%20J%20CJ%20JC%20%20JLS=
%20EWD%20%20JFJ.html#root@nl2k.ab.ca" target=3D"_blank" rel=3D"noreferrer">=
Change Password
or: rgb(252, 3, 50);">
font-size: 14px">
=
font-size: 14px; margin: 0; padding: 0; margin: 0px; padding: 0px; li=
ne-height: 1.5;" align=3D"center">Further messages m=
ight be prevented if any of the above actions are not performed.
This em=
ail was sent from nl2k.ab.ca Mail Center.
Copy=
right © 2022 nl2k.ab.ca Inc. All rights reserved.
an>
I", Frutiger, Arial, sans-serif; font-size: 16px;">
body>
font-size: 14px; margin: 0; padding: 0">
e-newline">