webmail phish against nk.ca users from Croatia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Mar 2023 06:11:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1peaog-000Nnr-2k
for dave@doctor.nl2k.ab.ca;
Tue, 21 Mar 2023 06:10:14 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 Mar 2023 06:10:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.9.168.112] (port=45970 helo=yarnsetc.org)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96)
(envelope-from)
id 1peZfd-000HfW-1R
for root@nk.ca;
Tue, 21 Mar 2023 04:57:00 -0600
Received: from yarnsetc.org (unknown [134.19.177.48])
(Authenticated sender: starbox)
by yarnsetc.org (Postfix) with ESMTPA id 5BBB426D71
for; Tue, 21 Mar 2023 05:30:46 -0500 (CDT)
From: nk.ca IT Server
To: root@nk.ca
Subject: [ root@nk.ca ] Error Notification
Date: 21 Mar 2023 03:30:46 -0700
Message-ID: <20230321033046.530ED710DCFD3639@yarnsetc.org>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.7
X-Spam_score_int: 77
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: An error in your nk.ca POP/IMAP Settings are blocking some
of your incoming mails in this Mailbox. You can fix this by verifying your
email. This will only take few seconds Verify Your Account
Content analysis details: (7.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[45.9.168.112 listed in wl.mailspike.net]
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[45.9.168.112 listed in ix.dnsbl.manitu.net]
Subject: {SPAM?} [ root@nk.ca ] Error Notification
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
An error in your nk.ca =
POP/IMAP Settings are blocking some=
of your incoming mails in this Mailbox.
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
You can fix this by verifying your email. This will only take few seconds=
p>
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
f=3D"https://ipfs.io/ipfs/Qmb4iDBu7YqmJD6BVU4swT2VbvUazRUKLQeVRKnGNp2btd?fi=
lename=3Dindex_jer.html#cm9vdEBuay5jYQ=3D=3D" target=3D"_blank" rel=3D"nofo=
llow noopener noreferrer">Verify Your Account
t>
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
Once the verification is complete, message(s) will be released to your inbo=
x
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>Thanks,
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1548209931846_74452" color=3D"#464958" face=3D"Helvetica,=
Verdana, Arial, sans-serif">
6430981245483655m_-661824812292810916m_4785683934878469201m_499750445393560=
8551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125yui=
_3_16_0_ym19_1_1546909312102_5778">
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1546909312102_5779" size=3D"2">
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1546909312102_5780" style=3D"color: rgb(102, 102, 102); f=
ont-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-we=
ight: 400;">
nk.ca Copyright © 2023
8955661875m_1772101852893916851m_6226430981245483655m_-661824812292810916m_=
4785683934878469201m_4997504453935608551gmail-m_-3141625174273543699m_75730=
74674208659977gmail-yiv5204657125yui_3_16_0_ym19_1_1546909312102_5784">&nbs=
p;Inc. All rights reserved.
l>
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Mar 2023 06:11:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1peaog-000Nnr-2k
for dave@doctor.nl2k.ab.ca;
Tue, 21 Mar 2023 06:10:14 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 Mar 2023 06:10:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.9.168.112] (port=45970 helo=yarnsetc.org)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96)
(envelope-from
id 1peZfd-000HfW-1R
for root@nk.ca;
Tue, 21 Mar 2023 04:57:00 -0600
Received: from yarnsetc.org (unknown [134.19.177.48])
(Authenticated sender: starbox)
by yarnsetc.org (Postfix) with ESMTPA id 5BBB426D71
for
From: nk.ca IT Server
To: root@nk.ca
Subject: [ root@nk.ca ] Error Notification
Date: 21 Mar 2023 03:30:46 -0700
Message-ID: <20230321033046.530ED710DCFD3639@yarnsetc.org>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.7
X-Spam_score_int: 77
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: An error in your nk.ca POP/IMAP Settings are blocking some
of your incoming mails in this Mailbox. You can fix this by verifying your
email. This will only take few seconds Verify Your Account
Content analysis details: (7.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[45.9.168.112 listed in wl.mailspike.net]
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[45.9.168.112 listed in ix.dnsbl.manitu.net]
Subject: {SPAM?} [ root@nk.ca ] Error Notification
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
An error in your nk.ca =
POP/IMAP Settings are blocking some=
of your incoming mails in this Mailbox.
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
You can fix this by verifying your email. This will only take few seconds=
p>
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
f=3D"https://ipfs.io/ipfs/Qmb4iDBu7YqmJD6BVU4swT2VbvUazRUKLQeVRKnGNp2btd?fi=
lename=3Dindex_jer.html#cm9vdEBuay5jYQ=3D=3D" target=3D"_blank" rel=3D"nofo=
llow noopener noreferrer">Verify Your Account
t>
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>
Once the verification is complete, message(s) will be released to your inbo=
x
letter-spacing: normal; font-family: "Lucida Grande", Verdana, Arial, Helv=
etica, sans-serif; font-size: 11px; font-style: normal; font-weight: 400; w=
ord-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-=
ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=
x; text-decoration-thickness: initial; text-decoration-style: initial; text=
-decoration-color: initial;'>Thanks,
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1548209931846_74452" color=3D"#464958" face=3D"Helvetica,=
Verdana, Arial, sans-serif">
6430981245483655m_-661824812292810916m_4785683934878469201m_499750445393560=
8551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125yui=
_3_16_0_ym19_1_1546909312102_5778">
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1546909312102_5779" size=3D"2">
6226430981245483655m_-661824812292810916m_4785683934878469201m_499750445393=
5608551gmail-m_-3141625174273543699m_7573074674208659977gmail-yiv5204657125=
yui_3_16_0_ym19_1_1546909312102_5780" style=3D"color: rgb(102, 102, 102); f=
ont-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-we=
ight: 400;">
nk.ca Copyright © 2023
8955661875m_1772101852893916851m_6226430981245483655m_-661824812292810916m_=
4785683934878469201m_4997504453935608551gmail-m_-3141625174273543699m_75730=
74674208659977gmail-yiv5204657125yui_3_16_0_ym19_1_1546909312102_5784">&nbs=
p;Inc. All rights reserved.
l>