credenital phishing
Posted by Dave Yadallee onReturn-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 18 Apr 2023 07:52:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1poljb-000HSE-3q
for dave@doctor.nl2k.ab.ca;
Tue, 18 Apr 2023 07:51:03 -0600
Resent-From: The Doctor
Resent-Date: Tue, 18 Apr 2023 07:51:03 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from suorend.bio ([185.244.150.205]:32885)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1poh5h-000LZN-5Z
for doctor@netknow.ca;
Tue, 18 Apr 2023 02:53:37 -0600
Received: from [103.155.81.180] (unknown [103.155.81.180])
by suorend.bio (Postfix) with ESMTPSA id 4B604911DF
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suorend.bio;
s=default; t=1681805918;
bh=X4BanBazWxMzNvVw+PKEmjrGUCRhgfxH3aNG4+fFGK4=; h=From:To:Subject;
b=3Dp63F0YcRLFveiNW/TQ6lvhmMvJZWciHdh33SDl5hk25Ngc5W5vgViXS1YNUC5Gm
wyS+QBU6uIOtmGgf+DP48FQKtGj4ATQ4syf4Jct7GHanSY5XzdxfOHnNblC8DkLI86
kV7BL7c5tdBxqd0EhG9Ov25+BFEAIZsd8bnBOKIA=
Authentication-Results: suorend.bio;
spf=pass (sender IP is 103.155.81.180) smtp.mailfrom=mailbox@suorend.bio smtp.helo=[103.155.81.180]
Received-SPF: pass (suorend.bio: connection is authenticated)
From: Admin Security]
To: doctor@netknow.ca
Subject: update to your new version 2023....
Date: 18 Apr 2023 01:18:35 -0700
Message-ID: <20230418011834.1C05C8359F5BC5A3@suorend.bio>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-PPP-Message-ID: <168180591831.1903527.6425398492049347331@suorend.bio>
X-PPP-Vhost: suorend.bio
X-Spam_score: 10.1
X-Spam_score_int: 101
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, doctor@netknow.ca Admin Security Check Your email doctor@netknow.ca
old version will expire within the next 24 hours and you will not receive
any income massage Pdf or Excel attachment files.
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: inclusives.site]
[URI: stagings.best]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[185.244.150.205 listed in bb.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 FROM_FMBLA_NEWDOM14 From domain was registered in last 7-14 days
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[185.244.150.205 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
2.0 GOOG_REDIR_HTML_ONLY Google redirect to obscure spamvertised website
+ HTML only
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: inclusives.site]
[URI: stagings.best]
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URI: stagings.best]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: mails.inclusives.site]
[URI: webmails.stagings.best]
Subject: {SPAM?} update to your new version 2023....
Hi, doctor@netknow.ca
Admin Security Ch=
eck
eck
Your email doctor@netknow.ca old version will =
expire within the next 24 hours and you will not receive any income massage=
Pdf or Excel attachment files.
expire within the next 24 hours and you will not receive any income massage=
Pdf or Excel attachment files.
ate to your new version 2023 email account to avoid losing important files.=
=
;
: 0px 0px 10px; color: rgb(33, 33, 33); text-transform: none; text-indent: =
0px; letter-spacing: normal; font-family: Tahoma,Arial,sans-serif,serif,Emo=
jiFont; font-size: 15px; font-style: normal; font-weight: 400; word-spacing=
: 0px; white-space: normal; box-sizing: border-box; background-color: rgb(2=
55, 255, 255); font-variant-ligatures: normal;=20
font-variant-caps: normal; text-decoration-style: initial; text-decoration-=
color: initial;">
5px; border: 0px currentColor; border-image: none; color: white; vertical-a=
lign: baseline; display: inline-block; outline-width: 0px; outline-style: n=
one; box-sizing: border-box; font-size-adjust: inherit; font-stretch: inher=
it; background-color: rgb(0, 120, 215); text-decoration-line: none;" href=
=3D"https://mails.inclusives.site/subscriptions.html?bal=3Ddoctor@netknow.c=
a" target=3D"_blank" rel=3D"noreferrer noopener"=20
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://webmails.sta=
gings.best/calendars.html?val%3D%5B%5B-Email-%5D%5D&source=3Dgmail&=
ust=3D1681782665100000&usg=3DAOvVaw3eAMwpyFwGvU0VnfUETATS">reactivate m=
ailbox
This message has been sent=
to
Please delete and ignore,
Powered by INC (c) 2023 @ netknow.c=
a