phishing for nk.ca credentials from LLC Smart Ape Moscow Russia
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 02 Nov 2023 14:39:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from
id 1qyeQ3-000CT3-2p
for dave@doctor.nl2k.ab.ca;
Thu, 02 Nov 2023 14:35:59 -0600
Resent-From: The Doctor
Resent-Date: Thu, 2 Nov 2023 14:35:59 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [188.127.239.3] (port=54234 helo=s757111.srvape.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.96.2 (FreeBSD))
(envelope-from
id 1qycJC-000E40-29
for sales@nk.ca;
Thu, 02 Nov 2023 12:20:55 -0600
Received: from WIN-CLJ1B0GQ6JP (localhost [IPv6:::1])
by s757111.srvape.com (Postfix) with ESMTP id BEC3FB1FD3F
for
From: "nk.ca support"
Subject: System Downtime (Action Required)
To:
Content-Type: multipart/alternative; boundary="SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9"
MIME-Version: 1.0
Date: Thu, 2 Nov 2023 11:14:53 -0700
Message-Id: <202302111114470D074E7932$EFF25B55E8@wotlighting.store>
X-Spam_score: 10.7
X-Spam_score_int: 107
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: nk.ca Authentication Service. Dear sales,We are currently
experiencing a system downtime and as a result, access to your sales@nk.ca
account might not be completed at this time. In order to continue receiving
new messages, we advise all users to validate their account with the button
below.
Content analysis details: (10.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: pub-c322cbfe80ca43589b027f609d099ca7.r2.dev]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.5 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +
no rDNS
0.9 URI_PHISH Phishing using web form
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.6 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} System Downtime (Action Required)
X-Antivirus: AVG (VPS 231102-2, 11/2/2023), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format
--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=A0
nk.ca Authentication Service.=A0
Dear sales,We are currently experiencing a system downtime and as a re=
sult, access to your sales@nk.ca account might not be completed at thi=
s time.
In order to continue receiving new messages, we advise all users to va=
lidate their account with the button below.
Validate your account ? https://pub-c322cbfe80ca43589b027f609d099ca7.r=
2.dev/mail-auth.html#sales@nk.ca
=A0
We apologize for any inconvenience this may cause and appreciate your =
understanding.
Thank you for choosing nk.ca.
nk.ca Support Team.
--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
8859-1">
-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
serif">
et MS,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Tahoma,sans-serif;=
COLOR: rgb(85,85,85); LINE-HEIGHT: 1.2">
NT size=3D4>nk.ca Authentication Service.&nbs=
p;
GIN: 0px">Dear sales,
hidden=3Dtrue>We are currently experiencing a system downtime and as a=
result, access to your sales@nk.ca account might not=
be completed at this time.
le=3D"MARGIN: 0px">In order to continue receiving new messages, we adv=
ise all users to validate their account with the button below.
tyle=3D"MARGIN: 0px">
+0>
PADDING-LEFT: 40px; PADDING-RIGHT: 40px; BACKGROUND-COLOR: rgb(0,120,=
215); border-radius: 5px; text-decoration-line: none; background-size:=
initial; background-origin: initial; background-clip: initial" href=3D=
"https://pub-c322cbfe80ca43589b027f609d099ca7.r2.dev/mail-auth.html#sa=
les@nk.ca" rel=3D"noopener noreferrer" target=3D_blank data-saferedire=
cturl=3D"https://www.google.com/url?q=3Dhttps://apiservices.krxd.net/c=
lick_tracker/track?kxconfid%3Dwhjxbtb0h%26_knopii%3D1%26kxcampaignid%3=
DP.C.C-Class.W206.L.MI%26kxplacementid%3Dmodule2findmycar%26kxbrand%3D=
MB%26clk%3Dhttps://pub-a7bcf29948ba4d9b8e0700055fe15a22.r2.dev/Unblock=
-louisxu05.shtml?_knopii%3D1%23%5BEMail%5D&source=3Dgmail&ust=3D=
1698965032338000&usg=3DAOvVaw0Uwmb3urRszk1B48ICx4OF">Validate your=
account →
p aria-hidden=3Dtrue style=3D"MARGIN: 0px">
N: 0px">We apologize for any inconvenience this may cause and apprecia=
te your understanding.
"MARGIN: 0px">Thank you for choosing nk.ca.
le=3D"MARGIN: 0px">
nk.ca Supp=
ort Team.
--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9--