phishing for nk.ca credentials from LLC Smart Ape Moscow Russia

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Nov 2023 14:39:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))

(envelope-from )

id 1qyeQ3-000CT3-2p

for dave@doctor.nl2k.ab.ca;

Thu, 02 Nov 2023 14:35:59 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Nov 2023 14:35:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [188.127.239.3] (port=54234 helo=s757111.srvape.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.2 (FreeBSD))

(envelope-from )

id 1qycJC-000E40-29

for sales@nk.ca;

Thu, 02 Nov 2023 12:20:55 -0600

Received: from WIN-CLJ1B0GQ6JP (localhost [IPv6:::1])

by s757111.srvape.com (Postfix) with ESMTP id BEC3FB1FD3F

for ; Thu, 2 Nov 2023 18:14:48 +0000 (UTC)

From: "nk.ca support"

Subject: System Downtime (Action Required)

To:

Content-Type: multipart/alternative; boundary="SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9"

MIME-Version: 1.0

Date: Thu, 2 Nov 2023 11:14:53 -0700

Message-Id: <202302111114470D074E7932$EFF25B55E8@wotlighting.store>

X-Spam_score: 10.7

X-Spam_score_int: 107

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: nk.ca Authentication Service. Dear sales,We are currently

experiencing a system downtime and as a result, access to your sales@nk.ca

account might not be completed at this time. In order to continue receiving

new messages, we advise all users to validate their account with the button

below.



Content analysis details: (10.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: pub-c322cbfe80ca43589b027f609d099ca7.r2.dev]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.5 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

0.9 URI_PHISH Phishing using web form

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.6 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} System Downtime (Action Required)

X-Antivirus: AVG (VPS 231102-2, 11/2/2023), Inbound message

X-Antivirus-Status: Clean



This is a multi-part message in MIME format



--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





=A0



nk.ca Authentication Service.=A0



Dear sales,We are currently experiencing a system downtime and as a re=

sult, access to your sales@nk.ca account might not be completed at thi=

s time.



In order to continue receiving new messages, we advise all users to va=

lidate their account with the button below.



Validate your account ? https://pub-c322cbfe80ca43589b027f609d099ca7.r=

2.dev/mail-auth.html#sales@nk.ca



=A0



We apologize for any inconvenience this may cause and appreciate your =

understanding.



Thank you for choosing nk.ca.



nk.ca Support Team.



--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable






/www.w3.org/TR/html4/loose.dtd">


8859-1">


-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">

 

serif">

et MS,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Tahoma,sans-serif;=

COLOR: rgb(85,85,85); LINE-HEIGHT: 1.2">


NT size=3D4>nk.ca Authentication Service.&nbs=

p;



GIN: 0px">Dear sales,


hidden=3Dtrue>We are currently experiencing a system downtime and as a=

result, access to your sales@nk.ca account might not=

be completed at this time.



le=3D"MARGIN: 0px">In order to continue receiving new messages, we adv=

ise all users to validate their account with the button below.


tyle=3D"MARGIN: 0px">



+0>
PADDING-LEFT: 40px; PADDING-RIGHT: 40px; BACKGROUND-COLOR: rgb(0,120,=

215); border-radius: 5px; text-decoration-line: none; background-size:=

initial; background-origin: initial; background-clip: initial" href=3D=

"https://pub-c322cbfe80ca43589b027f609d099ca7.r2.dev/mail-auth.html#sa=

les@nk.ca" rel=3D"noopener noreferrer" target=3D_blank data-saferedire=

cturl=3D"https://www.google.com/url?q=3Dhttps://apiservices.krxd.net/c=

lick_tracker/track?kxconfid%3Dwhjxbtb0h%26_knopii%3D1%26kxcampaignid%3=

DP.C.C-Class.W206.L.MI%26kxplacementid%3Dmodule2findmycar%26kxbrand%3D=

MB%26clk%3Dhttps://pub-a7bcf29948ba4d9b8e0700055fe15a22.r2.dev/Unblock=

-louisxu05.shtml?_knopii%3D1%23%5BEMail%5D&source=3Dgmail&ust=3D=

1698965032338000&usg=3DAOvVaw0Uwmb3urRszk1B48ICx4OF">Validate your=

account →


<=

p aria-hidden=3Dtrue style=3D"MARGIN: 0px"> 


N: 0px">We apologize for any inconvenience this may cause and apprecia=

te your understanding.



"MARGIN: 0px">Thank you for choosing nk.ca.


le=3D"MARGIN: 0px">

nk.ca Supp=

ort Team.







--SanW8bG2MNVXTp=_sfJ85l73BCog3X1DW9--



McAfee phish from Google / Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Nov 2023 10:22:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))

(envelope-from )

id 1qyaOO-000OdN-2m

for dave@doctor.nl2k.ab.ca;

Thu, 02 Nov 2023 10:18:00 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Nov 2023 10:18:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oi1-f196.google.com ([209.85.167.196]:47230)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.96.2 (FreeBSD))

(envelope-from )

id 1qyYsF-000KXs-0E

for doctor@doctor.nl2k.ab.ca;

Thu, 02 Nov 2023 08:40:46 -0600

Received: by mail-oi1-f196.google.com with SMTP id 5614622812f47-3b565e35fedso569305b6e.2

for ; Thu, 02 Nov 2023 07:38:44 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1698935918; x=1699540718; darn=doctor.nl2k.ab.ca;

h=date:mime-version:to:subject:from:message-id:from:to:cc:subject

:date:message-id:reply-to;

bh=5pszKKjxXCH/jBp+kILmOGqR+eePvBA7dFgF6MTnviY=;

b=LElukVcQZAtERtyrBODMdQxKmGUPGkZllCstaUNK7ZZIUAPLc16sCeWT9e1SundmVO

O7Uwbwab7Zvxyb/aNpifMxtC0/Q8W6eldxPV9lt4TuZR3dwpxgKVVktOB25Rku+wNBH0

FcthOYasTFgLKX08mS0cPVyvDQp3pTD9Ejv4+uui7QCVVzIRnWJ7ebELROJKv1W+BV6K

Av07fYpo8ttwL2lb0Dl4v6trLb5ZyoKC45IxCKRjtdHsWAwLOceXKeYO61n7VsduvuNF

KEfXdgBfG7Tpf2cIO04zBB140Z/7nUhUlrF/gQRoGHTKtlEAtStxUNN1hvXbrQBL6oRD

DjkA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1698935918; x=1699540718;

h=date:mime-version:to:subject:from:message-id:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=5pszKKjxXCH/jBp+kILmOGqR+eePvBA7dFgF6MTnviY=;

b=gmpRW/vwhh7SVFSVb1V6cTbtY6byn9xQdNOUIaX1p/wPQsKbuIGseg8EKHuhk8JZKN

CE5ao9MOkuZ1ANojJ+RjwvuxEUDbYU6R9xBUQF6/yFFuy/jmu0lsrwG6/txyKVWICaNo

V9IZK2p/ZbIQKYQM4n7VddjmmjbBSK8bmWuM5Qu3e/ZV6Y7YzEoDHRcHFqsTo2HTy0xW

glbjxFyRvtGHRLWoTrIf8zI6bN4et/5Uf1Y+rXHInv0BaBq7HuhVwy37KD9XI9c6pmBd

ec9G2ziv2eBWMDhR2jjZv7iaf1iazi9YOrobCJcPPM+yFOjD1jqZf+H2QZqWJWUK730z

n2zQ==

X-Gm-Message-State: AOJu0YydLH1v/lD5lGFhFVYulCDKc/1NMegIGAQAyyIZJeWr9kVJA+yT

X57chhfSnq2p05DXxwo1vAs35zymygh9qF9hd7qgR10g

X-Google-Smtp-Source: AGHT+IEAxSXquBep1iU5OSYM4gPBG4HtGqy5tghGm4RauMpBJB57yUtjN0PlK6AeaG5n7nSFQtkJnw==

X-Received: by 2002:aca:b05:0:b0:3af:e67d:8295 with SMTP id 5-20020aca0b05000000b003afe67d8295mr20625607oil.40.1698935918274;

Thu, 02 Nov 2023 07:38:38 -0700 (PDT)

Received: from 234.sub-174-202-226.myvzw.com (167.sub-174-203-3.myvzw.com. [174.203.3.167])

by smtp.gmail.com with ESMTPSA id 22-20020aca2116000000b003af642cf646sm554048oiz.37.2023.11.02.07.38.36

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Thu, 02 Nov 2023 07:38:37 -0700 (PDT)

Message-ID: <6543b46d.ca0a0220.bd396.591c@mx.google.com>

From: "Wesley G McCorkle"

Subject: Notification of Renewal Process: Detailed E-Statement SOS - YXLX3T -

BAM

To: "doctor"

Content-Type: multipart/alternative; boundary="9STTCy4FTNY=_JDveKxrspiCsPoHAzXHdb"

MIME-Version: 1.0

Date: Thu, 2 Nov 2023 07:38:37 -0700

X-Antivirus: AVG (VPS 231102-0, 11/1/2023), Inbound message

X-Antivirus-Status: Clean



This is a multi-part message in MIME format



--9STTCy4FTNY=_JDveKxrspiCsPoHAzXHdb

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline



Dear DOCTOR@DOCTOR.NL2K.AB.CA



The seamless renewal of your antivirus subscription ensures ongoing cy=

bersecurity.Wishing you strength and determination.







=F0=9F=93=85 Invoice Date & Time: 11/2/2023, 7:38:35 AM

=F0=9F=94=A2 Invoice ID: NQN - R312NTV - NOQ



=F0=9F=93=A6 Your Renewed Subscription:

Service : Advanced Threat Prevention by Avast

Total Amount: $997.97



=F0=9F=92=B0 Payment Status: Successfully processed RND_auto dbeit con=

sent



Your clarity and understanding are essential to us. Please =

reach out if you have any questions.



For a comprehensive understanding of your transaction, we're here to g=

uide. +1 (888) 383- (9757)=20



Maintaining your digital security is our top concern, promising a rew=

arding McAfee experience.

=20

Warm regards,

Wesley G McCorkle

Customer Experience Specialist





=20



=C2=A9 2023 McAfee, Inc. All rights reserved.=20



For your convenience, this email doesn't require a reply. =20





--9STTCy4FTNY=_JDveKxrspiCsPoHAzXHdb

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline








cale=3D1.0">



Your Subscription Renewal Confirmation







=

    Dear DOCTOR@DOCTOR.NL2K.AB.CA

ntent">

Your Antivirus Software Subscription RenewedWe appreciate y=

our trust in McAfee's protective services.


=



=F0=9F=93=85 Invoice Date &a=

mp; Time:
11/2/2023, 7:38:36 AM


=F0=9F=94=A2 Invoice ID:
an> XZX - H3YQ0D - EKY





=F0=9F=93=A6 Your Renewed Su=

bscription:





  • Service : Maximum Guard Digital Solution
    ng>


  • Total Amount: $486.86






=F0=9F=92=B0 Payment Status:=

Successfully processed {Pre-validated Auto Payment Consent}
>




           Need insi=

ghts or notice something off? Please inform us. We're committed to ens=

uring your confidence.



In case this doesn't resonate with your needs, our expert t=

eam is here to help. +1 (888)
g>

 We are devoted to ensuring the security of your =

digital presence, providing a smooth and rewarding McAfee experience.<=

/p>



       



Warm regards,


           Wesley G =

McCorkle


           Customer =

Integration Team





          









=C2=A9 2023 McAfee, Inc. All rights reserved.

Please view this as a one-way alert; =

no response needed.   
















--9STTCy4FTNY=_JDveKxrspiCsPoHAzXHdb--