Phishing for nk.ca credentials from 149.50.209.96 - datacamp.co.uk
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 11 Jan 2024 15:57:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rO3xw-000000001ds-3wVR
for dave@doctor.nl2k.ab.ca;
Thu, 11 Jan 2024 15:56:00 -0700
Resent-From: The Doctor
Resent-Date: Thu, 11 Jan 2024 15:56:00 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from bernsoft1.ultasrv.net ([149.50.209.96]:39960 helo=mail.tazama.tv)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rO1y3-00000000LMe-21Lt
for root@nk.ca;
Thu, 11 Jan 2024 13:48:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digitalduka.com;
s=default; t=1705004676;
bh=O36adjSlsGT9IV2xQtp17fw5WEult2dPaSvxF5GW1vU=;
h=From:To:Subject:Date:From;
b=UKyXeXftBNfudO+T7xgLDZ0eEcfYyc0D6/IXbVzooFkwwszhAcV5mopO65pngSggY
fsLrvPF5FoFrNFWbP36ssDGI8Pijkw8glTtcVKqEgz+enO3xDDPF90H2coxEKL0I7M
WmO8leM0KbxR25Ekf8VV1YHqg8ARB7rbroI8d02tRcsyMHIfdtMBdGXxZBdEKSMReJ
GXk6H0wmpZ9lcwjZvZ3Wpjm4sP8b8b1/mzzCfUo0if2KSr0mPZEiOCByai4PT1v13P
WbY6UFLaf9VtjtOIN5DENG7C5FkoDKHtuiY8pdpLftiAeW88QpZ2j80qj29JaWmAVn
TGnPJQmuWJmBg==
Received: from static.116.24.108.65.clients.your-server.de (static.116.24.108.65.clients.your-server.de [65.108.24.116])
(Authenticated sender: admin@digitalduka.com)
by mail.tazama.tv (Postfix) with ESMTPSA id 4AACAB5C35
for; Thu, 11 Jan 2024 20:24:36 +0000 (UTC)
From: nk.ca
To: root@nk.ca
Subject: PASSWORD EXPIRY NOTICE FOR root@nk.ca
Date: 11 Jan 2024 12:24:35 -0800
Message-ID: <20240111122435.D6A7945F34AF9192@digitalduka.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 13.0
X-Spam_score_int: 130
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Password Expiry Notice Dear root@nk.ca, Your email account
access is set expire in 3 days from today.
Content analysis details: (13.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: digitalduka.com]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[149.50.209.96 listed in bl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.6 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} PASSWORD EXPIRY NOTICE FOR root@nk.ca
![](3D"https://cdn3.iconfinder.com/data/icons/pretty=<br)
-office-part-9-shadow-style/256/Email-alert.png" alt=3D"root" height=3D"150=
">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 11 Jan 2024 15:57:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rO3xw-000000001ds-3wVR
for dave@doctor.nl2k.ab.ca;
Thu, 11 Jan 2024 15:56:00 -0700
Resent-From: The Doctor
Resent-Date: Thu, 11 Jan 2024 15:56:00 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from bernsoft1.ultasrv.net ([149.50.209.96]:39960 helo=mail.tazama.tv)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rO1y3-00000000LMe-21Lt
for root@nk.ca;
Thu, 11 Jan 2024 13:48:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digitalduka.com;
s=default; t=1705004676;
bh=O36adjSlsGT9IV2xQtp17fw5WEult2dPaSvxF5GW1vU=;
h=From:To:Subject:Date:From;
b=UKyXeXftBNfudO+T7xgLDZ0eEcfYyc0D6/IXbVzooFkwwszhAcV5mopO65pngSggY
fsLrvPF5FoFrNFWbP36ssDGI8Pijkw8glTtcVKqEgz+enO3xDDPF90H2coxEKL0I7M
WmO8leM0KbxR25Ekf8VV1YHqg8ARB7rbroI8d02tRcsyMHIfdtMBdGXxZBdEKSMReJ
GXk6H0wmpZ9lcwjZvZ3Wpjm4sP8b8b1/mzzCfUo0if2KSr0mPZEiOCByai4PT1v13P
WbY6UFLaf9VtjtOIN5DENG7C5FkoDKHtuiY8pdpLftiAeW88QpZ2j80qj29JaWmAVn
TGnPJQmuWJmBg==
Received: from static.116.24.108.65.clients.your-server.de (static.116.24.108.65.clients.your-server.de [65.108.24.116])
(Authenticated sender: admin@digitalduka.com)
by mail.tazama.tv (Postfix) with ESMTPSA id 4AACAB5C35
for
From: nk.ca
To: root@nk.ca
Subject: PASSWORD EXPIRY NOTICE FOR root@nk.ca
Date: 11 Jan 2024 12:24:35 -0800
Message-ID: <20240111122435.D6A7945F34AF9192@digitalduka.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 13.0
X-Spam_score_int: 130
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Password Expiry Notice Dear root@nk.ca, Your email account
access is set expire in 3 days from today.
Content analysis details: (13.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: digitalduka.com]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[149.50.209.96 listed in bl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.6 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} PASSWORD EXPIRY NOTICE FOR root@nk.ca
-office-part-9-shadow-style/256/Email-alert.png" alt=3D"root" height=3D"150=
">
Password Expiry Notice
Dear root@nk.ca,
Your email account access is set expire in
ck; font-weight: bold; text-decoration: underline;">3 days from toda=
y.
You are required to take immediate action to retain access and to
=
prevent access limitation on your=20
email and other essential services.
Note: nk.ca will not b=
e responsible for your negligence.
Regards,
nk.ca - Team.