RBC Phish from IONOS Inc. Kansas City, Missouri, USA

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 24 Jan 2024 14:23:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSkhu-00000000Iwx-3rxA

for dave@doctor.nl2k.ab.ca;

Wed, 24 Jan 2024 14:22:50 -0700

Resent-From: The Doctor

Resent-Date: Wed, 24 Jan 2024 14:22:50 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [74.208.160.122] (port=63520 helo=ipayafrica.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSjZ5-000000003Zg-1z8z

for usenet@nl2k.ab.ca;

Wed, 24 Jan 2024 13:09:43 -0700

From: RBC Royal Bank

To: usenet@nl2k.ab.ca

Subject: ACTION REQUIRED: Service Message

Date: 24 Jan 2024 16:07:04 -0400

Message-ID: <20240124160704.F1EE8C7B9B514789@ipayafrica.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 10.4

X-Spam_score_int: 104

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Royal Bank Hi, Your RBC online banking has been disabled.

Kindly verify your identity or you may visit the nearest branch.



Content analysis details: (10.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[74.208.160.122 listed in bb.barracudacentral.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: com-tedh.com]

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

1.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} ACTION REQUIRED: Service Message




ass=3D"row row-1" role=3D"presentation" style=3D"color: rgb(0, 0, 0); font-=

family: "Times New Roman"; font-size: medium; background-size: au=

to;" width=3D"100%">














class=3D"row-content stack" role=3D"presentation" style=3D"background-size=

: auto; background-color: rgb(6, 120, 216); border-radius: 0px; width: 500p=

x;" width=3D"500">














g-bottom: 5px; padding-top: 5px; vertical-align: top; border-width: 0px; bo=

rder-style: initial; border-color: initial;" width=3D"25%">


e_block block-1" role=3D"presentation" width=3D"100%">












5px; width: 125px; padding-right: 0px;">


der-box; line-height: 10px;">
-f8aa-4227-9885-db6e282af326/rbc-logo-shield.svg?v=3D1700748777920" style=

=3D"box-sizing: border-box; display: block; height: auto; border: 0px; widt=

h: 56px; max-width: 100%;" width=3D"56" />



g-bottom: 5px; padding-top: 5px; vertical-align: top; border-width: 0px; bo=

rder-style: initial; border-color: initial;" width=3D"75%">


graph_block block-1" role=3D"presentation" style=3D"word-break: break-word;=

" width=3D"100%">












10px; padding-right: 10px; padding-top: 5px;">


irection: ltr; font-family: Arial, "Helvetica Neue", Helvetica, s=

ans-serif; font-size: 14px; letter-spacing: 0px; line-height: 16.8px;">


0px;">Royal Bank









ass=3D"row row-2" role=3D"presentation" style=3D"color: rgb(0, 0, 0); font-=

family: "Times New Roman"; font-size: medium;" width=3D"100%">














class=3D"row-content stack" role=3D"presentation" style=3D"width: 500px;" =

width=3D"500">












g-bottom: 5px; padding-top: 5px; vertical-align: top; border-width: 0px; bo=

rder-style: initial; border-color: initial;" width=3D"100%">


agraph_block block-1" role=3D"presentation" style=3D"word-break: break-word=

;" width=3D"100%">














Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 14px;=

letter-spacing: 0px; line-height: 16.8px;">


0px 0px 16px;">Hi,






0px;">Your RBC online banking has been disabled. Kindly verify your identit=

y or


you may visit the nearest branch.





ton_block block-2" role=3D"presentation" width=3D"100%">














der-box;">


round-color: rgb(254, 223, 1); border-radius: 0px; width: auto; border-widt=

h: 0px; border-style: solid; border-color: transparent; padding-top: 5px; p=

adding-bottom: 5px; font-family: Arial, "Helvetica Neue", Helveti=

ca, sans-serif; font-size: 14px; word-break: keep-all;">
com-tedh.com" style=3D"box-sizing: border-box; text-decoration-line: none; =

color: rgb(0, 0, 0);">
30px; padding-right: 30px; display: inline-block;">
=3D"box-sizing: border-box; word-break: break-word; line-height: 28px;">
rong style=3D"box-sizing: border-box;">Verify Identity
n>





e_block block-3" role=3D"presentation" width=3D"100%">












adding-right: 0px; padding-left: 0px;">


der-box; line-height: 10px;">
-f8aa-4227-9885-db6e282af326/b9ac-9157-8546-0af8.png?v=3D1700749192171" sty=

le=3D"box-sizing: border-box; display: block; height: auto; border: 0px; wi=

dth: 175px; max-width: 100%;" width=3D"175" />





ider_block block-4" role=3D"presentation" width=3D"100%">














der-box;">


esentation" width=3D"100%">












nt-size: 1px; line-height: 1px; border-top: 2px solid rgb(79, 75, 75);">
an style=3D"box-sizing: border-box;"> 









graph_block block-5" role=3D"presentation" style=3D"word-break: break-word;=

" width=3D"100%">














ection: ltr; font-family: Arial, "Helvetica Neue", Helvetica, san=

s-serif; font-size: 12px; letter-spacing: 0px; line-height: 14.4px;">


0px;">      Privac=

y & Security  |  
">Legal





ider_block block-6" role=3D"presentation" width=3D"100%">














der-box;">


esentation" width=3D"100%">












nt-size: 1px; line-height: 1px; border-top: 2px solid rgb(79, 75, 75);">
an style=3D"box-sizing: border-box;"> 













ass=3D"row row-3" role=3D"presentation" style=3D"color: rgb(0, 0, 0); font-=

family: "Times New Roman"; font-size: medium;" width=3D"100%">














class=3D"row-content stack" role=3D"presentation" style=3D"width: 500px;" =

width=3D"500">












g-bottom: 5px; padding-top: 5px; vertical-align: top; border-width: 0px; bo=

rder-style: initial; border-color: initial;" width=3D"100%">


s_block block-1" role=3D"presentation" width=3D"100%">












middle; color: rgb(157, 157, 157); font-family: inherit; font-size: 15px; =

padding-bottom: 5px; padding-top: 5px; text-align: center;">


idth=3D"100%">












al-align: middle;"> 






Kohls Department Phish from amazon.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 24 Jan 2024 14:19:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSkdv-00000000HsY-2Iou

for dave@doctor.nl2k.ab.ca;

Wed, 24 Jan 2024 14:18:43 -0700

Resent-From: The Doctor

Resent-Date: Wed, 24 Jan 2024 14:18:43 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from b224-57.smtp-out.eu-central-1.amazonses.com ([69.169.224.57]:49867)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from <0107018d3bbb822a-40426474-2a72-4c80-92e8-0ad3fa8ca7f9-000000@noreply.partnerfinder.continental-aftermarket.com>)

id 1rSdf1-00000000JVs-0Ba6

for doctor@nk.ca;

Wed, 24 Jan 2024 06:51:28 -0700

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=vdzhbrcb5tyvo3dddjkkpftqg2qozf4q;

d=partnerfinder.continental-aftermarket.com; t=1706104160;

h=To:Reply-to:Content-Type:Content-Transfer-Encoding:References:Message-Id:From:Subject:Date;

bh=28EH1uQP5D7i3fLpKUsJ3YAEckL9Qk0JaYOK0p1ZhDY=;

b=QeBpDZ2QWqZ1ra85NoGD1tY2yY1Ivnik3FDAv8Q63ee+Gj2HzD5SwdFPZ4/ZIvxZ

kA0SDg+ayZfweOcFOUivTGFmKShq9SFQdE4DKCagB2UuGBjKwvQuiYOiljTUgYGYZFM

alq20K0vHvfs7FWaeOqX5aAILqshwJ4dEuodl5CeL1reONIdcqnYsostDA+ZWr8LZFw

NoUMqT03gnT0W2a2dW80Xi32hJZQw4KeUU+pey5GBlmnQyUfwVXcu/VZq8ptPBxFq3J

+gExtGXgYn1D5EdfKx1/vXx40syOLpXtoywps9wn7ZTJasx64/mhOv0F0RN6j0XH10P

Yvl+ejHK/A==

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=qftdzk2dqsatjnlrq4r5brjbihpfcrsh; d=amazonses.com; t=1706104160;

h=To:Reply-to:Content-Type:Content-Transfer-Encoding:References:Message-Id:From:Subject:Date:Feedback-ID;

bh=28EH1uQP5D7i3fLpKUsJ3YAEckL9Qk0JaYOK0p1ZhDY=;

b=q1jKvOdhkunAkvWT86nTsntDoHndPg2Cjk6ZWvKjimBYCBBteiLCFpIBZZznUjqv

6whWX4P+jOlZoHeHmiz6rYrGYP/b9qZJuUs3d4Cg/noQhGdeSiI4aKAvmvxu0HvrmSi

pKW82OhEYfOwU9sOloHdeqHCODNY4YFAaxoYPR1k=

To: doctor@nk.ca

Reply-to: reply@Governmentrecount.com

Content-Type: text/html;

Content-Transfer-Encoding: 7bit

References:- ::1880651719_doctor@nk.ca::

Message-ID: <0107018d3bbb822a-40426474-2a72-4c80-92e8-0ad3fa8ca7f9-000000@eu-central-1.amazonses.com>

From: Kohls Department

Subject:Be a Winner: Complete Our Survey Get Rewarded

Date: Wed, 24 Jan 2024 13:49:20 +0000

Feedback-ID: 1.eu-central-1.xO6Ozxm0UTT/+Nezgmx4eV6zEhM64VqFKOtWYE2DxOc=:AmazonSES

X-SES-Outgoing: 2024.01.24-69.169.224.57









Hi doctor, Delicious meals incredible savings - thanks to HelloFresh!



















Get Rewarded for Your Opinion: Take Our Survey!


  CLAIM NOW





















































































































































Sendgrid phish tricking nk.ca users about e-mailboxes

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 24 Jan 2024 05:35:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rScSR-00000000LSm-02jA

for dave@doctor.nl2k.ab.ca;

Wed, 24 Jan 2024 05:34:19 -0700

Resent-From: The Doctor

Resent-Date: Wed, 24 Jan 2024 05:34:18 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wrqvzzxs.outbound-mail.sendgrid.net ([149.72.238.166]:16702)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSWkR-000000005nt-2Ugk

for root@nk.ca;

Tue, 23 Jan 2024 23:28:36 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;

h=from:subject:mime-version:to:content-type:content-transfer-encoding:

cc:content-type:from:subject:to;

s=smtpapi; bh=86dNKRlhJE8gqDYrb0VOZrsNR3we9qCJWUz18B5ObtQ=;

b=K4C/uTeIFBuynG8XocmJVfeFTAAOdVU+x/J2rJJaZppNFWXSnoMKe92ok8HmV0ICoN52

mQCmDEUs8LdvCZx2FwyHdU1QecKmNv/NzUlDv5id6BD5EQNzYng7Kb7M4Lzgiq9jXOqrbe

7uVi+MnMToXe6kvkdjtUJBpa2qm1fGFqg=

Received: by filterdrecv-6dcccbbbfd-m64rc with SMTP id filterdrecv-6dcccbbbfd-m64rc-1-65B0AD96-36

2024-01-24 06:26:30.987262594 +0000 UTC m=+8509515.195424562

Received: from 107.150.19.13.static.quadranet.com (unknown)

by geopod-ismtpd-15 (SG) with ESMTP id zqZhDtOJS9Sj2uCFtkxcMQ

for ; Wed, 24 Jan 2024 06:26:30.896 +0000 (UTC)

From: "nk.ca SYSTEM"

Subject: root@nk.ca NEESDS UPGRADE IMMEDIATELY

Date: Wed, 24 Jan 2024 06:26:31 +0000 (UTC)

Message-ID: <20240123222630.07E1F62B7474A5A7@bitbang.cl>

MIME-Version: 1.0

X-SG-EID:

=?us-ascii?Q?p2UXCMhhwhz+EY4W7xyNiWRHu6C3zx7xdVDiA5uNDdzuFB4H7SCUJB+6msGsTj?=

=?us-ascii?Q?WCR4epTwLmTCBcozlQgGkGMzpXloID5hyAmK=2FxG?=

=?us-ascii?Q?H3vnnxdT5hyXhhM7jIf8p0sd69n0Q5XMy4A7u91?=

=?us-ascii?Q?PZepRdQXmu+7+rM4ADHnNLsQsXq5jtD23DTfZKK?=

=?us-ascii?Q?sSDhO6RSt6l4z37e47ApKQXM9AvM0k38jJNxlSa?=

=?us-ascii?Q?ldPx7h8k=2FYPzuc9lk=3D?=

To: root@nk.ca

X-Entity-ID: doc2xi0tmoUA64sN9yUoxw==

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 6.2

X-Spam_score_int: 62

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear root, We are closing all mailbox users that are still

using the old version of the nk.ca mailbox. Your email (root@nk.ca ) is still

using this old version. Please tap the blue button below to upgrade to the

latest version and get 105GB Free Space.



Content analysis details: (6.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.2 LONGLN_LOW_CONTRAST Excessively long line + hidden text

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

-0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender

0.0 SENDGRID_REDIR Redirect URI via Sendgrid

Subject: {SPAM?} root@nk.ca NEESDS UPGRADE IMMEDIATELY










al;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-ind=

ent:0px;text-transform:none;word-spacing:0px;white-space:normal;text-decora=

tion-style:initial;text-decoration-color:initial;font-family:Arial,sans-ser=

if;line-height:normal">
an style=3D"color:rgb(102,102,102);line-height:normal">
cal-align:inherit;line-height:normal">
;line-height:normal">
height:normal">Dear root
nt-weight:bold;line-height:normal">
ne-height:normal">
>
ont-family:"Agency FB";line-height:normal">,=


-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:n=

ormal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px=

;white-space:normal;text-decoration-style:initial;text-decoration-color:ini=

tial;font-size:14px;font-family:-apple-system,BlinkMacSystemFont,"Sego=

e UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",s=

ans-serif;margin:1em 0px;line-height:normal">
font-family:Arial,sans-serif;color:rgb(102,102,102);line-height:normal">We =

are closing all mailbox users that are still using the old version of =

 the  
t/ls/click?upn=3DyfnFmImRpgaioSCA1SRYdWgMYSVmbWxr3ZbPz51DJlI-3DIG-2_au8KhoA=

RU0pHZsVFxriXkLi7phM1J-2B7coVmEk-2FHes9m7tw7ZLTYPKux2HfhNDCpnfMYP7tfulKLnGD=

I-2F3-2BJ-2F0FARLKLc6jXq4DWkSoVgHLdZqEynqBcoYEUkuggcg7K5nnvFXf2lRTvdahbTbME=

wSVVUz-2FHzI9gSQHhsasoLsGguYKNDNdb0-2FFvBIFlGqGK-2BpyMpzPiNwRoRvBTJbobZnA-3=

D-3D" target=3D"_blank" data-saferedirecturl=3D"https://www.google.com/url?=

q=3Dhttp://cyberia.net.lb&source=3Dgmail&ust=3D1705641269598000&=

;usg=3DAOvVaw2r1XQfkWLolLbKFDsvYVq-">nk.ca 
an style=3D"font-size:12px;font-family:Arial,sans-serif;color:rgb(102,102,1=

02);line-height:normal">mailbox.

ily:Arial,sans-serif;color:rgb(0,0,0);line-height:normal">

-size:12px;font-family:Arial,sans-serif;color:rgb(0,0,0);line-height:normal=

">
102,102);line-height:normal">Your email 
e:12px;font-family:Arial,sans-serif;font-weight:bold;color:rgb(102,102,102)=

;line-height:normal"> 
it;line-height:normal"> 
ght:normal">(
0WQ5VbRURtkhFQQ4MdkIOGkntYaotaTf3w8yBmo-3DiSDz_au8KhoARU0pHZsVFxriXkLi7phM1=

J-2B7coVmEk-2FHes9m7tw7ZLTYPKux2HfhNDCpnw9u5wLaGyhRYRJOkfO7r4FBpFrtReSjJbEc=

n72w-2B7RfJgWKNHE1UeM4OORqAwc70dmmw26mylxIixCax3U7-2BRgsi3olOTyDseFIjJu4vJw=

cWKMUj4FQDuRjNOJPgbMu2o1UzTX7cOTzAtvysBwQr4Q-3D-3D" rel=3D"noopener" style=

=3D"text-decoration:underline;line-height:normal" target=3D"_blank" data-sa=

feredirecturl=3D"https://www.google.com/url?q=3Dhttps://pub-a1b30030c0ce4b4=

c81a65267e8524410.r2.dev/web3.html%23auto@cyberia.net.lb&source=3Dgmail=

&ust=3D1705641269598000&usg=3DAOvVaw0fV4ZpqkwoMRlkkK2QsGDS">root@nk=

.ca
al"> 
ht:normal">)  
n style=3D"font-size:12px;font-family:Arial,sans-serif;color:rgb(102,102,10=

2);line-height:normal">is still using this old version. Please tap the blue=

button below to upgrade to the latest version and get 105GB Free Space.
pan>

0);line-height:normal">

erif;color:rgb(0,0,0);line-height:normal">
t-family:Arial,sans-serif;font-weight:bold;color:rgb(0,0,0);line-height:nor=

mal">
tical-align:inherit;line-height:normal">
it;line-height:normal">NOTE
2,102,102);line-height:normal"> 
lign:inherit;line-height:normal">
-height:normal">: 
=3D"font-size:12px;font-family:Arial,sans-serif;color:rgb(102,102,102);line=

-height:normal"> Failure to do this would lead to account termination.=


igatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:nor=

mal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;w=

hite-space:normal;text-decoration-style:initial;text-decoration-color:initi=

al;font-size:14px;font-family:-apple-system,BlinkMacSystemFont,"Segoe =

UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",san=

s-serif;line-height:normal">
ily:"Times New Roman";font-size:medium;font-style:normal;font-var=

iant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spaci=

ng:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing=

:0px;white-space:normal;text-decoration-style:initial;text-decoration-color=

:initial;display:inline;float:none">
font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;fo=

nt-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-t=

ransform:none;word-spacing:0px;white-space:normal;text-decoration-style:ini=

tial;text-decoration-color:initial;font-size:14px;font-family:-apple-system=

,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarel=

l,"Helvetica Neue",sans-serif;float:none;display:inline"><=

span style=3D"color:rgb(0,0,0);font-family:"Times New Roman";font=

-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-c=

aps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-inde=

nt:0px;text-transform:none;word-spacing:0px;white-space:normal;text-decorat=

ion-style:initial;text-decoration-color:initial;display:inline;float:none">=


    es:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;te=

    xt-align:start;text-indent:0px;text-transform:none;word-spacing:0px;white-s=

    pace:normal;text-decoration-style:initial;text-decoration-color:initial;fon=

    t-size:12px;font-family:Arial,sans-serif;padding:0px 0px 0px 2em;margin:0px=

    ;line-height:normal">

  • n style=3D"color:rgb(0,0,0);line-height:normal">Follow  below to upgra=

    de and keep account active


t-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-=

weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-tran=

sform:none;word-spacing:0px;white-space:normal;text-decoration-style:initia=

l;text-decoration-color:initial;font-size:14px;font-family:-apple-system,Bl=

inkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,&=

quot;Helvetica Neue",sans-serif;margin:1em 0px;line-height:normal">
an style=3D"font-size:12px;font-family:Arial,sans-serif;color:rgb(0,0,0);li=

ne-height:normal">
sans-serif;color:rgb(0,0,0);line-height:normal">
,31,30);line-height:normal">
n> 


ant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacin=

g:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:=

0px;white-space:normal;text-decoration-style:initial;text-decoration-color:=

initial;font-size:15px;font-family:Arial,sans-serif;margin:6px 0px;line-hei=

ght:normal">          &nb=

sp;            =

             &n=

bsp;            =

;   
t.sendgrid.net/ls/click?upn=3DWJXTuBqR0GoLFdzAbw-2BXyQNh-2B-2FhlaiTVUTXnwtc=

W7y057uBPhfar8IMHPb2n6zSdvc38WINMj4dLJ4bcEz7SWT6WWUUF1pR1pnNwS5RcVpI-3DhCNe=

_au8KhoARU0pHZsVFxriXkLi7phM1J-2B7coVmEk-2FHes9m7tw7ZLTYPKux2HfhNDCpnzSJzlO=

T4C8o85q9lj3yQEwhXXItPsqE7s-2B-2F9FhH1PPCkl4gbSSGOA9ra6VjEuecz-2F5HkfWwwLvH=

x95fsEOCi6bEP2X-2Bbm0EnegBz8Zbw66uewgA5CSdL2FPZKDLE2w-2BsRCB3i1RCuQGdDoNVmt=

EI3w-3D-3D" rel=3D"noopener" style=3D"border-width:0px;text-decoration:unde=

rline;vertical-align:baseline;background:rgb(0,120,215) 0% 50%;color:white;=

padding:10px 40px;margin:0px;line-height:normal" target=3D"_blank" data-saf=

eredirecturl=3D"https://www.google.com/url?q=3Dhttps://semasvicious.nl/regi=

stered/Autopage/index.html%23auto@cyberia.net.lb&source=3Dgmail&ust=

=3D1705641269598000&usg=3DAOvVaw2K4i60djUZpRdjWaR7Z2EV">
vertical-align:inherit;line-height:normal">Upgrade inbox Version 
n>


ures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;=

text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;white=

-space:normal;text-decoration-style:initial;text-decoration-color:initial;f=

ont-size:12px;font-family:Arial,sans-serif;margin:0in 0in 0pt;line-height:n=

ormal">


r style=3D"line-height:normal">
mal">
=3D"vertical-align:inherit;line-height:normal">Connected to Mail-Porta=

l    

an style=3D"vertical-align:inherit;line-height:normal">
cal-align:inherit;line-height:normal"> 2023  Corporation. All rights r=

eserved.










Fragh7PjC3XDdjuTXWapJVxROpsVayUOz3wDuDFdJBihMNT-2BfnRFfNbnQ2VZfJ-2FIoW1rwmH=

ZMuXVeU1N6-2Bwo8nsfGlElu3QolHAYZUlU2WzDaJyDhZs5tJm2-2FB7ywAZE7JXVUngsAQbk-2=

FQcX11Mfan1bTBdSc6DDmLtbVL8RVNFYQp1V7uxy8RJyoZeNQ-2Fz9Yfty2cA-3D-3D" alt=3D=

"" width=3D"1" height=3D"1" border=3D"0" style=3D"height:1px !important;wid=

th:1px !important;border-width:0 !important;margin-top:0 !important;margin-=

bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padd=

ing-top:0 !important;padding-bottom:0 !important;padding-right:0 !important=

;padding-left:0 !important;"/>

Pittsburgh Tools Phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 23 Jan 2024 19:57:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSTRe-00000000PAR-2R9n

for dave@doctor.nl2k.ab.ca;

Tue, 23 Jan 2024 19:56:54 -0700

Resent-From: The Doctor

Resent-Date: Tue, 23 Jan 2024 19:56:54 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dm6nam10on2113.outbound.protection.outlook.com ([40.107.93.113]:45952 helo=NAM10-DM6-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rSTQF-00000000P2v-3ki8

for doctor@doctor.nl2k.ab.ca;

Tue, 23 Jan 2024 19:55:31 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=JCAyKuNf+rpuKM3HzqQ0oJlDcOKCB3foEed4esMjJTKVYkefz5pr7AW6FltV8zbl35jFRY34Ezp31/cZBQ/FB6du+MY8wtNIF8BDu6dokYuLuUmgCYCFezfh2R3haC3laVRccoIh8WU5ZDKIcSuSFBptU24z685Rwn7tolp59KUzPI/LIWCKogqRRhBAtaN7HEOALtkYbIEo6BydIhpXetNLfRuEoecFDyfF9nbVv5lr1HBSN4RAqufS5+6oriWKQ1JMVmZ4yCkEsWOJ/WZ/R0BYPtpA9YTqawPjvzASDPWquKhpebzflESjwCECFLwM4s28ivR6NXVAu2haMRj1WA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=qygn5sURzTjFWuff3EeAhTRtPVDvgE+BjGXKSmtOmuc=;

b=JXMtWCZjtRNTI43UjfTS6JABR2RC+bcxMBWK4Gbvjb7ok7num/ecQFTzV2oIqylikQDwJ/6NY1JAPIDlLTQdGrcD/+0PYVByHwZQLKPh5zr8ceOlGDhFyzoYl7CJrOVe3eSvMDk3oaJhEFfLf7K+afsVt+HpPK6lJgIML+RbXGPMWw2p/LiebZ2CxcfrK21vcYiC8tIpFSCYvxx2gQx+sbpPWjAMsfmq8YBIlVvCEcKkqTRMyhHaQK2rT5ADVJDSHwZOMSWcAvGesKGTpCexoCVkeG5Xf0VA3AZkhOzaH4AeTLdrHZwQ2RaPy4lHQ9kj2ELBnj59j5KPmN+0b5bNQQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

78.138.0.169) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=x3ke4s8.onmicrosoft.com; dmarc=none action=none

header.from=x3ke4s8.onmicrosoft.com; dkim=none (message not signed); arc=none

(0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 78.138.0.169)

smtp.mailfrom=x3ke4s8.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=x3ke4s8.onmicrosoft.com;

X-TOI-MSGID: <757493627.009FBEF67D74B.1706063588630@durgan.com>

Content-Type: multipart/alternative; charset="UTF-8";boundary="PART_wW6G.dlyynjlj"

MIME-Version: 1.0

Message-ID:

Date: Wed, 24 Jan 2024 04:33:08 +0200

To: doctor@doctor.nl2k.ab.ca

Subject: =?UTF-8?B?4pqh?=important_for doctor

From: Pittsburgh_Tools

Importance: high

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CO1PEPF000042AA:EE_|SJ0PR18MB3932:EE_

X-MS-Office365-Filtering-Correlation-Id: 31d2dd41-fa8f-4aed-a99b-08dc1c87a274

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

F5+KAroqMqOP1AsMzHB1ZW5yC/ybAyCIinFlX5lg4e0n5TF3edxE84Un+SwoFwPFJ/9EkITgD6L6Cq/vXTxxZdjwjBFIkQ4LXOeJfioqMtkcBiSlw63VEN0oDY9QvpZ7eQLbYko/vxzlm+ngnF1djSSgEQes9UNkmn0uL39QcNaOZmKLIc0tdxIfaQpvpR6b0pGHbBZdL8pjcFitG3ndM75Phr6fqickJqrWKEzpr09p93feWn7hEZZtLchO2BUN3dwOKraSEgPcJQ09rwe5gXP5QPMWdgbSO+wSHATgAQIv2UoKSFGzHlXpA0/aT54fxHjf5UeagWP7G/59aIBMoXjbPAuirKjiO8fCk9Gh6gd5Y1IKNp6X9D5JWVgSCN6HgLqiQzA3jHidOfLApHj4k4xFlp4duefrab0RJZjsbFFtPYp3C5HFyOFCgf/b0sw9/Tj21S2OWgxxY6unNRzxARt3DK8HcVxh6VTh1Fzk+4lKJ18lKzQuBA4Cg2IeTjsALz+dLIEEcDEcFbHaU57pVmpMzHhvBmL5a/ZnTRrTfsTcZbjO4UcSob3TWrMgZ5el

X-Forefront-Antispam-Report:

CIP:78.138.0.169;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.durgan.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(39860400002)(376002)(346002)(396003)(136003)(230922051799003)(7200799017)(1690799017)(451199024)(61400799012)(186009)(82310400011)(64100799003)(36840700001)(46966006)(40470700004)(19625305002)(2906002)(5660300002)(298455003)(564344004)(478600001)(166002)(82740400003)(81166007)(33964004)(336012)(26005)(47076005)(36860700001)(41300700001)(42186006)(6916009)(786003)(316002)(8936002)(41320700001)(34020700004)(70586007)(70206006)(8400799017)(40460700003)(40480700001)(36900700001);DIR:OUT;SFP:1102;

X-OriginatorOrg: x3ke4s8.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2024 02:53:24.9610

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 31d2dd41-fa8f-4aed-a99b-08dc1c87a274

X-MS-Exchange-CrossTenant-Id: 2bbf44ba-076b-4d28-a1e4-93da0edea82c

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2bbf44ba-076b-4d28-a1e4-93da0edea82c;Ip=[78.138.0.169];Helo=[mail.durgan.com]

X-MS-Exchange-CrossTenant-AuthSource:

CO1PEPF000042AA.namprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR18MB3932

X-Spam_score: 8.0

X-Spam_score_int: 80

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: (2810) Notifications



Content analysis details: (8.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.93.113 listed in wl.mailspike.net]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: work1812.blob.core.windows.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[contact.zj9ldwel(at)x3ke4s8.onmicrosoft.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

2.9 SCC_BODY_URI_ONLY No description available.

0.0 T_REMOTE_IMAGE Message contains an external image

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.93.113 listed in list.dnswl.org]

Subject: {SPAM?} =?UTF-8?B?4pqh?=important_for doctor



--PART_wW6G.dlyynjlj

Content-Type: text/html; charset="UTF-8"





(2810) Notifications




















































--PART_wW6G.dlyynjlj--