Phishing for nk.ca credentials from Hostinger International Limited São Paulo, São Paulo, Brazil
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Feb 2024 05:10:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1raaYr-00000000KBg-1pAG
for dave@doctor.nl2k.ab.ca;
Thu, 15 Feb 2024 05:09:53 -0700
Resent-From: The Doctor
Resent-Date: Thu, 15 Feb 2024 05:09:53 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp.dinstallationsltd.com ([85.31.60.199]:45722)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1raWrB-00000000D65-1SdX
for sales@nk.ca;
Thu, 15 Feb 2024 01:12:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=dinstallationsltd.com; s=202400; t=1707984387;
bh=gSFa2/W+6tvFIOOznkIQRCYSmDM/RmbBYznYVY3/KVk=;
h=Reply-To:From:To:Subject:Date:List-Unsubscribe:From;
b=XrdoQQTsxDkt7S6EMuU/kvGnmuBfb+xGjIrUoyOmzCjD2lyOrYzeZS/PRrDRLVYkU
eEXgEyPyGDMj8MDBIO/H8PvzGU0s3vC/AVSAYnMAZM/bTECUN7kBuUZt9Ksg6NtpHI
yC41mryTLjR+VaJ7IJA1dglK/t+3Fllo8x0YfuM2kqr8AnUDnHO3DMtDmKXbGNmzFK
WkB/MKA4GfG2DQxJppw+hGPza6y9L/HD7jTKq3FrbQBFFuREjboUG+sl6lLajjbEzm
48vznLZp/x60eVWO+Yll2GLQaoV9NTkSZWV3fXzkt4NBClcceqmr59+Uy3DmAacIeb
7JC4/t36QldQQ==
Received: from hawaiianislandrealestate.com (unknown [139.64.172.66])
by smtp.dinstallationsltd.com (Postfix) with ESMTPSA id 0F7C75199F
for; Thu, 15 Feb 2024 08:06:26 +0000 (UTC)
Reply-To: ICANN Domain Validation
From: ICANN Domain Validation
To: sales@nk.ca
Subject: Webmail account validation for nk.ca user(s)
Date: 15 Feb 2024 07:19:10 -0800
Message-ID: <20240215071910.A3904DB1A7F9F22D@dinstallationsltd.com>
MIME-Version: 1.0
List-Unsubscribe:
Organization: nk.ca
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_76C08780.11AFF92A"
X-Spam_score: 8.4
X-Spam_score_int: 84
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi sales, To continue using your email account (sales@nk.ca),
please verify that this is your email address. Verify email address ( https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberkd&&adurl=https://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoatr6hiujuysafh2vq#c2FsZXNAbmsuY2E=
)
Content analysis details: (8.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[85.31.60.199 listed in psbl.surriel.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: dinstallationsltd.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: dinstallationsltd.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon
Subject: {SPAM?} Webmail account validation for nk.ca user(s)
------=_NextPart_000_0012_76C08780.11AFF92A
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Hi sales,
To continue=C2=A0using your email account (sales@nk.ca), please verify=20
that this is your email address.
Verify email address=20
(=C2=A0https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberk=
d&&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoa=
tr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D=C2=A0)
This link will expire in=C2=A03 days. If you did not make this=20
request, please disregard this email.
For help, contact us through our=C2=A0Help center=20
(=C2=A0https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberk=
d&&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoa=
tr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D=C2=A0)=20
=2E
------=_NextPart_000_0012_76C08780.11AFF92A
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
l4/strict.dtd">
1">
r: rgb(53, 55, 64); text-transform: none; line-height: 1.5; text-indent: 0p=
x; letter-spacing: normal; font-family: Helvetica,Arial,sans-serif; font-si=
ze: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);">=
x; font-size: 32px;">Hi sales,
tom: 0px;">To
continue using your email account (sales@nk.ca), please verify
that this is your email address.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Feb 2024 05:10:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1raaYr-00000000KBg-1pAG
for dave@doctor.nl2k.ab.ca;
Thu, 15 Feb 2024 05:09:53 -0700
Resent-From: The Doctor
Resent-Date: Thu, 15 Feb 2024 05:09:53 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp.dinstallationsltd.com ([85.31.60.199]:45722)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1raWrB-00000000D65-1SdX
for sales@nk.ca;
Thu, 15 Feb 2024 01:12:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=dinstallationsltd.com; s=202400; t=1707984387;
bh=gSFa2/W+6tvFIOOznkIQRCYSmDM/RmbBYznYVY3/KVk=;
h=Reply-To:From:To:Subject:Date:List-Unsubscribe:From;
b=XrdoQQTsxDkt7S6EMuU/kvGnmuBfb+xGjIrUoyOmzCjD2lyOrYzeZS/PRrDRLVYkU
eEXgEyPyGDMj8MDBIO/H8PvzGU0s3vC/AVSAYnMAZM/bTECUN7kBuUZt9Ksg6NtpHI
yC41mryTLjR+VaJ7IJA1dglK/t+3Fllo8x0YfuM2kqr8AnUDnHO3DMtDmKXbGNmzFK
WkB/MKA4GfG2DQxJppw+hGPza6y9L/HD7jTKq3FrbQBFFuREjboUG+sl6lLajjbEzm
48vznLZp/x60eVWO+Yll2GLQaoV9NTkSZWV3fXzkt4NBClcceqmr59+Uy3DmAacIeb
7JC4/t36QldQQ==
Received: from hawaiianislandrealestate.com (unknown [139.64.172.66])
by smtp.dinstallationsltd.com (Postfix) with ESMTPSA id 0F7C75199F
for
Reply-To: ICANN Domain Validation
From: ICANN Domain Validation
To: sales@nk.ca
Subject: Webmail account validation for nk.ca user(s)
Date: 15 Feb 2024 07:19:10 -0800
Message-ID: <20240215071910.A3904DB1A7F9F22D@dinstallationsltd.com>
MIME-Version: 1.0
List-Unsubscribe:
Organization: nk.ca
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_76C08780.11AFF92A"
X-Spam_score: 8.4
X-Spam_score_int: 84
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi sales, To continue using your email account (sales@nk.ca),
please verify that this is your email address. Verify email address ( https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberkd&&adurl=https://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoatr6hiujuysafh2vq#c2FsZXNAbmsuY2E=
)
Content analysis details: (8.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[85.31.60.199 listed in psbl.surriel.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: dinstallationsltd.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: dinstallationsltd.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon
Subject: {SPAM?} Webmail account validation for nk.ca user(s)
------=_NextPart_000_0012_76C08780.11AFF92A
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Hi sales,
To continue=C2=A0using your email account (sales@nk.ca), please verify=20
that this is your email address.
Verify email address=20
(=C2=A0https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberk=
d&&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoa=
tr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D=C2=A0)
This link will expire in=C2=A03 days. If you did not make this=20
request, please disregard this email.
For help, contact us through our=C2=A0Help center=20
(=C2=A0https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberk=
d&&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejgoa=
tr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D=C2=A0)=20
=2E
------=_NextPart_000_0012_76C08780.11AFF92A
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
l4/strict.dtd">
1">
r: rgb(53, 55, 64); text-transform: none; line-height: 1.5; text-indent: 0p=
x; letter-spacing: normal; font-family: Helvetica,Arial,sans-serif; font-si=
ze: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);">=
x; font-size: 32px;">Hi sales,
tom: 0px;">To
continue using your email account (sales@nk.ca), please verify
that this is your email address.
x 20px 11px; color: white; line-height: 24px; font-family: Helvetica,sans-s=
erif; font-size: 16px; font-weight: 400; text-decoration: none; -moz-backgr=
ound-clip: initial; -moz-background-origin: initial; -moz-background-inline=
-policy: initial;"=20
href=3D"https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-november=
kd&&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xu=
vurqejgoatr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D" target=3D"_blank" rel=3D"nore=
ferrer">Verify
email address
adding: 0px 20px 20px; text-align: left; color: rgb(110, 110, 128); text-tr=
ansform: none; line-height: 1.4; text-indent: 0px; letter-spacing: normal; =
font-family: Helvetica,Arial,sans-serif; font-size: 13px; font-style: norma=
l; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: 2; wi=
dows: 2; -moz-background-clip: initial; -moz-background-origin: initial; -m=
oz-background-inline-policy: initial;">
This link will expire
in 3 days. If you did not make this request, please disregard
this email.
For help, contact us through our
, 105, 166); text-decoration: none; background-color: transparent;" href=3D=
"https://adclick.g.doubleclick.net/pcs/click?fjWKRXTAP84695-novemberkd&=
&adurl=3Dhttps://ipfs.io/ipfs/bafybeicp3pifh7iralrq3di27c55wj5xuvurqejg=
oatr6hiujuysafh2vq#c2FsZXNAbmsuY2E=3D" target=3D"_blank" rel=3D"noreferrer"=
>Help
center.
------=_NextPart_000_0012_76C08780.11AFF92A--