nk.ca credential phishing
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 21 Nov 2024 14:26:06 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tEEgX-00000000IQl-2j4F
for dave@doctor.nl2k.ab.ca;
Thu, 21 Nov 2024 14:25:57 -0700
Resent-From: The Doctor
Resent-Date: Thu, 21 Nov 2024 14:25:57 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [188.127.249.59] (port=45478 helo=s1029753.srvape.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tEC3A-000000003k6-1es3
for sales@nk.ca;
Thu, 21 Nov 2024 11:37:14 -0700
Received: from IP-220-112 (localhost [IPv6:::1])
by s1029753.srvape.com (Postfix) with ESMTP id EE3AB2F8FF5
for; Thu, 21 Nov 2024 21:31:30 +0300 (MSK)
From: "nk.ca"
Subject: Action Required: Incoming Mails
To:
Content-Type: multipart/alternative; boundary="bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2"
MIME-Version: 1.0
Date: Thu, 21 Nov 2024 20:31:26 +0200
Message-Id: <20242111203126E0DADC196F-3D9AB757E9@arc-films.co.jp>
X-Spam_score: 8.0
X-Spam_score_int: 80
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: nk.ca ACTION REQUIRED Message Failure Receiving Notice ATTENTION:
sales You have suspended incoming messages Please fix below Allow Message
https://taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
Subject: {SPAM?} Action Required: Incoming Mails
This is a multi-part message in MIME format
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
nk.ca ACTION REQUIRED
Message Failure Receiving Notice
ATTENTION: sales
You have suspended incoming messages
Please fix below
Allow Message https://taikhoanao.vn/index/index/xyz/panelCP.html#sales=
@nk.ca
If you have any questions, please let us know
https://taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca
Contact Us
You received this email to let you know about important changes to you=
r Webmail Account and services.
2024 nk.ca LLC,
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
8859-1">
Action Required: Incoming Mails
; FONT-SIZE: 13px; FONT-FAMILY: Roboto, 'Segoe UI', Ubuntu, 'lucida gr=
ande', tahoma, sans-serif; WIDTH: 574px; WHITE-SPACE: normal; WORD-SPA=
CING: 0px; BORDER-COLLAPSE: separate; MIN-WIDTH: 348px; TEXT-TRANSFORM=
: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; TE=
XT-ALIGN: left; BORDER-SPACING: 0px; ORPHANS: 2; WIDOWS: 2; LETTER-SPA=
CING: normal; font-variant-ligatures: normal; font-variant-caps: norma=
l; text-decoration-thickness: initial; text-decoration-style: initial;=
text-decoration-color: initial; -webkit-text-stroke-width: 0px" heigh=
t=3D"100%" width=3D"100%" border=3D0>
nt-box">
le=3D"BOX-SIZING: content-box; FONT-SIZE: 16px; FONT-FAMILY: Helvetica=
, sans-serif; VERTICAL-ALIGN: top; PADDING-BOTTOM: 0px; PADDING-TOP: 0=
px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
ple-interchange-newline>
IDTH: 516px; WIDTH: 515px; BORDER-COLLAPSE: separate; MIN-WIDTH: 220px=
; PADDING-BOTTOM: 20px; BORDER-SPACING: 0px" border=3D0>
"BOX-SIZING: content-box">
style=3D"BOX-SIZING: content-box; FONT-SIZE: 16px; FONT-FAMILY: Helvet=
ica, sans-serif; WIDTH: 8px; VERTICAL-ALIGN: top; PADDING-BOTTOM: 0px;=
PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px"=
width=3D8>
FONT-FAMILY: Helvetica, sans-serif; VERTICAL-ALIGN: top; PADDING-BOTT=
OM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIG=
HT: 0px">
; BORDER-TOP: rgb(218,220,224) thin solid; BORDER-RIGHT: rgb(218,220,2=
24) thin solid; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BO=
TTOM: 40px; PADDING-TOP: 40px; PADDING-LEFT: 20px; MARGIN: 0px; BORDER=
-LEFT: rgb(218,220,224) thin solid; PADDING-RIGHT: 20px; border-image:=
none; border-radius: 8px" align=3Dcenter>
>
oboto, RobotoDraft, Helvetica, Arial, sans-serif; BORDER-BOTTOM: rgb(2=
18,220,224) thin solid; PADDING-BOTTOM: 24px; TEXT-ALIGN: center; PADD=
ING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 32px; PADDI=
NG-RIGHT: 0px" align=3Djustify>&n=
bsp;nk.ca ACTION REQUIRED
>
: 14px; FONT-FAMILY: Roboto-Regular, Helvetica, Arial, sans-serif; PAD=
DING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 20px; PADDING-LEFT:=
0px; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT: 0px">Message Fail=
ure Receiving Notice
ATTENTION: sales
You have suspended inc=
oming messages
Please fix below
tent-box; FONT-SIZE: 14px; FONT-FAMILY: Roboto-Regular, Helvetica, Ari=
al, sans-serif; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: =
32px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT=
: 0px">
RATION: none; FONT-FAMILY: 'Google Sans', Roboto, RobotoDraft, Helveti=
ca, Arial, sans-serif; MIN-WIDTH: 90px; FONT-WEIGHT: 400; COLOR: rgb(2=
55,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 24=
px; DISPLAY: inline-block; LINE-HEIGHT: 16px; PADDING-RIGHT: 24px; BAC=
KGROUND-COLOR: rgb(65,132,243); border-radius: 5px" href=3D"https://ta=
ikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca" rel=3Dnoreferrer=
target=3D_blank>Allow Message
tent-box; FONT-SIZE: 12px; COLOR: rgb(95,99,104); PADDING-BOTTOM: 0px;=
TEXT-ALIGN: center; PADDING-TOP: 20px; PADDING-LEFT: 0px; MARGIN: 0px=
; LETTER-SPACING: 0px; LINE-HEIGHT: 16px; PADDING-RIGHT: 0px">If you h=
ave any questions, please let us know
box">
COLOR: rgb(8,103,236); BACKGROUND-COLOR: transparent" href=3D"https://=
taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca" rel=3Dnoreferr=
er target=3D_blank>
TION: underline; COLOR: rgb(8,103,236); BACKGROUND-COLOR: transparent"=
>Contact Us
DING-BOTTOM: 0px; TEXT-ALIGN: left; PADDING-TOP: 0px; PADDING-LEFT: 0p=
x; MARGIN: 0px; PADDING-RIGHT: 0px">
-box; FONT-SIZE: 11px; FONT-FAMILY: Roboto-Regular, Helvetica, Arial, =
sans-serif; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 12px=
; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 18px; PADDING-RIGHT: 0p=
x">
G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">You re=
ceived this email to let you know about important changes to your =
;Webmail Account and services.
-box; PADDING-BOTTOM: 0px; DIRECTION: ltr; PADDING-TOP: 0px; PADDING-L=
EFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">2024 nk.ca LLC,
tyle=3D"BOX-SIZING: border-box"> <=
/TR>
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2--
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 21 Nov 2024 14:26:06 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tEEgX-00000000IQl-2j4F
for dave@doctor.nl2k.ab.ca;
Thu, 21 Nov 2024 14:25:57 -0700
Resent-From: The Doctor
Resent-Date: Thu, 21 Nov 2024 14:25:57 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [188.127.249.59] (port=45478 helo=s1029753.srvape.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
(envelope-from
id 1tEC3A-000000003k6-1es3
for sales@nk.ca;
Thu, 21 Nov 2024 11:37:14 -0700
Received: from IP-220-112 (localhost [IPv6:::1])
by s1029753.srvape.com (Postfix) with ESMTP id EE3AB2F8FF5
for
From: "nk.ca"
Subject: Action Required: Incoming Mails
To:
Content-Type: multipart/alternative; boundary="bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2"
MIME-Version: 1.0
Date: Thu, 21 Nov 2024 20:31:26 +0200
Message-Id: <20242111203126E0DADC196F-3D9AB757E9@arc-films.co.jp>
X-Spam_score: 8.0
X-Spam_score_int: 80
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: nk.ca ACTION REQUIRED Message Failure Receiving Notice ATTENTION:
sales You have suspended incoming messages Please fix below Allow Message
https://taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
[188.127.249.59 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
[188.127.249.59 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[188.127.249.59 listed in dnsbl.ahbl.org]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
Subject: {SPAM?} Action Required: Incoming Mails
This is a multi-part message in MIME format
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
nk.ca ACTION REQUIRED
Message Failure Receiving Notice
ATTENTION: sales
You have suspended incoming messages
Please fix below
Allow Message https://taikhoanao.vn/index/index/xyz/panelCP.html#sales=
@nk.ca
If you have any questions, please let us know
https://taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca
Contact Us
You received this email to let you know about important changes to you=
r Webmail Account and services.
2024 nk.ca LLC,
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
8859-1">
; FONT-SIZE: 13px; FONT-FAMILY: Roboto, 'Segoe UI', Ubuntu, 'lucida gr=
ande', tahoma, sans-serif; WIDTH: 574px; WHITE-SPACE: normal; WORD-SPA=
CING: 0px; BORDER-COLLAPSE: separate; MIN-WIDTH: 348px; TEXT-TRANSFORM=
: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; TE=
XT-ALIGN: left; BORDER-SPACING: 0px; ORPHANS: 2; WIDOWS: 2; LETTER-SPA=
CING: normal; font-variant-ligatures: normal; font-variant-caps: norma=
l; text-decoration-thickness: initial; text-decoration-style: initial;=
text-decoration-color: initial; -webkit-text-stroke-width: 0px" heigh=
t=3D"100%" width=3D"100%" border=3D0>
nt-box">
le=3D"BOX-SIZING: content-box; FONT-SIZE: 16px; FONT-FAMILY: Helvetica=
, sans-serif; VERTICAL-ALIGN: top; PADDING-BOTTOM: 0px; PADDING-TOP: 0=
px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
ple-interchange-newline>
IDTH: 516px; WIDTH: 515px; BORDER-COLLAPSE: separate; MIN-WIDTH: 220px=
; PADDING-BOTTOM: 20px; BORDER-SPACING: 0px" border=3D0>
"BOX-SIZING: content-box">
style=3D"BOX-SIZING: content-box; FONT-SIZE: 16px; FONT-FAMILY: Helvet=
ica, sans-serif; WIDTH: 8px; VERTICAL-ALIGN: top; PADDING-BOTTOM: 0px;=
PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px"=
width=3D8>
FONT-FAMILY: Helvetica, sans-serif; VERTICAL-ALIGN: top; PADDING-BOTT=
OM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIG=
HT: 0px">
; BORDER-TOP: rgb(218,220,224) thin solid; BORDER-RIGHT: rgb(218,220,2=
24) thin solid; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BO=
TTOM: 40px; PADDING-TOP: 40px; PADDING-LEFT: 20px; MARGIN: 0px; BORDER=
-LEFT: rgb(218,220,224) thin solid; PADDING-RIGHT: 20px; border-image:=
none; border-radius: 8px" align=3Dcenter>
>
oboto, RobotoDraft, Helvetica, Arial, sans-serif; BORDER-BOTTOM: rgb(2=
18,220,224) thin solid; PADDING-BOTTOM: 24px; TEXT-ALIGN: center; PADD=
ING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 32px; PADDI=
NG-RIGHT: 0px" align=3Djustify>&n=
bsp;nk.ca ACTION REQUIRED
>
: 14px; FONT-FAMILY: Roboto-Regular, Helvetica, Arial, sans-serif; PAD=
DING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 20px; PADDING-LEFT:=
0px; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT: 0px">Message Fail=
ure Receiving Notice
ATTENTION: sales
You have suspended inc=
oming messages
Please fix below
tent-box; FONT-SIZE: 14px; FONT-FAMILY: Roboto-Regular, Helvetica, Ari=
al, sans-serif; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: =
32px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT=
: 0px">
RATION: none; FONT-FAMILY: 'Google Sans', Roboto, RobotoDraft, Helveti=
ca, Arial, sans-serif; MIN-WIDTH: 90px; FONT-WEIGHT: 400; COLOR: rgb(2=
55,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 24=
px; DISPLAY: inline-block; LINE-HEIGHT: 16px; PADDING-RIGHT: 24px; BAC=
KGROUND-COLOR: rgb(65,132,243); border-radius: 5px" href=3D"https://ta=
ikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca" rel=3Dnoreferrer=
target=3D_blank>Allow Message
tent-box; FONT-SIZE: 12px; COLOR: rgb(95,99,104); PADDING-BOTTOM: 0px;=
TEXT-ALIGN: center; PADDING-TOP: 20px; PADDING-LEFT: 0px; MARGIN: 0px=
; LETTER-SPACING: 0px; LINE-HEIGHT: 16px; PADDING-RIGHT: 0px">If you h=
ave any questions, please let us know
box">
COLOR: rgb(8,103,236); BACKGROUND-COLOR: transparent" href=3D"https://=
taikhoanao.vn/index/index/xyz/panelCP.html#sales@nk.ca" rel=3Dnoreferr=
er target=3D_blank>
TION: underline; COLOR: rgb(8,103,236); BACKGROUND-COLOR: transparent"=
>Contact Us
DING-BOTTOM: 0px; TEXT-ALIGN: left; PADDING-TOP: 0px; PADDING-LEFT: 0p=
x; MARGIN: 0px; PADDING-RIGHT: 0px">
-box; FONT-SIZE: 11px; FONT-FAMILY: Roboto-Regular, Helvetica, Arial, =
sans-serif; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 12px=
; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 18px; PADDING-RIGHT: 0p=
x">
G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">You re=
ceived this email to let you know about important changes to your =
;Webmail Account and services.
-box; PADDING-BOTTOM: 0px; DIRECTION: ltr; PADDING-TOP: 0px; PADDING-L=
EFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">2024 nk.ca LLC,
tyle=3D"BOX-SIZING: border-box"> <=
/TR>
--bj3p=_HysL7MdUJO5d2wJcXiagcBKzIUV2--