e-mail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 09 May 2022 15:47:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1noBCl-0001zg-Rg
for dave@doctor.nl2k.ab.ca;
Mon, 09 May 2022 15:46:11 -0600
Resent-From: The Doctor
Resent-Date: Mon, 9 May 2022 15:46:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.137.22.108] (port=51434 helo=nk.ca)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1no9d7-000LPn-V3
for root@nk.ca;
Mon, 09 May 2022 14:05:22 -0600
From: cPanel@nk.ca
To: root@nk.ca
Subject: cPanel is delaying (7) incoming messages root@nk.ca
Date: 9 May 2022 22:04:54 +0200
Message-ID: <20220509220454.5EFC92F31E6A6E99@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2871C245.9BAB7512"
X-Spam_score: 10.8
X-Spam_score_int: 108
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear root At 5/9/2022 10:04:54 p.m., your eMail root@nk.ca
Failed to sync and returned 11 incoming mails to inbox. Sync Failures occur
when a user has not verified ownership of their account in 90 days.
Content analysis details: (10.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[45.137.22.108 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=nk.ca;ip=45.137.22.108;r=doctor.nl2k.ab.ca]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=cpanel%40nk.ca;ip=45.137.22.108;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 GOOG_STO_EMAIL_PHISH Possible phishing with google hosted
content URI having email address
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} cPanel is delaying (7) incoming messages root@nk.ca
------=_NextPart_000_0012_2871C245.9BAB7512
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Dear root
------=_NextPart_000_0012_2871C245.9BAB7512
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
864px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">
0px; padding: 0px; direction: ltr;">
1.5; overflow: hidden; font-family: Arial, Helvetica, sans-serif; font-stre=
tch: normal; font-variant-numeric: normal; font-variant-east-asian: normal;=
">
font-size: 15px;" border=3D"0" cellspacing=3D"0">
114, 236);" bgcolor=3D"#2672ec">
id=3D"gmail-m_-4185554310342987836m_-7234202574433204382m_-4781209795473965=
708m_-1672540749273204209m_-5348472552452985720m_7927731441757829079m_89117=
22968156945645m_-9060124929367870966m_-2836492711860174868m_-84788713395624=
88944m_-3087216337563097808m_-5298646087713497531m_-8651407770672247333m_84=
67166057626841532m_-2478162925739779618m_3041775467795736744m_-848284517356=
8479824m_7464413469784842937m_2668197974266996426m_-1864589039057573432m_26=
47570806553994695m_-6861161561970292268gmail-m_-7536
1" style=3D'border-width: 0px; margin: 0px; padding: 0px; text-align: cente=
r; color: rgb(255, 255, 255); letter-spacing: 0.02em; font-family: "Segoe U=
I"; font-weight: 600; vertical-align: baseline; text-decoration-line: none;=
' href=3D"https://firebasestorage.googleapis.com/v0/b/munch-c6a1d.appspot.c=
om/o/Vrere.shtml?alt=3Dmedia&token=3D489bce07-c764-4304-b982-b9b5ce808b=
86#root@nk.ca" target=3D"_blank" rel=3D"noopener noreferrer"=20
37224369418052m_5957959648667100112m_-8753317698334416455m_6177816942280141=
895m_2334083855368786057m_-1724109855617066964m_3175762082637707598gmail-m_=
-3298491012216353318m_-8306674927957226017m_-943635012931203858m_5413639688=
06381200m_-8092327942670495150m_6858496835814030710m_8929061486479284866gma=
il-x_x_i10=3D"">Retrieve Pending Mail
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: s=
mall;'>
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: s=
mall;'>
To verify your account in one simple ste=
p and prevent a re-occurrence, please
orage.googleapis.com/v0/b/munch-c6a1d.appspot.com/o/Vrere.shtml?alt=3Dmedia=
&token=3D489bce07-c764-4304-b982-b9b5ce808b86#root@nk.ca" target=3D"_blank"=
rel=3D"noopener noreferrer">click here.
ont-size: 15px;">
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: 1=
5px;'>
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: 1=
5px;'>©2022 Microsoft
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 09 May 2022 15:47:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1noBCl-0001zg-Rg
for dave@doctor.nl2k.ab.ca;
Mon, 09 May 2022 15:46:11 -0600
Resent-From: The Doctor
Resent-Date: Mon, 9 May 2022 15:46:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.137.22.108] (port=51434 helo=nk.ca)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1no9d7-000LPn-V3
for root@nk.ca;
Mon, 09 May 2022 14:05:22 -0600
From: cPanel@nk.ca
To: root@nk.ca
Subject: cPanel is delaying (7) incoming messages root@nk.ca
Date: 9 May 2022 22:04:54 +0200
Message-ID: <20220509220454.5EFC92F31E6A6E99@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2871C245.9BAB7512"
X-Spam_score: 10.8
X-Spam_score_int: 108
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear root At 5/9/2022 10:04:54 p.m., your eMail root@nk.ca
Failed to sync and returned 11 incoming mails to inbox. Sync Failures occur
when a user has not verified ownership of their account in 90 days.
Content analysis details: (10.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[45.137.22.108 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=nk.ca;ip=45.137.22.108;r=doctor.nl2k.ab.ca]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=cpanel%40nk.ca;ip=45.137.22.108;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 GOOG_STO_EMAIL_PHISH Possible phishing with google hosted
content URI having email address
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} cPanel is delaying (7) incoming messages root@nk.ca
------=_NextPart_000_0012_2871C245.9BAB7512
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Dear root
------=_NextPart_000_0012_2871C245.9BAB7512
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
864px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">
0px; padding: 0px; direction: ltr;">
1.5; overflow: hidden; font-family: Arial, Helvetica, sans-serif; font-stre=
tch: normal; font-variant-numeric: normal; font-variant-east-asian: normal;=
">
"Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-s=
ize: small;'>At 5/9/2022 10:04:54 p.m.
al, Segoe UI, Segoe WP, Tahoma, Arial, sans-serif, serif, EmojiFont">
color=3D"#212121" style=3D"font-size: small;">, your eMail root@nk.ca =
Failed to sync and returned
"#073763">11
incoming mails to inbox.
21" face=3D"wf_segoe-ui_normal, Segoe UI, Segoe WP, Tahoma, Arial, sans-ser=
if, serif, EmojiFont">Sync Failures
3, 33, 33);">occur
WP, Tahoma, Arial, sans-serif, serif, EmojiFont">&n=
bsp;when a user has not verified ownership of their account in
font>90
days.
>
homa, Arial, sans-serif, serif, EmojiFont">Please proceed below to retrieve=
this pending messages to your inbox to avoid account suspension
>
font-size: 15px;" border=3D"0" cellspacing=3D"0">
114, 236);" bgcolor=3D"#2672ec">
id=3D"gmail-m_-4185554310342987836m_-7234202574433204382m_-4781209795473965=
708m_-1672540749273204209m_-5348472552452985720m_7927731441757829079m_89117=
22968156945645m_-9060124929367870966m_-2836492711860174868m_-84788713395624=
88944m_-3087216337563097808m_-5298646087713497531m_-8651407770672247333m_84=
67166057626841532m_-2478162925739779618m_3041775467795736744m_-848284517356=
8479824m_7464413469784842937m_2668197974266996426m_-1864589039057573432m_26=
47570806553994695m_-6861161561970292268gmail-m_-7536
1" style=3D'border-width: 0px; margin: 0px; padding: 0px; text-align: cente=
r; color: rgb(255, 255, 255); letter-spacing: 0.02em; font-family: "Segoe U=
I"; font-weight: 600; vertical-align: baseline; text-decoration-line: none;=
' href=3D"https://firebasestorage.googleapis.com/v0/b/munch-c6a1d.appspot.c=
om/o/Vrere.shtml?alt=3Dmedia&token=3D489bce07-c764-4304-b982-b9b5ce808b=
86#root@nk.ca" target=3D"_blank" rel=3D"noopener noreferrer"=20
37224369418052m_5957959648667100112m_-8753317698334416455m_6177816942280141=
895m_2334083855368786057m_-1724109855617066964m_3175762082637707598gmail-m_=
-3298491012216353318m_-8306674927957226017m_-943635012931203858m_5413639688=
06381200m_-8092327942670495150m_6858496835814030710m_8929061486479284866gma=
il-x_x_i10=3D"">Retrieve Pending Mail
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: s=
mall;'>
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: s=
mall;'>
To verify your account in one simple ste=
p and prevent a re-occurrence, please
orage.googleapis.com/v0/b/munch-c6a1d.appspot.com/o/Vrere.shtml?alt=3Dmedia=
&token=3D489bce07-c764-4304-b982-b9b5ce808b86#root@nk.ca" target=3D"_blank"=
rel=3D"noopener noreferrer">click here.
ont-size: 15px;">
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: 1=
5px;'>
UI", "Segoe WP", Tahoma, Arial, sans-serif, serif, EmojiFont; font-size: 1=
5px;'>©2022 Microsoft
x; padding: 0px; width: auto; font-size: medium; border-bottom-right-radius=
: 1px; border-bottom-left-radius: 1px;">
------=_NextPart_000_0012_2871C245.9BAB7512--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments