Linkedin Phish

Posted by Dave Yadallee on Wednesday, May 18. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 18 May 2022 00:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrCzI-000PGc-O6

for dave@doctor.nl2k.ab.ca;

Wed, 18 May 2022 00:16:48 -0600

Resent-From: The Doctor

Resent-Date: Wed, 18 May 2022 00:16:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mo-csg1515.securemx.jp ([210.130.202.183]:52314 helo=mo-csg.securemx.jp)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrAin-000KGQ-Hr

for doctor@nl2k.ab.ca;

Tue, 17 May 2022 21:51:42 -0600

Received: by mo-csg.securemx.jp (mx-mo-csg1515) id 24I3pIvh016850; Wed, 18 May 2022 12:51:18 +0900

X-Iguazu-Qid: 34tMJGoc1GIIlZYVW7

X-Iguazu-QSIG: v=2; s=0; t=1652845877; q=34tMJGoc1GIIlZYVW7; m=KPFjVUeh3KXgSkEbo2UpAIOLr50EowIiD2aGZbyU8rE=

Received: from ic-lando.co.jp (210x140x88x63.rev.barem.jp [210.140.88.63] (may be forged))

by relay.securemx.jp (mx-mr1511) id 24I3oM7o026008;

Wed, 18 May 2022 12:51:17 +0900

Received: from ettech.com (unknown [20.222.149.183])

by ic-lando.co.jp (Postfix) with ESMTPA id 72A1B93822C

for ; Wed, 18 May 2022 12:42:28 +0900 (JST)

From: Linkedin

To: doctor@nl2k.ab.ca

Subject: =?UTF-8?B?UkU6IFJFOua+s+a0siBMaW5kaW4gSW50IE1lbW9yeSBQbGMgT2ZmZXI=?=

Date: 18 May 2022 03:42:28 +0000

Message-ID: <20220518034228.13961C1BCA4E8501@ettech.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: LinkedIn LinkedIn Reminder sent you a message Date: 1/14/2022

Content analysis details: (6.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=editor%40ettech.com;ip=210.130.202.183;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

1.0 FORGED_SPF_HELO No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FROM_MISSP_SPF_FAIL No description available.

0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP

0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: sunbin.org]

Subject: {SPAM?} =?UTF-8?B?UkU6IFJFOua+s+a0siBMaW5kaW4gSW50IE1lbW9yeSBQbGMgT2ZmZXI=?=

ITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(32,3=

1,30); FONT: 12px arial, sans-serif; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px aut=

o; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); text-decorat=

ion-style: initial; text-decoration-color: initial; -webkit-text-stroke-wid=

th: 0px; text-decoration-thickness: initial; -webkit-font-smoothing: antial=

iased; transform: scale(0.972727, 0.972727);=20

transform-origin: left top" cellspacing=3D"0" cellpadding=3D"0" width=3D"55=

0" border=3D"0">

iased">

bkit-font-smoothing: antialiased">LinkedIn

LinkedIn Reminder=

sent you a message

Date: =

1/14/2022

Subject:&nb=

sp;You have a new message in your inbox

n/lin/index.html#doctor@nl2k.ab.ca" rel=3Dnofollow target=3D_blank>http://w=

ww.linkedin.com/?folder=3DInbox&viewMsg=3D2845ec7a89&userid=3D97698=

; TEXT-ALIGN: center; PADDING-TOP: 5px; PADDING-LEFT: 15px; PADDING-RIGHT: =

15px; -webkit-font-smoothing: antialiased">
f=3D"https://sunbin.org//cgi-etc/ok/lin/lin/index.html#doctor@nl2k.ab.ca" r=

el=3Dnofollow target=3D_blank>View/reply to this message

-TOP: 15px; COLOR: rgb(153,153,153); PADDING-TOP: 15px; -webkit-font-smooth=

ing: antialiased" data-event-added=3D"1">

Don't want to receive e-mail notifications?
=3D"BORDER-TOP: 0px; BORDER-RIGHT: 0px; VERTICAL-ALIGN: baseline; BORDER-BO=

TTOM: 0px; COLOR: rgb(0,102,204); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PA=

DDING-LEFT: 0px; BORDER-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; -webkit=

-font-smoothing: antialiased" href=3D"https://sunbin.org//cgi-etc/ok/lin/li=

n/index.html#doctor@nl2k.ab.ca" rel=3D"noopener noreferrer" target=3D_blank=

data-auth=3D"NotApplicable" data-linkindex=3D"2">

Adjust your message settings.

This email was intended for u-email@hotmail.com. © 2022, LinkedIn=

Corporation.

DER-LEFT-WIDTH: 0px; CURSOR: pointer; BORDER-RIGHT-WIDTH: 0px; BORDER-TOP-C=

OLOR: ; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: 1px dashed; BORDER-LEFT-CO=

LOR: ; COLOR: ; PADDING-BOTTOM: 1px; PADDING-TOP: 1px; PADDING-LEFT: 0px; M=

ARGIN: 0px; BORDER-RIGHT-COLOR: ; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px=

; -webkit-font-smoothing: antialiased; border-image: initial; font-stretch:=

inherit" data-markjs=3D"true">

Stierl=

in Ct. Mountain View, CA 94043, USA

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Name

Homepage

In reply to

Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above:

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

Enter the string from the spam-prevention image above:

Remember Information?

Subscribe to this entry

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24					Forward →
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30