Phish attempt from Germany
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 20 May 2022 13:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1ns8iK-0002Zy-Ry
for dave@doctor.nl2k.ab.ca;
Fri, 20 May 2022 13:55:08 -0600
Resent-From: The Doctor
Resent-Date: Fri, 20 May 2022 13:55:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from srv.legenditds.com ([5.9.106.86]:58084)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1ns4wK-0002eT-D5
for sales@nk.ca;
Fri, 20 May 2022 09:53:27 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=surabhitek.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:
Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Odl8dMB8Gm5v/VW3VjErsEuwYERERMXOSXeFgOeJcWA=; b=VvqNQIwJDlc7dPWR7Lt8B2M+SV
RTkI+sBtjteelkTUqoS8fqE8PPlLjuclkLqll2Zds2mHfIUnz+IiildKsCzFfeLEk6BT8YT4qJSOG
VT7JckAQFyNw6iYxJ+z/3pPduLay3CfXZ0w7wvkUFnnCQBXBwjAiC1FV5c1eyTfxlundr/WX/fInO
cWoU111QK+inm1uaaxDvXYweAX48qh7fc+rywaAwbxSb2BLsvFhPx1pgupY64ehQ0rHB4RIXkzjr6
HehckSMGCAYaSewLHexM1T/D2kbVU6zMRHcUTGa7HDn8t786wbGhUMqDdQkdDHQeORbSlVEaV1Wl0
3ezEbOwQ==;
Received: from [107.172.59.37] (port=63063 helo=njrich.com)
by srv.legenditds.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from)
id 1ns4vw-000115-6O
for sales@nk.ca;
Fri, 20 May 2022 21:22:56 +0530
From: "@nk.ca"
To: sales@nk.ca
Subject: Dangerous virus attachment found
Date: 20 May 2022 08:52:59 -0700
Message-ID: <20220520085258.0B60E223CEE571F9@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_B6A1EB3B.8DEA482C"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv.legenditds.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - nk.ca
X-Get-Message-Sender-Via: srv.legenditds.com: authenticated_id: ashok@surabhitek.com
X-Authenticated-Sender: srv.legenditds.com: ashok@surabhitek.com
X-Source:
X-Source-Args:
X-Source-Dir:
------=_NextPart_000_0012_B6A1EB3B.8DEA482C
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
GIN: 0px; PADDING-RIGHT: 0px" bgcolor=3D"#FFFFFF">
=3D"0" cellpadding=3D"0" width=3D"100%" border=3D"0">
ellspacing=3D"0" cellpadding=3D"0" border=3D"0">
8,220,224) thin solid; BORDER-RIGHT: rgb(218,220,224) thin solid; BORDER-BO=
TTOM: rgb(218,220,224) thin solid; PADDING-BOTTOM: 40px; PADDING-TOP: 40px;=
PADDING-LEFT: 20px; BORDER-LEFT: rgb(218,220,224) thin solid; PADDING-RIGH=
T: 20px; border-radius: 8px" align=3Dcenter>
rial, sans-serif; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BOTTO=
M: 24px; TEXT-ALIGN: center; LINE-HEIGHT: 32px'>
8px" align=3D"center">
sales@nk.ca
ABLE>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">Hi=
sales,
A dangerous virus spyware was found on your email account on=
5/20/2022 8:52:58 a.m. UTC.
The file was sent from IP : 146=
=2E158.92.137![3D""](3D"=<br)
cid:00img337.png" align=3D"baseline" width=3D"26" height=3D"16">Rus=
sian Federation [RU]
through a Samsung Galaxy Z Fold device.
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">
ns", Roboto, RobotoDraft, Helvetica, Arial, sans-serif; MIN-WIDTH: 90px; FO=
NT-WEIGHT: 400; COLOR: rgb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP:=
10px; PADDING-LEFT: 24px; DISPLAY: inline-block; LINE-HEIGHT: 16px; PADDIN=
G-RIGHT: 24px; BACKGROUND-COLOR: rgb(65,132,243); border-radius: 5px'=20
href=3D"https://vps68571.inmotionhosting.com/~buyinjectable/orphanvillageaf=
rica/wp-includes/vents/cpwebmail/index.php?email=3Dsales@nk.ca">Remove Viru=
s File
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 20 May 2022 13:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1ns8iK-0002Zy-Ry
for dave@doctor.nl2k.ab.ca;
Fri, 20 May 2022 13:55:08 -0600
Resent-From: The Doctor
Resent-Date: Fri, 20 May 2022 13:55:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from srv.legenditds.com ([5.9.106.86]:58084)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1ns4wK-0002eT-D5
for sales@nk.ca;
Fri, 20 May 2022 09:53:27 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=surabhitek.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:
Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Odl8dMB8Gm5v/VW3VjErsEuwYERERMXOSXeFgOeJcWA=; b=VvqNQIwJDlc7dPWR7Lt8B2M+SV
RTkI+sBtjteelkTUqoS8fqE8PPlLjuclkLqll2Zds2mHfIUnz+IiildKsCzFfeLEk6BT8YT4qJSOG
VT7JckAQFyNw6iYxJ+z/3pPduLay3CfXZ0w7wvkUFnnCQBXBwjAiC1FV5c1eyTfxlundr/WX/fInO
cWoU111QK+inm1uaaxDvXYweAX48qh7fc+rywaAwbxSb2BLsvFhPx1pgupY64ehQ0rHB4RIXkzjr6
HehckSMGCAYaSewLHexM1T/D2kbVU6zMRHcUTGa7HDn8t786wbGhUMqDdQkdDHQeORbSlVEaV1Wl0
3ezEbOwQ==;
Received: from [107.172.59.37] (port=63063 helo=njrich.com)
by srv.legenditds.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from
id 1ns4vw-000115-6O
for sales@nk.ca;
Fri, 20 May 2022 21:22:56 +0530
From: "@nk.ca"
To: sales@nk.ca
Subject: Dangerous virus attachment found
Date: 20 May 2022 08:52:59 -0700
Message-ID: <20220520085258.0B60E223CEE571F9@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_B6A1EB3B.8DEA482C"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv.legenditds.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - nk.ca
X-Get-Message-Sender-Via: srv.legenditds.com: authenticated_id: ashok@surabhitek.com
X-Authenticated-Sender: srv.legenditds.com: ashok@surabhitek.com
X-Source:
X-Source-Args:
X-Source-Dir:
------=_NextPart_000_0012_B6A1EB3B.8DEA482C
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
GIN: 0px; PADDING-RIGHT: 0px" bgcolor=3D"#FFFFFF">
=3D"0" cellpadding=3D"0" width=3D"100%" border=3D"0">
ellspacing=3D"0" cellpadding=3D"0" border=3D"0">
8,220,224) thin solid; BORDER-RIGHT: rgb(218,220,224) thin solid; BORDER-BO=
TTOM: rgb(218,220,224) thin solid; PADDING-BOTTOM: 40px; PADDING-TOP: 40px;=
PADDING-LEFT: 20px; BORDER-LEFT: rgb(218,220,224) thin solid; PADDING-RIGH=
T: 20px; border-radius: 8px" align=3Dcenter>
rial, sans-serif; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BOTTO=
M: 24px; TEXT-ALIGN: center; LINE-HEIGHT: 32px'>
Virus Detected
8px" align=3D"center">
ABLE>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">Hi=
sales,
A dangerous virus spyware was found on your email account on=
5/20/2022 8:52:58 a.m. UTC.
The file was sent from IP : 146=
=2E158.92.137
cid:00img337.png" align=3D"baseline" width=3D"26" height=3D"16">Rus=
sian Federation [RU]
through a Samsung Galaxy Z Fold device.
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">
ns", Roboto, RobotoDraft, Helvetica, Arial, sans-serif; MIN-WIDTH: 90px; FO=
NT-WEIGHT: 400; COLOR: rgb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP:=
10px; PADDING-LEFT: 24px; DISPLAY: inline-block; LINE-HEIGHT: 16px; PADDIN=
G-RIGHT: 24px; BACKGROUND-COLOR: rgb(65,132,243); border-radius: 5px'=20
href=3D"https://vps68571.inmotionhosting.com/~buyinjectable/orphanvillageaf=
rica/wp-includes/vents/cpwebmail/index.php?email=3Dsales@nk.ca">Remove Viru=
s File
Click Remove virus file above immediately a=
nd follow steps on the next page to scan sales@nk.ca online =
with McAfee antivirus.
Repeat process if no email confirmation i=
s received after processing.
ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">You can also acti=
vate McAfee email security notifications at
8571.inmotionhosting.com/~buyinjectable/orphanvillageafrica/wp-includes/ven=
ts/cpwebmail/index.php?email=3Dsales@nk.ca">https://mcafee.nk.ca/notificati=
ons
ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">If no action is t=
aken, we will suspend your email temporarily to secure your account.
IV>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 12px; LINE-HEIGHT: 18px">
You received this automated email to let you know about changes t=
o your nk.ca Account.
o your nk.ca Account.
© 2022 All Rights Reserved
DIV>
R>
------=_NextPart_000_0012_B6A1EB3B.8DEA482C
Content-Type: image/png; name="00img337.png"
Content-Transfer-Encoding: base64
Content-ID: <00img337.png>
iVBORw0KGgoAAAANSUhEUgAAABoAAAAQCAYAAAAI0W+oAAAAAXNSR0IArs4c6QAAAARnQU1B
AACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAGnSURBVDhP7ZLNTttAFEbDAiEIhAQS
EhLHdpwfyouAhMSaBRKCLbT8qDxHX6F7IHGhkXgCXoAXYFHFqPsCMRgf7sQBbMLCAsGqIx2N
dGf8nbHuTbiuy2cQEXU6Hd67PM+LCBRnP8+jIsdx+tffvmKJLi8/SdRuO9g2tFoBzebrHB3B
4eEzBwdhYohWVhzyeXrkcpDNBkxNQSYD6TRMTkIqBRMTMD4OySSMjcHoKIyMqHoM0dqag2XR
wzQDDAN0Hcpl0DQoFmF2NuDlo6anoVCIIVpd/4vRkOC6BNckuBpQrEiwSAsizYt0RqQ5kWZL
Ei7ijEjTBflbJdViiE43ftCe3+e34ss+J3PfOWkI9T2Oa0J1l2Nrh1+VHWxzG9v4hq0L5a+0
tC2apc1eLZypGBD9WV7CSyW5y2e500t4lsF9vYLfqOLP1YK9buHXpFY18eXcr+j4Zhnf0PD7
34QzFQOii8VFrhKJJ66Hh7mRTnel+12ZhK5MRFca4UpDXGmM2m8VqqZQ56oeylQMihYWIqJH
/vV5qg0NvY66J6MXznwkIvpI/oveiMsDmXhx+EhMFMkAAAAASUVORK5CYII=
------=_NextPart_000_0012_B6A1EB3B.8DEA482C--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments