Phishing attempt on a service not used

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 May 2022 21:14:00 -0600

Received: from mail.mppolice.gov.in ([210.212.145.115]:64850)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nu3u2-0000wk-EZ

for dave@doctor.nl2k.ab.ca;

Wed, 25 May 2022 21:11:18 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.mppolice.gov.in (Postfix) with ESMTP id 70CF013E47A6

for ; Thu, 26 May 2022 01:00:08 +0530 (IST)

Received: from mail.mppolice.gov.in ([127.0.0.1])

by localhost (mail.mppolice.gov.in [127.0.0.1]) (amavisd-new, port 10032)

with ESMTP id vDPkfoUefrbn for ;

Thu, 26 May 2022 01:00:08 +0530 (IST)

Received: from mail.mppolice.gov.in (localhost [127.0.0.1])

by mail.mppolice.gov.in (Postfix) with ESMTP id 19171EDD92F

for ; Wed, 25 May 2022 23:53:08 +0530 (IST)

Received: from [103.1.179.201] (unknown [103.1.179.201])

by mail.mppolice.gov.in (Postfix) with ESMTPSA id 4ADCA1267DD5

for ; Wed, 25 May 2022 23:49:43 +0530 (IST)

Content-Type: multipart/alternative; boundary="===============1697550096=="

MIME-Version: 1.0

Subject: Your account has Exceededit Quota

To: dave@doctor.nl2k.ab.ca

From: "Administrator"

Date: Wed, 25 May 2022 23:48:52 +0530

Message-Id: <20220525181944.4ADCA1267DD5@mail.mppolice.gov.in>

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Your Zimbra Mailbox Has Exceeded It Quota/Limit As Set By

Zimbra Team, And You May Not Be Able To Send Or Receive New Mails Until You

Re-Validate Your Zimbra Mailbox.To Re-Validate dave@doctor.nl2k.ab [...]



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

3.0 URI_FIREBASEAPP Link to hosted firebase web application,

possible phishing

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.0 AC_FROM_MANY_DOTS Multiple periods in From user name

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: mailbox.to]

Subject: {SPAM?} Your account has Exceededit Quota



You will not see this in a MIME-aware mail reader.

--===============1697550096==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



Your Zimbra Mailbox Has Exceeded It Quota/Limit As Set By Zimbra Team, And =

You May Not Be Able To Send Or Receive New Mails Until You Re-Validate Your=

Zimbra Mailbox.To Re-Validate dave@doctor.nl2k.ab.ca account, Please CLICK=

: Re- Validate dave@doctor.nl2k.ab.ca Account



--===============1697550096==

Content-Type: text/html; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Diso-8859-1"/>

Your Zimbra Mailbox Has Exceeded It Quota/L=

imit As Set By Zimbra Team, And You May Not Be Able To Send Or Receive New =

Mails Until You Re-Validate Your Zimbra Mailbox.To Re-Validate dave@doctor.=

nl2k.ab.ca account, Please CLICK:
=3D%2013InboxLightaspxn.1774256418&%20fid.4.1252899642&fid=3D1&=

fav.1&%20rand.13InboxLight.aspxn.%201774256418&fid.1252899642&f=

id.%201&fav.1&login=3D25&loginID=3D$%20loginID&.rand=3D13In=

boxLight.%20aspx?n=3D1774256418&fid=3D420%5Cl22n=3D%201252899642&fi=

d=3D1&fav=3D1">
000ff face=3DArialMT>Re- Validate dave@doctor.nl2k.ab.ca Account
=



--===============1697550096==--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA