phish to obtain nk.ca user access

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 15:01:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5vps-000N68-L3

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 14:59:56 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 14:59:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wfbtbkkd.outbound-mail.sendgrid.net ([159.183.177.29]:19120)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5p5R-0003YY-4C

for root@nk.ca;

Mon, 27 Jun 2022 07:47:37 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newlaurakitchen22.com;

h=content-type:mime-version:from:subject:to;

s=s1; bh=+yii+NOD4s/yzXMRRcW5J74WJ29749cHN4Z4RZAM5NM=;

b=fG+2/y9Rjvg9qvI25IPCarNf0PRXaoSDtDkDlc0G95QxPN21m21yGkwi+SzFqXFYzTup

UY6iEX7M77XiFLclZyQPZXPbY05pRHDNkJjs4LlUWTyIb9JOpJKfsY3ouksiWwGdMLnSb1

1sh8oOrl2JCax/qIaBlp621c2EC3rglfOYRsG1NGDg4dpE43v9tJGo5FkK6El4+Vai+u9g

ruWr8VHU2PJVsO3+m5+FAE5R3y7HmaxwNniqK/d0a7sdwTRgWJ2IvzcPgZ3hFQEBOo5Wq3

o/610dZCJ5J8k8+gzdVrvW2EDF8SpWXThv+/crOZxUdLYd2tyGz2pvk66HYmV87A==

Received: by filterdrecv-846cc7cc7f-xf5dw with SMTP id filterdrecv-846cc7cc7f-xf5dw-1-62B9B4DA-7A

2022-06-27 13:47:06.40835424 +0000 UTC m=+1628286.956692011

Received: from [172.17.0.4] (unknown)

by geopod-ismtpd-6-5 (SG) with ESMTP

id Vc92YIaSRhOHbG64ULmN3Q

for ;

Mon, 27 Jun 2022 13:47:06.332 +0000 (UTC)

Content-Type: multipart/related; boundary="===============5976475191921004144=="

MIME-Version: 1.0

From: noreply-zOEivzkkAVNJ9iX@em7717.newlaurakitchen22.com

Subject: Nk Urgent Deactivation alert

X-Priority: 2

Message-ID:

Date: Mon, 27 Jun 2022 13:47:06 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?lT58ugLK=2FeEakYOTzexAmdEL6LQ4znUew5Jeij3FkK=2FWVEYkIk4udGQ3ZiM+mf?=

=?us-ascii?Q?Nd2RnSjQuMoOK2St4OPKq9PGoHWLB0Tdp74jMKm?=

=?us-ascii?Q?qQUFk7KmRGmRg3RlZGRaJx3V6bnUIpFuZqGJrFT?=

=?us-ascii?Q?xVXSS01RhQQ0=2Fya2VAotqZN9pro4ySI+EnEtxpS?=

=?us-ascii?Q?mcKGHnBBfLzYQcvRBB6D7x0Xqcs3aPEGvcXbro0?=

=?us-ascii?Q?Oi7Ulxl+zylC5rq7CVKwNfxQK801o1o2EMU4Hy?=

To: root@nk.ca

X-Entity-ID: dFS1WKN9/TYVa6CBz9GjHA==

X-Spam_score: 5.2

X-Spam_score_int: 52

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: We have identified data security issues concerning your account

root@nk.ca So, we advise that all accounts be authenticated. You are required

to verify your account immediately or we will be



Content analysis details: (5.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.183.177.29 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64

encoding

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

1.0 ACCT_PHISHING Possible phishing for account information

1.0 XPRIO Has X-Priority header

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} Nk Urgent Deactivation alert



--===============5976475191921004144==

Content-Type: text/html; charset=us-ascii

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRlbnQ9Ik1TSFRNTCAx

MS4wMC4xMDU3MC4xMDAxIj4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIg

Y29udGVudD0iSUU9ZWRnZSI+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgIDx0YWJsZSBzdHls

ZT0ibWFyZ2luOiBhdXRvOyB3aWR0aDogNTUwcHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IHRleHQt

dHJhbnNmb3JtOiBub25lOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBmb250LWZhbWlseTogQ2Fs

aWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNnB4OyBmb250

LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiA0MDA7IHdvcmQtc3BhY2luZzogMHB4OyB3aGl0

ZS1zcGFjZTogbm9ybWFsOyBib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlOyBvcnBoYW5zOiAyOyB3

aWRvd3M6IDI7IGZvbnQtc3RyZXRjaDogaW5oZXJpdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1

NSwgMjU1LCAyNTUpOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1jYXBzOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBpbmhlcml0OyBmb250LXZhcmlh

bnQtZWFzdC1hc2lhbjogaW5oZXJpdDsgCiAgICAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw

cHg7IHRleHQtZGVjb3JhdGlvbi10aGlja25lc3M6IGluaXRpYWw7IHRleHQtZGVjb3JhdGlvbi1z

dHlsZTogaW5pdGlhbDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyI+CiAgICA8dGJv

ZHk+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9IndpZHRoOiA1NDhweDsiPgogICAgPGRpdiBzdHls

ZT0iYmFja2dyb3VuZDogcmdiKDIzOSwgMjM5LCAyMzkpOyBtYXJnaW46IGF1dG87IHBhZGRpbmc6

IDIwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyI+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBw

eCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsiPgogICAgPHRhYmxlIHdp

ZHRoPSIxMDAlIiBzdHlsZT0iaGVpZ2h0OiAxOHB4OyI+CiAgICA8dGJvZHk+CiAgICA8dHIgc3R5

bGU9ImhlaWdodDogMThweDsiPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7Ij4mbmJzcDs8

L3RkPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7IHRleHQtYWxpZ246IHJpZ2h0OyI+Jm5i

c3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1hcmdp

bjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwt

YWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJiYWNrZ3JvdW5k

OiB3aGl0ZTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDEwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRD

b2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyI+CiAgICA8dGFibGUgc3R5bGU9IndpZHRo

OiA0ODhweDsgaGVpZ2h0OiAxMjdweDsgYm94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHRi

b2R5PgogICAgPHRyPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNDc2cHg7IGhlaWdodDogOTJweDsg

Ym94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBjb2xv

cjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1z

ZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDAp

OyBmb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5XZSBoYXZlIGlkZW50aWZpZWQgZGF0

YSBzZWN1cml0eSBpc3N1ZXMgY29uY2VybmluZyB5b3VyIGFjY291bnQmbmJzcDs8L3NwYW4+PHNw

YW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMjU1KTsiPgogICAgcm9vdEBuay5jYTxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBhcmlhbCwgc2Fucy1zZXJpZjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjwvcD4KICAgIDxw

IHN0eWxlPSJtYXJnaW46IDBweDsgZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMt

c2VyaWY7IGZvbnQtc2l6ZTogc21hbGw7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IGFyaWFs

LCBzYW5zLXNlcmlmOyI+U28sIHdlIGFkdmlzZSB0aGF0IGFsbCBhY2NvdW50cyBiZSBhdXRoZW50

aWNhdGVkLjwvc3Bhbj48L3A+CiAgICA8cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5

OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+Jm5ic3A7

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5Zb3UgYXJlIHJlcXVpcmVkIHRvIHZlcmlmeSB5b3Vy

IGFjY291bnQgaW1tZWRpYXRlbHkgb3Igd2Ugd2lsbCBiZSZuYnNwOzwvc3Bhbj48L3A+CiAgICA8

cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5z

LXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBhcmlh

bCwgc2Fucy1zZXJpZjsiPmZvcmNlZCB0byBEZWFjdGl2YXRlIHlvdXIgYWNjb3VudC48L3NwYW4+

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48L3NwYW4+Jm5ic3A7PC9wPgogICAgPHAgc3R5bGU9

Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsg

Zm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogYXJpYWwsIHNhbnMt

c2VyaWY7Ij48c3BhbiBzdHlsZT0ibWFyZ2luOiAwcHg7IHBhZGRpbmc6IDBweDsgYm9yZGVyOiAw

cHggY3VycmVudENvbG9yOyBjb2xvcjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogaW5o

ZXJpdDsgZm9udC1zaXplOiBzbWFsbDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyBkaXNwbGF5

OiBpbmxpbmUgIWltcG9ydGFudDsgZm9udC1zdHJldGNoOiBpbmhlcml0OyBiYWNrZ3JvdW5kLWNv

bG9yOiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij4KICAgIElmIHlvdSBmYWlsIHRvIFZlcmlmeSB5b3Vy

IGFjY291bnQsIHlvdSB3aWxsIGJlIGRlYWN0aXZhdGVkIGFuZCB5b3Ugd2lsbCBsb3NlIGFjY2Vz

cyB0byB5b3VyIE1haWxib3guPC9zcGFuPjxicj48L3NwYW4+PC9wPjxzcGFuIHN0eWxlPSJmb250

LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48YnI+PC9zcGFuPjwvdGQ+CiAgICA8dGQgc3R5

bGU9IndpZHRoOiA1cHg7IGhlaWdodDogOTJweDsgdGV4dC1hbGlnbjogcmlnaHQ7IGJveC1zaXpp

bmc6IGJvcmRlci1ib3g7Ij4mbmJzcDs8L3RkPjwvdHI+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9

InBhZGRpbmc6IDVweCAwcHg7IHdpZHRoOiA0NzZweDsgaGVpZ2h0OiAyOXB4OyBib3gtc2l6aW5n

OiBib3JkZXItYm94OyI+CiAgICA8YSBzdHlsZT0iYmFja2dyb3VuZDogcmdiKDAsIDEwMywgMTg0

KTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDdweDsgYm9yZGVyLXJhZGl1czogMnB4OyBib3JkZXI6

IDBweCBjdXJyZW50Q29sb3I7IHdpZHRoOiAxMDAlOyBjb2xvcjogd2hpdGU7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiIGhyZWY9Imh0dHA6Ly92TUh3N3hlWUYuY2l0eXBldC5jb20udHIvXzo6

c3J1MnVUWGF1cGtXSkQ0YmVpZGJDUnNPMF9yZWZfTURZdVluQnlhR0Z1WldSaExtTnZMbWxrTDE4

d05pOGdNRFlqWTIwNWRtUkZRblZoZVRWcVdWRTlQUT09Ij5DbGljayBoZXJlIHRvIHVwZGF0ZSB5

b3VyIGFjY291bnQmZ3Q7Jmd0OzwvYT48L3RkPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNXB4OyBo

ZWlnaHQ6IDI5cHg7IHRleHQtYWxpZ246IHJpZ2h0OyBib3gtc2l6aW5nOiBib3JkZXItYm94OyI+

Jm5ic3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1h

cmdpbjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGlj

YWwtYWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46

IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiPgogICAgPHA+PHNwYW4gc3R5bGU9Im1hcmdpbjogMHB4OyBwYWRkaW5n

OiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgZm9udC1mYW1pbHk6IGluaGVyaXQ7IGZv

bnQtc2l6ZTogMTRweDsgZm9udC13ZWlnaHQ6IDYwMDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij5Ob3RlOjwvc3Bhbj4KICAgICZuYnNwOzxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBpbmhlcml0OyBmb250LXNpemU6IDEycHg7IHZlcnRpY2FsLWFsaWduOiBi

YXNlbGluZTsgZm9udC1zdHJldGNoOiBpbmhlcml0OyI+CiAgICBUaGUgY29udGVudCBvZiB0aGlz

IGVtYWlsIGlzIGNvbmZpZGVudGlhbCBhbmQgaW50ZW5kZWQgZm9yIHRoZSByZWNpcGllbnQgc3Bl

Y2lmaWVkIGluIG1lc3NhZ2Ugb25seS4gSXQgaXMgc3RyaWN0bHkgZm9yYmlkZGVuIHRvIHNoYXJl

IGFueSBwYXJ0IG9mIHRoaXMgbWVzc2FnZSB3aXRoIGFueSB0aGlyZCBwYXJ0eSwgd2l0aG91dCBh

IHdyaXR0ZW4gY29uc2VudCBvZiB0aGUgc2VuZGVyLiBJZiB5b3UgcmVjZWl2ZWQgdGhpcyBtZXNz

YWdlIGJ5IG1pc3Rha2UsIHBsZWFzZSByZXBseSB0byB0aGlzIG1lc3NhZ2UgYW5kIGZvbGxvdyB3

aXRoIGl0cyBkZWxldGlvbiwgc28gdGhhdCB3ZSBjYW4gZW5zdXJlIHN1Y2ggYSBtaXN0YWtlIGRv

ZXMgbm90IG9jY3VyIGluIHRoZSBmdXR1cmUuPC9zcGFuPjwvcD48L2Rpdj48L2Rpdj48L3RkPjwv

dHI+PC90Ym9keT48L3RhYmxlPjwvYm9keT48L2h0bWw+



--===============5976475191921004144==--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA