Phishing attempt to get Netknow user passwords using CPAnel a service nk.ca does not use
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Jun 2022 22:36:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o62wO-000DIh-B0
for dave@doctor.nl2k.ab.ca;
Mon, 27 Jun 2022 22:35:08 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Jun 2022 22:35:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [62.197.136.78] (port=64375 helo=hmamail.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o61ks-0001Oa-7p
for root@nl2k.ab.ca;
Mon, 27 Jun 2022 21:19:14 -0600
From: "IT_noreply_nl2k.ab.ca"
To: root@nl2k.ab.ca
Subject: Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.
Date: 28 Jun 2022 05:18:47 +0200
Message-ID: <20220628051847.2C97D176DAFA785A@hmamail.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.6
X-Spam_score_int: 76
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Webmail cpanel Login Session Authentication This notification
is addressed to your e-mail root@nl2k.ab.ca Dear root
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[62.197.136.78 listed in psbl.surriel.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[62.197.136.78 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[62.197.136.78 listed in ix.dnsbl.manitu.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: bit.ly, nl2k.ab.ca]
Subject: {SPAM?} Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.
; letter-spacing: normal; font-family: "Open Sans", Verdana, Aria=
l, Helvetica, sans-serif; font-size: 11px; font-style: normal; font-weight:=
400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backgr=
ound-color: rgb(245, 246, 246); font-variant-ligatures: normal; font-varian=
t-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: =
initial; text-decoration-style: initial; text-decoration-color:=20
initial;" bgcolor=3D"#f5f6f6" border=3D"0" cellspacing=3D"0" cellpadding=3D=
"0">
x; padding-left: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, s=
ans-serif;">
=3D"0">
9px; padding-bottom: 25px; font-family: Roboto, RobotoDraft, Helvetica, Ari=
al, sans-serif;">
l, sans-serif;">
dding=3D"0">
line-height: 2px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-=
serif; font-size: 2px;">![]()
th: 0px; display: block;">
ly: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">
cellpadding=3D"0">
n: 0px; width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, san=
s-serif;" bgcolor=3D"#f1f2f3">![]()
display: block;">
width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;=
" bgcolor=3D"#eeeff0">![]()
block;">
family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e=
9ea">![]()
width=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: =
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">
g width=3D"1" style=3D"border-width: 0px; display: block;">
amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#ffff=
ff">
top" style=3D"margin: 0px; width: 1px; font-family: Roboto, RobotoDraft, He=
lvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">![]()
border-width: 0px; display: block;">
y: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e9ea">=
![]()
h=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#eeeff0">![]()
th=3D"1" style=3D"border-width: 0px; display: block;">
valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Roboto, Robot=
oDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#f1f2f3">![]()
style=3D"border-width: 0px; display: block;">
d>
px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-si=
ze: 5px;">![]()
ay: block;">
e=3D"margin: 0px; padding: 30px 5px 10px; color: rgb(160, 171, 175); font-f=
amily: Hind, sans-serif; font-size: 11px;">
/td>
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Jun 2022 22:36:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1o62wO-000DIh-B0
for dave@doctor.nl2k.ab.ca;
Mon, 27 Jun 2022 22:35:08 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Jun 2022 22:35:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [62.197.136.78] (port=64375 helo=hmamail.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1o61ks-0001Oa-7p
for root@nl2k.ab.ca;
Mon, 27 Jun 2022 21:19:14 -0600
From: "IT_noreply_nl2k.ab.ca"
To: root@nl2k.ab.ca
Subject: Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.
Date: 28 Jun 2022 05:18:47 +0200
Message-ID: <20220628051847.2C97D176DAFA785A@hmamail.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.6
X-Spam_score_int: 76
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Webmail cpanel Login Session Authentication This notification
is addressed to your e-mail root@nl2k.ab.ca Dear root
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[62.197.136.78 listed in psbl.surriel.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[62.197.136.78 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[62.197.136.78 listed in ix.dnsbl.manitu.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: bit.ly, nl2k.ab.ca]
Subject: {SPAM?} Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.
; letter-spacing: normal; font-family: "Open Sans", Verdana, Aria=
l, Helvetica, sans-serif; font-size: 11px; font-style: normal; font-weight:=
400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backgr=
ound-color: rgb(245, 246, 246); font-variant-ligatures: normal; font-varian=
t-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: =
initial; text-decoration-style: initial; text-decoration-color:=20
initial;" bgcolor=3D"#f5f6f6" border=3D"0" cellspacing=3D"0" cellpadding=3D=
"0">
x; padding-left: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, s=
ans-serif;">
=3D"0">
9px; padding-bottom: 25px; font-family: Roboto, RobotoDraft, Helvetica, Ari=
al, sans-serif;">
l, sans-serif;">
dding=3D"0">
line-height: 2px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-=
serif; font-size: 2px;">
th: 0px; display: block;">
ly: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">
cellpadding=3D"0">
n: 0px; width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, san=
s-serif;" bgcolor=3D"#f1f2f3">
display: block;">
width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;=
" bgcolor=3D"#eeeff0">
block;">
family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e=
9ea">
width=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: =
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">
g width=3D"1" style=3D"border-width: 0px; display: block;">
amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#ffff=
ff">
top" style=3D"margin: 0px; width: 1px; font-family: Roboto, RobotoDraft, He=
lvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">
border-width: 0px; display: block;">
y: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e9ea">=
h=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Robot=
o, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#eeeff0">
th=3D"1" style=3D"border-width: 0px; display: block;">
valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Roboto, Robot=
oDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#f1f2f3">
style=3D"border-width: 0px; display: block;">
d>
px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-si=
ze: 5px;">
ay: block;">
e=3D"margin: 0px; padding: 30px 5px 10px; color: rgb(160, 171, 175); font-f=
amily: Hind, sans-serif; font-size: 11px;">
nd, sans-serif; font-weight: normal;">This email has been sent to&nbs=
p;root@nl2k.ab.ca&nbs=
p;
because it contains important information about your account. If you previo=
usly unsubscribed from Identity Guard®️ marketing emails, you wi=
ll no longer receive special offers, but will continue to receive emails re=
lated to your account. If you believe you received this email in error, ple=
ase send it to our customer service team at
olor: rgb(34, 34, 34);">nl2k.ab.ca
nd, sans-serif; font-weight: normal;">We will never ask you for personal in=
formation in an e-mail. We respect your privacy. If you no longer wish to r=
eceive Identity Guard®️ marketing emails, you can unsubscribe at=
any time.
1, 175); font-family: Hind, sans-serif; font-weight: normal;">©️=
; 2022
nl2k.ab.ca Inc.
/td>
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments