Phishing attempt to get Netknow user passwords using CPAnel a service nk.ca does not use

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 22:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o62wO-000DIh-B0

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 22:35:08 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 22:35:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [62.197.136.78] (port=64375 helo=hmamail.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o61ks-0001Oa-7p

for root@nl2k.ab.ca;

Mon, 27 Jun 2022 21:19:14 -0600

From: "IT_noreply_nl2k.ab.ca"

To: root@nl2k.ab.ca

Subject: Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.

Date: 28 Jun 2022 05:18:47 +0200

Message-ID: <20220628051847.2C97D176DAFA785A@hmamail.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 7.6

X-Spam_score_int: 76

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Webmail cpanel Login Session Authentication This notification

is addressed to your e-mail root@nl2k.ab.ca Dear root



Content analysis details: (7.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in

bl.spamcop.net

[Blocked - see ]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[62.197.136.78 listed in psbl.surriel.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[62.197.136.78 listed in wl.mailspike.net]

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[62.197.136.78 listed in ix.dnsbl.manitu.net]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: bit.ly, nl2k.ab.ca]

Subject: {SPAM?} Authentication error in root@nl2k.ab.ca on 6/28/2022 5:18:47 a.m.
















; letter-spacing: normal; font-family: "Open Sans", Verdana, Aria=

l, Helvetica, sans-serif; font-size: 11px; font-style: normal; font-weight:=

400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backgr=

ound-color: rgb(245, 246, 246); font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: =

initial; text-decoration-style: initial; text-decoration-color:=20

initial;" bgcolor=3D"#f5f6f6" border=3D"0" cellspacing=3D"0" cellpadding=3D=

"0">

x; padding-left: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, s=

ans-serif;">
=3D"0">


9px; padding-bottom: 25px; font-family: Roboto, RobotoDraft, Helvetica, Ari=

al, sans-serif;">

l, sans-serif;">
dding=3D"0">

line-height: 2px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-=

serif; font-size: 2px;">
th: 0px; display: block;">

ly: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">


cellpadding=3D"0">
width=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: =

Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">
g width=3D"1" style=3D"border-width: 0px; display: block;">




n: 0px; width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, san=

s-serif;" bgcolor=3D"#f1f2f3">
display: block;">

width: 1px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;=

" bgcolor=3D"#eeeff0">
block;">


family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e=

9ea">

amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#ffff=

ff">=






in: 0px; color: rgb(233, 149, 104); line-height: 28px; padding-top: 25px; p=

adding-right: 30px; padding-left: 30px; font-family: Hind, sans-serif; font=

-size: 18px; font-weight: 700;">Webmail cpanel


Login Session Authentication

(54, 68, 73); line-height: 16px; font-family: Hind, sans-serif; font-size: =

14px;">


sans-serif; font-size: 14px; font-weight: 500 !important;">This notificati=

on is addressed to your e-mail ro=

ot@nl2k.ab.ca




erif; font-size: 14px; font-weight: 500 !important;">


stify" style=3D"margin: 0px; padding: 0px !important; font-family: Hind, sa=

ns-serif; font-size: 14px;">Dear root

This is the new webmail server=

report, log in now for account authentication. You webmail will =

be logged out in 5 minutes.

Thank you,
 IT Department.
<=

br>


y: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">
height=3D"34" border=3D"0" cellpadding=3D"0">
r>

align=3D"center" valign=3D"middle" style=3D"margin: 0px; height: 30px; line=

-height: 16px; padding-right: 50px; padding-left: 50px; font-family: Hind, =

sans-serif; font-size: 12px; white-space: nowrap;" bgcolor=3D"#e99568">
t color=3D"#ffffff">


eset" rel=3D"noreferrer">CONFIRM AUTHENTICATION

top" style=3D"margin: 0px; width: 1px; font-family: Roboto, RobotoDraft, He=

lvetica, Arial, sans-serif;" bgcolor=3D"#e0e1e2">
border-width: 0px; display: block;">

y: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#e9e9ea">=




h=3D"1" valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Robot=

o, RobotoDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#eeeff0">
th=3D"1" style=3D"border-width: 0px; display: block;">

valign=3D"top" style=3D"margin: 0px; width: 1px; font-family: Roboto, Robot=

oDraft, Helvetica, Arial, sans-serif;" bgcolor=3D"#f1f2f3">
style=3D"border-width: 0px; display: block;">

d>


px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-si=

ze: 5px;">
ay: block;">

e=3D"margin: 0px; padding: 30px 5px 10px; color: rgb(160, 171, 175); font-f=

amily: Hind, sans-serif; font-size: 11px;">




nd, sans-serif; font-weight: normal;">This email has been sent to&nbs=

p;
root@nl2k.ab.ca&nbs=

p;


because it contains important information about your account. If you previo=

usly unsubscribed from Identity Guard®️ marketing emails, you wi=

ll no longer receive special offers, but will continue to receive emails re=

lated to your account. If you believe you received this email in error, ple=

ase send it to our customer service team at 
olor: rgb(34, 34, 34);">nl2k.ab.ca




nd, sans-serif; font-weight: normal;">We will never ask you for personal in=

formation in an e-mail. We respect your privacy. If you no longer wish to r=

eceive Identity Guard®️ marketing emails, you can unsubscribe at=

any time.


1, 175); font-family: Hind, sans-serif; font-weight: normal;">©️=

; 2022 

nl2k.ab.ca
 Inc.

<=

/td>


Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA