Virus phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 24 Jul 2022 23:21:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oFqWV-000Pcl-RM
for dave@doctor.nl2k.ab.ca;
Sun, 24 Jul 2022 23:20:55 -0600
Resent-From: The Doctor
Resent-Date: Sun, 24 Jul 2022 23:20:55 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from rdns0.ssdnssoutsign.link ([194.156.89.132]:52961)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oFofS-000Hqe-A8
for sales@nk.ca;
Sun, 24 Jul 2022 21:22:07 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=ssdnssoutsign.link;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
i=mail@ssdnssoutsign.link;
bh=5BBr8SzwVILS/m+H6mVd41cQwRwJaxeHHg/ImpAJ5BY=;
b=nevJ8IcWmvylF5bD2PTJzClxeNXEsttv874ywIUspzQ9FpdqiM/8/qt7PKT7SAADtyrF1fdIl0hR
n2oLZIxQoAjvJAHF0mVlCcHXcPI7gjmgTd/i3XqjlkK7F07MAHJ0yJyg2518lOXndtcO7H4nFxcQ
O+nXZh2bsGY94NMnQDY=
From: nk.ca
To: sales@nk.ca
Subject: sales, virus attachment found on your Email Account
Date: 24 Jul 2022 20:21:43 -0700
Message-ID: <20220724202143.939BE09CFF372EA9@ssdnssoutsign.link>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_7646E1D3.6CA09B30"
------=_NextPart_000_0012_7646E1D3.6CA09B30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
GIN: 0px; PADDING-RIGHT: 0px" bgcolor=3D"#FFFFFF">
=3D"0" cellpadding=3D"0" width=3D"100%" border=3D"0">
ellspacing=3D"0" cellpadding=3D"0" border=3D"0">
8,220,224) thin solid; BORDER-RIGHT: rgb(218,220,224) thin solid; BORDER-BO=
TTOM: rgb(218,220,224) thin solid; PADDING-BOTTOM: 40px; PADDING-TOP: 40px;=
PADDING-LEFT: 20px; BORDER-LEFT: rgb(218,220,224) thin solid; PADDING-RIGH=
T: 20px; border-radius: 8px" align=3Dcenter>
rial, sans-serif; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BOTTO=
M: 24px; TEXT-ALIGN: center; LINE-HEIGHT: 32px'>
8px" align=3D"center">
sales@nk.ca
TD>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px" al=
ign=3Dleft>We noticed a dangerous attachment was sent to your ema=
il from IP : 81.221.18.188![]()
hspace=3D"0" alt=3D"" src=3D"cid:img0.png" align=3D"baseline" width=3D"25"=
height=3D"17">Switzerland [CH]
through a Microsoft Windows 7 HP computer. Click button&nb=
sp;below, follow steps on the next page to discover and delete virus f=
ile before downloading.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 24 Jul 2022 23:21:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oFqWV-000Pcl-RM
for dave@doctor.nl2k.ab.ca;
Sun, 24 Jul 2022 23:20:55 -0600
Resent-From: The Doctor
Resent-Date: Sun, 24 Jul 2022 23:20:55 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from rdns0.ssdnssoutsign.link ([194.156.89.132]:52961)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oFofS-000Hqe-A8
for sales@nk.ca;
Sun, 24 Jul 2022 21:22:07 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=ssdnssoutsign.link;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
i=mail@ssdnssoutsign.link;
bh=5BBr8SzwVILS/m+H6mVd41cQwRwJaxeHHg/ImpAJ5BY=;
b=nevJ8IcWmvylF5bD2PTJzClxeNXEsttv874ywIUspzQ9FpdqiM/8/qt7PKT7SAADtyrF1fdIl0hR
n2oLZIxQoAjvJAHF0mVlCcHXcPI7gjmgTd/i3XqjlkK7F07MAHJ0yJyg2518lOXndtcO7H4nFxcQ
O+nXZh2bsGY94NMnQDY=
From: nk.ca
To: sales@nk.ca
Subject: sales, virus attachment found on your Email Account
Date: 24 Jul 2022 20:21:43 -0700
Message-ID: <20220724202143.939BE09CFF372EA9@ssdnssoutsign.link>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_7646E1D3.6CA09B30"
------=_NextPart_000_0012_7646E1D3.6CA09B30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
GIN: 0px; PADDING-RIGHT: 0px" bgcolor=3D"#FFFFFF">
=3D"0" cellpadding=3D"0" width=3D"100%" border=3D"0">
ellspacing=3D"0" cellpadding=3D"0" border=3D"0">
8,220,224) thin solid; BORDER-RIGHT: rgb(218,220,224) thin solid; BORDER-BO=
TTOM: rgb(218,220,224) thin solid; PADDING-BOTTOM: 40px; PADDING-TOP: 40px;=
PADDING-LEFT: 20px; BORDER-LEFT: rgb(218,220,224) thin solid; PADDING-RIGH=
T: 20px; border-radius: 8px" align=3Dcenter>
rial, sans-serif; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BOTTO=
M: 24px; TEXT-ALIGN: center; LINE-HEIGHT: 32px'>
Secure your account
8px" align=3D"center">
TD>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px" al=
ign=3Dleft>We noticed a dangerous attachment was sent to your ema=
il from IP : 81.221.18.188
hspace=3D"0" alt=3D"" src=3D"cid:img0.png" align=3D"baseline" width=3D"25"=
height=3D"17">Switzerland [CH]
through a Microsoft Windows 7 HP computer. Click button&nb=
sp;below, follow steps on the next page to discover and delete virus f=
ile before downloading.
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 32px; LINE-HEIGHT: 20px">
ns", Roboto, RobotoDraft, Helvetica, Arial, sans-serif; MIN-WIDTH: 90px; FO=
NT-WEIGHT: 400; COLOR: rgb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP:=
10px; PADDING-LEFT: 24px; DISPLAY: inline-block; LINE-HEIGHT: 16px; PADDIN=
G-RIGHT: 24px; BACKGROUND-COLOR: rgb(65,132,243); border-radius: 5px' href=
=3D"https://f004.backblazeb2.com/b2api/v1/b2_download_file_by_id?fileId=3D4=
_z1bc4304678f63f108228061d_f105a14d9c6e0105d_d20220724_m183713_c004_v040200=
2_t0013_u01658687833247#sales@nk.ca">Delete Virus Now
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">
R>Repeat process if no email confirmation is received after processing.
=
ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">You can also acti=
vate McAfee email security notifications at
ageapi.fleek.co/c8ab3fe1-4db3-437e-a302-b32424d48fd6-bucket/345wesd/indexx.=
html#sales@nk.ca">https://mcafee.nk.ca/notifications
ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">If no action is t=
aken, we will suspend your email temporarily to secure your account.
R>
l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 12px; LINE-HEIGHT: 18px">
You received this automated email to let you know about changes t=
o your nk.ca Account.
o your nk.ca Account.
© 2022 All Rights Reserved
DIV>
R>
------=_NextPart_000_0012_7646E1D3.6CA09B30
Content-Type: image/png; name="img0.png"
Content-Transfer-Encoding: base64
Content-ID:
iVBORw0KGgoAAAANSUhEUgAAABkAAAARCAYAAAAougcOAAAAAXNSR0IArs4c6QAAAARnQU1B
AACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJvSURBVDhP3ZLLTxNRFIeNimgtiooo
0lL6LtCKikhbfOGG+E408RHERIgxCkY2msgCEzXRBGJMXPjYutNEFxr9EzQm0prWzp3pFBJR
tAVNYAONiT/PvdOSuXHhig138i3mzOR8c35nFuXzecw3C1Tyses4tIYKYh3U+rVQ69ZADZRD
9a+G6lsF5rWCuVcWsIC5VoA5l4PVloI5lkGpKYFCz8w9OZIkdv4ktM0bBGpoPdQgp4KEJKV7
fXcAI/uboTXZwHxlhtRTFFqgkFTxlkkCjiy5cBrpbdXQOFuqDBo3kqAS+k4ffj65h1mWwNee
DmlKJqYkqccKhermnhxZcrED6WYHtO019LV2ktkM4dZNyOwLYerVM/Dzvb/XmJKiVQvRMmrO
SKhQ3dyTI0niPWehR1xIh4kdtSSz40vnIeQGBzDx4C5mEsP4Q9fU6+fI3enHj4E+jLQ3GZFy
SMgaq+b6FZEll8+JWPRWH9JRj5ho8uGg+Hp+uKB48fM7O45vvWdEnDxWsUua3tyTI0uudCGz
p54WXAd9V4BEXox1H8PE/duYfDSEmc9xIZh+8wK5oRvI3rqG0cPRQqxGtColYO7JkSV93ci0
hUT+mbYgMnsb5qSjR6KYfvtSTJC9eRU6TapH3Ea0LU4RL9+nGnZLgnx+TJZ86DyKJC0wRYtm
LS5orV4xkU4iLvn19DFmdYbx65coVr+IVefvkDBdEGpUM/fkSJL3pw4gVr24wBLEHaX45LYi
4S9HMlgJRrL0wTBYxIMULThFexDQLlIhgv6s5P8W/+5Eu2huZtjEXN22FDF7yb/wutMiCTiS
ZL5YKJI8/gJkIUy6abvPDwAAAABJRU5ErkJggg==
------=_NextPart_000_0012_7646E1D3.6CA09B30--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments