Credential phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 16 Sep 2022 22:03:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oZP2N-00024b-GT
for dave@doctor.nl2k.ab.ca;
Fri, 16 Sep 2022 22:02:39 -0600
Resent-From: The Doctor
Resent-Date: Fri, 16 Sep 2022 22:02:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [59.61.79.94] (port=52128 helo=cxmsmtp.cgmh.com.cn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oZOhN-000PA4-Ao
for sales@nk.ca;
Fri, 16 Sep 2022 21:41:08 -0600
Received: from adm.cgmh.com.cn (unknown [10.36.11.108])
by cxmsmtp.cgmh.com.cn (Postfix) with ESMTP id C257910097E3;
Sat, 17 Sep 2022 11:36:59 +0800 (CST)
From: "Account Email Administration"
To: info@accountupgrade.com
Reply-To: belmontrichard0@gmail.com
Subject: Pending Mails Recovery Portal.
Date: Sat, 17 Sep 2022 11:36:59 +0800
Message-Id: <20220917033634.M83766@adm.cgmh.com.cn>
X-Mailer: OpenWebMail 2.54
X-OriginatingIP: 189.191.190.199 (chenzz)
MIME-Version: 1.0
Content-Type: text/html;
charset=gb2312
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Pending Mails Recovery Portal Access expiration counter to
your pending mails. To continue using your account you need to confirm your
mailbox. Enter your password below.
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 HK_RANDOM_FROM From username looks random
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[belmontrichard0[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ailacctdministration[at]hotmail.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
1.6 SPOOFED_FREEMAIL No description available.
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
Subject: {SPAM?} Pending Mails Recovery Portal.
ures: normal; font-variant-caps: normal; letter-spacing: normal; text-align=
: start; text-indent: 0px; text-transform: none; white-space: normal; word-=
spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: in=
itial; text-decoration-style: initial; text-decoration-color: initial; font=
-family: Roboto, sans-serif; margin-top: 0px; line-height: 1.2;">
r=3D"#0000ff">Pending
t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=
; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=
: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial; font-size: =
14px; border-width: 1px; border-style: solid; border-color: rgb(224, 224, 2=
24); font-family: Roboto, sans-serif; background: rgb(249, 249, 249) none r=
epeat scroll 0% 50%; color: rgb(32, 31, 30); padding: 13px 18px; margin: 0p=
x;">Access expiration counter to your =
pending mails.
t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=
; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=
: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial; font-size: =
11px; margin-bottom: 0px; font-family: Verdana, Arial, Helvetica, sans-seri=
f; margin-top: 0px; color: rgb(51, 51, 51);">
2, 31, 30);" />
ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=
rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial; font-size=
: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
otoDraft, Helvetica, Arial, sans-serif;">To continue using your acc=
ount you need
=3D"font-size: 12pt;">
, sans-serif;">
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">to confir=
m your mailbox.
Enter your password below.
E-mail:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 16 Sep 2022 22:03:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oZP2N-00024b-GT
for dave@doctor.nl2k.ab.ca;
Fri, 16 Sep 2022 22:02:39 -0600
Resent-From: The Doctor
Resent-Date: Fri, 16 Sep 2022 22:02:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [59.61.79.94] (port=52128 helo=cxmsmtp.cgmh.com.cn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oZOhN-000PA4-Ao
for sales@nk.ca;
Fri, 16 Sep 2022 21:41:08 -0600
Received: from adm.cgmh.com.cn (unknown [10.36.11.108])
by cxmsmtp.cgmh.com.cn (Postfix) with ESMTP id C257910097E3;
Sat, 17 Sep 2022 11:36:59 +0800 (CST)
From: "Account Email Administration"
To: info@accountupgrade.com
Reply-To: belmontrichard0@gmail.com
Subject: Pending Mails Recovery Portal.
Date: Sat, 17 Sep 2022 11:36:59 +0800
Message-Id: <20220917033634.M83766@adm.cgmh.com.cn>
X-Mailer: OpenWebMail 2.54
X-OriginatingIP: 189.191.190.199 (chenzz)
MIME-Version: 1.0
Content-Type: text/html;
charset=gb2312
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.7
X-Spam_score_int: 97
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Pending Mails Recovery Portal Access expiration counter to
your pending mails. To continue using your account you need to confirm your
mailbox. Enter your password below.
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 HK_RANDOM_FROM From username looks random
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[belmontrichard0[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ailacctdministration[at]hotmail.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
1.6 SPOOFED_FREEMAIL No description available.
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
Subject: {SPAM?} Pending Mails Recovery Portal.
ures: normal; font-variant-caps: normal; letter-spacing: normal; text-align=
: start; text-indent: 0px; text-transform: none; white-space: normal; word-=
spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: in=
itial; text-decoration-style: initial; text-decoration-color: initial; font=
-family: Roboto, sans-serif; margin-top: 0px; line-height: 1.2;">
r=3D"#0000ff">Pending
t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=
; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=
: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial; font-size: =
14px; border-width: 1px; border-style: solid; border-color: rgb(224, 224, 2=
24); font-family: Roboto, sans-serif; background: rgb(249, 249, 249) none r=
epeat scroll 0% 50%; color: rgb(32, 31, 30); padding: 13px 18px; margin: 0p=
x;">Access expiration counter to your =
pending mails.
t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=
; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=
: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =
text-decoration-style: initial; text-decoration-color: initial; font-size: =
11px; margin-bottom: 0px; font-family: Verdana, Arial, Helvetica, sans-seri=
f; margin-top: 0px; color: rgb(51, 51, 51);">
2, 31, 30);" />
ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=
rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial; font-size=
: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
otoDraft, Helvetica, Arial, sans-serif;">To continue using your acc=
ount you need
=3D"font-size: 12pt;">
, sans-serif;">
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">to confir=
m your mailbox.
Enter your password below.
E-mail:
ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=
rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial; font-size=
: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
Arial, Helvetica, sans-serif;">
=3D"font-size: 13px;">
rif;">Password:
pan>
ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=
rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial; font-size=
: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">Please reply and confirm your mailbox or you will lose y=
our account within 24 hours.
ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=
rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=
; text-decoration-style: initial; text-decoration-color: initial; font-size=
: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">
res: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: n=
ormal; text-align: start; text-indent: 0px; text-transform: none; white-spa=
ce: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decorat=
ion-thickness: initial; text-decoration-style: initial; text-decoration-col=
or: initial; font-size: 14px; font-family: Roboto, sans-serif; margin: 0px;=
">© 2022<=
span> Access Control Portal.
nt>
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments