Contract Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 27 Oct 2022 13:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oo8VW-000O70-0O
for dave@doctor.nl2k.ab.ca;
Thu, 27 Oct 2022 13:25:38 -0600
Resent-From: The Doctor
Resent-Date: Thu, 27 Oct 2022 13:25:37 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [209.87.159.147] (port=42944 helo=host.topwebcoupons.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oo4MQ-000CRl-Nl
for sales@nk.ca;
Thu, 27 Oct 2022 09:00:04 -0600
Received: from [20.108.161.229] (port=50637 helo=[20.254.45.61])
by host.topwebcoupons.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from)
id 1oo4Jh-000297-9i
for sales@nk.ca;
Thu, 27 Oct 2022 14:57:08 +0000
From: Contract document-sharepoint 2401807
To: sales@nk.ca
Subject: Reference id=9597656
Date: 27 Oct 2022 14:57:07 +0000
Message-ID: <20221027145707.9D541D2AE5C6A8C2@quiz.smarthomeownersclub.co.uk>
MIME-Version: 1.0
Organization: Foobar Inc.
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.topwebcoupons.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - quiz.smarthomeownersclub.co.uk
X-Get-Message-Sender-Via: host.topwebcoupons.com: authenticated_id: prop@quiz.smarthomeownersclub.co.uk
X-Authenticated-Sender: host.topwebcoupons.com: prop@quiz.smarthomeownersclub.co.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Contract Documents on SharePoint for sales@nk.ca Company
Shared Portal
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: sendgrid.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon
3.3 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised
website + no rDNS
Subject: {SPAM?} Reference id=9597656
(200, 200, 200); border-image: none; width: 536px; color: rgb(34, 34, 34); =
text-transform: none; letter-spacing: normal; overflow: hidden; font-family=
: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-=
weight: 400; word-spacing: 0px; white-space: normal; max-width: 640px; orph=
ans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligat=
ures: normal; font-variant-caps: normal;=20
-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=
coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=
spacing=3D"0" cellpadding=3D"0">
: 36px; padding-left: 36px; font-family: Roboto, RobotoDraft, Helvetica, Ar=
ial, sans-serif;" colspan=3D"3">![](3D"htt=<br)
ps://cdn.glitch.com/fa360f05-5254-4e88-8d4d-b21d76ad61d1/logo.png">
r>
n=3D"3">
gb(73, 83, 97); text-transform: none; letter-spacing: normal; font-family: =
"Segoe UI", Helvetica, Arial, sans-serif; font-size: 12px; font-style: norm=
al; font-weight: 400; word-spacing: 0px; white-space: normal; border-collap=
se: collapse; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); =
font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-str=
oke-width: 0px; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial;'>
=
padding: 0px; font-family: "Segoe UI", Helvetica, Arial, sans-serif; box-si=
zing: border-box;'>
ollapse: collapse;">
ont-family: "Segoe UI", Helvetica, Arial, sans-serif; box-sizing: border-bo=
x;'>
1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =
2px; box-sizing: border-box;" dir=3D"ltr"> Contract Docu=
ments
1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =
2px; box-sizing: border-box;" dir=3D"ltr"> &=
nbsp;on SharePoint for
>
32px; font-size: 24px; max-width: 400px;">
face=3D"Helvetica">sales@nk.ca
er-top-color: rgb(222, 222, 222); border-top-width: 1px; border-top-style: =
solid; background-color: rgb(248, 248, 248);" colspan=3D"3">
248);" colspan=3D"3">
a">
<=
/tr>
Roboto, RobotoDraft, Helvetica, Arial, sans-serif; background-color: rgb(2=
48, 248, 248);" colspan=3D"3">
ellspacing=3D"0" cellpadding=3D"0">
ht: 20px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">=
amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 12px;"=
>This link will only work for (sales@nk.ca).
center; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; bor=
der-top-color: currentColor; border-bottom-color: currentColor; border-top-=
width: medium; border-bottom-width: medium; border-top-style: none; border-=
bottom-style: none; background-color: rgb(248, 248, 248);" colspan=3D"3">
ius: 2px; width: 168px; color: rgb(255, 255, 255); line-height: 40px; font-=
size: 16px; display: inline-block; background-color: rgb(0, 120, 212); text=
-decoration-line: none;" href=3D'https://www.google.com/url?q=3Dhttp://chie=
fking.lylux-uea.com&source=3Dgmail&ust=3D1666929894380000&usg=3DAOvVaw1z6iO=
YyzzkDbQjShWYXw4n#..=3DaHR0cHM6Ly9iYWZ5YmVpYXVvam9iNzZtZGZ5bTNvN2Q1bzZxYXRt=
b2VzYnJtZm4zaDV3c2p1cGp3bDQ3d2hzcG9xbS5pcGZzLnczcy5saW5rL29uZWRyaXZlb2I2Lmh=
0bWwvP3NhbGVzQG5rLmNhI3NhbGVzQG5rLmNh'>Open
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 27 Oct 2022 13:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oo8VW-000O70-0O
for dave@doctor.nl2k.ab.ca;
Thu, 27 Oct 2022 13:25:38 -0600
Resent-From: The Doctor
Resent-Date: Thu, 27 Oct 2022 13:25:37 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [209.87.159.147] (port=42944 helo=host.topwebcoupons.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oo4MQ-000CRl-Nl
for sales@nk.ca;
Thu, 27 Oct 2022 09:00:04 -0600
Received: from [20.108.161.229] (port=50637 helo=[20.254.45.61])
by host.topwebcoupons.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from
id 1oo4Jh-000297-9i
for sales@nk.ca;
Thu, 27 Oct 2022 14:57:08 +0000
From: Contract document-sharepoint 2401807
To: sales@nk.ca
Subject: Reference id=9597656
Date: 27 Oct 2022 14:57:07 +0000
Message-ID: <20221027145707.9D541D2AE5C6A8C2@quiz.smarthomeownersclub.co.uk>
MIME-Version: 1.0
Organization: Foobar Inc.
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.topwebcoupons.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - quiz.smarthomeownersclub.co.uk
X-Get-Message-Sender-Via: host.topwebcoupons.com: authenticated_id: prop@quiz.smarthomeownersclub.co.uk
X-Authenticated-Sender: host.topwebcoupons.com: prop@quiz.smarthomeownersclub.co.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Contract Documents on SharePoint for sales@nk.ca Company
Shared Portal
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: sendgrid.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon
3.3 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised
website + no rDNS
Subject: {SPAM?} Reference id=9597656
(200, 200, 200); border-image: none; width: 536px; color: rgb(34, 34, 34); =
text-transform: none; letter-spacing: normal; overflow: hidden; font-family=
: Arial, Helvetica, sans-serif; font-size: small; font-style: normal; font-=
weight: 400; word-spacing: 0px; white-space: normal; max-width: 640px; orph=
ans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligat=
ures: normal; font-variant-caps: normal;=20
-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=
coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=
spacing=3D"0" cellpadding=3D"0">
: 36px; padding-left: 36px; font-family: Roboto, RobotoDraft, Helvetica, Ar=
ial, sans-serif;" colspan=3D"3">
ps://cdn.glitch.com/fa360f05-5254-4e88-8d4d-b21d76ad61d1/logo.png">
r>
n=3D"3">
gb(73, 83, 97); text-transform: none; letter-spacing: normal; font-family: =
"Segoe UI", Helvetica, Arial, sans-serif; font-size: 12px; font-style: norm=
al; font-weight: 400; word-spacing: 0px; white-space: normal; border-collap=
se: collapse; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); =
font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-str=
oke-width: 0px; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial;'>
=
padding: 0px; font-family: "Segoe UI", Helvetica, Arial, sans-serif; box-si=
zing: border-box;'>
ollapse: collapse;">
ont-family: "Segoe UI", Helvetica, Arial, sans-serif; box-sizing: border-bo=
x;'>
1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =
2px; box-sizing: border-box;" dir=3D"ltr"> Contract Docu=
ments
1.3; font-size: 24px; font-weight: normal; margin-top: 6px; margin-bottom: =
2px; box-sizing: border-box;" dir=3D"ltr"> &=
nbsp;on SharePoint for
>
32px; font-size: 24px; max-width: 400px;">
face=3D"Helvetica">sales@nk.ca
er-top-color: rgb(222, 222, 222); border-top-width: 1px; border-top-style: =
solid; background-color: rgb(248, 248, 248);" colspan=3D"3">
ce=3D"Helvetica">
src=3D"https://logo.clearbit.com/nk.ca">
Company Shared Portal
248);" colspan=3D"3">
a">
![](3D"http://cdn.mcauto-images-production.sendgrid.net/=<br)
/tr>
Roboto, RobotoDraft, Helvetica, Arial, sans-serif; background-color: rgb(2=
48, 248, 248);" colspan=3D"3">
ellspacing=3D"0" cellpadding=3D"0">
ht: 20px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">=
amily: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 12px;"=
>This link will only work for (sales@nk.ca).
center; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; bor=
der-top-color: currentColor; border-bottom-color: currentColor; border-top-=
width: medium; border-bottom-width: medium; border-top-style: none; border-=
bottom-style: none; background-color: rgb(248, 248, 248);" colspan=3D"3">
ius: 2px; width: 168px; color: rgb(255, 255, 255); line-height: 40px; font-=
size: 16px; display: inline-block; background-color: rgb(0, 120, 212); text=
-decoration-line: none;" href=3D'https://www.google.com/url?q=3Dhttp://chie=
fking.lylux-uea.com&source=3Dgmail&ust=3D1666929894380000&usg=3DAOvVaw1z6iO=
YyzzkDbQjShWYXw4n#..=3DaHR0cHM6Ly9iYWZ5YmVpYXVvam9iNzZtZGZ5bTNvN2Q1bzZxYXRt=
b2VzYnJtZm4zaDV3c2p1cGp3bDQ3d2hzcG9xbS5pcGZzLnczcy5saW5rL29uZWRyaXZlb2I2Lmh=
0bWwvP3NhbGVzQG5rLmNhI3NhbGVzQG5rLmNh'>Open
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments