phishing attempt to get nk.ca credentials from Shinjiru Technology Sdn Bhd Malaysia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 28 Oct 2022 08:43:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1ooQY9-0005k9-9l
for dave@doctor.nl2k.ab.ca;
Fri, 28 Oct 2022 08:41:33 -0600
Resent-From: The Doctor
Resent-Date: Fri, 28 Oct 2022 08:41:33 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [111.90.143.178] (port=51994 helo=ns1.mengniuplc.club)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1ooMxJ-000CC2-3e
for sales@nk.ca;
Fri, 28 Oct 2022 04:51:22 -0600
Received: from mengniuplc.club (unknown [172.93.167.112])
by ns1.mengniuplc.club (Postfix) with ESMTPA id E2A002F444
for; Fri, 28 Oct 2022 18:11:51 +0800 (+08)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mengniuplc.club;
s=202209; t=1666951912;
bh=p3sRUJWEvmqqo84kwsNbDN4AGP7U7JKnSd0pRs99qg8=;
h=From:To:Subject:Date:From;
b=aW1GEgIqa6anG/l8avYNAhBmX3Cy7y+/EePORES1ML1/sAzfe1eu3N4deZSrsA5ZN
nljwCbSoJ0g/+J2PoG9/cB82QQPbs7uLb4WM/zBML86dqcBZsURymDp/2IECazrXWs
Ua1gn2zk8eDHNZmQW+9TgkKSLTUlJx4Ct0HBVoZY=
From: ADMIN nk.ca
To: sales@nk.ca
Subject: nk.ca Notification!!!
Date: 28 Oct 2022 12:11:52 +0200
Message-ID: <20221028121151.2EF7547F11D691FC@mengniuplc.club>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.5
X-Spam_score_int: 95
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your EÂmÂaÂiÂl раѕѕÔоrd for sales@nk.ca еxpirеs
toÂdÂaÂy 28/10/2022 20:45:02 p.m. KÂeeÂp mÂy pÂaÂsÂswÂorÂd
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: myhuaweicloud.com]
-0.0 SPF_PASS SPF: sender matches SPF record
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 UNICODE_OBFU_ASC Obfuscating text with unicode
3.3 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised
website + no rDNS
Subject: {SPAM?} nk.ca Notification!!!
WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =
400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=
R-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; fo=
nt-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-strok=
e-width: 0px; text-decoration-thickness: initial; text-decoration-style: in=
itial; text-decoration-color: initial">
Your Email раѕѕԝ=
;оrd for sales@nk.ca еxpirеs today
-hidden=3Dtrue>
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 28 Oct 2022 08:43:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1ooQY9-0005k9-9l
for dave@doctor.nl2k.ab.ca;
Fri, 28 Oct 2022 08:41:33 -0600
Resent-From: The Doctor
Resent-Date: Fri, 28 Oct 2022 08:41:33 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [111.90.143.178] (port=51994 helo=ns1.mengniuplc.club)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1ooMxJ-000CC2-3e
for sales@nk.ca;
Fri, 28 Oct 2022 04:51:22 -0600
Received: from mengniuplc.club (unknown [172.93.167.112])
by ns1.mengniuplc.club (Postfix) with ESMTPA id E2A002F444
for
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mengniuplc.club;
s=202209; t=1666951912;
bh=p3sRUJWEvmqqo84kwsNbDN4AGP7U7JKnSd0pRs99qg8=;
h=From:To:Subject:Date:From;
b=aW1GEgIqa6anG/l8avYNAhBmX3Cy7y+/EePORES1ML1/sAzfe1eu3N4deZSrsA5ZN
nljwCbSoJ0g/+J2PoG9/cB82QQPbs7uLb4WM/zBML86dqcBZsURymDp/2IECazrXWs
Ua1gn2zk8eDHNZmQW+9TgkKSLTUlJx4Ct0HBVoZY=
From: ADMIN nk.ca
To: sales@nk.ca
Subject: nk.ca Notification!!!
Date: 28 Oct 2022 12:11:52 +0200
Message-ID: <20221028121151.2EF7547F11D691FC@mengniuplc.club>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.5
X-Spam_score_int: 95
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your EÂmÂaÂiÂl раѕѕÔоrd for sales@nk.ca еxpirеs
toÂdÂaÂy 28/10/2022 20:45:02 p.m. KÂeeÂp mÂy pÂaÂsÂswÂorÂd
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: myhuaweicloud.com]
-0.0 SPF_PASS SPF: sender matches SPF record
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 UNICODE_OBFU_ASC Obfuscating text with unicode
3.3 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised
website + no rDNS
Subject: {SPAM?} nk.ca Notification!!!
WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =
400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=
R-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; fo=
nt-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-strok=
e-width: 0px; text-decoration-thickness: initial; text-decoration-style: in=
itial; text-decoration-color: initial">
Your Email раѕѕԝ=
;оrd for sales@nk.ca еxpirеs today
-hidden=3Dtrue>
WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =
400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=
R-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; fo=
nt-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-strok=
e-width: 0px; text-decoration-thickness: initial; text-decoration-style: in=
itial; text-decoration-color: initial">
28/10/2022 20:45:02 p.m.
5g-5tr90j-gjrw9fjf.obs.ap-southeast-2.myhuaweicloud.com/09435-ghj-e9t5rng-0=
nhw-0gb5r-whn-r4hfj-wrf.html?AWSAccessKeyId=3DMQBACYQR6PMPLZ8WJWJH&Expi=
res=3D1667652614&Signature=3DheNzJzqHo9a3rrYr9hxaEsT8bR0%3D#sales@nk.ca=
" rel=3D"noopener noreferrer" target=3D_blank=20
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://05-1111111-5=
6666-9-9v4e35g-5tr90j-gjrw9fjf.obs.ap-southeast-2.myhuaweicloud.com:443/094=
35-ghj-e9t5rng-0nhw-0gb5r-whn-r4hfj-wrf.html?AWSAccessKeyId%3DMQBACYQR6PMPL=
Z8WJWJH%26Expires%3D1667652614%26Signature%3DheNzJzqHo9a3rrYr9hxaEsT8bR0%25=
3D%23%5B%5B-Email-%5D%5D&source=3Dgmail&ust=3D1666947472565000&=
usg=3DAOvVaw3JszW7g10hH95Y5Ez0k9rg">Keep my p=
assword=20
11507m_4981242447777909254m_603192503818419596m_-7958166732129241990m_-5245=
47893521890634m_8555698780271426677m_-145905414829595172gmail-x_Time_Short>=
Best Regards
Administrator.
© 2022 nk.ca
s Reserved.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments