webmail phish aganst nk.ca users
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 09 Nov 2022 08:15:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1osmms-0008r7-0C
for dave@doctor.nl2k.ab.ca;
Wed, 09 Nov 2022 08:14:46 -0700
Resent-From: The Doctor
Resent-Date: Wed, 9 Nov 2022 08:14:45 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mmdqpczb.plusboingo.com ([92.52.217.207]:39602)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1osgBA-000PTV-Op
for root@nk.ca;
Wed, 09 Nov 2022 01:11:29 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=plusboingo.com;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; i=info@plusboingo.com;
bh=bqiLjJ2t/ynLcqYpsDMUiXIud1c=;
b=2kvCqw9XMn5ZTH9RepqVjg6O6aQh087p4yUOP3KgBwubj8SGcsFJmLlGSJRTaTk9UhJJmgDNbAH6
p8wkJJ3h5v8THTBzBYP2z21GWH+1VJxvqTvF0u3joUL+klD5CwfYflnCwYUBQbV4VNgf/yJKTwG+
QkWA6NhVLibewEYrNj3WyOxjuqJeSN2leJq1fa4Pps28tiW5x4pB/pMliZHPWqi1I7R7KLfsKGS+
u3lKuiHwn1N232vUYmPij/ay0vH/LRhPz5S7Z2bcr343RCNfPQvMvksqQonKwr6kM8/rF8r27z2a
IP10AkzSQtYWauu8b+0Fw3TR0oTCeVknnjj9/g==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=plusboingo.com;
b=EYbCojbOvBtvTH1BDH8Y1rV1JYVUjNiqco05Ol0cbX//HFZ/q3qV1iUKPdiLIO756STxZRUPHeyk
FXcc9ysy/Z7PpJVrbBKFRMo8ho6EDTppzvKFcSf8cc5E29O/w2cA5hqJnSQJQgF+4PBznotvKWfo
4EGqbGTxZ2whvsyGSTQf943foCh3HIPwkG70h+2ZoFtktxYMyhyPaNKNZyLl0k7pQ9EwGlRUdFFd
hGQU3Dt+qPromlhjH/f1EJsITCXM9MmwpdWvY7/kJpvqsoRfEIT8N4bXIXcCSiuik+DBxebv3dm/
2NvBxUEjN1yvk1UkCgCNzSrQs2giMUXICJ4enw==;
From: nk.ca Administrator
To: root@nk.ca
Subject: We have a new version for your webmail
Date: 09 Nov 2022 00:08:33 -0800
Message-ID: <20221109000833.62B5A70A9EF1C5E9@plusboingo.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 8.0
X-Spam_score_int: 80
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear root We have a new version for your webmail. You need
to validate your account in order to switch to the new version. Incoming
messages will be placed on hold if your do not validate your webmail immediately.
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[92.52.217.207 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[92.52.217.207 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[92.52.217.207 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Subject: {SPAM?} We have a new version for your webmail
=3D"FONT-SIZE: 13px; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, sans-=
serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-W=
EIGHT: 400; COLOR: #000000; FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETT=
ER-SPACING: normal; BACKGROUND-COLOR: #ffffff; TEXT-INDENT: 0px; font-varia=
nt-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width:=
0px; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 09 Nov 2022 08:15:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1osmms-0008r7-0C
for dave@doctor.nl2k.ab.ca;
Wed, 09 Nov 2022 08:14:46 -0700
Resent-From: The Doctor
Resent-Date: Wed, 9 Nov 2022 08:14:45 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mmdqpczb.plusboingo.com ([92.52.217.207]:39602)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1osgBA-000PTV-Op
for root@nk.ca;
Wed, 09 Nov 2022 01:11:29 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=plusboingo.com;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; i=info@plusboingo.com;
bh=bqiLjJ2t/ynLcqYpsDMUiXIud1c=;
b=2kvCqw9XMn5ZTH9RepqVjg6O6aQh087p4yUOP3KgBwubj8SGcsFJmLlGSJRTaTk9UhJJmgDNbAH6
p8wkJJ3h5v8THTBzBYP2z21GWH+1VJxvqTvF0u3joUL+klD5CwfYflnCwYUBQbV4VNgf/yJKTwG+
QkWA6NhVLibewEYrNj3WyOxjuqJeSN2leJq1fa4Pps28tiW5x4pB/pMliZHPWqi1I7R7KLfsKGS+
u3lKuiHwn1N232vUYmPij/ay0vH/LRhPz5S7Z2bcr343RCNfPQvMvksqQonKwr6kM8/rF8r27z2a
IP10AkzSQtYWauu8b+0Fw3TR0oTCeVknnjj9/g==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=plusboingo.com;
b=EYbCojbOvBtvTH1BDH8Y1rV1JYVUjNiqco05Ol0cbX//HFZ/q3qV1iUKPdiLIO756STxZRUPHeyk
FXcc9ysy/Z7PpJVrbBKFRMo8ho6EDTppzvKFcSf8cc5E29O/w2cA5hqJnSQJQgF+4PBznotvKWfo
4EGqbGTxZ2whvsyGSTQf943foCh3HIPwkG70h+2ZoFtktxYMyhyPaNKNZyLl0k7pQ9EwGlRUdFFd
hGQU3Dt+qPromlhjH/f1EJsITCXM9MmwpdWvY7/kJpvqsoRfEIT8N4bXIXcCSiuik+DBxebv3dm/
2NvBxUEjN1yvk1UkCgCNzSrQs2giMUXICJ4enw==;
From: nk.ca Administrator
To: root@nk.ca
Subject: We have a new version for your webmail
Date: 09 Nov 2022 00:08:33 -0800
Message-ID: <20221109000833.62B5A70A9EF1C5E9@plusboingo.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 8.0
X-Spam_score_int: 80
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear root We have a new version for your webmail. You need
to validate your account in order to switch to the new version. Incoming
messages will be placed on hold if your do not validate your webmail immediately.
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[92.52.217.207 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[92.52.217.207 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[92.52.217.207 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Subject: {SPAM?} We have a new version for your webmail
=3D"FONT-SIZE: 13px; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, sans-=
serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-W=
EIGHT: 400; COLOR: #000000; FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETT=
ER-SPACING: normal; BACKGROUND-COLOR: #ffffff; TEXT-INDENT: 0px; font-varia=
nt-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width:=
0px; text-decoration-thickness: initial;=20
text-decoration-style: initial; text-decoration-color: initial">
ass=3Dv1v1ydp4a052d4cyiv0233121931ydpcc7d027dyahoo_quoted style=3D"FONT-SIZ=
E: 13px; FONT-FAMILY: 'Helvetica Neue', Helvetica, Arial, sans-serif; WHITE=
-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; =
COLOR: #000000; FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: =
normal; BACKGROUND-COLOR: #ffffff; TEXT-INDENT: 0px; font-variant-ligatures=
: normal; font-variant-caps: normal;=20
-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=
coration-style: initial; text-decoration-color: initial">
ial, sans-serif; COLOR: #26282a">
T-STYLE: normal; LINE-HEIGHT: normal; font-stretch: normal">
"0" width=3D"100%" align=3D"center" bgcolor=3D"#f5f7f8" border=3D"0">
HT: #f0f1f6 1px solid; BORDER-COLLAPSE: collapse; BORDER-BOTTOM: #f0f1f6 1p=
x solid; BORDER-LEFT: #f0f1f6 1px solid" cellspacing=3D"0" cellpadding=3D"0=
" align=3D"center" border=3D"0">
600" align=3D"center">
"0" width=3D"100%" align=3D"center" border=3D"0">
"0" width=3D"92%" align=3D"center" border=3D"0">
"0" width=3D"100%" align=3D"center">
"0" width=3D"90%">
COLOR: #333333; FONT-STYLE: normal; LINE-HEIGHT: 18px; font-stretch: norma=
l" valign=3D"top">Dear root
"0" width=3D"100%" border=3D"0">
al; COLOR: #666666; FONT-STYLE: normal; LINE-HEIGHT: 19px; font-stretch: no=
rmal">We have a new version for your webmail. You need to validate your acc=
ount in order to switch to the new version.
e>Incoming messages will be placed on hold if your do not validate your web=
mail immediately.
ABLE>
"0" align=3D"center" border=3D"0">
RM: uppercase; COLOR: #ffffff; DISPLAY: block; LINE-HEIGHT: 40px" href=3D"h=
ttps://f3r0-f-kjw3r-f9nj-hw39rhnf-ndem-fc9wnhr-fefef.obs.ap-southeast-2.myh=
uaweicloud.com:443/f30r9jgfv-03wnhr-0gfvbw3r0-nvfg-0wreinb-wrefwed.html?AWS=
AccessKeyId=3DMQBACYQR6PMPLZ8WJWJH&Expires=3D1669054564&Signature=
=3DWpiCb1OR4flp2QRpHaVU5iZoNFg%3D#root@nk.ca" shape=3Drect rel=3D"noopener =
noreferrer" target=3D_blank>VALIDATE
"0" width=3D"100%" border=3D"0">
al; COLOR: #666666; FONT-STYLE: normal; LINE-HEIGHT: 19px; font-stretch: no=
rmal">NOTE: Admin will always keep you n=
otified on recent webmail update for better optimized usage.
DY>
R>
"0" width=3D"90%">
COLOR: #333333; FONT-STYLE: normal; LINE-HEIGHT: 18px; font-stretch: norma=
l" valign=3D"top">©2022
ect rel=3Dnoreferrer>nk.ca Administrator Service. All=
Rights Reserved
TR>
V>
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments