e-mail phish from Turkey

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 Jan 2023 18:06:01 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)

(envelope-from )

id 1pK7jd-0002zx-2T

for dave@doctor.nl2k.ab.ca;

Mon, 23 Jan 2023 18:04:25 -0700

Resent-From: The Doctor

Resent-Date: Mon, 23 Jan 2023 18:04:25 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [194.31.59.165] (port=46086 helo=safealock.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.96)

(envelope-from )

id 1pK3L8-000JP2-31

for doctor@nl2k.ab.ca;

Mon, 23 Jan 2023 13:22:54 -0700

Received: from vashielectricals.com (ec2-3-144-19-116.us-east-2.compute.amazonaws.com [3.144.19.116])

by safealock.com (Postfix) with ESMTPSA id 61E0B5E740F

for ; Mon, 23 Jan 2023 22:57:38 +0300 (+03)

Authentication-Results: safealock.com;

spf=pass (sender IP is 3.144.19.116) smtp.mailfrom=operation@vashielectricals.com smtp.helo=vashielectricals.com

Received-SPF: pass (safealock.com: connection is authenticated)

From: "Admin"

To: doctor@nl2k.ab.ca

Subject: doctor : Unusual Activities in Your MailBox

Date: 23 Jan 2023 19:57:39 +0000

Message-ID: <20230123195739.C9C5561FAEBF70A6@vashielectricals.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 7.1

X-Spam_score_int: 71

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Unusual Activities in Your MailBox Dear doctor Your E-ⅿаᎥⅼ

αссоυnt will expire on January 23rd, 2023 If you want to continue using

your e-ⅿаᎥⅼ address doctor@nl2k.ab.ca you will need to verify immediately

for free to prevent permanent termination.



Content analysis details: (7.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

3.0 TO_NAME_SUBJ_NO_RDNS Recipient username in subject + no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} doctor : Unusual Activities in Your MailBox






























OP: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; BACKGROUND-COLOR: rgb(29=

,84,156); border-radius: 2px">
Unusual Activities i=

n Your MailBox



TOP: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; BACKGROUND-COLOR: rgb(2=

50,250,250); border-radius: 2px">






TBODY>








=

Dear doctor


Your E-ⅿаǶ=

9;ⅼ αссоυnt will expire on
#000000> January 23rd, 2023



If you want to continue using your e-ⅿаᎥⅼ addres=

s doctor@nl2k.ab.ca you will n=

eed to verify immediately for free to prevent permanent termination.




ce=3Dverdana>




ADDING-RIGHT: 0px" cellspacing=3D"0" align=3D"center" border=3D"0">






: 5px; PADDING-TOP: 5px; PADDING-LEFT: 20px; MARGIN: 0px; PADDING-RIGHT: 20=

px; BACKGROUND-COLOR: rgb(38,114,236)" bgcolor=3D"#2672ec">


OM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px' align=3Dc=

enter>
xlz3a2t6qlsu.ipfs.dweb.link/#doctor@nl2k.ab.ca">Ǽ=

1;еrіfу Υoυr Ꭺссουn=

t Now

blank data-saferedirecturl=3D"">





All ⅿаᎥⅼs and files will be lost if you do not &=

#5081;еrᎥfγ immediately






Thank You,






82m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-7448=

650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_3959547=

524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_15143=

72749344_9942 style=3D"FONT-SIZE: 14px; FONT-FAMILY: candara,serif,EmojiFon=

t; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGH=

T: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal;=20

LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0p=

x; text-decoration-style: initial; text-decoration-color: initial; font-var=

iant-ligatures: normal; font-variant-caps: normal">


82m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-7448=

650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_3959547=

524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_15143=

72749344_9943>


82m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-7448=

650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_3959547=

524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_15143=

72749344_9944 style=3D"COLOR: rgb(0,0,255)">
)">nl2k.ab.ca provider! 


ial,"Lucida Grande",sans-serif,serif,EmojiFont; WHITE-SPACE: normal; WORD-S=

PACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rg=

b(0,0,0); FONT-STYLE: normal; DISPLAY: inline; LETTER-SPACING: normal; BACK=

GROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; text-decoration-style: in=

itial; text-decoration-color: initial; font-variant-ligatures: normal; font=

-variant-caps: normal'> 


982m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-744=

8650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_395954=

7524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_1514=

372749344_9945 style=3D"FONT-SIZE: 14px; FONT-FAMILY: candara,serif,EmojiFo=

nt; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIG=

HT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal;=20

LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0p=

x; text-decoration-style: initial; text-decoration-color: initial; font-var=

iant-ligatures: normal; font-variant-caps: normal">


82m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-7448=

650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_3959547=

524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_15143=

72749344_9946>


82m_-3590352058425455735m_-2626923480289771189m_-7273750266982047357m_-7448=

650861582118340gmail-x_m_-6594283951423024269m_6097951020799266573m_3959547=

524610390291m_3806107043072748324gmail-yiv4168758711yui_3_16_0_ym19_1_15143=

72749344_9947 style=3D"COLOR: rgb(0,0,255)">© 2023 All rights reserved=





Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA