metamask phish from Liquid Web, L.L.C Lansing, Michigan, United States

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 02 Mar 2024 07:06:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rgPzK-000000001Ie-38ks

for dave@doctor.nl2k.ab.ca;

Sat, 02 Mar 2024 07:05:18 -0700

Resent-From: The Doctor

Resent-Date: Sat, 2 Mar 2024 07:05:18 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-11124935.us-midwest-2.nxcli.net ([199.189.225.118]:24832 helo=cloudhost-11129392.us-midwest-2.nxcli.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rgGtg-00000000JAG-3KwT

for sales@nk.ca;

Fri, 01 Mar 2024 21:22:59 -0700

Received: (qmail 20248 invoked by uid 10022); 2 Mar 2024 04:03:52 +0000

Date: Sat, 2 Mar 2024 04:02:00 +0000

To: sales@nk.ca

From: =?UTF-8?B?TdC1dGFN0LBzaw==?=

Reply-To: metamask@2fa.io

Subject: =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1f947f73e223f614cfc19dbb7d212b0ff"

Content-Transfer-Encoding: 8bit

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Account Security Notification body { font-family: Arial, sans-serif;

background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width:

600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow:

0 0 [...]



Content analysis details: (11.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[199.189.225.118 listed in ix.dnsbl.manitu.net]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

0.0 TVD_PH_BODY_ACCOUNTS_POST No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.8 TVD_PH_BODY_META_ALL No description available.

0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.9 URI_PHISH Phishing using web form

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=



This is a multi-part message in MIME format.



--1f947f73e223f614cfc19dbb7d212b0ff

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit





Account Security Notification





body { font-family: Arial, sans-serif; background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width: 600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } img { max-width: 100%; height: auto; } h1 { text-align: center; color: #333333; } p { color: #555555; line-height: 1.5; } .cta-button { display: inline-block; padding: 10px 20px; font-size: 16px; font-weight: bold; text-align: center; text-decoration: none; background-color: #007BFF; color: #ffffff; border-radius: 5px; }











Important Account Security Notification

Â

We hope this email finds you well. Our security systems have detected some

unusual activity on your account, leading us to take action to protect your

account.

For your safety, your account has been temporarily disabled. To restore

access and enhance the security of your account, we strongly advise you to

activate Two-Factor Authentication (2FA) without delay.

Click the button below to activate 2FA:

Activate

2FA

If you encounter any challenges or have concerns, our dedicated support team

is ready to assist you.

Your prompt attention to this matter is highly appreciated, as it contributes

to the continued security of your account.

Best regards,© 2024 MetaMask. All rights reserved.

This email is part of our ongoing commitment to ensuring the utmost security

for your account. If you did not initiate this action, please contact us

immediately.





--1f947f73e223f614cfc19dbb7d212b0ff

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit





Account Security Notification













Company Logo



Important Account Security Notification



Â



We hope this email finds you well. Our security systems have detected some

unusual activity on your account, leading us to take action to protect your

account.



For your safety, your account has been temporarily disabled. To restore

access and enhance the security of your account, we strongly advise you to

activate Two-Factor Authentication (2FA) without delay.



Click the button below to activate 2FA:



Activate

2FA



If you encounter any challenges or have concerns, our dedicated support team

is ready to assist you.



Your prompt attention to this matter is highly appreciated, as it contributes

to the continued security of your account.



Best regards,
© 2024 MetaMask. All rights reserved.



This email is part of our ongoing commitment to ensuring the utmost security

for your account. If you did not initiate this action, please contact us

immediately.









--1f947f73e223f614cfc19dbb7d212b0ff--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA