metamask phish from Liquid Web, L.L.C Lansing, Michigan, United States
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 02 Mar 2024 07:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rgPzK-000000001Ie-38ks
for dave@doctor.nl2k.ab.ca;
Sat, 02 Mar 2024 07:05:18 -0700
Resent-From: The Doctor
Resent-Date: Sat, 2 Mar 2024 07:05:18 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-11124935.us-midwest-2.nxcli.net ([199.189.225.118]:24832 helo=cloudhost-11129392.us-midwest-2.nxcli.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rgGtg-00000000JAG-3KwT
for sales@nk.ca;
Fri, 01 Mar 2024 21:22:59 -0700
Received: (qmail 20248 invoked by uid 10022); 2 Mar 2024 04:03:52 +0000
Date: Sat, 2 Mar 2024 04:02:00 +0000
To: sales@nk.ca
From: =?UTF-8?B?TdC1dGFN0LBzaw==?=
Reply-To: metamask@2fa.io
Subject: =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1f947f73e223f614cfc19dbb7d212b0ff"
Content-Transfer-Encoding: 8bit
X-Spam_score: 11.7
X-Spam_score_int: 117
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Account Security Notification body { font-family: Arial, sans-serif;
background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width:
600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow:
0 0 [...]
Content analysis details: (11.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[199.189.225.118 listed in ix.dnsbl.manitu.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.0 TVD_PH_BODY_ACCOUNTS_POST No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.8 TVD_PH_BODY_META_ALL No description available.
0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.9 URI_PHISH Phishing using web form
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=
This is a multi-part message in MIME format.
--1f947f73e223f614cfc19dbb7d212b0ff
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Account Security Notification
body { font-family: Arial, sans-serif; background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width: 600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } img { max-width: 100%; height: auto; } h1 { text-align: center; color: #333333; } p { color: #555555; line-height: 1.5; } .cta-button { display: inline-block; padding: 10px 20px; font-size: 16px; font-weight: bold; text-align: center; text-decoration: none; background-color: #007BFF; color: #ffffff; border-radius: 5px; }
Important Account Security Notification
Â
We hope this email finds you well. Our security systems have detected some
unusual activity on your account, leading us to take action to protect your
account.
For your safety, your account has been temporarily disabled. To restore
access and enhance the security of your account, we strongly advise you to
activate Two-Factor Authentication (2FA) without delay.
Click the button below to activate 2FA:
Activate
2FA
If you encounter any challenges or have concerns, our dedicated support team
is ready to assist you.
Your prompt attention to this matter is highly appreciated, as it contributes
to the continued security of your account.
Best regards,© 2024 MetaMask. All rights reserved.
This email is part of our ongoing commitment to ensuring the utmost security
for your account. If you did not initiate this action, please contact us
immediately.
--1f947f73e223f614cfc19dbb7d212b0ff
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
Account Security Notification
--1f947f73e223f614cfc19dbb7d212b0ff--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 02 Mar 2024 07:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rgPzK-000000001Ie-38ks
for dave@doctor.nl2k.ab.ca;
Sat, 02 Mar 2024 07:05:18 -0700
Resent-From: The Doctor
Resent-Date: Sat, 2 Mar 2024 07:05:18 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-11124935.us-midwest-2.nxcli.net ([199.189.225.118]:24832 helo=cloudhost-11129392.us-midwest-2.nxcli.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rgGtg-00000000JAG-3KwT
for sales@nk.ca;
Fri, 01 Mar 2024 21:22:59 -0700
Received: (qmail 20248 invoked by uid 10022); 2 Mar 2024 04:03:52 +0000
Date: Sat, 2 Mar 2024 04:02:00 +0000
To: sales@nk.ca
From: =?UTF-8?B?TdC1dGFN0LBzaw==?=
Reply-To: metamask@2fa.io
Subject: =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1f947f73e223f614cfc19dbb7d212b0ff"
Content-Transfer-Encoding: 8bit
X-Spam_score: 11.7
X-Spam_score_int: 117
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Account Security Notification body { font-family: Arial, sans-serif;
background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width:
600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow:
0 0 [...]
Content analysis details: (11.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[199.189.225.118 listed in ix.dnsbl.manitu.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.0 TVD_PH_BODY_ACCOUNTS_POST No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.8 TVD_PH_BODY_META_ALL No description available.
0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.9 URI_PHISH Phishing using web form
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?Q?=D0=90ccount_S=D0=B5curity_Notific=D0=B0tion?=
This is a multi-part message in MIME format.
--1f947f73e223f614cfc19dbb7d212b0ff
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Account Security Notification
body { font-family: Arial, sans-serif; background-color: #f4f4f4; margin: 0; padding: 0; } .container { max-width: 600px; margin: 20px auto; padding: 20px; background-color: #ffffff; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } img { max-width: 100%; height: auto; } h1 { text-align: center; color: #333333; } p { color: #555555; line-height: 1.5; } .cta-button { display: inline-block; padding: 10px 20px; font-size: 16px; font-weight: bold; text-align: center; text-decoration: none; background-color: #007BFF; color: #ffffff; border-radius: 5px; }
Important Account Security Notification
Â
We hope this email finds you well. Our security systems have detected some
unusual activity on your account, leading us to take action to protect your
account.
For your safety, your account has been temporarily disabled. To restore
access and enhance the security of your account, we strongly advise you to
activate Two-Factor Authentication (2FA) without delay.
Click the button below to activate 2FA:
Activate
2FA
If you encounter any challenges or have concerns, our dedicated support team
is ready to assist you.
Your prompt attention to this matter is highly appreciated, as it contributes
to the continued security of your account.
Best regards,© 2024 MetaMask. All rights reserved.
This email is part of our ongoing commitment to ensuring the utmost security
for your account. If you did not initiate this action, please contact us
immediately.
--1f947f73e223f614cfc19dbb7d212b0ff
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
Important Account Security Notification
Â
We hope this email finds you well. Our security systems have detected some
unusual activity on your account, leading us to take action to protect your
account.
For your safety, your account has been temporarily disabled. To restore
access and enhance the security of your account, we strongly advise you to
activate Two-Factor Authentication (2FA) without delay.
Click the button below to activate 2FA:
If you encounter any challenges or have concerns, our dedicated support team
is ready to assist you.
Your prompt attention to this matter is highly appreciated, as it contributes
to the continued security of your account.
Best regards,
© 2024 MetaMask. All rights reserved.
This email is part of our ongoing commitment to ensuring the utmost security
for your account. If you did not initiate this action, please contact us
immediately.
--1f947f73e223f614cfc19dbb7d212b0ff--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments