Phishing as a false main host
Posted by Dave Yadallee on
From - Mon Dec 24 06:04:19 2018
X-Account-Key: account2
X-UIDL: 0006895e501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Mon, 24 Dec 2018 06:04:25 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.91 (FreeBSD))
(envelope-from)
id 1gbPuD-0007Lx-P3
for aboo@doctor.nl2k.ab.ca; Mon, 24 Dec 2018 06:04:25 -0700
Resent-From: The Doctor
Resent-Date: Mon, 24 Dec 2018 06:04:25 -0700
Resent-Message-ID: <20181224130425.GB5777@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from nya.nyamera.com ([162.144.69.227]:58997)
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91 (FreeBSD))
(envelope-from)
id 1gbNte-00055x-6x
for root@nk.ca; Mon, 24 Dec 2018 03:56:01 -0700
Received: from [94.100.31.27] (port=53137 helo=len.co.id)
by nya.nyamera.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89_1)
(envelope-from)
id 1gbNt7-00088H-Rt
for root@nk.ca; Mon, 24 Dec 2018 13:55:10 +0300
From: nk.ca
To: root@nk.ca
Subject: ATTENTION root@nk.ca
Date: 24 Dec 2018 02:55:09 -0800
Message-ID: <20181224025509.34A2F21E8524B780@len.co.id>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-OutGoing-Spam-Status: No, score=0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - nya.nyamera.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - len.co.id
X-Get-Message-Sender-Via: nya.nyamera.com: authenticated_id: info@chakasafaris.com
X-Authenticated-Sender: nya.nyamera.com: info@chakasafaris.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 5.3
X-Spam_score_int: 53
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi root You have some undelivered incoming mails on root@nk.ca
Follow below portal to prompt delivery to avoid being blocked from receiving
mails.
Content analysis details: (5.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[162.144.69.227 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 SUBJ_ATTENTION ATTENTION in Subject
Subject: {SPAM?} ATTENTION root@nk.ca
f; FLOAT: left; COLOR: #fffafa; PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PA=
DDING-LEFT: 10px; MARGIN: 2px; DISPLAY: block; PADDING-RIGHT: 10px; border-=
radius: 3px" href=3D"http://supportcenterservi.sytes.net/xz/webapp/?email=
=3Droot@nk.ca" rel=3Dnoopener target=3D_blank>PROMPT DELIVERY NOW =
X-Account-Key: account2
X-UIDL: 0006895e501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Mon, 24 Dec 2018 06:04:25 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.91 (FreeBSD))
(envelope-from
id 1gbPuD-0007Lx-P3
for aboo@doctor.nl2k.ab.ca; Mon, 24 Dec 2018 06:04:25 -0700
Resent-From: The Doctor
Resent-Date: Mon, 24 Dec 2018 06:04:25 -0700
Resent-Message-ID: <20181224130425.GB5777@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from nya.nyamera.com ([162.144.69.227]:58997)
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91 (FreeBSD))
(envelope-from
id 1gbNte-00055x-6x
for root@nk.ca; Mon, 24 Dec 2018 03:56:01 -0700
Received: from [94.100.31.27] (port=53137 helo=len.co.id)
by nya.nyamera.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89_1)
(envelope-from
id 1gbNt7-00088H-Rt
for root@nk.ca; Mon, 24 Dec 2018 13:55:10 +0300
From: nk.ca
To: root@nk.ca
Subject: ATTENTION root@nk.ca
Date: 24 Dec 2018 02:55:09 -0800
Message-ID: <20181224025509.34A2F21E8524B780@len.co.id>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-OutGoing-Spam-Status: No, score=0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - nya.nyamera.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - len.co.id
X-Get-Message-Sender-Via: nya.nyamera.com: authenticated_id: info@chakasafaris.com
X-Authenticated-Sender: nya.nyamera.com: info@chakasafaris.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 5.3
X-Spam_score_int: 53
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi root You have some undelivered incoming mails on root@nk.ca
Follow below portal to prompt delivery to avoid being blocked from receiving
mails.
Content analysis details: (5.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[162.144.69.227 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 SUBJ_ATTENTION ATTENTION in Subject
Subject: {SPAM?} ATTENTION root@nk.ca
Hi root
You have some undelivered incoming mails on root@nk.ca
Follow below portal to prompt delivery to avoid being blocked from rec=
eiving mails.
eiving mails.
f; FLOAT: left; COLOR: #fffafa; PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PA=
DDING-LEFT: 10px; MARGIN: 2px; DISPLAY: block; PADDING-RIGHT: 10px; border-=
radius: 3px" href=3D"http://supportcenterservi.sytes.net/xz/webapp/?email=
=3Droot@nk.ca" rel=3Dnoopener target=3D_blank>PROMPT DELIVERY NOW =
Best Regard,
nk.ca Mail Servicee
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments