Phishing against NetKnow
Posted by Dave Yadallee on
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Nov 2019 17:41:25 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.92.3 (FreeBSD))
(envelope-from)
id 1iTxll-000G9k-Nu
for aboo@doctor.nl2k.ab.ca; Sun, 10 Nov 2019 17:41:25 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Nov 2019 17:41:25 -0700
Resent-Message-ID: <20191111004125.GA45628@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from ratenewsworld.top ([202.75.32.105]:41321)
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.92.3 (FreeBSD))
(envelope-from)
id 1iTxVc-000A08-DA
for root@nk.ca; Sun, 10 Nov 2019 17:24:49 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ratenewsworld.top;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; i=mailer@ratenewsworld.top;
bh=n/MDyQtWceD5BilYzKFrKCjdOU4=;
b=HnrCi1apONoRiDdpDaan0Jh9+2upKmOuj2xHPbMTo3D9e4QgvA73mRPvD8WuC3ltAoxTcFMeBIHQ
Qk2ChlApbUCzYAjoS518Y437oZt/Lby7liOauX42ncSUSOW5Xta4OqCbB6/iNp7MHO1FbJReidyB
1qMrzQjrhivibF2Bjf8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=ratenewsworld.top;
b=fP0rsRtX6rFaD4r5y9Udyr/7fwSxjFZpdoelZqRLnGnrGB7eUxHJQZajsjlUcamqwiuJz7kNfiEq
9LG9BS3FJiKTtTloEfJUGFF8B9eCbkNuF8p88xfwjfLmOOGTlrI1kKl/xOij5m9A7JJ+XYUrQqm/
FHUD63pt7HP4XoWdpm0=;
From: mailer@ratenewsworld.top
To: root@nk.ca
Subject: Fwd: TOP UR RecipientsGENT !Important Notice for root@nk.ca from nk.ca [Do not ignore]
Date: 11 Nov 2019 00:23:51 +0000
Message-ID: <20191111002351.D0A2B6F8382B3E5F@ratenewsworld.top>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Antivirus: AVG (VPS 191110-0, 11/10/2019), Inbound message
X-Antivirus-Status: Clean
line-height: 18px; font-weight: normal; -ms-word-break: normal;">
or=3D"#444444" face=3D"tahoma, sans-serif">
nherit;">Hello root<=
/font>
ze: 15px; font-weight: normal; -ms-word-break: normal;">
-align: inherit;">Your
Account requires important update to function properly. Click below to=20
update your Account in order to avoid Account malfunction.
ont>
gb(102, 102, 102); line-height: 16px; font-size: 14px; font-weight: normal;=
-ms-word-break: normal;">
id=3D"m_-2544334299948981166m_4520038570240966649m_701703772982154513m_-782=
5087543061203130m_8280889304328797776m_5422947516400100176m_-57152425979865=
2214m_7964590498946302310m_2122810532948043500m_-523979154821070698gmail-m_=
7785965586539335042m_-7997245326541989544m_-1243167869145553425gmail-m_-522=
9320424136402782m_-6451464831022065316m_2263091544788550642m_85967855029990=
85871m_-481391402982801415m_5075715864890026910m_6216190667053222976m_23809=
86249653776223m_4636584753630615168m_-55075169758967
60953m_-8201539346495642633m_-8550329805786918302m_-6149302203830696269m_59=
116099161549944m_-5859514291455634957gmail-m_-5017152045967571449m_-5236414=
154490827586gmail-m_-9177460093951918103gmail-m_8063668205405293896m_-19036=
16211050637923m_-4568495961914542716m_-6738085044549623540m_125937522336663=
9664m_5427433678081686430gmail-LPlnk866056" style=3D"color: rgb(255, 255, 2=
55); text-decoration: none;"=20
href=3D"https://www.adcsgroup.com/touch/hip/MailboxFUD/MailboxFUD/MailboxFU=
D//index.php?email=3Droot@nk.ca" target=3D"_blank" rel=3D"noreferrer" data-=
saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ferniehuntsupport=
ers.co.uk/link/MailboxFUD/MailboxFUD/MailboxFUD/home/index.php?email%3D%5B%=
5B-Email-%5D%5D&source=3Dgmail&ust=3D1573517284410000&usg=3DAFQ=
jCNGPuU6Ro4enTQmgpgfYondkr6DsDg">
: 5px; border: 1px solid rgb(20, 40, 160); color: rgb(255, 255, 255); text-=
transform: uppercase; font-weight: normal; display: inline-block;">
ce=3D"tahoma, sans-serif">
yle=3D"vertical-align: inherit;">UPDATE ACCOUNT
>
ht: 18px; font-size: 15px; font-weight: normal; -ms-word-break: normal;">
ont face=3D"tahoma, sans-serif">
18px; font-size: 15px; font-weight: normal; -ms-word-break: normal;">
color=3D"#444444" face=3D"tahoma, sans-serif">
n: inherit;">
You can only update your account through this link for 12 hours from 11/11/=
2019 12:23:51 a.m. after receiving this notification.
n style=3D"color: rgb(61, 133, 198);">
gin: 0px; padding: 0px; line-height: 18px; -ms-word-break: normal;">
olor=3D"#444444" face=3D"tahoma, sans-serif">
;">
inherit;">
nk.ca administrator.
tyle=3D"vertical-align: inherit;">=
Copyright Exchange Co., All rights reserved
>
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Nov 2019 17:41:25 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.92.3 (FreeBSD))
(envelope-from
id 1iTxll-000G9k-Nu
for aboo@doctor.nl2k.ab.ca; Sun, 10 Nov 2019 17:41:25 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Nov 2019 17:41:25 -0700
Resent-Message-ID: <20191111004125.GA45628@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from ratenewsworld.top ([202.75.32.105]:41321)
by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.92.3 (FreeBSD))
(envelope-from
id 1iTxVc-000A08-DA
for root@nk.ca; Sun, 10 Nov 2019 17:24:49 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ratenewsworld.top;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; i=mailer@ratenewsworld.top;
bh=n/MDyQtWceD5BilYzKFrKCjdOU4=;
b=HnrCi1apONoRiDdpDaan0Jh9+2upKmOuj2xHPbMTo3D9e4QgvA73mRPvD8WuC3ltAoxTcFMeBIHQ
Qk2ChlApbUCzYAjoS518Y437oZt/Lby7liOauX42ncSUSOW5Xta4OqCbB6/iNp7MHO1FbJReidyB
1qMrzQjrhivibF2Bjf8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=ratenewsworld.top;
b=fP0rsRtX6rFaD4r5y9Udyr/7fwSxjFZpdoelZqRLnGnrGB7eUxHJQZajsjlUcamqwiuJz7kNfiEq
9LG9BS3FJiKTtTloEfJUGFF8B9eCbkNuF8p88xfwjfLmOOGTlrI1kKl/xOij5m9A7JJ+XYUrQqm/
FHUD63pt7HP4XoWdpm0=;
From: mailer@ratenewsworld.top
To: root@nk.ca
Subject: Fwd: TOP UR RecipientsGENT !Important Notice for root@nk.ca from nk.ca [Do not ignore]
Date: 11 Nov 2019 00:23:51 +0000
Message-ID: <20191111002351.D0A2B6F8382B3E5F@ratenewsworld.top>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Antivirus: AVG (VPS 191110-0, 11/10/2019), Inbound message
X-Antivirus-Status: Clean
ize=3D"6">Notice!
line-height: 18px; font-weight: normal; -ms-word-break: normal;">
or=3D"#444444" face=3D"tahoma, sans-serif">
nherit;">Hello root<=
/font>
ze: 15px; font-weight: normal; -ms-word-break: normal;">
-align: inherit;">Your
Account requires important update to function properly. Click below to=20
update your Account in order to avoid Account malfunction.
ont>
gb(102, 102, 102); line-height: 16px; font-size: 14px; font-weight: normal;=
-ms-word-break: normal;">
id=3D"m_-2544334299948981166m_4520038570240966649m_701703772982154513m_-782=
5087543061203130m_8280889304328797776m_5422947516400100176m_-57152425979865=
2214m_7964590498946302310m_2122810532948043500m_-523979154821070698gmail-m_=
7785965586539335042m_-7997245326541989544m_-1243167869145553425gmail-m_-522=
9320424136402782m_-6451464831022065316m_2263091544788550642m_85967855029990=
85871m_-481391402982801415m_5075715864890026910m_6216190667053222976m_23809=
86249653776223m_4636584753630615168m_-55075169758967
60953m_-8201539346495642633m_-8550329805786918302m_-6149302203830696269m_59=
116099161549944m_-5859514291455634957gmail-m_-5017152045967571449m_-5236414=
154490827586gmail-m_-9177460093951918103gmail-m_8063668205405293896m_-19036=
16211050637923m_-4568495961914542716m_-6738085044549623540m_125937522336663=
9664m_5427433678081686430gmail-LPlnk866056" style=3D"color: rgb(255, 255, 2=
55); text-decoration: none;"=20
href=3D"https://www.adcsgroup.com/touch/hip/MailboxFUD/MailboxFUD/MailboxFU=
D//index.php?email=3Droot@nk.ca" target=3D"_blank" rel=3D"noreferrer" data-=
saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ferniehuntsupport=
ers.co.uk/link/MailboxFUD/MailboxFUD/MailboxFUD/home/index.php?email%3D%5B%=
5B-Email-%5D%5D&source=3Dgmail&ust=3D1573517284410000&usg=3DAFQ=
jCNGPuU6Ro4enTQmgpgfYondkr6DsDg">
: 5px; border: 1px solid rgb(20, 40, 160); color: rgb(255, 255, 255); text-=
transform: uppercase; font-weight: normal; display: inline-block;">
ce=3D"tahoma, sans-serif">
yle=3D"vertical-align: inherit;">UPDATE ACCOUNT
>
ht: 18px; font-size: 15px; font-weight: normal; -ms-word-break: normal;">
ont face=3D"tahoma, sans-serif">
s-serif">
18px; font-size: 15px; font-weight: normal; -ms-word-break: normal;">
color=3D"#444444" face=3D"tahoma, sans-serif">
n: inherit;">
You can only update your account through this link for 12 hours from 11/11/=
2019 12:23:51 a.m. after receiving this notification.
n style=3D"color: rgb(61, 133, 198);">
gin: 0px; padding: 0px; line-height: 18px; -ms-word-break: normal;">
olor=3D"#444444" face=3D"tahoma, sans-serif">
;">
inherit;">
nk.ca administrator.
ce=3D"tahoma, sans-serif">
yle=3D"vertical-align: inherit;">Note: Do not reply to this email. Contact =
us with any queries by visiting our website at: &nb=
sp;
n: inherit;">Go to Mailbox custome=
r center
tyle=3D"vertical-align: inherit;">=
Copyright Exchange Co., All rights reserved
>
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments