False admin mailbox size account phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: sales@nk.ca
Delivery-date: Sun, 08 Dec 2019 21:23:07 -0700
Received: from [45.128.223.91] (port=49781 helo=emailservice.net)
by doctor.nl2k.ab.ca with esmtp (Exim 4.92.3 (FreeBSD))
(envelope-from)
id 1ieAMX-000Dqe-9i
for sales@nk.ca; Sun, 08 Dec 2019 21:09:38 -0700
From: Email Administrator
To: sales@nk.ca
Subject: URGENT!!! Your Email Will Be Suspended
Date: 8 Dec 2019 20:09:17 -0800
Message-ID: <20191208200917.10F4D4870565DDA0@emailservice.net>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good day,sales@nk.ca 1969MB 2000 MB Your account will be Blocked
due to system error CODE: DA2507LU236 .
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[45.128.223.91 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[45.128.223.91 listed in will-spam-for-food.eu.org]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[45.128.223.91 listed in bb.barracudacentral.org]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.9 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
Subject: {SPAM?} URGENT!!! Your Email Will Be Suspended
X-Antivirus: AVG (VPS 191208-0, 12/08/2019), Inbound message
X-Antivirus-Status: Clean
3, 33, 33); font-size: 15px;">
1" id=3D"yiv8126916348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2912" st=
yle=3D"line-height: 22px; font-size: 12pt;">Good da=
y,sales@nk.ca
v2486292201yui_3_16_0_1_1409874957895_2893" style=3D"color: rgb(68, 68, 68)=
; font-size: 24px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
v2486292201yui_3_16_0_1_1409874957895_2892" style=3D"width: 293px; line-hei=
ght: 21px;">
86292201yui_3_16_0_1_1409874957895_2891">
6348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2911" style=3D"background:=
rgb(255, 204, 0); border-color: black rgb(240, 240, 240) black black; padd=
ing: 0in; width: 131.25pt; border-top-width: 1pt; border-bottom-width: 1pt;=
border-left-width: 1pt; border-top-style: solid; border-bottom-style: soli=
d; border-left-style: solid;">
2486292201yui_3_16_0_1_1409874957895_2926" style=3D"color: rgb(34, 34, 34);=
line-height: 22px; font-family: Tahoma, sans-serif; font-size: 12pt;">1969=
MB
348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2924" style=3D"border-color=
: black black black rgb(240, 240, 240); padding: 0in; width: 18.75pt; borde=
r-top-width: 1pt; border-right-width: 1pt; border-bottom-width: 1pt; border=
-top-style: solid; border-right-style: solid; border-bottom-style: solid; b=
ackground-color: transparent;">
_16_0_1_1410448463373_1911" valign=3D"top" style=3D"background: 0px 50%; pa=
dding: 0in; border: rgb(240, 240, 240);">
_16_0_1_1410448463373_1885" style=3D"background: 0px 50%; padding: 0in; bor=
der: rgb(240, 240, 240);">
=3D"yiv8126916348x_ecxyui_3_16_0_1_1410448463373_1884">
26916348x_ecxyiv2486292201" id=3D"yiv8126916348x_ecxyui_3_16_0_1_1410448463=
373_1886" style=3D"color: rgb(34, 34, 34); line-height: 22px; font-family: =
Tahoma, sans-serif; font-size: 12pt;">2000
_3_16_0_1_1410448463373_1913" style=3D"color: rgb(34, 34, 34); line-height:=
22px; font-family: Tahoma, sans-serif; font-size: 12pt;">MB
r>
784829820_23427" style=3D"color: rgb(33, 33, 33); font-size: 15px;"> <=
/div>
784829820_23426" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
id=3D"yui_3_16_0_ym19_1_1470784829820_23425">
7_5634 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3256 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2800" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_1395229056957_2565" style=3D"color: r=
gb(69, 69, 69); font-family: Corbel; font-size: 12pt;">Your account will be=
Blocked due to system error CODE:
7_5635 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3257 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2801" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_1395231935017_5672" style=3D"color: r=
gb(255, 0, 0); font-family: Arial; font-size: 12pt; font-weight: bold;">DA2=
507LU236
7_5636 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3258 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2802" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_13952" style=3D"color: rgb(69, 69, 69=
); font-family: Corbel; font-size: 12pt;">.
Envelope-to: sales@nk.ca
Delivery-date: Sun, 08 Dec 2019 21:23:07 -0700
Received: from [45.128.223.91] (port=49781 helo=emailservice.net)
by doctor.nl2k.ab.ca with esmtp (Exim 4.92.3 (FreeBSD))
(envelope-from
id 1ieAMX-000Dqe-9i
for sales@nk.ca; Sun, 08 Dec 2019 21:09:38 -0700
From: Email Administrator
To: sales@nk.ca
Subject: URGENT!!! Your Email Will Be Suspended
Date: 8 Dec 2019 20:09:17 -0800
Message-ID: <20191208200917.10F4D4870565DDA0@emailservice.net>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good day,sales@nk.ca 1969MB 2000 MB Your account will be Blocked
due to system error CODE: DA2507LU236 .
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[45.128.223.91 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[45.128.223.91 listed in will-spam-for-food.eu.org]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[45.128.223.91 listed in bb.barracudacentral.org]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.9 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
only
Subject: {SPAM?} URGENT!!! Your Email Will Be Suspended
X-Antivirus: AVG (VPS 191208-0, 12/08/2019), Inbound message
X-Antivirus-Status: Clean
3, 33, 33); font-size: 15px;">
1" id=3D"yiv8126916348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2912" st=
yle=3D"line-height: 22px; font-size: 12pt;">Good da=
y,sales@nk.ca
v2486292201yui_3_16_0_1_1409874957895_2893" style=3D"color: rgb(68, 68, 68)=
; font-size: 24px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
v2486292201yui_3_16_0_1_1409874957895_2892" style=3D"width: 293px; line-hei=
ght: 21px;">
86292201yui_3_16_0_1_1409874957895_2891">
6348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2911" style=3D"background:=
rgb(255, 204, 0); border-color: black rgb(240, 240, 240) black black; padd=
ing: 0in; width: 131.25pt; border-top-width: 1pt; border-bottom-width: 1pt;=
border-left-width: 1pt; border-top-style: solid; border-bottom-style: soli=
d; border-left-style: solid;">
2486292201yui_3_16_0_1_1409874957895_2926" style=3D"color: rgb(34, 34, 34);=
line-height: 22px; font-family: Tahoma, sans-serif; font-size: 12pt;">1969=
MB
348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2924" style=3D"border-color=
: black black black rgb(240, 240, 240); padding: 0in; width: 18.75pt; borde=
r-top-width: 1pt; border-right-width: 1pt; border-bottom-width: 1pt; border=
-top-style: solid; border-right-style: solid; border-bottom-style: solid; b=
ackground-color: transparent;">
_16_0_1_1410448463373_1911" valign=3D"top" style=3D"background: 0px 50%; pa=
dding: 0in; border: rgb(240, 240, 240);">
_16_0_1_1410448463373_1885" style=3D"background: 0px 50%; padding: 0in; bor=
der: rgb(240, 240, 240);">
=3D"yiv8126916348x_ecxyui_3_16_0_1_1410448463373_1884">
26916348x_ecxyiv2486292201" id=3D"yiv8126916348x_ecxyui_3_16_0_1_1410448463=
373_1886" style=3D"color: rgb(34, 34, 34); line-height: 22px; font-family: =
Tahoma, sans-serif; font-size: 12pt;">2000
_3_16_0_1_1410448463373_1913" style=3D"color: rgb(34, 34, 34); line-height:=
22px; font-family: Tahoma, sans-serif; font-size: 12pt;">MB
r>
784829820_23427" style=3D"color: rgb(33, 33, 33); font-size: 15px;"> <=
/div>
784829820_23426" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
id=3D"yui_3_16_0_ym19_1_1470784829820_23425">
7_5634 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3256 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2800" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_1395229056957_2565" style=3D"color: r=
gb(69, 69, 69); font-family: Corbel; font-size: 12pt;">Your account will be=
Blocked due to system error CODE:
7_5635 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3257 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2801" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_1395231935017_5672" style=3D"color: r=
gb(255, 0, 0); font-family: Arial; font-size: 12pt; font-weight: bold;">DA2=
507LU236
7_5636 yiv8126916348x_ecxyiv3723218874yui_3_13_0_1_1396232738906_3258 yiv81=
26916348x_ecxyiv3723218874yui_3_13_0_1_1397165451840_2802" id=3D"yiv8126916=
348x_ecxyiv3723218874yui_3_13_0_ym1_1_13952" style=3D"color: rgb(69, 69, 69=
); font-family: Corbel; font-size: 12pt;">.
784829820_23424" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
d=3D"yui_3_16_0_ym19_1_1470784829820_23423" style=3D"font-size: 14px;">Your=
e-mail account is running on a low storage space,
126916348currentHitHighlight" id=3D"yiv81269163480.7796502865945156">verify=
your account now to increase storage space
784829820_23422" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
d=3D"yui_3_16_0_ym19_1_1470784829820_23421" style=3D"font-size: 14px;">othe=
r wise your account shall be l=
ocked out.
=
arget=3D"_blank" rel=3D"nofollow">
486292201yui_3_16_0_1_1409874957895_2906" style=3D"color: rgb(68, 68, 68); =
font-size: 24px;">
id=3D"yiv8126916348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2903" styl=
e=3D"color: rgb(34, 34, 34); outline-width: medium; outline-color: invert;"=
target=3D"_blank" rel=3D"nofollow">
2486292201yui_3_16_0_1_1409874957895_2902" style=3D"color: rgb(0, 104, 207)=
;">
"http://todoorservice.com/wetransfer/vf.php?email=3Dsales@nk.ca" target=3D"=
_blank" rel=3D"nofollow">Click here to
lass=3D"yiv8126916348highlight" id=3D"yiv81269163480.3964921603711973">veri=
fy your account.
784829820_23420" style=3D"color: rgb(68, 68, 68); font-size: 24px;"> <=
/div>
784829820_23419" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
d=3D"yui_3_16_0_ym19_1_1470784829820_23418" color=3D"#4d4d4d" size=3D"3">
trong id=3D"yui_3_16_0_ym19_1_1470784829820_23417">
_1_1470784829820_23416">NOTICE:
784829820_23414" style=3D"color: rgb(68, 68, 68); font-size: 24px;">
d=3D"yui_3_16_0_ym19_1_1470784829820_23415" color=3D"#4d4d4d" size=3D"3">Fa=
ilure to
600312202810339">verify your e-mail account shall result to acc=
ount lock out.
784829820_23406" style=3D"color: rgb(68, 68, 68); font-size: 24px;"> <=
/div>
486292201yui_3_16_0_1_1409874957895_2898" style=3D"color: rgb(68, 68, 68); =
font-size: 24px;">
line-height: 22px; font-size: 12pt;">Thanks,=
486292201yui_3_16_0_1_1409874957895_2900" style=3D"color: rgb(68, 68, 68); =
font-size: 24px;">
8126916348x_ecxyiv2486292201yui_3_16_0_1_1409874957895_2901" style=3D"line-=
height: 22px; font-size: 12pt;">Account Service
nt>
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments