More Paypal Phish via Bell Canada
Posted by Dave Yadallee on
From - Fri Aug 16 08:43:28 2013
X-Account-Key: account1
X-UIDL: 0000240b4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Wed, 14 Aug 2013 17:19:46 -0600
Received: from toroondcbmts08-srv.bellnexxia.net ([207.236.237.42])
by doctor.nl2k.ab.ca with esmtp (Exim 4.80.1)
(envelope-from)
id 1V9kLr-0001GF-HN
for dave@nk.ca; Wed, 14 Aug 2013 17:19:46 -0600
Received: from toip54-bus.srvr.bell.ca ([67.69.240.140])
by toroondcbmts08-srv.bellnexxia.net
(InterMail vM.8.00.01.00 201-2244-105-20090324) with ESMTP
id <20130814231936.WANO15792.toroondcbmts08-srv.bellnexxia.net@toip54-bus.srvr.bell.ca>
for; Wed, 14 Aug 2013 19:19:36 -0400
Received: from unknown (HELO ServeurVF) ([65.94.74.53])
by toip54-bus.srvr.bell.ca with ESMTP; 14 Aug 2013 19:19:23 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AklOANsCDFJBXko1/2dsb2JhbAABQBqCRAEPMjWIa4RQk2yGKoYGAQGJSIkCcBZ0gnYBRQQBAQECB4EWE4gQDDKYJ5NWAUCESJZ2hDmBHQOeMIVZhS2DNyCBNQ
X-IronPort-AV: E=Sophos;i="4.89,880,1367985600";
d="scan'208,217";a="339091651"
From: "**PayPaI**"
Subject: ** Final Notice for dave@nk.ca **
To: "59-125-248-104.hinet-ip.hinet.net wY1xMe"
Content-Type: multipart/alternative; boundary="aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0"
MIME-Version: 1.0
Date: Wed, 14 Aug 2013 19:19:21 -0400
X-Antivirus: avast! (VPS 130814-1, 2013-08-14), Outbound message
X-Antivirus-Status: Clean
Message-Id: <20130814231936.WANO15792.toroondcbmts08-srv.bellnexxia.net@toip54-bus.srvr.bell.ca>
X-Spam_score: 8.4
X-Spam_score_int: 84
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: - This mail is in HTML. Some elements may be ommited in plain
text. - [...]
Content analysis details: (8.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1
[207.236.237.42 listed in dnsbl-1.uceprotect.net]
1.0 RCVD_IN_BACKSCATTER RBL: Received via a relay in Backscatter.org
[207.236.237.42 listed in ips.backscatterer.org]
2.0 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2
[207.236.237.42 listed in dnsbl-2.uceprotect.net]
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gfafsas%40service.com;ip=207.236.237.42;r=doctor.nl2k.ab.ca]
0.7 SARE_HTML_A_BODY FULL: Message body has very strange HTML sequence
1.7 SARE_HTML_IMG_ONLY FULL: Short HTML msg, IMG and A HREF, maybe naught
else
Subject: {SPAM?} ** Final Notice for dave@nk.ca **
This is a multi-part message in MIME format
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
- This mail is in HTML. Some elements may be ommited in plain text. -
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
php" target=3D_blank>![](3D"http://59-125-248-104.hinet-ip.hinet.=<br)
net/appserv/sejur35612.png">
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0--
X-Account-Key: account1
X-UIDL: 0000240b4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Wed, 14 Aug 2013 17:19:46 -0600
Received: from toroondcbmts08-srv.bellnexxia.net ([207.236.237.42])
by doctor.nl2k.ab.ca with esmtp (Exim 4.80.1)
(envelope-from
id 1V9kLr-0001GF-HN
for dave@nk.ca; Wed, 14 Aug 2013 17:19:46 -0600
Received: from toip54-bus.srvr.bell.ca ([67.69.240.140])
by toroondcbmts08-srv.bellnexxia.net
(InterMail vM.8.00.01.00 201-2244-105-20090324) with ESMTP
id <20130814231936.WANO15792.toroondcbmts08-srv.bellnexxia.net@toip54-bus.srvr.bell.ca>
for
Received: from unknown (HELO ServeurVF) ([65.94.74.53])
by toip54-bus.srvr.bell.ca with ESMTP; 14 Aug 2013 19:19:23 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AklOANsCDFJBXko1/2dsb2JhbAABQBqCRAEPMjWIa4RQk2yGKoYGAQGJSIkCcBZ0gnYBRQQBAQECB4EWE4gQDDKYJ5NWAUCESJZ2hDmBHQOeMIVZhS2DNyCBNQ
X-IronPort-AV: E=Sophos;i="4.89,880,1367985600";
d="scan'208,217";a="339091651"
From: "**PayPaI**"
Subject: ** Final Notice for dave@nk.ca **
To: "59-125-248-104.hinet-ip.hinet.net wY1xMe"
Content-Type: multipart/alternative; boundary="aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0"
MIME-Version: 1.0
Date: Wed, 14 Aug 2013 19:19:21 -0400
X-Antivirus: avast! (VPS 130814-1, 2013-08-14), Outbound message
X-Antivirus-Status: Clean
Message-Id: <20130814231936.WANO15792.toroondcbmts08-srv.bellnexxia.net@toip54-bus.srvr.bell.ca>
X-Spam_score: 8.4
X-Spam_score_int: 84
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: - This mail is in HTML. Some elements may be ommited in plain
text. - [...]
Content analysis details: (8.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1
[207.236.237.42 listed in dnsbl-1.uceprotect.net]
1.0 RCVD_IN_BACKSCATTER RBL: Received via a relay in Backscatter.org
[207.236.237.42 listed in ips.backscatterer.org]
2.0 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2
[207.236.237.42 listed in dnsbl-2.uceprotect.net]
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gfafsas%40service.com;ip=207.236.237.42;r=doctor.nl2k.ab.ca]
0.7 SARE_HTML_A_BODY FULL: Message body has very strange HTML sequence
1.7 SARE_HTML_IMG_ONLY FULL: Short HTML msg, IMG and A HREF, maybe naught
else
Subject: {SPAM?} ** Final Notice for dave@nk.ca **
This is a multi-part message in MIME format
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
- This mail is in HTML. Some elements may be ommited in plain text. -
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
php" target=3D_blank>
net/appserv/sejur35612.png">
--aO5gUTNQGY=_OIjD8PkQkG2dZAnQ2gd2uW0--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments