Spanish phish from Germany

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 Jul 2022 14:06:00 -0600

Received: from static.84.173.119.168.clients.your-server.de ([168.119.173.84]:44558 helo=mx40.atendimentoclienteonline.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oEcPy-0001RJ-4t

for dave@doctor.nl2k.ab.ca;

Thu, 21 Jul 2022 14:05:10 -0600

Received: by mx40.atendimentoclienteonline.com (Postfix, from userid 0)

id E5A4D4D1BE; Thu, 21 Jul 2022 19:10:07 +0000 (UTC)

MIME-Version: 1.0

Content-type: text/html; charset=UTF-8

Content-Transfer-Encoding: base64

Subject: Se Anexa el seguiente Comprobante Fiscal digital 5548

From: fiscal5548@sat.gov.mx

To: dave@doctor.nl2k.ab.ca

Message-Id: <20220721195009.E5A4D4D1BE@mx40.atendimentoclienteonline.com>

Date: Thu, 21 Jul 2022 19:10:07 +0000 (UTC)



PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs

Ly9FTiI+DQoKPGh0bWw+DQoKPGhlYWQ+DQoKICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNo

YXJzZXQ9SVNPLTg4NTktMSIgaHR0cC1lcXVpdj0iY29udGVudC10eXBlIj4NCgogIDx0aXRsZT5u

b3ZhPC90aXRsZT4NCgo8L2hlYWQ+DQoKPGJvZHk+DQoKPGEgaHJlZj0iaHR0cHM6Ly9zdG9yYWdl

Lmdvb2dsZWFwaXMuY29tL3N0YWdpbmcuY2xldmVyLWNvZ2VuY3ktMzQ0OTE2LmFwcHNwb3QuY29t

L2FkanVudG9zLmh0bWw/aGFzaD1kYXZlQGRvY3Rvci5ubDJrLmFiLmNhDQoiPkRlc2NhcmdhciB0

b2RvIGNvbW8uemlwJm5ic3A7IGFyY2hpdm9zIGFkanVudG9zICgyMzYga2IpPC9hPjxicj4NCgo8

YnI+DQoKRXN0ZSBjb3JyZW8gZWxlY3RyJm9hY3V0ZTtuaWNvIGVzdCZhYWN1dGU7IGRlc3RpbmFk

byBhIHJlc2lkZW50ZXMgZGUgTSZlYWN1dGU7eGljbyB5IGZ1ZSBlbnZpYWRvIGEmbmJzcDsgPGEg

aHJlZj0iaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3N0YWdpbmcuY2xldmVyLWNvZ2Vu

Y3ktMzQ0OTE2LmFwcHNwb3QuY29tL2FkanVudG9zLmh0bWw/aGFzaD1kYXZlQGRvY3Rvci5ubDJr

LmFiLmNhDQoiPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDUxLCAxMDIsIDI1NSk7Ij5kYXZlQGRv

Y3Rvci5ubDJrLmFiLmNhDQo8L3NwYW4+PC9hPjxicj4NCgpzZSBhbmV4YSBlbCBzZWd1aWVudGUg

Y29tcHJvYmFudGUgZmlzY2FsIGRpZ2l0YWw8YnI+DQoKUmVtaXRlbnRlOiBTZXJ2aWNpbyBkZSBB

ZG1pbmlzdHJhY2kmb2FjdXRlO24gVHJpYnV0YXJpYS48YnI+DQoKSGVtb3MgaWRlbnRpZmljYWRv

IHF1ZSB0aWVuZXMgcGVuZGllbnRlIGRlIHByZXNlbnRhciwgYWwgPHNwYW4gc3R5bGU9ImNvbG9y

OiByZ2IoNTEsIDEwMiwgMjU1KTsiPjIxIGRlIEp1bGlvIGRlIDIwMjI8L3NwYW4+LCBsbyBzaWd1

aWVudGU6PGJyPg0KClNFUklFIFkgRk9MSU86IDk2NzYyOTAxOTkyMDIyPGJyPg0KCkEgcXVpZW4g

Y29ycmVzcG9uZGE8YnI+DQoKU0VSSUUgWQ0KCkZPTElPOiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw

OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu

YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw

OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu

YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KCi05Njc2MjkwV05SVFlSVkFRPGJy

Pg0KCkZFQ0hBIERFDQoKRU1JU0lPTjombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz

cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm

bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz

cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCgoyMS8wNy8yMDIyPGJyPg0KCk1PTlRP

DQoKVE9UQUw6Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7

Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i

c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7

Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i

c3A7Jm5ic3A7DQoKOTkyODAuOTY8YnI+DQoKPGJyPg0KCkNvbnN1bHRlIGxvcyBkYXRvcyBhZGp1

bnRvcywgcG9yIGZhdm9yPGJyPg0KCjxhIGhyZWY9Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlz

LmNvbS9zdGFnaW5nLmNsZXZlci1jb2dlbmN5LTM0NDkxNi5hcHBzcG90LmNvbS9hZGp1bnRvcy5o

dG1sP2hhc2g9ZGF2ZUBkb2N0b3Iubmwyay5hYi5jYQ0KIj5odHRwczovL3ZlcmlmaWNhY2ZkaS5m

YWN0dXJhZWxlY3Ryb25pY2EuZW1pc2lvbi9lbWlzaW9uLmNvbmVjdG9yZmlzY2FsLm14L2Rlc2Nh

cmdhc2NmZC5qc3A/aWRMaWdhPV9GQUNfMTcyNjYyNjI5MF8xNzI2NjI2MjkwLnBkZjwvYT4NCgo8

L2JvZHk+DQoKPC9odG1sPg0K





More home depot phish

Return-path: <>

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 Jul 2022 07:39:01 -0600

Received: from [206.83.40.47] (port=40696 helo=dynamicjust.us)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1oEWNZ-000Eli-R1

for dave@doctor.nl2k.ab.ca;

Thu, 21 Jul 2022 07:38:18 -0600

From:_Reward On Hold! Please Confirm

Subject:_Don’t miss your chance to win a makita power drill

Date: Thu, 21 Jul 2022 15:27:42 +0200

To: dave@doctor.nl2k.ab.ca

Reply-To: "Adobe Creative Cloud"

MIME-Version: 1.0

X-mailer: nlserver, Build 6.7.0

Message-ID:

X-250ok-CID: P26341-121020

TenantHeader: 1d0e6311-6f98-4c5b-8b0e-o3WgMn9r2ukmHQ95lBloEuT

Affinity: prod.default

X-cust_MessageID: 1938757681

X-cust_DeliveryID: 350826

X-cust_InstanceName: aci_prod

MessageMaxRetry:2

MessageRetryPeriod: 3600

MessageWebValidityDuration: 2592000

MessageValidityDuration: 432000

X-cust_IMSOrgID:

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset="UTF-8"

X-Spam_score: 10.4

X-Spam_score_int: 104

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: SURVEY ABOUT: THE HOME DEPOT THE HOME DEPOT Please tell us

about your: THE HOME DEPOT Experiences and as a thank you, you can select

from several exclusive offer rewards! Supply is extremely limited so act

fast today!



Content analysis details: (10.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.1 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters

1.5 HDRS_MISSP Misspaced headers

0.1 SUBJECT_NEEDS_ENCODING Subject is encoded but does not specify

the encoding

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} _Don’t miss your chance to win a makita power drill