Canada post phish from Italy

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 06 Sep 2023 14:39:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))

(envelope-from )

id 1qdzCx-0005kC-1L

for dave@doctor.nl2k.ab.ca;

Wed, 06 Sep 2023 14:33:03 -0600

Resent-From: The Doctor

Resent-Date: Wed, 6 Sep 2023 14:33:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [89.40.142.214] (port=42776 helo=mta.girlbosseshustle.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.96 (FreeBSD))

(envelope-from )

id 1qdxmc-000H7s-15

for root@nk.ca;

Wed, 06 Sep 2023 13:01:52 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=1693683623.girlbosseshustle;

d=girlbosseshustle.com;

h=Date:To:From:Subject:Message-ID:MIME-Version:Content-Type:

Content-Transfer-Encoding; i=office@girlbosseshustle.com;

bh=tBVvQLMnTOiPLQxrCByGWstMXoQoQO56hgqtCJFkKz8=;

b=kZKCGzKiNMviZHyKgADXdv0giYlBkBpYqqkgAMvEgvxaH0xmuOfLeM428tvxnLm8vuwyf+bRWzCg

1ooRLCdaCEYN1eGp7T0RopUniBwUrLnZxfIdSyeNV8Qk14bYwgqca7Spfe4lz77MHOymJ+uzX4Kn

cz5MIs9gRNm0KzMixO0=

Date: Wed, 6 Sep 2023 20:39:21 +0200

To: root@nk.ca

From: Canada Post

Subject: You have a parcel awaiting payment and delivery.

Message-ID: <673a1385968a08575152c228e11105b3@girlbosseshustle.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="113a399d5d6b3759078b7351de86615c1"

Content-Transfer-Encoding: 8bit



This is a multi-part message in MIME format.



--113a399d5d6b3759078b7351de86615c1

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

























Dear Costumer,



Your package number CA772980724289Â is in transit.

Â

This package is declared in customs, we invite you to pay the 0.99 CADÂ in duties and taxes by connecting us via the link below as soon as possible.



Receive the package



Once your payment is made, you will receive a confirmation of payment and your package will be delivered as soon as possible.

Finally, you can follow the progress of your package or get information about our products and services on our website.





*Arrived at Canada Post Office Origin Facility: 2023.09.04 08:15:31 AM















--113a399d5d6b3759078b7351de86615c1

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

























Dear Costumer,





Your package number CA772980724289Â is in transit.


Â


This package is declared in customs, we invite you to pay the 0.99 CADÂ in duties and taxes by connecting us via the link below as soon as possible.





Receive the package





Once your payment is made, you will receive a confirmation of payment and your package will be delivered as soon as possible.


Finally, you can follow the progress of your package or get information about our products and services on our website.







*Arrived at Canada Post Office Origin Facility: 2023.09.04 08:15:31 AM





















--113a399d5d6b3759078b7351de86615c1--



Aeroplan phish from China

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 Sep 2023 22:37:05 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))

(envelope-from )

id 1qdk2b-000BU2-0q

for dave@doctor.nl2k.ab.ca;

Tue, 05 Sep 2023 22:21:21 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 Sep 2023 22:21:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [150.158.53.232] (port=55436 helo=VM-4-11-centos.localdomain)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96 (FreeBSD))

(envelope-from )

id 1qdiEP-000D9Y-1D

for doctor@nl2k.ab.ca;

Tue, 05 Sep 2023 20:25:29 -0600

Received: by VM-4-11-centos.localdomain (Postfix, from userid 1000)

id 85B726975B; Wed, 6 Sep 2023 10:15:34 +0800 (CST)

To: doctor@nl2k.ab.ca

Subject: New Aeroplan Security Update

Date: Wed, 6 Sep 2023 10:15:34 +0800

From: Aircanada

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_f984c59c35492fc5af74806c3f0aaed6"

Content-Transfer-Encoding: 8bit

X-Spam_score: 6.6

X-Spam_score_int: 66

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Activate two-factor authentication Confirm your primary email





Content analysis details: (6.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} New Aeroplan Security Update



This is a multi-part message in MIME format.



--b1_f984c59c35492fc5af74806c3f0aaed6

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit



































































































Â





Activate two-factor



authentication





















































Confirm your primary email



address and activate

two-factor



authentication.













SIGN IN













































Â



























You have received this email because it is



an important

communication about the Aeroplan Program.



You cannot

unsubscribe from this communication or



other

administrative or transactional



communications.



Please do not reply to this



email.



Â



















--b1_f984c59c35492fc5af74806c3f0aaed6

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit






cellpadding="0" style="text-align: left; color: rgb(0, 0, 0); font-family: arial, verdana,



helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures:



normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2;



text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-



stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial;



text-decoration-color: initial;">




































border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">










style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">




bgcolor="#efefef" border="0" cellspacing="0" cellpadding="0" style="text-align: left;



width: 640px;">






















style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">




border="0" cellspacing="0" cellpadding="0" style="text-align: left;">










class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-



serif; font-size: 9pt; font-weight: normal; vertical-align: top;">




onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"



class="image-resize" alt="Aeroplan"



src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_header_top.jpg"



border="0" style="width: 640px; display: block;">





valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;



padding: 0px 20px 20px; font-weight: normal; vertical-align: top;">




src="http://res.mail.aircanada.com/res/aircana_mkt_prod3/Logo_Aeroplan_Header_v1.png"



border="0" style="display: block;">



style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">




cellspacing="0" cellpadding="0" style="text-align: left;">










class="hide-mobile2" valign="middle" style="font-family: arial, verdana, helvetica, sans-



serif; font-size: 9pt; font-weight: normal; vertical-align: top;">




onload="View.inlineImageLoaded(this,undefined,false)" width="640" title="Aeroplan"



alt="malinda@valleyautomotive.ca"



src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/aeroplan_tier_BASE_header_bottom



.jpg" border="0" style="width: 640px; display: block;">











cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">










style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding: 30px



0px 0px;">




border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 580px;">










style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">




class="container2" border="0" cellspacing="0" cellpadding="0" style="text-align: left;">












bgcolor="#b79a7e" style="font-family: arial, verdana, helvetica, sans-serif; font-size:



9pt;">

Â


style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt; padding-left:



12px;">




Open="" Sans?,="" Verdana,="" sans-serif;="" font-size:="" 28px;="" font-weight:=""



bold;?="">

Activate two-factor



authentication











cellspacing="0" cellpadding="0" style="text-align: left;">












cellpadding="0" style="text-align: left;">
















style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">




src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"



style="display: block;">





cellspacing="0" cellpadding="0" style="text-align: left;">






















16px;="" color:="" rgb(0,="" 0,="" 0);?="">

Confirm your primary email



address and activate

two-factor



authentication.



valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;



padding-top: 30px;">




cellspacing="0" cellpadding="0" style="text-align: left;">










width="275" align="center" class="buttonMobile" valign="top" style="font-family: " Open=""



Sans?,="" Verdana,="" sans-serif;="" font-size:="" 20px;="" text-align:="" center;=""



color:="" rgb(255,="" 255,="" 255);="" line-height:="" 20px;="" font-weight:="" bold;?="">




class="padding13" _onclick="parent.phx.event.mailUrlClicked



('http://t.info.aircanada.com/r/?id=h1b82b58,514801f,36a6ab1'); return true;"



target="_blank" style="color: rgb(255, 255, 255); text-decoration: none; padding: 13px



65px; border: 2px solid rgb(0, 80, 120); display: block; background-color: rgb(0, 80,



120);" href="https://rose-autumn-wood.glitch.me/CAZAERO.HTML">SIGN IN





valign="top" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 0px;">




onload="View.inlineImageLoaded(this,undefined,false)" height="30" alt=""



src="https://res.mail.aircanada.com/res/aircana_mkt_prod3/spacer.gif" border="0"



style="display: block;">











border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px; border-



top: 4px solid rgb(240, 20, 40);">









Â







border="0" cellspacing="0" cellpadding="0" style="text-align: left; width: 640px;">










valign="middle" style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;



padding: 20px 100px;">




style="text-align: left;">










style="font-family: arial, verdana, helvetica, sans-serif; font-size: 9pt;">




Sans?,="" Verdana,="" sans-serif;="" font-size:="" 10px;="" font-weight:="" normal;?="">

You have received this email because it is



an important

communication about the Aeroplan Program.



You cannot

unsubscribe from this communication or



other

administrative or transactional



communications.





Please do not reply to this



email.





Â













--b1_f984c59c35492fc5af74806c3f0aaed6--