DHL phish from OVH Virginia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 07 Nov 2023 21:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1r0a4U-000OsE-38
for dave@doctor.nl2k.ab.ca;
Tue, 07 Nov 2023 21:21:42 -0700
Resent-From: The Doctor
Resent-Date: Tue, 7 Nov 2023 21:21:42 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from n10.carlosarce.shop ([15.204.217.115]:43040 helo=subs.nettoyageauto37.fr)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1r0W1X-000Ika-2G
for sales@nk.ca;
Tue, 07 Nov 2023 17:02:27 -0700
Received: from [127.0.1.1] (localhost [127.0.0.1])
by subs.nettoyageauto37.fr (Postfix) with ESMTP id 4C8CE532BD
for; Tue, 7 Nov 2023 23:57:13 +0000 (UTC)
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: DHL
To: sales@nk.ca
Subject: Your shipment is currently being held.
X-Mailer: Microsoft Outlook 16.0
List-Unsubscribe:
List-Id: <6904.773067.sales>
List-Help: true
Message-Id: <4461013122367E.55705@email.carlosarce.shop>
Date: Tue, 7 Nov 2023 23:57:13 +0000 (UTC)
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Unsubscribe .
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[15.204.217.115 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
Subject: {SPAM?} Your shipment is currently being held.
X-Antivirus: AVG (VPS 231107-8, 11/7/2023), Inbound message
X-Antivirus-Status: Clean
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 07 Nov 2023 21:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from
id 1r0a4U-000OsE-38
for dave@doctor.nl2k.ab.ca;
Tue, 07 Nov 2023 21:21:42 -0700
Resent-From: The Doctor
Resent-Date: Tue, 7 Nov 2023 21:21:42 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from n10.carlosarce.shop ([15.204.217.115]:43040 helo=subs.nettoyageauto37.fr)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96.2 (FreeBSD))
(envelope-from
id 1r0W1X-000Ika-2G
for sales@nk.ca;
Tue, 07 Nov 2023 17:02:27 -0700
Received: from [127.0.1.1] (localhost [127.0.0.1])
by subs.nettoyageauto37.fr (Postfix) with ESMTP id 4C8CE532BD
for
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: DHL
To: sales@nk.ca
Subject: Your shipment is currently being held.
X-Mailer: Microsoft Outlook 16.0
List-Unsubscribe:
List-Id: <6904.773067.sales>
List-Help: true
Message-Id: <4461013122367E.55705@email.carlosarce.shop>
Date: Tue, 7 Nov 2023 23:57:13 +0000 (UTC)
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Unsubscribe .
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[15.204.217.115 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
Subject: {SPAM?} Your shipment is currently being held.
X-Antivirus: AVG (VPS 231107-8, 11/7/2023), Inbound message
X-Antivirus-Status: Clean
.