McAfee Phish from Amazon
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 11 Dec 2023 11:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from)
id 1rCl3p-00000000AlK-0qE1
for dave@doctor.nl2k.ab.ca;
Mon, 11 Dec 2023 11:31:21 -0700
Resent-From: The Doctor
Resent-Date: Mon, 11 Dec 2023 11:31:21 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from c180-16.smtp-out.ap-south-1.amazonses.com ([76.223.180.16]:38139)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from <0109018c593e4306-fbe5f5a2-c4cd-489c-bb73-b49e768bfa14-000000@ap-south-1.amazonses.com>)
id 1rCiYJ-00000000CgS-22Pz
for doctor@nk.ca;
Mon, 11 Dec 2023 08:50:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=h4kf6yx7tfflw7qh7hdjkr2b6k522m5p; d=aptatpar.com; t=1702304301;
h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Date:Message-ID;
bh=4jLN/NKvFZvcql+q55vBpOXNZK/aONtBEey6OaHjxSM=;
b=HRr9ySWFKLXNIcFtudRxd1j8LXxP2VbZY48RrFD3byrSlWASA5Siefq1jaeFk19e
ZsoGvSh+CB3B22v1Z9v3syMy0UFG+i0d7azMmVofRloo4yk7qbQTpV0XK2Lv4hwsefB
tJUX2zDK7s5UdCUCxWD6KDBUtua7Y5TBwHie2GJfeHLTmfY7SII+rubTOaKnM7vpnuo
OscYoMthAdUqEusUc9z0YNt9MGeSEyA7mxam7miQ5tUExQ/EHbRtHk7jRK+e86PXImQ
dyfBVmwKI2TMH6CDKtREMIDwwFsPBWFdEkl2jak6FOG/WIzmiI4PBFOQ+72zB0M576+
U8TRo71sJw==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=rlntogby6xsxlfnvyxwnvvhttakdsqto; d=amazonses.com; t=1702304301;
h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Date:Message-ID:Feedback-ID;
bh=4jLN/NKvFZvcql+q55vBpOXNZK/aONtBEey6OaHjxSM=;
b=QeIgVu6MzeUIGmFCxwxghC9BjA7agBpbQ7rGfSsa183qDeK+wQtJSYzTPvnSTlVV
m4DD7fJBBhrPDA261MC5OjEvz74ZE0qgMNofim4W/o18Hfvw4ZhJ/laeBRa2wCBTETF
pQblmecIDJ4p7reRMACCnCCEDiw9as3l4AHX5/cM=
From: "Mcafee.Warning"
To: doctor@nk.ca
Subject: Your Subscription has Closed Mon,11 Dec-2023.
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Date: Mon, 11 Dec 2023 14:18:21 +0000
X-Mailgun-Dkim: true
X-Mailgun-Native-Send: true
X-Mailgun-Track-Clicks: false
X-Mailgun-Track-Opens: false
Message-ID: <0109018c593e4306-fbe5f5a2-c4cd-489c-bb73-b49e768bfa14-000000@ap-south-1.amazonses.com>
Feedback-ID: 1.ap-south-1.tFPkwvm+GDUfWGhTfnIF7Sz8i3TfDhZ+F/1XDLHkUFk=:AmazonSES
X-SES-Outgoing: 2023.12.11-76.223.180.16
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: To view this email as a web page, click here МcΑfee© Your
Subscription has Closed Today.
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[76.223.180.16 listed in list.dnswl.org]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP address in URL
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.5 STYLE_GIBBERISH Nonsense in HTML
Your Subscription has Closed Today.
We have tried many times to warn you, Renew immediately.
Make your device more secure by renewing your subscription to protect your family from ever-evolving threats.
If you have not renewed your membership, your account will be closed within 48 hours.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 11 Dec 2023 11:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from
id 1rCl3p-00000000AlK-0qE1
for dave@doctor.nl2k.ab.ca;
Mon, 11 Dec 2023 11:31:21 -0700
Resent-From: The Doctor
Resent-Date: Mon, 11 Dec 2023 11:31:21 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from c180-16.smtp-out.ap-south-1.amazonses.com ([76.223.180.16]:38139)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from <0109018c593e4306-fbe5f5a2-c4cd-489c-bb73-b49e768bfa14-000000@ap-south-1.amazonses.com>)
id 1rCiYJ-00000000CgS-22Pz
for doctor@nk.ca;
Mon, 11 Dec 2023 08:50:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=h4kf6yx7tfflw7qh7hdjkr2b6k522m5p; d=aptatpar.com; t=1702304301;
h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Date:Message-ID;
bh=4jLN/NKvFZvcql+q55vBpOXNZK/aONtBEey6OaHjxSM=;
b=HRr9ySWFKLXNIcFtudRxd1j8LXxP2VbZY48RrFD3byrSlWASA5Siefq1jaeFk19e
ZsoGvSh+CB3B22v1Z9v3syMy0UFG+i0d7azMmVofRloo4yk7qbQTpV0XK2Lv4hwsefB
tJUX2zDK7s5UdCUCxWD6KDBUtua7Y5TBwHie2GJfeHLTmfY7SII+rubTOaKnM7vpnuo
OscYoMthAdUqEusUc9z0YNt9MGeSEyA7mxam7miQ5tUExQ/EHbRtHk7jRK+e86PXImQ
dyfBVmwKI2TMH6CDKtREMIDwwFsPBWFdEkl2jak6FOG/WIzmiI4PBFOQ+72zB0M576+
U8TRo71sJw==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=rlntogby6xsxlfnvyxwnvvhttakdsqto; d=amazonses.com; t=1702304301;
h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Date:Message-ID:Feedback-ID;
bh=4jLN/NKvFZvcql+q55vBpOXNZK/aONtBEey6OaHjxSM=;
b=QeIgVu6MzeUIGmFCxwxghC9BjA7agBpbQ7rGfSsa183qDeK+wQtJSYzTPvnSTlVV
m4DD7fJBBhrPDA261MC5OjEvz74ZE0qgMNofim4W/o18Hfvw4ZhJ/laeBRa2wCBTETF
pQblmecIDJ4p7reRMACCnCCEDiw9as3l4AHX5/cM=
From: "Mcafee.Warning"
To: doctor@nk.ca
Subject: Your Subscription has Closed Mon,11 Dec-2023.
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Date: Mon, 11 Dec 2023 14:18:21 +0000
X-Mailgun-Dkim: true
X-Mailgun-Native-Send: true
X-Mailgun-Track-Clicks: false
X-Mailgun-Track-Opens: false
Message-ID: <0109018c593e4306-fbe5f5a2-c4cd-489c-bb73-b49e768bfa14-000000@ap-south-1.amazonses.com>
Feedback-ID: 1.ap-south-1.tFPkwvm+GDUfWGhTfnIF7Sz8i3TfDhZ+F/1XDLHkUFk=:AmazonSES
X-SES-Outgoing: 2023.12.11-76.223.180.16
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: To view this email as a web page, click here МcΑfee© Your
Subscription has Closed Today.
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[76.223.180.16 listed in list.dnswl.org]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.3 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP address in URL
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.5 STYLE_GIBBERISH Nonsense in HTML
Â
To view this email as a web page, click here
МcΑfee©
Your Subscription has Closed Today.
Â
We have tried many times to warn you, Renew immediately.
Â
Make your device more secure by renewing your subscription to protect your family from ever-evolving threats.
Â
If you have not renewed your membership, your account will be closed within 48 hours.
Â
Account ID: | 63013823 |
User: | doctor |
Secure Status: | Suspended |
Today Discount: | 90Â % |
Limited Time: | Mon,11 Dec-2023 |
Â
Â