Telus Phish

From - Wed May 16 11:30:08 2018

X-Account-Key: account2

X-UIDL: 0006629d501fb806

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-path:

Envelope-to: sales@nk.ca

Delivery-date: Wed, 16 May 2018 11:30:09 -0600

Received: from atmail15.worldsoft-mail.net ([217.196.177.215]:33176)

by doctor.nl2k.ab.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)

(Exim 4.91 (FreeBSD))

(envelope-from )

id 1fJ0FP-000628-D9

for sales@nk.ca; Wed, 16 May 2018 11:29:58 -0600

Received: from [162.219.30.67] (helo=localhost.localdomain)

by atmail15.worldsoft-mail.net with esmtpa (Exim 4.80.1)

(envelope-from )

id 1fJ0FH-0002fC-7A

for sales@nk.ca; Wed, 16 May 2018 19:29:47 +0200

Date: Wed, 16 May 2018 17:29:44 +0000

To: sales@nk.ca

From: =?UTF-8?B?VEVMVVM=?=

Subject: =?UTF-8?B?WW91ciBtb250aGx5IHBheW1lbnQgIzQ3MDE5Mjk5NSB3YXMgcmVjZW50bHkgcmVmdXNlZA==?=

Message-ID:

X-Priority: 3

X-Mailer: PHPMailer 5.2.6

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: base64

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear sales@nk.ca, Your monthly payment was recently declined.

The decline could be due to insufficient funds, card expired, etc. Since

you haven't provided us new billing information yet, we thought we'd remind

you to please provide us with updated billing information to avoid any billing

problems with your account.



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?WW91ciBtb250aGx5IHBheW1lbnQgIzQ3MDE5Mjk5NSB3YXMgcmVjZW50bHkgcmVmdXNlZA==?=

X-Antivirus: AVG (VPS 180515-0, 05/14/2018), Inbound message

X-Antivirus-Status: Clean



PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0i

d2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8L2hlYWQ+CiAgICA8

Ym9keT4KICAgICAgICA8dGFibGUgc3R5bGU9ImJvcmRlcjogMDsgd2lkdGg6IDUwMHB4OyBtYXJn

aW46IDAgYXV0bzsiPgogICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICA8dGQ+CiAgICAg

ICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0iaGVpZ2h0OiA0MHB4OyI+CiAgICAgICAgICAgICAg

ICAgICAgICAgIDxpbWcgc3JjPSJodHRwczovL2RpZ2l0YWxzdGFuZGFyZHMudGVsdXMuY29tL2Fz

c2V0cy9pbWcvZG93bmxvYWRzL1RFTFVTX2xvZ29fRU4uanBnIiB3aWR0aD0iMjUwIiBoZWlnaHQ9

IjUwIj4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDwvdGQ+CiAg

ICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgIDx0ZCBzdHls

ZT0iZm9udC1zaXplOiAxN3B4OyBjb2xvcjojNTk1ODU5OyBsaW5lLWhlaWdodDogMjhweDsgZm9u

dC1mYW1pbHk6ICdIZWx2ZXRpY2EgTmV1ZScsSGVsdmV0aWNhLEFyaWFsLHNhbnMtc2VyaWYgIWlt

cG9ydGFudDsiPgogICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9ImNvbG9yOiAjNTk1ODU5

OyBkaXNwbGF5OiBibG9jazsgZm9udC1zaXplOiAyM3B4ICFpbXBvcnRhbnQ7IGxpbmUtaGVpZ2h0

OiAzMHB4ICFpbXBvcnRhbnQ7IG1hcmdpbi1ib3R0b206IDE2cHggIWltcG9ydGFudDsgd2lkdGg6

IDEwMCU7Ij4mbmJzcDs8L2Rpdj4KCQkJCQk8YnI+CiAgICAgICAgICAgICAgICAgICAgPGgyIHN0

eWxlPSJtYXJnaW4tYm90dG9tOiAxMXB4OyBmb250LXNpemU6IDIzcHg7IGZvbnQtZmFtaWx5OiAn

SGVsdmV0aWNhIE5ldWUnLEhlbHZldGljYSxBcmlhbCxzYW5zLXNlcmlmOyI+RGVhciBzYWxlc0Bu

ay5jYSw8L2gyPgogICAgICAgICAgICAgICAgICAgICAgICBZb3VyIG1vbnRobHkgcGF5bWVudCB3

YXMgcmVjZW50bHkgZGVjbGluZWQuIFRoZSBkZWNsaW5lIGNvdWxkIGJlIGR1ZSB0byBpbnN1ZmZp

Y2llbnQgZnVuZHMsIGNhcmQgZXhwaXJlZCwgZXRjLjxicj48YnI+CgkJCQkJICAgIFNpbmNlIHlv

dSBoYXZlbid0IHByb3ZpZGVkIHVzIG5ldyBiaWxsaW5nIGluZm9ybWF0aW9uIHlldCw8YnI+CgkJ

CQkJCXdlIHRob3VnaHQgd2UnZCByZW1pbmQgeW91IHRvIHBsZWFzZSBwcm92aWRlIHVzIHdpdGgg

dXBkYXRlZDxicj4KCQkJCQkJYmlsbGluZyBpbmZvcm1hdGlvbiB0byBhdm9pZCBhbnkgYmlsbGlu

ZyBwcm9ibGVtcyB3aXRoIHlvdXIgYWNjb3VudC48YnI+PGJyPgogICAgICAgICAgICAgICAgICAg

IDxhIGhyZWY9Imh0dHA6Ly9uandlYmt6LmNvbS9zeW1waG9ueS9iaGQ0NjkucGhwIiBzdHlsZT0i

Zm9udC1zaXplOiAyMXB4OyBsaW5lLWhlaWdodDogMzBweDsgdGV4dC1hbGlnbjogY2VudGVyOyBi

b3JkZXItcmFkaXVzOiAzcHg7CgkJCQkJZGlzcGxheTogaW5saW5lLWJsb2NrOyB0ZXh0LWRlY29y

YXRpb246IG5vbmU7IHBhZGRpbmc6IDEwcHggMjBweCAxNHB4IDIwcHg7CgkJCQkJaGVpZ2h0OiAz

MHB4OyB3aWR0aDogMTAwJTsgbWF4LXdpZHRoOiAzNTBweDsgcGFkZGluZy1sZWZ0OiAwOyBwYWRk

aW5nLXJpZ2h0OiAwOwoJCQkJCS13ZWJraXQtYXBwZWFyYW5jZTogbm9uZTsgY29sb3I6ICNmZmY7

IGJvcmRlcjogbm9uZTsKCQkJCQliYWNrZ3JvdW5kLWltYWdlOiAtd2Via2l0LWdyYWRpZW50KGxp

bmVhciw1MCUgMCUsNTAlIDEwMCUsY29sb3Itc3RvcCgwJSwjNTdhNzA4KSxjb2xvci1zdG9wKDkw

JSwjNTdhNzA4KSxjb2xvci1zdG9wKDkwJSwjNDA4MDAwKSxjb2xvci1zdG9wKDEwMCUsIzQwODAw

MCkpOwoJCQkJCWJhY2tncm91bmQtaW1hZ2U6IC13ZWJraXQtbGluZWFyLWdyYWRpZW50KCM1N2E3

MDggMCUsIzU3YTcwOCA5MCUsIzQwODAwMCA5MCUsIzQwODAwMCk7CgkJCQkJYmFja2dyb3VuZC1p

bWFnZTogLW1vei1saW5lYXItZ3JhZGllbnQoIzU3YTcwOCAwJSwjNTdhNzA4IDkwJSwjNDA4MDAw

IDkwJSwjNDA4MDAwKTsKCQkJCQliYWNrZ3JvdW5kLWltYWdlOiAtby1saW5lYXItZ3JhZGllbnQo

IzU3YTcwOCAwJSwjNTdhNzA4IDkwJSwjNDA4MDAwIDkwJSwjNDA4MDAwKTsKCQkJCQliYWNrZ3Jv

dW5kLWltYWdlOiBsaW5lYXItZ3JhZGllbnQoIzU3YTcwOCAwJSwjNTdhNzA4IDkwJSwjNDA4MDAw

IDkwJSwjNDA4MDAwKTsKCQkJCQliYWNrZ3JvdW5kLWNvbG9yOiAjNTdhNzA4OyI+CgkJCQkJCVJl

dmlldzxmb250IGNvbG9yPSIjNTdhNzA4Ij5HPC9mb250PmFjY291bnQ8Zm9udCBjb2xvcj0iIzU3

YTcwOCI+RzwvZm9udD5pbmZvcm1hdGlvbgoJCQkJCTwvYT4KICAgICAgICAgICAgICAgIDwvdGQ+

CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgPC90YWJsZT4KICAgIDwvYm9keT4KPC9odG1sPgo=







Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA