Norton Antivirus phish from Romania
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 07 Jun 2022 16:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nyhIG-0006km-Ey
for dave@doctor.nl2k.ab.ca;
Tue, 07 Jun 2022 16:03:20 -0600
Resent-From: The Doctor
Resent-Date: Tue, 7 Jun 2022 16:03:20 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from gallifrey.nk.ca ([204.209.81.3]:53958)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
id 1nyd7S-000NEX-AT
for root@nk.ca;
Tue, 07 Jun 2022 11:35:56 -0600
Received: from [89.32.41.214] (port=60542 helo=wanichemarknas.com)
by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))
id 1nyd74-000P0Q-KZ
for news@gallifrey.nk.ca;
Tue, 07 Jun 2022 11:35:33 -0600
MIME-Version: 1.0
From: news
Subject: -Your_Norton_Protection_Has Been_Successfully_Updated...
To: news@gallifrey.nk.ca
Content-Type: text/html
Date: Tue, 07 Jun 2022 19:33:20 +0200
X-Spam_score: 14.6
X-Spam_score_int: 146
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your Norton Security subscription has expired! Your Norton
Security subscription expired on 30/05/2022 After the expiration date, your
computer becomes susceptible to many different virus threats. Your computer
may be unprotected, it may be exposed to viruses and other malicious code
...
Content analysis details: (14.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[89.32.41.214 listed in bb.barracudacentral.org]
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.1 MISSING_MID Missing Message-Id: header
3.2 HTML_TAG_BALANCE_CENTER Malformatted HTML
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: wee.so]
Message-Id:
X-Spam_score: 14.5
X-Spam_score_int: 145
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your Norton Security subscription has expired! Your Norton
Security subscription expired on 30/05/2022 After the expiration date, your
computer becomes susceptible to many different virus threats. Your computer
may be unprotected, it may be exposed to viruses and other malicious code
...
Content analysis details: (14.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[89.32.41.214 listed in bb.barracudacentral.org]
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
3.2 HTML_TAG_BALANCE_CENTER Malformatted HTML
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: wee.so]
Subject: {SPAM?} -Your_Norton_Protection_Has Been_Successfully_Updated...
Click Here To Unsubscribe
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 07 Jun 2022 16:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nyhIG-0006km-Ey
for dave@doctor.nl2k.ab.ca;
Tue, 07 Jun 2022 16:03:20 -0600
Resent-From: The Doctor
Resent-Date: Tue, 7 Jun 2022 16:03:20 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from gallifrey.nk.ca ([204.209.81.3]:53958)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
id 1nyd7S-000NEX-AT
for root@nk.ca;
Tue, 07 Jun 2022 11:35:56 -0600
Received: from [89.32.41.214] (port=60542 helo=wanichemarknas.com)
by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))
id 1nyd74-000P0Q-KZ
for news@gallifrey.nk.ca;
Tue, 07 Jun 2022 11:35:33 -0600
MIME-Version: 1.0
From: news
Subject: -Your_Norton_Protection_Has Been_Successfully_Updated...
To: news@gallifrey.nk.ca
Content-Type: text/html
Date: Tue, 07 Jun 2022 19:33:20 +0200
X-Spam_score: 14.6
X-Spam_score_int: 146
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your Norton Security subscription has expired! Your Norton
Security subscription expired on 30/05/2022 After the expiration date, your
computer becomes susceptible to many different virus threats. Your computer
may be unprotected, it may be exposed to viruses and other malicious code
...
Content analysis details: (14.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[89.32.41.214 listed in bb.barracudacentral.org]
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.1 MISSING_MID Missing Message-Id: header
3.2 HTML_TAG_BALANCE_CENTER Malformatted HTML
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: wee.so]
Message-Id:
X-Spam_score: 14.5
X-Spam_score_int: 145
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your Norton Security subscription has expired! Your Norton
Security subscription expired on 30/05/2022 After the expiration date, your
computer becomes susceptible to many different virus threats. Your computer
may be unprotected, it may be exposed to viruses and other malicious code
...
Content analysis details: (14.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[89.32.41.214 listed in bb.barracudacentral.org]
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
3.2 HTML_TAG_BALANCE_CENTER Malformatted HTML
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: wee.so]
Subject: {SPAM?} -Your_Norton_Protection_Has Been_Successfully_Updated...
Your Norton Security subscription has expired! |
Your Norton Security subscription expired on 30/05/2022 After the expiration date, your computer becomes susceptible to many different virus threats. Your computer may be unprotected, it may be exposed to viruses and other malicious code ... You are entitled to a discount: 62% discount on 1 year extension The offer expires on: 15/06/2022 |
Renew your membership |
Click Here To Unsubscribe
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments