DHL Phish from Bulgaria
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Nov 2022 06:55:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oyvdu-000AOE-Fe
for dave@doctor.nl2k.ab.ca;
Sat, 26 Nov 2022 06:54:55 -0700
Resent-From: The Doctor
Resent-Date: Sat, 26 Nov 2022 06:54:54 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cska.bg ([79.98.107.6]:60504 helo=server.cska.bg)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oyvFn-00075q-HQ
for doctor@nl2k.ab.ca;
Sat, 26 Nov 2022 06:30:08 -0700
Received: by server.cska.bg (Postfix, from userid 500)
id 6EFA13466267; Sat, 26 Nov 2022 15:26:59 +0200 (EET)
To: doctor@nl2k.ab.ca
Subject: Your package is waiting for delivery
X-PHP-Originating-Script: 500:m.php
Date: Sat, 26 Nov 2022 15:26:59 +0200
From: "Support [DHL]"
Message-ID: <6fc19dc570df01cf235a0a9cb3ce9d68@cska.bg>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_6fc19dc570df01cf235a0a9cb3ce9d68"
Content-Transfer-Encoding: 8bit
X-Spam_score: 9.1
X-Spam_score_int: 91
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Dear Customer, The health medical today-marketpackage
health medical today-marketsent health medical today-marketto health medical
today-marketyou health medical today-markethas health medical today-m [...]
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[79.98.107.6 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
2.4 HTML_OBFUSCATE_20_30 BODY: Message is 20% to 30% HTML
obfuscation
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_MESSAGE BODY: HTML included in message
3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible
malware
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible
malware
Subject: {SPAM?} Your package is waiting for delivery
This is a multi-part message in MIME format.
--b1_6fc19dc570df01cf235a0a9cb3ce9d68
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
DHL
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
Dear Customer,
The health medical today-marketpackage health medical today-marketsent heal=
th medical today-marketto health medical today-marketyou health medical tod=
ay-markethas health medical today-marketbeen health medical today-marketdel=
ivered health medical today-marketto health medical today-marketDHL health =
medical today-marketOffice health medical today-marketand health medical to=
day-marketshould health medical today-marketbe health medical today-marketd=
elivered health medical today-marketwithing health medical today-market48h.=
health medical today-marketPlease health medical today-marketconfirm healt=
h medical today-marketthe health medical today-marketpayment
on health medical today-marketthe health medical today-marketlink health =
medical today-marketbelow health medical today-marketwithin health medical =
today-marketa health medical today-marketmaximum health medical today-marke=
tof health medical today-market14 health medical today-marketdays health me=
dical today-marketbefore health medical today-marketit health medical today=
-marketexpires:
Follow health medical today-marketmy health medical today-marketpackage
This health medical today-marketemail health medical today-marketis health =
medical today-marketprovided health medical today-marketfor health medical =
today-marketinformational health medical today-marketpurposes health medica=
l today-marketonly health medical today-marketand health medical today-mark=
etdoes health medical today-marketnot health medical today-marketguarantee =
health medical today-marketdelivery health medical today-marketof health me=
dical today-marketthe health medical today-marketshipment. health medical t=
oday-marketUnable health medical today-marketto health medical today-market=
reply health medical today-marketto health medical today-marketthis health =
medical today-marketemail. health medical today-marketYour health medical t=
oday-markete-mail health medical today-marketaddress health medical today-m=
arketwill health medical today-marketonly health medical today-marketbe hea=
lth medical today-marketused health medical today-marketfor health medical =
today-marketthe health medical today-marketannouncement health medical toda=
y-marketof health medical today-marketthe health medical today-marketparcel=
health medical today-marketof health medical today-marketthe health medica=
l today-marketabove health medical today-marketshipment health medical toda=
y-marketand health medical today-marketwill health medical today-marketnot =
health medical today-marketbe health medical today-marketsaved health medic=
al today-marketfor health medical today-marketadvertising health medical to=
day-marketpurposes. health medical today-marketIf health medical today-mark=
etyou health medical today-marketno health medical today-marketlonger healt=
h medical today-marketwish health medical today-marketto health medical tod=
ay-marketreceive health medical today-marketthe health medical today-market=
package health medical today-marketannouncement, health medical today-marke=
tplease health medical today-marketclick health medical today-markethere: D=
HL health medical today-marketNotification health medical today-marketServi=
ce=20
Website
Contact
Impressum
=C2=A9 2022 DHL ID00##09-{7}##
=20
--b1_6fc19dc570df01cf235a0a9cb3ce9d68
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
DHL
--b1_6fc19dc570df01cf235a0a9cb3ce9d68--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Nov 2022 06:55:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oyvdu-000AOE-Fe
for dave@doctor.nl2k.ab.ca;
Sat, 26 Nov 2022 06:54:55 -0700
Resent-From: The Doctor
Resent-Date: Sat, 26 Nov 2022 06:54:54 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cska.bg ([79.98.107.6]:60504 helo=server.cska.bg)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oyvFn-00075q-HQ
for doctor@nl2k.ab.ca;
Sat, 26 Nov 2022 06:30:08 -0700
Received: by server.cska.bg (Postfix, from userid 500)
id 6EFA13466267; Sat, 26 Nov 2022 15:26:59 +0200 (EET)
To: doctor@nl2k.ab.ca
Subject: Your package is waiting for delivery
X-PHP-Originating-Script: 500:m.php
Date: Sat, 26 Nov 2022 15:26:59 +0200
From: "Support [DHL]"
Message-ID: <6fc19dc570df01cf235a0a9cb3ce9d68@cska.bg>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_6fc19dc570df01cf235a0a9cb3ce9d68"
Content-Transfer-Encoding: 8bit
X-Spam_score: 9.1
X-Spam_score_int: 91
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Dear Customer, The health medical today-marketpackage
health medical today-marketsent health medical today-marketto health medical
today-marketyou health medical today-markethas health medical today-m [...]
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[79.98.107.6 listed in bb.barracudacentral.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
2.4 HTML_OBFUSCATE_20_30 BODY: Message is 20% to 30% HTML
obfuscation
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_MESSAGE BODY: HTML included in message
3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible
malware
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible
malware
Subject: {SPAM?} Your package is waiting for delivery
This is a multi-part message in MIME format.
--b1_6fc19dc570df01cf235a0a9cb3ce9d68
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
DHL
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
Dear Customer,
The health medical today-marketpackage health medical today-marketsent heal=
th medical today-marketto health medical today-marketyou health medical tod=
ay-markethas health medical today-marketbeen health medical today-marketdel=
ivered health medical today-marketto health medical today-marketDHL health =
medical today-marketOffice health medical today-marketand health medical to=
day-marketshould health medical today-marketbe health medical today-marketd=
elivered health medical today-marketwithing health medical today-market48h.=
health medical today-marketPlease health medical today-marketconfirm healt=
h medical today-marketthe health medical today-marketpayment
on health medical today-marketthe health medical today-marketlink health =
medical today-marketbelow health medical today-marketwithin health medical =
today-marketa health medical today-marketmaximum health medical today-marke=
tof health medical today-market14 health medical today-marketdays health me=
dical today-marketbefore health medical today-marketit health medical today=
-marketexpires:
Follow health medical today-marketmy health medical today-marketpackage
This health medical today-marketemail health medical today-marketis health =
medical today-marketprovided health medical today-marketfor health medical =
today-marketinformational health medical today-marketpurposes health medica=
l today-marketonly health medical today-marketand health medical today-mark=
etdoes health medical today-marketnot health medical today-marketguarantee =
health medical today-marketdelivery health medical today-marketof health me=
dical today-marketthe health medical today-marketshipment. health medical t=
oday-marketUnable health medical today-marketto health medical today-market=
reply health medical today-marketto health medical today-marketthis health =
medical today-marketemail. health medical today-marketYour health medical t=
oday-markete-mail health medical today-marketaddress health medical today-m=
arketwill health medical today-marketonly health medical today-marketbe hea=
lth medical today-marketused health medical today-marketfor health medical =
today-marketthe health medical today-marketannouncement health medical toda=
y-marketof health medical today-marketthe health medical today-marketparcel=
health medical today-marketof health medical today-marketthe health medica=
l today-marketabove health medical today-marketshipment health medical toda=
y-marketand health medical today-marketwill health medical today-marketnot =
health medical today-marketbe health medical today-marketsaved health medic=
al today-marketfor health medical today-marketadvertising health medical to=
day-marketpurposes. health medical today-marketIf health medical today-mark=
etyou health medical today-marketno health medical today-marketlonger healt=
h medical today-marketwish health medical today-marketto health medical tod=
ay-marketreceive health medical today-marketthe health medical today-market=
package health medical today-marketannouncement, health medical today-marke=
tplease health medical today-marketclick health medical today-markethere: D=
HL health medical today-marketNotification health medical today-marketServi=
ce=20
Website
Contact
Impressum
=C2=A9 2022 DHL ID00##09-{7}##
=20
--b1_6fc19dc570df01cf235a0a9cb3ce9d68
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
--b1_6fc19dc570df01cf235a0a9cb3ce9d68--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments