fedex phish from Argentina
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 15 Jan 2023 21:24:08 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pHH1k-000CGh-0P
for dave@doctor.nl2k.ab.ca;
Sun, 15 Jan 2023 21:23:20 -0700
Resent-From: The Doctor
Resent-Date: Sun, 15 Jan 2023 21:23:20 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [190.210.127.40] (port=2561 helo=local660.weblineservice.com.ar)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pHFIL-000MQb-1z
for doctor@nk.ca;
Sun, 15 Jan 2023 19:32:33 -0700
Received: from local660.weblineservice.com.ar (localhost [127.0.0.1])
by local660.weblineservice.com.ar (8.15.2/8.15.2) with ESMTPS id 30G2TdxB033574
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for; Sun, 15 Jan 2023 23:29:39 -0300 (ART)
(envelope-from www@local660.weblineservice.com.ar)
Received: (from www@localhost)
by local660.weblineservice.com.ar (8.15.2/8.15.2/Submit) id 30G2Tcvx033564;
Sun, 15 Jan 2023 23:29:38 -0300 (ART)
(envelope-from www)
Date: Sun, 15 Jan 2023 23:29:38 -0300 (ART)
Message-Id: <202301160229.30G2Tcvx033564@local660.weblineservice.com.ar>
To: doctor@nk.ca
Subject: Pay for your package number 9725641382 - Important!
X-PHP-Originating-Script: 1002:wp-activat.php
From: FedEx
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary=f7a7c776b76a76120a6f1d257c71526a
X-Spam_score: 5.1
X-Spam_score_int: 51
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Customer , We received your package number 9725641382,
you need to pay 1,74$ to process your delivery. You will receive your package
in 24 h after payment.
Content analysis details: (5.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[190.210.127.40 listed in wl.mailspike.net]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[190.210.127.40 listed in bb.barracudacentral.org]
Subject: {SPAM?} Pay for your package number 9725641382 - Important!
--f7a7c776b76a76120a6f1d257c71526a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
PGRpdiBpZD0id3JhcHBlciIgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNmZmZmZmY7IG1hcmdp
bjogMjBweCBhdXRvOyBwYWRkaW5nOiA3cHggMTNweDsgY29sb3I6ICMwMDAwMDA7IGZvbnQtZmFt
aWx5OiAnVGltZXMgTmV3IFJvbWFuJzsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IG5v
cm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFu
czogMjsgdGV4dC1hbGlnbjogbGVmdDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06
IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdpZG93czogMjsgd29yZC1zcGFjaW5nOiAwcHg7
IHdpZHRoOiA1NDlweDsgaGVpZ2h0OiA1NTBweDsgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsi
PjxjZW50ZXI+CjxwPjxpbWcgYWx0PSIiIHNyYz0iaHR0cHM6Ly93d3cuc3BhZGV0Lm5jL3dwLWNv
bnRlbnQvdXBsb2Fkcy8yMDE5LzAyL2ZlZGV4LnBuZyIgc3R5bGU9IndpZHRoOiAzNTVweDsiIGhl
aWdodD0iMTgwIiAvPjwvcD4KPC9jZW50ZXI+PGJyIC8+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5
OiBBcmlhbDsgZm9udC13ZWlnaHQ6IGJvbGQ7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IEFy
aWFsOyBmb250LXdlaWdodDogYm9sZDsiPkRlYXIgQ3VzdG9tZXIgLDxiciAvPjxiciAvPjwvc3Bh
bj48L3NwYW4+CjxwPldlIHJlY2VpdmVkIHlvdXIgcGFja2FnZSBudW1iZXIgOTcyNTY0MTM4Miwg
eW91IG5lZWQgdG8gcGF5IDEsNzQkIHRvIHByb2Nlc3MgeW91ciBkZWxpdmVyeS48L3A+CjxwPllv
dSB3aWxsIHJlY2VpdmUgeW91ciBwYWNrYWdlIGluIDI0IGggYWZ0ZXIgcGF5bWVudC48L3A+Cjxi
ciAvPgo8ZGl2IGlkPSJzb2x1IiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyBib3JkZXItYm90
dG9tOiAxcHggc29saWQgIzEzNDI5MDsgcGFkZGluZy1ib3R0b206IDE4cHg7IG1hcmdpbi1ib3R0
b206IDVweDsgbWFyZ2luLXRvcDogMTdweDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogIzAwMDAwMDsi
PjxhIHN0eWxlPSJjb2xvcjogIzAwMDAwMDsiIGhyZWY9Imh0dHBzOi8vcml2ZXJzaWRlLmVkdS5w
aC9VcG8vIj5QYXkgbm93PC9hPjwvc3Bhbj48L2Rpdj4KPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6IEFyaWFsOyBmb250LXdlaWdodDogYm9sZDsiPk5vdGUgOiBJZiBhIG5ldyBkZWxp
dmVyeSBpcyBub3Qgc2NoZWR1bGVkIHdpdGhpbiAyNCBob3VycywgdGhlIHBhY2thZ2Ugd2lsbCBi
ZSByZXR1cm5lZCB0byB0aGUgc2VuZGVyLiBTaGlwcGluZyBhbmQgaGFuZGxpbmcgY2hhcmdlcyB3
aWxsIG5vdCBiZSByZWZ1bmRlZC48L3NwYW4+PC9jZW50ZXI+CjxkaXYgc3R5bGU9InRleHQtYWxp
Z246IGNlbnRlcjsgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICMxMzQyOTA7IHBhZGRpbmctYm90
dG9tOiAxOHB4OyBtYXJnaW4tYm90dG9tOiA1cHg7IG1hcmdpbi10b3A6IDE3cHg7Ij48YnIgLz48
YnIgLz48c3BhbiBzdHlsZT0idmVydGljYWwtYWxpZ246IGluaGVyaXQ7Ij48c3BhbiBzdHlsZT0i
dmVydGljYWwtYWxpZ246IGluaGVyaXQ7Ij48c2NwYW4+PHNwYW4+Q29weXJpZ2h0ICZjb3B5OyAy
MDIzIEZlZEV4LiBBbGwgUmlnaHRzIFJlc2VydmVkLjwvc3Bhbj4mbmJzcDs8L3NjcGFuPjwvc3Bh
bj48L3NwYW4+PC9kaXY+CjxkaXYgaWQ9ImZvb3RlciIgc3R5bGU9InRleHQtYWxpZ246IGNlbnRl
cjsiPgo8ZGl2IGlkPSJtZW51IiBzdHlsZT0ibWFyZ2luOiAtMzdweCAtMTQ4cHggLTM3cHggYXV0
bzsiPjwvZGl2Pgo8L2Rpdj4KPC9kaXY+
--f7a7c776b76a76120a6f1d257c71526a--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 15 Jan 2023 21:24:08 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pHH1k-000CGh-0P
for dave@doctor.nl2k.ab.ca;
Sun, 15 Jan 2023 21:23:20 -0700
Resent-From: The Doctor
Resent-Date: Sun, 15 Jan 2023 21:23:20 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [190.210.127.40] (port=2561 helo=local660.weblineservice.com.ar)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pHFIL-000MQb-1z
for doctor@nk.ca;
Sun, 15 Jan 2023 19:32:33 -0700
Received: from local660.weblineservice.com.ar (localhost [127.0.0.1])
by local660.weblineservice.com.ar (8.15.2/8.15.2) with ESMTPS id 30G2TdxB033574
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for
(envelope-from www@local660.weblineservice.com.ar)
Received: (from www@localhost)
by local660.weblineservice.com.ar (8.15.2/8.15.2/Submit) id 30G2Tcvx033564;
Sun, 15 Jan 2023 23:29:38 -0300 (ART)
(envelope-from www)
Date: Sun, 15 Jan 2023 23:29:38 -0300 (ART)
Message-Id: <202301160229.30G2Tcvx033564@local660.weblineservice.com.ar>
To: doctor@nk.ca
Subject: Pay for your package number 9725641382 - Important!
X-PHP-Originating-Script: 1002:wp-activat.php
From: FedEx
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary=f7a7c776b76a76120a6f1d257c71526a
X-Spam_score: 5.1
X-Spam_score_int: 51
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Customer , We received your package number 9725641382,
you need to pay 1,74$ to process your delivery. You will receive your package
in 24 h after payment.
Content analysis details: (5.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[190.210.127.40 listed in wl.mailspike.net]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[190.210.127.40 listed in bb.barracudacentral.org]
Subject: {SPAM?} Pay for your package number 9725641382 - Important!
--f7a7c776b76a76120a6f1d257c71526a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
PGRpdiBpZD0id3JhcHBlciIgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNmZmZmZmY7IG1hcmdp
bjogMjBweCBhdXRvOyBwYWRkaW5nOiA3cHggMTNweDsgY29sb3I6ICMwMDAwMDA7IGZvbnQtZmFt
aWx5OiAnVGltZXMgTmV3IFJvbWFuJzsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IG5v
cm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFu
czogMjsgdGV4dC1hbGlnbjogbGVmdDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06
IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdpZG93czogMjsgd29yZC1zcGFjaW5nOiAwcHg7
IHdpZHRoOiA1NDlweDsgaGVpZ2h0OiA1NTBweDsgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsi
PjxjZW50ZXI+CjxwPjxpbWcgYWx0PSIiIHNyYz0iaHR0cHM6Ly93d3cuc3BhZGV0Lm5jL3dwLWNv
bnRlbnQvdXBsb2Fkcy8yMDE5LzAyL2ZlZGV4LnBuZyIgc3R5bGU9IndpZHRoOiAzNTVweDsiIGhl
aWdodD0iMTgwIiAvPjwvcD4KPC9jZW50ZXI+PGJyIC8+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5
OiBBcmlhbDsgZm9udC13ZWlnaHQ6IGJvbGQ7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IEFy
aWFsOyBmb250LXdlaWdodDogYm9sZDsiPkRlYXIgQ3VzdG9tZXIgLDxiciAvPjxiciAvPjwvc3Bh
bj48L3NwYW4+CjxwPldlIHJlY2VpdmVkIHlvdXIgcGFja2FnZSBudW1iZXIgOTcyNTY0MTM4Miwg
eW91IG5lZWQgdG8gcGF5IDEsNzQkIHRvIHByb2Nlc3MgeW91ciBkZWxpdmVyeS48L3A+CjxwPllv
dSB3aWxsIHJlY2VpdmUgeW91ciBwYWNrYWdlIGluIDI0IGggYWZ0ZXIgcGF5bWVudC48L3A+Cjxi
ciAvPgo8ZGl2IGlkPSJzb2x1IiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyBib3JkZXItYm90
dG9tOiAxcHggc29saWQgIzEzNDI5MDsgcGFkZGluZy1ib3R0b206IDE4cHg7IG1hcmdpbi1ib3R0
b206IDVweDsgbWFyZ2luLXRvcDogMTdweDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogIzAwMDAwMDsi
PjxhIHN0eWxlPSJjb2xvcjogIzAwMDAwMDsiIGhyZWY9Imh0dHBzOi8vcml2ZXJzaWRlLmVkdS5w
aC9VcG8vIj5QYXkgbm93PC9hPjwvc3Bhbj48L2Rpdj4KPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6IEFyaWFsOyBmb250LXdlaWdodDogYm9sZDsiPk5vdGUgOiBJZiBhIG5ldyBkZWxp
dmVyeSBpcyBub3Qgc2NoZWR1bGVkIHdpdGhpbiAyNCBob3VycywgdGhlIHBhY2thZ2Ugd2lsbCBi
ZSByZXR1cm5lZCB0byB0aGUgc2VuZGVyLiBTaGlwcGluZyBhbmQgaGFuZGxpbmcgY2hhcmdlcyB3
aWxsIG5vdCBiZSByZWZ1bmRlZC48L3NwYW4+PC9jZW50ZXI+CjxkaXYgc3R5bGU9InRleHQtYWxp
Z246IGNlbnRlcjsgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICMxMzQyOTA7IHBhZGRpbmctYm90
dG9tOiAxOHB4OyBtYXJnaW4tYm90dG9tOiA1cHg7IG1hcmdpbi10b3A6IDE3cHg7Ij48YnIgLz48
YnIgLz48c3BhbiBzdHlsZT0idmVydGljYWwtYWxpZ246IGluaGVyaXQ7Ij48c3BhbiBzdHlsZT0i
dmVydGljYWwtYWxpZ246IGluaGVyaXQ7Ij48c2NwYW4+PHNwYW4+Q29weXJpZ2h0ICZjb3B5OyAy
MDIzIEZlZEV4LiBBbGwgUmlnaHRzIFJlc2VydmVkLjwvc3Bhbj4mbmJzcDs8L3NjcGFuPjwvc3Bh
bj48L3NwYW4+PC9kaXY+CjxkaXYgaWQ9ImZvb3RlciIgc3R5bGU9InRleHQtYWxpZ246IGNlbnRl
cjsiPgo8ZGl2IGlkPSJtZW51IiBzdHlsZT0ibWFyZ2luOiAtMzdweCAtMTQ4cHggLTM3cHggYXV0
bzsiPjwvZGl2Pgo8L2Rpdj4KPC9kaXY+
--f7a7c776b76a76120a6f1d257c71526a--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments