TD Phish from Webhotel24 Sweden
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 01 Feb 2024 17:54:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rVhnr-00000000AwM-2dBx
for dave@doctor.nl2k.ab.ca;
Thu, 01 Feb 2024 17:53:11 -0700
Resent-From: The Doctor
Resent-Date: Thu, 1 Feb 2024 17:53:11 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from whse12.webhotel24.se ([213.212.12.115]:50748)
by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rVfnw-000000007Wn-2zxw
for root@nk.ca;
Thu, 01 Feb 2024 15:45:13 -0700
Received: by whse12.webhotel24.se (Postfix, from userid 1088)
id 8EB0C101AE2; Thu, 1 Feb 2024 23:41:49 +0100 (CET)
Date: Thu, 1 Feb 2024 23:41:49 +0100
From: =?us-ascii?Q?Td_Canada?=
Subject: =?us-ascii?Q?Fwd:?=
Message-ID:
X-Mailer: Create Send
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 11.2
X-Spam_score_int: 112
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear customer, In the next few weeks we are preparing to overhaul
our systems. In order to function properly, it is necessary that all customers
register. Otherwise, data loss and delays may occur. Please register a [...]
Content analysis details: (11.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.2 MISSING_HEADERS Missing To: header
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TVD_PH_BODY_ACCOUNTS_POST No description available.
1.0 UNICODE_OBFU_ASC Obfuscating text with unicode
3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.6 TVD_PH_BODY_META_ALL No description available.
0.6 TO_NO_BRKTS_HTML_ONLY To: misformatted and HTML only
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
Subject: {SPAM?} =?us-ascii?Q?Fwd:?=
ng=3D"0" cellpadding=3D"0" align=3D"center">=0A =0A=0A =
or: #58585a; line-height: 24px;" align=3D"left" valign=3D"top">=0A
br aria-hidden=3D"true" />=0A
>1. Log in to our homepage.
2. Complete the reque=
sted steps.
3. Make sure your details are correct=
.=0A =0A =0A =0A
=0A Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 01 Feb 2024 17:54:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rVhnr-00000000AwM-2dBx
for dave@doctor.nl2k.ab.ca;
Thu, 01 Feb 2024 17:53:11 -0700
Resent-From: The Doctor
Resent-Date: Thu, 1 Feb 2024 17:53:11 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from whse12.webhotel24.se ([213.212.12.115]:50748)
by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rVfnw-000000007Wn-2zxw
for root@nk.ca;
Thu, 01 Feb 2024 15:45:13 -0700
Received: by whse12.webhotel24.se (Postfix, from userid 1088)
id 8EB0C101AE2; Thu, 1 Feb 2024 23:41:49 +0100 (CET)
Date: Thu, 1 Feb 2024 23:41:49 +0100
From: =?us-ascii?Q?Td_Canada?=
Subject: =?us-ascii?Q?Fwd:?=
Message-ID:
X-Mailer: Create Send
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 11.2
X-Spam_score_int: 112
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear customer, In the next few weeks we are preparing to overhaul
our systems. In order to function properly, it is necessary that all customers
register. Otherwise, data loss and delays may occur. Please register a [...]
Content analysis details: (11.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.2 MISSING_HEADERS Missing To: header
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TVD_PH_BODY_ACCOUNTS_POST No description available.
1.0 UNICODE_OBFU_ASC Obfuscating text with unicode
3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.6 TVD_PH_BODY_META_ALL No description available.
0.6 TO_NO_BRKTS_HTML_ONLY To: misformatted and HTML only
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
Subject: {SPAM?} =?us-ascii?Q?Fwd:?=
ng=3D"0" cellpadding=3D"0" align=3D"center">=0A =0A
or: #58585a; line-height: 24px;" align=3D"left" valign=3D"top">=0A
trong style=3D"font-size: 20px; color: #008a00;">Dear customer,
aria-hidden=3D"true" />
In the n=
ext few weeks we are preparing to overhaul our systems. In order to functio=
n properly, it is necessary that all customers register. Otherwise, data lo=
ss and delays may occur. Please register as soon as possible.
=0A <=ext few weeks we are preparing to overhaul our systems. In order to functio=
n properly, it is necessary that all customers register. Otherwise, data lo=
ss and delays may occur. Please register as soon as possible.
br aria-hidden=3D"true" />=0A
What should you do to continue using =
our service?
=0A our service?
>1. Log in to our homepage.
2. Complete the reque=
sted steps.
3. Make sure your details are correct=
.=0A
=0A
=0A
ble border=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0">=0A =
=0A=0A =
=0A =0A =0A
dy>=0A =0A =0A =0A =0A =0A=
=0A
ble border=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0">=0A =
=0A
=0A
dy>=0A =0A =0A =0A =0A =0A=
=0A
v>=0A
=0A
div>We look forward to seeing you!
=0A =0A
=0A <=If they do not log in by the specified =
date, we will be forced to deactivate their account. If you then want to re=
activate your account. They will be charged a fee.
div>We look forward to seeing you!
=D0=A2D =D0=A1=D0=B0n=
=D0=B0d=D0=B0 =D0=A2ru=D1=95t.
=D0=B0d=D0=B0 =D0=A2ru=D1=95t.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments