DHL Phish from IONOS Philadelphia
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 07 Feb 2024 08:34:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rXjvT-00000000Ce6-0mhD
for dave@doctor.nl2k.ab.ca;
Wed, 07 Feb 2024 08:33:27 -0700
Resent-From: The Doctor
Resent-Date: Wed, 7 Feb 2024 08:33:27 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from vps.popmt.com ([74.208.104.169]:38631)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rXjrN-00000000CWL-2n63
for doctor@nl2k.ab.ca;
Wed, 07 Feb 2024 08:29:17 -0700
Received: by vps.popmt.com (Postfix, from userid 10001)
id A61E02A834565; Wed, 7 Feb 2024 09:27:02 -0600 (CST)
To: doctor@nl2k.ab.ca
Subject: Track your shipment N: 3229964113
Date: Wed, 7 Feb 2024 15:25:50 +0000
From: mydhl express
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="185c2f5ac0c4f5963277b05c9c2e6762a"
Content-Transfer-Encoding: 8bit
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Express YOUR SHIPMENT IS ON ITS WAY fghfnjfgnkjgybkftj
tjy rtbyj rbtjr btjy rbtyjr tbyu rbyubtyuyune byuetyuenyu netyub euety
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.1 TW_BJ BODY: Odd Letter Triples with BJ
0.1 TW_YJ BODY: Odd Letter Triples with YJ
0.1 TW_FG BODY: Odd Letter Triples with FG
0.1 TW_JS BODY: Odd Letter Triples with JS
0.1 TW_GV BODY: Odd Letter Triples with GV
0.1 TW_TJ BODY: Odd Letter Triples with TJ
0.1 TW_TB BODY: Odd Letter Triples with TB
0.1 TW_HV BODY: Odd Letter Triples with HV
0.1 TW_DG BODY: Odd Letter Triples with DG
0.1 TW_VS BODY: Odd Letter Triples with VS
0.1 TW_GJ BODY: Odd Letter Triples with GJ
0.1 TW_HB BODY: Odd Letter Triples with HB
0.1 TW_SV BODY: Odd Letter Triples with SV
0.1 TW_SF BODY: Odd Letter Triples with SF
0.1 TW_GD BODY: Odd Letter Triples with GD
0.1 TW_SG BODY: Odd Letter Triples with SG
0.1 TW_FD BODY: Odd Letter Triples with FD
0.1 TW_BT BODY: Odd Letter Triples with BT
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.3 LONGLN_LOW_CONTRAST Excessively long line + hidden text
Subject: {SPAM?} Track your shipment N: 3229964113
X-Antivirus: AVG (VPS 240207-4, 2/7/2024), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--185c2f5ac0c4f5963277b05c9c2e6762a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
DHL Express
Â
YOUR SHIPMENT IS ON ITS WAY
fghfnjfgnkjgybkftj tjy rtbyj rbtjr btjy rbtyjr tbyu rbyubtyuyune byuetyuenyu netyub euety
Hello
YourfDHL8expresssshipmentdwithlwaybill isponpitsuway.iThe
current estimated delivery is 07-02-2024.
To view your delivery options, make a change or track your shipment,
fbfjnfgjbgjt ftbj fbjf hbjf bjf bj fbh jb jh tbjtujtujrtyjrtyjlbojbebrybery veyuerybey
ENABLE NOW
dhdfghdfgjdsfgjsfdgjsfg jsfgj sfgj sdgj sdgj sgdj sgj sfgj sfgjh sfg
Thank you for using On Demand Delivery.
DHL Express - Excellence. Simply delivered.
x dfds dssd vsgvsdvss shvshsvh vshgvhs
Med venlig hilsen
--185c2f5ac0c4f5963277b05c9c2e6762a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
rgb(255, 255, 255); width: 650px; font-family: helvetica, arial, sans-serif=
;">
px; border-radius: 8px; margin-top: 20px; box-shadow: rgba(0, 0, 0, 0.1) 0p=
x 4px 8px; font-family: Helvetica, sans-serif; font-size: 13.3px;">
ing: border-box; font-family: Helvetica, sans-serif; font-size: 13.3px; dis=
play: flex; justify-content: space-between;">
cc0000;">DHL Express=
ing: border-box; font-family: Helvetica, sans-serif; font-size: 13.3px; dis=
play: flex; justify-content: space-between;">=C2=A0
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 07 Feb 2024 08:34:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rXjvT-00000000Ce6-0mhD
for dave@doctor.nl2k.ab.ca;
Wed, 07 Feb 2024 08:33:27 -0700
Resent-From: The Doctor
Resent-Date: Wed, 7 Feb 2024 08:33:27 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from vps.popmt.com ([74.208.104.169]:38631)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rXjrN-00000000CWL-2n63
for doctor@nl2k.ab.ca;
Wed, 07 Feb 2024 08:29:17 -0700
Received: by vps.popmt.com (Postfix, from userid 10001)
id A61E02A834565; Wed, 7 Feb 2024 09:27:02 -0600 (CST)
To: doctor@nl2k.ab.ca
Subject: Track your shipment N: 3229964113
Date: Wed, 7 Feb 2024 15:25:50 +0000
From: mydhl express
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="185c2f5ac0c4f5963277b05c9c2e6762a"
Content-Transfer-Encoding: 8bit
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Express YOUR SHIPMENT IS ON ITS WAY fghfnjfgnkjgybkftj
tjy rtbyj rbtjr btjy rbtyjr tbyu rbyubtyuyune byuetyuenyu netyub euety
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.1 TW_BJ BODY: Odd Letter Triples with BJ
0.1 TW_YJ BODY: Odd Letter Triples with YJ
0.1 TW_FG BODY: Odd Letter Triples with FG
0.1 TW_JS BODY: Odd Letter Triples with JS
0.1 TW_GV BODY: Odd Letter Triples with GV
0.1 TW_TJ BODY: Odd Letter Triples with TJ
0.1 TW_TB BODY: Odd Letter Triples with TB
0.1 TW_HV BODY: Odd Letter Triples with HV
0.1 TW_DG BODY: Odd Letter Triples with DG
0.1 TW_VS BODY: Odd Letter Triples with VS
0.1 TW_GJ BODY: Odd Letter Triples with GJ
0.1 TW_HB BODY: Odd Letter Triples with HB
0.1 TW_SV BODY: Odd Letter Triples with SV
0.1 TW_SF BODY: Odd Letter Triples with SF
0.1 TW_GD BODY: Odd Letter Triples with GD
0.1 TW_SG BODY: Odd Letter Triples with SG
0.1 TW_FD BODY: Odd Letter Triples with FD
0.1 TW_BT BODY: Odd Letter Triples with BT
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.3 LONGLN_LOW_CONTRAST Excessively long line + hidden text
Subject: {SPAM?} Track your shipment N: 3229964113
X-Antivirus: AVG (VPS 240207-4, 2/7/2024), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--185c2f5ac0c4f5963277b05c9c2e6762a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
DHL Express
Â
YOUR SHIPMENT IS ON ITS WAY
fghfnjfgnkjgybkftj tjy rtbyj rbtjr btjy rbtyjr tbyu rbyubtyuyune byuetyuenyu netyub euety
Hello
YourfDHL8expresssshipmentdwithlwaybill isponpitsuway.iThe
current estimated delivery is 07-02-2024.
To view your delivery options, make a change or track your shipment,
fbfjnfgjbgjt ftbj fbjf hbjf bjf bj fbh jb jh tbjtujtujrtyjrtyjlbojbebrybery veyuerybey
ENABLE NOW
dhdfghdfgjdsfgjsfdgjsfg jsfgj sfgj sdgj sdgj sgdj sgj sfgj sfgjh sfg
Thank you for using On Demand Delivery.
DHL Express - Excellence. Simply delivered.
x dfds dssd vsgvsdvss shvshsvh vshgvhs
Med venlig hilsen
--185c2f5ac0c4f5963277b05c9c2e6762a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
rgb(255, 255, 255); width: 650px; font-family: helvetica, arial, sans-serif=
;">
px; border-radius: 8px; margin-top: 20px; box-shadow: rgba(0, 0, 0, 0.1) 0p=
x 4px 8px; font-family: Helvetica, sans-serif; font-size: 13.3px;">
ing: border-box; font-family: Helvetica, sans-serif; font-size: 13.3px; dis=
play: flex; justify-content: space-between;">
cc0000;">DHL Express=
ing: border-box; font-family: Helvetica, sans-serif; font-size: 13.3px; dis=
play: flex; justify-content: space-between;">=C2=A0
, arial, sans-serif;">
: rgb(204, 0, 0);">YOUR SHIPMENT IS ON ITS WAY
n>
; margin-bottom: 1rem;">fghfnjfgnkjgybkftj t=
jy rtbyj rbtjr btjy rbtyjr tbyu rbyubtyuyune byuetyuenyu netyub euety
>
, arial, sans-serif;">Hello
pan style=3D"color: rgb(44, 54, 58); font-family: helvetica, arial, sans-se=
rif; font-size: 16px;">Your
font-family: helvetica, arial, sans-serif; font-size: 16px;">f
style=3D"color: rgb(204, 0, 0); font-family: helvetica, arial, sans-serif;=
font-size: 16px;">DHL
">
;">8
nt-family: helvetica, arial, sans-serif; font-size: 16px;">e
g>
l, sans-serif; font-size: 16px;">xpress
=3D"color: rgb(255, 255, 255); font-family: helvetica, arial, sans-serif; f=
ont-size: 16px;">s
58); font-family: helvetica, arial, sans-serif; font-size: 16px;">shipment=
ial, sans-serif; font-size: 16px;">d
, 58); font-family: helvetica, arial, sans-serif; font-size: 16px;">with
pan>
, sans-serif; font-size: 16px;">l
8); font-family: helvetica, arial, sans-serif; font-size: 16px;">waybill
pan>
px;">=C2=A0
44, 54, 58); font-family: helvetica, arial, sans-serif; font-size: 16px;">i=
s
rial, sans-serif; font-size: 16px;">p
4, 58); font-family: helvetica, arial, sans-serif; font-size: 16px;">on
an>
sans-serif; font-size: 16px;">p
); font-family: helvetica, arial, sans-serif; font-size: 16px;">its<=
span style=3D"color: rgb(255, 255, 255); font-family: helvetica, arial, san=
s-serif; font-size: 16px;">u
ont-family: helvetica, arial, sans-serif; font-size: 16px;">way.
n style=3D"color: rgb(255, 255, 255); font-family: helvetica, arial, sans-s=
erif; font-size: 16px;">i
-family: helvetica, arial, sans-serif; font-size: 16px;">The
e=3D"font-family: helvetica, arial, sans-serif; font-size: 16px;" />
serif; font-size: 16px;">current estimated delivery is=C2=A0
yle=3D"color: rgb(204, 0, 0); font-family: helvetica, arial, sans-serif; fo=
nt-size: 16px;">07-02-2024
(44, 54, 58); font-family: helvetica, arial, sans-serif; font-size: 16px;">=
.
; margin-bottom: 1rem;">
serif; font-size: 14px;">To view your delivery options, make a change or tr=
ack your shipment,
; margin-bottom: 1rem;">fbfjnfgjbgjt ftbj fb=
jf hbjf bjf bj fbh jb jh tbjtujtujrtyjrtyjlbojbebrybery veyuerybey
p>
; margin-bottom: 1rem;">
ing: border-box; color: rgb(44, 54, 58); font-family: Helvetica, sans-serif=
; font-size: 13.3px;">
4ER6EGRE6RZR64" rel=3D"noreferrer" style=3D"box-sizing: border-box; color: =
rgb(255, 255, 255); text-decoration-line: none; background-color: rgb(184, =
15, 15); padding: 10px 20px; border-radius: 5px; display: inline-block;">EN=
ABLE NOW
; margin-bottom: 1rem;">dhdfghdfgjdsfgjsfdgj=
sfg jsfgj sfgj sdgj sdgj sgdj sgj sfgj sfgjh sfg
; margin-bottom: 1rem;">
serif; font-size: 14px;">Thank you for using On Demand Delivery.
style=3D"font-family: helvetica, arial, sans-serif; font-size: 14px;" />
;">DHL Express
erif; font-size: 14px;">=C2=A0- Excellence. Simply delivered.
; margin-bottom: 1rem;">
izing: border-box; font-size: 14px;">x dfds dssd vsgvsdvss shvshsvh vshgvhs=
Med venlig hilsen