DHL Phish
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 Apr 2024 07:24:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s1Qyp-000000006kp-3Xa9
for dave@doctor.nl2k.ab.ca;
Mon, 29 Apr 2024 07:23:39 -0600
Resent-From: The Doctor
Resent-Date: Mon, 29 Apr 2024 07:23:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-10613980.us-midwest-2.nxcli.net ([199.189.225.34]:55042 helo=cloudhost-11099524.us-midwest-2.nxcli.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s1MZm-00000000NJT-02Is
for doctor@doctor.nl2k.ab.ca;
Mon, 29 Apr 2024 02:41:35 -0600
Received: (qmail 22521 invoked by uid 10093); 29 Apr 2024 08:37:44 +0000
Date: 29 Apr 2024 08:37:44 +0000
Message-ID: <20240429083744.22514.qmail@cloudhost-11099524.us-midwest-2.nxcli.net>
To: doctor@doctor.nl2k.ab.ca
Subject: Update: Shipping Status - CN - 20585915 - Monday, April 29, 2024 - Your shipment is in customs clearance.
X-PHP-Originating-Script: 10093:wp-admin.php
MIME-Version: 1.0
Content-type: text/html; charset=UTF-8
From: Express Package Shipping
X-Spam_score: 7.6
X-Spam_score_int: 76
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Outstanding Delivery Important Notice: Outstanding Delivery
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[199.189.225.34 listed in dnsbl.ahbl.org]
[199.189.225.34 listed in dnsbl.ahbl.org]
[199.189.225.34 listed in dnsbl.ahbl.org]
[199.189.225.34 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[199.189.225.34 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[199.189.225.34 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[199.189.225.34 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[199.189.225.34 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
[199.189.225.34 listed in will-spam-for-food.eu.org]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[199.189.225.34 listed in ix.dnsbl.manitu.net]
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} Update: Shipping Status - CN - 20585915 - Monday, April 29, 2024 - Your shipment is in customs clearance.
Dear Customer,
We would like to urgently inform you that your shipment cannot be delivered at the moment. It is currently in the processing stage and will be dispatched to you shortly.
Please note that there has been an unexpected delay. We sincerely apologize for any inconvenience caused and thank you for your understanding and patience.
Check Shipment Status >>>
Delivery Time | A new delivery date will be updated |
---|---|
Amount Due | EUR 1.85 (One Euro and Eighty-Five Cents) or the equivalent amount in your local currency |
Note: We are making every effort to deliver your shipment as quickly as possible. Please check the shipment status regularly for further updates.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments