UPS Phish from sendgirid

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 12 Jul 2024 12:04:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sSKcM-00000000K27-1Hnp

for dave@doctor.nl2k.ab.ca;

Fri, 12 Jul 2024 12:03:38 -0600

Resent-From: The Doctor

Resent-Date: Fri, 12 Jul 2024 12:03:38 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.xtrwkqxb.outbound-mail.sendgrid.net ([167.89.20.171]:46256)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sSJYJ-00000000Ajh-2SKK

for root@doctor.nl2k.ab.ca;

Fri, 12 Jul 2024 10:55:28 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alaiko.com;

h=from:subject:mime-version:to:content-type:content-transfer-encoding:

cc:content-type:from:subject:to;

s=s1; bh=IohHthZW/V7t9BE7s9uVCbLancy60mgqSh7/rwmEdmU=;

b=fm6tTRlZMIeaS0YlglErCSxD/qKKDpeMdHxmZC004Qvf11rBatKupGGQKVW1BAxdN6To

rZLarRneP4raeJDPYbEXGAkSWLAaVXm54sXyO/1R/dqFyj9e/Vw87vvI/bBG5Dbp2Gd0zA

nzKeBKD8RADNSlkWetRoQ2lb3b05CvEqJPOcajHDPuI5OufeuF4+jtmAtdAhvm6MBLZLwb

vA4sgzrHS+2Bw2G+Djt0YzB5FqC+FGrEpP9NmzrXh0Wgsn4lOW1WG3WDpVMBaJiwws8K4O

YlbM/qJHcoZpm61CcogT2KBXnyWEvFnhXPAnaFT9j5JNs6MYkhmIXBqfDA5wAUIw==

Received: by recvd-957c9746c-497fb with SMTP id recvd-957c9746c-497fb-1-66915F87-62

2024-07-12 16:53:27.721254766 +0000 UTC m=+1295698.830390748

Received: from [127.0.0.1] (unknown)

by geopod-ismtpd-1 (SG) with ESMTP

id I5CfLyq-RU6GaAGOmPv04A

for ;

Fri, 12 Jul 2024 16:53:27.633 +0000 (UTC)

From: UPS

Subject: Deine Bestellung wird verschickt

Message-ID: <4eff83c43ec9100bc44b89eac120134d@alaiko.com>

MIME-Version: 1.0

Date: Fri, 12 Jul 2024 16:53:27 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2EGdr5us7BlGEJ8PGTF6wYXjwdNl5thnWRxqZdU9k+za1lIp1qXfuFLgtYP?=

=?us-ascii?Q?fdvzU9vKpwUPm1oTMN8XrnGjIPwnDZJFrm4zjb0?=

=?us-ascii?Q?cxcq8D5f2RXhILJKae6L2GqwRAcERdUoCtKnWXV?=

=?us-ascii?Q?uXb+8EzklJShYshX9twidQwlSx5jdwtTJlCR4il?=

=?us-ascii?Q?mmEYkrCXvAfkr7lKanJ4H5Sph7o5AzyiscVlqpl?=

=?us-ascii?Q?b26Ex5W7Srs7MMdfQSsidk=3D?=

To: root@doctor.nl2k.ab.ca

X-Entity-ID: u001.XGAkTjREh7iNWAYmSHQEKA==

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 20.8

X-Spam_score_int: 208

X-Spam_bar: ++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear customer, We regret to inform you that due to an incorrect

shipping address,



Content analysis details: (20.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[167.89.20.171 listed in dnsbl.ahbl.org]

[167.89.20.171 listed in dnsbl.ahbl.org]

[167.89.20.171 listed in dnsbl.ahbl.org]

[167.89.20.171 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[167.89.20.171 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[167.89.20.171 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[167.89.20.171 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[167.89.20.171 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

[167.89.20.171 listed in will-spam-for-food.eu.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[167.89.20.171 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

Subject: {SPAM?} Deine Bestellung wird verschickt
















-asian: inherit; font-variant-alternates: inherit; font-variant-position: i=

nherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-=

family: "Segoe UI", "Segoe UI Web (West European)", &qu=

ot;Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helveti=

ca Neue", sans-serif; font-optical-sizing: inherit; font-kerning: inhe=

rit; font-feature-settings: inherit; font-variation-settings: inherit; marg=

in: 0px; padding: 0px; vertical-align: baseline; color: rgb(36, 36, 36); ba=

ckground-color: rgb(255, 255, 255);">3D""
.net/up/22/37/z5sc.png" style=3D"width: 200px; height: 113px;" />





-asian: inherit; font-variant-alternates: inherit; font-variant-position: i=

nherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-=

family: "Segoe UI", "Segoe UI Web (West European)", &qu=

ot;Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helveti=

ca Neue", sans-serif; font-optical-sizing: inherit; font-kerning: inhe=

rit; font-feature-settings: inherit; font-variation-settings: inherit; marg=

in: 0px; padding: 0px; vertical-align: baseline; color: rgb(36, 36, 36); ba=

ckground-color: rgb(255, 255, 255);">
if;">Dear customer,





-asian: inherit; font-variant-alternates: inherit; font-variant-position: i=

nherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-=

family: "Segoe UI", "Segoe UI Web (West European)", &qu=

ot;Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helveti=

ca Neue", sans-serif; font-optical-sizing: inherit; font-kerning: inhe=

rit; font-feature-settings: inherit; font-variation-settings: inherit; marg=

in: 0px; padding: 0px; vertical-align: baseline; color: rgb(36, 36, 36); ba=

ckground-color: rgb(255, 255, 255);">

We regret to inform you that =

due to an incorrect shipping address,





Your package number #
yle=3D"font-family:arial,helvetica,sans-serif;">3543540

=3D"font-family:arial,helvetica,sans-serif;">
is waiting to be proce=

ssed at our facility.





To ensure on-time delivery, w=

e ask that you update your shipping address as soon as possible using the s=

ecure link below:






VJOq6p2d6-2FJyioXBntlkkprxOetBDy-2Fqyyk4vUAwY8-2Bq0bT-2BLbCmbElSEiCB4kV3EUO=

5U3jmmEVXC8xZIjmAd1pCIsfTL9ia7kcW5bbebHGdv4G-2FWFQlTPn_DSy21Lsls7pYbx4vputm=

gQCW99fw6OQgAkUuuBmL-2FlOMWwOFSt1qhIkKBho7Jhr4pS01lj3nEB0B9LLcVE-2FQyNjJA4W=

ApowSuqL-2BNFb6Mfth51bVYJxMDQZDJzmQYczUh90HX1bMkDgilri-2FLGNswCoChy7b4LuftL=

kTVyiT8B9X1tV-2Fls7r9rI7FWJ5mcCR3rZJLBNrsGnwuCyfXuALAw-3D-3D">
=3D"font-family:georgia,serif;">update my address





 






;">Once your shipping address is updated, we will process your package and =

provide you with all associated tracking information.






;">If you have any questions or problems with your package, please don'=

t hesitate to contact us.






;">Thank you for choosing our service.






;">yours sincerely,








=

©2024 U=

PS. The content of this message is protected by copyright and trademark law=

s under United States and international laws.






uVVbhb04EJe-2FJwi1P6AwsUbQsx-2FUNl9i3z0nTJvFWJG1LA0rmhxO3NZmEEZBf-2B6dk-2BT=

xYuO8eIjeOrVgozyKjgmW6YJNZ4GCyrT-2FQPi4n0uYdgeeqyZtaM8ajWEgLCfO8EBKU1YpAfbv=

uTVBqlWfGZVD5kv-2B-2B5Db9V3Q1bMVdiihVzpjxScEP-2B5SW7QGCAU5laehNQ-3D-3D" alt=

=3D"" width=3D"1" height=3D"1" border=3D"0" style=3D"height:1px !important;=

width:1px !important;border-width:0 !important;margin-top:0 !important;marg=

in-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;p=

adding-top:0 !important;padding-bottom:0 !important;padding-right:0 !import=

ant;padding-left:0 !important;"/>

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5