More DHL Phish from Amazon
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 01 May 2022 05:03:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nl7LT-000J9o-TR
for dave@doctor.nl2k.ab.ca;
Sun, 01 May 2022 05:02:32 -0600
Resent-From: The Doctor
Resent-Date: Sun, 1 May 2022 05:02:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ec2-35-72-201-243.ap-northeast-1.compute.amazonaws.com ([35.72.201.243]:41808 helo=multiweb.sdpi)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1nkyaD-000A0r-H0
for doctor@doctor.nl2k.ab.ca;
Sat, 30 Apr 2022 19:41:15 -0600
Received: by multiweb.sdpi (Postfix, from userid 48)
id 8CE85A3E672; Sun, 1 May 2022 10:39:13 +0900 (JST)
To: doctor@doctor.nl2k.ab.ca
Subject: =?UTF-8?B?Q29uZmlybWF0aW9uIDog4pyU77iPIEFib3V0IFlvdXIgUGFyY2Vs?=
X-PHP-Originating-Script: 48:Mailer8768790324SQDSQDSSQDSSQDSQDDSQDSQDSD.php
From: =?UTF-8?B?REhMIC0gT25saW5l?=
MIME-Version: 1.0;
Content-type: multipart/mixed; boundary="--Ib5IqT4BMN"
Message-Id: <20220501013913.8CE85A3E672@multiweb.sdpi>
Date: Sun, 1 May 2022 10:39:13 +0900 (JST)
X-Spam_score: 8.9
X-Spam_score_int: 89
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Your package is waiting for delivery. We inform you that
your shipment No. 4549652700 is still awaiting instructions from you.
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[35.72.201.243 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: iarr.online (online)]
0.0 T_TVD_MIME_NO_HEADERS BODY: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
3.5 BOGUS_MIME_VERSION Mime version header is bogus
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?UTF-8?B?Q29uZmlybWF0aW9uIDog4pyU77iPIEFib3V0IFlvdXIgUGFyY2Vs?=
----Ib5IqT4BMN
Content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
----Ib5IqT4BMN
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 01 May 2022 05:03:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1nl7LT-000J9o-TR
for dave@doctor.nl2k.ab.ca;
Sun, 01 May 2022 05:02:32 -0600
Resent-From: The Doctor
Resent-Date: Sun, 1 May 2022 05:02:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ec2-35-72-201-243.ap-northeast-1.compute.amazonaws.com ([35.72.201.243]:41808 helo=multiweb.sdpi)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1nkyaD-000A0r-H0
for doctor@doctor.nl2k.ab.ca;
Sat, 30 Apr 2022 19:41:15 -0600
Received: by multiweb.sdpi (Postfix, from userid 48)
id 8CE85A3E672; Sun, 1 May 2022 10:39:13 +0900 (JST)
To: doctor@doctor.nl2k.ab.ca
Subject: =?UTF-8?B?Q29uZmlybWF0aW9uIDog4pyU77iPIEFib3V0IFlvdXIgUGFyY2Vs?=
X-PHP-Originating-Script: 48:Mailer8768790324SQDSQDSSQDSSQDSQDDSQDSQDSD.php
From: =?UTF-8?B?REhMIC0gT25saW5l?=
MIME-Version: 1.0;
Content-type: multipart/mixed; boundary="--Ib5IqT4BMN"
Message-Id: <20220501013913.8CE85A3E672@multiweb.sdpi>
Date: Sun, 1 May 2022 10:39:13 +0900 (JST)
X-Spam_score: 8.9
X-Spam_score_int: 89
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DHL Your package is waiting for delivery. We inform you that
your shipment No. 4549652700 is still awaiting instructions from you.
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[35.72.201.243 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: iarr.online (online)]
0.0 T_TVD_MIME_NO_HEADERS BODY: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
3.5 BOGUS_MIME_VERSION Mime version header is bogus
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?UTF-8?B?Q29uZmlybWF0aW9uIDog4pyU77iPIEFib3V0IFlvdXIgUGFyY2Vs?=
----Ib5IqT4BMN
Content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
DHL Your package is waiting for delivery.
We inform you that your shipment No. 4549652700 is still awaiting instructions from you. You have to pay the additional shipping fees to ship your parcel as soon as possible.
|
Sincerely, |
Thank you for your confidence. |
Plus, limited time offer: All sleepwear on sale | Hurry, shop now
‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
|
----Ib5IqT4BMN
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments