McAfee Phish from Amazon
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 16 Jan 2024 17:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rPt8j-00000000IsO-0wBX
for dave@doctor.nl2k.ab.ca;
Tue, 16 Jan 2024 16:46:41 -0700
Resent-From: The Doctor
Resent-Date: Tue, 16 Jan 2024 16:46:41 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from a48-39.smtp-out.amazonses.com ([54.240.48.39]:40891)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from <0100018d14441d65-c16d5c6f-fa8f-4ead-a4aa-6b4b75faca79-000000@amazonses.com>)
id 1rPrPR-00000000BxZ-3f5n
for root@nk.ca;
Tue, 16 Jan 2024 14:55:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=4oaq3egxkedcnjl7l2xu4fdatwhzsnfu; d=kouchea.com; t=1705442025;
h=From:To:Subject:MIME-Version:Content-Type:Date:Message-ID;
bh=STrLklyCjvwSQJ6MBh2C1Pep2F1nsIYMVhNWkSuQiGI=;
b=d/R8WieXt13Z32qL5DjxdOJv12Ci8yxUxtQfQsCBbZnhlJliTPXJynRcdwblF5ZS
zU35Od1sOUSALprLoBLmLxVumwYG4tI7UgWdj7HySxV6EoNA4QM8Pr7Xu9cJCVjQpFM
SUqUKFwQkAZqSi1zIbTeXGCFCVYIt9AOwwBPx9A4=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1705442025;
h=From:To:Subject:MIME-Version:Content-Type:Date:Message-ID:Feedback-ID;
bh=STrLklyCjvwSQJ6MBh2C1Pep2F1nsIYMVhNWkSuQiGI=;
b=Beic8VY4/NJYraESh3Kgd2WcxAAFBtMRdTvBoVRJAdI1GYGFaYVFboVJNKvcYApq
LqsttJ+uEKpMfVv4zROYPPbdw5Ya3SIwfPTkkNuACiud2LGMz8klIWv1e3LxI+1NEhJ
a3MOWW7TrlVXmi8iaGWVVByfyRiIdEVfaLjR0JpM=
From: "Mcafee.Warning"
To: root@nk.ca
Subject: 03 viruses have been detected on your computer 83.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_----------=_MCPart_512623887"
Date: Tue, 16 Jan 2024 21:53:44 +0000
Unsubscribe:726f6f74406e6b2e6361
Message-ID: <0100018d14441d65-c16d5c6f-fa8f-4ead-a4aa-6b4b75faca79-000000@email.amazonses.com>
Feedback-ID: 1.us-east-1.KU3pPWs9eUplOWjHkyP6yBBPRRQGF3qsYY3YGP5j8cs=:AmazonSES
X-SES-Outgoing: 2024.01.16-54.240.48.39
X-Spam_score: 5.0
X-Spam_score_int: 50
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (5.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[54.240.48.39 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[54.240.48.39 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} 03 viruses have been detected on your computer 83.
--_----------=_MCPart_512623887
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
tE7u>=0A
C56VHKdLAdwl>=0A
d2VwKenJxBuhNYnI5gB2>=0A
Gu Llb3LssCBcOLk89pRHEkrXjLT>=0A
uFGNKEIYCB h2s6Lf55LM89If4tBxXNStkw3>=0A
1Mvg0PrQeyBfileBb8 rqCmqkrNWb3h3FCawircmQDsZ>=0A
vY5lDsBjOUhqFskBUQkogaMbt uUQOxcDtn6MOgqzoH5GRwryHG>=0A
bmjpUfWB dZ9JuHS0z2QbSlbKjuQepAfCK mPhOhlDhUXPDOfvugdGhOPCuU>=0A
kEEros7R6cdrihXq CSgmA1cKoo7qH7AbCSpUP7QRb 0iVh3oZaAq1D1fRYwpWWqoEG9>=0A
Q2EOSNzZHNPHe6yIXEpM0EzN NirNsVtkq733wSAay7evwMi02 RxkuiYCABVlV5BSYvfHVf6Tk=
r>=0A
twYGr9wZx>=0A
MfPLUP820RvWmlKLH>
--_----------=_MCPart_512623887
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Your Subscription has Closed Today.
We have tried many times to warn you, Renew immediately.
Make your device more secure by renewing your subscription to protect your family from ever-evolving threats.
If you have not renewed your membership, your account will be closed within 48 hours.
--_----------=_MCPart_512623887--
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 16 Jan 2024 17:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rPt8j-00000000IsO-0wBX
for dave@doctor.nl2k.ab.ca;
Tue, 16 Jan 2024 16:46:41 -0700
Resent-From: The Doctor
Resent-Date: Tue, 16 Jan 2024 16:46:41 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from a48-39.smtp-out.amazonses.com ([54.240.48.39]:40891)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from <0100018d14441d65-c16d5c6f-fa8f-4ead-a4aa-6b4b75faca79-000000@amazonses.com>)
id 1rPrPR-00000000BxZ-3f5n
for root@nk.ca;
Tue, 16 Jan 2024 14:55:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=4oaq3egxkedcnjl7l2xu4fdatwhzsnfu; d=kouchea.com; t=1705442025;
h=From:To:Subject:MIME-Version:Content-Type:Date:Message-ID;
bh=STrLklyCjvwSQJ6MBh2C1Pep2F1nsIYMVhNWkSuQiGI=;
b=d/R8WieXt13Z32qL5DjxdOJv12Ci8yxUxtQfQsCBbZnhlJliTPXJynRcdwblF5ZS
zU35Od1sOUSALprLoBLmLxVumwYG4tI7UgWdj7HySxV6EoNA4QM8Pr7Xu9cJCVjQpFM
SUqUKFwQkAZqSi1zIbTeXGCFCVYIt9AOwwBPx9A4=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1705442025;
h=From:To:Subject:MIME-Version:Content-Type:Date:Message-ID:Feedback-ID;
bh=STrLklyCjvwSQJ6MBh2C1Pep2F1nsIYMVhNWkSuQiGI=;
b=Beic8VY4/NJYraESh3Kgd2WcxAAFBtMRdTvBoVRJAdI1GYGFaYVFboVJNKvcYApq
LqsttJ+uEKpMfVv4zROYPPbdw5Ya3SIwfPTkkNuACiud2LGMz8klIWv1e3LxI+1NEhJ
a3MOWW7TrlVXmi8iaGWVVByfyRiIdEVfaLjR0JpM=
From: "Mcafee.Warning"
To: root@nk.ca
Subject: 03 viruses have been detected on your computer 83.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_----------=_MCPart_512623887"
Date: Tue, 16 Jan 2024 21:53:44 +0000
Unsubscribe:726f6f74406e6b2e6361
Message-ID: <0100018d14441d65-c16d5c6f-fa8f-4ead-a4aa-6b4b75faca79-000000@email.amazonses.com>
Feedback-ID: 1.us-east-1.KU3pPWs9eUplOWjHkyP6yBBPRRQGF3qsYY3YGP5j8cs=:AmazonSES
X-SES-Outgoing: 2024.01.16-54.240.48.39
X-Spam_score: 5.0
X-Spam_score_int: 50
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (5.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[54.240.48.39 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[54.240.48.39 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} 03 viruses have been detected on your computer 83.
--_----------=_MCPart_512623887
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
tE7u>=0A
C56VHKdLAdwl>=0A
d2VwKenJxBuhNYnI5gB2>=0A
Gu Llb3LssCBcOLk89pRHEkrXjLT>=0A
uFGNKEIYCB h2s6Lf55LM89If4tBxXNStkw3>=0A
1Mvg0PrQeyBfileBb8 rqCmqkrNWb3h3FCawircmQDsZ>=0A
vY5lDsBjOUhqFskBUQkogaMbt uUQOxcDtn6MOgqzoH5GRwryHG>=0A
bmjpUfWB dZ9JuHS0z2QbSlbKjuQepAfCK mPhOhlDhUXPDOfvugdGhOPCuU>=0A
kEEros7R6cdrihXq CSgmA1cKoo7qH7AbCSpUP7QRb 0iVh3oZaAq1D1fRYwpWWqoEG9>=0A
Q2EOSNzZHNPHe6yIXEpM0EzN NirNsVtkq733wSAay7evwMi02 RxkuiYCABVlV5BSYvfHVf6Tk=
r>=0A
twYGr9wZx>=0A
MfPLUP820RvWmlKLH>
--_----------=_MCPart_512623887
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Â
To view this email as a web page, click here
МcΑfee©
Your Subscription has Closed Today.
Â
We have tried many times to warn you, Renew immediately.
Â
Make your device more secure by renewing your subscription to protect your family from ever-evolving threats.
Â
If you have not renewed your membership, your account will be closed within 48 hours.
Â
Account ID: | 27178446 |
User: | root |
Secure Status: | Suspended |
Today Discount: | 90Â % |
Limited Time: | Tue,16 Jan-2024 |
Â
Â
--_----------=_MCPart_512623887--
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments