McAfee Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: aboo@nk.ca
Delivery-date: Tue, 23 Apr 2024 08:18:00 -0600
Received: from abi148ace127.hyd1.oracleemaildelivery.com ([129.148.135.127]:42567)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rzGxr-000000009l6-4AdA
for aboo@nk.ca;
Tue, 23 Apr 2024 08:17:55 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oracle-ap-hyderabad-1-20231118;
d=aqi.in;
h=Date:To:From:Subject:Message-Id:MIME-Version:Sender;
bh=lLkkp0uhHXQyf7VE5/b9tUOfxqPQPx95d3cmb5ZOCOU=;
b=h2FfQYGWAGg2eY9nlbGlfwqzBdMzulJMxRREwnkz8KEC9nerYxbbK80mbJEJHQ06GBFsAVphJH5q
TDJw+RJY925WX1cYkLlVeZq++/W0wu7SIfeWzSqB2kSubMW5IXW4nKeryBw+j1mcyIyApKT+TKjX
xfwydXVj5Ka8RiHRgGCqndmJ7D+h+qIauSHkLGsk9qD9Xz29GaIyqFxP9v3o0v7MqTc+eeMFYD1D
DDuRDUKUczm2S9A8ZOQmt22d0ck9sScbaoDzqZwhP0Pte+MCdZD2I0iAyCop6WxQLSNtQYRAkGrS
qZmQx0p8DqgHsriNL/vTTKeaZSU64tEfJwxxDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-hyd-20200513;
d=hyd1.rp.oracleemaildelivery.com;
h=Date:To:From:Subject:Message-Id:MIME-Version:Sender;
bh=lLkkp0uhHXQyf7VE5/b9tUOfxqPQPx95d3cmb5ZOCOU=;
b=DLVsytQfaQvs8eeRuG8tWd30PYnlEKUCrMSVvasJ5juKI/SI9cABGqC9UOguioUZM1KkcIgWEZs+
mgYk9g3kHpiEr/jNP/M3F4maiGpvWjOYXIcpVpxJbupz4JeJz7CtNGUlUYNCUjCkefz6INRTuwmR
bxI486XVLCvYExbxpX0M5A5jHwSxZNnCw00JQWHVOhlvGfFDRG9ZgIoEzFoRnmObj5aziBRx8x4b
zewCy567CgSRRhbbTXqGs+/aS5STuTdT+nqnqh+UY9M6onEvbkxS5mBY3k67XY6gHiOdP/2c42n2
+ufiRS3wWGlJFuqtymuW7IvYujXsFcZsVylzzw==
MIME-version: 1.0
Content-type: multipart/alternative;
boundary="Boundary_(ID_dpLLPmw45Weymx846Mb8ff)"
Received: by omta-ad1-fd3-402-ap-hyderabad-1.omtaad1.vcndphyd.oraclevcn.com
(Oracle Communications Messaging Server 8.1.0.1.20240215 64bit (built Feb 15
2024))
with ESMTPS id <0SCE004A5FLZRT10@omta-ad1-fd3-402-ap-hyderabad-1.omtaad1.vcndphyd.oraclevcn.com>
for aboo@nk.ca; Tue, 23 Apr 2024 14:15:35 +0000 (GMT)
Message-id:
<0SCE00H2VFL9MML0@rmta-ad1-fd1-401-ap-hyderabad-1.rmtaad1.vcndphyd.oraclevcn.com>
From: "McafeeSecure."
To: aboo@nk.ca
Subject: =?UTF-8?B?VGlja2V0IEZvciBUaGUgU2VjdXJpdHkgTm90aWNlIE7CsA==?=
Date: Tue, 23 Apr 2024 10:15:07 -0400
Reporting-Meta:
AAGjrFte0BeNfFW0PtpcDm6C24BBg9RlkZxRh60RKSmFZIbkuPhcjTzgDSEeK4f+
7eGKTlGmpmTi1URHGMuN5hhpI3h5BBlnlUTq01usH8lbvvdC4O0D3B7kTmSQSdBh
M8r3cqFS500ZruWCxACLWsEgUHeXbK4Vb3WAyKq7eDSD9Aheh8yRQud14Wn5UMK4
ahsruujMLLs6KDBv+EhOwYOq02VDlx+2uAnUn+woVklUIlz7S9ouvhiIRofIPxIf
GNtXgqOtbz9VUfjiy2Eo3dG6vhbQ8ODjGGkRWZJuYRJV/s4JDWwpWuEIaz/bFHvu
nVNK7WHth5FxkS1gJuP/K171Ihy4lBqVRTa9+JNVvqz2UfwTtdxvlcob4hnDpam3
NuzplAYNf9yhv/wX25Gthk1At+vFMKO8AsY9papy/7V29SfJi1rySqp6P/9T89/O
/fme1byALENQv/0aGuPMRkhNd9e5gN/aN/ytcZ4FwqWa
Unsubscribe: 61626f6f406e6b2e6361
X-Spam_score: 10.0
X-Spam_score_int: 100
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[129.148.135.127 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 FROM_WSP_TRAIL Trailing whitespace before '>' in From header field
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.1 TW_IV BODY: Odd Letter Triples with IV
0.1 TW_VC BODY: Odd Letter Triples with VC
1.0 EXCUSE_3 BODY: No description available.
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
Subject: {SPAM?} =?UTF-8?B?VGlja2V0IEZvciBUaGUgU2VjdXJpdHkgTm90aWNlIE7CsA==?=
X-Antivirus: AVG (VPS 240423-2, 4/23/2024), Inbound message
X-Antivirus-Status: Clean
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)
Content-type: text/html; charset=utf-8
Content-transfer-encoding: 8BIT
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)--
Envelope-to: aboo@nk.ca
Delivery-date: Tue, 23 Apr 2024 08:18:00 -0600
Received: from abi148ace127.hyd1.oracleemaildelivery.com ([129.148.135.127]:42567)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rzGxr-000000009l6-4AdA
for aboo@nk.ca;
Tue, 23 Apr 2024 08:17:55 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oracle-ap-hyderabad-1-20231118;
d=aqi.in;
h=Date:To:From:Subject:Message-Id:MIME-Version:Sender;
bh=lLkkp0uhHXQyf7VE5/b9tUOfxqPQPx95d3cmb5ZOCOU=;
b=h2FfQYGWAGg2eY9nlbGlfwqzBdMzulJMxRREwnkz8KEC9nerYxbbK80mbJEJHQ06GBFsAVphJH5q
TDJw+RJY925WX1cYkLlVeZq++/W0wu7SIfeWzSqB2kSubMW5IXW4nKeryBw+j1mcyIyApKT+TKjX
xfwydXVj5Ka8RiHRgGCqndmJ7D+h+qIauSHkLGsk9qD9Xz29GaIyqFxP9v3o0v7MqTc+eeMFYD1D
DDuRDUKUczm2S9A8ZOQmt22d0ck9sScbaoDzqZwhP0Pte+MCdZD2I0iAyCop6WxQLSNtQYRAkGrS
qZmQx0p8DqgHsriNL/vTTKeaZSU64tEfJwxxDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-hyd-20200513;
d=hyd1.rp.oracleemaildelivery.com;
h=Date:To:From:Subject:Message-Id:MIME-Version:Sender;
bh=lLkkp0uhHXQyf7VE5/b9tUOfxqPQPx95d3cmb5ZOCOU=;
b=DLVsytQfaQvs8eeRuG8tWd30PYnlEKUCrMSVvasJ5juKI/SI9cABGqC9UOguioUZM1KkcIgWEZs+
mgYk9g3kHpiEr/jNP/M3F4maiGpvWjOYXIcpVpxJbupz4JeJz7CtNGUlUYNCUjCkefz6INRTuwmR
bxI486XVLCvYExbxpX0M5A5jHwSxZNnCw00JQWHVOhlvGfFDRG9ZgIoEzFoRnmObj5aziBRx8x4b
zewCy567CgSRRhbbTXqGs+/aS5STuTdT+nqnqh+UY9M6onEvbkxS5mBY3k67XY6gHiOdP/2c42n2
+ufiRS3wWGlJFuqtymuW7IvYujXsFcZsVylzzw==
MIME-version: 1.0
Content-type: multipart/alternative;
boundary="Boundary_(ID_dpLLPmw45Weymx846Mb8ff)"
Received: by omta-ad1-fd3-402-ap-hyderabad-1.omtaad1.vcndphyd.oraclevcn.com
(Oracle Communications Messaging Server 8.1.0.1.20240215 64bit (built Feb 15
2024))
with ESMTPS id <0SCE004A5FLZRT10@omta-ad1-fd3-402-ap-hyderabad-1.omtaad1.vcndphyd.oraclevcn.com>
for aboo@nk.ca; Tue, 23 Apr 2024 14:15:35 +0000 (GMT)
Message-id:
<0SCE00H2VFL9MML0@rmta-ad1-fd1-401-ap-hyderabad-1.rmtaad1.vcndphyd.oraclevcn.com>
From: "McafeeSecure."
To: aboo@nk.ca
Subject: =?UTF-8?B?VGlja2V0IEZvciBUaGUgU2VjdXJpdHkgTm90aWNlIE7CsA==?=
Date: Tue, 23 Apr 2024 10:15:07 -0400
Reporting-Meta:
AAGjrFte0BeNfFW0PtpcDm6C24BBg9RlkZxRh60RKSmFZIbkuPhcjTzgDSEeK4f+
7eGKTlGmpmTi1URHGMuN5hhpI3h5BBlnlUTq01usH8lbvvdC4O0D3B7kTmSQSdBh
M8r3cqFS500ZruWCxACLWsEgUHeXbK4Vb3WAyKq7eDSD9Aheh8yRQud14Wn5UMK4
ahsruujMLLs6KDBv+EhOwYOq02VDlx+2uAnUn+woVklUIlz7S9ouvhiIRofIPxIf
GNtXgqOtbz9VUfjiy2Eo3dG6vhbQ8ODjGGkRWZJuYRJV/s4JDWwpWuEIaz/bFHvu
nVNK7WHth5FxkS1gJuP/K171Ihy4lBqVRTa9+JNVvqz2UfwTtdxvlcob4hnDpam3
NuzplAYNf9yhv/wX25Gthk1At+vFMKO8AsY9papy/7V29SfJi1rySqp6P/9T89/O
/fme1byALENQv/0aGuPMRkhNd9e5gN/aN/ytcZ4FwqWa
Unsubscribe: 61626f6f406e6b2e6361
X-Spam_score: 10.0
X-Spam_score_int: 100
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
[129.148.135.127 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[129.148.135.127 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
[129.148.135.127 listed in will-spam-for-food.eu.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[129.148.135.127 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 FROM_WSP_TRAIL Trailing whitespace before '>' in From header field
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.1 TW_IV BODY: Odd Letter Triples with IV
0.1 TW_VC BODY: Odd Letter Triples with VC
1.0 EXCUSE_3 BODY: No description available.
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
Subject: {SPAM?} =?UTF-8?B?VGlja2V0IEZvciBUaGUgU2VjdXJpdHkgTm90aWNlIE7CsA==?=
X-Antivirus: AVG (VPS 240423-2, 4/23/2024), Inbound message
X-Antivirus-Status: Clean
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)
Content-type: text/html; charset=utf-8
Content-transfer-encoding: 8BIT
|
To be removed from receiving future emails, href="https://email.jitomatrimony.in/tl/cws/eyJpdiI6ImVIZThGeEsxYmV0VU1nSmFTSjNwNmc9PSIsInZhbHVlIjoiVW1TSG53WnY1bTdDVHVvTWYvWDV0QnlEWmU4MEk4TElZNGpNbjQwd1BYd0RmMUhNdkJDa2pYNWZGOUN2ckFEdmVJSnFVczBrbzh2dUhSbFpJblFZZnVxd3Y3MFloRGpVWTJuNGhSbUp2UVc5bVlWMUVNMCtDWEg1SzVRY25KTTciLCJtYWMiOiI3NjcwNTY1MzIzYWUyNmM2NGJmYzQ3YmM3ZGNjOWM5YzViNWMzMGM2ZGEyZDEwODFhM2U1ZDgyN2YyYTU2NWQ2IiwidGFnIjoiIn0,#offer/00170/120/aucij/1ume/41/77" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" class="x_advertiser_unsub" title="Unsubscribe here" data-linkindex="6" data-ogsc="" style="border: 0px; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline; text-decoration: underline;">Unsubscribe here.< /span> |
Update Profile or Unsubscribe Contact us at 792 Benson Street, Eau Claire, WI, Wisconsin, 54701 |
--Boundary_(ID_dpLLPmw45Weymx846Mb8ff)--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments