CRA Phish from OVH
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 03 Apr 2025 16:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1u0TRv-00000000333-2hWb
for dave@doctor.nl2k.ab.ca;
Thu, 03 Apr 2025 16:54:15 -0600
Resent-From: The Doctor
Resent-Date: Thu, 3 Apr 2025 16:54:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [107.150.49.10] (port=60334 helo=webnew.hostgenetics.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.2 (FreeBSD))
(envelope-from
id 1u0RSq-00000000AS5-11Ek
for sales@nk.ca;
Thu, 03 Apr 2025 14:47:12 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=1031taxology.com; s=default; h=Content-Type:Date:Message-ID:Subject:To:From
:Content-Transfer-Encoding:MIME-Version:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=rD2+1Ot/DOniCkuPau4/b+O6j3yS6u9X0EusX95hdRw=; b=YBKASs6WcDTSDg4vpqmzhLH+CR
/MeDx51ifIzck4arahNsjpUWWXsGraqWHMX72oo5+lR/25WmskjEaA11fhTJn3es0obsAc66Jv/oo
0WxD5meZ5UyocOIPSkKozL+8pQhNkkFz55V8HYA3yygBdFZBP7VEJSGCdZsap9G8d+k0WZrL61v2F
ouJKqX76RfmCo46Ncimq6hpdasrhpjr19j3XWbI+Fy4FxdWYzIg5QdOn0fgFdBYDmJEcK/LsHHsbg
C5RRdbqUhfbg3ov6W0dB8NvgWUxNXQaBLQurSWi9IOSuoWyob77BPqVmQFHSRkKTPgyxgn8UTlTac
Az+gv7cw==;
Received: from ip13.ip-51-222-69.net ([51.222.69.13]:51552 helo=[127.0.0.1])
by webnew.hostgenetics.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.1)
(envelope-from
id 1u0RQx-0000000AXG1-3hQz
for sales@nk.ca;
Thu, 03 Apr 2025 13:45:07 -0700
MIME-Version: 1.0
X-Confirm-Reading-To: phelialime@ptct.net
Disposition-Notification-To: phelialime@ptct.net
X-Mailprotector-Decision: deliver
X-Mailer: Node3.38
X-Priority: 1
X-Msmail-Priority: High
Content-Transfer-Encoding: base64
From: "=?UTF-8?B?Q1JBIEFjY291bnQgQ29tbXVuaWNhdGlvbg==?="
To: sales@nk.ca
Subject:
=?UTF-8?B?VGFrZSBBY3Rpb246IFlvdXIgQ1JBIE5vdGlmaWNhdGlvbiBpcyBIZXJl?=
Message-ID: <80e0bd50-556a-f2ac-b4d1-d74ea5bbd619@1031taxology.com>
Date: Thu, 03 Apr 2025 20:45:05 +0000
Content-Type: text/html; charset=utf-8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - webnew.hostgenetics.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 8] / [47 8]
X-AntiAbuse: Sender Address Domain - 1031taxology.com
X-Get-Message-Sender-Via: webnew.hostgenetics.com: authenticated_id: taxology/from_h
X-Authenticated-Sender: webnew.hostgenetics.com: info@1031taxology.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 13.9
X-Spam_score_int: 139
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Canada Revenue Agency Notification English version ** La
version française suit **
Content analysis details: (13.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[51.222.69.13 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
[107.150.49.10 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[107.150.49.10 listed in dnsbl.ahbl.org]
[107.150.49.10 listed in dnsbl.ahbl.org]
[107.150.49.10 listed in dnsbl.ahbl.org]
[107.150.49.10 listed in dnsbl.ahbl.org]
[51.222.69.13 listed in dnsbl.ahbl.org]
[51.222.69.13 listed in dnsbl.ahbl.org]
[51.222.69.13 listed in dnsbl.ahbl.org]
[51.222.69.13 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[107.150.49.10 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[107.150.49.10 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[107.150.49.10 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[107.150.49.10 listed in dnsbl.ahbl.org]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[107.150.49.10 listed in bb.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Subject: {SPAM?}
=?UTF-8?B?VGFrZSBBY3Rpb246IFlvdXIgQ1JBIE5vdGlmaWNhdGlvbiBpcyBIZXJl?=
CjwhRE9DVFlQRSBodG1sPgo8aHRtbCBsYW5nPSJlbiI+CjxoZWFkPgogICAgPG1ldGEgY2hhcnNl
dD0iVVRGLTgiPgogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmlj
ZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPgogICAgPHRpdGxlPkNhbmFkYSBSZXZlbnVlIEFn
ZW5jeSBOb3RpZmljYXRpb248L3RpdGxlPgogICAgPHN0eWxlPgogICAgICAgIGJvZHkgewogICAg
ICAgICAgICBmb250LWZhbWlseTogUm9ib3RvLCBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNlcmlm
OwogICAgICAgICAgICBjb2xvcjogIzRkNGQ0ZDsKICAgICAgICAgICAgbWFyZ2luOiAwOwogICAg
ICAgICAgICBwYWRkaW5nOiAwOwogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZm
OwogICAgICAgIH0KICAgICAgICAuY29udGFpbmVyIHsKICAgICAgICAgICAgcGFkZGluZzogMjBw
eDsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgIH0KICAgICAgICAuaGVh
ZGVyIGltZyB7CiAgICAgICAgICAgIG1heC13aWR0aDogMjAwcHg7CiAgICAgICAgICAgIGhlaWdo
dDogYXV0bzsKICAgICAgICB9CiAgICAgICAgLmNvbnRlbnQgewogICAgICAgICAgICBmb250LXNp
emU6IDE0cHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjU7CiAgICAgICAgICAgIHRleHQt
YWxpZ246IGxlZnQ7CiAgICAgICAgfQogICAgICAgIC5mb290ZXIgewogICAgICAgICAgICBib3Jk
ZXItdG9wOiAxcHggc29saWQgI2RkZDsKICAgICAgICAgICAgcGFkZGluZy10b3A6IDIwcHg7CiAg
ICAgICAgfQogICAgICAgIGEgewogICAgICAgICAgICBjb2xvcjogIzAwN2JmZjsKICAgICAgICAg
ICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICAgICAgIH0KICAgICAgICBhOmhvdmVyIHsKICAg
ICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7CiAgICAgICAgfQogICAgPC9zdHls
ZT4KPC9oZWFkPgo8Ym9keT4KICAgIDxkaXYgY2xhc3M9ImNvbnRhaW5lciI+CiAgICAgICAgPGRp
diBjbGFzcz0iaGVhZGVyIj4KICAgICAgICAgICAgPGltZyBzcmM9Imh0dHBzOi8vd3d3LmNhbmFk
YS5jYS9ldGMvZGVzaWducy9jYW5hZGEvd2V0LWJvZXcvYXNzZXRzL3NpZy1ibGstZW4uc3ZnIiBh
bHQ9IkNhbmFkYSBSZXZlbnVlIEFnZW5jeSBMb2dvIj4KICAgICAgICA8L2Rpdj4KICAgICAgICA8
ZGl2IGNsYXNzPSJjb250ZW50Ij4KICAgICAgICAgICAgPHAgc3R5bGU9ImZvbnQtd2VpZ2h0OiBi
b2xkOyBjb2xvcjogYmx1ZTsiPkVuZ2xpc2ggdmVyc2lvbiAqKiogTGEgdmVyc2lvbiBmcmFuw6dh
aXNlIHN1aXQgKioqPC9wPgogICAgICAgICAgICA8cD5EZWFyIEN1c3RvbWVyLDwvcD4KICAgICAg
ICAgICAgPHA+VGhlIDxzdHJvbmc+Q2FuYWRhIFJldmVudWUgQWdlbmN5IChDUkEpPC9zdHJvbmc+
IGhhcyBzZW50IHlvdSBuZXcgbWFpbCBvbmxpbmUgdGl0bGVkOjwvcD4KICAgICAgICAgICAgPHAg
c3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkOyI+Tm90aWNlIG9mIEFzc2Vzc21lbnQ8L3A+CiAgICAg
ICAgICAgIDxwPlRoaXMgbWFpbCBtYXkgcmVxdWlyZSB5b3VyIGF0dGVudGlvbi4gQSByZWZ1bmQg
aGFzIGJlZW4gaXNzdWVkIG9uIHlvdXIgc3RhdGVtZW50LiBQbGVhc2UgY2hlY2sgeW91ciBhY2Nv
dW50IHRvIGZpbmQgeW91ciBtb25leS48L3A+CiAgICAgICAgICAgIDxwPjxhIGhyZWY9Imh0dHA6
Ly9tb3J0Z2FnZWJvc3MuY2EvbGluay5hc3B4P2NsPTk2MCZsPTU2NDgmYz0xMzA5NTU0NSZjYz04
NjM2JnVybD1odHRwczovL3NlY3VyZWJhY2t1cC5teS9lcnIwci9jcmEtdXBkYXRlIj5BY2Nlc3Mg
TXkgQWNjb3VudCBIZXJlPC9hPjwvcD4KICAgICAgICAgICAgPHA+SWYgeW91IHNpZ25lZCB1cCB0
byByZWNlaXZlIG1haWwgb25saW5lIGJ1dCBkb24ndCBoYXZlIE15IEFjY291bnQsIHBsZWFzZSB2
aXNpdCB0aGUgQ1JBIHdlYiBwYWdlIHRvIHJlZ2lzdGVyLjwvcD4KICAgICAgICAgICAgPHA+VGhp
cyBpcyBhbiBhdXRvbWF0ZWQgZW1haWwgbWVzc2FnZS4gUGxlYXNlIGRvIG5vdCByZXBseS48L3A+
CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0iZm9vdGVyIj4KICAgICAgICAgICAg
PHAgc3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkOyBjb2xvcjogYmx1ZTsiPlZlcnNpb24gZnJhbsOn
YWlzZSAqKiogVGhlIEVuZ2xpc2ggdmVyc2lvbiBwcmVjZWRlcyAqKio8L3A+CiAgICAgICAgICAg
IDxwPkNoZXIvQ2jDqHJlIENsaWVudCw8L3A+CiAgICAgICAgICAgIDxwPkwnQWdlbmNlIGR1IHJl
dmVudSBkdSA8c3Ryb25nPkNhbmFkYSAoQVJDKTwvc3Ryb25nPiB2b3VzIGEgZW52b3nDqSBkdSBu
b3V2ZWF1IGNvdXJyaWVyIGVuIGxpZ25lIGludGl0dWzDqSA6PC9wPgogICAgICAgICAgICA8cCBz
dHlsZT0iZm9udC13ZWlnaHQ6IGJvbGQ7Ij5BdmlzIGRlIGNvdGlzYXRpb248L3A+CiAgICAgICAg
ICAgIDxwPkNlIGNvdXJyaWVyIHBldXQgbsOpY2Vzc2l0ZXIgdm90cmUgYXR0ZW50aW9uLiBVbiBy
ZW1ib3Vyc2VtZW50IGEgw6l0w6kgZWZmZWN0dcOpIHN1ciB2b3RyZSByZWxldsOpLiBWZXVpbGxl
eiB2w6lyaWZpZXIgdm90cmUgY29tcHRlIGV0IHJldHJvdXZlciB2b3RyZSBhcmdlbnQuPC9wPgog
ICAgICAgICAgICA8cD48YSBocmVmPSJ7TElOS30iPkFjY8OpZGVyIMOgIE1vbiBkb3NzaWVyIGlj
aTwvYT48L3A+CiAgICAgICAgICAgIDxwPlNpIHZvdXMgw6p0ZXMgaW5zY3JpdCDDoCBNb24gZG9z
c2llciwgb3V2cmV6IHVuZSBzZXNzaW9uIGV0IGNsaXF1ZXogc3VyIMKrIENvdXJyaWVyIMK7IHBv
dXIgbGlyZSB2b3RyZSBjb3Vycmllci48L3A+CiAgICAgICAgICAgIDxwPkNlY2kgZXN0IHVuIG1l
c3NhZ2Ugw6lsZWN0cm9uaXF1ZSBhdXRvbWF0aXPDqS4gVmV1aWxsZXogbmUgcGFzIHkgcsOpcG9u
ZHJlLjwvcD4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2JvZHk+CjwvaHRtbD4K