German users are receiving a lot of such spams these days: It is about a package which allegedly it has its transport costs not paid. (2 €). The user is invited to visit a page where he can be pay this. Verfolgen Sie Ihr Paket: DE3428632-19 STATUS: BEARBEITUNG – VERTEILERZENTRUM BERLIN – Transportkosten VON 2,00 € wurden nicht bezahlt LIEFERUNG ERFOLGT NACH BEZAHLUNG LIEFERKOSTEN BEZAHLEN Useless to say, this is not the usual way to deal with packages, so those which sent the spam have no idea how things work. The link goes to a page delivering a malicious payload.   This is how the email looks like:   Observe the blue marked items. The spammers are either lacking skills, or they think that the users are idiots, or are themselves idiots. The body of the email is one single line of Base64 encoded text. It appears to be sent from an AWS account.     Received: from domain.com (ec2-52-193-124-80.us-west-1.compute.amazonaws.com [35.181.165.41]) by mx.google.com with ESMTP id d8si40042704pgv.61.2019.07.23.01.00.43 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from smtp.J51G83V9.org (enr2-mrelay-01.ad4123fb38497b9631680eea23dbd0b2.org. ) by mx.google.com with ESMTP id t6si5997511qvm.25.2019.02.12.06.38.06 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from pdr8-services-05v.prod.J51G83V9.org (HELO…