Instagram followers spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 22 Apr 2024 12:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1ryy7R-000000004KM-1Itq
for dave@doctor.nl2k.ab.ca;
Mon, 22 Apr 2024 12:10:21 -0600
Resent-From: The Doctor
Resent-Date: Mon, 22 Apr 2024 12:10:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-io1-f71.google.com ([209.85.166.71]:52247)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from <3ZIcmZg0JBUUklupyvz1mhkvtnthps.jvtzhslzur.jh@maestro.bounces.google.com>)
id 1ryvyY-00000000AIi-2dU0
for sales@nk.ca;
Mon, 22 Apr 2024 09:53:06 -0600
Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7da41c44da7so487308439f.0
for; Mon, 22 Apr 2024 08:51:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1713801060; x=1714405860; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;
b=Je+k1uhL5atcZ1nhF6sLPsAVr4j36JJHlSgUXQ3RrMTb/a91455OMdimkGd5RdZdET
2xhpJGqrFwUGl1TQ3LKHCPWd3LiqQp29LSydHH3ubJwkGkS0BaVg8CEHZR5ggkAYtM9P
IB6CsF23wyDghO7XQ46v7y927H0FeifPe921NlZyR7kcmld70p4WyqgI5GWCzeVJTaOf
hBeJH2PGe6u3OAhE/3MtTcxrvulnrcUO0BlUM+ix0ljp3zDPTnBxA7sc91k7bi8TBJV8
4+UEieCYfN40wgAiwkt3bX6kfcFF4XZaQA/ESxp/rc1BTSnNb2BWpIBMvg1sa2JvrZ+4
HXxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1713801060; x=1714405860;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;
b=CYPaiokrilTveQ6a+v9ujbEBM5KKBTnpWb02AREHCjzqupy9GsVFgrv3eJl3lVkIdR
YnMJod48VDCLyvdgl0CZDIZVhi8byNc0uTLgdsbVxEkmvYCwyWUIL+LPMdED0lczGlZk
jM2K4CE/EYTL+VbwT5omnPmANYRwoYa+5P6uOEXzMy4xYGmDYjjwmLOjupEC8AxfvCSh
sOoTb6SFnA+nYM4n0lL+AfvnT7Lrijy3jN1Yde2Ct9//CtuvkIqca8mHDc8rMabBVVsK
JHbf61XdMBuYwpqtIRA5fOGtALVTI3JtTtyoJDc/5/EFUsKcHdEFSB3J75syEYWmRWsp
L+ug==
X-Gm-Message-State: AOJu0YxuKNgeJpDKHmt9564Tyw6VdenZtOrCCORdrHjZGnOWaEAVYUMP
s4b39lxQAo4Kc5BzNEc4BthbkNx/0+ICKt0GZHh/bxZ6v/J5plI1WV7/vCbf0U/7w+wX0a6gRlE
=
X-Google-Smtp-Source: AGHT+IEdj+yyNqI2IK3QDmDUoc4ikNyPA206bD8oLYyIfbHp1GH4MSfPWZ146pYnDa1YWm/Z7TXL/m38Nw==
MIME-Version: 1.0
X-Received: by 2002:a05:6e02:1d99:b0:369:f7ca:a361 with SMTP id
h25-20020a056e021d9900b00369f7caa361mr627989ila.1.1713801060480; Mon, 22 Apr
2024 08:51:00 -0700 (PDT)
Message-ID:
Date: Mon, 22 Apr 2024 15:51:00 +0000
Subject: netknowyeg, Information
From: denirosufadom@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 6.9
X-Spam_score_int: 69
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW, Please visit the web page below Cheaper. [ https://bit.ly/instamaxshop?netknowyeg
]
Content analysis details: (6.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.166.71 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.71 listed in wl.mailspike.net]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[denirosufadom(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
Subject: {SPAM?} netknowyeg, Information
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1csDQpQbGVhc2UgdmlzaXQgdGhlIHdlYiBwYWdlIGJlbG93IENoZWFwZXIuDQoN
ClsgaHR0cHM6Ly9iaXQubHkvaW5zdGFtYXhzaG9wP25ldGtub3d5ZWcgXQ0KDQpEbyB5b3UgaGF2
ZSBhYm91dCBbIExlc3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NCkluY3JlYXNlIE5vdyAuLiEh
ISBPZmYgNDAlIFRvZGF5Li4uISEhDQoNCi0gSW5zdGFudA0KLSBTYWZlc3QgTWV0aG9kcw0KLSBQ
cml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgNTBLIC0gMTAwSyBGb2xsb3dlcnMvZGF5DQotIEhp
Z2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50ZWUNCi0gVHJ1
c3RlZA0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KDQooIFRocmVhZHMs
IEluc3RhZ3JhbSwgVHdpdHRlciwgWW91dHViZSwgRmFjZWJvb2ssIGV0Yy4gKQ0KDQoNCg0KVGhh
bmsgeW91LA0KUmVnYXJkcywNCg0KDQpDb3B5cmlnaHQgwqkgMjAxNCAtIDIwMjUgSW5zdGFtZWRp
YVByb01BWC4gQWxsIFJpZ2h0cyBSZXNlcnZlZC4NCg==
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 22 Apr 2024 12:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1ryy7R-000000004KM-1Itq
for dave@doctor.nl2k.ab.ca;
Mon, 22 Apr 2024 12:10:21 -0600
Resent-From: The Doctor
Resent-Date: Mon, 22 Apr 2024 12:10:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-io1-f71.google.com ([209.85.166.71]:52247)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from <3ZIcmZg0JBUUklupyvz1mhkvtnthps.jvtzhslzur.jh@maestro.bounces.google.com>)
id 1ryvyY-00000000AIi-2dU0
for sales@nk.ca;
Mon, 22 Apr 2024 09:53:06 -0600
Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7da41c44da7so487308439f.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1713801060; x=1714405860; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;
b=Je+k1uhL5atcZ1nhF6sLPsAVr4j36JJHlSgUXQ3RrMTb/a91455OMdimkGd5RdZdET
2xhpJGqrFwUGl1TQ3LKHCPWd3LiqQp29LSydHH3ubJwkGkS0BaVg8CEHZR5ggkAYtM9P
IB6CsF23wyDghO7XQ46v7y927H0FeifPe921NlZyR7kcmld70p4WyqgI5GWCzeVJTaOf
hBeJH2PGe6u3OAhE/3MtTcxrvulnrcUO0BlUM+ix0ljp3zDPTnBxA7sc91k7bi8TBJV8
4+UEieCYfN40wgAiwkt3bX6kfcFF4XZaQA/ESxp/rc1BTSnNb2BWpIBMvg1sa2JvrZ+4
HXxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1713801060; x=1714405860;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;
b=CYPaiokrilTveQ6a+v9ujbEBM5KKBTnpWb02AREHCjzqupy9GsVFgrv3eJl3lVkIdR
YnMJod48VDCLyvdgl0CZDIZVhi8byNc0uTLgdsbVxEkmvYCwyWUIL+LPMdED0lczGlZk
jM2K4CE/EYTL+VbwT5omnPmANYRwoYa+5P6uOEXzMy4xYGmDYjjwmLOjupEC8AxfvCSh
sOoTb6SFnA+nYM4n0lL+AfvnT7Lrijy3jN1Yde2Ct9//CtuvkIqca8mHDc8rMabBVVsK
JHbf61XdMBuYwpqtIRA5fOGtALVTI3JtTtyoJDc/5/EFUsKcHdEFSB3J75syEYWmRWsp
L+ug==
X-Gm-Message-State: AOJu0YxuKNgeJpDKHmt9564Tyw6VdenZtOrCCORdrHjZGnOWaEAVYUMP
s4b39lxQAo4Kc5BzNEc4BthbkNx/0+ICKt0GZHh/bxZ6v/J5plI1WV7/vCbf0U/7w+wX0a6gRlE
=
X-Google-Smtp-Source: AGHT+IEdj+yyNqI2IK3QDmDUoc4ikNyPA206bD8oLYyIfbHp1GH4MSfPWZ146pYnDa1YWm/Z7TXL/m38Nw==
MIME-Version: 1.0
X-Received: by 2002:a05:6e02:1d99:b0:369:f7ca:a361 with SMTP id
h25-20020a056e021d9900b00369f7caa361mr627989ila.1.1713801060480; Mon, 22 Apr
2024 08:51:00 -0700 (PDT)
Message-ID:
Date: Mon, 22 Apr 2024 15:51:00 +0000
Subject: netknowyeg, Information
From: denirosufadom@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 6.9
X-Spam_score_int: 69
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW, Please visit the web page below Cheaper. [ https://bit.ly/instamaxshop?netknowyeg
]
Content analysis details: (6.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
[209.85.166.71 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.166.71 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
[209.85.166.71 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.166.71 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.71 listed in wl.mailspike.net]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[denirosufadom(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
Subject: {SPAM?} netknowyeg, Information
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1csDQpQbGVhc2UgdmlzaXQgdGhlIHdlYiBwYWdlIGJlbG93IENoZWFwZXIuDQoN
ClsgaHR0cHM6Ly9iaXQubHkvaW5zdGFtYXhzaG9wP25ldGtub3d5ZWcgXQ0KDQpEbyB5b3UgaGF2
ZSBhYm91dCBbIExlc3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NCkluY3JlYXNlIE5vdyAuLiEh
ISBPZmYgNDAlIFRvZGF5Li4uISEhDQoNCi0gSW5zdGFudA0KLSBTYWZlc3QgTWV0aG9kcw0KLSBQ
cml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgNTBLIC0gMTAwSyBGb2xsb3dlcnMvZGF5DQotIEhp
Z2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50ZWUNCi0gVHJ1
c3RlZA0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KDQooIFRocmVhZHMs
IEluc3RhZ3JhbSwgVHdpdHRlciwgWW91dHViZSwgRmFjZWJvb2ssIGV0Yy4gKQ0KDQoNCg0KVGhh
bmsgeW91LA0KUmVnYXJkcywNCg0KDQpDb3B5cmlnaHQgwqkgMjAxNCAtIDIwMjUgSW5zdGFtZWRp
YVByb01BWC4gQWxsIFJpZ2h0cyBSZXNlcnZlZC4NCg==
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments