Crypto phish violationg the use of Elon Musk
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 02 Apr 2023 15:05:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pj4s3-000Eqb-2S
for dave@doctor.nl2k.ab.ca;
Sun, 02 Apr 2023 15:04:15 -0600
Resent-From: The Doctor
Resent-Date: Sun, 2 Apr 2023 15:04:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from relay.itanetbandalarga.com.br ([177.23.140.66]:50434)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pizM9-0000fE-0B
for root@nk.ca;
Sun, 02 Apr 2023 09:11:00 -0600
Received: from fixed-189-203-131-169.totalplay.net ([189.203.131.169] helo=[127.0.1.1])
by relay.itanetbandalarga.com.br with esmtp (Exim 4.94.2)
(envelope-from)
id 1piyo8-000TEG-Qp; Sun, 02 Apr 2023 11:35:49 -0300
Content-Type: multipart/alternative; boundary="===============1481302113=="
MIME-Version: 1.0
Subject: Biggest Crypto Giveaway of 100M
To: recipients
From: Elon Musk
Date: Sun, 02 Apr 2023 08:35:45 -0600
X-Mailer: outlook
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: SpaceX 2023 - All Rights Reserved Time-limited Offer SpaceX
2023 - All Rights Reserved
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[177.23.140.66 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[177.23.140.66 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[giveaway23(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[giveaway23(at)gmail.com]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[177.23.140.66 listed in wl.mailspike.net]
0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 T_FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 SPOOFED_FREEMAIL No description available.
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} Biggest Crypto Giveaway of 100M
You will not see this in a MIME-aware mail reader.
--===============1481302113==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
SpaceX 2023 - All Rights Reserved
Time-limited Offer
=20
--===============1481302113==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
--===============1481302113==--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 02 Apr 2023 15:05:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pj4s3-000Eqb-2S
for dave@doctor.nl2k.ab.ca;
Sun, 02 Apr 2023 15:04:15 -0600
Resent-From: The Doctor
Resent-Date: Sun, 2 Apr 2023 15:04:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from relay.itanetbandalarga.com.br ([177.23.140.66]:50434)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pizM9-0000fE-0B
for root@nk.ca;
Sun, 02 Apr 2023 09:11:00 -0600
Received: from fixed-189-203-131-169.totalplay.net ([189.203.131.169] helo=[127.0.1.1])
by relay.itanetbandalarga.com.br with esmtp (Exim 4.94.2)
(envelope-from
id 1piyo8-000TEG-Qp; Sun, 02 Apr 2023 11:35:49 -0300
Content-Type: multipart/alternative; boundary="===============1481302113=="
MIME-Version: 1.0
Subject: Biggest Crypto Giveaway of 100M
To: recipients
From: Elon Musk
Date: Sun, 02 Apr 2023 08:35:45 -0600
X-Mailer: outlook
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: SpaceX 2023 - All Rights Reserved Time-limited Offer SpaceX
2023 - All Rights Reserved
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[177.23.140.66 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[177.23.140.66 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[giveaway23(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[giveaway23(at)gmail.com]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[177.23.140.66 listed in wl.mailspike.net]
0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 T_FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 SPOOFED_FREEMAIL No description available.
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} Biggest Crypto Giveaway of 100M
You will not see this in a MIME-aware mail reader.
--===============1481302113==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
SpaceX 2023 - All Rights Reserved
Time-limited Offer
=20
--===============1481302113==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Dutf-8"/>
th=3D"1545" height=3D"692" style=3D"width: 1545px; height: 692px;" src=3D"h=
ttps://i.imgur.com/Q0BGZbF.jpeg" border=3D"0">
nt-family: Arial;">SpaceX 2023 - All Rights Reserved
font-size: 12.1px;">Time-limited =
Offer
--===============1481302113==--