Investment phish from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 10 Apr 2024 08:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1ruYZC-00000000GzQ-1bpQ
for dave@doctor.nl2k.ab.ca;
Wed, 10 Apr 2024 08:04:46 -0600
Resent-From: The Doctor
Resent-Date: Wed, 10 Apr 2024 08:04:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cpanel.ozlemtarim.com.tr ([92.42.34.146]:46768)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1ruVyU-000000004Z0-2Uik
for doctor@nl2k.ab.ca;
Wed, 10 Apr 2024 05:18:47 -0600
Received: from 20.30.227.35.bc.googleusercontent.com ([35.227.30.20]:52971 helo=mkontakt.az)
by cpanel.ozlemtarim.com.tr with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1ru6nd-0000mJ-0a
for doctor@nl2k.ab.ca;
Tue, 09 Apr 2024 11:25:50 +0300
Reply-To: marcb5734@gmail.com
From: marcbtesting@mkontakt.az
To: doctor@nl2k.ab.ca
Subject: Project Funding.
Date: 09 Apr 2024 08:25:49 +0000
Message-ID: <20240409082549.6A140FE10D3DD191@mkontakt.az>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Ozlemtarim-MailScanner-Information: Please contact the ISP for more information
X-Ozlemtarim-MailScanner-ID: 1ru6nd-0000mJ-0a
X-Ozlemtarim-MailScanner: Found to be clean
X-Ozlemtarim-MailScanner-SpamCheck:
X-Ozlemtarim-MailScanner-From: marcbtesting@mkontakt.az
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel.ozlemtarim.com.tr
X-AntiAbuse: Original Domain - nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mkontakt.az
X-Get-Message-Sender-Via: cpanel.ozlemtarim.com.tr: authenticated_id: aylin@ozlemyem.com.tr
X-Authenticated-Sender: cpanel.ozlemtarim.com.tr: aylin@ozlemyem.com.tr
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Greetings, We are independent Financial known as Marcb Finance
Consults and We are currently issuing Loans to both individuals and Corporate
bodies for Business and Projects Funding at Interest of 2.5% Rate for [...]
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[92.42.34.146 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[92.42.34.146 listed in bl.score.senderscore.com]
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=marcbtesting%40mkontakt.az;ip=92.42.34.146;r=doctor.nl2k.ab.ca]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[marcb5734(at)gmail.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
Subject: {SPAM?} Project Funding.
w3.org/TR/html4/loose.dtd">
I1.80KL0LD36.9KIwhoissourceRank13.0MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 10 Apr 2024 08:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1ruYZC-00000000GzQ-1bpQ
for dave@doctor.nl2k.ab.ca;
Wed, 10 Apr 2024 08:04:46 -0600
Resent-From: The Doctor
Resent-Date: Wed, 10 Apr 2024 08:04:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cpanel.ozlemtarim.com.tr ([92.42.34.146]:46768)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1ruVyU-000000004Z0-2Uik
for doctor@nl2k.ab.ca;
Wed, 10 Apr 2024 05:18:47 -0600
Received: from 20.30.227.35.bc.googleusercontent.com ([35.227.30.20]:52971 helo=mkontakt.az)
by cpanel.ozlemtarim.com.tr with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1ru6nd-0000mJ-0a
for doctor@nl2k.ab.ca;
Tue, 09 Apr 2024 11:25:50 +0300
Reply-To: marcb5734@gmail.com
From: marcbtesting@mkontakt.az
To: doctor@nl2k.ab.ca
Subject: Project Funding.
Date: 09 Apr 2024 08:25:49 +0000
Message-ID: <20240409082549.6A140FE10D3DD191@mkontakt.az>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Ozlemtarim-MailScanner-Information: Please contact the ISP for more information
X-Ozlemtarim-MailScanner-ID: 1ru6nd-0000mJ-0a
X-Ozlemtarim-MailScanner: Found to be clean
X-Ozlemtarim-MailScanner-SpamCheck:
X-Ozlemtarim-MailScanner-From: marcbtesting@mkontakt.az
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel.ozlemtarim.com.tr
X-AntiAbuse: Original Domain - nl2k.ab.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mkontakt.az
X-Get-Message-Sender-Via: cpanel.ozlemtarim.com.tr: authenticated_id: aylin@ozlemyem.com.tr
X-Authenticated-Sender: cpanel.ozlemtarim.com.tr: aylin@ozlemyem.com.tr
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Greetings, We are independent Financial known as Marcb Finance
Consults and We are currently issuing Loans to both individuals and Corporate
bodies for Business and Projects Funding at Interest of 2.5% Rate for [...]
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[92.42.34.146 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[92.42.34.146 listed in bl.score.senderscore.com]
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=marcbtesting%40mkontakt.az;ip=92.42.34.146;r=doctor.nl2k.ab.ca]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[marcb5734(at)gmail.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
Subject: {SPAM?} Project Funding.
w3.org/TR/html4/loose.dtd">
Greetings,
We are independent Financial known as Marcb =
Finance Consults and We are currently issuing Loans to both individuals and=
Corporate bodies for Business and Projects Funding at Interest of 2.5% Rat=
e for a period of 10 Years.
Our Minimum Funding is $1 Million and our Maximum Funding is $2.5 Billio=
n
Please get back if you are interested and with us all your financial tro=
ubles are over! Contact us today for more deatails
Regards=
,
Mr. Fred Binaza
Director of Marcb Finance and Investment
I1.80KL0LD36.9KIwhoissourceRank13.0MPIN0Summary reportDiagnosisDensity00n/a