Loan link spam from Google gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 02 Oct 2023 07:56:04 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qnJJH-000JZb-3A
for dave@doctor.nl2k.ab.ca;
Mon, 02 Oct 2023 07:50:07 -0600
Resent-From: The Doctor
Resent-Date: Mon, 2 Oct 2023 07:50:07 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f67.google.com ([209.85.218.67]:44106)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qnHig-00021r-1w
for doctor@doctor.nl2k.ab.ca;
Mon, 02 Oct 2023 06:08:35 -0600
Received: by mail-ej1-f67.google.com with SMTP id a640c23a62f3a-9a6190af24aso2302728266b.0
for; Mon, 02 Oct 2023 05:06:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1696248369; x=1696853169; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=J42RAapZ7774zisCEki7UCAnGmKWKXvxNSFcfwaReoI=;
b=VZaBoYVSeeVklueBDXBdKyQ7k9FiqH6nrAF1+iALirXFYoGatioj/3EdPpoc3iIO4D
oprcIN2iAmvj58B2EGD8cE1nOk5zF6fQwF1Efm7fKj11bf/ZXC6SW7GAbfAJ1ra/vH06
ftU5Yfgmo0dW1j5MNx6Yg+Si0WVEpwC6kAg7GbvzbreY+0fQ/RSMWwIRnarAYpTPeYec
EeQ97fL6zQH2Mrt/vn1HvpgaUZftZscFhGifXPk2S62QqcU91P1mis2xir9k2FdgzcoH
5K1CVVtdBBCMSYH76f9Y9Xv+6vQKcstKOQowhG5J0zMrDbL0ZnRw9s/u/5JpAOqiTuKK
fF3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1696248369; x=1696853169;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=J42RAapZ7774zisCEki7UCAnGmKWKXvxNSFcfwaReoI=;
b=DugffQ/9wKYcRAQ+NrIamqC0hvTxV/C4nd+zHzA6ZMERPKeWM6nw7rBNV4uxMKoItO
NidLCXtUgthD+0qWlsCglkMMyAr1cGb6Zvqbjjl/MVeEzVxAJn0/4MyFvCLTfaAeaUp7
psxOv5+Qe74ycVUmdeNnQmmuVRnhMELfUWrKED9aQcZMnxD9dnpg49vGmrl1wI2hBLN2
Ai6ncvsZ17nwlLyDvLpkDDIEvuRvCWsBSypcrv5q66dtfnUpmDqpSNjUBLAlpJ8NWYPE
S0GOWf7HYtb945HYZKuN/0rTpBW7DDeAaRJEs4Pydr/Y2g4WfkTe3yBxD5DXvyFIXARM
5v3w==
X-Gm-Message-State: AOJu0YwAf6B6a8fYD3QHjSjF+brvxUMnltKoq9+OafOcApLVI481jQXQ
Uej6RkTeBOtIc2b3sHPkJO6vaq5zMgPYqykXRpU=
X-Google-Smtp-Source: AGHT+IFSonZXk5ISEJR/eN+GtIk3Qk/CnSaWxMxo/jGqRdbs+7ejRNIWRJTLUT4M0kVA8jRfk4yGx581FAfibEPTMCA=
X-Received: by 2002:a17:906:6a19:b0:9a1:c0e9:58ff with SMTP id
qw25-20020a1709066a1900b009a1c0e958ffmr13211700ejc.11.1696248369192; Mon, 02
Oct 2023 05:06:09 -0700 (PDT)
MIME-Version: 1.0
From: LOAN OFFER
Date: Mon, 2 Oct 2023 12:06:00 +0000
Message-ID:
Subject: Greetings
To: ctetley, c degagne ,
doctor, elizabethp ,
firdosh, hedgehogstitchery ,
hummingbirdcottage
Content-Type: multipart/alternative; boundary="0000000000007f22a90606ba99d0"
X-Spam_score: 6.3
X-Spam_score_int: 63
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your friend LOAN OFFER shared this link with you - https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous? Your friend LOAN OFFER
shared this link with you - https://b4wgq3a2.page.link/naxz Ever before witnessed
special deals this enormous?
Content analysis details: (6.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.218.67 listed in list.dnswl.org]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: b4wgq3a2.page.link]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.67 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[pureismat(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} Greetings
--0000000000007f22a90606ba99d0
Content-Type: text/plain; charset="UTF-8"
Your friend LOAN OFFER shared this link with you -
https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous?
--0000000000007f22a90606ba99d0
Content-Type: text/html; charset="UTF-8"
Your friend LOAN OFFER shared this link with you - https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous?
--0000000000007f22a90606ba99d0--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 02 Oct 2023 07:56:04 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qnJJH-000JZb-3A
for dave@doctor.nl2k.ab.ca;
Mon, 02 Oct 2023 07:50:07 -0600
Resent-From: The Doctor
Resent-Date: Mon, 2 Oct 2023 07:50:07 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f67.google.com ([209.85.218.67]:44106)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qnHig-00021r-1w
for doctor@doctor.nl2k.ab.ca;
Mon, 02 Oct 2023 06:08:35 -0600
Received: by mail-ej1-f67.google.com with SMTP id a640c23a62f3a-9a6190af24aso2302728266b.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1696248369; x=1696853169; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=J42RAapZ7774zisCEki7UCAnGmKWKXvxNSFcfwaReoI=;
b=VZaBoYVSeeVklueBDXBdKyQ7k9FiqH6nrAF1+iALirXFYoGatioj/3EdPpoc3iIO4D
oprcIN2iAmvj58B2EGD8cE1nOk5zF6fQwF1Efm7fKj11bf/ZXC6SW7GAbfAJ1ra/vH06
ftU5Yfgmo0dW1j5MNx6Yg+Si0WVEpwC6kAg7GbvzbreY+0fQ/RSMWwIRnarAYpTPeYec
EeQ97fL6zQH2Mrt/vn1HvpgaUZftZscFhGifXPk2S62QqcU91P1mis2xir9k2FdgzcoH
5K1CVVtdBBCMSYH76f9Y9Xv+6vQKcstKOQowhG5J0zMrDbL0ZnRw9s/u/5JpAOqiTuKK
fF3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1696248369; x=1696853169;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=J42RAapZ7774zisCEki7UCAnGmKWKXvxNSFcfwaReoI=;
b=DugffQ/9wKYcRAQ+NrIamqC0hvTxV/C4nd+zHzA6ZMERPKeWM6nw7rBNV4uxMKoItO
NidLCXtUgthD+0qWlsCglkMMyAr1cGb6Zvqbjjl/MVeEzVxAJn0/4MyFvCLTfaAeaUp7
psxOv5+Qe74ycVUmdeNnQmmuVRnhMELfUWrKED9aQcZMnxD9dnpg49vGmrl1wI2hBLN2
Ai6ncvsZ17nwlLyDvLpkDDIEvuRvCWsBSypcrv5q66dtfnUpmDqpSNjUBLAlpJ8NWYPE
S0GOWf7HYtb945HYZKuN/0rTpBW7DDeAaRJEs4Pydr/Y2g4WfkTe3yBxD5DXvyFIXARM
5v3w==
X-Gm-Message-State: AOJu0YwAf6B6a8fYD3QHjSjF+brvxUMnltKoq9+OafOcApLVI481jQXQ
Uej6RkTeBOtIc2b3sHPkJO6vaq5zMgPYqykXRpU=
X-Google-Smtp-Source: AGHT+IFSonZXk5ISEJR/eN+GtIk3Qk/CnSaWxMxo/jGqRdbs+7ejRNIWRJTLUT4M0kVA8jRfk4yGx581FAfibEPTMCA=
X-Received: by 2002:a17:906:6a19:b0:9a1:c0e9:58ff with SMTP id
qw25-20020a1709066a1900b009a1c0e958ffmr13211700ejc.11.1696248369192; Mon, 02
Oct 2023 05:06:09 -0700 (PDT)
MIME-Version: 1.0
From: LOAN OFFER
Date: Mon, 2 Oct 2023 12:06:00 +0000
Message-ID:
Subject: Greetings
To: ctetley
doctor
firdosh
hummingbirdcottage
Content-Type: multipart/alternative; boundary="0000000000007f22a90606ba99d0"
X-Spam_score: 6.3
X-Spam_score_int: 63
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Your friend LOAN OFFER shared this link with you - https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous? Your friend LOAN OFFER
shared this link with you - https://b4wgq3a2.page.link/naxz Ever before witnessed
special deals this enormous?
Content analysis details: (6.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.218.67 listed in list.dnswl.org]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: b4wgq3a2.page.link]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.67 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[pureismat(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} Greetings
--0000000000007f22a90606ba99d0
Content-Type: text/plain; charset="UTF-8"
Your friend LOAN OFFER shared this link with you -
https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous?
--0000000000007f22a90606ba99d0
Content-Type: text/html; charset="UTF-8"
Your friend LOAN OFFER shared this link with you - https://b4wgq3a2.page.link/naxz
Ever before witnessed special deals this enormous?
--0000000000007f22a90606ba99d0--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments