link spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 13 Feb 2024 08:41:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rZutA-00000000JA8-45GG
for dave@doctor.nl2k.ab.ca;
Tue, 13 Feb 2024 08:40:04 -0700
Resent-From: The Doctor
Resent-Date: Tue, 13 Feb 2024 08:40:04 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f196.google.com ([209.85.219.196]:55359)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rZtbJ-000000001wp-3cJf
for root@nk.ca;
Tue, 13 Feb 2024 07:17:38 -0700
Received: by mail-yb1-f196.google.com with SMTP id 3f1490d57ef6-dcc5aa17c34so836731276.2
for; Tue, 13 Feb 2024 06:15:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1707833729; x=1708438529; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=MTt+07rKBEXj5UgdH1Na7VnkTUawhZPDEfK7Kqqo8Ss=;
b=SVdVz8RUsAMA4Aktmr8IwsZkBP9RdmRwWlSwH4Jb/ZBCTi6UXodckm0aZqb5f5WMp2
dSoR6pjjHk9gDVlfsFRJw9X63teCzMK8SnkL8LZbgnuQUA6FD6nN268Iu9nzHufHso3B
DkrPjTufoxOl1rH0Es/S359HHFBalXcqoTu27IPq+i70cdZt3U2FEzZhmpmJJbCrYhlM
Bt/3kIMuh5uBnOqIaFV1HxSQu0pgi1H+1Zxl12bCj9VJUC4ZcTqZY8n63k0uA4szA+Vz
f73qYp7ksUCqxfYkGvqWtxAW3kk8F3Qd5Gdews+hgkgPVHzd8Y8lS4+JQsCgLYG+LQrE
ALwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1707833729; x=1708438529;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=MTt+07rKBEXj5UgdH1Na7VnkTUawhZPDEfK7Kqqo8Ss=;
b=UfMQkicmMjcYbRCGNCNPAxFT9Ucf94Unx1RcWS75wDVe1G/B6A7aUYvwmX+i5HY9Q4
iY9O4WUAdsw3cqEcjmNngc8E6WekAag7715QuNJWg/jkRY0vsuKppduPeErmWZH9ulTo
z35MPhsKHWSPu7TjcIdLYXCDcHczsHGVvxrL9hehrlOFJH2DPkJhAy9pD/sPINVRG2jF
wbdtv181qSjbediAwjD23LUfN31XOcHGqGcqZNPNSd0oX1aQcqiiFBnFmZG5KeF460Xp
QhFxZpi6G1oJkAp2arfE/+vtn6Ehq6HqayVTR/XgpTvYOVM5Cnj1/sZeuFrQDIIF30FV
j8Lw==
X-Gm-Message-State: AOJu0YzrsxybTz9fBb0XjOHG0yu5v5RNIhr768t/wLN1a4abBKgU2GqK
rFhIioBQCmcVl8vw95nVoMlhVkap6oYc76k/1UfB3/rrWRe1z6d1vu0/QqZsJu0D0tZ7sr6MgUO
AT3nuy4TmmU0EdyJKjblY/J+loZusg5TVA8gmbg==
X-Google-Smtp-Source: AGHT+IG8ObP+h5sn6dKSmDFwRJSRDvlWNhpq+csFyrrsWzz/zTGfoqCou0R22eZRkendCFtBcAGNROqv5bv3hpjoA5E=
X-Received: by 2002:a05:6902:2005:b0:dc7:5157:d43d with SMTP id
dh5-20020a056902200500b00dc75157d43dmr8752200ybb.42.1707833729446; Tue, 13
Feb 2024 06:15:29 -0800 (PST)
MIME-Version: 1.0
From: John
Date: Tue, 13 Feb 2024 14:15:19 +0000
Message-ID:
Subject:
To: root
Content-Type: multipart/alternative; boundary="000000000000c776cb061144068c"
X-Spam_score: 7.2
X-Spam_score_int: 72
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: http://galljo.handsometime.top/hdoobobglower01?affsub2=jglwkk
http://galljo.handsometime.top/hdoobobglower01?affsub2=jglwkk
Content analysis details: (7.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: handsometime.top]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[siqueirosora(at)gmail.com]
0.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: galljo.handsometime.top (top)]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: handsometime.top]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: galljo.handsometime.top]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.196 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.196 listed in list.dnswl.org]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TVD_SPACE_RATIO No description available.
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: galljo.handsometime.top/193.106.175.77]
[URI: galljo.handsometime.top/193.106.175.77]
Subject: {SPAM?}
--000000000000c776cb061144068c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BFhttp://galljo.handsometime.top/hdoobobglower01?affsub2=3Djglwkk
--000000000000c776cb061144068c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--000000000000c776cb061144068c--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 13 Feb 2024 08:41:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rZutA-00000000JA8-45GG
for dave@doctor.nl2k.ab.ca;
Tue, 13 Feb 2024 08:40:04 -0700
Resent-From: The Doctor
Resent-Date: Tue, 13 Feb 2024 08:40:04 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f196.google.com ([209.85.219.196]:55359)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rZtbJ-000000001wp-3cJf
for root@nk.ca;
Tue, 13 Feb 2024 07:17:38 -0700
Received: by mail-yb1-f196.google.com with SMTP id 3f1490d57ef6-dcc5aa17c34so836731276.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1707833729; x=1708438529; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=MTt+07rKBEXj5UgdH1Na7VnkTUawhZPDEfK7Kqqo8Ss=;
b=SVdVz8RUsAMA4Aktmr8IwsZkBP9RdmRwWlSwH4Jb/ZBCTi6UXodckm0aZqb5f5WMp2
dSoR6pjjHk9gDVlfsFRJw9X63teCzMK8SnkL8LZbgnuQUA6FD6nN268Iu9nzHufHso3B
DkrPjTufoxOl1rH0Es/S359HHFBalXcqoTu27IPq+i70cdZt3U2FEzZhmpmJJbCrYhlM
Bt/3kIMuh5uBnOqIaFV1HxSQu0pgi1H+1Zxl12bCj9VJUC4ZcTqZY8n63k0uA4szA+Vz
f73qYp7ksUCqxfYkGvqWtxAW3kk8F3Qd5Gdews+hgkgPVHzd8Y8lS4+JQsCgLYG+LQrE
ALwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1707833729; x=1708438529;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=MTt+07rKBEXj5UgdH1Na7VnkTUawhZPDEfK7Kqqo8Ss=;
b=UfMQkicmMjcYbRCGNCNPAxFT9Ucf94Unx1RcWS75wDVe1G/B6A7aUYvwmX+i5HY9Q4
iY9O4WUAdsw3cqEcjmNngc8E6WekAag7715QuNJWg/jkRY0vsuKppduPeErmWZH9ulTo
z35MPhsKHWSPu7TjcIdLYXCDcHczsHGVvxrL9hehrlOFJH2DPkJhAy9pD/sPINVRG2jF
wbdtv181qSjbediAwjD23LUfN31XOcHGqGcqZNPNSd0oX1aQcqiiFBnFmZG5KeF460Xp
QhFxZpi6G1oJkAp2arfE/+vtn6Ehq6HqayVTR/XgpTvYOVM5Cnj1/sZeuFrQDIIF30FV
j8Lw==
X-Gm-Message-State: AOJu0YzrsxybTz9fBb0XjOHG0yu5v5RNIhr768t/wLN1a4abBKgU2GqK
rFhIioBQCmcVl8vw95nVoMlhVkap6oYc76k/1UfB3/rrWRe1z6d1vu0/QqZsJu0D0tZ7sr6MgUO
AT3nuy4TmmU0EdyJKjblY/J+loZusg5TVA8gmbg==
X-Google-Smtp-Source: AGHT+IG8ObP+h5sn6dKSmDFwRJSRDvlWNhpq+csFyrrsWzz/zTGfoqCou0R22eZRkendCFtBcAGNROqv5bv3hpjoA5E=
X-Received: by 2002:a05:6902:2005:b0:dc7:5157:d43d with SMTP id
dh5-20020a056902200500b00dc75157d43dmr8752200ybb.42.1707833729446; Tue, 13
Feb 2024 06:15:29 -0800 (PST)
MIME-Version: 1.0
From: John
Date: Tue, 13 Feb 2024 14:15:19 +0000
Message-ID:
Subject:
To: root
Content-Type: multipart/alternative; boundary="000000000000c776cb061144068c"
X-Spam_score: 7.2
X-Spam_score_int: 72
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: http://galljo.handsometime.top/hdoobobglower01?affsub2=jglwkk
http://galljo.handsometime.top/hdoobobglower01?affsub2=jglwkk
Content analysis details: (7.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: handsometime.top]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[siqueirosora(at)gmail.com]
0.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: galljo.handsometime.top (top)]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: handsometime.top]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: galljo.handsometime.top]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.196 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.196 listed in list.dnswl.org]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 TVD_SPACE_RATIO No description available.
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: galljo.handsometime.top/193.106.175.77]
[URI: galljo.handsometime.top/193.106.175.77]
Subject: {SPAM?}
--000000000000c776cb061144068c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BFhttp://galljo.handsometime.top/hdoobobglower01?affsub2=3Djglwkk
--000000000000c776cb061144068c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF
glower01?affsub2=3Djglwkk">http://galljo.handsometime.top/hdoobobglower01?a=
ffsub2=3Djglwkk
glower01?affsub2=3Djglwkk">http://galljo.handsometime.top/hdoobobglower01?a=
ffsub2=3Djglwkk
--000000000000c776cb061144068c--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments