link spam from Gogole Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 22 Feb 2024 05:08:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rd7rZ-000000009d9-3GUc
for dave@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 05:07:41 -0700
Resent-From: The Doctor
Resent-Date: Thu, 22 Feb 2024 05:07:41 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f67.google.com ([209.85.218.67]:47413)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rd1zX-00000000MN6-0N0u
for doctor@nl2k.ab.ca;
Wed, 21 Feb 2024 22:51:35 -0700
Received: by mail-ej1-f67.google.com with SMTP id a640c23a62f3a-a3e552eff09so414000066b.3
for; Wed, 21 Feb 2024 21:49:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1708580969; x=1709185769; darn=nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=1JyiHqZNKLX0K8JgdvFhoiDrQtutL6GQQmRmrSEL5Bc=;
b=ZQW9RnpNKN7xDUUgo5mvSiH6W8TIZeYqiCtmrpX3lEQGb8m53+E7CR20e+zA2EUktT
dWMIqeC5u6hK+R+yV7J1SMN8q0P39jAQHZF9YfQX8sZnAU6waPoxwA3SaxgFU3m5wnjg
P9cyhoghpnpMxlFIbM/xj0xzIRJRKlu6AZnJFm3E4GO4x53+R5iashO308G0MrNM8PUj
/Tl+IIJyTGy0nwpETnmDKKSjmPTKzVnMQebE3IM7nTrKPIjuCW/36xgQQPb2ebFKPm9X
AQE+JXiH8zaKTjKw5c8ulWKA0RL6Rn+UKgXQucYaSakmEtajmLo2tanUoku4kLy1voyD
HhgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1708580969; x=1709185769;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=1JyiHqZNKLX0K8JgdvFhoiDrQtutL6GQQmRmrSEL5Bc=;
b=fIu/L5Cc5yBXaMkAgfx3ybP9YnbmBnG5nI/M+iaHjqhiUj5tKqoNOWupEPu6gFB4T/
ZT447ZQ61ZietCtzttMo+9hJk1LwyPfg7vUHqSdi7wrv1/S4fat0+aPLeVH86wrztLoW
vJBUXe4HGYnY3cPnGSp0uvTjOYk3e8tIuo8dqzJGwLL8tZ8trBPJ1UKOx1OsJmS07iaS
yUEPphqLbF1zyR3WvZyfNVggq1x05+/yo6fIfWY3AxJ+oSQsbVctj2c0UFx3CFpZTe8u
LVpUQ9F1ddXJJcFwm1QZtr7LoEhPN5dFp5ACK7Rq/9BFsEonSkWR9iHaugVtJ8Ewmbly
n+BQ==
X-Forwarded-Encrypted: i=1; AJvYcCUyBITrw49FKkh+oWprj7/D9L/J3g3bM2/2QXxYylTpFxa45y651ENwT8sEYDxiUbIQZkFI2VMRtTWLS04PalxSlw==
X-Gm-Message-State: AOJu0YzzCPvujJlTgV64/HhBUXsCriO14uMICOygaSPBqBpJJUzEp1jP
JRvreXEXyaHm4HgFDHJEDRvAa1OldVLbHpAf8VkbWBjF0mEfReJKoh+DL0UO0KiLiG5K9/PoK+Q
dDGwkHp6DAo4lG/TcjnhMhvAzd8bYvJfku8Lrb1gr
X-Google-Smtp-Source: AGHT+IFYBLWa+IppjpJykmwLlyfqVIOcEvNxqf5JlT26YL4XIrRxcAyLf1csmZK3LiPxlPeW13VCK07W04oT8eGgCEI=
X-Received: by 2002:a17:906:1c4b:b0:a3e:460a:1f3f with SMTP id
l11-20020a1709061c4b00b00a3e460a1f3fmr3682488ejg.1.1708359912856; Mon, 19 Feb
2024 08:25:12 -0800 (PST)
MIME-Version: 1.0
From: Dagmar Duerr
Date: Mon, 19 Feb 2024 16:25:07 +0000
Message-ID:
Subject:
To: dnath, doctor , dosani ,
dr, dragonfly 2009 ,
drasc62
Content-Type: multipart/alternative; boundary="000000000000c11fb80611be8974"
X-Spam_score: 8.2
X-Spam_score_int: 82
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:  http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=ecaqmkbecqhbdrxpuv
http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=ecaqmkbecqhbdrxpuv
Content analysis details: (8.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist
[URI: thirteenintroduce.top]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.218.67 listed in list.dnswl.org]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: mhnnhcx.thirteenintroduce.top]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: thirteenintroduce.top]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[dacewzis(at)gmail.com]
0.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: mhnnhcx.thirteenintroduce.top]
[(top)]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.67 listed in wl.mailspike.net]
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 TVD_SPACE_RATIO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: mhnnhcx.thirteenintroduce.top/193.106.174.68]
[URI: mhnnhcx.thirteenintroduce.top/193.106.174.68]
Subject: {SPAM?}
X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message
X-Antivirus-Status: Clean
--000000000000c11fb80611be8974
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF
http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=3Decaqmkbecqhb=
drxpuv
--000000000000c11fb80611be8974
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--000000000000c11fb80611be8974--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 22 Feb 2024 05:08:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rd7rZ-000000009d9-3GUc
for dave@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 05:07:41 -0700
Resent-From: The Doctor
Resent-Date: Thu, 22 Feb 2024 05:07:41 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f67.google.com ([209.85.218.67]:47413)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rd1zX-00000000MN6-0N0u
for doctor@nl2k.ab.ca;
Wed, 21 Feb 2024 22:51:35 -0700
Received: by mail-ej1-f67.google.com with SMTP id a640c23a62f3a-a3e552eff09so414000066b.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1708580969; x=1709185769; darn=nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=1JyiHqZNKLX0K8JgdvFhoiDrQtutL6GQQmRmrSEL5Bc=;
b=ZQW9RnpNKN7xDUUgo5mvSiH6W8TIZeYqiCtmrpX3lEQGb8m53+E7CR20e+zA2EUktT
dWMIqeC5u6hK+R+yV7J1SMN8q0P39jAQHZF9YfQX8sZnAU6waPoxwA3SaxgFU3m5wnjg
P9cyhoghpnpMxlFIbM/xj0xzIRJRKlu6AZnJFm3E4GO4x53+R5iashO308G0MrNM8PUj
/Tl+IIJyTGy0nwpETnmDKKSjmPTKzVnMQebE3IM7nTrKPIjuCW/36xgQQPb2ebFKPm9X
AQE+JXiH8zaKTjKw5c8ulWKA0RL6Rn+UKgXQucYaSakmEtajmLo2tanUoku4kLy1voyD
HhgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1708580969; x=1709185769;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=1JyiHqZNKLX0K8JgdvFhoiDrQtutL6GQQmRmrSEL5Bc=;
b=fIu/L5Cc5yBXaMkAgfx3ybP9YnbmBnG5nI/M+iaHjqhiUj5tKqoNOWupEPu6gFB4T/
ZT447ZQ61ZietCtzttMo+9hJk1LwyPfg7vUHqSdi7wrv1/S4fat0+aPLeVH86wrztLoW
vJBUXe4HGYnY3cPnGSp0uvTjOYk3e8tIuo8dqzJGwLL8tZ8trBPJ1UKOx1OsJmS07iaS
yUEPphqLbF1zyR3WvZyfNVggq1x05+/yo6fIfWY3AxJ+oSQsbVctj2c0UFx3CFpZTe8u
LVpUQ9F1ddXJJcFwm1QZtr7LoEhPN5dFp5ACK7Rq/9BFsEonSkWR9iHaugVtJ8Ewmbly
n+BQ==
X-Forwarded-Encrypted: i=1; AJvYcCUyBITrw49FKkh+oWprj7/D9L/J3g3bM2/2QXxYylTpFxa45y651ENwT8sEYDxiUbIQZkFI2VMRtTWLS04PalxSlw==
X-Gm-Message-State: AOJu0YzzCPvujJlTgV64/HhBUXsCriO14uMICOygaSPBqBpJJUzEp1jP
JRvreXEXyaHm4HgFDHJEDRvAa1OldVLbHpAf8VkbWBjF0mEfReJKoh+DL0UO0KiLiG5K9/PoK+Q
dDGwkHp6DAo4lG/TcjnhMhvAzd8bYvJfku8Lrb1gr
X-Google-Smtp-Source: AGHT+IFYBLWa+IppjpJykmwLlyfqVIOcEvNxqf5JlT26YL4XIrRxcAyLf1csmZK3LiPxlPeW13VCK07W04oT8eGgCEI=
X-Received: by 2002:a17:906:1c4b:b0:a3e:460a:1f3f with SMTP id
l11-20020a1709061c4b00b00a3e460a1f3fmr3682488ejg.1.1708359912856; Mon, 19 Feb
2024 08:25:12 -0800 (PST)
MIME-Version: 1.0
From: Dagmar Duerr
Date: Mon, 19 Feb 2024 16:25:07 +0000
Message-ID:
Subject:
To: dnath
dr
drasc62
Content-Type: multipart/alternative; boundary="000000000000c11fb80611be8974"
X-Spam_score: 8.2
X-Spam_score_int: 82
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:  http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=ecaqmkbecqhbdrxpuv
http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=ecaqmkbecqhbdrxpuv
Content analysis details: (8.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist
[URI: thirteenintroduce.top]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.218.67 listed in list.dnswl.org]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: mhnnhcx.thirteenintroduce.top]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: thirteenintroduce.top]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[dacewzis(at)gmail.com]
0.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: mhnnhcx.thirteenintroduce.top]
[(top)]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.67 listed in wl.mailspike.net]
1.2 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 TVD_SPACE_RATIO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: mhnnhcx.thirteenintroduce.top/193.106.174.68]
[URI: mhnnhcx.thirteenintroduce.top/193.106.174.68]
Subject: {SPAM?}
X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message
X-Antivirus-Status: Clean
--000000000000c11fb80611be8974
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF
http://mhnnhcx.thirteenintroduce.top/hdoobobglower01?affsub2=3Decaqmkbecqhb=
drxpuv
--000000000000c11fb80611be8974
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF
doobobglower01?affsub2=3Decaqmkbecqhbdrxpuv">http://mhnnhcx.thirteenintrodu=
ce.top/hdoobobglower01?affsub2=3Decaqmkbecqhbdrxpuv
doobobglower01?affsub2=3Decaqmkbecqhbdrxpuv">http://mhnnhcx.thirteenintrodu=
ce.top/hdoobobglower01?affsub2=3Decaqmkbecqhbdrxpuv
--000000000000c11fb80611be8974--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments