Instagram followers spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 19 Apr 2024 17:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rxxbi-000000002uu-3xAa

for dave@doctor.nl2k.ab.ca;

Fri, 19 Apr 2024 17:25:26 -0600

Resent-From: The Doctor

Resent-Date: Fri, 19 Apr 2024 17:25:26 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f198.google.com ([209.85.128.198]:53324)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rxwhj-00000000MZW-0QJi

for sales@nk.ca;

Fri, 19 Apr 2024 16:27:39 -0600

Received: by mail-yw1-f198.google.com with SMTP id 00721157ae682-61b3518eb6bso23840707b3.2

for ; Fri, 19 Apr 2024 15:25:39 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1713565533; x=1714170333; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=SdnrZk7lcvCIWgoaFril0eeiuC/uQ7YO96mnenP/21Y=;

b=LbS4KXdX3xx9FpNk3cd/D1UBW4igAMQgSOsTYHyvsE+99FFM7gozn0QTswu3Ql79NA

c8iuQupJB6MUIrd4vxg7yhRgiBpHDJ9pExhtd4QnriFqve78GKKO8pnB2sYEBD3w2BTv

j9I7xevAMWPmSZos2EvAYYgXHijYqyNR5RVo/B6S4Z1J5PIcfxZ5luO5t25N9mBqOZjj

67yM0Tf6c64EECEjGPgtTfXCSrMRRMnly9u44vXwoqChrszoHm+eKHzG95oNFarSZZpo

JiicPDK1+FeKyG662ZNVz2pc7cpW9hLNTJWLfAAo+HGL009WDcSzh0o0dv02VutYThM4

N3WQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1713565533; x=1714170333;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=SdnrZk7lcvCIWgoaFril0eeiuC/uQ7YO96mnenP/21Y=;

b=qfC5nOnt0ryz84MiJtQOYHG1H8djNyExUMxj4ilV5ybUUXzZedOngTJcduf3rXDStc

uhXILKbnLO0J89zRQU6pQ/jFLBPaBVICbEiwsBl4uH4eUZEfPZHvD6nrurhwPDzNfB+k

v3V7RWtNeyveGLCLd05z0nJdf6DCjAPlrJrfU8KxL7WTvbi3oREZvzHfAPfIVNenKtf1

zN0hV9K5JdDaSczbibiwFw044M59Pyst+gdTfb5IqaVeiRU/Trx8HA4+K5S77OI8D/7R

M3Tw3uHjsG71pZ24VruzscaaXoTQ42MVrZUmI7WwfXsZezZpjSn9yrSg2lENR+jACxH2

qZqA==

X-Gm-Message-State: AOJu0YxHP1tJyDXk0ofqejt060VACHScbU/MT11X6NO+4a4FJk35PPwt

2Zzd+kW9a73jTTYVoC8urRmV7DsIufLb9TgAPIF0wSgRV66NUORJ9+/PknGuRwnNLGoeNMLrUAE

=

X-Google-Smtp-Source: AGHT+IGwyAD4SXicLnE5DRe31SJZQvpgbZ9Zx4Dm3ppua4eMyvLPJV5DJtGLTjdxdOi4OXEqtSDxYK0ADQ==

MIME-Version: 1.0

X-Received: by 2002:a05:6902:702:b0:dc7:68b5:4f21 with SMTP id

k2-20020a056902070200b00dc768b54f21mr999126ybt.9.1713565533321; Fri, 19 Apr

2024 15:25:33 -0700 (PDT)

Message-ID:

Date: Fri, 19 Apr 2024 22:25:33 +0000

Subject: daveyadallee,Gifts 10K IG Followers here

From: fitrotsm@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 9.2

X-Spam_score_int: 92

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi , daveyadallee Get 100K Followers Instagram NOW, Please

visit the web page below Cheaper. [ https://bit.ly/instamaxshop?daveyadallee

]



Content analysis details: (9.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.198 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[209.85.128.198 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.128.198 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.198 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[fitrotsm(at)gmail.com]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} daveyadallee,Gifts 10K IG Followers here



SGkgLA0KZGF2ZXlhZGFsbGVlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIEluc3RhZ3JhbSBOT1cs

DQpQbGVhc2UgdmlzaXQgdGhlIHdlYiBwYWdlIGJlbG93IENoZWFwZXIuDQoNClsgaHR0cHM6Ly9i

aXQubHkvaW5zdGFtYXhzaG9wP2RhdmV5YWRhbGxlZSBdDQoNCkRvIHlvdSBoYXZlIGFib3V0IFsg

TGVzcyB0aGFuIDUwSyBdIEZvbGxvd2VycyA/DQpJbmNyZWFzZSBOb3cgLi4hISEgT2ZmIDQwJSBU

b2RheS4uLiEhIQ0KDQotIEluc3RhbnQNCi0gU2FmZXN0IE1ldGhvZHMNCi0gUHJpdmFjeSBQcm90

ZWN0aW9uDQotIFNwZWVkIDUwSyAtIDEwMEsgRm9sbG93ZXJzL2RheQ0KLSBIaWdoIFF1YWxpdHkg

Rm9sbG93ZXJzICYgUmVhbA0KLSBEcm9wLUJhY2sgR3VhcmFudGVlDQotIFRydXN0ZWQNCi0gU3Rh

cnRpbmcgZ2V0IDVLIEZvbGxvd2VycyBJbnN0YWdyYW0NCg0KKCBUaHJlYWRzLCBJbnN0YWdyYW0s

IFR3aXR0ZXIsIFlvdXR1YmUsIEZhY2Vib29rLCBldGMuICkNCg0KDQoNClRoYW5rIHlvdSwNClJl

Z2FyZHMsDQoNCg0KQ29weXJpZ2h0IMKpIDIwMTQgLSAyMDI1IEluc3RhbWVkaWFQcm9NQVguIEFs

bCBSaWdodHMgUmVzZXJ2ZWQuDQo=

I2.03KL0LD37.0KI2.21KwhoissourceRank12.9MPIN0Summary reportDiagnosisDensity00n/a

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA