Instagram followers spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 22 Apr 2024 12:11:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1ryy7R-000000004KM-1Itq

for dave@doctor.nl2k.ab.ca;

Mon, 22 Apr 2024 12:10:21 -0600

Resent-From: The Doctor

Resent-Date: Mon, 22 Apr 2024 12:10:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-io1-f71.google.com ([209.85.166.71]:52247)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from <3ZIcmZg0JBUUklupyvz1mhkvtnthps.jvtzhslzur.jh@maestro.bounces.google.com>)

id 1ryvyY-00000000AIi-2dU0

for sales@nk.ca;

Mon, 22 Apr 2024 09:53:06 -0600

Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7da41c44da7so487308439f.0

for ; Mon, 22 Apr 2024 08:51:06 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1713801060; x=1714405860; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;

b=Je+k1uhL5atcZ1nhF6sLPsAVr4j36JJHlSgUXQ3RrMTb/a91455OMdimkGd5RdZdET

2xhpJGqrFwUGl1TQ3LKHCPWd3LiqQp29LSydHH3ubJwkGkS0BaVg8CEHZR5ggkAYtM9P

IB6CsF23wyDghO7XQ46v7y927H0FeifPe921NlZyR7kcmld70p4WyqgI5GWCzeVJTaOf

hBeJH2PGe6u3OAhE/3MtTcxrvulnrcUO0BlUM+ix0ljp3zDPTnBxA7sc91k7bi8TBJV8

4+UEieCYfN40wgAiwkt3bX6kfcFF4XZaQA/ESxp/rc1BTSnNb2BWpIBMvg1sa2JvrZ+4

HXxg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1713801060; x=1714405860;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;

b=CYPaiokrilTveQ6a+v9ujbEBM5KKBTnpWb02AREHCjzqupy9GsVFgrv3eJl3lVkIdR

YnMJod48VDCLyvdgl0CZDIZVhi8byNc0uTLgdsbVxEkmvYCwyWUIL+LPMdED0lczGlZk

jM2K4CE/EYTL+VbwT5omnPmANYRwoYa+5P6uOEXzMy4xYGmDYjjwmLOjupEC8AxfvCSh

sOoTb6SFnA+nYM4n0lL+AfvnT7Lrijy3jN1Yde2Ct9//CtuvkIqca8mHDc8rMabBVVsK

JHbf61XdMBuYwpqtIRA5fOGtALVTI3JtTtyoJDc/5/EFUsKcHdEFSB3J75syEYWmRWsp

L+ug==

X-Gm-Message-State: AOJu0YxuKNgeJpDKHmt9564Tyw6VdenZtOrCCORdrHjZGnOWaEAVYUMP

s4b39lxQAo4Kc5BzNEc4BthbkNx/0+ICKt0GZHh/bxZ6v/J5plI1WV7/vCbf0U/7w+wX0a6gRlE

=

X-Google-Smtp-Source: AGHT+IEdj+yyNqI2IK3QDmDUoc4ikNyPA206bD8oLYyIfbHp1GH4MSfPWZ146pYnDa1YWm/Z7TXL/m38Nw==

MIME-Version: 1.0

X-Received: by 2002:a05:6e02:1d99:b0:369:f7ca:a361 with SMTP id

h25-20020a056e021d9900b00369f7caa361mr627989ila.1.1713801060480; Mon, 22 Apr

2024 08:51:00 -0700 (PDT)

Message-ID:

Date: Mon, 22 Apr 2024 15:51:00 +0000

Subject: netknowyeg, Information

From: denirosufadom@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 6.9

X-Spam_score_int: 69

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram

NOW, Please visit the web page below Cheaper. [ https://bit.ly/instamaxshop?netknowyeg

]



Content analysis details: (6.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.166.71 listed in dnsbl.ahbl.org]

[209.85.166.71 listed in dnsbl.ahbl.org]

[209.85.166.71 listed in dnsbl.ahbl.org]

[209.85.166.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.166.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.166.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.166.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.166.71 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

[209.85.166.71 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.166.71 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.166.71 listed in wl.mailspike.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[denirosufadom(at)gmail.com]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

Subject: {SPAM?} netknowyeg, Information



SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu

c3RhZ3JhbSBOT1csDQpQbGVhc2UgdmlzaXQgdGhlIHdlYiBwYWdlIGJlbG93IENoZWFwZXIuDQoN

ClsgaHR0cHM6Ly9iaXQubHkvaW5zdGFtYXhzaG9wP25ldGtub3d5ZWcgXQ0KDQpEbyB5b3UgaGF2

ZSBhYm91dCBbIExlc3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NCkluY3JlYXNlIE5vdyAuLiEh

ISBPZmYgNDAlIFRvZGF5Li4uISEhDQoNCi0gSW5zdGFudA0KLSBTYWZlc3QgTWV0aG9kcw0KLSBQ

cml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgNTBLIC0gMTAwSyBGb2xsb3dlcnMvZGF5DQotIEhp

Z2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50ZWUNCi0gVHJ1

c3RlZA0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KDQooIFRocmVhZHMs

IEluc3RhZ3JhbSwgVHdpdHRlciwgWW91dHViZSwgRmFjZWJvb2ssIGV0Yy4gKQ0KDQoNCg0KVGhh

bmsgeW91LA0KUmVnYXJkcywNCg0KDQpDb3B5cmlnaHQgwqkgMjAxNCAtIDIwMjUgSW5zdGFtZWRp

YVByb01BWC4gQWxsIFJpZ2h0cyBSZXNlcnZlZC4NCg==

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA