Instagram followers spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 08 May 2024 15:44:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s4p4L-00000000ANG-0iOK
for dave@doctor.nl2k.ab.ca;
Wed, 08 May 2024 15:43:21 -0600
Resent-From: The Doctor
Resent-Date: Wed, 8 May 2024 15:43:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yw1-f198.google.com ([209.85.128.198]:47329)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s4nFR-00000000Jv7-1UzS
for sales@nk.ca;
Wed, 08 May 2024 13:46:45 -0600
Received: by mail-yw1-f198.google.com with SMTP id 00721157ae682-61c9e36888bso1701567b3.2
for; Wed, 08 May 2024 12:44:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1715197468; x=1715802268; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=SY+1I/qjfezyBwFATEahr4j/V/f3t/LiUx/L9JjdTcw=;
b=Psj9/1Cv84iEONck0djG6kg1EGEXtvJjDFahDvQHpWW+ZJHmgVSgHUDIN/h5zDjtl/
VtGYAZzFnh8T7NzA0okwEFvtr5x9VLJUOgMFHMjE3mhPDZZ9UDpobOUzE21PNa2KFW8E
uKEdKpDburMSZemmVhUm69b/dCLhhjT75HFBk1DbitubIFxLUNLfRtPvXpCHpDS3oTME
iSO8sT+ZzEnJhSsY1d/nDBefJYyiHRS+D5sEG79XAfpD8oTQb1N7DtmFnMiFof+BQ2cd
+HNuNkbojX+R3zyuG+Lt9eXnNWvYkLZS9jwnJVh6kvAoYlavUaJMBsIImX+zanTqEpot
j0BQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715197468; x=1715802268;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=SY+1I/qjfezyBwFATEahr4j/V/f3t/LiUx/L9JjdTcw=;
b=oXpgPFcm51AKJohY48pnFUuARIdpqACnbd7uenetfnzfYHrfQ1Lb/ZMIa+c6PQhUgP
RZcfoJ7v+m14qYJR/+7tMov4hKcXlo3IDQL3wGbTDeUq+1szDIhMPcb02z51U4n6dBQV
fPaiXrXSARINp7ocGz0ZEg4La+FRaP4GCL1AlDgXfYERIb27UygJbN9dnJBdPV5os6Nj
h2X5PzSWKzgNVDf/D+xfp0iHIuw/WQ4rmRvqotKv+0l6SQGLEEIUdd9Zyln/gupxU8JR
SUZdUlbwcsd/9Sf2UD2Bqkah1q4GmPop7otH+9dxPQSLUn+gG4ITZoUt/hTEmttC0+r5
aDuw==
X-Gm-Message-State: AOJu0YwOZiJ/WE3VTSHQO1R6TvKvYVXPF4rZRAqg4Qr/cFDOBdiPw4Mr
OpLMbM0k2QseUkvwbbBCEvrhlYc3/LE1CMGwY0if3Yvvyv9Op3RYLycvHfQur7oH/OXy181kcpo
=
X-Google-Smtp-Source: AGHT+IEIzOBFeL9wWFIdXXad61YMR2Ve4gEDuyZ2dNKwX3yF4+92cggvuSFKC+5S/WwLZoTkteqzCBmw/w==
MIME-Version: 1.0
X-Received: by 2002:a05:6870:724b:b0:23c:1599:49bd with SMTP id
586e51a60fabf-24097c33e36mr1286753fac.16.1715129181017; Tue, 07 May 2024
17:46:21 -0700 (PDT)
Message-ID:
Date: Wed, 08 May 2024 00:46:21 +0000
Subject: netknowyeg,Gifts 10K IG Followers here
From: sersankrikul@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 9.4
X-Spam_score_int: 94
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW ! Please visit the web page below . [ https://linktr.ee/instamediamax?netknowyeg
]
Content analysis details: (9.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.128.198 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.198 listed in wl.mailspike.net]
0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[sersankrikul(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
1.0 RCVD_IN_SORBS No description available.
Subject: {SPAM?} netknowyeg,Gifts 10K IG Followers here
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1cgIQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0
cHM6Ly9saW5rdHIuZWUvaW5zdGFtZWRpYW1heD9uZXRrbm93eWVnIF0NCg0KRG8geW91IGhhdmUg
YWJvdXQgWyA5NTIgXSBGb2xsb3dlcnMgPw0KU3BlY2lhbHMgIGxpbWl0ZWQgIE9mZiA0MCUgVG9k
YXkuLi4hISENCkluY3JlYXNlIE5vdyAuLiEhIQ0KDQotIGluc3RhbnQgcHJvY2Vzcw0KLSBTYWZl
c3QgTWV0aG9kcw0KLSBQcml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgMTAwSyBGb2xsb3dlcnMv
ZGF5DQotIEhpZ2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50
ZWUNCi0gVHJ1c3RlZCBTZWxsZXIgdGVzdGltb255DQotIFN0YXJ0aW5nIGdldCA1SyBGb2xsb3dl
cnMgSW5zdGFncmFtDQotIEd1YXJhbnRlZWQgdG8gYmUgdGhlIGNoZWFwZXN0DQoNClRoYW5rIHlv
dSwNClJlZ2FyZHMsDQpzb2NpYWxpbnN0YW1heEBnbWFpbC5jb20NCg0KQ29weXJpZ2h0IMKpIDIw
MTQgLSAyMDI1IEluc3RhbWVkaWFNQVguIEFsbCBSaWdodHMgUmVzZXJ2ZWQuDQo=
I1.01KL0LD37.4KI2.18KwhoissourceRank12.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 08 May 2024 15:44:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s4p4L-00000000ANG-0iOK
for dave@doctor.nl2k.ab.ca;
Wed, 08 May 2024 15:43:21 -0600
Resent-From: The Doctor
Resent-Date: Wed, 8 May 2024 15:43:21 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yw1-f198.google.com ([209.85.128.198]:47329)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s4nFR-00000000Jv7-1UzS
for sales@nk.ca;
Wed, 08 May 2024 13:46:45 -0600
Received: by mail-yw1-f198.google.com with SMTP id 00721157ae682-61c9e36888bso1701567b3.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1715197468; x=1715802268; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=SY+1I/qjfezyBwFATEahr4j/V/f3t/LiUx/L9JjdTcw=;
b=Psj9/1Cv84iEONck0djG6kg1EGEXtvJjDFahDvQHpWW+ZJHmgVSgHUDIN/h5zDjtl/
VtGYAZzFnh8T7NzA0okwEFvtr5x9VLJUOgMFHMjE3mhPDZZ9UDpobOUzE21PNa2KFW8E
uKEdKpDburMSZemmVhUm69b/dCLhhjT75HFBk1DbitubIFxLUNLfRtPvXpCHpDS3oTME
iSO8sT+ZzEnJhSsY1d/nDBefJYyiHRS+D5sEG79XAfpD8oTQb1N7DtmFnMiFof+BQ2cd
+HNuNkbojX+R3zyuG+Lt9eXnNWvYkLZS9jwnJVh6kvAoYlavUaJMBsIImX+zanTqEpot
j0BQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715197468; x=1715802268;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=SY+1I/qjfezyBwFATEahr4j/V/f3t/LiUx/L9JjdTcw=;
b=oXpgPFcm51AKJohY48pnFUuARIdpqACnbd7uenetfnzfYHrfQ1Lb/ZMIa+c6PQhUgP
RZcfoJ7v+m14qYJR/+7tMov4hKcXlo3IDQL3wGbTDeUq+1szDIhMPcb02z51U4n6dBQV
fPaiXrXSARINp7ocGz0ZEg4La+FRaP4GCL1AlDgXfYERIb27UygJbN9dnJBdPV5os6Nj
h2X5PzSWKzgNVDf/D+xfp0iHIuw/WQ4rmRvqotKv+0l6SQGLEEIUdd9Zyln/gupxU8JR
SUZdUlbwcsd/9Sf2UD2Bqkah1q4GmPop7otH+9dxPQSLUn+gG4ITZoUt/hTEmttC0+r5
aDuw==
X-Gm-Message-State: AOJu0YwOZiJ/WE3VTSHQO1R6TvKvYVXPF4rZRAqg4Qr/cFDOBdiPw4Mr
OpLMbM0k2QseUkvwbbBCEvrhlYc3/LE1CMGwY0if3Yvvyv9Op3RYLycvHfQur7oH/OXy181kcpo
=
X-Google-Smtp-Source: AGHT+IEIzOBFeL9wWFIdXXad61YMR2Ve4gEDuyZ2dNKwX3yF4+92cggvuSFKC+5S/WwLZoTkteqzCBmw/w==
MIME-Version: 1.0
X-Received: by 2002:a05:6870:724b:b0:23c:1599:49bd with SMTP id
586e51a60fabf-24097c33e36mr1286753fac.16.1715129181017; Tue, 07 May 2024
17:46:21 -0700 (PDT)
Message-ID:
Date: Wed, 08 May 2024 00:46:21 +0000
Subject: netknowyeg,Gifts 10K IG Followers here
From: sersankrikul@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 9.4
X-Spam_score_int: 94
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW ! Please visit the web page below . [ https://linktr.ee/instamediamax?netknowyeg
]
Content analysis details: (9.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
[209.85.128.198 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.128.198 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
[209.85.128.198 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.128.198 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.198 listed in wl.mailspike.net]
0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[sersankrikul(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
1.0 RCVD_IN_SORBS No description available.
Subject: {SPAM?} netknowyeg,Gifts 10K IG Followers here
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1cgIQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0
cHM6Ly9saW5rdHIuZWUvaW5zdGFtZWRpYW1heD9uZXRrbm93eWVnIF0NCg0KRG8geW91IGhhdmUg
YWJvdXQgWyA5NTIgXSBGb2xsb3dlcnMgPw0KU3BlY2lhbHMgIGxpbWl0ZWQgIE9mZiA0MCUgVG9k
YXkuLi4hISENCkluY3JlYXNlIE5vdyAuLiEhIQ0KDQotIGluc3RhbnQgcHJvY2Vzcw0KLSBTYWZl
c3QgTWV0aG9kcw0KLSBQcml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgMTAwSyBGb2xsb3dlcnMv
ZGF5DQotIEhpZ2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50
ZWUNCi0gVHJ1c3RlZCBTZWxsZXIgdGVzdGltb255DQotIFN0YXJ0aW5nIGdldCA1SyBGb2xsb3dl
cnMgSW5zdGFncmFtDQotIEd1YXJhbnRlZWQgdG8gYmUgdGhlIGNoZWFwZXN0DQoNClRoYW5rIHlv
dSwNClJlZ2FyZHMsDQpzb2NpYWxpbnN0YW1heEBnbWFpbC5jb20NCg0KQ29weXJpZ2h0IMKpIDIw
MTQgLSAyMDI1IEluc3RhbWVkaWFNQVguIEFsbCBSaWdodHMgUmVzZXJ2ZWQuDQo=
I1.01KL0LD37.4KI2.18KwhoissourceRank12.8MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments