Instagram followers spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dae@doctor.nl2k.ab.ca
Delivery-date: Wed, 08 May 2024 18:17:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s4rSj-0000000047T-2Ejj
for dae@doctor.nl2k.ab.ca;
Wed, 08 May 2024 18:16:41 -0600
Resent-From: The Doctor
Resent-Date: Wed, 8 May 2024 18:16:41 -0600
Resent-Message-ID:
Resent-To: dae@doctor.nl2k.ab.ca
Received: from mail-oo1-f69.google.com ([209.85.161.69]:55667)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s4pwI-00000000HZ7-2fXP
for sales@nk.ca;
Wed, 08 May 2024 16:39:11 -0600
Received: by mail-oo1-f69.google.com with SMTP id 006d021491bc7-5aa35f6f9b0so203082eaf.3
for; Wed, 08 May 2024 15:37:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1715207827; x=1715812627; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=426rOXhj59wcoHsnJine/lJUNaPRSVXBh05bNKiufnM=;
b=aoQlbomaroi0D79dQ1hJ4x/mH7bj+lgfDnyHBc7RHMZ+qq3eJWicFmLALZe2/3si8o
lhdwtNEMiegeG3pWLf/uEl1TnOv7ny02Wa9wdQaJjQ6LSnU4CgJSsGZW7smBYGrmC2UI
05kR3UaJYq/VZhFC0aHqPtllQADGaIQeSyo0xkjFDcGYZUm8sL3aeLRM4itXqLUTwc70
vdkgTGh8IoAC5aXSWmAGFnqcVycGZJzLO8I04R37hyMT8z6QFkBnoC1QKe+8YbT6j0BQ
AwaHuY9wektg7lJErM41FqBYj2FAFMG900Bofw9ju30pz6tG6Zgn0wcBuiepN0rpBZ4t
zRMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715207827; x=1715812627;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=426rOXhj59wcoHsnJine/lJUNaPRSVXBh05bNKiufnM=;
b=rUAVJucV2KWXGWLz3Tf2Qt85NIJZq4zUyEyy43n18hVGaGkHaftj17mvJVm+eRbsPp
UwrZoiZL4UyWEp/dvE3VsVpAG6hXaPB/UhoGA/qIE2vBzoPKJ5ol2f+1IEdtqxWZWbjN
T/zagA9j5Qc8H0XMnQ3N0zV/1pPsYsNA6MlpWz/pfNBzkvR6VJ1qkGNHA/hsBMQevZqq
yml6ADJ0l+33CkJfyCD/ibFMTj5RvbFkklLoUKp1qbNlH/hfRDGJ5tJejU1HYwEdeijI
My7Rdq5shIQ3BHyGwl5bmAHXxs8iMFEsiXzMg6aj6Yd1V6VXPp7dm8IxsEZLg7AElCHm
4Zrw==
X-Gm-Message-State: AOJu0YzpnF+MLnPcv7VSysAqBNd9g2Xw1qaBW92xCUGerlhzsuXrXhWH
Pe/1geGSPw9/trNZxFpb5Hih4zhvGIZeZzRhXxLQo5q/eAEYf+4f9pOvbninr8zl4MLAl863vY0
=
X-Google-Smtp-Source: AGHT+IGzALxaPk0hPwUl9pzRQhosxPNLaIWW2lMxwSx/ZDl5TY42pNA0X9tPjfnsQeqfbCBHYH7gl061og==
MIME-Version: 1.0
X-Received: by 2002:a81:4e83:0:b0:61a:c933:47a with SMTP id
00721157ae682-62085a74750mr40110077b3.24.1715204197426; Wed, 08 May 2024
14:36:37 -0700 (PDT)
Message-ID:
Date: Wed, 08 May 2024 21:36:37 +0000
Subject: netknowyeg,Gifts 15K IG Followers here
From: sersanborokem@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW ! Please visit the web page below . [ https://linktr.ee/instamediamax?netknowyeg
]
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.161.69 listed in list.dnswl.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.161.69 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[sersanborokem(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
Subject: {SPAM?} netknowyeg,Gifts 15K IG Followers here
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1cgIQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0
cHM6Ly9saW5rdHIuZWUvaW5zdGFtZWRpYW1heD9uZXRrbm93eWVnIF0NCg0KRG8geW91IGhhdmUg
YWJvdXQgWyBMZXNzIHRoYW4gNTBLIF0gRm9sbG93ZXJzID8NClNwZWNpYWxzICBsaW1pdGVkICBP
ZmYgNDAlIFRvZGF5Li4uISEhDQpJbmNyZWFzZSBOb3cgLi4hISENCg0KLSBpbnN0YW50IHByb2Nl
c3MNCi0gU2FmZXN0IE1ldGhvZHMNCi0gUHJpdmFjeSBQcm90ZWN0aW9uDQotIFNwZWVkIDEwMEsg
Rm9sbG93ZXJzL2RheQ0KLSBIaWdoIFF1YWxpdHkgRm9sbG93ZXJzICYgUmVhbA0KLSBEcm9wLUJh
Y2sgR3VhcmFudGVlDQotIFRydXN0ZWQgU2VsbGVyIHRlc3RpbW9ueQ0KLSBTdGFydGluZyBnZXQg
NUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KLSBHdWFyYW50ZWVkIHRvIGJlIHRoZSBjaGVhcGVzdA0K
DQpUaGFuayB5b3UsDQpSZWdhcmRzLA0Kc29jaWFsaW5zdGFtYXhAZ21haWwuY29tDQoNCkNvcHly
aWdodCDCqSAyMDE0IC0gMjAyNSBJbnN0YW1lZGlhTUFYLiBBbGwgUmlnaHRzIFJlc2VydmVkLg0K
I1.01KL0LD37.4KI2.18KwhoissourceRank12.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dae@doctor.nl2k.ab.ca
Delivery-date: Wed, 08 May 2024 18:17:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s4rSj-0000000047T-2Ejj
for dae@doctor.nl2k.ab.ca;
Wed, 08 May 2024 18:16:41 -0600
Resent-From: The Doctor
Resent-Date: Wed, 8 May 2024 18:16:41 -0600
Resent-Message-ID:
Resent-To: dae@doctor.nl2k.ab.ca
Received: from mail-oo1-f69.google.com ([209.85.161.69]:55667)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s4pwI-00000000HZ7-2fXP
for sales@nk.ca;
Wed, 08 May 2024 16:39:11 -0600
Received: by mail-oo1-f69.google.com with SMTP id 006d021491bc7-5aa35f6f9b0so203082eaf.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1715207827; x=1715812627; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=426rOXhj59wcoHsnJine/lJUNaPRSVXBh05bNKiufnM=;
b=aoQlbomaroi0D79dQ1hJ4x/mH7bj+lgfDnyHBc7RHMZ+qq3eJWicFmLALZe2/3si8o
lhdwtNEMiegeG3pWLf/uEl1TnOv7ny02Wa9wdQaJjQ6LSnU4CgJSsGZW7smBYGrmC2UI
05kR3UaJYq/VZhFC0aHqPtllQADGaIQeSyo0xkjFDcGYZUm8sL3aeLRM4itXqLUTwc70
vdkgTGh8IoAC5aXSWmAGFnqcVycGZJzLO8I04R37hyMT8z6QFkBnoC1QKe+8YbT6j0BQ
AwaHuY9wektg7lJErM41FqBYj2FAFMG900Bofw9ju30pz6tG6Zgn0wcBuiepN0rpBZ4t
zRMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715207827; x=1715812627;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=426rOXhj59wcoHsnJine/lJUNaPRSVXBh05bNKiufnM=;
b=rUAVJucV2KWXGWLz3Tf2Qt85NIJZq4zUyEyy43n18hVGaGkHaftj17mvJVm+eRbsPp
UwrZoiZL4UyWEp/dvE3VsVpAG6hXaPB/UhoGA/qIE2vBzoPKJ5ol2f+1IEdtqxWZWbjN
T/zagA9j5Qc8H0XMnQ3N0zV/1pPsYsNA6MlpWz/pfNBzkvR6VJ1qkGNHA/hsBMQevZqq
yml6ADJ0l+33CkJfyCD/ibFMTj5RvbFkklLoUKp1qbNlH/hfRDGJ5tJejU1HYwEdeijI
My7Rdq5shIQ3BHyGwl5bmAHXxs8iMFEsiXzMg6aj6Yd1V6VXPp7dm8IxsEZLg7AElCHm
4Zrw==
X-Gm-Message-State: AOJu0YzpnF+MLnPcv7VSysAqBNd9g2Xw1qaBW92xCUGerlhzsuXrXhWH
Pe/1geGSPw9/trNZxFpb5Hih4zhvGIZeZzRhXxLQo5q/eAEYf+4f9pOvbninr8zl4MLAl863vY0
=
X-Google-Smtp-Source: AGHT+IGzALxaPk0hPwUl9pzRQhosxPNLaIWW2lMxwSx/ZDl5TY42pNA0X9tPjfnsQeqfbCBHYH7gl061og==
MIME-Version: 1.0
X-Received: by 2002:a81:4e83:0:b0:61a:c933:47a with SMTP id
00721157ae682-62085a74750mr40110077b3.24.1715204197426; Wed, 08 May 2024
14:36:37 -0700 (PDT)
Message-ID:
Date: Wed, 08 May 2024 21:36:37 +0000
Subject: netknowyeg,Gifts 15K IG Followers here
From: sersanborokem@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram
NOW ! Please visit the web page below . [ https://linktr.ee/instamediamax?netknowyeg
]
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
[209.85.161.69 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.161.69 listed in list.dnswl.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
[209.85.161.69 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.161.69 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.161.69 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[sersanborokem(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
Subject: {SPAM?} netknowyeg,Gifts 15K IG Followers here
SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu
c3RhZ3JhbSBOT1cgIQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0
cHM6Ly9saW5rdHIuZWUvaW5zdGFtZWRpYW1heD9uZXRrbm93eWVnIF0NCg0KRG8geW91IGhhdmUg
YWJvdXQgWyBMZXNzIHRoYW4gNTBLIF0gRm9sbG93ZXJzID8NClNwZWNpYWxzICBsaW1pdGVkICBP
ZmYgNDAlIFRvZGF5Li4uISEhDQpJbmNyZWFzZSBOb3cgLi4hISENCg0KLSBpbnN0YW50IHByb2Nl
c3MNCi0gU2FmZXN0IE1ldGhvZHMNCi0gUHJpdmFjeSBQcm90ZWN0aW9uDQotIFNwZWVkIDEwMEsg
Rm9sbG93ZXJzL2RheQ0KLSBIaWdoIFF1YWxpdHkgRm9sbG93ZXJzICYgUmVhbA0KLSBEcm9wLUJh
Y2sgR3VhcmFudGVlDQotIFRydXN0ZWQgU2VsbGVyIHRlc3RpbW9ueQ0KLSBTdGFydGluZyBnZXQg
NUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KLSBHdWFyYW50ZWVkIHRvIGJlIHRoZSBjaGVhcGVzdA0K
DQpUaGFuayB5b3UsDQpSZWdhcmRzLA0Kc29jaWFsaW5zdGFtYXhAZ21haWwuY29tDQoNCkNvcHly
aWdodCDCqSAyMDE0IC0gMjAyNSBJbnN0YW1lZGlhTUFYLiBBbGwgUmlnaHRzIFJlc2VydmVkLg0K
I1.01KL0LD37.4KI2.18KwhoissourceRank12.8MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments