Amazon Phish from globconnex.com
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1uYBQ5-00000000KNX-3lDA
for dave@doctor.nl2k.ab.ca;
Sat, 05 Jul 2025 16:31:41 -0600
Resent-From: The Doctor
Resent-Date: Sat, 5 Jul 2025 16:31:41 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [81.19.140.55] (port=48263 helo=adminiral.live)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1uY9vO-00000000OiK-0vAM
for root@nk.ca;
Sat, 05 Jul 2025 14:56:04 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;
h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;
bh=k1wGAm+0ehv2t4ETJJYd04Q5boA=;
b=s9rjPnrwO4Xj7/9s+MiyXzmZKEMmJj7t2v+DIiCtft8hwIhjAgC2HqMm+KtgaV3sJQWIHMvHkPWM
JOeZocMDDv5nV6ZfMm0ToQ7JWpBC55YYn+b1WxTKl19Rfp1yVo9Hn1m+82xyY2yd5WLFeXTqtCt4
EKMDOmBM6e17z4sBr7Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;
b=p0e6Cql3odplP0K4OMfxbeSkJDXrLqBc+0AvXf1ZBN9MRj2hYV6f5qQ3ZPJJlyBBkrvPQCb+Gjxv
hzC9YkddgtFlO7xP+WPyIN1maVPvPyy4V3f6pxMGescXzLnFtkAnu1LrCR3tbZI1chh+wlSdboAg
6PirO37QoWpFHfAsPug=;
To: root@nk.ca
From: =?UTF-8?B?QW1hem9u?=
Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
Date: Sat, 05 Jul 2025 20:52:36 +0000
Content-Type: text/html
Content-Transfer-Encoding :BASE64
X-Spam_score: 22.1
X-Spam_score_int: 221
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started
Early With Our Favorite Deals Amazon's Prime Day sale is now four days long
(July 8-11), which sounds great until you realize that's four days of scrolling
through endless deal pages. We figured you probably have better things to
[...]
Content analysis details: (22.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 185.174.30.244]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist
[URI: 185.174.30.244]
4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URI: 185.174.30.244]
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRBckpaTzIyNjQ0cWFyZTM1OWNsb2xvb2l5ZmIxMzUyM0NDQVdHU1NKSVdTS0hKRjE2NDgxRUxaTzUxNDZqOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80b0VrVGIyMjY0NHN1SHozNTlwaXN4aWhiY3dwMTM1MjNCRVlXRURYUEtZVlpPS0ExNjQ4MUlIQko1MTQ2dDkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRld3hiUzIyNjQ0d1hOQjM1OW1rY3dhbnJuZXoxMzUyM1VBSVBJSERRV01JSlNTTTE2NDgxWFFFTzUxNDZzOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNVdJcUtRMjI2NDRzaHJTMzU5bWtwamdhbmNlZjEzNTIzQ0tVSEhTSExUVlZWWE5WMTY0ODFLUU9aNTE0NlQ5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNxRkZZWjIyNjQ0ckxUajM1OXdvcmJsemp4cG0xMzUyM1ZTTkRPSlNBRERKSEpTVDE2NDgxSkxEUjUxNDZROSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1uYBQ5-00000000KNX-3lDA
for dave@doctor.nl2k.ab.ca;
Sat, 05 Jul 2025 16:31:41 -0600
Resent-From: The Doctor
Resent-Date: Sat, 5 Jul 2025 16:31:41 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [81.19.140.55] (port=48263 helo=adminiral.live)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1uY9vO-00000000OiK-0vAM
for root@nk.ca;
Sat, 05 Jul 2025 14:56:04 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;
h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;
bh=k1wGAm+0ehv2t4ETJJYd04Q5boA=;
b=s9rjPnrwO4Xj7/9s+MiyXzmZKEMmJj7t2v+DIiCtft8hwIhjAgC2HqMm+KtgaV3sJQWIHMvHkPWM
JOeZocMDDv5nV6ZfMm0ToQ7JWpBC55YYn+b1WxTKl19Rfp1yVo9Hn1m+82xyY2yd5WLFeXTqtCt4
EKMDOmBM6e17z4sBr7Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;
b=p0e6Cql3odplP0K4OMfxbeSkJDXrLqBc+0AvXf1ZBN9MRj2hYV6f5qQ3ZPJJlyBBkrvPQCb+Gjxv
hzC9YkddgtFlO7xP+WPyIN1maVPvPyy4V3f6pxMGescXzLnFtkAnu1LrCR3tbZI1chh+wlSdboAg
6PirO37QoWpFHfAsPug=;
To: root@nk.ca
From: =?UTF-8?B?QW1hem9u?=
Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
Date: Sat, 05 Jul 2025 20:52:36 +0000
Content-Type: text/html
Content-Transfer-Encoding :BASE64
X-Spam_score: 22.1
X-Spam_score_int: 221
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started
Early With Our Favorite Deals Amazon's Prime Day sale is now four days long
(July 8-11), which sounds great until you realize that's four days of scrolling
through endless deal pages. We figured you probably have better things to
[...]
Content analysis details: (22.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 185.174.30.244]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist
[URI: 185.174.30.244]
4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URI: 185.174.30.244]
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRBckpaTzIyNjQ0cWFyZTM1OWNsb2xvb2l5ZmIxMzUyM0NDQVdHU1NKSVdTS0hKRjE2NDgxRUxaTzUxNDZqOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80b0VrVGIyMjY0NHN1SHozNTlwaXN4aWhiY3dwMTM1MjNCRVlXRURYUEtZVlpPS0ExNjQ4MUlIQko1MTQ2dDkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRld3hiUzIyNjQ0d1hOQjM1OW1rY3dhbnJuZXoxMzUyM1VBSVBJSERRV01JSlNTTTE2NDgxWFFFTzUxNDZzOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNVdJcUtRMjI2NDRzaHJTMzU5bWtwamdhbmNlZjEzNTIzQ0tVSEhTSExUVlZWWE5WMTY0ODFLUU9aNTE0NlQ5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNxRkZZWjIyNjQ0ckxUajM1OXdvcmJsemp4cG0xMzUyM1ZTTkRPSlNBRERKSEpTVDE2NDgxSkxEUjUxNDZROSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==
