Amazon Phish from globconnex.com
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1uYBQB-00000000KOC-46EH
for dave@doctor.nl2k.ab.ca;
Sat, 05 Jul 2025 16:31:47 -0600
Resent-From: The Doctor
Resent-Date: Sat, 5 Jul 2025 16:31:47 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [81.19.140.55] (port=37771 helo=adminiral.live)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1uY9vO-00000000Oil-0v3A
for sales@netknow.ca;
Sat, 05 Jul 2025 14:56:04 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;
h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;
bh=oxFtmRD3etLFx3WMNISaaw6x6xA=;
b=zxU0/wN7wg/MgCwdN95LPilyPdcNcs4Fa5TbIJTJQPwvEuRoL0/X9ZRxle8xngJuhe4wxL6LoCXO
ibSDhuyV6akhvRFgEYhaPuKxkdgopPdQt8Y9FkedjbE/DH4eCEJKVdPBsPJI64gRkSm7MDZswRpu
+Q5PI+zAmpikAijT6EI=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;
b=SfIVktWCrFYlhLYW8qyqqWNFQ7pW21+SHmLrmBnyfcYzRUbpjG+2VnGF1X27fiqevTLSDSe4aOs0
OxTUqIlNT67NCVFedKpQvKSC/9etyseg5A6KOWpCB0XiOkzEp3JdQJbjdVsOnR72IxsJl+nKuWK/
qGjU+FKB5S9qeuGWPfY=;
To: sales@netknow.ca
From: =?UTF-8?B?QW1hem9u?=
Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
Date: Sat, 05 Jul 2025 20:52:44 +0000
Content-Type: text/html
Content-Transfer-Encoding :BASE64
X-Spam_score: 22.1
X-Spam_score_int: 221
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started
Early With Our Favorite Deals Amazon's Prime Day sale is now four days long
(July 8-11), which sounds great until you realize that's four days of scrolling
through endless deal pages. We figured you probably have better things to
[...]
Content analysis details: (22.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 185.174.30.244]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist
[URI: 185.174.30.244]
4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URI: 185.174.30.244]
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRWckhKcTIyNjQ0eGpSWDM1OWhjeWtraGVld3QxMzUyM05HWklKUFdFWlZaVlVaWTIwODA0U0xZWTUxNDZsOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80bk5qbmYyMjY0NGpOeGUzNTlpZ2V3ZmRqZ2JoMTM1MjNYUlRWV01YRVZUUFlNRVoyMDgwNE1MRUc1MTQ2UzkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzR6eHRWZzIyNjQ0am5rdTM1OW5idWtsdWV5aWoxMzUyM1BETlpJV0NYVkVOWk5RVzIwODA0RllQSTUxNDZaOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNUJ4Rm5hMjI2NDRBaG9UMzU5Z2pqdmpwZ2NqZjEzNTIzWVhHQ1RKVktXWkVFSUNaMjA4MDRJSk5JNTE0NnA5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNrcnNhSDIyNjQ0ZFhMWTM1OW5mZGxtY3pibGgxMzUyM1FXWUhQVFVWU05PV0JBSjIwODA0VEtMTTUxNDZ6OSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1uYBQB-00000000KOC-46EH
for dave@doctor.nl2k.ab.ca;
Sat, 05 Jul 2025 16:31:47 -0600
Resent-From: The Doctor
Resent-Date: Sat, 5 Jul 2025 16:31:47 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [81.19.140.55] (port=37771 helo=adminiral.live)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1uY9vO-00000000Oil-0v3A
for sales@netknow.ca;
Sat, 05 Jul 2025 14:56:04 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;
h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;
bh=oxFtmRD3etLFx3WMNISaaw6x6xA=;
b=zxU0/wN7wg/MgCwdN95LPilyPdcNcs4Fa5TbIJTJQPwvEuRoL0/X9ZRxle8xngJuhe4wxL6LoCXO
ibSDhuyV6akhvRFgEYhaPuKxkdgopPdQt8Y9FkedjbE/DH4eCEJKVdPBsPJI64gRkSm7MDZswRpu
+Q5PI+zAmpikAijT6EI=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;
b=SfIVktWCrFYlhLYW8qyqqWNFQ7pW21+SHmLrmBnyfcYzRUbpjG+2VnGF1X27fiqevTLSDSe4aOs0
OxTUqIlNT67NCVFedKpQvKSC/9etyseg5A6KOWpCB0XiOkzEp3JdQJbjdVsOnR72IxsJl+nKuWK/
qGjU+FKB5S9qeuGWPfY=;
To: sales@netknow.ca
From: =?UTF-8?B?QW1hem9u?=
Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
Date: Sat, 05 Jul 2025 20:52:44 +0000
Content-Type: text/html
Content-Transfer-Encoding :BASE64
X-Spam_score: 22.1
X-Spam_score_int: 221
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started
Early With Our Favorite Deals Amazon's Prime Day sale is now four days long
(July 8-11), which sounds great until you realize that's four days of scrolling
through endless deal pages. We figured you probably have better things to
[...]
Content analysis details: (22.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
[81.19.140.55 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[81.19.140.55 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
[81.19.140.55 listed in will-spam-for-food.eu.org]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 185.174.30.244]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist
[URI: 185.174.30.244]
4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URI: 185.174.30.244]
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=
CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRWckhKcTIyNjQ0eGpSWDM1OWhjeWtraGVld3QxMzUyM05HWklKUFdFWlZaVlVaWTIwODA0U0xZWTUxNDZsOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80bk5qbmYyMjY0NGpOeGUzNTlpZ2V3ZmRqZ2JoMTM1MjNYUlRWV01YRVZUUFlNRVoyMDgwNE1MRUc1MTQ2UzkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzR6eHRWZzIyNjQ0am5rdTM1OW5idWtsdWV5aWoxMzUyM1BETlpJV0NYVkVOWk5RVzIwODA0RllQSTUxNDZaOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNUJ4Rm5hMjI2NDRBaG9UMzU5Z2pqdmpwZ2NqZjEzNTIzWVhHQ1RKVktXWkVFSUNaMjA4MDRJSk5JNTE0NnA5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNrcnNhSDIyNjQ0ZFhMWTM1OW5mZGxtY3pibGgxMzUyM1FXWUhQVFVWU05PV0JBSjIwODA0VEtMTTUxNDZ6OSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==
