Dating phish from China
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Sun, 17 Jul 2022 07:58:00 -0600
Received: from [101.86.213.141] (port=47490 helo=chinatelecom.cn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oD4lu-0000K2-6U
for dave@nk.ca;
Sun, 17 Jul 2022 07:57:28 -0600
Message-ID: <5690E840.80808879@chinatelecom.cn>
List-Unsubscribe:
Date: Sun, 17 Jul 2022 21:57:31 +0800
From: Dorine V.
MIME-Version: 1.0
To: Dave
Subject: I thought you loved me - and you?
Content-Type: multipart/alternative;
boundary="------------833315509824531383802289"
X-Spam_score: 34.6
X-Spam_score_int: 346
X-Spam_bar: ++++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: During neglectful, by hotly bandolier.Hey my sweety pecker..I'm
Dorine. I am from Moldova :-}I am a very positive and sociable person, I
like to smile and I like to present my smile and good mood to o [...]
Content analysis details: (34.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: beatyfree.cn]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: beatyfree.cn]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: beatyfree.cn]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=pydooo%40chinatelecom.cn;ip=101.86.213.141;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=chinatelecom.cn;ip=101.86.213.141;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of
words
1.0 J_WEEDS_C FULL: Dec/Hex char Enc [Cc]
1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]
1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]
1.0 J_WEEDS_F FULL: Dec/Hex char Enc [Ff]
1.0 J_WEEDS_G FULL: Dec/Hex char Enc [Gg]
1.0 J_WEEDS_N FULL: Dec/Hex char Enc [Nn]
1.0 J_WEEDS_S FULL: Dec/Hex char Enc [Ss]
1.0 J_WEEDS_O FULL: Dec/Hex char Enc [Oo]
1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]
1.0 J_WEEDS_H FULL: Dec/Hex char Enc [Hh]
1.0 J_WEEDS_I FULL: Dec/Hex char Enc [Ii]
1.0 J_WEEDS_M FULL: Dec/Hex char Enc [Mm]
1.0 J_WEEDS_W FULL: Dec/Hex char Enc [Ww]
1.0 J_WEEDS_B FULL: Dec/Hex char Enc [Bb]
1.0 J_WEEDS_P FULL: Dec/Hex char Enc [Pp]
1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]
1.0 J_WEEDS_V FULL: Dec/Hex char Enc [Vv]
1.0 J_WEEDS_A FULL: Dec/Hex char Enc [Aa]
1.0 J_WEEDS_U FULL: Dec/Hex char Enc [Uu]
1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]
1.0 J_WEEDS_L FULL: Dec/Hex char Enc [Ll]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Subject: {SPAM?} I thought you loved me - and you?
This is a multi-part message in MIME format.
--------------833315509824531383802289
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: quoted-printable
During neglectful, by hotly bandolier.Hey my sweety pecker..I'm Dorine. =
I am from Moldova :-}I am a very positive and sociable person, I like to =
smile and I like to present my smile and good mood to other people, I =
think a smile helps in our life. I am a very careful person and I like =
to care of my beloved man. My account is here: =
http://Dorine.beatyfree.cnCheck out my picI hope you will find me there =
and we will become friends.. Waiting for yr reply!If you think I'm wrong =
unsubscribe
--------------833315509824531383802289
Content-Type: text/html; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
windows-1252">
During neglectful, by hotly bandolier.
--------------833315509824531383802289--
Envelope-to: dave@nk.ca
Delivery-date: Sun, 17 Jul 2022 07:58:00 -0600
Received: from [101.86.213.141] (port=47490 helo=chinatelecom.cn)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oD4lu-0000K2-6U
for dave@nk.ca;
Sun, 17 Jul 2022 07:57:28 -0600
Message-ID: <5690E840.80808879@chinatelecom.cn>
List-Unsubscribe:
Date: Sun, 17 Jul 2022 21:57:31 +0800
From: Dorine V.
MIME-Version: 1.0
To: Dave
Subject: I thought you loved me - and you?
Content-Type: multipart/alternative;
boundary="------------833315509824531383802289"
X-Spam_score: 34.6
X-Spam_score_int: 346
X-Spam_bar: ++++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: During neglectful, by hotly bandolier.Hey my sweety pecker..I'm
Dorine. I am from Moldova :-}I am a very positive and sociable person, I
like to smile and I like to present my smile and good mood to o [...]
Content analysis details: (34.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: beatyfree.cn]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: beatyfree.cn]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: beatyfree.cn]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=pydooo%40chinatelecom.cn;ip=101.86.213.141;r=doctor.nl2k.ab.ca]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=chinatelecom.cn;ip=101.86.213.141;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of
words
1.0 J_WEEDS_C FULL: Dec/Hex char Enc [Cc]
1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]
1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]
1.0 J_WEEDS_F FULL: Dec/Hex char Enc [Ff]
1.0 J_WEEDS_G FULL: Dec/Hex char Enc [Gg]
1.0 J_WEEDS_N FULL: Dec/Hex char Enc [Nn]
1.0 J_WEEDS_S FULL: Dec/Hex char Enc [Ss]
1.0 J_WEEDS_O FULL: Dec/Hex char Enc [Oo]
1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]
1.0 J_WEEDS_H FULL: Dec/Hex char Enc [Hh]
1.0 J_WEEDS_I FULL: Dec/Hex char Enc [Ii]
1.0 J_WEEDS_M FULL: Dec/Hex char Enc [Mm]
1.0 J_WEEDS_W FULL: Dec/Hex char Enc [Ww]
1.0 J_WEEDS_B FULL: Dec/Hex char Enc [Bb]
1.0 J_WEEDS_P FULL: Dec/Hex char Enc [Pp]
1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]
1.0 J_WEEDS_V FULL: Dec/Hex char Enc [Vv]
1.0 J_WEEDS_A FULL: Dec/Hex char Enc [Aa]
1.0 J_WEEDS_U FULL: Dec/Hex char Enc [Uu]
1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]
1.0 J_WEEDS_L FULL: Dec/Hex char Enc [Ll]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Subject: {SPAM?} I thought you loved me - and you?
This is a multi-part message in MIME format.
--------------833315509824531383802289
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: quoted-printable
During neglectful, by hotly bandolier.Hey my sweety pecker..I'm Dorine. =
I am from Moldova :-}I am a very positive and sociable person, I like to =
smile and I like to present my smile and good mood to other people, I =
think a smile helps in our life. I am a very careful person and I like =
to care of my beloved man. My account is here: =
http://Dorine.beatyfree.cnCheck out my picI hope you will find me there =
and we will become friends.. Waiting for yr reply!If you think I'm wrong =
unsubscribe
--------------833315509824531383802289
Content-Type: text/html; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
windows-1252">
Hey my =
sweety pecker..
sweety pecker..
I'm =
Dorine. I aٓm frٖom =
Moldova :-}
Dorine. I aٓm frٖom =
Moldova :-}
I am a =
very positive and =
sociable person, I =
lḭke to smi٘le =
and I li̕ke to =
present my smile and =
good mood to other =
peَople, I thͨink a =
smile helps in oͭu٘r life. I =
am a very careͫful =
persoٓn and I like to =
care of my beloved =
man.
very positive and =
sociable person, I =
lḭke to smi٘le =
and I li̕ke to =
present my smile and =
good mood to other =
peَople, I thͨink a =
smile helps in oͭu٘r life. I =
am a very careͫful =
persoٓn and I like to =
care of my beloved =
man.
My =
account is here̒:
"http://Dorine.beatyfree.cn">
color:#0203F7; =
font-size:22pt">http://Dorine.beatyfree.cn
account is here̒:
"http://Dorine.beatyfree.cn">
color:#0203F7; =
font-size:22pt">http://Dorine.beatyfree.cn
I hope you =
will find me there and we =
wi֕ll become =
friends.. Waiting for =
yr reply!
will find me there and we =
wi֕ll become =
friends.. Waiting for =
yr reply!
If you =
think I'm wrong
"http://Dorine.beatyfree.cn/unsubscribe/">
"text-decoration:underline; color:#0304F1; =
font-size:22pt">unsubscribe
think I'm wrong
"http://Dorine.beatyfree.cn/unsubscribe/">
"text-decoration:underline; color:#0304F1; =
font-size:22pt">unsubscribe
--------------833315509824531383802289--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments