Alibaba Phish
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 16 Sep 2022 06:36:01 -0600
Received: from mail.humandock.com ([52.34.208.107]:54988 helo=mail.auto-panther.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oZ7ul-000KpD-MO
for dave@doctor.nl2k.ab.ca;
Fri, 16 Sep 2022 03:45:43 -0600
Received: by mail.auto-panther.com (Postfix, from userid 48)
id 3DBEB53958; Fri, 16 Sep 2022 17:18:43 +0900 (JST)
To: dave@doctor.nl2k.ab.ca
Subject: =?UTF-8?B?44CQQWxpYmFiYSBJbnF1aXJ5IE5vdGlmaWNhdGlvbuOAkVN1cGVyIFN1cHBsaWVycyBDby5MdGQgZnJvbSBVbml0ZWQgU3RhdGVzIGhhcyBzZW50IHlvdSBhbiBpbnF1aXJ5?=
X-PHP-Originating-Script: 48:8869910cc4a52b0ba10762413a5294e961d00dd5ee2.file.sendmail.tpl.php
From: =?UTF-8?B?ZmVlZGJhY2tAc2VydmljZS5hbGliYWJhLmNvbQ==?=
MIME-Version: 1.0;
Content-type: multipart/mixed; boundary="--jCcrl8Iq3f"
Message-Id: <20220916082049.3DBEB53958@mail.auto-panther.com>
Date: Fri, 16 Sep 2022 17:18:43 +0900 (JST)
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Trade Center IP:109.***.***.88 Increase your business opportunities
by replying in a timely manner. Reply Now Super Suppliers Co.Ltd Super Suppliers
Co.Ltd Hello dear Hi, I'm interested in this products. What is the MOQ for
this product? How long will it take to ship to my country? What is the best
price you can offer? Waiting for your reply. Best Regards.
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: agroexportavocados.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.34.208.107 listed in wl.mailspike.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 T_TVD_MIME_NO_HEADERS BODY: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.5 BOGUS_MIME_VERSION Mime version header is bogus
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
2.5 ALIBABA_IMG_NOT_RCVD_ALI Alibaba hosted image but message not
from Alibaba
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?UTF-8?B?44CQQWxpYmFiYSBJbnF1aXJ5IE5vdGlmaWNhdGlvbuOAkVN1cGVyIFN1cHBsaWVycyBDby5MdGQgZnJvbSBVbml0ZWQgU3RhdGVzIGhhcyBzZW50IHlvdSBhbiBpbnF1aXJ5?=
----jCcrl8Iq3f
Content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
|
Comments
Display comments as Linear | ThreadedNo comments