Instragam followers spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Apr 2024 21:29:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rwZUe-00000000OZK-1IDz

for dave@doctor.nl2k.ab.ca;

Mon, 15 Apr 2024 21:28:24 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Apr 2024 21:28:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f69.google.com ([209.85.161.69]:43096)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rwYhv-00000000JtD-15l8

for sales@nk.ca;

Mon, 15 Apr 2024 20:38:07 -0600

Received: by mail-oo1-f69.google.com with SMTP id 006d021491bc7-5aa1fe6ec61so3248217eaf.0

for ; Mon, 15 Apr 2024 19:36:08 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1713234962; x=1713839762; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;

b=R6V3a+f299dMmS6VIPSGNrm5aU+TQKhlWJEeUKG/DRzv/0vx/MrBp22BtEL1dUqHwp

Y6LLgteRpE5T5TCu7aDZrIHONZRXGjFDSRHGo1djtg3aHibcsgDQNJFtb0kSWupYpyu1

9VTGQQzgYETP+yBdi8/fOmVvuOFJ4UrzIxIf6n2RuzchSACb8Y9491eoV0J/CBLEEmzt

ptTjQhqBC2X8PwxJmVsig8M/sQFvLMfvkrhappO2kJ+8hb1fKR/ViGdT5cz34P9Hhhj5

VZHl716/Ydq28IV/RgRQRygw9Mjs4rFttJyrR4kFXtskpxcVMBo7NTuLALqKulYGvB28

j4fg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1713234962; x=1713839762;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=myG72j07tOV6+0csQmGWftgKvahPdjjFaaFAGnm5O7g=;

b=koODS6aS1//zMqgP4gOxuh0Bz6R+pvkx7jkpYwF2GNHcS5GgaDoMDWvmoe5WX4GiTa

Q73Gn59OrJSoeARpZtCaEJPPdErGYComkrZMO4pfYMoBUoZwON0DAsRfCI6X8mrCayzU

ZJa3QhlMscX9mIoofQ8PZmzJ/sRt9qnEQg8yASBhSaFbEcB6EjAZNpYo9VbRiGx0slEJ

xilknz4Zu1GtaiqO/mq5ghxx3nNCxHeYeYhCY3XNFN9fRiYBQWkRB1iXmKuxhNK+ZNFa

Rj5dXzjITLJRGTDia+opt4X2ZCTJXm7kPMtfU9F0TYALpKkrU6O5tvgSO5ksRI024vDs

jwrg==

X-Gm-Message-State: AOJu0Yxg8tp8N1BJ6WC2CCp6B3Iz2VRkmiHLxvl1a/fp6PwbqR9fIDZk

LAuPnPb7Ppb+YOjFPJqDYDku4M6OyCLqd5RluutxMs5obuALIOupvlkFWXLYiQ5YkMYK/Sc3IhQ

=

X-Google-Smtp-Source: AGHT+IFo4KF04C8Hstak2McmntlLpcTaliHUkYk4CO9B4VGis8F+eWN+NTNdvwcmta/BwoIGXlq+GcghlQ==

MIME-Version: 1.0

X-Received: by 2002:a05:6871:7615:b0:22a:d3b:e68f with SMTP id

ob21-20020a056871761500b0022a0d3be68fmr7962oac.2.1713219264556; Mon, 15 Apr

2024 15:14:24 -0700 (PDT)

Message-ID:

Date: Mon, 15 Apr 2024 22:14:24 +0000

Subject: netknowyeg, Information

From: hendrategar931@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi , Netknow Internet Service Get 100K Followers Instagram

NOW, Please visit the web page below Cheaper. [ https://bit.ly/instamaxshop?netknowyeg

]



Content analysis details: (8.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.69 listed in dnsbl.ahbl.org]

[209.85.161.69 listed in dnsbl.ahbl.org]

[209.85.161.69 listed in dnsbl.ahbl.org]

[209.85.161.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.69 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

[209.85.161.69 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.69 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.69 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[hendrategar931(at)gmail.com]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[hendrategar931(at)gmail.com]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} netknowyeg, Information

X-Antivirus: AVG (VPS 240415-4, 4/15/2024), Inbound message

X-Antivirus-Status: Clean



SGkgLA0KTmV0a25vdyBJbnRlcm5ldCBTZXJ2aWNlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIElu

c3RhZ3JhbSBOT1csDQpQbGVhc2UgdmlzaXQgdGhlIHdlYiBwYWdlIGJlbG93IENoZWFwZXIuDQoN

ClsgaHR0cHM6Ly9iaXQubHkvaW5zdGFtYXhzaG9wP25ldGtub3d5ZWcgXQ0KDQpEbyB5b3UgaGF2

ZSBhYm91dCBbIExlc3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NCkluY3JlYXNlIE5vdyAuLiEh

ISBPZmYgNDAlIFRvZGF5Li4uISEhDQoNCi0gSW5zdGFudA0KLSBTYWZlc3QgTWV0aG9kcw0KLSBQ

cml2YWN5IFByb3RlY3Rpb24NCi0gU3BlZWQgNTBLIC0gMTAwSyBGb2xsb3dlcnMvZGF5DQotIEhp

Z2ggUXVhbGl0eSBGb2xsb3dlcnMgJiBSZWFsDQotIERyb3AtQmFjayBHdWFyYW50ZWUNCi0gVHJ1

c3RlZA0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93ZXJzIEluc3RhZ3JhbQ0KDQooIFRocmVhZHMs

IEluc3RhZ3JhbSwgVHdpdHRlciwgWW91dHViZSwgRmFjZWJvb2ssIGV0Yy4gKQ0KDQoNCg0KVGhh

bmsgeW91LA0KUmVnYXJkcywNCg0KDQpDb3B5cmlnaHQgwqkgMjAxNCAtIDIwMjUgSW5zdGFtZWRp

YVByb01BWC4gQWxsIFJpZ2h0cyBSZXNlcnZlZC4NCg==

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA