Izvukao sam ovo nešto SPAM-a čisto da se vidi šta se trenutno radi na tom polju od strane spamera, mislim da su sve hakovani nalozi verovatno putem krađe šifre, i onda uđu i spamuju masovno dok mogu, a lako je proći filtere jer je nalog legitiman sa legitimnog domena, ovo je sada ustaljen način spamovanja jer je isporučivost mejlova daleko bolja. attachmenti su uglavnom arhive koje sadrže EXE, jedan je SCR a jedan nearhiviran DOCX. Verovatno su poznati RAT/malware/štagod jer se ovo masovno šalje, ako neko hoće sample imam ih, ali mislim da se ne može otkriti ništa novo iz njih.
U martu 2022 sam objavio nešto slično https://twitter.com/milos_rs_/status/150...9754595331
U martu 2022 sam objavio nešto slično https://twitter.com/milos_rs_/status/150...9754595331
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id QN6gIjSdzGTmIAAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Fri, 04 Aug 2023 08:39:48 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Fri, 04 Aug 2023 08:39:48 +0200
Received: from [101.99.92.42] (port=46494 helo=ns1.gskplc.shop)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qRoTJ-0002J3-1j
for XXX@XXX;
Fri, 04 Aug 2023 08:39:37 +0200
Received: from gskplc.shop (localhost [IPv6:::1])
by ns1.gskplc.shop (Postfix) with ESMTPA id C7D2B8452E;
Fri, 4 Aug 2023 06:31:23 +0000 (UTC)
MIME-Version: 1.0
Date: Fri, 04 Aug 2023 09:31:23 +0300
From: =?UTF-8?Q?Bo=C5=A1ko_Ponjevi=C4=87?= <[email protected]>
To: undisclosed-recipients:;
Subject: zahtjev za ponudu
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: multipart/mixed;
boundary="=_dd3465c4c6d9bdfa90e3ff728be219d8"
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qRoTJ-0002J3-1j
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=2.504, required 5, HTML_MESSAGE 0.00, JMQ_SPF_NEUTRAL 0.50,
KAM_DMARC_STATUS 0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS 0.00,
RDNS_NONE 2.00, SPF_PASS -0.00, T_SCC_BODY_TEXT_LINE -0.01,
URIBL_BLOCKED 0.00, URIBL_DBL_BLOCKED_OPENDNS 0.00,
URIBL_ZEN_BLOCKED_OPENDNS 0.00)
X-PlusHosting-MailScanner-SpamScore: ss
X-PlusHosting-MailScanner-From: [email protected]
X-Spam-Status: No
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id bxCuNgYxymTpSQAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Wed, 02 Aug 2023 12:33:42 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Wed, 02 Aug 2023 12:33:42 +0200
Received: from [103.180.137.36] (port=49806 helo=mail.hot-mailer.top)
by cp11.ulimitserver.com with esmtp (Exim 4.96)
(envelope-from <[email protected]>)
id 1qR9AY-0004rS-1u
for XXX@XXX;
Wed, 02 Aug 2023 12:33:32 +0200
Received: from 103.180.137.36 (localhost [IPv6:::1])
by mail.hot-mailer.top (Postfix) with ESMTPA id 2EBFB603AF;
Wed, 2 Aug 2023 17:33:00 +0700 (+07)
MIME-Version: 1.0
Date: Wed, 02 Aug 2023 11:33:00 +0100
From: =?UTF-8?Q?=D0=A3=D0=BD=D0=B8=D0=B2=D0=B5=D1=80=D0=B7=D0=B8=D1=82?=
=?UTF-8?Q?=D0=B5=D1=82_=D1=83_=D0=91=D0=B5=D0=BE=D0=B3=D1=80=D0=B0=D0=B4?=
=?UTF-8?Q?=D1=83?= <[email protected]>
To: undisclosed-recipients:;
Subject: =?UTF-8?Q?=D0=97=D0=90=D0=A5=D0=A2=D0=95=D0=92_=D0=97=D0=90_?=
=?UTF-8?Q?=D0=9F=D0=9E=D0=9D=D0=A3=D0=94=D0=90=28=D0=A3=D0=BD=D0=B8=D0=B2?=
=?UTF-8?Q?=D0=B5=D1=80=D0=B7=D0=B8=D1=82=D0=B5=D1=82_=D1=83_=D0=91=D0=B5?=
=?UTF-8?Q?=D0=BE=D0=B3=D1=80=D0=B0=D0=B4=D1=83=29PO=2E02=2E08=2E2023?=
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
User-Agent: Roundcube Webmail/1.4.4
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: multipart/mixed;
boundary="=_bf9a133b119f834bf534b6b7cb815e75"
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qR9AY-0004rS-1u
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam (too large)
X-PlusHosting-MailScanner-From: [email protected]
X-Spam-Status: No
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id SL5OHp4KyWSCDQAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Tue, 01 Aug 2023 15:37:34 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Tue, 01 Aug 2023 15:37:34 +0200
Received: from cranbury.affwire.com ([88.209.206.34]:49764)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qQpYj-0001y8-3B
for XXX@XXX;
Tue, 01 Aug 2023 15:37:19 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=affwire.com;
h=From:Subject:To:Content-Type:MIME-Versionate:Message-Id; [email protected];
bh=APoTksg1hRGusbV3ftjJc98MArk=;
b=R72LNco4L8K9gMePw1J3gxyq1ePS4SG0rGknqyuZA8VBnT8vGD0zv0FtvDhSzaoBwLSQfxnoAUJh
GQSsS2Ij6eyvqNwzO3KgJ5E9nqZd819+73L3velDyto8OzfwDK/0b5930LmKucVEzsKdflN1g3XF
+3wZyX7mtdVrfYq30onr8FiOExpxpNtYY/Pr3+8DRb+EVzGhKN2AAqzzWF+N2m89hQyuHY4BtvGe
dmZOHBZHkNDou/EIw0XzBCRP2i8f33mhgZIc6g0xm1t45G/cYVtVhaOAWjv8tHyqtQbWJhT8HOBK
BBp7Cv50LRUV7Q/9dfYIwNA77W8EZ52mnxf4yg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=affwire.com;
b=dwXoEufOHwgKUFLokh+xUbRL2AEuzfZ6xC6g2hnaQAe80eqwcK8g/2OUbPKeQw54Nck0t3Lt1NMx
vvgEnH8xSe3I9DR+D3Qrpe7AjCxmG6S8WzVluAgK+kI7ixVWxrMO83HtKLnzunypG0fi6i7vPDUv
bccFqMaXKcsmLbpE3R9dvJAWKXNSbV8VMJoJWpjTxxinOZSGQEsSM4bw/Yxfm/SscP8sDCYIBLJe
Ui0Rx9etYNyEe6mHBgPIdvKWzCPCt42Y/r4wOIDSH0xh+SKSPsDa/usUZUjYSfq79CSYtc+Bu4nn
/PobSbIbSbmSYWdNC5QtAKat6evktB0UDCwyIg==;
From: "Server Admin - XXX" <[email protected]>
Subject: =?UTF-8?B?T2JhdmlqZXN0OiBQb3J1a2UgbmEgxI1la2FuanUgemEgKHUx?=
=?UTF-8?B?MEB1MTAucnMpIC0gOC8xLzIwMjM=?=
To: <XXX@XXX>
Content-Type: multipart/alternative; boundary="QPiY51IqaBmU=_Hgsr4ajqc7X7afBIXRHc"
MIME-Version: 1.0
Date: Tue, 1 Aug 2023 06:37:09 -0700
Message-Id: <[email protected]>
X-Spam-Status: No, score=0.4, No
X-Spam-Score: 4
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "cp11.ulimitserver.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: XXX Obavještenje WebMail-a: Poslali smo vam novu šifrovanu
poruku XXX Administrator vam je poslao novu šifrovanu poruku putem WebMail-a
iz sigurnosnih razloga. Molimo kliknite na sljedeće polje da se prijavite
na svoj korisnički račun WebMail i pristupite por [...]
Content analysis details: (0.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsB...nsbl-block
for more information.
[URIs: r2.dev]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: r2.dev]
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query
to zen.spamhaus.org was blocked due to
usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[88.209.206.34 listed in zen.spamhaus.org]
0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: r2.dev]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.5 KAM_NUMSUBJECT Subject ends in numbers excluding current years
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Flag: NO
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qQpYj-0001y8-3B
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.295, required 5, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
DKIM_VALID_AU -0.10, DKIM_VALID_EF -0.10,
HTML_FONT_LOW_CONTRAST 0.00, HTML_MESSAGE 0.00, KAM_NUMSUBJECT 0.50,
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.00, SPF_PASS -0.00,
T_SCC_BODY_TEXT_LINE -0.01, URIBL_BLOCKED 0.00,
URIBL_DBL_BLOCKED_OPENDNS 0.00, URIBL_ZEN_BLOCKED_OPENDNS 0.00)
X-PlusHosting-MailScanner-From: [email protected]
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id MIcyDKbDyGRlIwAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Tue, 01 Aug 2023 10:34:46 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Tue, 01 Aug 2023 10:34:46 +0200
Received: from cranbury.affwire.com ([88.209.206.34]:56550)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qQkpw-0002Kh-0M
for XXX@XXX;
Tue, 01 Aug 2023 10:34:45 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=affwire.com;
h=From:Subject:To:Content-Type:MIME-Version
bh=eyWg91cuCowUKRlH5EaAzqUVZ/I=;
b=5HqBx2Mv1w8f9/bDwsiq4spbDHk+2nGHG6ph7rs9zzAftejchP2tpLvXj7gUq0dozfOcXpOEoKQ/
ssKurb/MilI3BDS2tQKK6TU1GlstFSpsPJAL2kj5R2tOIp3Vo1/eP9E/LFn6dJjFB2cQlFfDRKvf
KHz0evgl+UUIbbTF7XjHOviNTx1qpsHmo8rg1BRpLl9/Ri3Qxc0G+J04DoCXSew2gEoWtpVyoQwP
bwiEy2ubenELl5nzaWPZCAec5ok/wsdYbvT95EDHW46gp4GluYftVvUcYWjBC2r51xCfdUSj0dbR
XoR00BaFCo6tzpXDdUKFlRYwiNCx1yvxHvMQbQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=affwire.com;
b=rEWot9onEsWGTEhDIMph6TRPMDuy3KT4sGzA+qDt8Gj0PAmx2ypj4hT8o1wkVJFCg0r6qpw0tezt
w5RPy2Ut38ZHibp8vim9D7xrlvSKDjbYtMk/OkOe4HoOI4uMS4DjF+OOAN0hrAoL+XVQMsTy9RNG
Hk4QXUR3f//U0mJAepU0X+jRMW6fz1a6+nWw5554T2jlDS3ONn3wJQXPfDVC9q7D74bVJGSV+ztO
tHNMjMlZOcn1eoR593OnBcXS5IAbadU3DO/QkBcSyag6uFGGRpZ+W9Pq1WJcG1YZe5fEZ1irX6gl
1fUOz3sw2Uh8fL5IZqSzZPCVXQ6YIuZ/YWQYJQ==;
From: "Mirjana Djotunovic" <[email protected]>
Subject: UGOVOR
To: <XXX@XXX>
Content-Type: multipart/mixed; boundary="QPiY51IqaBmU=_Hgsr4ajqc7X7afBIXRHc"
MIME-Version: 1.0
Date: Tue, 1 Aug 2023 01:34:35 -0700
Message-Id: <[email protected]>
X-Spam-Status: No, score=-0.1, No
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "cp11.ulimitserver.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Poštovani, U prilogu se nalazi overen i potpisan ugovor .
Plaćanje će biti regulisano do kraja ove nedelje. Srdačan pozdrav Mirjana
Djotunovic
Content analysis details: (-0.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsB...nsbl-block
for more information.
[URIs: affwire.com]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: affwire.com]
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query
to zen.spamhaus.org was blocked due to
usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[88.209.206.34 listed in zen.spamhaus.org]
0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: affwire.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Flag: NO
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qQkpw-0002Kh-0M
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam (too large)
X-PlusHosting-MailScanner-From: [email protected]
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id QB5bHq+ix2RtcQAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Mon, 31 Jul 2023 14:01:51 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Mon, 31 Jul 2023 14:01:51 +0200
Received: from [194.180.49.188] (port=56739 helo=mail0.frenzalit.com)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qQRag-0007am-0z
for XXX@XXX;
Mon, 31 Jul 2023 14:01:43 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=frenzalit.com;
h=From:To:Subject
[email protected];
bh=JWaRfFlqUwzxgCyZ4fvbrKj8C/t9bRn9eRRYb74Sg4Y=;
b=SALYe5JpggbkC1lo+piQoXwilPDExeMbFCTSvJ1zN9N2EamxQ+vSuCVzuB+0AhilhPuB0lzpHfLl
Ln8ld8tK1BgF6TUKNu3Ejrjt2RAPZbafrBSmtQ411+vCoFnxB6dIHesyCEz7O67wWwirNFjfnnLw
VYoV6pzEE28x+Nq8jps=
From: "=?UTF-8?B?RGFtamFuIEJhYmnEhw==?=" <[email protected]>
To: XXX@XXX
Subject: =?UTF-8?B?UGxhxIdhbmpl?=
Date: 31 Jul 2023 05:01:29 -0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_2480ADC2.F44D2BE0"
X-Spam-Status: No, score=2.0, No
X-Spam-Score: 20
X-Spam-Bar: ++
X-Ham-Report: Spam detection software, running on the system "cp11.ulimitserver.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: zdravo Šaljem vam bankovnu kopiju ove uplate, potvrdite nam
rok isporuke. Pozdrav,
Content analysis details: (2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsB...nsbl-block
for more information.
[URIs: frenzalit.com]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: frenzalit.com]
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query
to zen.spamhaus.org was blocked due to
usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[194.180.49.188 listed in zen.spamhaus.org]
0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: frenzalit.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Flag: NO
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qQRag-0007am-0z
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=3.904, required 5, DKIM_ADSP_ALL 1.10, DKIM_INVALID 0.10,
DKIM_SIGNED 0.10, HTML_MESSAGE 0.00, JMQ_SPF_NEUTRAL 0.50,
KAM_DMARC_STATUS 0.01, MIME_HTML_ONLY 0.10,
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.00, RDNS_NONE 2.00, SPF_PASS -0.00,
T_SCC_BODY_TEXT_LINE -0.01, URIBL_BLOCKED 0.00,
URIBL_DBL_BLOCKED_OPENDNS 0.00, URIBL_ZEN_BLOCKED_OPENDNS 0.00)
X-PlusHosting-MailScanner-SpamScore: sss
X-PlusHosting-MailScanner-From: [email protected]
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id kCtLAw/Rv2Q8UwAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Tue, 25 Jul 2023 15:41:35 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Tue, 25 Jul 2023 15:41:35 +0200
Received: from out12.ervers.com ([185.136.91.40]:51999)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qOII8-0005mF-0V
for XXX@XXX;
Tue, 25 Jul 2023 15:41:32 +0200
Received: from setentaytres76.serverov.com (setentaytres76.serverov.com [188.93.73.76])
by out12.ervers.com (8.15.2/8.15.2/Debian-8) with ESMTP id 36PDTn9b003390;
Tue, 25 Jul 2023 15:32:10 +0200
Received: from webmail.inquirahe.com (localhost.localdomain [IPv6:::1])
by setentaytres76.serverov.com (Postfix) with ESMTPSA id 2DEA660BFE33;
Tue, 25 Jul 2023 14:31:51 +0100 (WEST)
Authentication-Results: setentaytres76.serverov.com;
spf=pass (sender IP is ::1) [email protected] smtp.helo=webmail.inquirahe.com
Received-SPF: pass (setentaytres76.serverov.com: connection is authenticated)
MIME-Version: 1.0
Date: Tue, 25 Jul 2023 16:31:51 +0300
From: =?UTF-8?Q?Slobodan_Rokvi=C4=87?= <[email protected]>
To: undisclosed-recipients:;
Subject: zahtev za ponudu
User-Agent: Roundcube Webmail/1.4.13
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: multipart/mixed;
boundary="=_42a98474956f108a9c7b8daff3aac0ca"
X-Bayes-Prob: 0.0001 (Score 0, tokens from: setentaytres76.serverov.com, adw:default, base:default, @@RPTN)
X-CanIt-Geo: ip=188.93.73.76; country=ES; latitude=40.4172; longitude=-3.6840; http://maps.google.com/maps?q=40.4172,-3.6840&z=6
X-CanItPRO-Stream: adwetentaytres76.serverov.com (inherits from adw:default,base:default)
X-Canit-Stats-ID: 03appw94I - a3e998c6db0a - 20230725
X-Scanned-By: CanIt (www . roaringpenguin . com) on 185.136.91.40
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qOII8-0005mF-0V
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam (too large)
X-PlusHosting-MailScanner-From: [email protected]
X-Spam-Status: No
Quote:Return-Path: <[email protected]>
Delivered-To: XXX@XXX
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id pRMXK349rmSbBQAAEIIGUw
(envelope-from <[email protected]>)
for <XXX@XXX>; Wed, 12 Jul 2023 07:43:26 +0200
Return-path: <[email protected]>
Envelope-to: XXX@XXX
Delivery-date: Wed, 12 Jul 2023 07:43:26 +0200
Received: from c598.lh.pl ([185.135.91.38]:52448)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <[email protected]>)
id 1qJSd1-0000Iy-1h
for XXX@XXX;
Wed, 12 Jul 2023 07:43:16 +0200
Received: from localhost ([127.0.0.1] helo=c598.lh.pl)
by c598.lh.pl with esmtpa (Exim 4.96)
(envelope-from <[email protected]>)
id 1qJSYp-0000DN-2p;
Wed, 12 Jul 2023 07:38:47 +0200
MIME-Version: 1.0
Date: Wed, 12 Jul 2023 08:38:47 +0300
From: =?UTF-8?Q?Tatjana_Kla=C4=87?= <[email protected]>
To: undisclosed-recipients:;
Subject: {Spam?} FW: SWIFT doznaka WURTH SLN DOO EUR 10.850,00 20230711153308
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: multipart/mixed;
boundary="=_584771e9518c38f642396319523ae00e"
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-Authenticated-Id: [email protected]
X-Spam-Subject: ***SPAM*** FW: SWIFT doznaka WURTH SLN DOO EUR 10.850,00 20230711153308
X-Spam-Status: Yes, score=13.0
X-Spam-Score: 130
X-Spam-Bar: +++++++++++++
X-Spam-Report: Spam detection software, running on the system "cp11.ulimitserver.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Poštovani, U prilogu pogledajte potvrdu o uplati S' poštovanjem,
Tatjana Klać Predstavnik prodaje Mob.: +38162684860 [1]
Content analysis details: (13.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query
to zen.spamhaus.org was blocked due to
usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[185.135.91.38 listed in zen.spamhaus.org]
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
4.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sa...server.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
0.0 LOTS_OF_MONEY Huge... sums of money
0.5 KAM_NUMSUBJECT Subject ends in numbers excluding current years
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.5 TO_NO_BRKTS_PCNT To: lacks brackets + percentage
X-Spam-Flag: YES
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qJSd1-0000Iy-1h
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=10.534, required 5, DCC_CHECK 1.10, DEAR_SOMETHING 1.73,
FSL_BULK_SIG 0.00, HTML_MESSAGE 0.00, KAM_DMARC_STATUS 0.01,
KAM_NUMSUBJECT 0.50, LOTS_OF_MONEY 0.00,
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.00, SPF_FAIL 4.00,
T_SCC_BODY_TEXT_LINE -0.01, UNDISC_MONEY 3.20)
X-PlusHosting-MailScanner-SpamScore: ssssssssss
X-PlusHosting-MailScanner-From: [email protected]
