SPAM de server59.powerteam.com : DIRECTION GENERALE DES IMPOTS : Nouveaux remboursement disponibles

Un SPAM de server59.powerteam.com , à noter que le SPF passe … merci powerteam.com ( cela envoi vers https://usersidlimited.com/remboursement/ : NE PAS CLIQUER SUR LE LIEN )  :

Return-Path: <service@userchecksecurity.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on spamd14.phpnet.org
X-Spam-Level: 
X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
	NORDNS_LOW_CONTRAST,SPF_HELO_NONE,SPF_SOFTFAIL,T_KAM_HTML_FONT_INVALID,
	URIBL_BLOCKED,URI_TRUNCATED autolearn=no autolearn_force=no
	version=3.4.2
Received: from server59.powerteam.com (unknown [185.67.1.85])
...
Authentication-Results: server59.powerteam.com;
	spf=pass (sender IP is 93.115.96.181) smtp.mailfrom=service@userchecksecurity.com smtp.helo=[93.115.96.181]
Received-SPF: pass (server59.powerteam.com: connection is authenticated)
...
Subject: Nouveaux remboursement disponibles
Message-ID: <cbd03706a3c4724ea0337688b69973d1@93.115.96.181>
Date: Mon, 16 Dec 2019 00:10:13 +0100

Whois :

  • powerteam.com :
Registrant Contact Information:
NameDomain Administrator
Organization SPX FLOW, Inc.
Address 13320 Ballantyne Corporate Place
City Charlotte
State / Province NC
Postal Code 28277
Country US
Phone +1.7047524626
Email
  • usersidlimited.com
    •  OVH : Merci …. c’est bien quand on reste sur du français … Misère.

Le message est assez bien fait …. on progresse :

SPAM de akhwa.com via mailin.fr

SPAM mon amour …

Subject: Yakhwa vous offre la boisson !
...
Date: Sun, 09 Sep 2018 23:00:55 +0200
Feedback-ID: paid_client_185.41.28.11:2079484:2079484_26:Sendinblue
From: L'equipe@mxin.phpnet.org,
	Yakhwa@mxin.phpnet.org:) <christophe.adami@yakhwa.com>
List-Id: MjA3OTQ4NC0xOS00 
...
MIME-Version: 1.0
Message-Id: <201809092300.whv1fxu37j@ak.d.mailin.fr>
Precedence: bulk
Reply-To: christophe.adami@yakhwa.com
X-Mailer: Sendinblue
X-Mailin-Campaign: 26
X-Mailin-Client: 2079484

Les autres domaines dans le SPAM :

  • sendibm1.com

A suivre.

SPAM de n2.mses3.net via n2.mses3.net

Encore du SPAM :

Return-Path: <m@n2.mses3.net>
...
Received: from 10.0.0.126 by mx (envelope-from <m@n2.mses3.net>, uid 65534) with qmail-scanner-2.05st 
 ( 
 Clear:RC:1(10.0.0.126):. 
 Processed in 0.005214 secs); 03 Aug 2018 17:21:02 -0000
...
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=5.0 tests=COUNTRY1,HTML_MESSAGE,
	SPF_HELO_PASS,SPF_PASS,T_KHOP_FOREIGN_CLICK,URI_HEX autolearn=disabled
	version=3.4.0
X-Spam-Relay-Country: EU
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on spamd12
...
Received: from n2.mses3.net (n2.mses3.net [185.158.7.249])
...
x-from:  Marie <m@n2.mses3.net>
X-Mailer:  MailStronger
X-Complaints-To: abuse@welead.ch
X-Feedback-ID: 5532:13623:Transac:Mailstronger
...
Message-Id: <1533316850-7b0f07dcb699bf995fe3c5af3fdbd481@n2.mses3.net>

Les noms de domaines :

  • mses3.net
  • welead.ch
  • BIT.LY/GELAMINCISSANT
  • l.n2.mses3.net : Pixel.

SPAM de phytoreponse.fr via mailjet.com

Du SPAM toujours et encore …

Message-Id: <fbd0b171.AMIAAAYgKdUAABQK6C0AAAPrP-YAAAAASx8AACf7AAWxhgBa4unZ@mailjet.com>
MIME-Version: 1.0
From: =?UTF-8?q?Actualit=C3=A9s_de_Phytor=C3=A9ponse?=
	<actus@phytoreponse.fr>
...
Subject: =?UTF-8?Q?-15%_Les_French_Days_d=C3=A9barquent_?=
 =?UTF-8?Q?chez_Phytoreponse_?=
Date: Fri, 27 Apr 2018 09:14:01 +0000
List-Id: 
List-Unsubscribe: <mailto:unsub-fbd0b171.uqgv.s0zpohzyy0ij@bnc3.mailjet.com>
Precedence: bulk
X-CSA-Complaints: whitelist-complaints@eco.de
X-MJ-Mid:
	AMIAAAYgKdUAABQK6C0AAAPrP-YAAAAASx8AACf7AAWxhgBa4unZaMdkT5sLTX2GQORDFJLhyQAFdiA
X-MJ-SMTPGUID: 68c7644f-9b0b-4d7d-8640-e4431492e1c9
X-REPORT-ABUSE-TO: Message sent by Mailjet please report to
	abuse@mailjet.com with a copy of the message
Feedback-Id: 357920.373126:MJ

Toujours mailjet.com !
La liste des noms de domaines dans le SPAM :

  • mjt.lu
  • libeedo.com
  • phytoreponse.fr