This is a Fastmail Abuse Report for an email message received from domain gagauzyeri.md, IP 78.46.109.73, on Tue, 11 Aug 2020 13:08:12 +0000.
Reported-Domain: gagauzyeri.md
Source-Ip: 78.46.109.73
Source: Fastmail
Abuse-Type: complaint
Feedback-Type: abuse
User-Agent: ReturnPathFBL/2.0
Version: 1
Original-Mail-From: webmaster@gagauzyeri.md
Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/394804
Arrival-Date: Tue, 11 Aug 2020 13:08:12 +0000
Original-Rcpt-To: 87c78a23b34d8d8c9844279075fd17c6@fastmail.co.uk
Received: from forward3-smtp.messagingengine.com (forward3-smtp.messagingengine.com [66.111.4.237])
by haraka-ss-mx-5 (Haraka/2.8.21) with ESMTPS id 22D8BF1B-B8C1-40C9-8412-14CDDE7232D4.1
envelope-from <noreply@fastmail.com>
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 verify=FAIL);
Thu, 13 Aug 2020 05:47:20 +0000
Received: from mailredirect.nyi.internal (imap35.nyi.internal [10.202.2.85])
by mailforward.nyi.internal (Postfix) with ESMTP id 101C319415C3;
Thu, 13 Aug 2020 01:47:20 -0400 (EDT)
Received: by mailredirect.nyi.internal (Postfix, from userid 99)
id E9F3214C00D7; Thu, 13 Aug 2020 01:47:19 -0400 (EDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by sloti35d1t08 (Cyrus 3.3.0-143-g3d58b38-fm-20200806.002-g3d58b387) with LMTPA;
Tue, 11 Aug 2020 09:08:15 -0400
X-Cyrus-Session-Id: sloti35d1t08-1597151295-2302797-2-2605512240531470394
X-Backscatter: NotFound1
X-Backscatter-Hosts:
Received: from mx1 ([10.202.2.200])
by compute1.internal (LMTPProxy); Tue, 11 Aug 2020 09:08:15 -0400
Received: from mx1.messagingengine.com (localhost [127.0.0.1])
by mailmx.nyi.internal (Postfix) with ESMTP id 11B82380083
for <87c78a23b34d8d8c9844279075fd17c6@fastmail.co.uk>; Tue, 11 Aug 2020 09:08:15 -0400 (EDT)
Received: from mx1.messagingengine.com (localhost [127.0.0.1])
by mx1.messagingengine.com (Authentication Milter) with ESMTP
id DE5D3898F4D;
Tue, 11 Aug 2020 09:08:15 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm3; t=
1597151295; b=dIPhWSQ7mYm4MT3dGZQBOiKcsizeXzEyhMtC2Q546wtgcD3Dwc
IyCddmfIys3w+SxaRXEv+TxeU+sVqftuU8E2KcBk/7SgiqflO4yTlV9nmMmgGUpv
iDdKYeb+Di/PotGt2R/9vGs8zf+p75vLU8zDhGcz1nHp6cHa2/S4stf/eQBlpsXZ
qG6crwVs02huLJ5bIRjRBMUQsr1CfkOWcBicz6G7BspuRSbq7l9rvFM49MSwUaTd
5KwnMgVjyqIeKPJioh6zfjOQfCAw60awXeCYyIrhJyWnMO11mHmI84r9yk3hlu1i
BA567rQIP/xBSorBigykmCDBCF4gOJrexLVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=to:subject:from:mime-version:content-type
:message-id:date; s=fm3; t=1597151295; bh=zWhl4+XzgVtBH5hbVzvfRl
FREk/8f9bWJmDJ82G+6Oo=; b=ZF2Aiw+Epm/VTo3gKo21PF88TZPyT4FQxPle7u
VT8REYAmv66vu0+Qx6E6wbhNge1RWHxIVFGWxDhA/8PXthf3xO5pl0OdXncqvews
BOi9luKKQ2s/esZOmmlex24avnG/MjjA4wrmZsvifFcD2fb9s1AAZ8L9ZOyH43Wy
BiCWXhRmtIxrPEBBmB+Rp2IaNagR/ya5tN9ho8u9Ddik/GLa294zdlhXPw/UktXN
bSX1dUG4UEkHpMv+Q6ywt19IIfri1sjNG1jND0a4+vnzz0r0Np4OZDvRtgFQqsfw
LhT3dT63fovVqaODJacCN5w9v/VooylbfqaAzkr4By8cbOhw==
ARC-Authentication-Results: i=1; mx1.messagingengine.com; arc=none (no signatures found);
bimi=skipped (DMARC none);
dkim=none (no signatures found);
dmarc=none policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
(p=none,d=none,d.eval=none) policy.policy-from=p
header.from=gagauzyeri.md;
iprev=pass smtp.remote-ip=78.46.109.73 (21.fsn1.hetzner.abcd.network);
spf=softfail smtp.mailfrom=webmaster@gagauzyeri.md
smtp.helo=21.fsn1.hetzner.abcd.network;
x-aligned-from=pass (Address match);
x-ptr=pass smtp.helo=21.fsn1.hetzner.abcd.network
policy.ptr=21.fsn1.hetzner.abcd.network;
x-return-mx=pass header.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-return-mx=pass smtp.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES128-GCM-SHA256
smtp.bits=128/128;
x-vs=phishing score=300 state=101
Authentication-Results: mx1.messagingengine.com;
arc=none (no signatures found);
bimi=skipped (DMARC none);
dkim=none (no signatures found);
dmarc=none policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
(p=none,d=none,d.eval=none) policy.policy-from=p
header.from=gagauzyeri.md;
iprev=pass smtp.remote-ip=78.46.109.73 (21.fsn1.hetzner.abcd.network);
spf=softfail smtp.mailfrom=webmaster@gagauzyeri.md
smtp.helo=21.fsn1.hetzner.abcd.network;
x-aligned-from=pass (Address match);
x-ptr=pass smtp.helo=21.fsn1.hetzner.abcd.network
policy.ptr=21.fsn1.hetzner.abcd.network;
x-return-mx=pass header.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-return-mx=pass smtp.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES128-GCM-SHA256
smtp.bits=128/128;
x-vs=phishing score=300 state=101
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeduiedrledtgdeivdcutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr
tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecuogfrhhhishhhihhnghdqte
hlihgrshculdeftddtmdenucfjughrpefvuffhgggtsehmtddtredttdejnecuhfhrohhm
pefrrgihrfgrkfcuoeifvggsmhgrshhtvghrsehgrghgrghuiiihvghrihdrmhguqeenuc
ggtffrrghtthgvrhhnpeetfeeufffhjeeuuefhhffhudeikeetvdfghfdviedvlefgiedt
keefgfdtgeeikeenucffohhmrghinheprhhitghhrghruggtrghlihgsrghnrdgtohhmne
cukfhppeejkedrgeeirddutdelrdejfeenucfrhhhishhhihhnghetlhhirghspefrrgih
rfgrkfenucfrhhhishhhihhnghetlhhphhgrtehlihgrshepphgrhihprghinecuvehluh
hsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepjeekrdegiedruddtledrjeef
pdhhvghlohepvddurdhfshhnuddrhhgvthiinhgvrhdrrggstggurdhnvghtfihorhhkpd
hmrghilhhfrhhomhepoeifvggsmhgrshhtvghrsehgrghgrghuiiihvghrihdrmhguqecu
uffkkgfgpeeiiedtle
X-ME-VSScore: 300
X-ME-VSCategory: phishing
Received-SPF: softfail
(gagauzyeri.md … _spf.yandex.ru: Sender is not authorized by default to use ‘webmaster@gagauzyeri.md‘ in ‘mfrom’ identity, however domain is not currently prepared for false failures (mechanism ‘~all’ matched))
receiver=mx1.messagingengine.com;
identity=mailfrom;
envelope-from=»webmaster@gagauzyeri.md«;
helo=21.fsn1.hetzner.abcd.network;
client-ip=78.46.109.73
Received: from 21.fsn1.hetzner.abcd.network (21.fsn1.hetzner.abcd.network [78.46.109.73])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mx1.messagingengine.com (Postfix) with ESMTPS
for <87c78a23b34d8d8c9844279075fd17c6@fastmail.co.uk>; Tue, 11 Aug 2020 09:08:13 -0400 (EDT)
Received: from sklad2068 by 21.fsn1.hetzner.abcd.network with local (Exim 4.94)
(envelope-from <webmaster@gagauzyeri.md>)
id 1k5U0i-0007ns-2L
for 87c78a23b34d8d8c9844279075fd17c6@fastmail.co.uk; Tue, 11 Aug 2020 16:08:12 +0300
To: 87c78a23b34d8d8c9844279075fd17c6@fastmail.co.uk
Subject: Attention: Your account status change
X-PHP-Originating-Script: 526:alexus.php
From: PayPaI <webmaster@gagauzyeri.md>
MIME-Version: 1.0;
Content-type: multipart/mixed; boundary=»—3avEdlPsk6″
Message-Id: <E1k5U0i-0007ns-2L@21.fsn1.hetzner.abcd.network>
Date: Tue, 11 Aug 2020 16:08:12 +0300
Original-Authentication-Results: mx1.messagingengine.com;
arc=none (no signatures found);
bimi=skipped (DMARC none);
dkim=none (no signatures found);
dmarc=none policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
(p=none,d=none,d.eval=none) policy.policy-from=p
header.from=gagauzyeri.md;
iprev=pass smtp.remote-ip=78.46.109.73 (21.fsn1.hetzner.abcd.network);
spf=softfail smtp.mailfrom=webmaster@gagauzyeri.md
smtp.helo=21.fsn1.hetzner.abcd.network;
x-aligned-from=pass (Address match);
x-ptr=pass smtp.helo=21.fsn1.hetzner.abcd.network
policy.ptr=21.fsn1.hetzner.abcd.network;
x-return-mx=pass header.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-return-mx=pass smtp.domain=gagauzyeri.md policy.is_org=yes
(MX Records found: mx.yandex.net);
x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES128-GCM-SHA256
smtp.bits=128/128;
x-vs=phishing score=300 state=101
