if anyof (
body :text :contains "znsrc.com",
header :contains "user-agent" "Nylas",
exists "X-Ashby-Stage",
header :contains "message-id" "ant.amazon.com",
exists "X-ZenSr-ID"
) {
fileinto "INBOX.spam";
stop;
}
The site pulls in an analytics script from the domain `route.run`.
Going to route.run redirects to routeshuffle.com.
routeshuffle.com/about :
Not only is the credit card form not actually hosted by Stripe even though it says it is, this isn't from an "experimental product studio in New York", it's a random teenager from New York that just slurped up your credit card info.