CAA Emergancy Car phish from OVH
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 12 Oct 2024 07:47:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1szcSA-00000000Cs4-3cB4
for dave@doctor.nl2k.ab.ca;
Sat, 12 Oct 2024 07:46:42 -0600
Resent-From: The Doctor
Resent-Date: Sat, 12 Oct 2024 07:46:42 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from m191.bnc.offertedidegustazione.com ([51.178.222.191]:35667)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1szXoa-000000004FH-05cy
for root@nk.ca;
Sat, 12 Oct 2024 02:51:00 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=NQDFbGAc7+RaGiSetzhqrunURqg=;
b=JkgpYT4Pl9Ox4oZXmGBjI6I7u1BAxlso7WzKsxq5+SmXJdCGteEzsuZXaVkwJmpncw858gEIsSRj
CqtpZdaFnuCKGeg/xLwUIG1KSTXw5YRxFc13lnmzKjkTqAZmgaU+Wde9jkHVpjrsdwAIEXpdNIUd
eJvlKdBvAhcbNSz7WN7jRnLyvGEh2ByTyoZBiqKtiLgreJI48qICUFgb+M9fwLaPEXUKRfrc0bvq
isg8P8RsBk0EXxvTZ4IoCojD78a/XcvO1ebKg4fTJE+Fi9y25YYPOPzMY9K87xReApKBdrp+TP30
NeI7xksIzfiLBiTI4zRJ/k0pS4jB4BMrm+rvcQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=YE5Od+THLD303rbHbPxfhKK/aSbs1KrPqTJZO6RDLmC4u3fdMg5FM/T+LYFUm+0fTo28n8tqNwuo
P0LnGxnZuMLHcCGsTFomKy+QOTCo+S8hog9Z5oGi+VrBQYc3vQuwGw+8hQhZeJ8Ow7aldnxX2mfr
fbevHchF8yMMccwOWyx5SoXdMtk2ihGk+TPHouvSYlizxOfbWpHj10aOu7sxDGo0cGU9fwh7J9iC
FWhci61LvpZoHe8UIAJYkskji7xRnouIItxeR3SulBs4YbJZOHe2vWGyGTEVj7ZXdyx8Hlw4wiXU
lbnvZfuDlHwneNKOhpTFWUmTluydNkoGAcZ+ZA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: root@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.LOsImfzM110fWD@lva1-app2869.LOsImfzM110fWD.com>
Date: Sat, 12 Oct 2024 01:26:44 +0200
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.191 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
2.5 HDRS_MISSP Misspaced headers
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
Subject: {SPAM?} You have won a Car Emergency Kit
CAA - Loyalty Program
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 12 Oct 2024 07:47:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1szcSA-00000000Cs4-3cB4
for dave@doctor.nl2k.ab.ca;
Sat, 12 Oct 2024 07:46:42 -0600
Resent-From: The Doctor
Resent-Date: Sat, 12 Oct 2024 07:46:42 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from m191.bnc.offertedidegustazione.com ([51.178.222.191]:35667)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1szXoa-000000004FH-05cy
for root@nk.ca;
Sat, 12 Oct 2024 02:51:00 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=NQDFbGAc7+RaGiSetzhqrunURqg=;
b=JkgpYT4Pl9Ox4oZXmGBjI6I7u1BAxlso7WzKsxq5+SmXJdCGteEzsuZXaVkwJmpncw858gEIsSRj
CqtpZdaFnuCKGeg/xLwUIG1KSTXw5YRxFc13lnmzKjkTqAZmgaU+Wde9jkHVpjrsdwAIEXpdNIUd
eJvlKdBvAhcbNSz7WN7jRnLyvGEh2ByTyoZBiqKtiLgreJI48qICUFgb+M9fwLaPEXUKRfrc0bvq
isg8P8RsBk0EXxvTZ4IoCojD78a/XcvO1ebKg4fTJE+Fi9y25YYPOPzMY9K87xReApKBdrp+TP30
NeI7xksIzfiLBiTI4zRJ/k0pS4jB4BMrm+rvcQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=YE5Od+THLD303rbHbPxfhKK/aSbs1KrPqTJZO6RDLmC4u3fdMg5FM/T+LYFUm+0fTo28n8tqNwuo
P0LnGxnZuMLHcCGsTFomKy+QOTCo+S8hog9Z5oGi+VrBQYc3vQuwGw+8hQhZeJ8Ow7aldnxX2mfr
fbevHchF8yMMccwOWyx5SoXdMtk2ihGk+TPHouvSYlizxOfbWpHj10aOu7sxDGo0cGU9fwh7J9iC
FWhci61LvpZoHe8UIAJYkskji7xRnouIItxeR3SulBs4YbJZOHe2vWGyGTEVj7ZXdyx8Hlw4wiXU
lbnvZfuDlHwneNKOhpTFWUmTluydNkoGAcZ+ZA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: root@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.LOsImfzM110fWD@lva1-app2869.LOsImfzM110fWD.com>
Date: Sat, 12 Oct 2024 01:26:44 +0200
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
[51.178.222.191 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
[51.178.222.191 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.191 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.191 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
2.5 HDRS_MISSP Misspaced headers
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
Subject: {SPAM?} You have won a Car Emergency Kit
| Â |
| Â |
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments