CAA Emergancy Car phish from OVH
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 11 Oct 2024 18:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1szPx8-000000001Be-0QyU
for dave@doctor.nl2k.ab.ca;
Fri, 11 Oct 2024 18:25:50 -0600
Resent-From: The Doctor
Resent-Date: Fri, 11 Oct 2024 18:25:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from m254.bnc.ideal-foryou.com ([51.178.222.254]:38559)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1szPVZ-0000000009n-2LD4
for sales@nk.ca;
Fri, 11 Oct 2024 17:57:43 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=pCh2Oaxfgjjb2G3n2jvpSZ+AUCs=;
b=cuAcW5B2jynKtswidRd7zsu+UutMhMLAGZ0Kqv9uG7qWNr0Drt7A89qhczbcXxjJ2FeWJN2wtlc8
j2Xlby6R7K+1Wd5mP7HQeC1zqHNBdmiLENtT1C1g0U4Qz+mwXZWKGE+ee/Fm33Mv8FWmxHYyRgdD
7CSVaraibQCGszWxqIL0pk1V8CXmRyl1gQ01Llc5ALdsHrHUSqEm1yvuXbDm7pdHfP+n33UMlTv/
xRFrqReTv647UVgTGEDtcxchkTVoB7xe9hHlLV0V+dN/P2zF5r5SHi1tNYdiihWzzIK3zFR2XYk4
sX+GWkrQvxjmWI9cf2KmltOU0+KAXUF6V/JUsQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=Jeg9pjFbEirWfTvueRen0SODU7J+BZ5yxkVR8AOQbMRskshuDAgvdsONwLFFopf4VpfPMDh218Ty
Z+/Fa+LUtftp7KaaSbu0F2m6scAgnZ30XOv7jYgvCKOxFnh/v4w6X/GH3UKR6quicT6yhPURM0y9
tzg0mHJhA9KwRtg4pJbWObMVCAGR8X0dUly0I9bNRyiibpibskzfZBgDyeRbaZQ754b7od/eTbNl
BONDUDzf0J/ow8UHfZA9UZPA0NoTGrf9rmKZDy/Sl1TwR1R/Y29auK75gkRsF/yehlxLfGuFGt8D
wg6hmIXAeN4gZ7zyTXwpSJJOKky08m7NLzeYfA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: sales@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.YJZrSD4eT4b35V@lva1-app2869.YJZrSD4eT4b35V.com>
Date: Sat, 12 Oct 2024 01:26:45 +0200
X-Spam_score: 14.4
X-Spam_score_int: 144
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (14.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.254 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
2.5 HDRS_MISSP Misspaced headers
Subject: {SPAM?} You have won a Car Emergency Kit
CAA - Loyalty Program
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 11 Oct 2024 18:26:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1szPx8-000000001Be-0QyU
for dave@doctor.nl2k.ab.ca;
Fri, 11 Oct 2024 18:25:50 -0600
Resent-From: The Doctor
Resent-Date: Fri, 11 Oct 2024 18:25:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from m254.bnc.ideal-foryou.com ([51.178.222.254]:38559)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1szPVZ-0000000009n-2LD4
for sales@nk.ca;
Fri, 11 Oct 2024 17:57:43 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=pCh2Oaxfgjjb2G3n2jvpSZ+AUCs=;
b=cuAcW5B2jynKtswidRd7zsu+UutMhMLAGZ0Kqv9uG7qWNr0Drt7A89qhczbcXxjJ2FeWJN2wtlc8
j2Xlby6R7K+1Wd5mP7HQeC1zqHNBdmiLENtT1C1g0U4Qz+mwXZWKGE+ee/Fm33Mv8FWmxHYyRgdD
7CSVaraibQCGszWxqIL0pk1V8CXmRyl1gQ01Llc5ALdsHrHUSqEm1yvuXbDm7pdHfP+n33UMlTv/
xRFrqReTv647UVgTGEDtcxchkTVoB7xe9hHlLV0V+dN/P2zF5r5SHi1tNYdiihWzzIK3zFR2XYk4
sX+GWkrQvxjmWI9cf2KmltOU0+KAXUF6V/JUsQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=Jeg9pjFbEirWfTvueRen0SODU7J+BZ5yxkVR8AOQbMRskshuDAgvdsONwLFFopf4VpfPMDh218Ty
Z+/Fa+LUtftp7KaaSbu0F2m6scAgnZ30XOv7jYgvCKOxFnh/v4w6X/GH3UKR6quicT6yhPURM0y9
tzg0mHJhA9KwRtg4pJbWObMVCAGR8X0dUly0I9bNRyiibpibskzfZBgDyeRbaZQ754b7od/eTbNl
BONDUDzf0J/ow8UHfZA9UZPA0NoTGrf9rmKZDy/Sl1TwR1R/Y29auK75gkRsF/yehlxLfGuFGt8D
wg6hmIXAeN4gZ7zyTXwpSJJOKky08m7NLzeYfA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: sales@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.YJZrSD4eT4b35V@lva1-app2869.YJZrSD4eT4b35V.com>
Date: Sat, 12 Oct 2024 01:26:45 +0200
X-Spam_score: 14.4
X-Spam_score_int: 144
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (14.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
[51.178.222.254 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
[51.178.222.254 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.254 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.254 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
2.5 HDRS_MISSP Misspaced headers
Subject: {SPAM?} You have won a Car Emergency Kit
| Â |
| Â |
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments