CAA Emergancy Car phish from OVH

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 11 Oct 2024 18:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1szPx8-000000001Be-0QyU

for dave@doctor.nl2k.ab.ca;

Fri, 11 Oct 2024 18:25:50 -0600

Resent-From: The Doctor

Resent-Date: Fri, 11 Oct 2024 18:25:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from m254.bnc.ideal-foryou.com ([51.178.222.254]:38559)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1szPVZ-0000000009n-2LD4

for sales@nk.ca;

Fri, 11 Oct 2024 17:57:43 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;

h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;

bh=pCh2Oaxfgjjb2G3n2jvpSZ+AUCs=;

b=cuAcW5B2jynKtswidRd7zsu+UutMhMLAGZ0Kqv9uG7qWNr0Drt7A89qhczbcXxjJ2FeWJN2wtlc8

j2Xlby6R7K+1Wd5mP7HQeC1zqHNBdmiLENtT1C1g0U4Qz+mwXZWKGE+ee/Fm33Mv8FWmxHYyRgdD

7CSVaraibQCGszWxqIL0pk1V8CXmRyl1gQ01Llc5ALdsHrHUSqEm1yvuXbDm7pdHfP+n33UMlTv/

xRFrqReTv647UVgTGEDtcxchkTVoB7xe9hHlLV0V+dN/P2zF5r5SHi1tNYdiihWzzIK3zFR2XYk4

sX+GWkrQvxjmWI9cf2KmltOU0+KAXUF6V/JUsQ==

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;

b=Jeg9pjFbEirWfTvueRen0SODU7J+BZ5yxkVR8AOQbMRskshuDAgvdsONwLFFopf4VpfPMDh218Ty

Z+/Fa+LUtftp7KaaSbu0F2m6scAgnZ30XOv7jYgvCKOxFnh/v4w6X/GH3UKR6quicT6yhPURM0y9

tzg0mHJhA9KwRtg4pJbWObMVCAGR8X0dUly0I9bNRyiibpibskzfZBgDyeRbaZQ754b7od/eTbNl

BONDUDzf0J/ow8UHfZA9UZPA0NoTGrf9rmKZDy/Sl1TwR1R/Y29auK75gkRsF/yehlxLfGuFGt8D

wg6hmIXAeN4gZ7zyTXwpSJJOKky08m7NLzeYfA==;

Subject:You have won a Car Emergency Kit

From: CAA

To: sales@nk.ca

Content-Type: text/html; charset="utf-8"

Message-ID: <375274687.565789.1526855633755.YJZrSD4eT4b35V@lva1-app2869.YJZrSD4eT4b35V.com>

Date: Sat, 12 Oct 2024 01:26:45 +0200

X-Spam_score: 14.4

X-Spam_score_int: 144

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: CAA - Loyalty Program Congratulations!



Content analysis details: (14.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

[51.178.222.254 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[51.178.222.254 listed in dnsbl.ahbl.org]

[51.178.222.254 listed in dnsbl.ahbl.org]

[51.178.222.254 listed in dnsbl.ahbl.org]

[51.178.222.254 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[51.178.222.254 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[51.178.222.254 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[51.178.222.254 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[51.178.222.254 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[51.178.222.254 listed in wl.mailspike.net]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME

headers

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site

2.5 HDRS_MISSP Misspaced headers

Subject: {SPAM?} You have won a Car Emergency Kit













CAA - Loyalty Program





























Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5