CAA Emergancy Car phish from OVH
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 11 Oct 2024 21:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1szT8S-00000000Jdl-45jX
for dave@doctor.nl2k.ab.ca;
Fri, 11 Oct 2024 21:49:44 -0600
Resent-From: The Doctor
Resent-Date: Fri, 11 Oct 2024 21:49:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [51.178.222.245] (port=35237 helo=m245.bnc.promotionnows.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1szT6i-00000000IZS-26xy
for doctor@nk.ca;
Fri, 11 Oct 2024 21:48:10 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=dh+8lANC+7im6xUCsMdK/nNKdPM=;
b=qWZ4Dg0oIe7+zVt+2LK12f0sVFMeIuXcadv4A9VcU60puOXIUCmog3T05ZoTEuIxqFWAG1ASHtMp
bF4yoSx7HBycTRsKRHN8Yd1ZVnVHZwGwN1Rq5I4kU+26zTh1PYItaP8fOXB4Vf7FgJt9o2ksW7FE
cEeT6fc7x5pUDsutf8OvOu22fywODO0EEOzCzFGu9qeYot0ykIS45D/bWlvLoV0m0a7+60pVTski
wro8lSNnno5eEDo1rc1e81zq1EzMHUchdzvkFgwlCVlY0iN7gKXyYmBeZcP8Zwf3u6Y465St3UVs
okxnL160pAEAwBK15QcW12gOTQGg/kkX58bYQA==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=CI7QEqCA1U8Emix8mydNunUPRdvLDgEhwaNIrVcRHRp7TLH8AmKzrxu0sBU5ul17OJ3xQ1FDpEHg
P9n+YyB+4dz73LL5/NBmTXz7Uu3E12CFgfO7DQbcnkVEb0atQyea5FwMe01+W0f4OE29hqEzrOp0
SnvOprSEGknXzrFR3Tp/DMNzteXun+0rbPC4HyYbFS3otwmD7DuDjKmUoV5WC6AX91yvjGo12Kbq
3+ERIOoeVJEiRP3ApUUWcc+EJF2y+DpZZkxrYtPFvjduLmtckQFJoeAaYmP6i1Zq6PldIwEjCPPx
1CgOFxlEswVgBJtriwuVHnAKoAYvDy3TaDkGcA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: doctor@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.KPELWZhVe6MrM7@lva1-app2869.KPELWZhVe6MrM7.com>
Date: Sat, 12 Oct 2024 01:29:50 +0200
X-Spam_score: 16.7
X-Spam_score_int: 167
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (16.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.245 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 HDRS_MISSP Misspaced headers
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
Subject: {SPAM?} You have won a Car Emergency Kit
CAA - Loyalty Program
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 11 Oct 2024 21:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1szT8S-00000000Jdl-45jX
for dave@doctor.nl2k.ab.ca;
Fri, 11 Oct 2024 21:49:44 -0600
Resent-From: The Doctor
Resent-Date: Fri, 11 Oct 2024 21:49:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [51.178.222.245] (port=35237 helo=m245.bnc.promotionnows.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1szT6i-00000000IZS-26xy
for doctor@nk.ca;
Fri, 11 Oct 2024 21:48:10 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emailer; d=pphosted.com;
h=Subject:From:To:Content-Type:Message-ID:Date; i=CAARewards@pphosted.com;
bh=dh+8lANC+7im6xUCsMdK/nNKdPM=;
b=qWZ4Dg0oIe7+zVt+2LK12f0sVFMeIuXcadv4A9VcU60puOXIUCmog3T05ZoTEuIxqFWAG1ASHtMp
bF4yoSx7HBycTRsKRHN8Yd1ZVnVHZwGwN1Rq5I4kU+26zTh1PYItaP8fOXB4Vf7FgJt9o2ksW7FE
cEeT6fc7x5pUDsutf8OvOu22fywODO0EEOzCzFGu9qeYot0ykIS45D/bWlvLoV0m0a7+60pVTski
wro8lSNnno5eEDo1rc1e81zq1EzMHUchdzvkFgwlCVlY0iN7gKXyYmBeZcP8Zwf3u6Y465St3UVs
okxnL160pAEAwBK15QcW12gOTQGg/kkX58bYQA==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emailer; d=pphosted.com;
b=CI7QEqCA1U8Emix8mydNunUPRdvLDgEhwaNIrVcRHRp7TLH8AmKzrxu0sBU5ul17OJ3xQ1FDpEHg
P9n+YyB+4dz73LL5/NBmTXz7Uu3E12CFgfO7DQbcnkVEb0atQyea5FwMe01+W0f4OE29hqEzrOp0
SnvOprSEGknXzrFR3Tp/DMNzteXun+0rbPC4HyYbFS3otwmD7DuDjKmUoV5WC6AX91yvjGo12Kbq
3+ERIOoeVJEiRP3ApUUWcc+EJF2y+DpZZkxrYtPFvjduLmtckQFJoeAaYmP6i1Zq6PldIwEjCPPx
1CgOFxlEswVgBJtriwuVHnAKoAYvDy3TaDkGcA==;
Subject:You have won a Car Emergency Kit
From: CAA
To: doctor@nk.ca
Content-Type: text/html; charset="utf-8"
Message-ID: <375274687.565789.1526855633755.KPELWZhVe6MrM7@lva1-app2869.KPELWZhVe6MrM7.com>
Date: Sat, 12 Oct 2024 01:29:50 +0200
X-Spam_score: 16.7
X-Spam_score_int: 167
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAA - Loyalty Program Congratulations!
Content analysis details: (16.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
[51.178.222.245 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
[51.178.222.245 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[51.178.222.245 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[51.178.222.245 listed in wl.mailspike.net]
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 HDRS_MISSP Misspaced headers
3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site
Subject: {SPAM?} You have won a Car Emergency Kit
| Â |
| Â |
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments