AAA Emergency Kit Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 26 Nov 2025 14:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1vONL5-000000006Jq-17ch
for dave@doctor.nl2k.ab.ca;
Wed, 26 Nov 2025 14:46:15 -0700
Resent-From: The Doctor
Resent-Date: Wed, 26 Nov 2025 14:46:15 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.138.88.224] (port=52261 helo=pixelcitadel.space)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1vOKMv-00000000JOl-0Pjw
for root@nk.ca;
Wed, 26 Nov 2025 11:35:59 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;
h=Date:To:From:Subject:Content-Type:Mime-Version; i=root@nk.ca;
bh=opUs3HnjsfukbPOVxuiNjU1/z+Q=;
b=PW1WK99AHMOwvcYW2yry+JwSLpam0fj0qIberYwNzrDmjzCXc/7LqTxm71/1mc6uBQ3tAZu9sAmM
mEZRzWMAQftXNs92L/l/cyjHWAcwTFumXwbdQS4NHQEawSgt3/lj+qv8XM1SFEygpi5m3kAZt5hg
LQftJLDOX0RvqBM5DwU=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;
b=jL3UgTJRr41DEXz1sKfhbrDGocmxNdz9xyiTrKASeqV5jQGL4sPZz3ocjghNbls6xUE5GS2hAJS8
vQKBsggGD21AeMsUT9KMgjGFA2aGfovd8wOQgtR0/LsKCvhGeG271xoXUDMto1m7vq5cJ6B4omkL
3cGmoakie0brHFjRckY=;
Date: Wed, 26 Nov 2025 18:35:07 +0000
To: root@nk.ca
From: =?UTF-8?B?8J2RqPCdkajwnZGo?=
Subject: =?UTF-8?B?8J2Qg/CdkKvwnZCi8J2Qr/CdkJ4g8J2Qi/CdkKLwnZCk8J2QniDwnZCaIPCdkI/wnZCr8J2QqCDigJMg8J2QhvCdkKLwnZCf8J2QrSDwnZCf8J2Qq/CdkKjwnZCmIPCdkIDwnZCA8J2QgA==?=
Content-Type: text/html; charset="UTF-8"
Mime-Version: 1.0
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Costco – Consumer Winner YOU ARE OUR WINNER!
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
3.6 WIKI_IMG URI: Image from wikipedia
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
3.5 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8
characters
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 SUSP_UTF8_WORD_COMBO Words using only suspicious UTF-8 characters +
other signs
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
Subject: {SPAM?} =?UTF-8?B?8J2Qg/CdkKvwnZCi8J2Qr/CdkJ4g8J2Qi/CdkKLwnZCk8J2QniDwnZCaIPCdkI/wnZCr8J2QqCDigJMg8J2QhvCdkKLwnZCf8J2QrSDwnZCf8J2Qq/CdkKjwnZCmIPCdkIDwnZCA8J2QgA==?=
Costco – Consumer Winner
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 26 Nov 2025 14:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vONL5-000000006Jq-17ch
for dave@doctor.nl2k.ab.ca;
Wed, 26 Nov 2025 14:46:15 -0700
Resent-From: The Doctor
Resent-Date: Wed, 26 Nov 2025 14:46:15 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.138.88.224] (port=52261 helo=pixelcitadel.space)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1vOKMv-00000000JOl-0Pjw
for root@nk.ca;
Wed, 26 Nov 2025 11:35:59 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;
h=Date:To:From:Subject:Content-Type:Mime-Version; i=root@nk.ca;
bh=opUs3HnjsfukbPOVxuiNjU1/z+Q=;
b=PW1WK99AHMOwvcYW2yry+JwSLpam0fj0qIberYwNzrDmjzCXc/7LqTxm71/1mc6uBQ3tAZu9sAmM
mEZRzWMAQftXNs92L/l/cyjHWAcwTFumXwbdQS4NHQEawSgt3/lj+qv8XM1SFEygpi5m3kAZt5hg
LQftJLDOX0RvqBM5DwU=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;
b=jL3UgTJRr41DEXz1sKfhbrDGocmxNdz9xyiTrKASeqV5jQGL4sPZz3ocjghNbls6xUE5GS2hAJS8
vQKBsggGD21AeMsUT9KMgjGFA2aGfovd8wOQgtR0/LsKCvhGeG271xoXUDMto1m7vq5cJ6B4omkL
3cGmoakie0brHFjRckY=;
Date: Wed, 26 Nov 2025 18:35:07 +0000
To: root@nk.ca
From: =?UTF-8?B?8J2RqPCdkajwnZGo?=
Subject: =?UTF-8?B?8J2Qg/CdkKvwnZCi8J2Qr/CdkJ4g8J2Qi/CdkKLwnZCk8J2QniDwnZCaIPCdkI/wnZCr8J2QqCDigJMg8J2QhvCdkKLwnZCf8J2QrSDwnZCf8J2Qq/CdkKjwnZCmIPCdkIDwnZCA8J2QgA==?=
Content-Type: text/html; charset="UTF-8"
Mime-Version: 1.0
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Costco – Consumer Winner YOU ARE OUR WINNER!
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
[185.138.88.224 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
[185.138.88.224 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.138.88.224 listed in dnsbl.ahbl.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
3.6 WIKI_IMG URI: Image from wikipedia
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
3.5 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8
characters
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 SUSP_UTF8_WORD_COMBO Words using only suspicious UTF-8 characters +
other signs
2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8
characters
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
Subject: {SPAM?} =?UTF-8?B?8J2Qg/CdkKvwnZCi8J2Qr/CdkJ4g8J2Qi/CdkKLwnZCk8J2QniDwnZCaIPCdkI/wnZCr8J2QqCDigJMg8J2QhvCdkKLwnZCf8J2QrSDwnZCf8J2Qq/CdkKjwnZCmIPCdkIDwnZCA8J2QgA==?=
|
![](3D"https://pic1.imgdb.cn/item/688c56f=<br)
![](3D"https://mcusercontent.com/3009973f4ed684f1aa8372ebd/images/582d=<br)