Dr. Oz Keto phish from Microsoft Outlook

Posted by Dave Yadallee on Monday, March 11. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 11 Mar 2024 10:10:17 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rjiE3-000000009kX-1kfV

for dave@doctor.nl2k.ab.ca;

Mon, 11 Mar 2024 10:10:07 -0600

Resent-From: The Doctor

Resent-Date: Mon, 11 Mar 2024 10:10:07 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-southeastasiaazhn15010000.outbound.protection.outlook.com ([52.102.193.0]:54037 helo=SG2PR03CU006.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rjhyd-000000009Hr-37uW

for root@nk.ca;

Mon, 11 Mar 2024 09:54:15 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=VccrPlXKXT0GMGMemULoCka66RmTNFE8vmGUuWjoIK31UGXyEjoZxkb5XCZ6IyRtt9/G81gn3OuOQ5DY4tqyoR3V/pxDQfZeqkylXUXG4GwAlTGEAUYJMljlsTqeIQeOzieI1iDk3sNlmlPcWi5nrCjpX8BNyF3oD3ghwp1q0mlKQnLUNKiIPKa2aaHf/EsQ6MPo24O7IbxdBcDslmNv13hlBQveZns18EtNdVHgLqijF8qurbJOoCulVnxCdncn6uY8R35uJuPNI4CqkjxF1ffs/bM1PYFQuJ5q2VRA9gtah4VnKhp1+ssn/kZbidFE3vrL7pPP2a730rU+4rLzQw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=L8WydtIbO8Xh5uKphzrS2CS7P9NirP5bFUcMn2ZcCzA=;

b=iybxhjp4Npgr1B655tH3xKrX/ewoIW+P+mdQSbf0rmf8LQ2qaaaSPmolqA+IeUsweOpzLIhJ/XYRzaZDI+RTM4B1PSR50HbNhOuMnzavBgIrsad05QG14PeOgCuXrfDoTU6DAG2wJ6lDAUEzaUSl3XcSYdFs/82WoH9+1R5LSi9mYdUq6mllC26Hhsiets+7lhIUi6A3Zpp5PUTpEjJ8ycMFYoExfnLk5D+EtUs9Jh6OGwrvsaPgB8K4iKpfHVl0tHEGbsdhU5TuaBGIpnjOPE62pEoULNIbhysRJfybM1eTMqlolQl25uYqkZFHp6GsgeNdKwN2EDtoRnYQE5YSgA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.148.244.11) smtp.rcpttodomain=nk.ca

smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dmarc=none action=none

header.from=4dhyurtshsf.decisionmakers.online; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)

smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=4dhyurtshsf.decisionmakers.online;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=

To: root@nk.ca

Cc: root@outlook.com

Content-Type: multipart/alternative;

boundary="_93161a05-8018-4d67-8adf-0e8a4f7e69c4_"

Date: Mon, 11 Mar 2024 15:52:04 +0000

MIME-Version: 1.0

Message-ID:

<13628653-c90d-42b9-9d49-c555a72ec2c5@SG1PEPF000082E8.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E8:EE_|TYSPR03MB8394:EE_

X-MS-Office365-Filtering-Correlation-Id: 91f1386c-10cb-4457-048d-08dc41e3339a

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?NWFqY3U0eW9reEJ0TDdISFAzeDk0ZzNsY3dJRElyV3dIbVByTWhpR0ZSNzVC?=

=?utf-8?B?UFhQajc5NXJYWSt1WDlKVEFjY0l1WndrSXB3SklsYW5hQ1VsME1weGtuci81?=

=?utf-8?B?NURnTVFYdEdaWlZ1aVdBVXJEUm41M1lHMWdxSldTUTVLNXBLSjVIYTBXNTJC?=

=?utf-8?B?SEVlSUo1STh3ODk4RXBmUENNRnVqaFZzZkNIdmpaU2tTQk5jcXNkS0NxMWE1?=

=?utf-8?B?dlp5enNLTURiL2xiTG9ma1E0RkFodkRSOGJVd1o4ZGM4QjJzZkMzR3NqM2Z6?=

=?utf-8?B?aUxIZjNJaWRuaVpZdVRvdkpwSVBhZmUyWHZBWWVTRlJHUnZyU0wwcTNCSmsz?=

=?utf-8?B?bnRUWU1pMlhWQ3NJWnFCZEs3LzBGbTI1UW9zNEdJN2sydnhIMkh4WUZZajZz?=

=?utf-8?B?TG0rQWc4Vk5MWWN2b3FqNFZHeCtwVDRLaSt0M2ZGejJOcXBualRVSWc3eHRr?=

=?utf-8?B?VlNnNVZ0L3pBRkorcmFqNXJVSGg4cndLb3l5SXFWa0s5czkwcXd4Rk5vaUlK?=

=?utf-8?B?ckRuNHdwa09xR015VkNsUC9MZDhFa0h6MXF4THNYSHRVRjk3YXZINEh5UVkw?=

=?utf-8?B?d2R6ZFdrdU10RE9yQVQxb3VrSUJHWFh0UXMzV2RFOEtYVTk3MGRJUGxNdndG?=

=?utf-8?B?YnBBSDZVSW5jcXBhRDdyVjlIa3hUVEpIL2EybUVMUEZITTR6NjNBTU9FWFh5?=

=?utf-8?B?MzhQakJpOTlDcXFxT1h5Qnl6WVh4bVFvWmpCalZBMHQ3OENENnQzS2VmWk5j?=

=?utf-8?B?V3dnZEtkNngrSzJJM3o3NUdQK1NYdkh0Y3FnN1UxUGRVQmF2Nldib3JNaWVo?=

=?utf-8?B?UTdOMTN0WnEremcrT0k2Zld2VjNnWEhUSThJbllnYjRoVk1HVnY2cVdmK3l2?=

=?utf-8?B?MitjNnJheFVZOW54RTF1M3l1Q3dsaUdPTUZUdXo1NWxuZ242S1pkRmpWaEFM?=

=?utf-8?B?a25oYVhQVlFFNmpyMDlCY25ZMjM3aFNCWmR6aTFJMkVYTWNvQmdQNUNZeTZx?=

=?utf-8?B?Q0VvNVVmTnNFSHUyeUJFNWMwTDFNZjZHaHZFZWVVOUhybnFoRUozcjZLc0ZW?=

=?utf-8?B?cVNUY0toSktEMUdSa0lDK2RjN2ZhQWJIY1VCMTRSMnJ6ME11M2xJbHFLNzI2?=

=?utf-8?B?R1oxRGIreEM4TitFaGlIWkVuWVFYemVCOVhoSTZubm1vYWh1dGxVMHhUUldB?=

=?utf-8?B?MFN4UEpYWVNjMU1adDJXNWY2UG1lRDFEcEIwSWc1QXRmbzZnRFlEeUdpdFpp?=

=?utf-8?B?dGxoSyt0WFViV0JxODU2WkdSbnpyTFAyMExjRUwzdHpIOFBscXhCOUprVlVG?=

=?utf-8?B?VERISUNPbWVDb3BUcmpDWVE0TWppbFNpODBRVTAxMmVrMElNSkYzVE1hY0ts?=

=?utf-8?B?azJGS2lPWVpISEtqQ3RpM0NVbm5lSWJYQzd0QVl0ajk3UUNjOGJrTnk5L3dr?=

=?utf-8?B?ODFkdjFXaTVpN2RRbmt0SVhoblZ3TkJKZldRMy9BT3c4UFI5ZCtPVitNN0tj?=

=?utf-8?B?d3Z0eVV4c1Z6QVhZcjhVbnBUNmNsVk9XbDRMa0pGTy9FWlBnVHV4UFJlaEQz?=

=?utf-8?B?bU1HaUVpYkY0dVFyQWZDS1ZJU0w0aVk5MzNiZmhFYWZYdTl2VDRYUWJnQXhn?=

=?utf-8?B?emlGRDd6NGRsZHVRMHlXNis4WGZtelB0Q2cycnZ5Ry9KNEpSZFJySkY0L1lM?=

=?utf-8?B?cjBNTDNOU0VEdTF0SU8xdmI1dVBQTGdCQ0RyQjFmZ0prajVKaXY3SlVXcVJY?=

=?utf-8?B?VDk4WG1GUTlRZnFVNmlwVVdUbVoyYWEvOGNmNGI3bkVFeHE1R0R0Ylh0Z21U?=

=?utf-8?Q?HtEthuaBJfSLTNfVJDWfkth67tvESlfeLuxYg=3D?=

X-Forefront-Antispam-Report:

CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:4dhyurtshsf.decisionmakers.online;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(82310400014)(376005)(36860700004)(41320700004)(34020700007)(61400799018)(20072699006);DIR:OUT;SFP:1501;

X-OriginatorOrg: 4dhyurtshsf.decisionmakers.online

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 15:52:05.4974

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 91f1386c-10cb-4457-048d-08dc41e3339a

X-MS-Exchange-CrossTenant-Id: 59b61446-e8ed-46c5-b4a5-ae46f37d8846

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=59b61446-e8ed-46c5-b4a5-ae46f37d8846;Ip=[45.148.244.11];Helo=[4dhyurtshsf.decisionmakers.online]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E8.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYSPR03MB8394

X-Spam_score: 15.2

X-Spam_score_int: 152

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (15.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: yxlk5n62qxofyjbp.page.link]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.102.193.0 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.102.193.0 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.233.14.7]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_HK_NAME_DR No description available.

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=

--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_

Content-Type: text/plain; charset="UTF-8";

--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjHosWvobjKN7aUfB4ohRiI_17sF2yHSFNr7BG6Y7nRZYyHtYFC0jVqiAC65xdVDvoygpRfqmXdzlgXK5tYQRLIP62bOq1qHIsBqcd8rBLupYKzLtmdWLtn8hmg7PZ8crdMg1MRuzh9n5i4w6PYuqHKUJfzs6VcXyBQ8Ll3ILGYXWjtQVaRWNMlsPMyp0/s16000/KETOCA4086.png">

src="" zwUVdhObORHL>

--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_--

CBD Gummies spam from Microsoft Outlook

Posted by Dave Yadallee on Sunday, March 10. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 18:32:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rj821-00000000JZQ-1M3a

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 18:31:17 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 18:31:17 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-he1eur04hn2244.outbound.protection.outlook.com ([52.100.18.244]:9806 helo=EUR04-HE1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rj7V6-000000002DW-3vLJ

for root@nk.ca;

Sat, 09 Mar 2024 17:57:21 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=EA7y8ggvpJeNHR6NJMGwlloqN2SdPLbZjsLGEnOOXLyzufVIhGDPAKnXRuPhoOIqaEt7eNL0v9rHHKjfA88EVSwOrGsXjc5EfMw6cT5L8PRPhJCLfHR4BztmKr9GTQ1vn3LlJ0OrY0352MC59mkJ8bH1LEIpDKDip0ggZi+DQMA5sWpZ/ZDnKP+8rdlTWJE6uhH8gLZJQn8rPoDMJcY5+vfW6SYm7ELDb0DXqEwcyF/QYAW70bM0cYGwwMqtKMrjlE3gLP/94IN+xUo2y+sTZHoihgjeQ6N6Y9v92yPbxxavx90MZnB4O3c9CMf0ymSLoo5b7ErhMtsi4AFujJRryg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=qRLEdo48UVSGfC5/A1TUqvm2pNdEAcH2IqQqsPUeD1Y=;

b=nfZRegf4izqbeAnRhhl8E7Iw8Vz60TDN0lA1UPRln8gAc0kg6cMvr+TCpdvvntC78OhfBMe1CajInZIVbT0Z42y6odVJL4Mr2UTr0+zei6MHSn2tBlab+tBSf6MFBXdZ14nm7wKLLYoZR1cF3YN2en9lAarlgew3flH5SVoBwthfMopdPVf9EOb5yqC/IPfeHC5KESM06ntV11ze+aqVugbfeknf5MmMc1dQu0v78AqJHRghx45RmoFRoMTJ1vQF6vAchl5wthkzne3JFNUyOdsAbShUWPSFGdCztJjD7e4fm0YWJMhTnPJw7+8dxkbU4qm07JvSXpZQiMmuY5aunQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

172.233.57.211) smtp.rcpttodomain=nk.ca

smtp.mailfrom=xuzcsvk.onmicrosoft.com; dmarc=none action=none

header.from=xuzcsvk.onmicrosoft.com; dkim=none (message not signed); arc=none

(0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=eurombanet.onmicrosoft.com; s=selector1-eurombanet-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=qRLEdo48UVSGfC5/A1TUqvm2pNdEAcH2IqQqsPUeD1Y=;

b=W5hLzwUUeAbvSGU+8dDbXeJ/KjA8YkUolhR9DtWoxUqAucBfTJx3X95HmVm7g/OmIOVCqOh0Ybz/c9YsC0Q68hOQWwrxfGeEbqJuB3nS9rbUW3HXR9l5T7SbHiYcPhJzhEhG8q3gogCCbgMWG4P4KAGO6fVWMzRtDTBounf0H0Y=

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.233.57.211)

smtp.mailfrom=xuzcsvk.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=xuzcsvk.onmicrosoft.com;

To: root , "root@"

Message-Id: <940346560056.3.56843fda4d073c7f@mg-injyz8rn.xuzcsvk.onmicrosoft.com>

Date: Sun, 10 Mar 2024 00:55:11 +0000

Content-Transfer-Encoding: 8bit

Content-Type: text/html; charset="UTF-8"

MIME-Version: 1.0

Subject: Medical News: CBD Gummies

From: CBD..

X-MS-Has-Attach: yes

msip_labels:

Content-Language: fr-FR

Accept-Language: fr-FR, en-US

CC: root@aol.com

Reply-To: "root"

msip_labels: OTI2LTE4Mzk3NQ==

X-MS-TNEF-Correlator:

Thread-Index: FZCfyEX7AVXvWJrPfB34QIt8TjzFtu==

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Id:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AM4PEPF00027A5D:EE_|DB8P192MB0805:EE_

X-MS-Office365-Filtering-Correlation-Id: 7deb949e-c982-4c8c-5e7c-08dc409cbd68

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?aVV4c0ZOVGRYL3J4MDRyYjF1UnRGRXA3bVJzb3cxSzBmV2dibVh5S1VWUjRS?=

=?utf-8?B?WStqak4rZ0Z2KzBYQit6eEZkSlB5YVEvdzdPeGE4YzcranlCbE1IcElaOW1o?=

=?utf-8?B?TzkwSndJeE9BdDFKQWtSSnFUbTdueUl0RFR2czFYYTVhS0IwempiQ20rV1VT?=

=?utf-8?B?QWk4dU1UcSs3enBmRTFEREZtdldPWVhuYlpVRHJtaTE4SlNiMG02KzBPL2Nh?=

=?utf-8?B?bHRYQWkyS1Z2ZnJiUnBVZUo2YXZjcFVOOTNsSXlsVm9WVUFDVTM3b3lsVUF1?=

=?utf-8?B?UGhYMGpvQTNCTlRIbzFmQ1lEMFVCOWM4bklZRXQ2YTd1TTRhN3ZENG4weVUv?=

=?utf-8?B?NkNjQjFoNHk0czRJOUgwRWR3M01WTkt1YzZweFYwczFJMW0rZlcxazBTa2ta?=

=?utf-8?B?SitJeHRQSmVCVW9RQnEvZU1ENm9PRmY0QzJLOG8rVGRPSWUrZTJFMlp2Wm12?=

=?utf-8?B?b3dEbVlkdER0LzJXWFBuM2J4YXVJNHpJSE5RdWkwYXMvZDZsNmFNUm9yZ3Js?=

=?utf-8?B?RWh3OEdCZHkrWFBXZ1k0YWNyb0lmK0VPMm9JZWttY3gvSmlJek5LNmdlUUF2?=

=?utf-8?B?blRWSVJTS2hTZE5HQi96bG1UeXhDbkthQko0ZzlxYkk4WlArUEVKWHVvMEZh?=

=?utf-8?B?OG1FVzRuQ2ZaY3FTUEhaT3hHZmxuYUNMZktsZWVSZ0xJYlZMSXJoa0E3NVgv?=

=?utf-8?B?QXBFeWNLSHp0UWI2OW9GSGtVSVlOUU5tbXd6UmtPR2tpcjlSZ2E4LzRQWDRT?=

=?utf-8?B?VmFqVVZTNUhUcXBRcCtHS2dBdkVDY2lDZjQ0d1k5WnFtTC8zTURiNUpZbmd2?=

=?utf-8?B?eGo3cGYvYWRuZlZseWVwTzBob210clBGem8wS0hVQmZSK09sbzVwS2l3d1Mz?=

=?utf-8?B?dHpvSTRRYzR2QzU5L3d3UWFYRUQzMllYRHZaczJEOTRNNU0xNmY2eWNUL3ky?=

=?utf-8?B?NDF1N3l1MHNVMU8ycnZ5NHFxSERPeTZQL0I5S0JHZUlmWVBkZEtPZG82YzB1?=

=?utf-8?B?VzdDbS9wQ21mUitEVTJYeG9XZG85NGd5K0VueGRsQkNYZVRtZXhNdURDOHha?=

=?utf-8?B?TFJNRXcyYTdmcTE4TndsZ3JyUm1rYTdIOU1YTGkwbGg3N3BsNGx5eXlRUGpS?=

=?utf-8?B?ZDVUTDFZWnR1T3RqcFA4Y3E1dUdEaStWNllCWVNVb3c4ZzBCMzZvZXoyR0Vs?=

=?utf-8?B?cmgzREVCN283Q3NwcXEwZit4SmI4YWxLcS9WTVV4VFRXazJ2c3QvRStrZzNW?=

=?utf-8?B?QTg4akFoTS9TbE5hN3c2eFZJcUFCSVhzUFVvVFFlVkhUUk5qZ1c1ZWhaeUJ3?=

=?utf-8?B?QzhTUm9OVzBTZUZvZHgralY2dUFyRkY4SkErRmoyQXRBcGpqdlBJZkljUU5Y?=

=?utf-8?B?KzUrbnFpeXExR2lRTElHMVJuUWlrUTdKaS9LMldCMERsZHpRbnNsZHhwS2x0?=

=?utf-8?B?QjduU01WM3d5MjgxOTVtNkl4MGNKVlN0Z204ekRaQWVxb0xuUUxhTW5qUzVW?=

=?utf-8?B?Zm9wcGF2Z0l2emJXUTNGS1F0VFhucmI3TkJSdzNXY0xoRGRVWllmMWpUY3M5?=

=?utf-8?B?MjBIYWgvalB2aDVIbEFUUTZnOWVFSm1xSnF1bk4zeGU4SnFoTlFKTUVaTU80?=

=?utf-8?B?NXQ5TUtWQ3l0Y292eDk1NmdsWDMwOWZSdkkwRVFBdUJLTEthRXFQaVdqTHhR?=

=?utf-8?B?cmtWc1ZpZTRsT1p5dFQwRzZyOE1RUUQ2SFlSMFdsZk5pWWtLb2tQQWtsSzZN?=

=?utf-8?B?NEFJczZ1N1JrK1MvQTRMcFlqUGtTZUtJaW8rSlV4YjluU0FnRGplM0piOUJQ?=

=?utf-8?Q?7/w4VR6fliqetWUTw4TRMJfXGF0Sazq3BtuLg=3D?=

X-Forefront-Antispam-Report:

CIP:172.233.57.211;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:xuzcsvk.onmicrosoft.com;PTR:172-233-57-211.ip.linodeusercontent.com;CAT:OSPM;SFS:(13230031)(36860700004)(34020700007)(41320700004)(61400799018)(82310400014)(376005)(15519875007);DIR:OUT;SFP:1501;

X-OriginatorOrg: xuzcsvk.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2024 00:55:11.6108

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 7deb949e-c982-4c8c-5e7c-08dc409cbd68

X-MS-Exchange-CrossTenant-Id: 05886182-3233-4eb1-b39b-c6d602f0c336

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=05886182-3233-4eb1-b39b-c6d602f0c336;Ip=[172.233.57.211];Helo=[xuzcsvk.onmicrosoft.com]

X-MS-Exchange-CrossTenant-AuthSource:

AM4PEPF00027A5D.eurprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P192MB0805

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Try CBD Gummies

Content analysis details: (5.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.18.244 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 ARC_SIGNED Message has a ARC signature

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[root.nx2klylh(at)xuzcsvk.onmicrosoft.com]

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} Medical News: CBD Gummies

Try CBD Gummies

Chinese products spam from Microsoft Outlook

Posted by Dave Yadallee on Sunday, March 10. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 10 Mar 2024 05:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rjHNV-00000000L84-02ba

for dave@doctor.nl2k.ab.ca;

Sun, 10 Mar 2024 05:30:05 -0600

Resent-From: The Doctor

Resent-Date: Sun, 10 Mar 2024 05:30:04 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01olkn2010.outbound.protection.outlook.com ([40.92.107.10]:28802 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rj8Qi-00000000Fzt-2klf

for doctor@nl2k.ab.ca;

Sat, 09 Mar 2024 18:56:52 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=SonmkAkTEhvG4Aveir9FN0L+/d0adnuUdLbQJvu1t4TG4C8sKMIM/CN6ZaJR/zORRHrHVfnhk/+6UNoZFaTEixsGzE8r25QM9qvqgXGeJykqYmaIV4C5a88M4Na0JtOR/cuD5Rtr58YHXsVBXX4vclr7So8HtQMlTYyG02iyH4htIoFhYhFbA0nESZxBAY2DpAgPMWJxcmvzSiZYslDpczxIwCS+aoeX7zWPtnthdjm2vKeiYr0gXjFgKIH72c7VAw+rlmyKCSCxcVE+P6XUcW43DOg/dFm3wjZHks7BpMdL0LZCmQa39XQuHhXz7vgHFfR/mLfEswcSWkVbKODcEg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=7tROWKdvkk0MhR7ooHbzEas2oTwMY0YpjFIpyNfSeY4=;

b=ljnG4ltZ9athfRxdN/WNafBPYXIwavBA1R9d6kGHS6fSmKh/RXWFWMLxjU6ZGe2kHn8TIdAD0tuT+8Ocf5g4UqSujzyxCfKKpR/E4FYK6o6LfIiiJa6RSZIAhYW60mDW0jiAHTfZCrnE5N8JKAhDzZfcBCF6kG1X/Md6UhSnLJ6m16cmTTxXnDLzTOXel+UrfOyCYV1kdhF7ztjk22BrMK0SIj8Q5vlr5Zkw57Vd7I1EHE4IkYi35SQmNqWMIzYC+hi52RQaUpuuAgeYuk4l1VkZ0xp9XD597VkmXExNAFYqlvqR6sdqI/xBbxkDwLCQGocyvmHkVYjJbQJQKM1YxA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=7tROWKdvkk0MhR7ooHbzEas2oTwMY0YpjFIpyNfSeY4=;

b=foOjE9Ex+DI2DH9/5JQLvDbyJce4jkdnoblPdgkZImeDMwgJ7fM3Tw4OzpBP3cfEc2F3u49kdRq/EUkjk3YDPAWsKceFdNWOrQ92IEAJfir/M060a1HqqongHxwSz/3Mf33H3w//kUC0pVtkFdPzfDOX7PYEEc0mhzWX9cgLR8RbuNnZh769Lqh/rSVBvo3hOtyT2a1PtC0Lc3fKTwucKMManfSTHw2qRbhlSfvTuFXMXX3GVgjI5FOvGhLWl9Cy7j103LFVOgdzLjLTPxVQ9Pk6T+qge8vR1JpkVu8GxDPt7CViEIEfL4Qv2DGogurXQziZuLjRDQkvE6xI90PXtg==

Received: from TYZPR01MB4403.apcprd01.prod.exchangelabs.com

(2603:1096:400:1d1::13) by SG2PR01MB4568.apcprd01.prod.exchangelabs.com

(2603:1096:4:1b8::7) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.33; Sun, 10 Mar

2024 01:54:06 +0000

Received: from TYZPR01MB4403.apcprd01.prod.exchangelabs.com

([fe80::4d14:300d:b806:5c3c]) by TYZPR01MB4403.apcprd01.prod.exchangelabs.com

([fe80::4d14:300d:b806:5c3c%6]) with mapi id 15.20.7362.031; Sun, 10 Mar 2024

01:54:05 +0000

From: sk sk

Subject: #Cutlery Supplier#

Thread-Topic: #Cutlery Supplier#

Thread-Index: AQHaco3QS1IcHDiD3EqlGlqLT4OBBw==

Date: Sun, 10 Mar 2024 01:54:05 +0000

Message-ID:

Accept-Language: zh-CN, en-US

Content-Language: zh-CN

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-tmn: [2BB0o4StAnrwfMcJVJI6qY/Oxj6Zfulw]

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYZPR01MB4403:EE_|SG2PR01MB4568:EE_

x-ms-office365-filtering-correlation-id: a92d86e6-cfe2-4ce2-920d-08dc40a4f778

x-ms-exchange-slblob-mailprops:

QG/aTLqFmegnhYcrJTHJciy4pRHzun7knG8ry88mYnSmqwXR4e1h5235VThFJ2orAIzU1laqPn3wOaEs7Z1tTgKn/z+pWHlDbSNOQwYyIdLZegzRLEohEgmCDnqdy+DfegoXBg3ol4ysNRg7O3HY95G/JmxYAERG6KhjLlyjKLyr9TH7c73spjivZJt/i5bmxBLOs4DWgcKAxWU1dCHFJpwPthvbqBdRy99dNtQ1o5rEUnrlM4LmwRlbQL/GRRge63Glik/BEKrKJdvisJm2P6kSo5B5phpVqiQkfXAl+LleFQRBgompnz3+nGvqTyc3xwFhGtradmWTkQhxn5H+L8BO/Awv6UebKA1He0O+AA5HD4dueiUPKojRfvV2f4dEfdIb+zcbkdd1+YbcvvC78MbEVZnb7bqpBvgvIzXCITLwVgIs2bjs35y7DOK2LMvweAfKgCTP7LWfCxG8Zx8MQkXUT1uNr6C6/NlFp92iPU2CAHBphTGNUYqx2Fp4N/0u31RM6a5FCNkt3dVdjAZcDNvsuO57moaarqF20yMMFJKWjfFZYBDJQ6LNd4ReVemQpytgT5cw0b5WvkJsEFWqWQkMjuTGVMXI+QFZWcv1bfDuFiBfVNEIMzNV0pqu2eXyKg+yz6zFh7dF7g6Q66Pnae6KIAu2ngDs

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

Y3Ha++RI9KhuGoC9F96h0QWvwgZd0RWiB3qa66i9/zB5L9oHUjVqxZnyb7BhscFGT4Irga6p/l6D8i/CmfyI7fs/zSn0zfxQgexElgYRvOEn0cLJA1OnaX2ffkVwKXzfReA4RtvYXs3hgrFfGaz7+SDpmYPp5qDJ4SowuU08MRK89ylG4NCD/dy565CowkLmH+0W5ybN16P3HexO4cCCsqLL69PRmUJN3sbHAER1iQlRTEb45EWhjeXzIIxJxkhOc/FDWRrz8ghMs5jwDdsYrQKV+P1zuUZRQ+4qoWKHHyqM10r5bqFvoxcLSMSRLOGjoINmCmlApXL5z6EYSaPm1mXoXv3+xyAIj+UXWAQmh+dDNJiE+leErrwSGPmoPQPjqtuSYatUFLGKvBl3EfGHfeTzwlP7HH3hYbADbs2OKR3UhYO3uQfixYhN25BOuMTgVoh309BoTm6rfc8zEIw7QKkicqyi3XDejF+LNnUaXdx3e4oYK/6sPbfzBOMvDty4yqUwWyytgGRNBa/PMsttE9iKNct1VFa5sK8o9VcUAk/RqgOWl/kQVWz0Tnf6rwJT

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?gb2312?B?Sld1dGhBU1VDbXVaRXZhOEg4bEpraGtMY0RHMkhicmE4MEdzZGp5L2ZQcTE3?=

=?gb2312?B?aFZMeU4zL1JHc24yY0RVbFlLMURFRGtDcVdXdE5mclViYndEd0ErSFJ1ek1E?=

=?gb2312?B?N3pJdDVwU2dtZjRBWWg4VTBCRTdVRm9oMm0zR2NHSm1ydEc1bEl6NVFqWTJw?=

=?gb2312?B?WjVPVTlTNFY3Ni9QT1ZrWVBKMjZnbFc4MnRIQmd1TGR4WURMQlhNWUZiMjRR?=

=?gb2312?B?R2xubWxpK2VhNGZHaHR6VHBSblBUQ1FrNTlEUko0V3E3UTRPT3pxUjJITzAv?=

=?gb2312?B?RVlBZ2JrNCtNQW1rSXNONWZ0TXg2a3B3REJabUFQQU04VkZwQzB2QnFlZUlC?=

=?gb2312?B?MXlhbTRoRnowVURnTjBoNmVxRUNOcTBRQ0tCY3V5dkJCNnVObjBpeGpvR296?=

=?gb2312?B?SzBwNGRWNnN4YXk3dENVUkRqTEYyNkk0OTlRKzRWbFd4R3ljMThuYWdiblNh?=

=?gb2312?B?TDVDVU5pVUFyRThWMVZJZzY2NStndERza1BzUHJHT25uaXVrTk5OU1pGakRy?=

=?gb2312?B?K25ndzdPMnRjSzlJcERvTXkzL1hYQUFTaWVwUlRhM0RRRk1qdTMxU05sUGhz?=

=?gb2312?B?d0QvZHFBdWR2VGxNVnRmd3llbEl1OHRRMjcxVVRkWjFPcU1MWnVDc1ZZQWk5?=

=?gb2312?B?M3Z6S1lYU0I1TVR2Mkx6WEtDeWQ1bEIvMjhBWXdLd1lhM3prVHlPQXNSVEFz?=

=?gb2312?B?empVLzFXYWtpRldTdHFWRFZiZXVSYmlSOWdXV3B6QlNZQkNpR2dLbE8rWVVX?=

=?gb2312?B?eTc1OUxRZHlKajFHS1d0ZGVtZFhHM0ZVazFuY0JrNGtDU09meXdxdjBxdzJH?=

=?gb2312?B?WmVRbU1JcXoyai9QelpqaGswVGFTTGRFSzEyTDJ1Y2NQRmhMLzY3Z00ycU9R?=

=?gb2312?B?M1V6a3dESStFVkVyWXNJbDFrUWduSVF6TTVncCtPWGM1bXF5Nlh3OGhuL09N?=

=?gb2312?B?Qk43dm5wS2ZCOW1EVE5aNXBWRzlEblI4SnRraVdEL2FyTndhazVKOHNyOEFM?=

=?gb2312?B?R1NxQ0hHTVFHVkdhbUsra1pFeUd6ZHVVUlVkcFZJOE5wT3hWRDVBdFhjUWQ2?=

=?gb2312?B?QnVwekZ0cm9XYzhXeXJsNUIwZXozNE5SdkdiZENMOTF4NE1JWDhkZCtSQ3cx?=

=?gb2312?B?QXhaRUZRWWNMTWVjVzFheGt3OGQvR21FYVlOUW41RXk5ZEkrMzJOeHJ2MTJh?=

=?gb2312?B?b3VHVyswYW5HbGtoL01lN1dJa1BRcW5WVzZsb3M1QmFwTVJTeXIvS09CY3px?=

=?gb2312?B?RmNxR0JaNFJycDFvczJBNDFoVWRqZXJBaW9mY1lyUHRWRForN3htcHVIL3Vj?=

=?gb2312?B?VHlKWVAyUnRRdTc1Q2xNaHV2U0RPallRTHlhbVh5QkRvZ2Zta2xkb1J3YmJa?=

=?gb2312?B?R3c1NlZqbHlHUm44QkVqaXFFWEZxUno3RnFKRFBBazg1RHBzNklmS2xtTmVh?=

=?gb2312?B?MytQbFlPSTg4M0ZVYXRLU056dmUwQ1Y1ZnFnU2tWY2gvRERtZWQxVjh4VGhI?=

=?gb2312?B?U1doT2VRT1B4NWYyN09kL0lVUXVqeUt6N2kxTWRTdXRrRm5Mbm9YdlZCSStN?=

=?gb2312?B?NTJCVjNsenNnWTljL0lRZ1AzYng1WWg5dXVRb1FCVkVFR2ZCV3JRaUltOUhv?=

=?gb2312?B?d2tMMERKdit2ODBYak14N1NSYjZWcUE9PQ==?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR01MB440385BCC7363B56CFA1D952AC252TYZPR01MB4403apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR01MB4403.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: a92d86e6-cfe2-4ce2-920d-08dc40a4f778

X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2024 01:54:05.0165

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR01MB4568

--_000_TYZPR01MB440385BCC7363B56CFA1D952AC252TYZPR01MB4403apcp_

Content-Type: text/plain; charset="gb2312"

Content-Transfer-Encoding: base64

SGkgVGhlcmUsDQpIb3BlIHlvdaGvcmUgaW4gZ29vZCBoZWFsdGguDQpJIHdvdWxkIGxpa2UgdG8g

aW50cm9kdWNlIG91ciBjb21wYW55Lg0KV2Whr3JlIE1hbnVmYWN0dXJlciAmIEV4cG9ydGVyIG9m

IEN1dGxlcnkgZnJvbSBDaGluYS4NCkhlcmUgd2UgYXJlIHByb2R1Y2luZyBjdXN0b21pemUgcHJv

ZHVjdHMgYXMgcGVyIGN1c3RvbWVyoa9zIGRlbWFuZC4gQ3VzdG9taXplIGRlc2lnbnMsIGxhYmVs

ICYgcGFja2luZyBhdmFpbGFibGUuDQoNCldlIHJlY29tbWVuZCBub3Qgb25seSBwcm9kdWN0cyBi

dXQgYWxzbyBidXNpbmVzcyBvcHBvcnR1bml0aWVzIGFuZCBiZW5lZml0cy4NCldlIGFyZSBsb29r

aW5nIGZvcndhcmQgdG8gaGF2ZSBnb29kIGJ1c2luZXNzIHdpdGggeW91Lg0KQmVzdCByZWdhcmRz

Lg0KQW5keQ0K

--_000_TYZPR01MB440385BCC7363B56CFA1D952AC252TYZPR01MB4403apcp_

Content-Type: text/html; charset="gb2312"

Content-Transfer-Encoding: quoted-printable

ddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 1=

2pt; color: rgb(0, 0, 0);">Hi There,

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">Hope you=A1=AFre in good health.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">I would like to introduce our company.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">We=A1=AFre Manufacturer & Exporter of Cutlery from China.
>

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">Here we are producing customize products as per customer=A1=AFs demand. C=

ustomize designs, label & packing available.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">We recommend not only products but also business opportunities and benefi=

ts.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">We are looking forward to have good business with you.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">Best regards.

vice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);=

">Andy

--_000_TYZPR01MB440385BCC7363B56CFA1D952AC252TYZPR01MB4403apcp_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwX7-00000000L9H-1q2O

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:37 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:37 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2095.outbound.protection.outlook.com ([40.107.117.95]:28096 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <191390217583@aswtgdsysd.maarredesvirs.life>)

id 1rist3-00000000ByG-3Qgj

for postmaster@nl2k.ab.ca;

Sat, 09 Mar 2024 02:21:06 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=W3SE27cCkclyEewDI/w73H2x4x4ltbI1bdgZ623JWfz9HxoC8PW3iG1v9qUN60IhdOM1WgJF3LylJlYO14Sdbjlu28I44zfds1w1Mgb71RSkVwuCTNTWzFYjD8YnRWfUolV4BR+8KYr7dygmdKU/Yxhoj1vzfHKJtqIjqyGtYWlOMxuNOsgaQK5r5wDgDaO5jhP6DNQttv1BTa+lsDCDgirklGZF3yl/kVChU+4LQgm5Y0ZoyZ6n78ieookRUQA9Bc5ZIxhWF9DOAl8oFLwFXviWsm8Lk6wrenntb4oC7mQl/CfiFmNAoXAWQMqpjSvNMsZp1FNM2pnVOIRWlMJfkA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=GSt9rWhOpysWWCJBwC/TWkH8tHkrBW/p1s5d30RsT78=;

b=hpczonYU57WRxPHG7QKg3wg1Z03cPn8sqXT5iYXkM3TquqFSrVBLYXYFqQEJpMbqDSPCUDRkGu6RLs+yr1k6e7WmVgLBNl3A4bNSEsiTTWNuiGUjwEpL7aEgv/0fJyFxwn8VS8cGli8fuGALUc6vgGxl0W15EBBcGc0mJbX377PVWtE7FyHHJrbdwplNHjPon2D1kImv0/PwkRW17zT1DQpuqYbQ7BqvbOoJD4nPQI77AuXUff39wADgNOfH6HWwsqXjMHY1TnLFrclCrWnrZtmvclJ9fa5RgpqpJpWi16caoaGYmotO3DIQrLtW/QDNwJOU+e9fJiYyDSMCer8zLQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from SI2PR06CA0009.apcprd06.prod.outlook.com (2603:1096:4:186::17)

by JH0PR06MB7054.apcprd06.prod.outlook.com (2603:1096:990:68::13) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.28; Sat, 9 Mar

2024 09:18:58 +0000

Received: from SG1PEPF000082E5.apcprd02.prod.outlook.com

(2603:1096:4:186:cafe::da) by SI2PR06CA0009.outlook.office365.com

(2603:1096:4:186::17) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.32 via Frontend

Transport; Sat, 9 Mar 2024 09:18:58 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

aswtgdsysd.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=aswtgdsysd.maarredesvirs.life;

Received: from aswtgdsysd.maarredesvirs.life (176.123.3.128) by

SG1PEPF000082E5.mail.protection.outlook.com (10.167.240.

with Microsoft

SMTP Server id 15.20.7386.12 via Frontend Transport; Sat, 9 Mar 2024 09:18:57

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: postmaster@nl2k.ab.ca

Sender: TWufdcoizKGX@aswtgdsysd.maarredesvirs.life

Cc: postmaster@outlook.com

Content-Type: multipart/alternative;

boundary="_6a965fb1-00dd-4ac6-858a-1a784ca1cef5_"

Date: Sat, 09 Mar 2024 09:18:55 +0000

MIME-Version: 1.0

Message-ID:

<5a840d1f-f02e-4cba-a018-57eeddc77672@SG1PEPF000082E5.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E5:EE_|JH0PR06MB7054:EE_

X-MS-Office365-Filtering-Correlation-Id: 1662b06b-a977-49b5-bc22-08dc4019f2f9

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

3crETRiggPHbeW5GjmWKTaIoR/bjVhxUJZbQVV7QK2bT+HvSc4SmxrmLW6qNPlkmnPovXwxJEDdJy2b75Jhx2WlYJD6ypkmqzCjGGbcKGa2qmiGQuPhJnzdLAGNiwvcjIvFHtbIv+ouHNKlD2J/DI3xcIuwtQNGKKKrVY/wlPnjd+eb7F2Cp7/zZKV5bmjBQT5S6aCKmkP+3Pmn5De+09VXk5txBts60I/LcqX4rTp/qT1U2d9XMgO1GqdYyXfAXmrYWwQFek8sLsgfebjnInhnM42vXGi+FWJugFJqeTjHPt2tiM/BoSG4kBIFTs/7Q3sHaomgXrPG93CZASbu73v0jEO+pMLPFI27eccl3FaZvOhnFsgJCYSH3no05UxZJ2hXdY6kYpXd9sqfqiEoVDLB2lJ6B/wKGwYtvVxkjITX6pilCPBYO1ZyJsXDrthN7S8bJmfiOL1puUB77by2T9qWxje08GoYejcZtG97Qr4iMP8V2wlsvSdKv+IhyNl6skTjlP46FFjXO8ZG04cc6oDuwIoWaiMLqpOFFfqY+cPv+grth4I8MYT0Q/VkJijePlDEzp9FIPH6/DVcSjc2t4qy5CW9la+BCuAoH0Z1nKcw3okxEwuo8fFC9j0vLxA5mhyTxdTKzNTJRSrRuG6N0FWMgZfxLak7XXabvzN2W7qE803FnYP/0KsLIkWIfdaG8IdC5smxceiwArCZqx4kNcV6DgobHwJoAslEiBZqFmCU=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:aswtgdsysd.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(36860700004)(82310400014)(34070700005)(376005)(61400799018)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: aswtgdsysd.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:18:57.0361

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 1662b06b-a977-49b5-bc22-08dc4019f2f9

X-MS-Exchange-CrossTenant-Id: a4ebb3ee-4eb6-460a-bea6-5f3165f203d2

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a4ebb3ee-4eb6-460a-bea6-5f3165f203d2;Ip=[176.123.3.128];Helo=[aswtgdsysd.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E5.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: JH0PR06MB7054

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.95 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.95 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_HK_NAME_DR No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_6a965fb1-00dd-4ac6-858a-1a784ca1cef5_

Content-Type: text/plain; charset="UTF-8";

--_6a965fb1-00dd-4ac6-858a-1a784ca1cef5_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" zKXJbKBIwYzT>

--_6a965fb1-00dd-4ac6-858a-1a784ca1cef5_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWe-00000000L8c-0Wtt

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:08 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:08 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-psaapc01on2109.outbound.protection.outlook.com ([40.107.255.109]:35421 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <343488805125@wzestesgydf.maarredesvirs.life>)

id 1risR9-00000000AxF-3xcm

for sales@netknow.ca;

Sat, 09 Mar 2024 01:52:16 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Q9yb7amz4Zm9wwfbYEblmFX9L4jllo0srKLrnSLldyvIihizIqoSVWBnSW2gTWSGhcXi35d2t78mLvtK9Aoeh+iIcc2LzIWSnbJzPwW7sbon7JMctyinnQGr/PdMeS7z4p4HqaZHo3Fr5C2MD+8W5m19bd456KyvBFzxLe45+Ni/kqA1Z+QcShTosFDmtOVvmNvxj8gxxUQtawq7TC+AfyC3DskxmmplzayaIQLU8GPliOg+WPfTwLu8W7Q+g6jX+RlIKSEtwUBXSJpUHbDDnFogICInYeDyq1vfIILq7fKnh+j42FrCrLY/oSFpzfmZDtOLVUVrENw/KexSNp4VxQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=LN20v3bqOhzpAHMQQRINQPpSZyoylcjQDMHaiIdLc/I=;

b=bJoaimgh1fuMcoX0ga2EULBLs4QSVZ0HJJQLGHZxmHrtqzsy27GNJuv9QoUHRLsJelrPuD5tnEY2YV3HHrIoMz55rHA8n2994QULenytMims05ncd90JjVc74qNeNh5n3+xyIuR4v9CSDOrDz9fdnWbL4vSPQyDQXDJ6MT8t8bsm06EVQlPufmyrCfnqijBerj4zPUa3ATORGoCjKZnA/t/8/azFdv2MOZNk5OkDMiGeZIv+iR33Aj54akqW07XHDANCY7D9rzQJ0eNHGTbSJEe+JFduDtCcbc8a4uw2Syb22Ou/U+YWqagzqIGZOTrkIF5tUv858I2GNNGcLOLncg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=netknow.ca

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from PU1PR01CA0002.apcprd01.prod.exchangelabs.com

(2603:1096:803:15::14) by TY0PR04MB7402.apcprd04.prod.outlook.com

(2603:1096:405:13::5) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.32; Sat, 9 Mar

2024 08:50:09 +0000

Received: from HK3PEPF0000021D.apcprd03.prod.outlook.com

(2603:1096:803:15:cafe::79) by PU1PR01CA0002.outlook.office365.com

(2603:1096:803:15::14) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.31 via Frontend

Transport; Sat, 9 Mar 2024 08:50:09 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

wzestesgydf.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=wzestesgydf.maarredesvirs.life;

Received: from wzestesgydf.maarredesvirs.life (176.123.3.128) by

HK3PEPF0000021D.mail.protection.outlook.com (10.167.8.39) with Microsoft SMTP

Server id 15.20.7362.11 via Frontend Transport; Sat, 9 Mar 2024 08:50:07

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: sales@netknow.ca

Sender: KdKUHaMWfukj@wzestesgydf.maarredesvirs.life

Cc: sales@outlook.com

Content-Type: multipart/alternative;

boundary="_94e8f27a-4dd0-4deb-8eec-8bd5a2837d62_"

Date: Sat, 09 Mar 2024 08:50:01 +0000

MIME-Version: 1.0

Message-ID:

<8d832395-4a8a-4b81-b1af-3aadcae524c7@HK3PEPF0000021D.apcprd03.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK3PEPF0000021D:EE_|TY0PR04MB7402:EE_

X-MS-Office365-Filtering-Correlation-Id: 9826660e-4fd2-4fd2-a39c-08dc4015ec3c

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

l2x0DBqm2eqS0YLrpuqPg7ji6Aqq3qGpsoEXHMSKbxBD2HWyp+VDPXaIZ3QXZpFhq1SEER5a76luIJ+ku81Mf5TOYPUlzKJGeQfM65McA8pegXxzkL+J70zxJogJ4Egi0EAj3hjHeuYwSaN6uMcHYd7+K6pliFYYXruaWdRiLlIS7KTjWE/e9zI+kc8xxEeOplW8k4fzARashsBW1CroaT/vUwwonZZCY5ef8jPeDRqGY9u5KZEC8SWni8s5U3O+0qTAYNePCuvXGU4juLChu2AFqwikDvRITt3uAAkYUjSvC5YjTeNT975YEVTqCvyL8EkjGncQxWUA9UIs+7RsStqoaF4lz/SWXz3e1oxjK5Cs8cvZnmlUl/++6XggBT6HMccpSCvOb3wr8bk/xtaaFgLNeQIOhwen6CNCvv9Es0WIMsktMDkZDTOpiuB1+z0ZooXZmw52CMwNbQhcPJrl9JLYh5jpcO2YF3hLBYZ9N25GaqFJGo3OI5S8oJv1New0JjSvLyojqsGd1oPcWNrHZN5erTT+AvYcagwF33GmXn8ufjgNZ2mLpI7nysCpwoKMPBP8ZrpUwh2W0HZMVYw2MPZr46yovvebIMkBEf3461xY/SmA8eqQt6DRjb9q1v0sQl3IUg0kLni27aG4p9XRJp0yCfBriLu0sNWWNCG64x80mRUer7GsJvTI1fAhPqoRVI3ePSXEhftpar5r2O+agn9qpJKA4tLfCno53zui/lE=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:wzestesgydf.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(376005)(34070700005)(41320700004)(61400799018)(82310400014)(36860700004)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: wzestesgydf.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:50:07.7124

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 9826660e-4fd2-4fd2-a39c-08dc4015ec3c

X-MS-Exchange-CrossTenant-Id: dddde438-3f2d-4a18-9530-ce685755e312

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=dddde438-3f2d-4a18-9530-ce685755e312;Ip=[176.123.3.128];Helo=[wzestesgydf.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK3PEPF0000021D.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY0PR04MB7402

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.255.109 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 T_HK_NAME_DR No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_94e8f27a-4dd0-4deb-8eec-8bd5a2837d62_

Content-Type: text/plain; charset="UTF-8";

--_94e8f27a-4dd0-4deb-8eec-8bd5a2837d62_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" JGezBrWAZXkp>

--_94e8f27a-4dd0-4deb-8eec-8bd5a2837d62_--

Ninja Air Fryer spam from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwXH-00000000L9Y-2pmB

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:47 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:47 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-db5eur02on2114.outbound.protection.outlook.com ([40.107.249.114]:59456 helo=EUR02-DB5-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1ritIL-00000000Cj0-20KD

for root@nk.ca;

Sat, 09 Mar 2024 02:47:13 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=EyVRvNnirg5gVtRwriAFUehfNAvMUnJI/oH7pXziIvyYKArdCNGNxsC9LRvTfBLYp21+9gv+tYc0/FImUxt0MiD/P96OcqrmiywPcbsnK1YpbXtgKZIzA/BsBFGkEzkKvfcW9tlCBJ0PPItEuq7QrQkPHholyMQVQlrjdvZazIfRSMnH3HlX/ESUItZOJHg6aJb8rWR7CGvPIO4p1Z5PZFmgeBsCrsYOjU3+LPOlM4vS4UxpjBvtF5GaIjPmeZ6CZrtxJV8LsbUNk9pkbPggzG4gV4XOsFSxAFpnMhFbb9RFCNpBKwvc/4I17bGzaziXPZuTRDgxw+LTgQ8Ph9Hb1A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=CBdLWdvyFCXNqaPW/t7lfjAsZUSFHpce1icCuXbR6GE=;

b=XnO9cUsoMWFa2P3tC1CazIlAhDhXBvUDJP9aawg5BxApvVsbww23idepv4hOvrKYQClH3KhCGJhDLHvl6f69iXjCRUyaG0Ubke6xkDA1DvDiku0Js1PO4zRBKcZRIZiQamJ4IMj1qBhNenaeexqH2ZznufmJaLdCit421GdgT/RS4YjfmowMfeO+TP3x+ExLpj6aeV2JEYPpg/pw2yGm7s9O2TjJvAyK/NE1YxKEcQD3LOTF5JWKZ3Ddy0McIdcsO+TBLN7v+PywXdj0a8pDioTHK20ZP4SbHculvLFuBakGp02NRpAsk9n1RYc8IDnSGr9MWTcm/g1JlSZrVGrFZw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=asahipro01.prtlandermino.online; dmarc=pass action=none

header.from=asahipro01.prtlandermino.online; dkim=pass

header.d=asahipro01.prtlandermino.online; arc=none

Authentication-Results: dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=asahipro01.prtlandermino.online;

Subject: ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…° ðŸ…°ðŸ…¸ðŸ† ðŸ…µðŸ†ðŸ†ˆðŸ…´ðŸ†

From: ðŸ…½ ðŸ…¸ ðŸ…½ ðŸ…¹ ðŸ…°-ð‘ºð’–ð’“ð’‘ð’“ð’Šð’”ð’†-ð‘¾ð’† ð‘¯ð’‚ð’—ð’† ð’‚ ð‘ºð’–ð’“ð’‘ð’“ð’Šð’”ð’† < wywzhwfrac@asahipro01.prtlandermino.online

>

Content-Type: multipart/alternative; boundary="2487710-15761-d5c0a443e1d982ab5b4b1692c4857403"

X-TOI-MSGID: <255508780397919.EV516D319925C.0282715319805wywzhwfrac@asahipro01.prtlandermino.online

To: Undisclosed recipients:;

Date: Sat, 9 Mar 2024 09:45:05 +0000

X-ClientProxiedBy: BLAPR03CA0011.namprd03.prod.outlook.com

(2603:10b6:208:32b::16) To VI1P190MB0191.EURP190.PROD.OUTLOOK.COM

(2603:10a6:800:9b::16)

Message-ID:

MIME-Version: 1.0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: VI1P190MB0191:EE_|DB9P190MB1177:EE_

X-MS-Office365-Filtering-Correlation-Id: 1a3673e8-9d03-4bd8-a864-08dc401d9a13

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

GAWSmcizVwiCuRITuYsX7LmalJC8HwL9ZybpZtywoRNO7WF2uLbmzL6UCNAn7AFkD6STGeA5dvsED4zA4VMUZO3Ox0+mxh4vHUlxMN7j6XH0vxpk2PJjS0k+AV6Z+DseQK86wEqOc7sIDrrRshUE06cCLhPjAuNW5VTRuocwjGbYapzu3MwmmJBnmrIEecEu7zhYjOSZysRBv/+OGTyGiF+ZTohO4WfeePF3XM1Rk5+lbERr0ncd1seE0Ikfb5WmZrfzM817GafkGKmbZ2oHf8uP0yiXJKqf9k1GJM0tdYtBUvKALkaipbNURdTrSNJAKnqSNUmQ/lQaEbnrAC+VdtvG7APnYkZBRW7mwtlqk5WoCy+NnUWSDqKomvjfuWFZZ+sFCiTaPlMERH1qqdZSqw/Jg7lnuuW94eaDTZZZwnWBCFebcasAQ2X2a/qJW4fYylJDlT4bS/+bnYKJPUICyGUer+vvDWUsG0hX680uAkp9m4S9EpU88a5G6nKXx+wpCKtRYXIlZeZU9rYey6GVA28WdUSGujarEkWBSKxiUEH1cG3FQd5dbhangOTs+dfabDU1w3cYL/K7p/6LIICvWV9LV78NYgp3zOprJiIhKRtpGgRtHfWJpk/wI1LHTEVwM1nJ9/uviT79YsGvAg6QKyRtTDkZwuWebZMES/mlLiQ=

X-Forefront-Antispam-Report:

CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1P190MB0191.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(41320700004)(376005)(1800799015)(37730700002);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?RDFHK0oxbGVBL091Q2poemhWcU5Xcm5TMk9MY2lOWHRmdkY4SndXOWx0dGVs?=

=?utf-8?B?NFExSktPODUwMnNseUtLYXRFc1ZzK2ZLQS9nTFYvRmk4MnQ3SVBjbFhVTC8z?=

=?utf-8?B?a2lRV1Z4SWwwMno1elBIMmVMNmt4U1A0dSsrMlFrcjFtU2xMMWQxcHRnMXBU?=

=?utf-8?B?R2dWMExRVXhrOGM2SWdlbkExaVFxUUNrZGEwZktvNFJpVnRvb04wdkc1Q3Uv?=

=?utf-8?B?OW16REk5WFQySzU4bEx6VSswbWNXMTZyd2cxRHlQalhQVW5OSzR3THFkQS9w?=

=?utf-8?B?U2RTNjBVWEo5YlE0TVhRUDhXN3I5Wk1JM3BHY1gwWGQxeUUxdFh6UUdSMzFa?=

=?utf-8?B?TlhhV3hyYlhiM1NkUzJqajVKaSt6WVlxWDRCb3BtZ2hFQjVBSi9GREJsOG5x?=

=?utf-8?B?aUJZRUpwOGJ4Y01Xd0tFN3c4OExsdDgzQ0lsQjg5UElwaFAzdDhvdXZ4UUYy?=

=?utf-8?B?cUdzbjNna2s0RTBuUDVCQ2dpRlpTQmtSUmNRWWN1MmJZMlhiYkU0M3N0UmMz?=

=?utf-8?B?UHZHSkR1Nlc0U2lQeHFpL1VpekRwSU9laEcwU3o0S0RXd2gyU0xFN0txTUpT?=

=?utf-8?B?cnhMT0JqSHpFTTI2N3EvYlk4YjY3RVFVOGllU0tLK0Fhbm9YTUwvWkZiQlAw?=

=?utf-8?B?RGRSVjFNZ3gzTW1BRGZyWER5bFQ4Vm5DS0g4ckdDK2hHWDhGV01LeFBjOGNn?=

=?utf-8?B?aE83UVhNMnRIK2UzOTcwSUNPT1RwUU5oeU1hckFtalg1UkJjanRrMmRxQ3BE?=

=?utf-8?B?aitjMXh2S3BBVmlTQk9vak95V2xLdXlsVTVNV1ZDZTU5cG5iekxOQjAzNFNl?=

=?utf-8?B?R2xrRTJZL2dHa2ZXUXBQeHVGM2M0WXBrbXkxRFJhMHp0OCtQdjFKUDZSZUxV?=

=?utf-8?B?Y3JwQVdVaHgyWndwQTZnVDhjL1BlVDlxSVZaemdhYkh1UHVvTjl0ZEFuSEhH?=

=?utf-8?B?ZzNkb3o0Qkh5aVZYdnNROE15RjAxbXo4S0hFL0JjaWZiK1lrbDNwU2dYUU9j?=

=?utf-8?B?cExqNDAyd05STlJOMWlXNmgvcEQ0UGtQbTJaWEFDVHJjZEo3c3NSZ21CS1F2?=

=?utf-8?B?NlFDUnE0SE01aUxicklud25idSt5OUhSalZUZ0lJaUduSjZYVUNETGtYbXVH?=

=?utf-8?B?L2JvOGZkc1hhanlnQUROYy9jZ0RSMUdaWElqZ3MvUGRrdzBuUmxSMUtqR3Nx?=

=?utf-8?B?MzFqT3ZHeEhhNHNCZ3JaaCtZSTFFTG05UmE4cEJIdk51MlgxZURmYmIreHZ1?=

=?utf-8?B?TnloQ2VETjVUOFVjVk11ZmJId2ZveFhJQWg0aExYNXh2VFlwaTdUU3hZQ1Rl?=

=?utf-8?B?OGtmaGhGcnRCd2VuUGVuWjk2V1cvZEVvZjlPTEU2OEpHb2ZNNk5PU2twS0hN?=

=?utf-8?B?UnhGVlp2Qk9YQXRvOHhGelFyZlBMNlBxMGtjaUlsdXZTSjhVcWowaG44V1gy?=

=?utf-8?B?VjJuM29ieThIa0o1S211WWNrKzl0MWppMVVnNTdzMFhOaUNFRFppeDAydlkz?=

=?utf-8?B?YjRGZlJ1WExJdFJySlNUMENUYWJBVEIxTFZCZmtlVWFQQ2ljQjhWV2UxaitB?=

=?utf-8?B?bUUrcUtick95NmloV3lycHJRSEg3c3FvUEtwMjFHazN0citzMndBNW8weWYv?=

=?utf-8?B?UXpTRld0YVc3WjBZS3dOaVBkSXBZVkI3a3E0Ty9DbWFWWVMzU1BML2dZWXQ5?=

=?utf-8?B?b1RVMEcvT01XNXA3UU9IM2JsUzVxSkh3VVJjUm1GeXNFT1B1NTJldkQ4U09y?=

=?utf-8?B?dS85RGx0bEpjNXlZbERrTHNSZzMyWlRndVgrUytMenlxdnViWTdkbjByd3FL?=

=?utf-8?B?VHNMd1lRMDlJRE83cjRFSUlDSDRNZVVrUTFhWEZ5amRlcGtoNGw2Nk5TdlNw?=

=?utf-8?B?eDJFbEZ4eUV3SkwxeGgyWk9tTVVNZ1pxaE1JQkkyQWw0MnJQcC9ZQzdNRnpt?=

=?utf-8?B?cnJ5QlRJSEsrMG1aUDZpUXZVVUw2eXdGbzNaQ1BTb1NYMnp6d2lMUjUvWGlx?=

=?utf-8?B?enVTT2FGVDFMM0NyUEZheXVqL1R3aGVLRHAvaElIT0tCSkNVbGRaNGwvdGly?=

=?utf-8?B?b29YTFpKcXZwdDg5dXJaT3hXbCtmZGJSYWlqL2pBZlVmRWwyaFY2YlVTaFVG?=

=?utf-8?B?ZmM5cHJwWXA5aUcxS1RmQUJHdHFiYit6UHJRZkdIQnJ2UzJHb01PdG1EMmFQ?=

=?utf-8?Q?3hgr/NjL0IumvPGl/jhkuWlLKX3h7Ue8G+sxu4jw/RZF?=

X-OriginatorOrg: asahipro01.prtlandermino.online

X-MS-Exchange-CrossTenant-Network-Message-Id: 1a3673e8-9d03-4bd8-a864-08dc401d9a13

X-MS-Exchange-CrossTenant-AuthSource: VI1P190MB0191.EURP190.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:45:06.3826

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: fb8f5ef4-c517-4425-86eb-9158322ada26

X-MS-Exchange-CrossTenant-MailboxType: HOSTED

X-MS-Exchange-CrossTenant-UserPrincipalName: GQx22KlqXLfuk3v0/BYKovRELGoSk233kbOBC+dzqZuz5scgjJqm5UceSnJccqJGg5M+nmFoEzquqLpcRd7amurZJOVWrNjV6wGwkHNRxnPqkyoT1V3+icyP3s2PPwJwvl2Rat52uFMsOod8Ot88zQ==

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P190MB1177

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: (1) Notifications (1) Notifications You W E L C O M E

Content analysis details: (12.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: cj6js1jhf0sdfkf7dg.page.link]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.249.114 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.249.114 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

2.7 FROM_WSP_TRAIL Trailing whitespace before '>' in From header field

2.4 FROM_UNBAL2 From with unbalanced angle brackets, '<' missing

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

2.0 SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8

characters

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

Subject: {SPAM?} ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…° ðŸ…°ðŸ…¸ðŸ† ðŸ…µðŸ†ðŸ†ˆðŸ…´ðŸ†

--2487710-15761-d5c0a443e1d982ab5b4b1692c4857403

Content-Type: text/plain; charset="UTF-8"

(1) Notifications

--2487710-15761-d5c0a443e1d982ab5b4b1692c4857403

Content-Type: text/html; charset="UTF-8"

(1) Notifications

You W E L C O M E

- ð•¬ð–Žð–— ð•±ð–—ð–žð–Šð–— -ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…°

--2487710-15761-d5c0a443e1d982ab5b4b1692c4857403--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWz-00000000L94-3XGk

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:29 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:29 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sgaapc01on2117.outbound.protection.outlook.com ([40.107.215.117]:50657 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <046205501547@qfdhjfdjtrf.maarredesvirs.life>)

id 1risl9-00000000BhD-09pw

for root@nl2k.ab.ca;

Sat, 09 Mar 2024 02:12:55 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=CW3/iIy560ZTj8uMbMv+Pzh5up2cRvDtevBFF+2VI6bOg7cp+bRe2Zq9DM/hiSBazJ4okiyv1XNjD0ZvJnN5VHNDkZjggEY1Z47DEBYBiH0QRO4kXo4qkBDHIr1KNCwhd6enS57iQmfDQNub+Zhmh04mldIlphZL8kXH/ySXma53HRTYvPj+9+S+Tgt3F16z1d4wOs1jKPUEWo5IwthcnuuBak6bBhFp10/z/ZPsmtsK6mzHa+AmNuuUsMH+oDNOm/Y+iqGfurHK39glXLlhg0gAKrHp0kNd4OnGr+RcbjDnHapXrEYCdNLKdeIr079Ax1NH7OfdIIHqKcxtFEq7QQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=kdO7XqYZO5OLLTttyVEMy7syqehMUVC5monrSfBsZMI=;

b=QiDnPY7n0nbAIJqd/HYgXo3MVxuCdWWuFFzpvAV8XDgBSeQ86+XGWWgLNRLgY69sZkt0Rd0grOqcO5J7sHMcRQLzpH8YM2WV/Kq67iCn/ZA18iSrQC0hZj7mfCC0Wh1K0UC3CeTR1/m3h1H9Ieiz5Sdp0voN5x3yRMt3rnkn7cWst/qsOXFt2vGNhWRqyqoaSmMAj5bqXjYm2bVLW2pb9od3WpLWW1ZJIRch+WSlwKy3WSYiZ1JLpU0/7WUocqbuaFp5oV/fpXb9L4OQEUdGBTCd+ZTMBWpaPgPar6Yw+SbyH0+tE37CDd9DeHXySBgtmguHnx9CIoRssnb+XpfjNg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=qfdhjfdjtrf.maarredesvirs.life; dmarc=none action=none

header.from=qfdhjfdjtrf.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from SG2PR06CA0232.apcprd06.prod.outlook.com (2603:1096:4:ac::16) by

TYZPR01MB4305.apcprd01.prod.exchangelabs.com (2603:1096:400:1c2::8) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.32; Sat, 9 Mar

2024 09:10:47 +0000

Received: from SG2PEPF000B66CC.apcprd03.prod.outlook.com

(2603:1096:4:ac:cafe::60) by SG2PR06CA0232.outlook.office365.com

(2603:1096:4:ac::16) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.32 via Frontend

Transport; Sat, 9 Mar 2024 09:10:47 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=qfdhjfdjtrf.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=qfdhjfdjtrf.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

qfdhjfdjtrf.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=qfdhjfdjtrf.maarredesvirs.life;

Received: from qfdhjfdjtrf.maarredesvirs.life (176.123.3.128) by

SG2PEPF000B66CC.mail.protection.outlook.com (10.167.240.25) with Microsoft

SMTP Server id 15.20.7362.11 via Frontend Transport; Sat, 9 Mar 2024 09:10:46

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: root@nl2k.ab.ca

Sender: qAvVBPkUMZuN@qfdhjfdjtrf.maarredesvirs.life

Cc: root@outlook.com

Content-Type: multipart/alternative;

boundary="_5ea02d27-3952-43bc-80aa-648981ba55ae_"

Date: Sat, 09 Mar 2024 09:10:38 +0000

MIME-Version: 1.0

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG2PEPF000B66CC:EE_|TYZPR01MB4305:EE_

X-MS-Office365-Filtering-Correlation-Id: 6c5dfe2a-d23a-4500-a010-08dc4018ce6e

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

0lsCzc16k1VCT8dm0nv65nXVAVIHxWXLtV4MTnjYEqUrpDZB74eTceQteOdgm+GMoP71UeHpUQyLPr2pg/i60j/PDvNZdrjAOGPUpCj5APYN9GJEmoOs4mxADPb0ulfGeKkeWFYSz4m+lRMze1GuiCo860ZZPek9F+fCzFP6AEYSY4E3Zvmsu8wn7D9pqP9lkeczzYiFioYY+KmmYN2Dg8cZ1jnR9GrsKr7Oq5kmD2+6dXFPTuS/RTZwGwR7xs7ZWFRxdOndwey/7iMECMyDOSxsfXg76mSTQr27d5Ylxh8mvDTRncwrXxHJOHLmsi+FaPdJR34Xt1zrJjJb21cC051sJAKIsGx9xfzOkaKImOxmaAgV29nXalHFQAlYnWkJIxuABgDuDbfY73QjHL2pkILWOgTvuAC5uxUp/xKdS/9Pry/NPqKtgrkrQgmlXgYdjU9foCyTbvoEGIyITyECvkXAjy3LuxZmf1XhC2hkwNGc3ngjXBsbuxN6UdGownLRwiVM9D8GOxqCTYOM3wKuM88TqjmfAnP0/5gbF5GCzn2JH2CcMserefpo/feN4NUCzTRyYvb0Ee5iuTwoM0HyRhdx6Lj2z2URMmV8vfmGYA2yb24lWYwGQhaD61hP7k2L9r8uPxqGnAzeWqyyNgga7WT0/dLir4eawe4GIrGnAQLG6caUyQBBbVGPE8QLZD23HDpLNveyzvR9U2rtVUYMfBQY+HYGiXm2ihaZXVgeWPs=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:qfdhjfdjtrf.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(376005)(36860700004)(34070700005)(61400799018)(82310400014)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: qfdhjfdjtrf.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:10:46.2454

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 6c5dfe2a-d23a-4500-a010-08dc4018ce6e

X-MS-Exchange-CrossTenant-Id: 2f9bf9cb-54c5-4506-b328-bdbecc48a0af

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2f9bf9cb-54c5-4506-b328-bdbecc48a0af;Ip=[176.123.3.128];Helo=[qfdhjfdjtrf.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

SG2PEPF000B66CC.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR01MB4305

X-Spam_score: 7.3

X-Spam_score_int: 73

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (7.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.215.117 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.215.117 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.5 FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

0.0 T_HK_NAME_DR No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_5ea02d27-3952-43bc-80aa-648981ba55ae_

Content-Type: text/plain; charset="UTF-8";

--_5ea02d27-3952-43bc-80aa-648981ba55ae_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" AYVOLUlBFZiY>

--_5ea02d27-3952-43bc-80aa-648981ba55ae_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:16:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwXU-00000000LAP-3AzG

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:15:00 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:15:00 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01hn2236.outbound.protection.outlook.com ([52.100.223.236]:5284 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <375660970323@13fgitfuytdr.volcanicallyactive.store>)

id 1riteB-00000000DNH-0RVB

for sales@nk.ca;

Sat, 09 Mar 2024 03:09:47 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Vt+c9o10OF9z58aEFcr46Jdjsi0+SaKT8g7Uqkecm1oPgwSor8MfW1l5cCbKfaEXdjAiVAc0roHtw1rR+VazjQGMoSOh2LgSxx5VJ5JK05C56kQ7ykQId7ckd61JXVwwlboldbHYBWby99FB5JGVIR6XWtAaioQZ+TsPvs8Y8a4FHXXggk85bWsPeMEJmHedx3SkMexCfL5nzFkCFbPUSDPGG/w2ar3GREqwDQnp4TAouJkQUmhljimf76yFYa8d4+eMI8a+nqmd6Euuw58GhUPhJAM5HIVfKn1RoL+cPzSaIDlYSwtG/CYq46U7cfhb2QGjgscyWYkKhHCX337z3Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=C5x8Eo5yXsx3p0zl6FBQLwbpMbhIOL3FljTyL0rwFn0=;

b=ZldV8kafkEF+Y9l7vFoZUpzBgbBM0qddEvAc/ZqTOWAxrCvSHpstoa7jJtYG120msGeAIa+fhOQiXjU7vrz4s9YMKWMPxOc9/aj88vsqQRcdiYN6aPQ3dmkU+jv4tRZdp/b9TBLZSarevJSr2pJYSUj2ROg9gzSrGhf8oC6qHWmi0Op8c/jJ6RJCL29Uk/2WznUcyQ+uoPhNLYSkR/hdhpquYI1Mt5VN+YuT4pEruJkzC0dzGQASTiSkQ+qCvUaP2hKNxodUeD888FznNIuAbpSaDk5iZY/pUwnKdUPu2rTbRyl57yJQVEBQLfDkU+bN7Q8d7SHHlFlcIE/3OUmAWw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.148.244.11) smtp.rcpttodomain=nk.ca

smtp.mailfrom=13fgitfuytdr.volcanicallyactive.store; dmarc=none action=none

header.from=13fgitfuytdr.volcanicallyactive.store; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)

smtp.mailfrom=13fgitfuytdr.volcanicallyactive.store; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=13fgitfuytdr.volcanicallyactive.store;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: sales@nk.ca

Cc: sales@outlook.com

Content-Type: multipart/alternative;

boundary="_a60c3687-468e-4bf9-8b56-656328f1dc4a_"

Date: Sat, 09 Mar 2024 10:07:31 +0000

MIME-Version: 1.0

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E3:EE_|SEYPR03MB7924:EE_

X-MS-Office365-Filtering-Correlation-Id: 10603406-4cda-4230-fccb-08dc4020c018

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?SUxmNXdrRlM3RUVHSGVPMDBNSW13VERYWU5hSk9hcU5GNzZ3ZmNyYTN1RStM?=

=?utf-8?B?MEFYdXV4S1hLelNLT2RzQVh0VTNNSFN1QUpZbW9YQ2xVZUticktOQmszb2N0?=

=?utf-8?B?TTZrd2JyYzV4NDFjUnpxNmtTbHNZT3pESmNTeHF1QkNVQ0c0RnF5cy9ESFQ4?=

=?utf-8?B?VXdpbklwaUx3ZDc5cDRRa1B1YVJoZEN3NXFUOVQ0TDBOK0twOGh5dkNveWtR?=

=?utf-8?B?MWpTY05xdG15MUZaZmM1SFY3SzY4eDk5b21IZmRzOVFzNFB6MWRqZHBYUjVR?=

=?utf-8?B?T3VYK1JqS3JqcHJPKzJoMlZwVGZlK2phZzc3MS9sckVxaWxnYi9TenR5ZzZ6?=

=?utf-8?B?d21JaDFPR2s1SHN2U2RLTUlMRWFPNlBKQlp4djQ4T0c1cEFMR3ZVUDd1TnVW?=

=?utf-8?B?T29IOGx4UXV0QndYTU5mbHNHODJnOUVzWTBmcFpMcnVjbjM3bXgwM29kTnBT?=

=?utf-8?B?ekhiSWRzZS9UWlAyRWFMdE9uVkIvWDZRcnBUY1EwYUFXK2xqeVpmb2oxemhM?=

=?utf-8?B?VzZhWjlLeUtvYkl6dXB2M2ZmOENydjdjQXduTzhkdFlFdGRkU0dPTmI5Yk14?=

=?utf-8?B?Skc1Qk94dHRKamRMakx1R2RoN09QWUV4NXJRM2tLWGE3T1lFREtkYlVGTjg5?=

=?utf-8?B?NXMvMW9STDRCaEcrU3IyVnZRM1I2MVF1S01UaDhZMHV0aUpsbGVuY3VTTnlG?=

=?utf-8?B?Z1FJc2puaXZhQ1FGaVAzYjQrOUo0Q3JyR3FxSHg2MnNiMWJMNWgvL29jUC9l?=

=?utf-8?B?RkpTRGhwVjdpbnFvYy9zeGhLVzR3YUZFTGtHY3IxdG00amc1d3ZUQ1NlMGZD?=

=?utf-8?B?OWVrUmVIajhWQVZ0clIrRlZnVVFMVkNxZGVWeWMrUUNLNnBvbkxlNXVvYW9a?=

=?utf-8?B?eUpBMWFhZUtCdjBMb016Wk9hKzdGMW1GZEZkZlptcFJZRGs1NzRiNGJFRVlK?=

=?utf-8?B?ZVdmMmprTWRtbklOY1MvSkRNWFAvbjZDY2NSL2VsTlhhQVZwY01uTUdtK0dq?=

=?utf-8?B?Y3VURkIrRkpvZkd0SW5WOWVDQy9PdFMxYVFkR3BLMm9IWkFBZCsvZS9STlFv?=

=?utf-8?B?bDNTYVlaUDZqcFJpekltQm5WM2dVK25HdGdRVkNqTXF0K0JoalNaT2xyd1l6?=

=?utf-8?B?TjB6MGcwWU02b3hNd3ZPZ050SE5WOUdoa0pXQ1drVzR5SmpFSDFlcFN5czRx?=

=?utf-8?B?UEhsa3JDdEdPOHh2ak0wRysycHpEQ283OGMwVHduV0RxQUovaFZ3MmplVDNj?=

=?utf-8?B?b0pZL3B0OXFMd05PbTNoZWhSOVpzb1kxcE5odjNRblJuNWZ1MzJuWWRDM2k1?=

=?utf-8?B?QjVSY1VTNHRhd1hxNW9ycVRPUi9vNEthU0MxRTBKd3RzN1hkdTkrQ3V4M0pp?=

=?utf-8?B?dlROVTZkMzNjZThhWUFidldXRXZoMWF2TTRSaXE5d0EvMjFTV3NtSXY0NWZM?=

=?utf-8?B?SXlCYzJPbkpZRmZtOFYwM1BDRHBhbU5Ia0JCTU5NZ0FUSHJGbHNWa0xnU2RL?=

=?utf-8?B?bWppb1g3M3ZsQ1Y2NjFaRDJhQnZwWmp4Vmd0eFVnQXFUeG1uRmlGQjJTOXU0?=

=?utf-8?B?UFhPU2N2VGQ5TEVNVkJkNGN6MS9BWGQ3NHMvMm1NbWNGM2lQMjFVbWFySlkv?=

=?utf-8?B?RnBQNEkveUV3dE5lbFFxa1o5UmRFTDhUS2xKR2N2a3JnZ3hwWUNjSWVURW91?=

=?utf-8?B?TkoyZDZqekZKZERLZzFOVXVSU0RDMWZocVE2MzJnd1NvZXBOdE9MNXNDelBS?=

=?utf-8?B?T1hOUVIvUFdiRDRZQkJRUWhCK0lBT3hKeitEYURDQ2ZSUDBOTlRXbVBoRlV6?=

=?utf-8?Q?+Aa+VwWotUA/QCGJ5gndZABTZPGhanxEc8xfk=3D?=

X-Forefront-Antispam-Report:

CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:13fgitfuytdr.volcanicallyactive.store;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(41320700004)(61400799018)(34070700005)(82310400014)(36860700004)(376005)(20072699006);DIR:OUT;SFP:1501;

X-OriginatorOrg: 13fgitfuytdr.volcanicallyactive.store

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 10:07:38.1543

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 10603406-4cda-4230-fccb-08dc4020c018

X-MS-Exchange-CrossTenant-Id: d22ac103-eeb2-4d96-b509-f1d91c4340c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d22ac103-eeb2-4d96-b509-f1d91c4340c0;Ip=[45.148.244.11];Helo=[13fgitfuytdr.volcanicallyactive.store]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E3.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR03MB7924

X-Spam_score: 6.3

X-Spam_score_int: 63

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.223.236 listed in wl.mailspike.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.100.223.236 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_HK_NAME_DR No description available.

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_a60c3687-468e-4bf9-8b56-656328f1dc4a_

Content-Type: text/plain; charset="UTF-8";

--_a60c3687-468e-4bf9-8b56-656328f1dc4a_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" yzfUhIyGwypE>

--_a60c3687-468e-4bf9-8b56-656328f1dc4a_--

Ninja Air fryer phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 12:46:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rj2dQ-00000000EIR-2w5T

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 12:45:32 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 12:45:32 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-mw2nam12on2122.outbound.protection.outlook.com ([40.107.244.122]:13153 helo=NAM12-MW2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rj0Rj-00000000MTf-1QBq

for root@nk.ca;

Sat, 09 Mar 2024 10:25:24 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=fHIPmhNtWv8kfRzusjrT7yQv0dDQ+AsrfS6u46cM7JqEDEDyGGe9V6+lCo4/qm4OfKF0LCDGCUffjib40b3FK3e4HNOq2kevkrGqjePygy/5KWsU/4DR2I8TYujaawWSj2kkIpnZfYk3mXaYZ9Qs/OTDg8629DygSIMLH9l9jDIT0zw8CEXuzUATlnRBxmGHvsoidCf4x2Uz1mX5/NwTRuMjTPotLPhoTDfOJzOO0IBD8zrwebY3I2bKC/ed1XCMvXUGUlA2zxATpDU4+x7nc0chwuFSVmPbpdyS0OR1pcBiLw8XP0Jr+u8VCVuG50bay7nOQXGGYsuaR3yfnqeQdA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Hwgp5uVOoppmQNJojsSp4hkLG91Ls2AnIjf0k3616CA=;

b=i+sFXxuiqebMEcx4L9AR2Nf6tE/a5rGILYGiMVknz+XkpprmNfpKdH/rwEeP6SffDwMUac2v6ODwlZbILNuL3QIp+tL1BCwrj02S+EonOMvOUIeZr1/sbVq68DtDh0cbvEwE64B96PHtAi7Q6HqDgrbh0O2UPFaTGjNQe1gOUOX6ubs4ZvoLUHMMVXpI8yBeJMJMfcApVkhjZwsrkdfdz4n0sHekq/iOSN6mREyY0pjxN6YB30LOlvDr3Z4kCdkpZ8CON6MXapX0u1GtE0DuJV0ocauQ/2cFideQpEHWFsINIYgxH8pMc0hSm2f3/Xa7QHDgI9VWQOhiU6Y/s1/Wkg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.33.102.68) smtp.rcpttodomain=nk.ca

smtp.mailfrom=ghhjgjtg45jk.onmicrosoft.com; dmarc=none action=none

header.from=ghhjgjtg45jk.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.33.102.68)

smtp.mailfrom=ghhjgjtg45jk.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=ghhjgjtg45jk.onmicrosoft.com;

Content-Transfer-Encoding: 8bit

Content-Type: text/html; charset="UTF-8"

CC: root@nk.ca

Date: 03-09-2024

Subject: Order Confirmation

MIME-Version: 1.0

From: "Ninja-Air-Fryer-Unlocked"

In-Reply-To:

To: root@nk.ca

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DM6NAM12FT065:EE_|SJ0PR11MB5198:EE_

X-MS-Office365-Filtering-Correlation-Id: b21958cf-69f2-43dd-3515-08dc405d9ae6

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

ay8bJSpyV8x3WxLSNcikfqfhP+tzkt4T+lw3ceEfAq8VsDYcFAYlaWhMAcJT+Or8ReFi7wdcABpd3ufWdyLSym89ocJTu1GaMRjb2KFC4u9RfvJKYF4s1KFb83YlTciEt3yV80uwsbPtUTzFttyqBVW2+nV4iOWU1GqTRPl08StPM9J2/bfgxwLE3zuukLG4g3Rtui96wE9EVqLM6GPnSRecEYj57MBUcISnW+RslHToI4WW6tsqyEqvSvYDBjsgQX+QIUlUQ2EfVSwgqoggWgaVw4IuN6zECIs02NO9BrdOP3E05lmnRb9Dbeljh/jLiovHMnzXwHse0fjifLxeNsBL/7Ai/RfrIZUIwN+zlW5ReV6iHxkF5CGWRRI86Qus2hjepehUNTkT/1YWM879XzV29vMvctc10m5NO7nUdvR2fxKUmL2f2QeO5uOsZQwRSD5zedKNr+uAQBN35Hsu0dOhrabOpY7lbuKse0/x/A3wmbNx2A5mWB+Ah2ZBMfYQyOYBH33NkpCYQSSz8sE2iSBJF3x69/MbpY7bSWhWSLtP0pHxh7PbtKGkVRxmdiIqfp9xnjcfkTSSt4lxpFOrcD7Xhim8UobsdJzGKMbpdbyI/p+BP9jAJmRUb9tTxhnQakGCLS6O62XAMlOLI/byT4fBlXibLiE+11BhBTaU7QcPqKOE7OxRFStarsYTrKRa7SLNEEoPovGC4ty5fANMuKC1VfErOHliYflms2jTx3Q=

X-Forefront-Antispam-Report:

CIP:45.33.102.68;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ghhjgjtg45jk.onmicrosoft.com;PTR:45-33-102-68.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(36860700004)(41320700004)(34070700005)(82310400014)(61400799018)(376005)(4523499018);DIR:OUT;SFP:1102;

X-OriginatorOrg: ghhjgjtg45jk.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 17:23:15.3744

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: b21958cf-69f2-43dd-3515-08dc405d9ae6

X-MS-Exchange-CrossTenant-Id: b1d303d8-ea8d-4ff8-b122-f8eceb6888d5

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b1d303d8-ea8d-4ff8-b122-f8eceb6888d5;Ip=[45.33.102.68];Helo=[ghhjgjtg45jk.onmicrosoft.com]

X-MS-Exchange-CrossTenant-AuthSource:

DM6NAM12FT065.eop-nam12.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5198

(1) Notifications

★ MemberSurveyPanel ★

ミ★ Ninja Air Fryer - Costco ★彡

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWX-00000000L8R-2PWi

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:01 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:01 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2105.outbound.protection.outlook.com ([40.107.117.105]:58623 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <954679954262@pfghdshsd.maarredesvirs.life>)

id 1risL7-00000000AiB-1QTD

for root@nk.ca;

Sat, 09 Mar 2024 01:46:02 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=SduoQ8Me4Bv8wEtmf6RrC4yXp4cnsxSYs4qqBkr4lRJuNcCPVMNthBerI6LxQIpLzddKQmTm+L//KG9DkP6x0KVA99XIew0pk5IW692a/DbZ1eRejY4Lcqmo/PjSMzxCTfwxnI94LCqrO7Fv0Bu/rvJxELpvsIfRKO3bYvOulyKQVUr/0Zmb96Sr/yURZXlc60YHHab75w3bc8z6AOAhdniTX6vpkThaI740GBZQWgEphCvMOdetX/RrIjTjJpQj2ZgB4v0UyVR248/ZX0H3VKfT2cYgJGlb+DHskLndH8jF7NbOTi5mjFEGIVo18gKKT5PwHTZCH9zGR0SkjGjYeg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=9oMZIL5bQN1yK8yTjcEUQbjV8N0IfKKvl6b06+Fqyeg=;

b=TBtQPLDPi+84UBRlQFEJ65ws0a2meUf4q8XMsfvpDs/JLIgi6hKSMzzhpu813Dxy21WIFpySHnya1i2780M1dqkoeA8OYnOck9GvOUq7ODYwG8p3IfA9OnPOTus71ewkx/fxxETfscyVVbgnasGeo5omahaFRLR1Bl+nruuHa7DI+wjODJAViLd7EtsIUQcVILNVs2nmUjW7UvJCZ1FEEd+w1eIUtTvXqwNxsPX+NCHHCuZYk2DCKq5QVHvcjyoZwlKv+DX7PbArD8VOV3805Snp1XboqzWnb8I6L9d6A6tm4Tw379CFTs9Ls3QSn/z3IhQulPPzNrZKvYzFDqAgSA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nk.ca

smtp.mailfrom=pfghdshsd.maarredesvirs.life; dmarc=none action=none

header.from=pfghdshsd.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=vvvsdgsdgfsd157.onmicrosoft.com;

s=selector1-vvvsdgsdgfsd157-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=9oMZIL5bQN1yK8yTjcEUQbjV8N0IfKKvl6b06+Fqyeg=;

b=WXl2qH9uDxVsXDu8nctnCf6nebkOH/TNy2cZnVYiK3P//x9TorRL7i/YeBWF+BoWsbFqo0WL/DFzRCY/xjr0PDWjNxSR9LbBYQXaaOGawGA+LQpmtGfMrqowIoZ54dEYHHscvSk3LYlvow69Bxd9JVoLEe6Xks1jygwLRaoZdsSZ1tixM0Z3jhZLlsWH0WmEUuOllstDgJl7nTr7fv7cnZf19njdEI4zXz0qTrvNqiH7d7ilP13WefewLx5ZHPfRlV1iRair0Mu1YscJra31N6YACo/6LrPdidl3Ozw801jprRQGMrgxtPdwmt3JTm4rzbtdCvOtD1yGDWYlbweLyQ==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=pfghdshsd.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=pfghdshsd.maarredesvirs.life;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: root@nk.ca

Cc: root@outlook.com

Content-Type: multipart/alternative;

boundary="_b4890781-b3e6-4a2e-9430-db164b979432_"

Date: Sat, 09 Mar 2024 08:43:48 +0000

MIME-Version: 1.0

Message-ID:

<336732cd-8815-4472-905e-222fbf292387@HK3PEPF00000220.apcprd03.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK3PEPF00000220:EE_|SEZPR06MB6495:EE_

X-MS-Office365-Filtering-Correlation-Id: e5f70b59-e346-4ada-ea7d-08dc40150bc4

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

GtOcelbzZC9m0MZ48ODss5UaMTwkX5O5QLNSiWJgrPpGCFPrisVf84yDqkfHzI9EVBdsJH5QL9D9ZOaartG/BI4+pz7lf4idN5cvjYFZyfQQTLONTa67Nvy2XxcmN0a6jkD1B6/bhSn6R7HbRD/XeDB+PSqtXJ6x+pwwjonM1NXiekd10C4NmYZNQUe5RxoMlicmM2hzUoOi5xXgbryDSgrsoMMvWz4yVhI4LVD+VduRzch57Yklumx7FknJOAYeWfYtmnju57FfYzCQlG/PdhhAC3RJsNx0+ARcFfisyM8MYQhP1bOHzANJTCKURQMeWr3knHS8BLjan/DY7xbD0WK+H165G6HWjuV5pZBLWSf6inQ9HGEUnSfYUrUg2QITEh/vSuHBtCBahIkL3OVV1WeGl2r/MkLQL5ZK9eYgVUoEsYZNfnC/C7mVWC54lvIn8CBAZ5uplUDft3Z3KUJXHzjGgYCcr2Zy100/jbu9JuQWdx2QegUzlua3aKriZTqS2s2jyHL/In2KveCefzcMSaxMUYCnNs+ByTTod7Xzfkvz2T8g0aLsyVSvxuPNMsUciiI4+p1/8QiWMmCwSOcX0KLv5CzdJT0KzQ5ZH6OmC03nODKVtrF4yg9f5PGvi7lgr58EGSono8NOrLk7neXQZ13x3TlOe0WA11HLWwaLMMMZsen0w4TDMStJaFzaRfB6GPME+Zt9zxpNvigI+bxGGIgGzFuDiF5rTvIqgHi8F4w=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:pfghdshsd.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(36860700004)(376005)(34070700005)(82310400014)(41320700004)(61400799018)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: pfghdshsd.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:43:51.0869

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: e5f70b59-e346-4ada-ea7d-08dc40150bc4

X-MS-Exchange-CrossTenant-Id: 129d6ab0-a66b-425e-b1c9-1733ae3b6973

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=129d6ab0-a66b-425e-b1c9-1733ae3b6973;Ip=[176.123.3.128];Helo=[pfghdshsd.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK3PEPF00000220.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR06MB6495

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (8.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.105 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.105 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_HK_NAME_DR No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_b4890781-b3e6-4a2e-9430-db164b979432_

Content-Type: text/plain; charset="UTF-8";

--_b4890781-b3e6-4a2e-9430-db164b979432_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" QXBwjfffaJsv>

--_b4890781-b3e6-4a2e-9430-db164b979432_--

Ninja fryer Phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwXM-00000000L9j-3rxF

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:52 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:52 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-db5eur01on2125.outbound.protection.outlook.com ([40.107.15.125]:64798 helo=EUR01-DB5-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1ritIv-00000000Cjl-3xCB

for sales@nk.ca;

Sat, 09 Mar 2024 02:47:50 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=mJeqK666f/LuBVEtSqxsy8sB4+4gDQLqmhMribS8jBfl3wsOLmPBTFan7xlstycIZrGwr/VRW4tDTZlIx6q/8m+epYCIMnoPyEkBaKKRGQkoOk9D5qo+ptdP2Zvv3X4lMzSHV41DlJDIsQEj82MA0nZS8CjqSFDMk4bY+tPxMq23xl9lHB3ikzdLkql03TlHzkvB42x3z7pyTFf3F27jfYlkWIYdb2Mu8HwR1/ny/HwullmwPGmxqbvyFHJtM4PTRXshr8W2/i6PQVRam4DhTvEYOaV6k0dVDLRfLT0xIGNT7Ckr667iXFSn3NvTM3Ql+AtmCuk59RNLzf/QfdXDjQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=nEvo/ZFAmfM3FnSFTDAUhBVT83rJD8rmfSRNw3J0/oc=;

b=HhpTArrYW0y8wRgqluLAsL0R1cwJvOA5IkNmzioOKZ2VTjFY+gqjeqwhUw6steRYjlVPEPiy3hiKbQ0e8jHSBy2wkHgAGmnt0CTy5O7/tiIgORRtYhy1o1TvX5K8z7gq0PF+EWKW0AX6AejDE+f0HYHJkIFMmnGAzGZB7jXeymDIgsoUyRiWeA0em7pIzip0mN8Sif8TSB1cD//IRY+4p3aGnOXu6fhDPlyYZMfbq8+GddKyHFTo4waLtI6BaftB1sIcIpM69AH1jPWxykg92Qe15cy0Mr7LEqqY0/7Nwx2xy3r4nuDbKoDhqPhAvJridCGhd4TI/QSGZvxvTNUpVA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=asahipro01.prtlandermino.online; dmarc=pass action=none

header.from=asahipro01.prtlandermino.online; dkim=pass

header.d=asahipro01.prtlandermino.online; arc=none

Authentication-Results: dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=asahipro01.prtlandermino.online;

Subject: ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…° ðŸ…°ðŸ…¸ðŸ† ðŸ…µðŸ†ðŸ†ˆðŸ…´ðŸ†

From: ðŸ…½ ðŸ…¸ ðŸ…½ ðŸ…¹ ðŸ…°-ð‘ºð’–ð’“ð’‘ð’“ð’Šð’”ð’†-ð‘¾ð’† ð‘¯ð’‚ð’—ð’† ð’‚ ð‘ºð’–ð’“ð’‘ð’“ð’Šð’”ð’† < pstuswgayd@asahipro01.prtlandermino.online

>

Content-Type: multipart/alternative; boundary="2491178-15761-33af048268cd3a0c294196d4e1689fbe"

X-TOI-MSGID: <396278296440410.EV457D584638C.7546726751942pstuswgayd@asahipro01.prtlandermino.online

To: Undisclosed recipients:;

Date: Sat, 9 Mar 2024 09:45:39 +0000

X-ClientProxiedBy: BL1PR13CA0134.namprd13.prod.outlook.com

(2603:10b6:208:2bb::19) To HE1P190MB0329.EURP190.PROD.OUTLOOK.COM

(2603:10a6:7:58::25)

Message-ID:

MIME-Version: 1.0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HE1P190MB0329:EE_|DU0P190MB1777:EE_

X-MS-Office365-Filtering-Correlation-Id: 340ee889-137e-432f-c581-08dc401dae3b

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

aAFi4MzeLcBRsdsqmQbLOhcZCVu4wa1TLQ3XSubvkxPXxCaHs3IYaEzUokOuyr5lpXGfpyP9PgvzkI0GHE47DxeYR6KX9xrVYjekwqYdlG9z9/eOAYsA2FSSJxy8yE/VZq9+iq2hSgs//bAOiz6sOr5OYfcVrI/9itDr2i1TvcVQuGCSl4HK+OabJ0OYkSp5olRKqPKpBXrk3wZm/0E9yw9bnLITyuxVh2bah2B76gR2+KlYyxBRyZ3nfZc4T0R0Rm1UhXGA/2ErbRmCAbrfcl/txP3lUYytjdVURrfYPgJvR+G3DOGDT0w/9VHRJBC4DHb1FqSDalu843EKHU7qdw9ZWx2/pOnl22uCRzZVbwqCblurUOpjBYWbnnePN/3XYmrXmWmwx35dyUPDO9wb79LkhdUge4q3Y9x3krEmWggtuWxOtN6uCJXXHzgmLVnS1VSiLfo9Lt1kR2KyPGf5bt+uEPWYEYjdEumZd91fAebQgeo7xQah86Zs2zGgKVkeNM6BG7aaw8L14oWzGSOdm7ayU59E0Q7nRNcYM6qFiNhVuOFWwu7CJDZ/xyIm+BNED75kwASgk1XIZwX4W1l30rJyykkMsx09fwA0pAQvLWs8C1wXZ5tiSeK5EKCw6CGeBUpW2MLdFLNuV9fQ+FClCO34LywOw02r6S/b3kWWKT8=

X-Forefront-Antispam-Report:

CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:HE1P190MB0329.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(376005)(41320700004)(1800799015)(37730700002);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?R25vMnhlaXlNUGRUVWhPTkhBSW5FRC9vSmIyS2U1QU1XVUZ3YXRFVmRidlZU?=

=?utf-8?B?SFRML0hLZ002bENGS0s5MFRkTENOdk91clZPMDU1bjZOakZ6VHluM09JaFMy?=

=?utf-8?B?cGt4RFU4cXY4bEgvMGI2a3QwYUlLeTdkK0RiNE5zaFRZaVE0b3k2NnRiSjNz?=

=?utf-8?B?NG4rbjVMa1lYYlVvMVZvZ1RCSnlMemNNSlI3RlhiZ2FoR2ZENVgyRHhIWHZ0?=

=?utf-8?B?eWhoRDFFSkNySVljdW9rcGJiYVU2QmE2UFJlVkwxMjEwaCtnN3Q3TnlydzZO?=

=?utf-8?B?VGIzZ1FjK0RtTStzV0Z4eEVoZ1ZjZGJGYy9CclZKNFJCbFNCQ0ovV1FiQkxG?=

=?utf-8?B?YlkzZ3RuQmFnWkJOQWhaZElBczA2MnBYUGdmMnB2TyticXBmdTM3QjZpMkJO?=

=?utf-8?B?UjZqVDlrOW40Q1lpaVNoeFhQMUpTcW5xNmVobnIzdnlMc0h3VFFwTmpzQ2Zh?=

=?utf-8?B?TUd0c3BhV2p0Y2lTT2JHT24xK2o4SW8xN2wxbVU5QW5mSEVOODhnZHpjU2k3?=

=?utf-8?B?ZVYreGhqVVFISWQ3cTY5bmswc3Y0cnh4amh2eU12V095TXAzaW5KMkJKY2lY?=

=?utf-8?B?QTNtelVPOEtCa3kyeHNWVEYrOVhWcjVJcTRUWkJQK3NINjlPRmY0d1lHWmpK?=

=?utf-8?B?b2I5d25kNmdqZ0pqb0d3b1dTa0l6UE1vb083MFNydURzR0dmNE1sTXBvU1FJ?=

=?utf-8?B?dEFTWlJUZ0NwRDFNb1gxRVVYcnlYWk5iaWRkaXV5ZUcvTXJiQ1c0N0JNS0xv?=

=?utf-8?B?N1NCOGVZODhmMitKZ25rV0Fja0p6UlBJZnMzbzFSNDZnS0FyTTBzMnJsVU5X?=

=?utf-8?B?dTd6K3JFZkJ6V2VBUCtSWWhSSDZIYm5TM0h5U05KNndHTTVrbzRtdVptVWlZ?=

=?utf-8?B?VWpOUjBOQ2gvbjBOem9qdzFRREowMWFTYnVNcVkvUmFCUVQ4b21rSjZWQ0t1?=

=?utf-8?B?eHc2blAzbmYwT3Y3dU85Q3VVOW4xRFVieVdET0thcnp0OWtQYWZSUnBQN1hE?=

=?utf-8?B?R1d4TEVaMmhuTDNhSGNIM3lXUHRPSE1tWTE2aHhpY1ZaTGlCSldPdUJ5TDcy?=

=?utf-8?B?VTlQUVVabXBwSm9wLzQwNWtPT2xRcWxDU3gzWC9CSTJGNWFDZ3JKVGFmQ3Fq?=

=?utf-8?B?WmdZb0FGSERZaHdjRUo3Z21ZMlVFdmlXT1dERmJEQVJVR250cVM2Q2o3Wnln?=

=?utf-8?B?c1ZXVGNCWnA2dGUzTGl5VXdxRm9uYlpRUWxIYVVzRnRNMVlObi9qSDI3WkJI?=

=?utf-8?B?MlQwRkFKRU93SmY4SFFKWEthTGt4K2k3ZEh3Tk5iUTdTVGJ0cXNFbmtiZ01Y?=

=?utf-8?B?Rm9YS2YvcTZyVStFUzA2OHlrZGROK0lMWlYxaWJiNjR4NlVxRy9OdGdwckhs?=

=?utf-8?B?UkVaaEltTWlYUzJlZWgwam9DcjNOQ0ZyYVVWSkV3NHJHUm9DN3p2dEdJa3o5?=

=?utf-8?B?WUFBS1BEZzZEM1hiMnVoNGVkNExtbmZpQktpczJ2dHMrelJYTW9zL0p0cFRN?=

=?utf-8?B?V3ZpZlFydGhJa3l6bHJTeTJkYTJmM1ZSY2xCUTU4dzFJVHdQZEo3NU1GdGVV?=

=?utf-8?B?czRMNUI3OW9UTHE0SnlxVjNLd05yR3JnZTU3NHdMcEpIWmJiT05tVE9vd3VI?=

=?utf-8?B?NFVNSnFVUWRmWnZIOU4zNk1SZDFoQy9xMDk5RTBzbGJ2b0dBd0lwTXpLVm4w?=

=?utf-8?B?VWtFNjlqV0ZOb0p2QjFkeDJ0aFdVQ1FqdzJUUFE2Q2pHRkdWTmc0Uk5qRlhD?=

=?utf-8?B?SUI3UHVBUUs2am1UZWNUMHZib1Fza2lTUFpjT0VoSlhTWGIzTTI2ZERqY1li?=

=?utf-8?B?TTFDczB4bDhwZmRGMmdIQ0RDc1M0MlpTYlRLOXJSUjQvLzZBMlBLMkc5Zlli?=

=?utf-8?B?dWdJWUhBNHQ5MW5jVnh2VlhuSE95WkhISG9lWDhZUjhaYnZSVnVtWDIwOCtP?=

=?utf-8?B?Z05Zckc4WGV1VEJBVFdhZnFOU3UxWUhRYU5BZC9CQ3lmNjlKOWFIMSsyYXR6?=

=?utf-8?B?Qk9LZ254RmF1bFI1dHVwNklRdkRhMGFZTE0wZTJsdEJPTnBKWWw3Mm1vMnh4?=

=?utf-8?B?RHRtb2dKWHJQbFlESEtZME51NkdDTmlPbUpVOHQ4Zm1hK0V1anJWMWVyRUhZ?=

=?utf-8?B?S1JmbjJ2YXoydXFCMVptcUQyc1ExMUF2SWxlTmZzZHFGbEE1UEdZTzdVbnVi?=

=?utf-8?Q?5Jez/ta9pwV440LSN+R4S20Wo5RwasICR9emnpN3a3g4?=

X-OriginatorOrg: asahipro01.prtlandermino.online

X-MS-Exchange-CrossTenant-Network-Message-Id: 340ee889-137e-432f-c581-08dc401dae3b

X-MS-Exchange-CrossTenant-AuthSource: HE1P190MB0329.EURP190.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:45:40.1895

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: fb8f5ef4-c517-4425-86eb-9158322ada26

X-MS-Exchange-CrossTenant-MailboxType: HOSTED

X-MS-Exchange-CrossTenant-UserPrincipalName: Cyf4AKkmVEY5n6pYbQCSaMGiXTKuVLUJHdQLj/ruQ7LYZhzheoyczl6rrgImghj4ALk7xf0MuqEhNzuOnkc570QmK7Rz6Xuh0LDUDiA9yGsE5OxZPYQzr7JzOG9eoY8GVfVoaoHxb5F2nvFlffUHsQ==

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P190MB1777

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: (1) Notifications (1) Notifications You W E L C O M E

Content analysis details: (12.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: cj6js1jhf0sdfkf7dg.page.link]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.15.125 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.15.125 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

2.7 FROM_WSP_TRAIL Trailing whitespace before '>' in From header field

2.4 FROM_UNBAL2 From with unbalanced angle brackets, '<' missing

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

2.0 SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8

characters

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…° ðŸ…°ðŸ…¸ðŸ† ðŸ…µðŸ†ðŸ†ˆðŸ…´ðŸ†

--2491178-15761-33af048268cd3a0c294196d4e1689fbe

Content-Type: text/plain; charset="UTF-8"

(1) Notifications

--2491178-15761-33af048268cd3a0c294196d4e1689fbe

Content-Type: text/html; charset="UTF-8"

(1) Notifications

You W E L C O M E

- ð•¬ð–Žð–— ð•±ð–—ð–žð–Šð–— -ðŸ…½ðŸ…¸ðŸ…½ðŸ…¹ðŸ…°

--2491178-15761-33af048268cd3a0c294196d4e1689fbe--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWl-00000000L8n-1gyv

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:15 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:15 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2094.outbound.protection.outlook.com ([40.107.117.94]:60632 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <600266532084@ndfsgheryesr.maarredesvirs.life>)

id 1risdz-00000000BQW-3X1n

for www@nl2k.ab.ca;

Sat, 09 Mar 2024 02:05:32 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=F8ILysviViKrwTbusbZkvhrsHTRNp2hJdv3uNdE5ftfmKiuJdP0NP7P2uYTBuJ2/Y2NDD7D9/oiJwnz7jObSEl4GsqDzpD9JmOWYb8+0ginRhy7iGOkePFKQhD+ozgOa8mVaSpOfvv96XNy5hqJt+Lh+3/8UUA+hffWgjvveRw4gvy+13hIN/fkv/xHTabrOccrMQ9Ub8H+rFCfPRFnRa6WsC3LOky1pX9uKg3De3BZRrBuGspFO0XA762r7f4QMKZ2LLtb8aTmAtxV3QiTTgXDhVMPQUIZNPrDFEulqkpVY3drdi0tTkq5LOe/QpBqtmCBTtN0OqeEn+AuqXB4Kwg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=7CfWSFmUeBCPlYzsgCR6iLRG0jpjK3T8Ql0yCvtO5/Q=;

b=nBHgHNMHbfl2w2AKRjR+ipCEHZ0QM//Cw+Hol5uGbcEzDyDGaNpl7jqc5RZuRQXTB4eZnSLYkBNcSG54QpsEAhXgAACAfBMfbVomunBI8Yqs7djaBR3+OKQ5B3zXwM6rhXcVdDB8ZLkTe9zWdm7jcaS4oI0TIa5jTJ+h3AG2tGoeBd0jxzjhngD6B1YRb4374vEpWW91tgvP3yLie055be/pjPog/kAl8SpEuvrWotD23FnX58QJPcQE+lor1t6qZumxxasmvmTaw93upL1tpzpXG3+AqN6iOGB4SKle8mmvPBwmuyGs81WfLoMfQxHBqSO0e8j7Z3NSxqOLPPdPhg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=ndfsgheryesr.maarredesvirs.life; dmarc=none action=none

header.from=ndfsgheryesr.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=ndfsgheryesr.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=ndfsgheryesr.maarredesvirs.life;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: www@nl2k.ab.ca

Cc: www@outlook.com

Content-Type: multipart/alternative;

boundary="_75934916-a8db-4128-a958-239d335de6b9_"

Date: Sat, 09 Mar 2024 08:58:16 +0000

MIME-Version: 1.0

Message-ID:

<7499166f-53de-46ce-bc44-c9030b4fe515@HK2PEPF00006FB3.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK2PEPF00006FB3:EE_|TY0PR0101MB4818:EE_

X-MS-Office365-Filtering-Correlation-Id: df516974-c769-4b84-b5b8-08dc4017c650

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

WSS/RL1+0jfjY7v1FV0pB9gCQK9vJks+67cZ888lzM7BfXvA7RfFl0Q+YOVZxv6o1laVAi5bEFJjI+zd8KJGZeikhA1+DGP4fmYe/uoYYxUufsN1YDvOidcaRmr3wZ5LWHZiZHkLHXzZSdn7hL9Ys7VCVsK1kMp9Q2GAjfWGZTofD1ZmIB6d414SwKta57B8XSQH2mTolmL1YtM05erCNCIBGmJOSp4uSuAbJ96QdZzRSf8G2vjeoQSVeRKRrIt2LHoJvQlKmJpl4abSRdZP1EorT5moq35z22B2UJefoSZs59l3txCOD9IDCCcVl577hGSbIaTlnESzHHI20tD56wmAhg6dp461UViXMdlL4B8xG6Vx1NpDTfuDO5ErSE32fnZ5IEqQfIdwlionyNagYs6j8f5Dnnsev6CUCJskuE4Ypyd0rJQCPGm4V15BniZWJiL6khnCvLRoEGT+rlLY/X8kGacKhiin5fjZZmTiUz/egNebCWW9FEAhxLI7ezcTKutzMwAbSBlo4EgGSCKGHgAkoTUWbH609VKWg0EhiWfhWyJktZZT5NdJVixaLF+756OUXyoWEy9+Q9RZoXWcV6xzHGxsmZS9V45XphrCsTJi5WsTaBJF5sRFfUqkGzyZUQKt4+mMyhhrYXrK753ci6x1NlE/bs6D5UG3HrXA9VKElqWOp/0B8YHraNz2omXJd6CcUqnJcaVB6C75mgHsLctYSeaDFNykCWwL3N0ckCE=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ndfsgheryesr.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(36860700004)(376005)(61400799018)(34070700005)(82310400014)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: ndfsgheryesr.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:03:23.0683

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: df516974-c769-4b84-b5b8-08dc4017c650

X-MS-Exchange-CrossTenant-Id: 1f3f1b49-6efb-417c-b460-e297ef72af14

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f3f1b49-6efb-417c-b460-e297ef72af14;Ip=[176.123.3.128];Helo=[ndfsgheryesr.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK2PEPF00006FB3.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY0PR0101MB4818

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (8.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.94 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.94 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_HK_NAME_DR No description available.

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_75934916-a8db-4128-a958-239d335de6b9_

Content-Type: text/plain; charset="UTF-8";

--_75934916-a8db-4128-a958-239d335de6b9_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" FMaVvTkTiMuh>

--_75934916-a8db-4128-a958-239d335de6b9_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:14:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWR-00000000L7n-4Aqm

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:13:55 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:13:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2122.outbound.protection.outlook.com ([40.107.117.122]:17421 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <209479238566@aswtgdsysd.maarredesvirs.life>)

id 1ris9F-00000000AKB-3KGo

for doctor@nl2k.ab.ca;

Sat, 09 Mar 2024 01:33:46 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=hcH124z8YZ1UmCFINbQyu0Od3j/ia9J3zmcBkd7uATcD9AW0JCJ+/J6TtDyiEdUK0ec5otGLiHAzTda0azpUcAZN5a1auuqku7CszRx1nXcvge2qrXrr7mFI6EJBjothWhJkwryRO30rJ83SQneA4XfSxGX2BOlAugQl0HWlnlj63WZxyu00IKL6FFNLsxkEc9RjBLOdMoGR3dWlkqXboc5g6E3omi960eytnKKBm5CWCrRQCjuxV2fuqbvgWm1Y4hlEe2vnDRmDgrFObx14fxf2/hGPBOqEpzbCDr0w8qtIu00Lwh4H+njPTvrph7j/5TESYJBEjW97a9oF/uQAYw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=BrLHrTNGRw5v9M07IiTsZYXLnvCBN5Esqeh/2nQ7pvo=;

b=OV6ccskPTjDVBKzEsy7bJg7lS+g/5wOVhnF/k0PLvnRYejpq0v9gbk1B1Mqz4QCH1wvRdhi9uH1Tumv2xuGxflcYmyTxJF0Yslf1ll4J1FqoG9Xk7MChwynqcUzc2GWvFwSJ6/l7rCZ3bjIpi2XpW8FLWWRpnpsFuEulm5zH1WU2zSXAkN+BRvOYI4/spsj5nb9pa2Z/n/iQ6uRyWDLtIeS2xlI8wLCf32jj72AA/P3n+QkMoCpbdr3RFZLwjQtTYoaJlbh1A7c+A4Cf9J9tUMdss0EDgssw6LhDe+cdZyc+uF8jwTURuQPFFs3yqDrHlgKhn6vI56SB2mx0M0w4Gw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from SI2PR01CA0036.apcprd01.prod.exchangelabs.com

(2603:1096:4:192::22) by SEYPR06MB6062.apcprd06.prod.outlook.com

(2603:1096:101:d4::16) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.26; Sat, 9 Mar

2024 08:31:36 +0000

Received: from HK2PEPF00006FAF.apcprd02.prod.outlook.com

(2603:1096:4:192:cafe::1f) by SI2PR01CA0036.outlook.office365.com

(2603:1096:4:192::22) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.31 via Frontend

Transport; Sat, 9 Mar 2024 08:31:36 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

aswtgdsysd.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=aswtgdsysd.maarredesvirs.life;

Received: from aswtgdsysd.maarredesvirs.life (176.123.3.128) by

HK2PEPF00006FAF.mail.protection.outlook.com (10.167.8.5) with Microsoft SMTP

Server id 15.20.7386.12 via Frontend Transport; Sat, 9 Mar 2024 08:31:35

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: doctor@nl2k.ab.ca

Sender: oMXFDYYVVAso@aswtgdsysd.maarredesvirs.life

Cc: doctor@outlook.com

Content-Type: multipart/alternative;

boundary="_95a756f8-48c7-4622-8e54-bf4b09b4339f_"

Date: Sat, 09 Mar 2024 08:31:29 +0000

MIME-Version: 1.0

Message-ID:

<7ad15569-0223-41a4-8a0d-931bf09026f1@HK2PEPF00006FAF.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK2PEPF00006FAF:EE_|SEYPR06MB6062:EE_

X-MS-Office365-Filtering-Correlation-Id: 25d191f6-ab92-4d94-f60f-08dc4013550d

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

Iqa2bH4+Ty+ahh2UL3lRN9Irs3YX8eGQ7ovQQYTLFZflKd7SkyTVGA7HS2sV/prXZ0XTKoTD3eAtKvoOkBZnzAc0RxmTCY7LI+4xxMVecXtSUIfhI/GVyO6ZJQO5YhqJVLoXouaq3gGIucwaCx3vpFZrOUL3zGt/5IVp/E3G1RYPo68kqhsLe4ocDf4AI+Xz/MfuJH01DIovBUOarX/v1klJR2Qkvom9d3yOH2T7cHTrtBvamyfjkg0srO1hqxtkxbm0KkbBXTPNtNFxQYpZEYjoTO9W36SXGEt80vkXF3HOU/ROnmn/flp6idil3vzfFVK1XB7XqP4D/ax6Vfm4pIG4ozX724K8BVAlnSo7iuLrrNC5jMMBGwprmRNirq8ihobnp5uZbKmopnXn8mFD73bNjhuLbYfdwEs10pfyzPMbm8F+J6wtngiOOIXzan1NVBzHKkhtkTnQxn3H9pOCvbzgsc9eft+tnY+8Cg+k+Wr+dyFipdIaWtfgQC9vgzHYt3PrhAAhI00LSIm0c/77QzUtjbdf6f/YLQM+hkKwb1Hj08ReaknVFYugGXcQuhdVpYYfaZnqndV7DAzSM9c4xceZNPbjHvDUPA7hJJartfPQTdC9wS+9eK6bGiZ8fRN8IiJnLuc3O4HgHkrmxLoGC7KWfzi9zFjGE7j4mKQ6HJvmxURZTBjHaAlIk6jubVEiHP9FGrweI7ubMX8TIn653OsfdCLDmFPEfEqaEU4tdDI=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:aswtgdsysd.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(36860700004)(61400799018)(41320700004)(34070700005)(82310400014)(376005)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: aswtgdsysd.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:31:35.0614

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 25d191f6-ab92-4d94-f60f-08dc4013550d

X-MS-Exchange-CrossTenant-Id: a4ebb3ee-4eb6-460a-bea6-5f3165f203d2

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a4ebb3ee-4eb6-460a-bea6-5f3165f203d2;Ip=[176.123.3.128];Helo=[aswtgdsysd.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK2PEPF00006FAF.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR06MB6062

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.122 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.122 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_HK_NAME_DR No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_95a756f8-48c7-4622-8e54-bf4b09b4339f_

Content-Type: text/plain; charset="UTF-8";

--_95a756f8-48c7-4622-8e54-bf4b09b4339f_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" yCjMIuxMcfpR>

--_95a756f8-48c7-4622-8e54-bf4b09b4339f_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:14:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWN-00000000L7d-1bnb

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:13:51 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:13:51 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastasiaazon11022011.outbound.protection.outlook.com ([52.101.128.11]:43400 helo=HK2PR02CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <683339915592@wzestesgydf.maarredesvirs.life>)

id 1ris4I-00000000A96-3E9v

for root@mail.nl2k.ab.ca;

Sat, 09 Mar 2024 01:28:39 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=ek6hgAybOn/eerYkjUMJVohxuFrUuRoZVvfwpDCr1drCl5jJG2GCKOi2rSOS9xRx3i7a1qXEu65scr5gRUgV0arwolOHBTgU6NuCLwaFpbEwDxcnLBRDXWe7+uFbR0mSTN8cNzmUJAGqwhoHOsaoq44zegfZpomuqEnLntP6URzZbmtEP0zRK25/pUgKxtoWaO/sk+HdyPAo6xD0nxhIFy36DbJxq+b7VCPI9uk3KyNGO0P/H9GrjJdIMrcf1FUDdw+i3UEfPkt/sF+FVceV/pp2XM+3bMrpit/DkM5iYTMXZfhDfbT4/ss5E1o1e3xGK972DBI277GFzxy2op8ISA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=v9GIyyI2wFE+TzdO0b1ZaYLhdRdRbvdlwJ7oqgG6Vdw=;

b=MvEJ9PdR2cAA3uo/THb8AvqnMFD3NgwB3zTU1tNKpJLTvNOzh/Q4LIKAFhIBCRBBRkRJwX5vdJjOhetC78dT50FYo0cP6o3Nx0x8aDWij29xNrDjmVIPvg3WDql0gWmr7++SFCrgcu4Z0c63F791GlFINsGRGNNZVhf+FZzRP4VxCJpmvTtzH2NMF46r2Aif1qMUeuTF0qivdtKZ9X21ovugZptHJ97krNbhBQWsQQ/uhHHT6Lg4sAy2WLara3/J8opI7b3vtBwV5yQiqn/z1ZhDI6Q34c+5EGsCJqj/RQ8CE6S9o9GOaWUYQp6x1ERvou9SsjYKFxFqjmZd6ed+iw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=mail.nl2k.ab.ca

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from PSBPR02CA0011.apcprd02.prod.outlook.com (2603:1096:301::21) by

TYZPR04MB7741.apcprd04.prod.outlook.com (2603:1096:405:74::14) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7362.26; Sat, 9 Mar 2024 08:26:26 +0000

Received: from HK3PEPF00000221.apcprd03.prod.outlook.com

(2603:1096:301:0:cafe::1d) by PSBPR02CA0011.outlook.office365.com

(2603:1096:301::21) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.31 via Frontend

Transport; Sat, 9 Mar 2024 08:26:26 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

wzestesgydf.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=wzestesgydf.maarredesvirs.life;

Received: from wzestesgydf.maarredesvirs.life (176.123.3.128) by

HK3PEPF00000221.mail.protection.outlook.com (10.167.8.43) with Microsoft SMTP

Server id 15.20.7386.12 via Frontend Transport; Sat, 9 Mar 2024 08:26:25

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: root@mail.nl2k.ab.ca

Sender: gqULBGIiZiCq@wzestesgydf.maarredesvirs.life

Cc: root@outlook.com

Content-Type: multipart/alternative;

boundary="_c84080d3-0050-42f0-be74-4eb13186a347_"

Date: Sat, 09 Mar 2024 08:26:20 +0000

MIME-Version: 1.0

Message-ID:

<05fdb39a-034d-4a15-8330-61913404a2e6@HK3PEPF00000221.apcprd03.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK3PEPF00000221:EE_|TYZPR04MB7741:EE_

X-MS-Office365-Filtering-Correlation-Id: cb398f19-71c3-4d61-96a0-08dc40129c7c

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

jcaPPxvCGf9cSn0yjAq1gjbzf1zl8H6/ypalP7OSlZVjSAHEUzKM6EUEVFoRhvsw/9ZzdICtcGBKbFQTgReYYUPM2e8p3O0jvj/YWa8xZBueTiQ/Hro4nqVJXrIrvjjXx09kZD8RXZbY8jUNvlCxFBEAiqkOSik34FPSIE8g9BGDxlZnfDeQCBBGNQ033hAHXWBZIiFBj1n7Nv6WRORMtFXB7nWYR29z0JAq1Q4noKiOlPF62dj2CiceXyR1oB5B6Fd/pCpo9FeARI+piCiih25oR73s2OPi4viC3x72tQRpTgMPTh/3DUQY5zmKt5KBQ2XzX43HcZvMvlRPVjJI8Ei+gNHYnwwbSXd/+W/Sa7E1luA5yf6E7DW1UjTfetS/iJoZ8YiydMVPYd2lLJZYRO/VCK2qB5/GuGsjOoQRLqAPPbd2VQ77QQlQhdDEzQ59LvARlvhN2bjVZqd9N4BviZ7rHACWJS5oRyH8kgpXxBGRYUnW+Z40OvGokGmTwhQAcdBzBvdl27fYvhoJn7EqoIRvewJtWuuGvrzorhmqozq4ZLZb2dpe4VI5zBNDSW3MEffyP036b2JQtQLxBkSTCzYgCN+MfejjWgkXjgguYpMeBrn33HJ0xlI/72r8onvExmewb1I3jQK+dwjuLOOyN8KDYM3VrJVmaM9qVDOGJAyRlw5O2dan7Z/XnSBWwdtXQPPGEmDCYCXT4RkRtCfZz0fcGGCQL4rFYeXTdgbzs4U=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:wzestesgydf.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(82310400014)(376005)(34070700005)(61400799018)(36860700004)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: wzestesgydf.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:26:25.4236

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: cb398f19-71c3-4d61-96a0-08dc40129c7c

X-MS-Exchange-CrossTenant-Id: dddde438-3f2d-4a18-9530-ce685755e312

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=dddde438-3f2d-4a18-9530-ce685755e312;Ip=[176.123.3.128];Helo=[wzestesgydf.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK3PEPF00000221.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB7741

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (5.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.101.128.11 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_HK_NAME_DR No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_c84080d3-0050-42f0-be74-4eb13186a347_

Content-Type: text/plain; charset="UTF-8";

--_c84080d3-0050-42f0-be74-4eb13186a347_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" CJDcnQehlqBi>

--_c84080d3-0050-42f0-be74-4eb13186a347_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on Saturday, March 9. 2024

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Sat, 09 Mar 2024 05:50:00 -0700

Received: from ns2.nk.ca ([204.209.81.3]:43273 helo=gallifrey.nk.ca)

by doctor.nl2k.ab.ca with smtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riw8L-00000000KTd-31RO

for dave@nk.ca;

Sat, 09 Mar 2024 05:49:07 -0700

Received: from doctor by gallifrey.nk.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riw6T-00000000K9L-3DqY

for dave@nk.ca;

Sat, 09 Mar 2024 05:47:05 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 05:47:05 -0700

Resent-Message-ID:

Resent-To: dave@nk.ca

Received: from mail-psaapc01hn2207.outbound.protection.outlook.com ([52.100.0.207]:21089 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by gallifrey.nk.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <623172099177@19ygkihjkhj.volcanicallyactive.store>)

id 1riui1-000000006ce-0mp9

for news@gallifrey.nk.ca;

Sat, 09 Mar 2024 04:17:59 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=RJFX2U0IQLBlLRdozzr7yVFILohWWA7/g/4vxRi3lXh+WXMGjsfLd6EafRSNZu3oozmWK7Ewk6SyL7ARC7xAY2cql+xDwuQehxsV5UWdxNOS+G0CSW6jj2k6MvfjyZk/QZZ5d80ZVrmqHMrRjIFXpWbhnT34REXrINF5devxUnswewTBFSiUFCaTPh8NZEngErJYlk5L/eUhJ6erQ9y23Y9uyIk12H+3GTlnqcbropy76IxflY4AL6J8UC4hRiNdnYWxUCMzXONj9RvcQ6IY4jNioBqXJxd+N19cPv6jGEWflssgm8CmLEkVJzYA6vsLVhMOSxCf4bNrhXylspM4vA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=z0PTn+/yY7ginIa2NaPumVlDYWqf4/Hzea4JYHuNP7A=;

b=bLvVWfYE4yEuR5S1bBrd3tSVd2ztXz72cO+Fkwrci7iTHHvQ+CT0GTfovs4IQXyaUVGpmweSEBfJUPl/da93X5oNOQsI1jPf0pbenz0wLlf2QO23kGbUToDaMh8FqYyMANVc5/4rhfXdPRd2jNlubNdmhIPeUSqegKrN/pei5VMbcHME3N4vfCkoH2r+j7OlTQsJWYMYJLX0ZXTKU7Q9BeXJR/ah3SULcSx4fSv6VUpck/wTFHT7eDraHE22A5b+vZoVMOJbQKJIbHlm69y7AlRnyjF9Ne4FqrjZeE39XNPjmAml65C70XQ4XjRJHXEyi+6FrsPc/F1+xg42GpKASQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.148.244.11) smtp.rcpttodomain=gallifrey.nk.ca

smtp.mailfrom=19ygkihjkhj.volcanicallyactive.store; dmarc=none action=none

header.from=19ygkihjkhj.volcanicallyactive.store; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)

smtp.mailfrom=19ygkihjkhj.volcanicallyactive.store; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=19ygkihjkhj.volcanicallyactive.store;

Received-SPF: Fail (protection.outlook.com: domain of

19ygkihjkhj.volcanicallyactive.store does not designate 45.148.244.11 as

permitted sender) receiver=protection.outlook.com; client-ip=45.148.244.11;

helo=19ygkihjkhj.volcanicallyactive.store;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: news@gallifrey.nk.ca

Sender: CaqJSQiOulGk@19ygkihjkhj.volcanicallyactive.store

Cc: news@outlook.com

Content-Type: multipart/alternative;

boundary="_959c3d16-a88d-4384-a49b-c2633ceb5eb7_"

Date: Sat, 09 Mar 2024 11:16:50 +0000

MIME-Version: 1.0

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E4:EE_|TYZPR01MB5786:EE_

X-MS-Office365-Filtering-Correlation-Id: 05003c97-f190-4760-6b2e-08dc402a6e8d

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?b1NyOEFvd01GWE4xMHl4ZmdXeUtLeTRZRkVMN29WZVBYYW02Uld5WHkreEhF?=

=?utf-8?B?bWF2Y2xFejBhbnNsejdrTHpsdEIwOEh2cTRYYk5QdEp0RXB1ZkRFRCtXOTNw?=

=?utf-8?B?VnZ4dFpya0c0bE0rRW54RWdSRnVOckdxVzB6N1lJcUVaOWk5elEzdFJYS1U0?=

=?utf-8?B?WTgrYUs1L04vZzFGK1lTRkZURHcwVzRDOW1wU2trTFUvZVJYZnU2TUo5T2N6?=

=?utf-8?B?WVdveEJtQmNzbmhzdjlUZkFsNzVLMUtuYjh6Q0pnQ3VsMi90Ry9Uekl5ZjFr?=

=?utf-8?B?aXZZdTJQaWpaYzFaMU9KVk5IWk8rd1ZnSFNDdXh2dkxUWnpFM2FyY2NxR0JI?=

=?utf-8?B?MDZ1enN0UStPZndoWDBBSlAyeXl3cEhGQkx4NnJCYXBlMTJjOHQ2djlXUmkw?=

=?utf-8?B?djNoYnM4Zkh6UHpxZXhGWDJySi83TTN5cm1YZ2dhQkwvSURES3BoY3ZWZkwv?=

=?utf-8?B?bWRiUDBQQmhvZlFGNTU0Q1BvNjl1eVd0Q3hDRXkvemRLcFhYb21MU0o1QU5p?=

=?utf-8?B?TUphRFp0YW1tOFRBRVpyMFRINERnWVJuT1pOVHQ1a2xsUjdhOE51blkrbUZP?=

=?utf-8?B?MHlKdVNwMkxZRUsvcGhjQ1czT1REN3k2TTZxaWs2NklDNmlPOWFCRzdIek1z?=

=?utf-8?B?Y2lqTDRXRmNzbVJ0bitYSUZYQjZCbjJPaC8vclpCMjBtRlhUNWN6UEc2aWhK?=

=?utf-8?B?TXQwYXp5NVpxTytsOS9rVE9NcTRHVStSVGNCTGRwT3htcm9PRXVpNFFLWmJR?=

=?utf-8?B?R2YwU2NVc3ZxUW9xZWluTmZuKzJIT2wxdnE2SDJGb04xanFucGtvNEVTWElI?=

=?utf-8?B?WTlZbGk5NFVpaEpwRURWUUJUSVFKVlRValg5MmY0bTlMbDZtNUh2SXFqOSty?=

=?utf-8?B?WnVUdEtFdVZkcmJhOEdyazE3VjluMzBzOG1HaFlYck5wU3VwNWVmMG5FRDNK?=

=?utf-8?B?R3VUeU5mMzBlOXdrakZldUJNbXVWNzNoWXlrTkxqN1JDWXpESDFRUDRQdnVC?=

=?utf-8?B?cUlpSk5mSkQxVTZDeWN6ck9paGlweEVRZ0kzbmhhb2FUR25KYlFMVFloVGhq?=

=?utf-8?B?c3dNQmVjWm1ySnczRHhhNStKWmhxRmZyL1pRVXQzM3AxZTJRL0RWbWlyRElh?=

=?utf-8?B?b2xta0o0SDdrNDhhcnh2TDNXZ1orc2ZTbklncVFnbWhKbGRXY1VEQnB4dEcz?=

=?utf-8?B?SjhvRkMxdUo3cERxSTFHZUozdjZZcGwvL0FxcTVqODcvNTNxejRNYitPVEc1?=

=?utf-8?B?TjNsVElsdU9LYlhBQzRaVVc4eVo0SlkydjlNZHI4ZnlZYWxWZzZwNFU2NGpT?=

=?utf-8?B?bUdURkRYTjBvUS9YdTl2ZGxNV1kyakFON2lhazJtTU9lb2pwZUFpZmZzaWx5?=

=?utf-8?B?RnUzbFE2ZW9XeVdFRVV4MzM5a3kwd3R6QWpKbGFpS2EzWkVMVzZzNjB0OWpj?=

=?utf-8?B?RVVEMzN2OUtEblJQemo1Q3hISjdzeElZTlVTY1RZc2tNdnc0RGlUT3pMYUJW?=

=?utf-8?B?QWxBR0oySzB0WHM5VE1EcDdZZmlDWVR0d0g4aWMyc2JtQlNXSExzdHd5ZGRT?=

=?utf-8?B?ZDJwZzh6SzJhY2xpeUtrUkFISWloZXMwN1I0eVZMMTBKMmxtWENLTktuRHNS?=

=?utf-8?B?Q1BlbzI4WEh3REltZ0ZmL0RlM3Z4UkVxRzBFV2VaSmJMZGNIMlNkakJaTy8z?=

=?utf-8?B?bTM5cXJKN3czMHE1YlRiV2h5cDBta0pRSy9VamdzenQzcTdlb1BCTHVPQkxL?=

=?utf-8?B?NnFJQ3M5SU4zT29HdEVrbmtIN1o1SzFqaWJTRkdZdmJocDhQTURhMXBWRDI1?=

=?utf-8?Q?hHZ2sZNl6OvWSdjHBBad3ZQ5JDQjyHWGKK8ko=3D?=

X-Forefront-Antispam-Report:

CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:19ygkihjkhj.volcanicallyactive.store;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(61400799018)(376005)(36860700004)(82310400014)(41320700004)(34070700005)(20072699006);DIR:OUT;SFP:1501;

X-OriginatorOrg: 19ygkihjkhj.volcanicallyactive.store

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 11:16:56.3583

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 05003c97-f190-4760-6b2e-08dc402a6e8d

X-MS-Exchange-CrossTenant-Id: 0a1d0ac8-3d8f-436b-a70a-2dcb1f3c7ef5

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0a1d0ac8-3d8f-436b-a70a-2dcb1f3c7ef5;Ip=[45.148.244.11];Helo=[19ygkihjkhj.volcanicallyactive.store]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E4.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR01MB5786

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.100.0.207 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.0.207 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_HK_NAME_DR No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.100.0.207 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.0.207 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_HK_NAME_DR No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_

Content-Type: text/plain; charset="UTF-8";

--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_

Content-Type: text/html; charset="UTF-8";

Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">

src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" sDBTrYGLZOkv>

--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_--

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24					Forward →
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30