Dr. Oz Keto phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 11 Mar 2024 10:10:17 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rjiE3-000000009kX-1kfV
for dave@doctor.nl2k.ab.ca;
Mon, 11 Mar 2024 10:10:07 -0600
Resent-From: The Doctor
Resent-Date: Mon, 11 Mar 2024 10:10:07 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-southeastasiaazhn15010000.outbound.protection.outlook.com ([52.102.193.0]:54037 helo=SG2PR03CU006.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rjhyd-000000009Hr-37uW
for root@nk.ca;
Mon, 11 Mar 2024 09:54:15 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=VccrPlXKXT0GMGMemULoCka66RmTNFE8vmGUuWjoIK31UGXyEjoZxkb5XCZ6IyRtt9/G81gn3OuOQ5DY4tqyoR3V/pxDQfZeqkylXUXG4GwAlTGEAUYJMljlsTqeIQeOzieI1iDk3sNlmlPcWi5nrCjpX8BNyF3oD3ghwp1q0mlKQnLUNKiIPKa2aaHf/EsQ6MPo24O7IbxdBcDslmNv13hlBQveZns18EtNdVHgLqijF8qurbJOoCulVnxCdncn6uY8R35uJuPNI4CqkjxF1ffs/bM1PYFQuJ5q2VRA9gtah4VnKhp1+ssn/kZbidFE3vrL7pPP2a730rU+4rLzQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=L8WydtIbO8Xh5uKphzrS2CS7P9NirP5bFUcMn2ZcCzA=;
b=iybxhjp4Npgr1B655tH3xKrX/ewoIW+P+mdQSbf0rmf8LQ2qaaaSPmolqA+IeUsweOpzLIhJ/XYRzaZDI+RTM4B1PSR50HbNhOuMnzavBgIrsad05QG14PeOgCuXrfDoTU6DAG2wJ6lDAUEzaUSl3XcSYdFs/82WoH9+1R5LSi9mYdUq6mllC26Hhsiets+7lhIUi6A3Zpp5PUTpEjJ8ycMFYoExfnLk5D+EtUs9Jh6OGwrvsaPgB8K4iKpfHVl0tHEGbsdhU5TuaBGIpnjOPE62pEoULNIbhysRJfybM1eTMqlolQl25uYqkZFHp6GsgeNdKwN2EDtoRnYQE5YSgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.148.244.11) smtp.rcpttodomain=nk.ca
smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dmarc=none action=none
header.from=4dhyurtshsf.decisionmakers.online; dkim=none (message not
signed); arc=none (0)
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)
smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dkim=none (message not
signed) header.d=none;dmarc=none action=none
header.from=4dhyurtshsf.decisionmakers.online;
From: "=?UTF-8?Q?Dr. Oz. ?="
Subject: =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=
To: root@nk.ca
Cc: root@outlook.com
Content-Type: multipart/alternative;
boundary="_93161a05-8018-4d67-8adf-0e8a4f7e69c4_"
Date: Mon, 11 Mar 2024 15:52:04 +0000
MIME-Version: 1.0
Message-ID:
<13628653-c90d-42b9-9d49-c555a72ec2c5@SG1PEPF000082E8.apcprd02.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SG1PEPF000082E8:EE_|TYSPR03MB8394:EE_
X-MS-Office365-Filtering-Correlation-Id: 91f1386c-10cb-4457-048d-08dc41e3339a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?NWFqY3U0eW9reEJ0TDdISFAzeDk0ZzNsY3dJRElyV3dIbVByTWhpR0ZSNzVC?=
=?utf-8?B?UFhQajc5NXJYWSt1WDlKVEFjY0l1WndrSXB3SklsYW5hQ1VsME1weGtuci81?=
=?utf-8?B?NURnTVFYdEdaWlZ1aVdBVXJEUm41M1lHMWdxSldTUTVLNXBLSjVIYTBXNTJC?=
=?utf-8?B?SEVlSUo1STh3ODk4RXBmUENNRnVqaFZzZkNIdmpaU2tTQk5jcXNkS0NxMWE1?=
=?utf-8?B?dlp5enNLTURiL2xiTG9ma1E0RkFodkRSOGJVd1o4ZGM4QjJzZkMzR3NqM2Z6?=
=?utf-8?B?aUxIZjNJaWRuaVpZdVRvdkpwSVBhZmUyWHZBWWVTRlJHUnZyU0wwcTNCSmsz?=
=?utf-8?B?bnRUWU1pMlhWQ3NJWnFCZEs3LzBGbTI1UW9zNEdJN2sydnhIMkh4WUZZajZz?=
=?utf-8?B?TG0rQWc4Vk5MWWN2b3FqNFZHeCtwVDRLaSt0M2ZGejJOcXBualRVSWc3eHRr?=
=?utf-8?B?VlNnNVZ0L3pBRkorcmFqNXJVSGg4cndLb3l5SXFWa0s5czkwcXd4Rk5vaUlK?=
=?utf-8?B?ckRuNHdwa09xR015VkNsUC9MZDhFa0h6MXF4THNYSHRVRjk3YXZINEh5UVkw?=
=?utf-8?B?d2R6ZFdrdU10RE9yQVQxb3VrSUJHWFh0UXMzV2RFOEtYVTk3MGRJUGxNdndG?=
=?utf-8?B?YnBBSDZVSW5jcXBhRDdyVjlIa3hUVEpIL2EybUVMUEZITTR6NjNBTU9FWFh5?=
=?utf-8?B?MzhQakJpOTlDcXFxT1h5Qnl6WVh4bVFvWmpCalZBMHQ3OENENnQzS2VmWk5j?=
=?utf-8?B?V3dnZEtkNngrSzJJM3o3NUdQK1NYdkh0Y3FnN1UxUGRVQmF2Nldib3JNaWVo?=
=?utf-8?B?UTdOMTN0WnEremcrT0k2Zld2VjNnWEhUSThJbllnYjRoVk1HVnY2cVdmK3l2?=
=?utf-8?B?MitjNnJheFVZOW54RTF1M3l1Q3dsaUdPTUZUdXo1NWxuZ242S1pkRmpWaEFM?=
=?utf-8?B?a25oYVhQVlFFNmpyMDlCY25ZMjM3aFNCWmR6aTFJMkVYTWNvQmdQNUNZeTZx?=
=?utf-8?B?Q0VvNVVmTnNFSHUyeUJFNWMwTDFNZjZHaHZFZWVVOUhybnFoRUozcjZLc0ZW?=
=?utf-8?B?cVNUY0toSktEMUdSa0lDK2RjN2ZhQWJIY1VCMTRSMnJ6ME11M2xJbHFLNzI2?=
=?utf-8?B?R1oxRGIreEM4TitFaGlIWkVuWVFYemVCOVhoSTZubm1vYWh1dGxVMHhUUldB?=
=?utf-8?B?MFN4UEpYWVNjMU1adDJXNWY2UG1lRDFEcEIwSWc1QXRmbzZnRFlEeUdpdFpp?=
=?utf-8?B?dGxoSyt0WFViV0JxODU2WkdSbnpyTFAyMExjRUwzdHpIOFBscXhCOUprVlVG?=
=?utf-8?B?VERISUNPbWVDb3BUcmpDWVE0TWppbFNpODBRVTAxMmVrMElNSkYzVE1hY0ts?=
=?utf-8?B?azJGS2lPWVpISEtqQ3RpM0NVbm5lSWJYQzd0QVl0ajk3UUNjOGJrTnk5L3dr?=
=?utf-8?B?ODFkdjFXaTVpN2RRbmt0SVhoblZ3TkJKZldRMy9BT3c4UFI5ZCtPVitNN0tj?=
=?utf-8?B?d3Z0eVV4c1Z6QVhZcjhVbnBUNmNsVk9XbDRMa0pGTy9FWlBnVHV4UFJlaEQz?=
=?utf-8?B?bU1HaUVpYkY0dVFyQWZDS1ZJU0w0aVk5MzNiZmhFYWZYdTl2VDRYUWJnQXhn?=
=?utf-8?B?emlGRDd6NGRsZHVRMHlXNis4WGZtelB0Q2cycnZ5Ry9KNEpSZFJySkY0L1lM?=
=?utf-8?B?cjBNTDNOU0VEdTF0SU8xdmI1dVBQTGdCQ0RyQjFmZ0prajVKaXY3SlVXcVJY?=
=?utf-8?B?VDk4WG1GUTlRZnFVNmlwVVdUbVoyYWEvOGNmNGI3bkVFeHE1R0R0Ylh0Z21U?=
=?utf-8?Q?HtEthuaBJfSLTNfVJDWfkth67tvESlfeLuxYg=3D?=
X-Forefront-Antispam-Report:
CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:4dhyurtshsf.decisionmakers.online;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(82310400014)(376005)(36860700004)(41320700004)(34020700007)(61400799018)(20072699006);DIR:OUT;SFP:1501;
X-OriginatorOrg: 4dhyurtshsf.decisionmakers.online
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 15:52:05.4974
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 91f1386c-10cb-4457-048d-08dc41e3339a
X-MS-Exchange-CrossTenant-Id: 59b61446-e8ed-46c5-b4a5-ae46f37d8846
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=59b61446-e8ed-46c5-b4a5-ae46f37d8846;Ip=[45.148.244.11];Helo=[4dhyurtshsf.decisionmakers.online]
X-MS-Exchange-CrossTenant-AuthSource:
SG1PEPF000082E8.apcprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYSPR03MB8394
X-Spam_score: 15.2
X-Spam_score_int: 152
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing
new diet taking the world by storm.
Content analysis details: (15.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: yxlk5n62qxofyjbp.page.link]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.102.193.0 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.102.193.0 listed in wl.mailspike.net]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 172.233.14.7]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header
0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence
0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
0.0 T_HK_NAME_DR No description available.
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_
Content-Type: text/plain; charset="UTF-8";
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_
Content-Type: text/html; charset="UTF-8";
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjHosWvobjKN7aUfB4ohRiI_17sF2yHSFNr7BG6Y7nRZYyHtYFC0jVqiAC65xdVDvoygpRfqmXdzlgXK5tYQRLIP62bOq1qHIsBqcd8rBLupYKzLtmdWLtn8hmg7PZ8crdMg1MRuzh9n5i4w6PYuqHKUJfzs6VcXyBQ8Ll3ILGYXWjtQVaRWNMlsPMyp0/s16000/KETOCA4086.png">
src="" zwUVdhObORHL>
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 11 Mar 2024 10:10:17 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rjiE3-000000009kX-1kfV
for dave@doctor.nl2k.ab.ca;
Mon, 11 Mar 2024 10:10:07 -0600
Resent-From: The Doctor
Resent-Date: Mon, 11 Mar 2024 10:10:07 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-southeastasiaazhn15010000.outbound.protection.outlook.com ([52.102.193.0]:54037 helo=SG2PR03CU006.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rjhyd-000000009Hr-37uW
for root@nk.ca;
Mon, 11 Mar 2024 09:54:15 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=VccrPlXKXT0GMGMemULoCka66RmTNFE8vmGUuWjoIK31UGXyEjoZxkb5XCZ6IyRtt9/G81gn3OuOQ5DY4tqyoR3V/pxDQfZeqkylXUXG4GwAlTGEAUYJMljlsTqeIQeOzieI1iDk3sNlmlPcWi5nrCjpX8BNyF3oD3ghwp1q0mlKQnLUNKiIPKa2aaHf/EsQ6MPo24O7IbxdBcDslmNv13hlBQveZns18EtNdVHgLqijF8qurbJOoCulVnxCdncn6uY8R35uJuPNI4CqkjxF1ffs/bM1PYFQuJ5q2VRA9gtah4VnKhp1+ssn/kZbidFE3vrL7pPP2a730rU+4rLzQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=L8WydtIbO8Xh5uKphzrS2CS7P9NirP5bFUcMn2ZcCzA=;
b=iybxhjp4Npgr1B655tH3xKrX/ewoIW+P+mdQSbf0rmf8LQ2qaaaSPmolqA+IeUsweOpzLIhJ/XYRzaZDI+RTM4B1PSR50HbNhOuMnzavBgIrsad05QG14PeOgCuXrfDoTU6DAG2wJ6lDAUEzaUSl3XcSYdFs/82WoH9+1R5LSi9mYdUq6mllC26Hhsiets+7lhIUi6A3Zpp5PUTpEjJ8ycMFYoExfnLk5D+EtUs9Jh6OGwrvsaPgB8K4iKpfHVl0tHEGbsdhU5TuaBGIpnjOPE62pEoULNIbhysRJfybM1eTMqlolQl25uYqkZFHp6GsgeNdKwN2EDtoRnYQE5YSgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.148.244.11) smtp.rcpttodomain=nk.ca
smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dmarc=none action=none
header.from=4dhyurtshsf.decisionmakers.online; dkim=none (message not
signed); arc=none (0)
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)
smtp.mailfrom=4dhyurtshsf.decisionmakers.online; dkim=none (message not
signed) header.d=none;dmarc=none action=none
header.from=4dhyurtshsf.decisionmakers.online;
From: "=?UTF-8?Q?Dr. Oz. ?="
Subject: =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=
To: root@nk.ca
Cc: root@outlook.com
Content-Type: multipart/alternative;
boundary="_93161a05-8018-4d67-8adf-0e8a4f7e69c4_"
Date: Mon, 11 Mar 2024 15:52:04 +0000
MIME-Version: 1.0
Message-ID:
<13628653-c90d-42b9-9d49-c555a72ec2c5@SG1PEPF000082E8.apcprd02.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SG1PEPF000082E8:EE_|TYSPR03MB8394:EE_
X-MS-Office365-Filtering-Correlation-Id: 91f1386c-10cb-4457-048d-08dc41e3339a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?NWFqY3U0eW9reEJ0TDdISFAzeDk0ZzNsY3dJRElyV3dIbVByTWhpR0ZSNzVC?=
=?utf-8?B?UFhQajc5NXJYWSt1WDlKVEFjY0l1WndrSXB3SklsYW5hQ1VsME1weGtuci81?=
=?utf-8?B?NURnTVFYdEdaWlZ1aVdBVXJEUm41M1lHMWdxSldTUTVLNXBLSjVIYTBXNTJC?=
=?utf-8?B?SEVlSUo1STh3ODk4RXBmUENNRnVqaFZzZkNIdmpaU2tTQk5jcXNkS0NxMWE1?=
=?utf-8?B?dlp5enNLTURiL2xiTG9ma1E0RkFodkRSOGJVd1o4ZGM4QjJzZkMzR3NqM2Z6?=
=?utf-8?B?aUxIZjNJaWRuaVpZdVRvdkpwSVBhZmUyWHZBWWVTRlJHUnZyU0wwcTNCSmsz?=
=?utf-8?B?bnRUWU1pMlhWQ3NJWnFCZEs3LzBGbTI1UW9zNEdJN2sydnhIMkh4WUZZajZz?=
=?utf-8?B?TG0rQWc4Vk5MWWN2b3FqNFZHeCtwVDRLaSt0M2ZGejJOcXBualRVSWc3eHRr?=
=?utf-8?B?VlNnNVZ0L3pBRkorcmFqNXJVSGg4cndLb3l5SXFWa0s5czkwcXd4Rk5vaUlK?=
=?utf-8?B?ckRuNHdwa09xR015VkNsUC9MZDhFa0h6MXF4THNYSHRVRjk3YXZINEh5UVkw?=
=?utf-8?B?d2R6ZFdrdU10RE9yQVQxb3VrSUJHWFh0UXMzV2RFOEtYVTk3MGRJUGxNdndG?=
=?utf-8?B?YnBBSDZVSW5jcXBhRDdyVjlIa3hUVEpIL2EybUVMUEZITTR6NjNBTU9FWFh5?=
=?utf-8?B?MzhQakJpOTlDcXFxT1h5Qnl6WVh4bVFvWmpCalZBMHQ3OENENnQzS2VmWk5j?=
=?utf-8?B?V3dnZEtkNngrSzJJM3o3NUdQK1NYdkh0Y3FnN1UxUGRVQmF2Nldib3JNaWVo?=
=?utf-8?B?UTdOMTN0WnEremcrT0k2Zld2VjNnWEhUSThJbllnYjRoVk1HVnY2cVdmK3l2?=
=?utf-8?B?MitjNnJheFVZOW54RTF1M3l1Q3dsaUdPTUZUdXo1NWxuZ242S1pkRmpWaEFM?=
=?utf-8?B?a25oYVhQVlFFNmpyMDlCY25ZMjM3aFNCWmR6aTFJMkVYTWNvQmdQNUNZeTZx?=
=?utf-8?B?Q0VvNVVmTnNFSHUyeUJFNWMwTDFNZjZHaHZFZWVVOUhybnFoRUozcjZLc0ZW?=
=?utf-8?B?cVNUY0toSktEMUdSa0lDK2RjN2ZhQWJIY1VCMTRSMnJ6ME11M2xJbHFLNzI2?=
=?utf-8?B?R1oxRGIreEM4TitFaGlIWkVuWVFYemVCOVhoSTZubm1vYWh1dGxVMHhUUldB?=
=?utf-8?B?MFN4UEpYWVNjMU1adDJXNWY2UG1lRDFEcEIwSWc1QXRmbzZnRFlEeUdpdFpp?=
=?utf-8?B?dGxoSyt0WFViV0JxODU2WkdSbnpyTFAyMExjRUwzdHpIOFBscXhCOUprVlVG?=
=?utf-8?B?VERISUNPbWVDb3BUcmpDWVE0TWppbFNpODBRVTAxMmVrMElNSkYzVE1hY0ts?=
=?utf-8?B?azJGS2lPWVpISEtqQ3RpM0NVbm5lSWJYQzd0QVl0ajk3UUNjOGJrTnk5L3dr?=
=?utf-8?B?ODFkdjFXaTVpN2RRbmt0SVhoblZ3TkJKZldRMy9BT3c4UFI5ZCtPVitNN0tj?=
=?utf-8?B?d3Z0eVV4c1Z6QVhZcjhVbnBUNmNsVk9XbDRMa0pGTy9FWlBnVHV4UFJlaEQz?=
=?utf-8?B?bU1HaUVpYkY0dVFyQWZDS1ZJU0w0aVk5MzNiZmhFYWZYdTl2VDRYUWJnQXhn?=
=?utf-8?B?emlGRDd6NGRsZHVRMHlXNis4WGZtelB0Q2cycnZ5Ry9KNEpSZFJySkY0L1lM?=
=?utf-8?B?cjBNTDNOU0VEdTF0SU8xdmI1dVBQTGdCQ0RyQjFmZ0prajVKaXY3SlVXcVJY?=
=?utf-8?B?VDk4WG1GUTlRZnFVNmlwVVdUbVoyYWEvOGNmNGI3bkVFeHE1R0R0Ylh0Z21U?=
=?utf-8?Q?HtEthuaBJfSLTNfVJDWfkth67tvESlfeLuxYg=3D?=
X-Forefront-Antispam-Report:
CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:4dhyurtshsf.decisionmakers.online;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(82310400014)(376005)(36860700004)(41320700004)(34020700007)(61400799018)(20072699006);DIR:OUT;SFP:1501;
X-OriginatorOrg: 4dhyurtshsf.decisionmakers.online
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 15:52:05.4974
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 91f1386c-10cb-4457-048d-08dc41e3339a
X-MS-Exchange-CrossTenant-Id: 59b61446-e8ed-46c5-b4a5-ae46f37d8846
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=59b61446-e8ed-46c5-b4a5-ae46f37d8846;Ip=[45.148.244.11];Helo=[4dhyurtshsf.decisionmakers.online]
X-MS-Exchange-CrossTenant-AuthSource:
SG1PEPF000082E8.apcprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYSPR03MB8394
X-Spam_score: 15.2
X-Spam_score_int: 152
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing
new diet taking the world by storm.
Content analysis details: (15.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: yxlk5n62qxofyjbp.page.link]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.102.193.0 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.102.193.0 listed in wl.mailspike.net]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 172.233.14.7]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header
0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence
0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
0.0 T_HK_NAME_DR No description available.
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?B?RXhlcmNpc2UgTm90IHdvcmtpbmc/?=
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_
Content-Type: text/plain; charset="UTF-8";
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_
Content-Type: text/html; charset="UTF-8";
Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjHosWvobjKN7aUfB4ohRiI_17sF2yHSFNr7BG6Y7nRZYyHtYFC0jVqiAC65xdVDvoygpRfqmXdzlgXK5tYQRLIP62bOq1qHIsBqcd8rBLupYKzLtmdWLtn8hmg7PZ8crdMg1MRuzh9n5i4w6PYuqHKUJfzs6VcXyBQ8Ll3ILGYXWjtQVaRWNMlsPMyp0/s16000/KETOCA4086.png">
src="" zwUVdhObORHL>
--_93161a05-8018-4d67-8adf-0e8a4f7e69c4_--