donation spam from Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 27 Aug 2022 14:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oS1S8-000IEH-3Y

for dave@doctor.nl2k.ab.ca;

Sat, 27 Aug 2022 13:26:44 -0600

Resent-From: The Doctor

Resent-Date: Sat, 27 Aug 2022 13:26:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f50.google.com ([209.85.160.50]:46947)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oS0tZ-000Eil-Eb

for doctor@nl2k.ab.ca;

Sat, 27 Aug 2022 12:51:05 -0600

Received: by mail-oa1-f50.google.com with SMTP id 586e51a60fabf-11c5505dba2so6032981fac.13

for ; Sat, 27 Aug 2022 11:50:43 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc;

bh=onAkx+shiWrYY6L6/IV7g7skzN0SAGwVGnmRJfCTi+E=;

b=ckg5qrEWXp6Z0Nlv/kxoKc7JqmAnglTpnCF2KlWQHmzz0CLmkP/tWMZ5YfyVv4jRJv

+ExVn54ZJQ+tqzBkfCK96kCB8/CfJBk4hOg1Vkh2jgfX3Tby7qqvLs2481N/JTcbWBWD

O0bFXHXUTiQLnTJNjlBh7qjC/Z+WCwBPKl4pyWiqwDjzhUwU9gtjfWGDqE9Xv2j9dqy5

pWAuQHaEchXegX2fQlv58rj0aY+iEdh7osfNVzRHCrALTDnaXrFQGPe/kmX3kfAY5ca2

9QBxj4oGmYY25TDzMLHlPd2yGPem3r7+ZwxntzROG8HV/YKBTVqKFeouKTYP2hU5iU0K

Ic7A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc;

bh=onAkx+shiWrYY6L6/IV7g7skzN0SAGwVGnmRJfCTi+E=;

b=6dD/aYOv4wnvnd0bMQi4Zzn9HZJWH0sUrPrJLWm3h5Kc85e1gRXaokNdu+iXe2VJEf

Tr5y+fmCmJ0oycp6s0C0VnePiBXe8z48HxcUWJiH4WNPp2eZm8gpqftOwIcgfulUVvHl

xzAON+fpQh8djyWtqx9uBTH4OnIet6y9LRUIuwZppjXCzE14vTgUtQ4idFzrflZRG+IZ

12MUpIQOBb4FSvHO1q6YHwI3ZZaB7WMgf4EYKgKx7aDYwJQ5jk11v0+h2EMQB+g/QMAA

6xb4TQBYCi92oLouo2ILL/P5QHNLL03aL/6XRRQsxlXs2PyXv9O1Wtf7jF/FKAD7Oy+q

R+dw==

X-Gm-Message-State: ACgBeo0SMsTBNtAXGA5v+HmS3rAcPAqfpWmko+y+a18qKHSjG3HRDX0q

OH1L0sxTcBiFcnXemGLZMEjwS1Wy/aHmIv+BhAM=

X-Google-Smtp-Source: AA6agR4orjZRUuM251Vm17F6In6zs6niTuQ53NunrxW2zEtC+v0EM5SFFj5rvqz+vtCFFrluV8hgod6glKb0keksERE=

X-Received: by 2002:a05:6870:7386:b0:11e:cf33:9023 with SMTP id

z6-20020a056870738600b0011ecf339023mr613130oam.86.1661626237998; Sat, 27 Aug

2022 11:50:37 -0700 (PDT)

MIME-Version: 1.0

Reply-To: fcpdonations2020@gmail.com

From: "Mr & Mrs Frances & Patrick Connolly"

Date: Sat, 27 Aug 2022 18:50:25 +0000

Message-ID:

Subject: voluntary donation

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000aa601e05e73d81bf"

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 10.7

X-Spam_score_int: 107

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: PLEASE READ: We are Mr & Mrs Frances & Patrick Connolly, we

live in Moira, Northern Ireland and we are the successful winner of £115m

Euro Millions win who have decided to choose you as one of the 50 [...]



Content analysis details: (10.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.50 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[obedtetteh241[at]gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[obedtetteh241[at]gmail.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[fcpdonations2020[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} voluntary donation



--000000000000aa601e05e73d81bf

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



PLEASE READ: We are Mr & Mrs Frances & Patrick Connolly, we live in Moira,

Northern Ireland and we are the successful winner of =C2=A3115m Euro Millio=

ns

win who have decided to choose you as one of the 50 lucky winners to

receive this month of August, 2022 Donation which happens to be =C2=A3925,0=

00.

For more information on this please reach out to this email:

fcpdonations2020@gmail.com



--000000000000aa601e05e73d81bf

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



PLEASE READ: We are Mr & Mrs Frances & Patrick Con=

nolly, we live in Moira, Northern Ireland and we are the successful winner =

of =C2=A3115m Euro Millions win who have decided to choose you as one of th=

e 50 lucky winners to receive this month of August, 2022 Donation which hap=

pens to be =C2=A3925,000. For more information on this please reach out to =

this email: fcpdonations2020@=

gmail.com




--000000000000aa601e05e73d81bf--

Ukrainian Wife Phishing from Vietnam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Sat, 27 Aug 2022 08:01:00 -0600

Received: from [14.166.141.48] (port=53500 helo=static.vnpt.vn)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRwMa-00080I-Ai

for dave@nk.ca;

Sat, 27 Aug 2022 08:00:47 -0600

Message-ID: <054D89B7.260774@vnpt.vn>

List-Unsubscribe:

Date: Sat, 27 Aug 2022 21:00:35 +0700

From: Bettine S. Brueggemann

MIME-Version: 1.0

To: Dave

Subject: Find a perfect Ukrainian wife.

Content-Type: multipart/alternative;

boundary="7C4F0A708A0752151ED09CD010B2CF876"

X-Spam_score: 39.2

X-Spam_score_int: 392

X-Spam_bar: +++++++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Noone backcomb photosensitise because of poisonous overtrump,

no honors. By bus scarlet, as loggia?Take that sexy cat :-0My name is Bettine

from Moldova. I found you on facebook :)I am a simple woman [...]



Content analysis details: (39.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: life.my]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URIs: beautywoman.cn]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL

blocklist

[URIs: beautywoman.cn]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of

words

1.0 J_WEEDS_V FULL: Dec/Hex char Enc [Vv]

1.0 J_WEEDS_O FULL: Dec/Hex char Enc [Oo]

1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]

1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]

1.0 J_WEEDS_M FULL: Dec/Hex char Enc [Mm]

1.0 J_WEEDS_P FULL: Dec/Hex char Enc [Pp]

1.0 J_WEEDS_C FULL: Dec/Hex char Enc [Cc]

1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]

1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]

1.0 J_WEEDS_H FULL: Dec/Hex char Enc [Hh]

1.0 J_WEEDS_J FULL: Dec/Hex char Enc [Jj]

1.0 J_WEEDS_I FULL: Dec/Hex char Enc [Ii]

1.0 J_WEEDS_U FULL: Dec/Hex char Enc [Uu]

1.0 J_WEEDS_A FULL: Dec/Hex char Enc [Aa]

1.0 J_WEEDS_G FULL: Dec/Hex char Enc [Gg]

1.0 J_WEEDS_F FULL: Dec/Hex char Enc [Ff]

1.0 J_WEEDS_W FULL: Dec/Hex char Enc [Ww]

1.0 J_WEEDS_N FULL: Dec/Hex char Enc [Nn]

1.0 J_WEEDS_S FULL: Dec/Hex char Enc [Ss]

1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]

1.0 J_WEEDS_L FULL: Dec/Hex char Enc [Ll]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

3.2 FOUND_YOU I found you...

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_REMOTE_IMAGE Message contains an external image

3.0 HTML_ENTITY_ASCII Obfuscated ASCII

Subject: {SPAM?} Find a perfect Ukrainian wife.



This is a multi-part message in MIME format.

--7C4F0A708A0752151ED09CD010B2CF876

Content-Type: text/plain; charset="UTF-8"; format=flowed

Content-Transfer-Encoding: quoted-printable



Noone backcomb photosensitise because of poisonous overtrump, no honors. =

By bus scarlet, as loggia?Take that sexy cat :-0My name is Bettine from =

Moldova. I found you on facebook :)I am a simple woman with a big dream =

to create a happy loving family and I will work hard for it. I am a very =

optimistic and positive person. I consider that every problem has a =

solution. I am a very easy going person, I love meeting people and just =

enjoying the simple things in life.my account is over there: =

http://BettineXX.beautywoman.cnIt is me-I hope you will find me there =

and we will become friends 8-) Call me!



--7C4F0A708A0752151ED09CD010B2CF876

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable








UTF-8">Noone backcomb photosensitise because of poisonous =<br /><br /> overtrump, no honors. By bus scarlet, as loggia?







Take that =

sexy cat :-0


My name is =

Bettine from Moldova. I =

found you on faٗcebook =

:-)




I am a =

simp͝le woman with a =

big dream to create a =

happy loving =

famȉly aٟnd I will =

work hard for it. I ảm a =

very optimistiٝc and =

positiv֕e person. I =

consider that every =

problem has a =

s֭oluti̢onٍ. I am a =

very ea֥s͡y going =

pe֕rson, I lͅove =

meeti̿ng people =

anَd just enjoying =

the simple things in =

life.
















I hope you =

will find me ther֨e =

and we will become =

frie͜nds 8-) Call =

me!






--7C4F0A708A0752151ED09CD010B2CF876--

Investment spam from outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 27 Aug 2022 05:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRu6r-0005B2-Lq

for dave@doctor.nl2k.ab.ca;

Sat, 27 Aug 2022 05:36:17 -0600

Resent-From: The Doctor

Resent-Date: Sat, 27 Aug 2022 05:36:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-bn7nam10hn2231.outbound.protection.outlook.com ([52.100.155.231]:27781 helo=NAM10-BN7-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRrn7-000GFh-Gz

for doctor@netknow.ca;

Sat, 27 Aug 2022 03:07:54 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=jpnieAtg6myc4XE258MP168OkW+zrSbS0S8KZcXAoHcaalPcP+z/xrQw7cHDYqkQN3fAbT3YjjmwPvqSp2YrihsPGPDQ4c+v6rmZmlwN0/eTPCuPdKvbrEKO4l8mnu1KFPmSMeMNiITEC4r05fySxMHWQf7tqwTnWqGvUsHCsvC4VQKqqfxSFY1WuJQNzE8kZwyJITJi+n3C5r0pt/VcWz+SGro5/kTDUusoZx14/5dG4TqZt9atrxBB78N01YFG8+bnLnY16jaKQ5LriNtlbargtgCMH00a2rUJ7NC7d14e+l+nEY7w4zM6bMkllErYHYpWLUfP27lGRUDU3oGsZQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=NHevMeavkGecYRbCvmrsqgknaD2yS1YgrYARupDO5yw=;

b=bDoHf/ZwLLKZ7kXm7PXEloej1HLfei601LnOxbf6LcgfA/aZruT7ibjuoPwe19q8KBEcTqr0Cmw8fC4kETtNSxjiqxi12FVMTj/v1w7Vlr5rzn/2/mSwdpDLoJ+mriiURjiaXxIPUcEjNE9bc7USZ4Nqini3MBo2sNrohfNz+41pgd5QkBkXaMI4HDkxcJ1fR3ikWeQciFA10dSY1AxBeLcW0V7t/JCvyk8ko8NCLtSTeB1cCIcr/e4rK9nNsGBg07UAhRC++SLdiQoVKOAKBV3zRVwH2sIQhgNwDmiMbz3kfTMp6j3sBuoOgudZhCLoyp2ZQw/8N1dam+5qTxQkEg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is

40.123.37.200) smtp.rcpttodomain=aol.com smtp.mailfrom=protege.cll;

dmarc=none action=none header.from=protege.cll; dkim=none (message not

signed); arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=cpncorp.onmicrosoft.com; s=selector1-cpncorp-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=NHevMeavkGecYRbCvmrsqgknaD2yS1YgrYARupDO5yw=;

b=UnD8zfdhvRMpRCFNvMedtQqXk3mSzwWS0WYBN0/pqWdQIZRDHPWenDVXwBejzXAT6DCZfV7P8Vyx0pcLsG4yiGqHEoAPLxprFsSeBYpfBaGmwFRnWIjgJzmfre4hMP0g30gmSUhwqMnpqsV1q+c8zI6cp5+MZz8K9imo5CKHZYY=

Received: from MW4PR04CA0194.namprd04.prod.outlook.com (2603:10b6:303:86::19)

by DM6PR18MB3052.namprd18.prod.outlook.com (2603:10b6:5:167::19) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.16; Sat, 27 Aug

2022 09:07:14 +0000

Received: from MW2NAM04FT064.eop-NAM04.prod.protection.outlook.com

(2603:10b6:303:86:cafe::5e) by MW4PR04CA0194.outlook.office365.com

(2603:10b6:303:86::19) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15 via Frontend

Transport; Sat, 27 Aug 2022 09:07:14 +0000

X-MS-Exchange-Authentication-Results: spf=none (sender IP is 40.123.37.200)

smtp.mailfrom=protege.cll; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=protege.cll;

Received-SPF: None (protection.outlook.com: protege.cll does not designate

permitted sender hosts)

Received: from mailedge.calpine.com (40.123.37.200) by

MW2NAM04FT064.mail.protection.outlook.com (10.13.30.189) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.5566.15 via Frontend Transport; Sat, 27 Aug 2022 09:07:14 +0000

Received: from PZPWEXCAS04.na.calpine.com (10.221.16.100) by

PZPWEXEDGE02.calpine.com (10.221.8.135) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2375.31; Sat, 27 Aug 2022 04:06:53 -0500

Received: from PZPWEXCAS04.na.calpine.com (10.221.116.146) by

PZPWEXCAS04.na.calpine.com (10.221.116.146) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2375.28; Sat, 27 Aug 2022 04:06:53 -0500

Received: from User (10.221.98.196) by relay.calpine.com (10.221.116.146) with

Microsoft SMTP Server id 15.1.2375.28 via Frontend Transport; Sat, 27 Aug

2022 04:06:48 -0500

Reply-To:

From: "Mrs. Shaidi Hashmatullah"

Subject: My capital re-investment.

Date: Sat, 27 Aug 2022 02:06:53 -0700

MIME-Version: 1.0

Content-Type: text/plain; charset="Windows-1251"

Content-Transfer-Encoding: quoted-printable

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <4685aa71-13d2-4e3c-b5d8-bad6574a0bd3@PZPWEXCAS04.na.calpine.com>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: fda97fe7-7165-45d4-d004-08da880b8897

X-MS-TrafficTypeDiagnostic: DM6PR18MB3052:EE_

CPN-SPAM: Auth Check Pass

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?PmDr1+aMQT1qkhjtwVbjmW/UIlDoVe7VO/nvoMpFX5RL2sOgCT3Dul+3?=

=?windows-1251?Q?c2z6fNNAoAR64yDM/0wVqyMSswozCtWoDGOWBiOynb87qZ8g3hg/ZnWt?=

=?windows-1251?Q?2erZ2rVNT4KWhL+w2U+BwMuaP0eb5MzQH6mLA7u5ra9vAyITq6MNPK5N?=

=?windows-1251?Q?4y/po00SWv5H85FEWkZphLyjZnixsQcjszvi30tDVU2x+psOLP9qpRfb?=

=?windows-1251?Q?yKweoilDYNlr39WSR78T90duuTyEgzRGoGe254Di2exmx4o/9sETYSnw?=

=?windows-1251?Q?moS+Fs4mYNyBom1WfVTHP6fVt4b9j29oedXDyMPvPvHPztsI2vIqxVGE?=

=?windows-1251?Q?Fe5IvrI3N6BqW808KRCIL2gQfQxmX3Yotib0HWN+CjY3KWvoHzFQm8Cp?=

=?windows-1251?Q?KGCPzvusCNJ45+5NCmTRvekxm4Z1AW919xsGWewJVjGJ7607dsttct5i?=

=?windows-1251?Q?MxdW5Y4n2DtQE+eFJ2zCUOTzw2Us5B+Ov+Bd+mWwFyuYHN7N1AyHG+3E?=

=?windows-1251?Q?9QjgqQ3mpRx6qv7YUMPGJSqg6qHtFbel48HzPmYmKY1c00qFzivvHTO3?=

=?windows-1251?Q?y1l/Eu+D57W3R8mV2kaoA0yv35YvCaJwRtXLra3FDo5cKLMdlFzR+ZO5?=

=?windows-1251?Q?ayY67fHDS7Ne+/8U8ax8bXn0k21RAZH97Nk621rb31M6ve4bMvCeJKVQ?=

=?windows-1251?Q?mZJKgGKBqGNfyFfDaffwQhFOQpCQrKu8fbI9zywsuthY3KOm5/eqMdQe?=

=?windows-1251?Q?FD4g8ID9KdB8S6kZLjUgzhIqtwUEA/+l2NHNuJ0xcD0X0DAW3F5L0Q+K?=

=?windows-1251?Q?CNzNuHM7mUBYg18tVirzdrrvIpObtO+cUU0Ii4YZGeiiBrS2/L/4Bvgf?=

=?windows-1251?Q?afCUrdtc/OszEIQI5DYjh/1F4S2HvDzqx5jWXbg24gVbDJu+c6LMsmS9?=

=?windows-1251?Q?5Dze9wB1GenOEh5l/aaQgHkWFyu8/bX8sN2QTV6QoQlndMAXgSZ82lyR?=

=?windows-1251?Q?nBH4DWy3wPBGgbtXkvY4oU5zxG+cX1Grm3Xuh8W/vz1BRaf7H0E73HRM?=

=?windows-1251?Q?CJQERAfVAt9q1fOcaCC3Ch2O2PE6AQXDhkPQW9B7sWv/Sfx0Fd0F95qJ?=

=?windows-1251?Q?uwWBbu7XmLe2d53wJTC6CK/dPpcyvw+VeGoCYncc6WlTcTSqxB/ZL5U3?=

=?windows-1251?Q?iU3x4//7+obnz5pXhm77JGFtOdPfyd6wajqTz9R9zMLyS1URXX1tvyb5?=

=?windows-1251?Q?uZpLYQrlWawMS8v2FJ/8go697vu+Lgzxl9lfPhLm?=

X-Forefront-Antispam-Report:

CIP:40.123.37.200;CTRY:US;LANG:en;SCL:5;SRV:;IPV:CAL;SFV:SPM;H:mailedge.calpine.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(4636009)(346002)(396003)(39860400002)(136003)(376002)(46966006)(40470700004)(86362001)(31696002)(3480700007)(81166007)(40460700003)(356005)(2860700004)(82740400003)(316002)(7366002)(7416002)(8936002)(7406005)(70586007)(5660300002)(8676002)(70206006)(35950700001)(83380400001)(336012)(47076005)(41300700001)(40480700001)(9686003)(498600001)(26005)(82310400005)(6666004)(109986005)(2906002)(31686004)(4001630100005);DIR:OUT;SFP:1501;

X-OriginatorOrg: cpncorp.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Aug 2022 09:07:14.2296

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: fda97fe7-7165-45d4-d004-08da880b8897

X-MS-Exchange-CrossTenant-Id: 7406f7f1-ef6e-49f3-a9c0-002b8bc12056

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=7406f7f1-ef6e-49f3-a9c0-002b8bc12056;Ip=[40.123.37.200];Helo=[mailedge.calpine.com]

X-MS-Exchange-CrossTenant-AuthSource:

MW2NAM04FT064.eop-NAM04.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR18MB3052

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello my friend, I am Mrs. Shaidi Hashmatullah, from Kabul,

Capital of Afghanistan. With due respect I contact you due to the crisis

in Afghanistan, i am looking to co-operate with you on a mutually interesting

and re [...]



Content analysis details: (7.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.155.231 listed in wl.mailspike.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[shaidihashmatullah01[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 HK_NAME_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} My capital re-investment.



Hello my friend,



I am Mrs. Shaidi Hashmatullah, from Kabul, Capital of Afghanistan. With due=

respect I contact you due to the crisis in Afghanistan, i am looking to co=

-operate with you on a mutually interesting and rewarding project and/or tr=

ansaction with you, I desire to relocate my investment capital abroad where=

it will generate more returns.

I will appreciate your response. Please let me know your ideas and knowledg=

e regarding this investment offer. Any viable investment idea you suggest t=

o me will be considered.



Looking forward to hearing from you.



Best regards,





Mrs. Shaidi Hashmatullah

COMPANY CONFIDENTIALITY NOTICE: The information in this e-mail may be confi=

dential and/or privileged and protected by work product immunity or other l=

egal rules. No confidentiality or privilege is waived or lost by mis-transm=

ission. If you are not the intended recipient or an authorized representati=

ve of the intended recipient, you are hereby notified that any review, diss=

emination, or copying of this e-mail and its attachments, if any, or the in=

formation contained herein is prohibited. If you have received this e-mail =

in error, please immediately notify the sender by return e-mail and delete =

this e-mail from your computer system.

Urgency Spam from Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Aug 2022 18:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRk9i-000NTr-5F

for dave@doctor.nl2k.ab.ca;

Fri, 26 Aug 2022 18:58:34 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Aug 2022 18:58:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01hn2225.outbound.protection.outlook.com ([52.100.223.225]:26254 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oRjGH-000IVj-Py

for root@doctor.nl2k.ab.ca;

Fri, 26 Aug 2022 18:01:23 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=lopZBzwPElu2ZIP5p9Bii/IucbJPo/tV5iEuZzFHdUd3pIUoXTfowYQlGSjUk4+mvQa5wE5Zf2g04JBehtzrqNpCgWPPtFZazmzZPdaBStxJUNNtznq4c6rCJRKZXB2b/ailkEK4jEgzu/W0CsrLu5D3cm8sMDvjogv+mety2rrySsGne79n81oFYmcC+8J+sh2qWCE7pB5xZSBlTtlQoot6VcSQk6wcm9mcD2K2UhctxJy6AAfXWuRlsUYW0hPIq5P+3IblGLkgqvdoEpvDxbTj9UH9RmiTejiZIqn+hSnfj1BWdqRMsdVZrlQpM/QFHWdtAR+SpDqK+B8XqMmz+g==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=8/EKDgDFlelzveFN4ZSvpNtzC3KZ4k5UxzwLD1haQU8=;

b=XvcMyNjOzyEKk8dGHdhs1zeTN0VkPLEqYZHd2VMhQprZWH6I+7R6Be8IMWoBrQQA6vrjurMY10g3RFUY/P0IMc9wPQYCtyouxjPDWZ4c8lV+/BHbjau7fOl1KUlK1c6F3wDC5qk+8vOZbiuisTw8+fsIIuFCnFf+9ozQOxAkHyqw4/SvVZjxLintLPCZGFXaOa+S5inrg6pWMDESFc5AUwJecswnjbufmB9DqXY9wmwTTY670w0KF3Dy337Ojo8XWJT3dd6S2WTULIISMH+JG34uAGoeWed3FA+p29hTYvLwTqxxM3kfn3+lJ2sq1sD30R/gmKKDJ0ZWn6T3SIypCQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is

185.222.58.60) smtp.rcpttodomain=cpart.kz smtp.mailfrom=t4.cims.jp;

dmarc=bestguesspass action=none header.from=t4.cims.jp; dkim=none (message

not signed); arc=none (0)

Received: from SGAP274CA0016.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b6::28) by

SG2PR04MB5429.apcprd04.prod.outlook.com (2603:1096:4:172::8) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.5525.10; Sat, 27 Aug 2022 00:00:48 +0000

Received: from SG2APC01FT0031.eop-APC01.prod.protection.outlook.com

(2603:1096:4:b6:cafe::e1) by SGAP274CA0016.outlook.office365.com

(2603:1096:4:b6::28) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15 via Frontend

Transport; Sat, 27 Aug 2022 00:00:48 +0000

X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 185.222.58.60)

smtp.mailfrom=t4.cims.jp; dkim=none (message not signed)

header.d=none;dmarc=bestguesspass action=none header.from=t4.cims.jp;

Received-SPF: Pass (protection.outlook.com: domain of t4.cims.jp designates

185.222.58.60 as permitted sender) receiver=protection.outlook.com;

client-ip=185.222.58.60; helo=User; pr=M

Received: from mail.prasarana.com.my (58.26.8.159) by

SG2APC01FT0031.mail.protection.outlook.com (10.13.36.89) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5566.15 via Frontend Transport; Sat, 27 Aug 2022 00:00:48 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Sat, 27 Aug 2022 08:00:33 +0800

Received: from User (185.222.58.60) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Sat, 27 Aug 2022 08:00:23 +0800

Reply-To:

From: "Mrs. Ann Zainab Abdullah"

Subject: Re: Did You Receive My last Email?

Date: Sat, 27 Aug 2022 02:00:33 +0200

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <655ffa6f-c65b-4aa1-84e0-3678a3a8aa3e@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[185.222.58.60];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[185.222.58.60];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: e159c72a-67cc-41c6-87b4-08da87bf3278

X-MS-TrafficTypeDiagnostic: SG2PR04MB5429:EE_

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 0

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?2AoYbKIN9rN0MwmKq8rhynvjKeWQH1pHqLDuioOkFJywsBZ1l7QPSns2?=

=?windows-1251?Q?lj8NumZqwxEU5Q0kWSeT2uWekyLWqjDhMc0onnIZs/f255cRuOpX97M9?=

=?windows-1251?Q?MzlOjYIS7h3CZ42CC5F+/2+etRX1q5Yp1Pz8Mkm4IinG0L4lHChhCEhr?=

=?windows-1251?Q?bTaS2saQ1e1u7IhcxC6Ity1aICJdrDMEKjU5+ig9jYPVlg6tqYRf0S0q?=

=?windows-1251?Q?w9yADQuGM2DYyiyNdrBsVLPhGS0p3ESGkyH4aJ+WThZFnQGIXJWzAJXN?=

=?windows-1251?Q?7JIpnf56x5U0EWu6ZR1gvKKvNdsNZqDRvj9eUwBqBF5odqfIx1nte0cQ?=

=?windows-1251?Q?Lr369x43CESJw4mCC54IMa+Mgz8A0FT5eUmbBnKT6okbJdRdkC2ZJha6?=

=?windows-1251?Q?2gvewAPRRV69PKfRfe3oYqIOUsCF9KLoLO+xa7CJFDzJeAIQGM55VF/w?=

=?windows-1251?Q?oB5uuk/auxQJJj5jzmivMDW20meBrbnsqs+e6a7tM5fsHBDrAyMR0Q9m?=

=?windows-1251?Q?tAknM9dym8WAVNa2+bPrAvndxRZSwbYm2ZFWvEJp0kzKOHd4BW4rB7Al?=

=?windows-1251?Q?pYD2D14yoNxI4Ov+artjRfgfgotNEcQunFvkH0O9nztPEHOTwOK3anJB?=

=?windows-1251?Q?JGDxygNIfoDqHmhnbwemzuRzpmZhjZl4qAJEWKpgtYPCWjLs+1n8czHP?=

=?windows-1251?Q?GiwwGF1tFfxgf0zoA9nwPhzzT3b6OsNtAPkhTyITDY4e02sWBZTic9vl?=

=?windows-1251?Q?bEhbgMuxv7A+5c88dfX3R0+XziqNaB5kFCLL2A4YRESkHunrawpZvgtm?=

=?windows-1251?Q?vhctbCtyzqrgj82j3jUhuBzXDEXAt8jL7Zr0u7ENPCzidsu+RDLyyR41?=

=?windows-1251?Q?d3HEmitIR1F97elXPRbG5mKxQkR5KJYCs+bpVMqV1Lzo+MT64sBIjOj5?=

=?windows-1251?Q?0XzPMSb32WolkvM6ioceN4q2JQnZ7iEKWI2s48oZx3lWk8BKqQLf+/Wc?=

=?windows-1251?Q?DEvAdGMSYp8tVpkSL9g/tlBbJV3AAUKKI/oAy2s5aJF70FwBjCrdSL8Q?=

=?windows-1251?Q?IYVX3Hsh61fryKgn7sYqwoiqp46E61U/X81y4JEflisIzoQxLxKeHSbV?=

=?windows-1251?Q?YBrLtingwoPZDEzhwma/cQNcWlzUGj1XLCluveqa0PRS1Z5k8/wo1TGA?=

=?windows-1251?Q?ML45ioTL0HUQkOpMgp7AhLFZIjUUo0c6s0yLX/mA/O90CE708hhot1fy?=

=?windows-1251?Q?sKquhyFHiP9yoIxYejIbOyMmxR7JfQ1Z2OSOLK0q/yNCvDXxjbv4PiAU?=

=?windows-1251?Q?KqDho8IgR14VikjGtg3UouTW/Wc54q3wVNUePPDjB2V8KWezH010kowD?=

=?windows-1251?Q?62vcBsK0hlkYW5YUnjnFXQOKVNr+AB6EpDDwRiuFok8yeB/7p4l5PfDY?=

=?windows-1251?Q?7dd495qw6zm4tvrGKIrxcufll9oAKxcu2Q7a25JGlEfNNR/yF6BD06cg?=

=?windows-1251?Q?nElLbyArn0tl1m/SU3ceU0vVCMKPr5vwTDdenZSTLnjXXYmi/7hH96XI?=

=?windows-1251?Q?UF8OOBtp0jcFsheUOL7pbI8U/sHX2xB1Kv8jNQbL7ZxRzLkMJd5xuVxD?=

=?windows-1251?Q?NlrdZindHSMj/lnm/ZXcwBEoUp54Pkbody0Ucmwd+n2LR39gs/4KxI+g?=

=?windows-1251?Q?pti1Z+wWoUkK58S++yukNp89xuCQRM90Oe6m9MMYyNKdyXhZ2LWUNAv4?=

=?windows-1251?Q?skvCPnWpTRH2eCeF7KLTfX9clptSeIouaO3U7MqDmWNke7xHzm3RE/Ki?=

=?windows-1251?Q?rWgkcA=3D=3D?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:NL;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:modularisation.naturescar.com;CAT:OSPM;SFS:(13230016)(39860400002)(376002)(396003)(136003)(346002)(46966006)(40470700004)(31696002)(109986005)(86362001)(70206006)(8936002)(70586007)(156005)(32850700003)(36906005)(82740400003)(2906002)(40460700003)(316002)(7416002)(7406005)(956004)(8676002)(41300700001)(336012)(47076005)(5660300002)(83380400001)(9686003)(81166007)(35950700001)(26005)(82310400005)(40480700001)(6666004)(558084003)(498600001)(31686004)(2700400008);DIR:OUT;SFP:1501;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Aug 2022 00:00:48.0672

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: e159c72a-67cc-41c6-87b4-08da87bf3278

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

SG2APC01FT0031.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB5429

X-Spam_score: 6.5

X-Spam_score_int: 65

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I look forward to your response and cooperation toward this

great charity work. Truly Yours, Mrs. Ann Zainab



Content analysis details: (6.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.223.225 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.0 HK_NAME_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FAKE_REPLY_C No description available.

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Re: Did You Receive My last Email?



I look forward to your response and cooperation toward this great charity work.



Truly Yours,

Mrs. Ann Zainab