Business proposal spam from Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 15:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUwjz-000MoZ-PL

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 15:01:15 -0600

Resent-From: The Doctor

Resent-Date: Sun, 4 Sep 2022 15:01:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sgaapc01hn2204.outbound.protection.outlook.com ([52.100.164.204]:60897 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUwHb-000Jl5-WA

for doctor@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 14:32:00 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Irc5TsR9G3LTSI01QOKXct60eYREP19ixyBynbZjIVNVmrNODXEVZCJriLKRxQUS6kwFWYWXfj3evDa+uDmCuczPTZmD0Eqt/Y6VrDHE5CuKHiS36HVLg+Q9n5KAslFPQTpBFNAGmcrenQzI4s1rY4AcKiFzAYzrS6gbFArU5iAHhTr0H2M52okIrKqGc65Qy+1HKJ+JMMSSqkF2BbtESngHjLhvgULhGsb6jn8VOIjQn8PPUcZTPQDzMdIJiN+IP6n8jRSIvfewhYtNXSKZq88D0CTLBpOELGdM6TLUCInSRnm6fJinKetCfvSeo4H4ArNhHMYnIYdgApJ1Iju7Pg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=SBI6MQejEOea03ycWFYU7CgfYxLjAQKT3P+5k6quwo4=;

b=acmUhADjvBsaUwZxKwjl43gXBtTyJO1zuUBIitrjIuo/gmP7S+BWK8iqlQ3Lg9z29aXvYoLfjpY9OW2IdtG0bSXp/IH8tD8Gew6PgdvXAiQVdGcGaL+eA1exP+JhGOppc+9K/NbrNV7pMKI4Up3qqpvllVgT7KpRcDzBn+AmZMQ59APFTiGl5b9zIQ3MFj3BWJE0BWQgi9+jdGd6E6kN6kAuYOTQ4TjEmoVtKkWDLySbD5XFowKivUKYqhy771M4deDQYvbKONWjdbsEkmD7bSH4d8JZBB8zITG18vVHSPAKl91VCCVznWvN3FyD1cZ9XyvNKZz6KdFGOqXBZXVyTg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is

45.137.22.169) smtp.rcpttodomain=beverlyspine.com smtp.mailfrom=ap0007.com;

dmarc=bestguesspass action=none header.from=ap0007.com; dkim=none (message

not signed); arc=none (0)

Received: from TYWP286CA0031.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:262::19)

by TYZPR04MB6614.apcprd04.prod.outlook.com (2603:1096:400:260::9) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.12; Sun, 4 Sep

2022 20:31:29 +0000

Received: from TYZAPC01FT052.eop-APC01.prod.protection.outlook.com

(2603:1096:400:262:cafe::3e) by TYWP286CA0031.outlook.office365.com

(2603:1096:400:262::19) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10 via Frontend

Transport; Sun, 4 Sep 2022 20:31:29 +0000

X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 45.137.22.169)

smtp.mailfrom=ap0007.com; dkim=none (message not signed)

header.d=none;dmarc=bestguesspass action=none header.from=ap0007.com;

Received-SPF: Pass (protection.outlook.com: domain of ap0007.com designates

45.137.22.169 as permitted sender) receiver=protection.outlook.com;

client-ip=45.137.22.169; helo=User; pr=M

Received: from mail.prasarana.com.my (58.26.8.159) by

TYZAPC01FT052.mail.protection.outlook.com (10.118.152.122) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 20:31:29 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 5 Sep 2022 04:31:12 +0800

Received: from User (45.137.22.169) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 5 Sep 2022 04:31:01 +0800

Reply-To:

From: "Mrs. Reem E. Al-Hashimi"

Subject: Re: I Resend The Mail .....

Date: Sun, 4 Sep 2022 22:31:12 +0200

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID:

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[45.137.22.169];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[45.137.22.169];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: f3af2082-8e6e-47ef-fd81-08da8eb47288

X-MS-TrafficTypeDiagnostic: TYZPR04MB6614:EE_

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 0

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?a4Jahs6o4cuhuZ9v34H9riSQ49LWHTo3OVVaMHoJ5XEAAgI4xsJKL/dG?=

=?windows-1251?Q?ytByauouarvWLB4/ZKyHgEbdfu9btGEwtEbf19imJ4L1dIBkTT0KmbYu?=

=?windows-1251?Q?rwnJjQv1sIS1rzRl/h5CkcaBaOdSZtaDxvNuvM4MBy3i+dxDYmVStkrA?=

=?windows-1251?Q?01/ngPM69OsKafTjBF4nbHba0p3uF47feFi72QGG2ErF5Rimiq+2Dwyh?=

=?windows-1251?Q?dkxW6pvQvTz3Jko4e28C+sPdxKC8/D3JxIv4zbgf4dRQkB/Tt9J2svYp?=

=?windows-1251?Q?BhfWu7YitBpWUb0lzSG8CneSSDBQX6hNAcoAz13dfKFkOMSGzlvcPlyp?=

=?windows-1251?Q?YCm40tMZYD0YABC6dLAVdFukwY3zNXwCiAWWLpB0INXqGjpsXV6eaS8M?=

=?windows-1251?Q?hnD3qZGEM5S3Y8E3I1vhBkpIOmnamZp1/TEdKSIN653Vn0cnxgUeHKMe?=

=?windows-1251?Q?o3Ydtt7PnPhOVEK7ZXqCNwikkIacDdxyEqjvs/8pbp6vLL1Cn+3shFgt?=

=?windows-1251?Q?Y5cFpqfGYLhUfiHrwSVJYylQwdkzOOszFxnvqk1Ww4ZJb1oJqQU7yovZ?=

=?windows-1251?Q?idrMS6wSzYcjU+VJRvXs53s4gGxLJ0fw/1WJEuRGW25cKQz3is+AQa2P?=

=?windows-1251?Q?caOxM+U26ggX8vnt1E9Q+fxZaERKZNgdpQS4IyTX7q/bKKG4LZgMyuuj?=

=?windows-1251?Q?sjRMf+2l8zCfofQbPqU1qAYXuzuhs04Pjik0EsD+IEtHwDaHTuGvibb2?=

=?windows-1251?Q?ijwSVGCAGps8AsC215EL2pm5ntSupntPxWAX3qvfg09QqwtrMQIf9VID?=

=?windows-1251?Q?4n7XoJvxc8tk9qKYyUXzOXan5c1e3/8Ku9Bp+NhL9vnV/aRshtN48H/P?=

=?windows-1251?Q?xgUIPqsgyyDmLdHm0NT755Vj5Oj++nO1omKygGtktGDN74Hkfh6al0gq?=

=?windows-1251?Q?jne372t/lLeCr0kK6CU4LzAfoLT7wQU6xMzyaVVtpZuajG7cB+zGwrnE?=

=?windows-1251?Q?K9IWwNMtmTFsGXqjaWLVQ4NoZH377hAcU/X7B1ZolvdbTyT9/HTxEkKL?=

=?windows-1251?Q?EdSgoxO4asxQ4UJ+FuRNrWN7Dqd1IIlrqVM0XKR26Td1W+G9KLQIYO6Y?=

=?windows-1251?Q?GZ/vVanKTO93hzjp6aiwoaUf5NGcjOYadm+V0aP6UMcwo1hlpIWSH4ka?=

=?windows-1251?Q?a1Gs4NmcaHbIXsJF9MvO8gttZnDq3d27pnB2G542GnznwQXciL8lGmRX?=

=?windows-1251?Q?8laUseDfkEAasx42TiL+NaRXqZV8oBbuBFX0PKtrXlL4UzvGETObtiaz?=

=?windows-1251?Q?+tIOIknRZkMA4D4hrV9bfOylbTLEdxu9qeiQa6Ihq3YDd7MwlENE2H9i?=

=?windows-1251?Q?iaSvtWqpwyqdp3dKZusEVvW+c6TpyyDp11avCh+rzbFqc1q0i8sF4qA+?=

=?windows-1251?Q?xASS39vSFRJS+OgZpPbY4QaFwn+wD17DTM6TvUfQvOh8WPuSnrNRpA5L?=

=?windows-1251?Q?gxjW81nbf4Ah6ksqaVXUsndOMFNEqZHg1d5sNBw8QqtHJaQ3Nr7mE76F?=

=?windows-1251?Q?m7+/oOB+kOlg08qB?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:NL;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:hosted-by.rootlayer.net;CAT:OSPM;SFS:(13230016)(4636009)(39860400002)(346002)(396003)(136003)(376002)(40470700004)(35950700001)(109986005)(956004)(336012)(41300700001)(498600001)(9686003)(40480700001)(82310400005)(26005)(6666004)(31696002)(86362001)(32850700003)(156005)(82740400003)(40460700003)(81166007)(32650700002)(2860700004)(36906005)(316002)(8936002)(2906002)(31686004)(70206006)(8676002)(70586007)(5660300002)(3480700007)(7416002)(7406005)(7366002)(4744005)(2700400008);DIR:OUT;SFP:1501;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 20:31:29.1621

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f3af2082-8e6e-47ef-fd81-08da8eb47288

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

TYZAPC01FT052.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB6614

X-Spam_score: 9.9

X-Spam_score_int: 99

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Sir/Ma, My name is Mrs. Reem E. Al-Hashimi, The Emirates

Minister of State and Managing Director of the United Arab Emirates (Dubai)

World Expo 2020/2021 Committee. I have a great business proposal to discuss

with you, if you are interested in Foriegn Investment/Partnership please

reply with your line of interest.



Content analysis details: (9.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.164.204 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.0 HK_NAME_MR_MRS No description available.

0.0 FAKE_REPLY_C No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

1.0 XPRIO Has X-Priority header

1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Re: I Resend The Mail .....













Hello Sir/Ma,




 




My name is Mrs. Reem E. Al-Hashimi, The Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020/2021 Committee.




 




I have a great business proposal to discuss with you, if you are interested in Foriegn Investment/Partnership please reply with your line of interest.




 




PLEASE REPLY ME ON THIS EMAIL: rhashimi202222@kakao.com




 




Regards,




Mrs. Reem






fraudulent spam from Outlook servers

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 13:46:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUvYT-000EV0-Ix

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 13:45:17 -0600

Resent-From: The Doctor

Resent-Date: Sun, 4 Sep 2022 13:45:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sgaapc01rlhn2178.outbound.protection.outlook.com ([40.95.54.178]:6294 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUsCF-000Igk-8C

for doctor@nl2k.ab.ca;

Sun, 04 Sep 2022 10:10:12 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=I5dZGxjmFi3gp9sIkxBShAMtLcBhWqTtS5mhH6BT4wBkffzIxDMnfSYv74H+BFasi+1JremDZnSX4ZFvTgguiYCSyWSBfqFGCyJwr1fZW0Q1LSJcofG5/s3A7+LPsHLyQh9GDLdgMp+tq7Ak5RuYTXKVuUDZ8dHrRN274JFebsTpknGm4aOQwLEfkTjBqIH+cYSH/jxw+o+O08xn9W4P7ctPcMOC0ZfoPVhP9a3htTsg5+Tn9pN1pYFyiE1KyLE+SH7mVRvWi4Iao134qXdlPG94UHcitfZFhb1IXNmaNa25YX2ohngEChBo1/smdX0fFXEQbuobohIhWuRhmIMN7g==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=zhjSLwdK445sPHO/q1NSpdCkTIAvL+N4zhMGTXiUhFc=;

b=UKIb1/UqpMy0yKZByZsnf2c0IUA85s0QpExedEacvM1AagugABmZmNinHKPoOJIZsJnzsmVMWE8D3ADabKr2/g5BnbvS6anMPrCSR9EMeKlI/XVw4LGyy6uWDSyll06efnxVOuB5n1Ftu1Ao9Y+sR45trGYf0fot1VGrfO4uCbDjptRlehFmTm+RHFhVJUiwzn7FEX0Jfj6y4oE3kj+EvjfVd8SwjZaQfWj/fGnEfLjfBvsYFdYeOZMKu1Y3Olue7Sr95VurS3KViQ00RxdZtBuCpxrV5q4XFQT32iP1IDoQqZP3+H7sfzr0ijL7w2juSl2Ev/qKAUQC7zNb3OlLXA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is

172.107.174.74) smtp.rcpttodomain=keypoliceman.com smtp.mailfrom=uaegov.ae;

dmarc=none action=none header.from=uaegov.ae; dkim=none (message not signed);

arc=none (0)

Received: from PS2PR01CA0023.apcprd01.prod.exchangelabs.com

(2603:1096:300:2d::35) by SG2PR04MB5938.apcprd04.prod.outlook.com

(2603:1096:4:1d6::5) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Sun, 4 Sep

2022 16:09:41 +0000

Received: from PSAAPC01FT003.eop-APC01.prod.protection.outlook.com

(2603:1096:300:2d:cafe::4d) by PS2PR01CA0023.outlook.office365.com

(2603:1096:300:2d::35) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.18 via Frontend

Transport; Sun, 4 Sep 2022 16:09:40 +0000

X-MS-Exchange-Authentication-Results: spf=none (sender IP is 172.107.174.74)

smtp.mailfrom=uaegov.ae; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=uaegov.ae;

Received-SPF: None (protection.outlook.com: uaegov.ae does not designate

permitted sender hosts)

Received: from mail.prasarana.com.my (58.26.8.158) by

PSAAPC01FT003.mail.protection.outlook.com (10.13.38.82) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 16:09:40 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-01.prasarana.com.my (10.128.66.100) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 5 Sep 2022 00:09:23 +0800

Received: from User (172.107.174.74) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 5 Sep 2022 00:09:10 +0800

Reply-To:

From: Reem A.

Subject: Hello

Date: Sun, 4 Sep 2022 11:09:24 -0500

MIME-Version: 1.0

Content-Type: text/plain; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <02534a3f-fd35-44bb-a360-232178cef530@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[172.107.174.74];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[172.107.174.74];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84

X-MS-TrafficTypeDiagnostic: SG2PR04MB5938:EE_

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?rn1G3TgciEAf3+bl3MjQRF858PMPFJwT60ABul1tyzmSNULvbwUU2IwG?=

=?windows-1251?Q?z6Iu31Fg07/qv+3NWT9fnTWxvWOa5WXM6y9BezJUw9p/cA5BumVWDB3G?=

=?windows-1251?Q?2zLXewFhgDviv4RfX1yDq9IR+oLachxAmyejWMo7ag4YRRhB9mfi98dn?=

=?windows-1251?Q?ggueoHbC5GWCNMtEtWxw7iI9I6IatVfXEfXMlRuowLGgr12aTbfq6gyf?=

=?windows-1251?Q?1v0xz+6i1Q1qRT8p+Cec6DWP4VAvRTl7LoDXbrYSE2oX5y9x/ip20nAp?=

=?windows-1251?Q?epuN3jpFF0ppp8nGg3leyr/PNXg2RPb7Dl/aDJE3ObG2cgCZaBp0vgw8?=

=?windows-1251?Q?We/X+W4EwtYvqt7E2P4owEkX+aiU2IiWcrA1Enxa2AYI/QwF1uCXW9Q6?=

=?windows-1251?Q?FdxthhYm/39M5IfROXznXrr1J2S7l12nrpGAYxTMa1xs/yoNqrhBHSKf?=

=?windows-1251?Q?29/bfwtU6X5d3EwNZUQPIzGq9e4veFgmaqPSH/nGHCtdwCGunzc49uDT?=

=?windows-1251?Q?wxKaOa9dLa+I9dzhp2laatrksEvm8EsonD4Iq17NgbxQSkSmMtHNJtQc?=

=?windows-1251?Q?AUkL5KewMCnPnrLfEU+nb/6RsSwOSE/lwwfVLbfyo1K3QlzSWXLgYjYg?=

=?windows-1251?Q?WbhhhS0kEMW6fikdTv/VVGBYYwnzUCv3DK8cmg6EikmbbwcxtoVXk0hT?=

=?windows-1251?Q?byf6mY01aogYUNYvYqd0N2MS6p01JfyyMMRANW+3sUYg0nBkb+B4mLD0?=

=?windows-1251?Q?1Wl6fFy1cCZasaikLK86FUsRiSJ5IeFFhWcqVGc1NBHmDTvnftsnO5Hf?=

=?windows-1251?Q?C+RyapTe1iJOmwg0olXZgZJs/+vO2JnuF7HSgDeol2LQOTUBzpPtzy7b?=

=?windows-1251?Q?KuUZ8ItByXaGsFIFLMpmIBbtQ+L6Ap0V+HAunImFSQgEZlbz3d0wx2oc?=

=?windows-1251?Q?50Fh1Id4oYYnD+JkRErMj9SL4JXftQE54hHPcnXr0y9B273AgyObDxsy?=

=?windows-1251?Q?Rl8kMEq2r0QMfnfKrOfO6PCUkLRuXP6LRRAXyACjOZHD518hpUo/fH/O?=

=?windows-1251?Q?qlYoDfjo4LHTsBRuXUv4jT3LgxsMJt8zLr7d67W9NFW6pjcZvwTMqcZH?=

=?windows-1251?Q?f/ogVAaqfO431n+Fwh3yVCtjKkNnt0+tDMP02LIY5Ry5/kZu+g8nN2Gp?=

=?windows-1251?Q?QcZCGRLJAfP3e+628fWhEH3chdRvnxqboTi/d/1aVD8c0+Xduxw3W3WS?=

=?windows-1251?Q?uPSfeU8015riJeLsdwZb1LtRI038A75CLOU0oqcUIzDdXhBmv1nIbk5E?=

=?windows-1251?Q?Nqgg0ccAYZyOOcwz37ahZ1NYfk9Q3Cpx7sAjm935NzyXfot7?=

X-Forefront-Antispam-Report:

CIP:58.26.8.158;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoNoRecords;CAT:OSPM;SFS:(13230016)(4636009)(136003)(376002)(346002)(39860400002)(396003)(40470700004)(36906005)(8676002)(26005)(9686003)(82310400005)(31696002)(498600001)(8936002)(41300700001)(156005)(109986005)(6666004)(32850700003)(32650700002)(3480700007)(83380400001)(336012)(81166007)(956004)(35950700001)(40460700003)(82740400003)(7366002)(70206006)(70586007)(7416002)(316002)(7406005)(7116003)(40480700001)(31686004)(2906002)(86362001)(5660300002)(2700400008);DIR:OUT;SFP:1023;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 16:09:40.6422

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.158];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

PSAAPC01FT003.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB5938

X-Spam_score: 29.1

X-Spam_score_int: 291

X-Spam_bar: +++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, Good day to you. Apparently this email will be

coming to you as a surprise since we have not met before now. My name is

Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation

[...]



Content analysis details: (29.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records

0.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector

mailbox

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[reem2018[at]daum.net]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[40.95.54.178 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[40.95.54.178 listed in psbl.surriel.com]

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[40.95.54.178 listed in ix.dnsbl.manitu.net]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.95.54.178 listed in wl.mailspike.net]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.178;r=doctor.nl2k.ab.ca]

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 LOTS_OF_MONEY Huge... sums of money

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

0.0 XFER_LOTSA_MONEY Transfer a lot of money

1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money

1.5 COMPENSATION "Compensation"

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

Subject: {SPAM?} Hello



Dear Friend,



Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020.



As an Arab women serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.



The amount is however, valued at Euro ?47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment.





REPLY ONLY TO reem.alhashimi@yandex.com



kind Regards,

Reem B. Al Hashimi

PO Box 899

AbuDhabi, United Arab Emirates

Business proposal spam from Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 09:37:00 -0600

Received: from mail-ua1-f68.google.com ([209.85.222.68]:45001)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUrfO-000FFY-JI

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 09:36:16 -0600

Received: by mail-ua1-f68.google.com with SMTP id p17so1786914uao.11

for ; Sun, 04 Sep 2022 08:35:53 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date;

bh=hMD4T/XxDYaXtm+A8MGYoFMryqQe8Z2ajmb3ZG8MKS4=;

b=YbdOyRlUDalyeccvNRNIxSnDFBpCKWCf5TtPWWOw10QqWyh4DX+mcAd4lDnDYutRjZ

UzMjot2UK1MJx9xHEggl5kc3LtLG7+SH7sFl427VNOwb1Vbt2H6ggwDc1ScmVevL0tbq

SYGqn/Co9njaWyRFNE1wloCfBf+U1JBlB8uuww1XQlL8iGRfyydLvgrRciqx5JS4D0xd

Q/ruv9XsnMkfArLEq+ciKD40o1zAXNZmryFgrm/Br4PyCVqux1vPrWHLfWz1VAhcHsuy

gDYHcDBYEKicFOHLMLO6yrq19V1t80qY2ymthrbrcKh3VIuQ0Ls1voOuZEBRmouEHGut

cuSQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date;

bh=hMD4T/XxDYaXtm+A8MGYoFMryqQe8Z2ajmb3ZG8MKS4=;

b=O2EkIQ+Apo0IuMc2QGPRsGl8+AfYjocoz+j/xRZyrLT8g5dPVC9kFIDTIHTohAqsb7

BzNIcdgCU6Gnte/ZOnTcMwlL6+QN1jHGoF+YGuMQnnKt8L9ezBO3PAdIdeqdDDPzooDA

BXgB/Cw1ymR0NdmClc9EpJwFk68RSe8XJsbPfIp9/2eX59E4TcsiMS6SsWXBJvA/Zb46

Wf4Slj13jAqgWAp5wBSWFnWdepA2SUwYMqbEXbT3YIo7iTFwmEPrc4Fmzbgj39dsd3Qx

z/mZi7cYuB2as3vWBBKSFFtGs4wZVSoxnq/jAspBlOxHG1DjLVfWapex4zTkWX4N+lBQ

upLA==

X-Gm-Message-State: ACgBeo1HIGMsHK7stKQbuDopVx1tefO1/obab0FifyrO7mFIjm/QOa8o

Gx97bP7ACVnEjGIOAayQ6smWfVUSlD96DtOo0Ws=

X-Google-Smtp-Source: AA6agR7NPqg/tZQgOqHroN2Jdvsz8MMvDVlbtzxVfaqYm8DAqrc6Bi4nLKsHHb7g4n+4nMLs0BljvAJ0gvjLK2XY96M=

X-Received: by 2002:ab0:6154:0:b0:398:c252:23d8 with SMTP id

w20-20020ab06154000000b00398c25223d8mr13333889uan.65.1662305747202; Sun, 04

Sep 2022 08:35:47 -0700 (PDT)

MIME-Version: 1.0

Reply-To: nn9122250@gmail.com

From: "Mr.Khader Mashal"

Date: Sun, 4 Sep 2022 08:35:18 -0700

Message-ID:

Subject: Profitable Business Concept.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000091f90a05e7dbb7b7"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 5.7

X-Spam_score_int: 57

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Dear , Nice to connect with you. I have a crucial transaction

to discuss and disclose with you.more details: dalh52179@gmail.com Kind Regards,





Content analysis details: (5.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[nn9122250[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[ahoutda[at]gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.68 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} Profitable Business Concept.



--00000000000091f90a05e7dbb7b7

Content-Type: text/plain; charset="UTF-8"



Hello Dear ,



Nice to connect with you. I have a crucial transaction to discuss and

disclose with you.more details: dalh52179@gmail.com





Kind Regards,



Mr.Khader Mashal

( dalh52179@gmail.com )



--00000000000091f90a05e7dbb7b7

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




Hello Dear ,

Nice to connect with you. I have a=

crucial transaction to discuss and disclose with you.more details:
=3D"mailto:dalh52179@gmail.com">dalh52179@gmail.com


Kind Re=

gards,

Mr.Khader Mashal
( =

dalh52179@gmail.com )




--00000000000091f90a05e7dbb7b7--

Tax refund phish from Japan

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 08:36:00 -0600

Received: from ns.gigamall.ne.jp ([210.166.222.44]:52962)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUqik-0009Q2-AR

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 08:35:38 -0600

Received: by ns.gigamall.ne.jp (Postfix, from userid 48)

id 00F1B8341442; Sun, 4 Sep 2022 23:35:10 +0900 (JST)

To: dave@doctor.nl2k.ab.ca

Subject: Refund invoice ID: 95169271547739925401/2022/P800

X-PHP-Originating-Script: 48:leaf-389921.php

Date: Sun, 4 Sep 2022 23:35:10 +0900

From: Revenue Commissioners

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_f47ba216e292741e9a13bc214c4c431f"

Content-Transfer-Encoding: 8bit



This is a multi-part message in MIME format.



--b1_f47ba216e292741e9a13bc214c4c431f

Content-Type: text/plain; charset=us-ascii







Dear Taxpayer,We would like to notify you that you still have an outstanding tax refund of 265.48 Euro from overpaid tax from year ending 2021.

You have until 16 September 2022 to make your claimClaim Your Refund Now (Login Now)

            

(Reference No: 1884983095188619334594/2022/P800)

If you find this message wrongly classified as spam, you can unmark the message. Just select the message, and click the Not Spam button that appears at the to and bottom of your current view. Unmarking a message will automatically move it to your inbox.





--b1_f47ba216e292741e9a13bc214c4c431f

Content-Type: text/html; charset=us-ascii








Dear Taxpayer,
We would like to notify you that you still have an outstanding tax refund of 265.48 Euro from overpaid tax from year ending 2021.




You have until 16 September 2022 to make your claim
Claim Your Refund Now (Login Now)



            


(Reference No: 6051254449573/2022/P800)



If you find this message wrongly classified as spam, you can unmark the message. Just select the message, and click the Not Spam button that appears at the to and bottom of your current view. Unmarking a message will automatically move it to your inbox.









--b1_f47ba216e292741e9a13bc214c4c431f--