Business proposal spam from Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 15:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUwjz-000MoZ-PL

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 15:01:15 -0600

Resent-From: The Doctor

Resent-Date: Sun, 4 Sep 2022 15:01:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sgaapc01hn2204.outbound.protection.outlook.com ([52.100.164.204]:60897 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUwHb-000Jl5-WA

for doctor@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 14:32:00 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Irc5TsR9G3LTSI01QOKXct60eYREP19ixyBynbZjIVNVmrNODXEVZCJriLKRxQUS6kwFWYWXfj3evDa+uDmCuczPTZmD0Eqt/Y6VrDHE5CuKHiS36HVLg+Q9n5KAslFPQTpBFNAGmcrenQzI4s1rY4AcKiFzAYzrS6gbFArU5iAHhTr0H2M52okIrKqGc65Qy+1HKJ+JMMSSqkF2BbtESngHjLhvgULhGsb6jn8VOIjQn8PPUcZTPQDzMdIJiN+IP6n8jRSIvfewhYtNXSKZq88D0CTLBpOELGdM6TLUCInSRnm6fJinKetCfvSeo4H4ArNhHMYnIYdgApJ1Iju7Pg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=SBI6MQejEOea03ycWFYU7CgfYxLjAQKT3P+5k6quwo4=;

b=acmUhADjvBsaUwZxKwjl43gXBtTyJO1zuUBIitrjIuo/gmP7S+BWK8iqlQ3Lg9z29aXvYoLfjpY9OW2IdtG0bSXp/IH8tD8Gew6PgdvXAiQVdGcGaL+eA1exP+JhGOppc+9K/NbrNV7pMKI4Up3qqpvllVgT7KpRcDzBn+AmZMQ59APFTiGl5b9zIQ3MFj3BWJE0BWQgi9+jdGd6E6kN6kAuYOTQ4TjEmoVtKkWDLySbD5XFowKivUKYqhy771M4deDQYvbKONWjdbsEkmD7bSH4d8JZBB8zITG18vVHSPAKl91VCCVznWvN3FyD1cZ9XyvNKZz6KdFGOqXBZXVyTg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is

45.137.22.169) smtp.rcpttodomain=beverlyspine.com smtp.mailfrom=ap0007.com;

dmarc=bestguesspass action=none header.from=ap0007.com; dkim=none (message

not signed); arc=none (0)

Received: from TYWP286CA0031.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:262::19)

by TYZPR04MB6614.apcprd04.prod.outlook.com (2603:1096:400:260::9) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.12; Sun, 4 Sep

2022 20:31:29 +0000

Received: from TYZAPC01FT052.eop-APC01.prod.protection.outlook.com

(2603:1096:400:262:cafe::3e) by TYWP286CA0031.outlook.office365.com

(2603:1096:400:262::19) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10 via Frontend

Transport; Sun, 4 Sep 2022 20:31:29 +0000

X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 45.137.22.169)

smtp.mailfrom=ap0007.com; dkim=none (message not signed)

header.d=none;dmarc=bestguesspass action=none header.from=ap0007.com;

Received-SPF: Pass (protection.outlook.com: domain of ap0007.com designates

45.137.22.169 as permitted sender) receiver=protection.outlook.com;

client-ip=45.137.22.169; helo=User; pr=M

Received: from mail.prasarana.com.my (58.26.8.159) by

TYZAPC01FT052.mail.protection.outlook.com (10.118.152.122) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 20:31:29 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 5 Sep 2022 04:31:12 +0800

Received: from User (45.137.22.169) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 5 Sep 2022 04:31:01 +0800

Reply-To:

From: "Mrs. Reem E. Al-Hashimi"

Subject: Re: I Resend The Mail .....

Date: Sun, 4 Sep 2022 22:31:12 +0200

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID:

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[45.137.22.169];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[45.137.22.169];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: f3af2082-8e6e-47ef-fd81-08da8eb47288

X-MS-TrafficTypeDiagnostic: TYZPR04MB6614:EE_

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 0

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?a4Jahs6o4cuhuZ9v34H9riSQ49LWHTo3OVVaMHoJ5XEAAgI4xsJKL/dG?=

=?windows-1251?Q?ytByauouarvWLB4/ZKyHgEbdfu9btGEwtEbf19imJ4L1dIBkTT0KmbYu?=

=?windows-1251?Q?rwnJjQv1sIS1rzRl/h5CkcaBaOdSZtaDxvNuvM4MBy3i+dxDYmVStkrA?=

=?windows-1251?Q?01/ngPM69OsKafTjBF4nbHba0p3uF47feFi72QGG2ErF5Rimiq+2Dwyh?=

=?windows-1251?Q?dkxW6pvQvTz3Jko4e28C+sPdxKC8/D3JxIv4zbgf4dRQkB/Tt9J2svYp?=

=?windows-1251?Q?BhfWu7YitBpWUb0lzSG8CneSSDBQX6hNAcoAz13dfKFkOMSGzlvcPlyp?=

=?windows-1251?Q?YCm40tMZYD0YABC6dLAVdFukwY3zNXwCiAWWLpB0INXqGjpsXV6eaS8M?=

=?windows-1251?Q?hnD3qZGEM5S3Y8E3I1vhBkpIOmnamZp1/TEdKSIN653Vn0cnxgUeHKMe?=

=?windows-1251?Q?o3Ydtt7PnPhOVEK7ZXqCNwikkIacDdxyEqjvs/8pbp6vLL1Cn+3shFgt?=

=?windows-1251?Q?Y5cFpqfGYLhUfiHrwSVJYylQwdkzOOszFxnvqk1Ww4ZJb1oJqQU7yovZ?=

=?windows-1251?Q?idrMS6wSzYcjU+VJRvXs53s4gGxLJ0fw/1WJEuRGW25cKQz3is+AQa2P?=

=?windows-1251?Q?caOxM+U26ggX8vnt1E9Q+fxZaERKZNgdpQS4IyTX7q/bKKG4LZgMyuuj?=

=?windows-1251?Q?sjRMf+2l8zCfofQbPqU1qAYXuzuhs04Pjik0EsD+IEtHwDaHTuGvibb2?=

=?windows-1251?Q?ijwSVGCAGps8AsC215EL2pm5ntSupntPxWAX3qvfg09QqwtrMQIf9VID?=

=?windows-1251?Q?4n7XoJvxc8tk9qKYyUXzOXan5c1e3/8Ku9Bp+NhL9vnV/aRshtN48H/P?=

=?windows-1251?Q?xgUIPqsgyyDmLdHm0NT755Vj5Oj++nO1omKygGtktGDN74Hkfh6al0gq?=

=?windows-1251?Q?jne372t/lLeCr0kK6CU4LzAfoLT7wQU6xMzyaVVtpZuajG7cB+zGwrnE?=

=?windows-1251?Q?K9IWwNMtmTFsGXqjaWLVQ4NoZH377hAcU/X7B1ZolvdbTyT9/HTxEkKL?=

=?windows-1251?Q?EdSgoxO4asxQ4UJ+FuRNrWN7Dqd1IIlrqVM0XKR26Td1W+G9KLQIYO6Y?=

=?windows-1251?Q?GZ/vVanKTO93hzjp6aiwoaUf5NGcjOYadm+V0aP6UMcwo1hlpIWSH4ka?=

=?windows-1251?Q?a1Gs4NmcaHbIXsJF9MvO8gttZnDq3d27pnB2G542GnznwQXciL8lGmRX?=

=?windows-1251?Q?8laUseDfkEAasx42TiL+NaRXqZV8oBbuBFX0PKtrXlL4UzvGETObtiaz?=

=?windows-1251?Q?+tIOIknRZkMA4D4hrV9bfOylbTLEdxu9qeiQa6Ihq3YDd7MwlENE2H9i?=

=?windows-1251?Q?iaSvtWqpwyqdp3dKZusEVvW+c6TpyyDp11avCh+rzbFqc1q0i8sF4qA+?=

=?windows-1251?Q?xASS39vSFRJS+OgZpPbY4QaFwn+wD17DTM6TvUfQvOh8WPuSnrNRpA5L?=

=?windows-1251?Q?gxjW81nbf4Ah6ksqaVXUsndOMFNEqZHg1d5sNBw8QqtHJaQ3Nr7mE76F?=

=?windows-1251?Q?m7+/oOB+kOlg08qB?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:NL;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:hosted-by.rootlayer.net;CAT:OSPM;SFS:(13230016)(4636009)(39860400002)(346002)(396003)(136003)(376002)(40470700004)(35950700001)(109986005)(956004)(336012)(41300700001)(498600001)(9686003)(40480700001)(82310400005)(26005)(6666004)(31696002)(86362001)(32850700003)(156005)(82740400003)(40460700003)(81166007)(32650700002)(2860700004)(36906005)(316002)(8936002)(2906002)(31686004)(70206006)(8676002)(70586007)(5660300002)(3480700007)(7416002)(7406005)(7366002)(4744005)(2700400008);DIR:OUT;SFP:1501;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 20:31:29.1621

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f3af2082-8e6e-47ef-fd81-08da8eb47288

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

TYZAPC01FT052.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB6614

X-Spam_score: 9.9

X-Spam_score_int: 99

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Sir/Ma, My name is Mrs. Reem E. Al-Hashimi, The Emirates

Minister of State and Managing Director of the United Arab Emirates (Dubai)

World Expo 2020/2021 Committee. I have a great business proposal to discuss

with you, if you are interested in Foriegn Investment/Partnership please

reply with your line of interest.



Content analysis details: (9.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.164.204 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.0 HK_NAME_MR_MRS No description available.

0.0 FAKE_REPLY_C No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

1.0 XPRIO Has X-Priority header

1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Re: I Resend The Mail .....













Hello Sir/Ma,




 




My name is Mrs. Reem E. Al-Hashimi, The Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020/2021 Committee.




 




I have a great business proposal to discuss with you, if you are interested in Foriegn Investment/Partnership please reply with your line of interest.




 




PLEASE REPLY ME ON THIS EMAIL: rhashimi202222@kakao.com




 




Regards,




Mrs. Reem






fraudulent spam from Outlook servers

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 04 Sep 2022 13:46:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUvYT-000EV0-Ix

for dave@doctor.nl2k.ab.ca;

Sun, 04 Sep 2022 13:45:17 -0600

Resent-From: The Doctor

Resent-Date: Sun, 4 Sep 2022 13:45:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sgaapc01rlhn2178.outbound.protection.outlook.com ([40.95.54.178]:6294 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oUsCF-000Igk-8C

for doctor@nl2k.ab.ca;

Sun, 04 Sep 2022 10:10:12 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=I5dZGxjmFi3gp9sIkxBShAMtLcBhWqTtS5mhH6BT4wBkffzIxDMnfSYv74H+BFasi+1JremDZnSX4ZFvTgguiYCSyWSBfqFGCyJwr1fZW0Q1LSJcofG5/s3A7+LPsHLyQh9GDLdgMp+tq7Ak5RuYTXKVuUDZ8dHrRN274JFebsTpknGm4aOQwLEfkTjBqIH+cYSH/jxw+o+O08xn9W4P7ctPcMOC0ZfoPVhP9a3htTsg5+Tn9pN1pYFyiE1KyLE+SH7mVRvWi4Iao134qXdlPG94UHcitfZFhb1IXNmaNa25YX2ohngEChBo1/smdX0fFXEQbuobohIhWuRhmIMN7g==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=zhjSLwdK445sPHO/q1NSpdCkTIAvL+N4zhMGTXiUhFc=;

b=UKIb1/UqpMy0yKZByZsnf2c0IUA85s0QpExedEacvM1AagugABmZmNinHKPoOJIZsJnzsmVMWE8D3ADabKr2/g5BnbvS6anMPrCSR9EMeKlI/XVw4LGyy6uWDSyll06efnxVOuB5n1Ftu1Ao9Y+sR45trGYf0fot1VGrfO4uCbDjptRlehFmTm+RHFhVJUiwzn7FEX0Jfj6y4oE3kj+EvjfVd8SwjZaQfWj/fGnEfLjfBvsYFdYeOZMKu1Y3Olue7Sr95VurS3KViQ00RxdZtBuCpxrV5q4XFQT32iP1IDoQqZP3+H7sfzr0ijL7w2juSl2Ev/qKAUQC7zNb3OlLXA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is

172.107.174.74) smtp.rcpttodomain=keypoliceman.com smtp.mailfrom=uaegov.ae;

dmarc=none action=none header.from=uaegov.ae; dkim=none (message not signed);

arc=none (0)

Received: from PS2PR01CA0023.apcprd01.prod.exchangelabs.com

(2603:1096:300:2d::35) by SG2PR04MB5938.apcprd04.prod.outlook.com

(2603:1096:4:1d6::5) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Sun, 4 Sep

2022 16:09:41 +0000

Received: from PSAAPC01FT003.eop-APC01.prod.protection.outlook.com

(2603:1096:300:2d:cafe::4d) by PS2PR01CA0023.outlook.office365.com

(2603:1096:300:2d::35) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.18 via Frontend

Transport; Sun, 4 Sep 2022 16:09:40 +0000

X-MS-Exchange-Authentication-Results: spf=none (sender IP is 172.107.174.74)

smtp.mailfrom=uaegov.ae; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=uaegov.ae;

Received-SPF: None (protection.outlook.com: uaegov.ae does not designate

permitted sender hosts)

Received: from mail.prasarana.com.my (58.26.8.158) by

PSAAPC01FT003.mail.protection.outlook.com (10.13.38.82) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 16:09:40 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-01.prasarana.com.my (10.128.66.100) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 5 Sep 2022 00:09:23 +0800

Received: from User (172.107.174.74) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 5 Sep 2022 00:09:10 +0800

Reply-To:

From: Reem A.

Subject: Hello

Date: Sun, 4 Sep 2022 11:09:24 -0500

MIME-Version: 1.0

Content-Type: text/plain; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <02534a3f-fd35-44bb-a360-232178cef530@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[172.107.174.74];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[172.107.174.74];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84

X-MS-TrafficTypeDiagnostic: SG2PR04MB5938:EE_

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?rn1G3TgciEAf3+bl3MjQRF858PMPFJwT60ABul1tyzmSNULvbwUU2IwG?=

=?windows-1251?Q?z6Iu31Fg07/qv+3NWT9fnTWxvWOa5WXM6y9BezJUw9p/cA5BumVWDB3G?=

=?windows-1251?Q?2zLXewFhgDviv4RfX1yDq9IR+oLachxAmyejWMo7ag4YRRhB9mfi98dn?=

=?windows-1251?Q?ggueoHbC5GWCNMtEtWxw7iI9I6IatVfXEfXMlRuowLGgr12aTbfq6gyf?=

=?windows-1251?Q?1v0xz+6i1Q1qRT8p+Cec6DWP4VAvRTl7LoDXbrYSE2oX5y9x/ip20nAp?=

=?windows-1251?Q?epuN3jpFF0ppp8nGg3leyr/PNXg2RPb7Dl/aDJE3ObG2cgCZaBp0vgw8?=

=?windows-1251?Q?We/X+W4EwtYvqt7E2P4owEkX+aiU2IiWcrA1Enxa2AYI/QwF1uCXW9Q6?=

=?windows-1251?Q?FdxthhYm/39M5IfROXznXrr1J2S7l12nrpGAYxTMa1xs/yoNqrhBHSKf?=

=?windows-1251?Q?29/bfwtU6X5d3EwNZUQPIzGq9e4veFgmaqPSH/nGHCtdwCGunzc49uDT?=

=?windows-1251?Q?wxKaOa9dLa+I9dzhp2laatrksEvm8EsonD4Iq17NgbxQSkSmMtHNJtQc?=

=?windows-1251?Q?AUkL5KewMCnPnrLfEU+nb/6RsSwOSE/lwwfVLbfyo1K3QlzSWXLgYjYg?=

=?windows-1251?Q?WbhhhS0kEMW6fikdTv/VVGBYYwnzUCv3DK8cmg6EikmbbwcxtoVXk0hT?=

=?windows-1251?Q?byf6mY01aogYUNYvYqd0N2MS6p01JfyyMMRANW+3sUYg0nBkb+B4mLD0?=

=?windows-1251?Q?1Wl6fFy1cCZasaikLK86FUsRiSJ5IeFFhWcqVGc1NBHmDTvnftsnO5Hf?=

=?windows-1251?Q?C+RyapTe1iJOmwg0olXZgZJs/+vO2JnuF7HSgDeol2LQOTUBzpPtzy7b?=

=?windows-1251?Q?KuUZ8ItByXaGsFIFLMpmIBbtQ+L6Ap0V+HAunImFSQgEZlbz3d0wx2oc?=

=?windows-1251?Q?50Fh1Id4oYYnD+JkRErMj9SL4JXftQE54hHPcnXr0y9B273AgyObDxsy?=

=?windows-1251?Q?Rl8kMEq2r0QMfnfKrOfO6PCUkLRuXP6LRRAXyACjOZHD518hpUo/fH/O?=

=?windows-1251?Q?qlYoDfjo4LHTsBRuXUv4jT3LgxsMJt8zLr7d67W9NFW6pjcZvwTMqcZH?=

=?windows-1251?Q?f/ogVAaqfO431n+Fwh3yVCtjKkNnt0+tDMP02LIY5Ry5/kZu+g8nN2Gp?=

=?windows-1251?Q?QcZCGRLJAfP3e+628fWhEH3chdRvnxqboTi/d/1aVD8c0+Xduxw3W3WS?=

=?windows-1251?Q?uPSfeU8015riJeLsdwZb1LtRI038A75CLOU0oqcUIzDdXhBmv1nIbk5E?=

=?windows-1251?Q?Nqgg0ccAYZyOOcwz37ahZ1NYfk9Q3Cpx7sAjm935NzyXfot7?=

X-Forefront-Antispam-Report:

CIP:58.26.8.158;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoNoRecords;CAT:OSPM;SFS:(13230016)(4636009)(136003)(376002)(346002)(39860400002)(396003)(40470700004)(36906005)(8676002)(26005)(9686003)(82310400005)(31696002)(498600001)(8936002)(41300700001)(156005)(109986005)(6666004)(32850700003)(32650700002)(3480700007)(83380400001)(336012)(81166007)(956004)(35950700001)(40460700003)(82740400003)(7366002)(70206006)(70586007)(7416002)(316002)(7406005)(7116003)(40480700001)(31686004)(2906002)(86362001)(5660300002)(2700400008);DIR:OUT;SFP:1023;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 16:09:40.6422

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.158];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

PSAAPC01FT003.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB5938

X-Spam_score: 29.1

X-Spam_score_int: 291

X-Spam_bar: +++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, Good day to you. Apparently this email will be

coming to you as a surprise since we have not met before now. My name is

Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation

[...]



Content analysis details: (29.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records

0.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector

mailbox

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[reem2018[at]daum.net]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[40.95.54.178 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[40.95.54.178 listed in psbl.surriel.com]

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[40.95.54.178 listed in ix.dnsbl.manitu.net]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.95.54.178 listed in wl.mailspike.net]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.178;r=doctor.nl2k.ab.ca]

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 LOTS_OF_MONEY Huge... sums of money

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

0.0 XFER_LOTSA_MONEY Transfer a lot of money

1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money

1.5 COMPENSATION "Compensation"

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

Subject: {SPAM?} Hello



Dear Friend,



Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020.



As an Arab women serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.



The amount is however, valued at Euro ?47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment.





REPLY ONLY TO reem.alhashimi@yandex.com



kind Regards,

Reem B. Al Hashimi

PO Box 899

AbuDhabi, United Arab Emirates