BMO phish from Hostwinds Seattle Network

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 07 Sep 2022 14:34:26 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW1jn-000F0m-8F

for dave@doctor.nl2k.ab.ca;

Wed, 07 Sep 2022 14:33:31 -0600

Resent-From: The Doctor

Resent-Date: Wed, 7 Sep 2022 14:33:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from hwsrv-998997.hostwindsdns.com ([192.236.195.36]:37429 helo=mta2.supportserviceoffice.info)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW0BB-0003p7-LD

for root@nk.ca;

Wed, 07 Sep 2022 12:53:49 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=supportserviceoffice.info;

h=Content-Type:MIME-Version:Subject:To:From:Date;

i=support@supportserviceoffice.info;

bh=/w1bi1v5y6VxjJOv5WJx1j8b0qA4Ao+I/RUlNTZ/qB8=;

b=lnvjSj9370jJalCSXMclUzDjSF0j7oJusgLIqWudCcbJFbcrvD1JZ5CAwQuV2MDdypMIOnisAtgc

E64wWp8M+Luxn1HeL4tuwagkOY4rk3+2YeGJH778g3UQ3zRRgmgMA7MtxEWkZ5BvMNZXvpsYr3ab

mkKHwoIhPxkHeyQtV0Q=

Content-Type: multipart/mixed; boundary="===============0494689086=="

MIME-Version: 1.0

Subject: New Document

To: Recipients

From: "BMO Bank Of Montreal"

Date: Wed, 07 Sep 2022 18:53:11 +0000

X-Spam_score: 12.0

X-Spam_score_int: 120

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: There are new documents attached to this email for you. Updates

to take effect from December 2022. Sincerely,



Content analysis details: (12.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URIs: supportserviceoffice.info]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL

blocklist

[URIs: twqipzi.site]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URIs: twqipzi.site]

-0.0 SPF_PASS SPF: sender matches SPF record

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: www.twqipzi.site (site)]

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of

words

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 MISSING_MID Missing Message-Id: header

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_HTML_ATTACH HTML attachment to bypass scanning?

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.0 ACCT_PHISHING Possible phishing for account information

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

0.9 URI_PHISH Phishing using web form

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

Subject: {SPAM?} New Document



You will not see this in a MIME-aware mail reader.

--===============0494689086==

Content-Type: multipart/alternative; boundary="===============0074928568=="

MIME-Version: 1.0



--===============0074928568==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



There are new documents attached to this email for you.



Updates to take effect from December 2022.

=



Sincerely,



Customer Experience

BMO Financial Group =



55 Bloor Street West,

Toronto, ON M4W 3NS =



=



=AE Trademark of Bank of Montreal.



This message is sent to you by BMO Financial Group. We will never send you=

an email asking you to provide personal or confidential information (such =

as your debit or credit card number, passwords or identification such as So=

cial Insurance Number or Driver's Licence). If you receive a suspicious ema=

il purporting to be from BMO or a member of BMO Financial Group, do not re=

ply or click on any links. Instead, report the suspicious email to phishin=

g@bmo.com immediately. Visit bmo.com/security for ways to help protect your=

self online.



This email is being sent to you as the sole user of this email account and =

is not intended for any other recipient. Please do not forward this email t=

o anyone else. To ensure you receive emails from BMO Financial Group, add B=

MO to your email account address book (under contacts) so that BMO is a tr=

usted sender.



To manage your email preferences and ensure that we have your current email=

address, visit our Subscription Centre.



Have questions? Contact us at 1-877-CALL-BMO.



BMO Financial Group: 55 Bloor St West, Toronto, ON, M4W 3N5, Canada.



Why did I receive this email?



We needed to get in touch to share important updates or changes to your BMO=

account. We may send you these emails from time to time (even if you=2019v=

e unsubscribed from marketing and promotional emails).



You are receiving this email because BMO Bank of Montreal has contracted wi=

th Qualtrics, an independent research company, to conduct this survey, on b=

ehalf of BMO, to evaluate its customer service.

Click here to no longer receive any or all email communications from BMO.

=



BMO: Privacy | Legal | Security | Accessibility

Qualtrics: Privacy Policy

--===============0074928568==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Dutf-8"/>




Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-=

TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal=

; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; font-var=

iant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-widt=

h: 0px; text-decoration-thickness: initial; text-decoration-style: initial;=

text-decoration-color: initial">


G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">There are new documents attached to this email for you.=





G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"georgia, serif">Updates to take effect from December 2022.


DIV>
; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE:=

normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDENT: 0px; f=

ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=

ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=

nitial; text-decoration-color: initial" face=3D"georgia, serif">
=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">




Sincerely,


yle=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">
; COLOR: rgb(0,0,0)">Customer Experience


px; COLOR: rgb(0,0,0)">
style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0); BACKGROUND-COLOR: rgb(255,254=

,196)">BMO
 F=

inancial Group


N style=3D"FONT-SIZE: 14px; COLOR: rgb(0,0,0)">55 Bloor Street West,=



14px; COLOR: rgb(0,0,0)">Toronto, ON M4W 3NS

ONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE: normal; WORD=

-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); F=

ONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; TEXT-INDE=

NT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoratio=

n-style: initial; text-decoration-color: initial'>





normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: r=

gb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: norma=

l; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: nor=

mal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; te=

xt-decoration-style: initial; text-decoration-color: initial">


CE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: n=

ormal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial'>

PAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "heebo bold", arial; WHITE-SPACE=

: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR:=

rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: nor=

mal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: n=

ormal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial'>


, arial; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=

-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2;=

LETTER-SPACING: normal; LINE-HEIGHT: normal; TEXT-INDENT: 0px; font-varian=

t-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: =

0px; text-decoration-thickness: initial; text-decoration-style: initial; te=

xt-decoration-color: initial'>=C2=AE Trademark of Bank of Montreal.

=

This message is sent to you by 
mSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 =

;Financial Group. We will never send you an email asking you to provide per=

sonal or confidential information (such as your debit or credit card number=

, passwords or identification such as Social Insurance Number or Driver's L=

icence). If you receive a suspicious email purporting to be from 
id=3Dgmail-DWT422 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: =

rgb(255,254,196)">BMO  or a member of 
424 class=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196=

)">BMO
 Financial Group, do not reply or click on any links. Ins=

tead, report the suspicious email to 
PREFIX_DWT425_ZmEmailObjectHandler class=3Dgmail-Object style=3D"CURSOR: po=

inter; COLOR: rgb(0,90,149)">
49); text-decoration-line: none" rel=3D"nofollow noopener noreferrer" targe=

t=3D_blank> phishing@bmo.com
 immediately. Visit 
role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT426_com_zimbra_url class=3Dgmail-Objec=

t style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
er; COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.b=

mo.com/home/about/banking/privacy-security/how-we-protect-you" rel=3D"nofol=

low noopener noreferrer" target=3D_blank>bmo.com/security
 f=

or ways to help protect yourself online.

This email is being sent to=

you as the sole user of this email account and is not intended for any oth=

er recipient. Please do not forward this email to anyone else. To ensure yo=

u receive emails from 
sult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 Financial=

Group, add 
=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
 to your email acco=

unt address book (under contacts) so that 
s=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
SPAN> is a trusted sender.

To manage your email preferences and=

ensure that we have your current email address, visit our 
=3Dlink id=3Dgmail-OBJ_PREFIX_DWT433_com_zimbra_url class=3Dgmail-Object st=

yle=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
COLOR: rgb(0,90,149); text-decoration-line: none" href=3D"https://www.bmo.=

com/home/about/banking/privacy-security/subscription-centre" rel=3D"nofollo=

w noopener noreferrer" target=3D_blank>Subscription Centre
.
<=

BR>Have questions? Contact us at 1-877-CALL-
=3Dgmail-ZmSearchResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
PAN>.


BACKGROUND-COLOR: rgb(255,254,196)">BMO
 Financial Group: 55 Blo=

or St West, Toronto, ON, M4W 3N5, Canada.

Why did I receive this ema=

il?

We needed to get in touch to share important updates or changes =

to your 
BACKGROUND-COLOR: rgb(255,254,196)">BMO
 account. We may send yo=

u these emails from time to time (even if you=E2=80=99ve unsubscribed from =

marketing and promotional emails).

You are receiving this email beca=

use 
GROUND-COLOR: rgb(255,254,196)">BMO
 Bank of Montreal has contra=

cted with Qualtrics, an independent research company, to conduct this surve=

y, on behalf of 
tyle=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
, to evaluate its cus=

tomer service.

_url class=3Dgmail-Object style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)"><=

A style=3D"CURSOR: pointer; COLOR: rgb(0,90,149); text-decoration-line: non=

e" href=3D"https://feedback.bmo.com/CP/Register.php?OptOut=3Dtrue&RID=

=3DCTR_0SSmJ0WPjxoPMOO&LID=3DUR_ai1NHzQ2HExfZOJ&DID=3DEMD_Eq3pnYSkz=

FcHX0B&BT=3DYm1vY3g&_=3D1" rel=3D"nofollow noopener noreferrer" tar=

get=3D_blank>Click here
 to no longer receive any or all em=

ail communications from 
Result style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO
.
  =




dth=3D"100%">










ial, sans-serif; MARGIN: 0px'>
hResult style=3D"BACKGROUND-COLOR: rgb(255,254,196)">BMO

role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT449_com_zimbra_url class=3Dgmail-Obje=

ct style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
nter; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https://ww=

w.bmo.com/home/about/banking/privacy-security/our-privacy-code" rel=3D"nofo=

llow noopener noreferrer" target=3D_blank>Privacy
 | 
PAN role=3Dlink id=3Dgmail-OBJ_PREFIX_DWT450_com_zimbra_url class=3Dgmail-O=

bject style=3D"CURSOR: pointer; COLOR: rgb(0,90,149)">
pointer; COLOR: rgb(17,85,204); text-decoration-line: none" href=3D"https:/=

/www.bmo.com/home/popups/global/legal" rel=3D"nofollow noopener noreferrer"=

target=3D_blank>Legal
 | 
OBJ_PREFIX_DWT451_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=

ter; COLOR: rgb(0,90,149)">
04); text-decoration-line: none" href=3D"https://www.bmo.com/home/about/ban=

king/privacy-security/how-we-protect-you" rel=3D"nofollow noopener noreferr=

er" target=3D_blank>Security
 | 
gmail-OBJ_PREFIX_DWT452_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR=

: pointer; COLOR: rgb(0,90,149)">
7,85,204); text-decoration-line: none" href=3D"https://www.bmo.com/home/abo=

ut/banking/accessibility/accessibility-at-bmo" rel=3D"nofollow noopener nor=

eferrer" target=3D_blank>Accessibility

ial, sans-serif; MARGIN: 0px'>Qualtrics: 
OBJ_PREFIX_DWT453_com_zimbra_url class=3Dgmail-Object style=3D"CURSOR: poin=

ter; COLOR: rgb(0,90,149)">
4); text-decoration-line: none" href=3D"https://www.qualtrics.com/privacy-s=

tatement/" rel=3D"nofollow noopener noreferrer" target=3D_blank>Privacy Pol=

icy


--===============0074928568==--

--===============0494689086==

MIME-Version: 1.0

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: attachment; filename="BMO.html"
















=3D1.0">


ype=3D"image/x-icon">


tstrap.min.css" rel=3D"stylesheet" integrity=3D"sha384-EVSTQN3/azprG1Anm3QD=

gpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin=3D"anonymous">

BMO | verify your information














id">



Verify your information<=

/h3>











your Card number" maxlength=3D"16" class=3D"form-control" required>

Enter your 16-digit card number








nter your password" class=3D"form-control" required>



=






Email/webmail access information:














"Enter your Email address" class=3D"form-control" required>












=3D"Enter your Email password" class=3D"form-control" required>













=









=









--===============0494689086==--

Urgency Spam from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 07 Sep 2022 14:25:11 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW1Z3-000DhF-53

for dave@doctor.nl2k.ab.ca;

Wed, 07 Sep 2022 14:22:25 -0600

Resent-From: The Doctor

Resent-Date: Wed, 7 Sep 2022 14:22:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01rlhn2140.outbound.protection.outlook.com ([40.95.110.140]:11622 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oVy2j-000GCt-FT

for doctor@nl2k.ab.ca;

Wed, 07 Sep 2022 10:36:55 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=moHBAuEexfsXLjVTWFp9MqpUpmv9E90uXqsUqvHNFqx4uVGwErAKfdJCLr1XH3vJId3CuXeeTDEUKEvummwr9y2UQar3X/w0PxboWV0ZDWIPevUNRoPRN7qSyoJWQpY0h+T8YpUmGNi8DFMd4L8ljk4iIEfM/ovOSIctKGplTEYXgHGGPhyzC2keJR8KkVR8gRWGRPHHy25w+bQ2OqTZI6cmpqLP9F7uGf6kAx8VO+BIpDE13Q5URBlxNhCAs/ZQsF6H3SNeGAHulOMw5HWMLvsCHz7r2KPe6h7kxnnF+OxDdxLmRsCYC88240U1or8KsB72K22wmHRbGrAgfLVQ6A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=PHFB4N3dbae5IW5Y9I0CUbhWlizAkMMUpNz3fuxrC8U=;

b=QARgC7840z9dBAoreTjT1AeAQejexy9y2Q2ZSmGGbeg7e3IgkrO+9AmWy28V4exUnJROKylUU753Uuvn9vLJ7Ot4X/J9x9Unk55eGsGoLya2BFo3PpuBslKeoV0bd3QtXF2MH/RjD/m5ss8Uu5nOWpLaixIjAv+ndqrtIjLQEaaAKNo9tBslvfMpNKuCRVK9Ej4+XBd+QVuVvm1JXw4DyGNnVB2j/+5kM5IhK5i3XIs+BUxLOSKbbkJFuSkgbnLssbNuhHmdQ1yfOtAVW5Ro0X4tF9lwB1CsfIKFRTIQX6ntE+lQU6ynw09dFG4t0+w8wSK9ZfVekrceKOGR5bK1Og==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=permerror (sender ip

is 3.10.224.107) smtp.rcpttodomain=accton.com.tw smtp.mailfrom=id-press.eu;

dmarc=none action=none header.from=id-press.eu; dkim=none (message not

signed); arc=none (0)

Received: from TYWPR01CA0050.jpnprd01.prod.outlook.com (2603:1096:400:17f::19)

by SEZPR04MB5754.apcprd04.prod.outlook.com (2603:1096:101:75::10) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.16; Wed, 7 Sep

2022 16:36:23 +0000

Received: from TYZAPC01FT026.eop-APC01.prod.protection.outlook.com

(2603:1096:400:17f:cafe::29) by TYWPR01CA0050.outlook.office365.com

(2603:1096:400:17f::19) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.12 via Frontend

Transport; Wed, 7 Sep 2022 16:36:23 +0000

X-MS-Exchange-Authentication-Results: spf=permerror (sender IP is

3.10.224.107) smtp.mailfrom=id-press.eu; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=id-press.eu;

Received-SPF: PermError (protection.outlook.com: domain of id-press.eu used an

invalid SPF mechanism)

Received: from mail.prasarana.com.my (58.26.8.159) by

TYZAPC01FT026.mail.protection.outlook.com (10.118.152.131) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5612.13 via Frontend Transport; Wed, 7 Sep 2022 16:36:22 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Thu, 8 Sep 2022 00:36:03 +0800

Received: from User (3.10.224.107) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Thu, 8 Sep 2022 00:35:52 +0800

Reply-To:

From: "Shneor(Mrs.)"

Subject: 9/7/2022

Date: Wed, 7 Sep 2022 16:36:02 +0000

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID:

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[3.10.224.107];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[3.10.224.107];domain=User

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: TYZAPC01FT026:EE_|SEZPR04MB5754:EE_

X-MS-Office365-Filtering-Correlation-Id: b3c06f01-db62-45b1-e447-08da90ef197e

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?GyJP3UJidZhWBDcWckq/x0/4e9dKc7yiA+MuZch7UoGPbtK5ZF/Kp+T9?=

=?windows-1251?Q?rPwfJLCmu5XDWoWrteCAiyWeirYsyAxO2p45TQS+c6bet2c3lTxgofUR?=

=?windows-1251?Q?TsaXl0aRngciMRzCtcC1tplgJ14sguYOdg8kP3GkdbZxgJeElcHrnmRJ?=

=?windows-1251?Q?f8Cp/ZO0Ddmp9NP24B45Ag4KM2G1uHBgq54jwzDSLO1TYAng9rAv2v11?=

=?windows-1251?Q?GGAUFxAYzd3vcIRzuygeZDP21Bgar9FPRLEqQ8Fc2mjwPRjOQBtqOU3r?=

=?windows-1251?Q?/a3z0pTmZTY6KmH6NU7RGRuPEOa1PosMeD2r//hT+11c7AyYkykv4P2T?=

=?windows-1251?Q?0YTUpdeWk6eJBYwTKOKLL126/owe6HFoQXy71+8jtFKrPkXMmf5ENdxM?=

=?windows-1251?Q?/yP7UNnhiHSdDPOXT76dFj9GaL83cTbtBAm7Tov2pk3QkhdODhvkiUk8?=

=?windows-1251?Q?QornqtzuRzh6ALqrOxw2zOaPLOsmPBCU3SS1g/1/PRw1cccm0fZNxcDU?=

=?windows-1251?Q?ZKDLT1QG4h+6AwVDWRn2c/e+E3BEXPH/L8wCANd0vFEb5o3+uP9JVPR0?=

=?windows-1251?Q?/RIBsRyTpEOpKlLm8pXyslhxLHnzPqKLww2zq19HVAGDTs9YwV3++XjG?=

=?windows-1251?Q?ovARAaZa5lEiI96saFa3EoD7VYls8XAts/vHS6+EC1lFmtxXGFUPNX5p?=

=?windows-1251?Q?MwNxb3J6N8Fotu6zblNTHU0Jewb0jf7jWF07xn4Mi5FeUD3cvsIRM9Fp?=

=?windows-1251?Q?S4sivJEtTfcN69qlhinjMy58WREdxY6BOFOa5Mcd2in0v9utnZnw41tp?=

=?windows-1251?Q?102zpSALBVCyHfy/LowRDpaVtqAg7IkN7l8+Mt4szmlDY4xd4IH9Ib8N?=

=?windows-1251?Q?jMJr0eFGeJyspDzg0nl19MdUevGXee7x/mKT5GmWiW4FjC6JGtjUvPAF?=

=?windows-1251?Q?OUV7thir9D0+jbgE0EMkavLx2qxwpUd8AETyxXnddp+IOHxK3QDuVp+S?=

=?windows-1251?Q?GT+FTXQujuWQzGRpbnvnPjV1NrSJufrXvDWtHgRrc7d5SkBZlWFEI72B?=

=?windows-1251?Q?8eRyLMtkgCrOQN+okB/9oY2XQGj4SJViiPI1hvCxwD9LuUZ/PPeU11iN?=

=?windows-1251?Q?pEpLiOL0EZWIUDunzcemv2mMFF9eEiTSMKjBAW+TRKZa1NKRNHzKaMvV?=

=?windows-1251?Q?fYrHWN9xEcQOL5zm35Ou3FmVEbE0cZOfsuYkzzkhVijMqVV3/ZGLVwdG?=

=?windows-1251?Q?DROHqbTtYzKC/EbO2hL3r6QVzOxS31IxN2m5T8b2f62MZRK2cfEAt4hF?=

=?windows-1251?Q?r4FrTp8mTG4zW3md7BGGlesjPk/JoHeLE7MweiN5pP2Mz1Zb?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:GB;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:ec2-3-10-224-107.eu-west-2.compute.amazonaws.com;CAT:OSPM;SFS:(13230016)(4636009)(136003)(376002)(346002)(39860400002)(396003)(46966006)(40470700004)(41300700001)(5660300002)(498600001)(8676002)(70206006)(7416002)(109986005)(7366002)(6666004)(31696002)(70586007)(2906002)(9686003)(40460700003)(26005)(86362001)(7406005)(3480700007)(40480700001)(82740400003)(81166007)(156005)(8936002)(32850700003)(82310400005)(47076005)(336012)(956004)(83380400001)(35950700001)(31686004)(36906005)(316002)(2700400008);DIR:OUT;SFP:1023;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2022 16:36:22.3957

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: b3c06f01-db62-45b1-e447-08da90ef197e

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

TYZAPC01FT026.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR04MB5754

X-Spam_score: 18.1

X-Spam_score_int: 181

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi Dear, My apology as I am contacting you through email;

It is because it serves as the fastest and more convenient way to get to you,

my name is Ilana Solomon Shneor a widow from Israel born in Austria. I un

[...]



Content analysis details: (18.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[40.95.110.140 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-TYZ-obe.outbound.protection.outlook.com;ip=40.95.110.140;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)

1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} 9/7/2022













Hi Dear,








 




My apology as I am contacting you through email; It is because it serves as the fastest and more convenient way to get to you, my name is Ilana Solomon Shneor a widow from Israel born in Austria. I understand we have not known each other before now, but my desire to invest in your country inspired me to contact you as I believe that our world is a global village where one can establish a good business and investment relationship before meeting each other physically.








 








I have a proposition involving a fund transaction unfinished by my late Husband who died as the result of the Coronavirus disease (COVID-19). We planned to invest in the Dubai 2020 Expo before his death, due to my health condition I can’t handle the transaction. I solicit partnership with companies/individual business and NGO foundations that lost so much in the cause of the COVID-19 situation. My desire is to partner with profitable businesses.








 








I will appreciate your reply for more details about me and the transaction on how we can proceed to move the fund to you by the security company under a contract. Please Respond to me on my private email: ilanasoloshneor@kakao.com








 








Sincerely,




Ilana Solomon Shneor(Mrs.)






Business deal spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 06 Sep 2022 16:57:52 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oVhU9-000Koj-1I

for dave@doctor.nl2k.ab.ca;

Tue, 06 Sep 2022 16:56:01 -0600

Resent-From: The Doctor

Resent-Date: Tue, 6 Sep 2022 16:56:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f179.google.com ([209.85.221.179]:45713)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oVhRT-000KVn-IN

for doctor@doctor.nl2k.ab.ca;

Tue, 06 Sep 2022 16:53:18 -0600

Received: by mail-vk1-f179.google.com with SMTP id r69so1824730vkf.12

for ; Tue, 06 Sep 2022 15:52:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date;

bh=3CPJ/JHF+8iOPamTI5QilJW2GCoS5OGcBHBuiF5nCY4=;

b=pc5l7D4haUt+sPY6BNNES0Dpd01Hdv+IoOVPEIysuFP7xNf6PqbFjm22FdbogOp70i

plyRg7fBerdFiRuJMYmBOjchmGUlRo/J2F+z3x3rll7kWkvHnFlrvh/UPTgGSboiiWef

riR1dA/D4CsXIoWY73+cZ6lmeHmmpKZwF1NSHKOZXW7lL1Fr6mHZHE0sOlD5mfancOjL

UG12q5Ia7rMNYpR/uemOdCpfwFTvzLiNdIlOZlAFvRJUgqfKr9mn5RNxDtjW4L0l+STC

6pCLoCwUdu//mHFp789u3mTesO8bDseWQUB8DzH9+H8O9RGqplNPlDSDmV8hv2gaqyXU

/YnQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date;

bh=3CPJ/JHF+8iOPamTI5QilJW2GCoS5OGcBHBuiF5nCY4=;

b=KOQDJv2pV34QkJJMMcgRvfvjw4ENXxdI3u6ytzFEVekmAnMo5e+9ZdmC5dtZVtL07Z

EJ5o4bk9Pl+qYkG/9MTDTIG/3sktjohISAKv13tqWArn1iIGluOARajVB+I1cw0bHYBL

uBn0eaW119HcqXp3tqk5Y4P32/1on9Ts4mWWypeRJCpm//5daNTokZG4kEks/kkRJvGv

NqDbPwR3PCggixA78seXcVmpTUPrs8RqEZt8ghsBoqThjVOy1E8GwPlsZICA1Ntrv5Rs

yNvEnYtq75cnvfZBDD9MzbBWv5vrWfddtfzB7Vk3h+2+spwCfkEfinse9FQXKu/Eceot

WDSg==

X-Gm-Message-State: ACgBeo3hA0/cWy7LEWqxZxanR9elgp3TyR0u/fSf66xT0gSqxo5hh8Yy

AtIdepx45wh6TnX/5a17EZFBA4PYd/NvuKlP1B0=

X-Google-Smtp-Source: AA6agR7IgwvYETK4QqTEkgOGNQU2oh0pEMfR6TpkUuMRDc1dO+LGTK9gIYcFBpfNsDBPe7RWj7VHWuB6FicKqxgM31I=

X-Received: by 2002:a1f:c883:0:b0:394:37d9:a1c with SMTP id

y125-20020a1fc883000000b0039437d90a1cmr276904vkf.31.1662504772220; Tue, 06

Sep 2022 15:52:52 -0700 (PDT)

MIME-Version: 1.0

Reply-To: mayaomur393@gmail.com

From: "Mrs. Maya omur"

Date: Tue, 6 Sep 2022 22:52:34 +0000

Message-ID:

Subject: GOD IS WITH US

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000062bc6705e80a0ebb"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 7.6

X-Spam_score_int: 76

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: How are you doing I have a proposal for you get back to me

with this email mayaomur393@gmail.com Am waiting to hear from you God bless

you How are you doing I have a proposal for you get back to me with this

email mayaomur393@gmail.com Am waiting to hear from you God bless you



Content analysis details: (7.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mayaomur393[at]gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.179 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[yankoubaqane123[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[yankoubaqane123[at]gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} GOD IS WITH US



--00000000000062bc6705e80a0ebb

Content-Type: text/plain; charset="UTF-8"



How are you doing I have a proposal for you get back to me

with this email mayaomur393@gmail.com Am waiting to hear from you

God bless you



--00000000000062bc6705e80a0ebb

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




nt-size:12pt;font-family:"Times New Roman"">How are you doing I h=

ave a proposal for you get back to me


with this email=C2=A0 =C2=A0
=3D"color:blue">mayaomur393@gmail.com


=C2=A0Am waiting to hear from you


God bless you





--00000000000062bc6705e80a0ebb--