project funding investment spam from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 15:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXrGw-0000TF-5z

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 15:47:18 -0600

Resent-From: The Doctor

Resent-Date: Mon, 12 Sep 2022 15:47:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-psaapc01rlhn2159.outbound.protection.outlook.com ([40.95.53.159]:62369 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXndw-0001Gu-9m

for doctor@netknow.ca;

Mon, 12 Sep 2022 11:54:53 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=H40oEc8O4khpaPbV0lxDfFlJZaWWkHXnxNwEUKXB+QThqc1R3Ihivk8p4N7OjKRipQBmZtFNO0Py/QPsEDbukeMg4Ts5MYNOUQZYDr2pvBt+XhkBbt3ZRbDuUVJt02Mj228jtf2n7oFs5mXzhubNXWd8jSXSGA2zwSVGkJN/1qtlKyv4YDaQt5DgYxiNDMu8XWcUk9XQYF+U0GXuuQAFr6XOh6n7t7aszWNtL8G9xVLCTBBYUeZd2nqdijHFS26HMuTGkl9qqpgh+RKSwlcyurfkLCqSRBd1BKSeDqyn8Yjn2sSr/8pFNW4oTt+S5YNVs0njA8z+x1lPUztZqqx7XA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=78VMkyaodgPccpU4zsTMzByxfi8VoWw1wF4eYpiwyAA=;

b=iwZbINvBYOYiGinDeHIqxPnj4h0agxdFHseZOhX12JzkyAt8D01of14lrAPesclLplv0HVD+kInQCGQH9eXC5GFVSVhOZVHTV/wGyAt5Ulrrrrd4bDfKM2iLH3XWRipRW/+eprsGaRrgKrAl5T2KvDI2oW9+8nVNhZoSeHaLj0aemceD/z48O+MB5JFbiLloRDrgyQTkNLrv0pbUcrPYtfJIUmvwvnCLCycgMvuX8xNBlA9MiqLQQoYztR81aVL1aPfO843Iz1fetfcX4rG23Pj+IZQKTIPtm2lCGYBuSVUcJ+eGYyxSZYBEH7ism9vAW35pJLOEM0GHJ0lwV2/rqg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip

is 171.22.30.52) smtp.rcpttodomain=yahoo.com smtp.mailfrom=hotmail.com;

dmarc=fail (p=none sp=none pct=100) action=none header.from=hotmail.com;

dkim=none (message not signed); arc=none (0)

Received: from PS1PR01CA0023.apcprd01.prod.exchangelabs.com

(2603:1096:300:75::35) by PSAPR04MB4311.apcprd04.prod.outlook.com

(2603:1096:301:2b::11) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.14; Mon, 12 Sep

2022 17:54:23 +0000

Received: from PSAAPC01FT057.eop-APC01.prod.protection.outlook.com

(2603:1096:300:75:cafe::c3) by PS1PR01CA0023.outlook.office365.com

(2603:1096:300:75::35) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22 via Frontend

Transport; Mon, 12 Sep 2022 17:54:23 +0000

X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 171.22.30.52)

smtp.mailfrom=hotmail.com; dkim=none (message not signed)

header.d=none;dmarc=fail action=none header.from=hotmail.com;

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning

hotmail.com discourages use of 171.22.30.52 as permitted sender)

Received: from mail.prasarana.com.my (58.26.8.159) by

PSAAPC01FT057.mail.protection.outlook.com (10.13.38.138) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5612.13 via Frontend Transport; Mon, 12 Sep 2022 17:54:23 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Tue, 13 Sep 2022 01:54:07 +0800

Received: from User (171.22.30.52) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Tue, 13 Sep 2022 01:53:55 +0800

Reply-To:

From: Mr.Erick Adusi

Subject: Re.YOUR LOAN.

Date: Mon, 12 Sep 2022 10:54:06 -0700

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <68ebf3e5-b89b-4220-8d90-7377de5f5b5c@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[171.22.30.52];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[171.22.30.52];domain=User

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: PSAAPC01FT057:EE_|PSAPR04MB4311:EE_

X-MS-Office365-Filtering-Correlation-Id: 400b34da-e776-4a74-7a8d-08da94e7d37a

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?QyFy1bMs2XByEk1HDVZ4wtwZMc1gtGvh9YtGeYytQDb5QkXpxww2ojf2?=

=?windows-1251?Q?kKhhTfgJGNbdjdnTGJnkBjJpBY6X5k4AtzlyLj/gmKB/UIddqGaAFHJw?=

=?windows-1251?Q?kAJ11ljCC31lwPl6Gw1l7ZR+B9FN4OkE/i4l1CdhGOeSdIAjhn4YhKjk?=

=?windows-1251?Q?vv1DFCfcnR0bNCHhK0jYFmDyCBpmRf41IVhOuNv57fuWd4fztiUiAz7a?=

=?windows-1251?Q?Z01QDM8OdvQqWppkqR3J81G+dcsOy+x5y1zVi4PFu/CPH8jkilfDkl7N?=

=?windows-1251?Q?NZkl7HL7jE6SP3gp/wiISF33ZaeuXth/cp9UPLZ1tv+bz/nuz7yH8b6C?=

=?windows-1251?Q?BFfqmKVX4BbXP0a1EC5uW57rEHci+VaA7Z3AbUG4HWENG2t4C50MvxRS?=

=?windows-1251?Q?vTN2k4oWSrjEgkEm2nCNtWSNqthSN2bRhSNiKkpCo81vswNPaovXRcHz?=

=?windows-1251?Q?csPDJAs248G2zYwEzoFzKceUTmUqmA53818bRpNc8Ll/YvL3y8fMj5EV?=

=?windows-1251?Q?xa0B8E7AQQpHDF2OlQy+HqhxpNKgKThydtkz1MhEn5XlFx9AP0YY6tBP?=

=?windows-1251?Q?sThAWRjMLUWpP+f1KruH6Lzi+qjiPEapOskvnwT8DWmtXRjkghTxExhg?=

=?windows-1251?Q?SDCltOjQmF2K38DN6nrWxB0R906cfua0CV37pKuSCCwMOFwZ+jaTXieC?=

=?windows-1251?Q?fA6XjiMYoFt0nZJm4dIYX54qGrhphlj2eVnTENXsSuNjwF6mXuQdZ6Nw?=

=?windows-1251?Q?PbwrSpQkG/i7uYEvHo5pEemwU3lgAzunfXTpZkxd7uCUaoorP84AkxMg?=

=?windows-1251?Q?DLVc0C4zF++VNLhPfwM0mw7e/o5pln50ZQmWOO4vXslEUQDJcul7wAlr?=

=?windows-1251?Q?JuIk/s/AmUe2qrPX8bYSyeCHFEfdv5ofx+MU6U5NOEFgzvLDpRFdnrIC?=

=?windows-1251?Q?fl1K08R6WFR/3rMB5aGAQYUS410sfHQlp2+W7WvFJwAeVOzQWoFmwBAm?=

=?windows-1251?Q?77MgYFEyXr8tcrbmY0aNlL2HDV+yY1anzqLLt51jZzkVgPIkYmsG+EAi?=

=?windows-1251?Q?4t1e01LNN+KXqbnY0x7YCL4J294jwWAnfpwb27H2YV12DU5hKRDb5aXK?=

=?windows-1251?Q?7I6v/kLiFVIiHI3HJSzWWUvNUcNX1CBbN+GQVlbmx6OQ8oZhpfUXe8B3?=

=?windows-1251?Q?2MXeaOfZuJ19pSar3lKbl7Rgf2MmSrqqa1GqFMyra4hwF6BrOyywe1ZT?=

=?windows-1251?Q?buyy5hZOmvqz5MD4/DwTgiQ5p6phPaCYNoQCx0dW/QyQlzQB189MFJxj?=

=?windows-1251?Q?CWsyitJ4cKEN4pwi27ElcDEQYj0PumtU2wwRmS7fagSRk0Kn?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230022)(4636009)(376002)(136003)(346002)(39860400002)(396003)(451199015)(40470700004)(36906005)(70586007)(70206006)(498600001)(32650700002)(8676002)(82740400003)(35950700001)(9686003)(32850700003)(956004)(82202003)(316002)(40460700003)(2860700004)(31686004)(82310400005)(41300700001)(4744005)(8936002)(7416002)(7406005)(40480700001)(81166007)(7366002)(336012)(2906002)(156005)(109986005)(6666004)(5660300002)(31696002)(86362001)(83380400001)(26005)(3480700007)(2700400008);DIR:OUT;SFP:1023;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2022 17:54:23.1159

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 400b34da-e776-4a74-7a8d-08da94e7d37a

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

PSAAPC01FT057.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PSAPR04MB4311

X-Spam_score: 21.1

X-Spam_score_int: 211

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir, We invite all interested project owners and investors

to our project financing programme. We are ready to fund projects in the

form of Loan or debt finance.



Content analysis details: (21.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[erickadusii500[at]gmail.com]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[40.95.53.159 listed in psbl.surriel.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.95.53.159 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[eri[at]hotmail.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-PSA-obe.outbound.protection.outlook.com;ip=40.95.53.159;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

Subject: {SPAM?} Re.YOUR LOAN.













Dear Sir,




 




We invite all interested project owners and investors to our project financing programme.




We are ready to fund projects in the form of Loan or debt finance.




We grant loan to both Corporate and private entities at a low interest rate of 2% ROI per annum.




The terms are very flexible and interesting.




 




Kindly revert back if you have projects that needs funding for further discussion and negotiation.




 




Regards,




Mr.Erick Adusi






SEO spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 15:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXrCp-00001A-Vf

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 15:43:03 -0600

Resent-From: The Doctor

Resent-Date: Mon, 12 Sep 2022 15:43:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f46.google.com ([209.85.216.46]:51989)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXkHg-000CW3-Hn

for sales@nk.ca;

Mon, 12 Sep 2022 08:19:40 -0600

Received: by mail-pj1-f46.google.com with SMTP id m3so8231942pjo.1

for ; Mon, 12 Sep 2022 07:19:16 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date;

bh=7cQvobkBxqmK3X5xQapR+OgYVQtrJeFO8JUlf8nTmYg=;

b=ICQcK2spg3c/239Gfi3XirYRtwB6AZT6PtATkjIGp8meOG/dg/HBNnjKfhnXMSOjRx

qcsnEmFwNMaB5ysdXRpC2Bf87KsDTS//Y371fiSV98h+sRm8xdQWRXSis21Rb2HR/4bt

hHUN9tUFXkSgc2jniKa4I5zze0OURMUjr1v8VBcD6UHTSvWh62IJivvR3rdaIvHoeKDT

LFYPcJvIP/BupOovBNXWI3tB4aRaXlgQIgjw1pH+X5P7dZRH2XtQOrEoAPHMIG1PE1C+

QwGSt3+oIP4QBWD3zwawpKV20gQavcidkN8jnFWW8LTLKVTHZ0BOsut/0week9FGx2Bt

9HqA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-message-state:from:to:cc:subject:date;

bh=7cQvobkBxqmK3X5xQapR+OgYVQtrJeFO8JUlf8nTmYg=;

b=JS31bqmXLF3Jy173iLFLneZ/oyqBdLQZicJTM57mFoatFlcuiSbGox5q/UYOCfjClz

PIHFiL9D+YdNw5QJa9aWlTffwDxOftV75mlqWTZcG4sUAyhRov5iJRoz1hO+LmML9gUV

2Sm3pfIomowL0MyMnJRM/9Vt0l7MnVWAF7+LCsESiAnW69ShOmlTTPfkn9KuFAGpLsEh

+ph8JSNIcnqqwpUpr85yk+U4FzRwQg6B8FZ+8ThtO4XutXpmxCMOLpIho5L+UE9a4OKO

tePvHiJ7hFJYgf33Da5yZmRSS9rO9hUiwjjHnQTD+TQMClt7YUoqVd/kzPIJVVG30iN5

IdEQ==

X-Gm-Message-State: ACgBeo2afKHOqTM6dtJUXziOd5g+eXrknUY1XgvjKb43Fr5YSftHcyPl

owy1Ehy/pxsBpR8FlcztqAan0UpocjQ=

X-Google-Smtp-Source: AA6agR7GQ8Kgn4yx4PHeQFZtQo1Z9NpC/4uv7dNEcfwSai9QS1mAbKA26hMTvu8aIZJD/Zz4ERlSBw==

X-Received: by 2002:a17:902:76cb:b0:170:9f15:b9a1 with SMTP id j11-20020a17090276cb00b001709f15b9a1mr26944644plt.95.1662992350673;

Mon, 12 Sep 2022 07:19:10 -0700 (PDT)

Received: from SachinPC ([223.233.65.192])

by smtp.gmail.com with ESMTPSA id g6-20020aa79f06000000b00537eb00850asm5513698pfr.130.2022.09.12.07.19.09

for

(version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128);

Mon, 12 Sep 2022 07:19:10 -0700 (PDT)

From: "Ankur"

To:

Subject: Website Design__/__Website Development__/__E-commerce>>!@#$$%

Date: Mon, 12 Sep 2022 09:18:55 -0500

Message-ID: <019f01d8c6b2$9ee8e0d0$dcbaa270$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_01A0_01D8C688.B612D8D0"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: AdjGsgAQHM9yWf2pSdOzZDc6EPwdQw==

Content-Language: en-us



This is a multi-part message in MIME format.



------=_NextPart_000_01A0_01D8C688.B612D8D0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit



Hello,



Would you be interested in building a new website, or possibly

rebuilding/repairing your existing website nk.ca with the latest added

features? We are a professional Development company.



I would like to send you my Website Proposal and examples of websites to see

the kind of quality you can expect to receive.



Do let me know if you are interested.



Kind Regards,



Ankur,



Business Development Executive





------=_NextPart_000_01A0_01D8C688.B612D8D0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">

class=3DWordSection1>


style=3D'font-size:12.0pt;line-height:115%'>Hello, =


style=3D'font-size:12.0pt;line-height:115%'>Would you be interested in =

building a new website, or possibly rebuilding/repairing your existing =

website
style=3D'background:yellow;mso-highlight:yellow'>nk.ca
with the =

latest added features? We are a professional Development company.  =


style=3D'font-size:12.0pt;line-height:115%'>I would like to send you my =

Website Proposal and examples of websites to see the kind of quality you =

can expect to receive.


style=3D'font-size:12.0pt;line-height:115%'>Do let me know if you are =

interested. 


style=3D'font-size:12.0pt;line-height:115%'>Kind Regards, =


style=3D'font-size:12.0pt;line-height:115%'>Ankur,

<=

p class=3DMsoNormal>
style=3D'font-size:12.0pt;line-height:115%'>Business Development =

Executive



------=_NextPart_000_01A0_01D8C688.B612D8D0--



Phishing attempt to get Netknow user passwords

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 12:03:02 -0600

Received: from nowe.biuroszeryfa.pl ([176.112.76.5]:48712)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXnl8-00027E-AO

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 12:02:19 -0600

Received: from 223.221.90.34.bc.googleusercontent.com ([34.90.221.223] helo=[172.17.0.4])

by nowe.biuroszeryfa.pl with esmtp (Exim 4.94)

(envelope-from )

id 1oXnkg-0006fh-O1

for dave@doctor.nl2k.ab.ca; Mon, 12 Sep 2022 20:01:46 +0200

Content-Type: multipart/related; boundary="===============3851856881196521718=="

MIME-Version: 1.0

From: "12 September, 2022-Exchange-sms-DoctorMKTUlAbEKp"

To: dave@doctor.nl2k.ab.ca

Subject: =?utf-8?q?Your_password_expires_14_September=2C_2022?=

X-Priority: 2

Message-ID:

X-ACL-Warn: Adding Message-ID header because it is missing!

X-Spam_score: 10.3

X-Spam_score_int: 103

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DoctorWebmail Expires 14 September, 2022 Hi dave@doctor.nl2k.ab.ca,

Your password expires 14 September, 2022, Please follow bellow to update

or chnage your password.



Content analysis details: (10.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: agitproject.org]

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.4 MISSING_DATE Missing Date: header

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?utf-8?q?Your_password_expires_14_September=2C_2022?=



--===============3851856881196521718==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBzdHlsZT0i

d2lkdGg6IDU1MHB4OyBtYXJnaW46IGF1dG87Ij4KCTx0Ym9keT4KCQk8dHI+CgkJCTx0ZD4KCQkJ

PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBzdHlsZT0i

d2lkdGg6IDEwMCU7Ij4KCQkJCTx0Ym9keT4KCQkJCQk8dHI+CgkJCQkJCTx0ZCBzdHlsZT0iZm9u

dC1zaXplOiA0cHg7IGJhY2tncm91bmQtY29sb3I6ICM2NjY2NjY7IGhlaWdodDogNHB4OyBtc28t

bGluZS1oZWlnaHQtcnVsZTogZXhhY3RseTsgbGluZS1oZWlnaHQ6IDRweDsiPiZuYnNwOzwvdGQ+

CgkJCQkJPC90cj4KCQkJCQk8dHI+CgkJCQkJCTx0ZD4KCQkJCQkJPHRhYmxlIGJvcmRlcj0iMCIg

Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBzdHlsZT0id2lkdGg6IDEwMCU7IGJvcmRl

cjogMXB4IHNvbGlkICNDQ0NDQ0M7IGJhY2tncm91bmQ6ICNmNmY2ZjY7Ij4KCQkJCQkJCTx0aGVh

ZD4KCQkJCQkJCQk8dHI+CgkJCQkJCQkJCTx0aCBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDsgcGFk

ZGluZzogMTVweCAxMHB4IDE1cHggMjBweDsgYmFja2dyb3VuZDogI2Y2ZjZmNjsgZm9udC1mYW1p

bHk6IGNhbGlicmksaGVsdmV0aWNhLGFyaWFsLHNhbnMtc2VyaWY7IGZvbnQtd2VpZ2h0OiBub3Jt

YWw7IGNvbG9yOiAjMzMzMzMzOyBmb250LXNpemU6IDE4cHg7Ij48c3BhbiBzdHlsZT0iZm9udC13

ZWlnaHQ6IDYwMDsiPkRvY3Rvcjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6IDMwMDsg

Zm9udC1zdHlsZTogaXRhbGljOyI+V2VibWFpbDwvc3Bhbj48L3RoPgoJCQkJCQkJCQk8dGggc3R5

bGU9InRleHQtYWxpZ246IHJpZ2h0OyBwYWRkaW5nOiAxNXB4IDIwcHggMTVweCAxMHB4OyBiYWNr

Z3JvdW5kOiAjZjZmNmY2OyBmb250LWZhbWlseTogY2FsaWJyaSxoZWx2ZXRpY2EsYXJpYWwsc2Fu

cy1zZXJpZjsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgY29sb3I6ICMzMzMzMzM7IGZvbnQtc2l6ZTog

MTNweDsiPkV4cGlyZXMgMTQgU2VwdGVtYmVyLCAyMDIyPC90aD4KCQkJCQkJCQk8L3RyPgoJCQkJ

CQkJPC90aGVhZD4KCQkJCQkJCTx0Ym9keT4KCQkJCQkJCQk8dHI+CgkJCQkJCQkJCTx0ZCBjb2xz

cGFuPSIyIiBzdHlsZT0icGFkZGluZzogMCAyMHB4IDIwcHggMjBweDsiPgoJCQkJCQkJCQk8dGFi

bGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJ3aWR0

aDogMTAwJTsgYmFja2dyb3VuZDogI2ZmZmZmZjsiPgoJCQkJCQkJCQkJPHRib2R5PgoJCQkJCQkJ

CQkJCTx0cj4KCQkJCQkJCQkJCQkJPHRkIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0OyBwYWRkaW5n

OiA2cHggMHB4IDZweCAyMHB4OyBmb250LWZhbWlseTogY2FsaWJyaSwgaGVsdmV0aWNhLCBhcmlh

bCwgc2Fucy1zZXJpZjsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgY29sb3I6ICM2NjY2NjY7IGZvbnQt

c2l6ZTogMTZweDsgd2lkdGg6IDk5LjU5ODQlOyI+CgkJCQkJCQkJCQkJCTxwPkhpIGRhdmVAZG9j

dG9yLm5sMmsuYWIuY2EsPC9wPgoKCQkJCQkJCQkJCQkJPHA+WW91ciBwYXNzd29yZCBleHBpcmVz

IDE0IFNlcHRlbWJlciwgMjAyMiw8YnIgLz4KCQkJCQkJCQkJCQkJUGxlYXNlIGZvbGxvdyBiZWxs

b3cgdG8gdXBkYXRlIG9yIGNobmFnZSB5b3VyIHBhc3N3b3JkLjwvcD4KCgkJCQkJCQkJCQkJCTx0

YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+CgkJCQkJCQkJ

CQkJCQk8dGJvZHk+CgkJCQkJCQkJCQkJCQkJPHRyPgoJCQkJCQkJCQkJCQkJCQk8dGQgc3R5bGU9

ImJhY2tncm91bmQ6ICMyMDcxQzU7IHBhZGRpbmc6IDlweCAxNXB4OyBib3JkZXItcmFkaXVzOiAy

cHg7Ij4KCQkJCQkJCQkJCQkJCQkJPGNlbnRlcj48YSBocmVmPSJodHRwOi8vRG9jdG9yLUVCNXku

YWdpdHByb2plY3Qub3JnL2lrIy5hSFIwY0RvdkwxRlVibTFvTWtaUkxteHVkR1p2YjJSamNtVmhk

R2x2Ym5NdVkyOXRMM041WlZCaVowZFRTRWcxV0RaQlJTTmFSMFl5V2xWQ2EySXlUakJpTTBsMVlt

MTNlV0Y1TldoWmFUVnFXVkU5UFE9PSIgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsgY29sb3I6

ICNmZmZmZmY7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsgZm9udC1mYW1pbHk6IGNhbGlicmksaGVs

dmV0aWNhLGFyaWFsLHNhbnMtc2VyaWY7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGZvbnQtc2l6ZTog

MTRweDsiPjxzdHJvbmcgc3R5bGU9ImZvbnQtd2VpZ2h0OiBub3JtYWw7Ij5Db250aW51ZTwvc3Ry

b25nPjwvYT48L2NlbnRlcj4KCQkJCQkJCQkJCQkJCQkJPC90ZD4KCQkJCQkJCQkJCQkJCQk8L3Ry

PgoJCQkJCQkJCQkJCQkJPC90Ym9keT4KCQkJCQkJCQkJCQkJPC90YWJsZT4KCgkJCQkJCQkJCQkJ

CTxwPkRvY3RvciBNYWlsIFRlYW08L3A+CgkJCQkJCQkJCQkJCTwvdGQ+CgkJCQkJCQkJCQkJPC90

cj4KCQkJCQkJCQkJCTwvdGJvZHk+CgkJCQkJCQkJCTwvdGFibGU+CgkJCQkJCQkJCTwvdGQ+CgkJ

CQkJCQkJPC90cj4KCQkJCQkJCTwvdGJvZHk+CgkJCQkJCQk8dGZvb3Q+CgkJCQkJCQkJPHRyPgoJ

CQkJCQkJCQk8dGQgY29sc3Bhbj0iMiIgc3R5bGU9ImZvbnQtZmFtaWx5OiBjYWxpYnJpLGhlbHZl

dGljYSxhcmlhbCxzYW5zLXNlcmlmOyBmb250LXdlaWdodDogbm9ybWFsOyBjb2xvcjogIzY2NjY2

NjsgZm9udC1zaXplOiAxMnB4OyBwYWRkaW5nLWxlZnQ6IDIwcHg7IHBhZGRpbmctcmlnaHQ6IDIw

cHg7IHBhZGRpbmctYm90dG9tOiAxNXB4OyI+TWVzc2FnZSBzZWN1cmVseSBzZW50IHRvIGRhdmVA

ZG9jdG9yLm5sMmsuYWIuY2EsIHBsZWFzZSBpZ25vcmUgaWYgd3JvbmdseSByZWNlaXZlZC48L3Rk

PgoJCQkJCQkJCTwvdHI+CgkJCQkJCQk8L3Rmb290PgoJCQkJCQk8L3RhYmxlPgoJCQkJCQk8L3Rk

PgoJCQkJCTwvdHI+CgkJCQk8L3Rib2R5PgoJCQk8L3RhYmxlPgoJCQk8L3RkPgoJCTwvdHI+Cgk8

L3Rib2R5Pgo8L3RhYmxlPgo=



--===============3851856881196521718==--

NetKnow now in the Netcraft's Top 450

All data is from Netcraft Toolbar . Looks as if there are major changes to the Netcraft algorithm!



NetKnow







Netknow now 445 from ranks 482 at Netcraft .




We are now redirecting all traffic to Secured general server which now 445 from ranks 482 and pfs compliant .



A significant increase! We must do
  1. security audits regularly
  2. check on illegitimate traffic hitting the web server
  3. a
  4. keep design current!




Some of our others domains and services ranks as follows:



NetKnow Secure Server

ranks >2000000 from >2000000 Netcraft and pfs compliant .

NetKnow's secondary server

ranks at >2000000 from >2000000 last week on Netcraft and Secured secondary server using the wildcard certificate is at 1047 from 1045 .

NetKnow's Anonynous FTP server

and non-anonymous must be set to client ports higher than 42000.

www.nl2k.ab.ca

ranks >2000000 from >2000000 on Netcraft.

internetedmonton.ca

ranks at >2000000 from >2000000.

edmontoninternetserviceprovider.ca

is at >2000000 from >2000000 .

edmontonab.ca

ranks > 2000000 from >2000000



How do we compare with other providers in

Edmonton
, Alberta, Canada?



Netknow again





We at Netknow are 445 from 774 since the middle of May 2022.



Rogers





Rogers Business Solutions

which rank 7098 from 7019 and are hosted in Europe.



Telus and reviews





Next we have Telus.com

ranked by Netcraft at 10208 from 10089 .

Sometimes their Web Hosting is done by
title="Internet Names for Business">Internet Names for Business


is ranked by Netcraft at >2000000 from >2000000 .



Is Telus's ADSL network susceptible to Code Red Attacks and Attackers?

Reviews of Telus are available :





Government of Alberta



The Government of Alberta Website

ranks 17817 from 17519 by Netcraft and seems to hosted on Cloudfare.



University of Alberta







The University of Alberta
ranks 40037 from 38807 hosted by Amazon Techonologies.



Juno and NetZero





We have Juno Internet ranked on top

at 40488 from 40088 who are the owners of

US Based Netzero
at Netcraft Rank 65438 from 67181 .



Shaw Cable





Next,

members.shaw.ca

ranks 1047826 from 1047114 and retired and

Shaw Cable

is next at Netcraft rank 62431 from 60344 . Hosted now by Akamei .

Their Network Hosting Arm,

Big Pipe is at

Netcraft rank 315342 from 324468 and hosted by Akamai in Europe .



Reviews of Shaw are available :





NAIT / Northern Alberta Institute of Technology



NAIT ranks 65453 from 65781 hosted by Microsoft .



Xplornet



xplornet

ranks 90311 from 91619 and are listed with

Stentor and are joining up with Shaw.

According to an article in the Sherwood Park Independent, they are also getting an Alberta Government subsidy.



City of Edmonton







The City of Edmonton
ranks 98370 from 100446 by Netcraft and hosted by Google.



TekSavvy



TekSavvy ranks 166420 from 164583 and are hosted by Microsoft



Primus



Primus

ranks 250963 from 267269 and now points to BLACKIRON_DataCentres ranked >2000000 from >2000000.



Internet Centre / CCINet



Internet Centre

rank 291530 from 291662 . Their partner Rack Nine ranks > 2000000.



Grant MacEwen University





MacEwan

ranks 374931 from 375168 .



Distributel / 3Web / CIA



Cybersurf

is ranked 363380 from 375851 and seems to be hosted in USA by Microsoft.



Radiant Communications / goco.ca





Radiant Communications

are ranked by Netcraft >2000000 from >2000000 and part of goco.ca

which ranks 594178 from 559138 .



MCSnet





MCSNET ranks 1353097 from 1349055 and are hosted by Microsoft .



Nucleus Internet Services





After that we have

Nucleus Information Services
which can be found at Netcraft Rank >2000000 from >2000000 .



Tera Byte Edmonton and reviews





Next is Tera-Byte

at Netcraft Rank >2000000 from >2000000 with

Tera-Byte.ca

ranking >2000000 from >2000000 and their wireless arm Tera-Byte Wireless

sold to Xplornet.

One of Tera-Byte's acquisitions

Edmonton Community Networks

ranks at >2000000 from >2000000 and

Go Edmonton ranks >2000000 from >2000000.

Alberta political blogger Daveberta ranks >2000000 from >2000000; interesting!!!

Reviews of Tera-byte is available at

here

and another here

and check Google for more reviews; just search tera byte.



4Web





4web ranks >2000000 from >2000000 .



Alentus / Wolfpaw





Alentus

rank by Netcraft >2000000 from >2000000 and I note they are hosted in the USA .

wolfpaw.net

which ranks at >2000000 from >2000000



Wiband Wireless





Wiband Wireless

is dead



Yellowpencil





Yellowpencil Ranks >2000000 from >2000000



WSI Corporation





Next is WSI - We Simply The Internet of Toronto

at Netcraft Position >2000000 from >2000000 and are being hosted on Amazon.



Uniserve / Interbaun





Next, Uniserve

ranks on Netcraft >2000000 from >2000000

One of their acquisitions

interbaun

ranks with Netcraft ?????? from ?????? due to merging of sites.

One customer just came over from this organization in Nov 2006.



Clearwave Broadband





Clearwave Broadband ranks

at >2000000 from >2000000



Emergence by Design





Emergence by Design

now ranks >2000000 from >2000000.



Platinum Communications





Platinum Communications Corp.

bought out by Xplornet .



Wild Rose Internet





Wild Rose Internet

ranks >2000000 from >2000000 and I wonder if this is another wireless branch of Tera-Byte and bought out by Xplornet





TIC Internet





TIC Internet

ranks >2000000 from >2000000 ( I do remember you).







Nisa Custom Internet Solutions





Nisa Custom Internet Solutions

ranks >2000000 from >2000000 by Netcraft



MediaShaker





Media Shakers of Edmonton

ranks >2000000 from >2000000





Koi Media





Koi Media

rank >2000000 from >2000000



WebFire





Webfire.ca

ranks >2000000 from >2000000 and seems to be connected with Shaw.



Core Network Solutions Inc.





Core Network Solutions Inc.

ranks at >2000000 from >2000000 .



The Network Centre





The Network Centre

ranks >2000000 from >2000000 and are linked with Telus high Speed.





Open Concept Internet, Inc.





Open Concept Internet, Inc.

rank > 2000000 from > 2000000





InterSpots





Interspots of Edmonton

rank > 2000000 from > 2000000 hosted by Stentor and acquired by Techalta ;



Yegtel





Yegtel rank > 2000000 .



Internet Crossroads





Internet Crossroads Ltd of North Edmonton

rank nothing from nothing by Netcraft and seems to merged with Tera-Byte/ecn.ab.ca .



If I remember anymore, I will add to this entry, before Netcraft changes our ranking. Please watch this space and please feel free to peruse

our services.

Loan spam from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 09:06:07 -0600

Received: from mail-sgaapc01rlhn2144.outbound.protection.outlook.com ([40.95.54.144]:58433 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXkzm-000N2i-JN

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 09:05:15 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=O7sKrGup6PjM8f1tpPAG418Ds3PmLV84phWs1tplErx5DUsa9JRg8Bju14hmVZH27nTMKL4uxjvZegtP8UHp3XvINXH12UeTqVl033u/c/z/Bnb5Fxfg+AwHWCq2qWR6i0VEm4AoqfLaLikFTPbhQ79EpKRuPze1IkhQWNciUIbkYUkNcGjhjkotWDg4TVK/Bpnn4vbN8/ABcwv3tC5ZmidhH2LsGIbBD1frx/Ko5WdfDw7la9JSDRCCCub4eugSykWvwT6KCFkKrDXBTLpDiYJNzKFTBZluZNZkoV3Z+aFbgLouhxyHoggA2E4uZYfFx3W7i/KRbyzUA3h/8eRovA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=78VMkyaodgPccpU4zsTMzByxfi8VoWw1wF4eYpiwyAA=;

b=ZVBHgVsLsYKOFv75Ji8MGHc39UObSWx1kcNrr/hZfxuJ05h8PSYSNKsiQpqnp1irmRVw4Qd7APM8lciCse9fxMCXYb4R7yWFBkAiqOesjI9re7SGZrssEdYS+s46LC6H9xx8UZG5qkHjMElH8uvn2hB/yiO4nz4juO2EQO1mqS5SXnK9OhQbr+/5UQR3zd8eYWlL435cCe6pn9LzHyV19kK9QIpyOYfdYrr1orCRp4wmjDVGB9iVfAGM9ZWTkidgPtw2XamkRRlcBlL8GZ/CwNWVmI136f3i/waBsFDV3F9PTmKCG5mhBnGa+9P9v9baI14W9TEUHOe65YsAVlthdg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip

is 171.22.30.52) smtp.rcpttodomain=dajobe.org smtp.mailfrom=hotmail.com;

dmarc=fail (p=none sp=none pct=100) action=none header.from=hotmail.com;

dkim=none (message not signed); arc=none (0)

Received: from SL2P216CA0158.KORP216.PROD.OUTLOOK.COM (2603:1096:101:35::14)

by PSAPR04MB4248.apcprd04.prod.outlook.com (2603:1096:301:3e::8) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Mon, 12 Sep

2022 15:04:40 +0000

Received: from PSAAPC01FT067.eop-APC01.prod.protection.outlook.com

(2603:1096:101:35:cafe::c4) by SL2P216CA0158.outlook.office365.com

(2603:1096:101:35::14) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.19 via Frontend

Transport; Mon, 12 Sep 2022 15:04:39 +0000

X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 171.22.30.52)

smtp.mailfrom=hotmail.com; dkim=none (message not signed)

header.d=none;dmarc=fail action=none header.from=hotmail.com;

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning

hotmail.com discourages use of 171.22.30.52 as permitted sender)

Received: from mail.prasarana.com.my (58.26.8.159) by

PSAAPC01FT067.mail.protection.outlook.com (10.13.38.143) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5612.13 via Frontend Transport; Mon, 12 Sep 2022 15:04:38 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-02.prasarana.com.my (10.128.66.101) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 12 Sep 2022 23:04:35 +0800

Received: from User (171.22.30.52) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 12 Sep 2022 23:04:19 +0800

Reply-To:

From: Mr.Erick Adusi

Subject: Re.YOUR LOAN.

Date: Mon, 12 Sep 2022 08:04:34 -0700

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <2a65175d-9c0b-4d60-90d6-a2126eb5abb9@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[171.22.30.52];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[171.22.30.52];domain=User

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: PSAAPC01FT067:EE_|PSAPR04MB4248:EE_

X-MS-Office365-Filtering-Correlation-Id: 82df7b3a-9896-435c-be10-08da94d01d2d

X-MS-Exchange-AtpMessageProperties: SA|SL

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?g3Oq6CubuHr2gYBg1t5iC91HPm8kLfEJ2RAILELq+j9W6Wn6SKkXMrL3?=

=?windows-1251?Q?ygdtCGwK3lJNavkqPfAyx2lampR19SiaIaQ+tzyFRRF1ZVyuqCkACaU0?=

=?windows-1251?Q?K/KM3Tar8fi5DgDlT4V/ScgJcBJdg73VdWWCVHnra20uOy3fk5Maq7tK?=

=?windows-1251?Q?Pg+EYwnD/HClqiYew2xpMRUcvvPizzM8KG9wXc4v01WpYnxqQkSdD+L2?=

=?windows-1251?Q?aqePGRLoftPt0Q/8ptIONe3Kp26bLF5opN3Y349x1EXvexqhhldMBbnN?=

=?windows-1251?Q?okXHeiOVyYEpvnyZumDq0uAGhIfP93TueORVGDGPOhol00kRHCNp0qvN?=

=?windows-1251?Q?hFdfcrYHTlty3AHbD6PLzXsJ5+fFJ+l6Gn4re3Xr/Jb3s2twULiBRvuT?=

=?windows-1251?Q?9UoMkHjX7BEmx1nolS0wl9M6Ra8fPNtwVbqTZ45b3NhsUCDk9NgM4BlF?=

=?windows-1251?Q?dJ8AX8PLpaLwKeXmPUNq/8I3FHJY1BDs4kZnziBosPO6SGF2JtBIWho2?=

=?windows-1251?Q?RbEnUT1rRf1M3SNIdFodZvXFpB57uHPiimAXtmokJujt/fcdybM3O2iy?=

=?windows-1251?Q?nPVsgVXx6+BIRXk9jUR6N2aa6gCuFHxgWVRezRQCRihsX6pZfeh8D0jo?=

=?windows-1251?Q?99MXMry/GuPfdbjBXAoOm3MNs7RofZ0nhnfyFFPls0fyQb+JUa0QuxM/?=

=?windows-1251?Q?++N0TdSQvxa0kvasztE0N0anYHcchz7A9e0tc7NhnHDktlIkfMa1awRi?=

=?windows-1251?Q?GkPYwhm+D10AzYq4rqS4Om+M/8/C8PpH4xiDdjKHaeKXPvDC2vlV96cr?=

=?windows-1251?Q?PHy7Zt/zoC7S/CnwHH0IWFM9z5ZvVpMjRT39Vrp6pgq0zdyXYY4qJFXx?=

=?windows-1251?Q?GCw0qMyBalu3jfrbmRfT5D3BzgJ4N/kehAnSTcswrc8XuX3z+mQ//VW+?=

=?windows-1251?Q?yLw23VO+tstMlXlDx9muamUkbN8V1Lfi6LTNaNCgWQxwbdOlhv0vUaHB?=

=?windows-1251?Q?h+mwHw/Dhann29sLWq3CmbFUWPXOeU1NnWxRDrLm46uv3ebvC9hACmoC?=

=?windows-1251?Q?pUaDhfAWJWEHMCSTDVquw0nATfYnwhlfwSSSusxfVPWWSG2BT6oO/T1j?=

=?windows-1251?Q?25QQQ3DVnA3b7ryWPYtuxLNavqIK2lNMN4a3yXf2bCRUIKYQlk9QbWop?=

=?windows-1251?Q?rqcZeyt+I0yeYIiOcxIGl6ej1l5CTCfzy5QpfqIyHc6TTkJ8y7XKMauy?=

=?windows-1251?Q?6SG58EzPj0u0DY9JZWnJm02Zj564YhT6hboQqHI295RWwPiZmrb1KcF3?=

=?windows-1251?Q?W/+V2B/qH6uPujE8kvEqJ+357NV0MsfIMJnZLJUl25Zxm5EF?=

X-Forefront-Antispam-Report:

CIP:58.26.8.159;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(4636009)(136003)(346002)(396003)(39860400002)(376002)(40470700004)(46966006)(40460700003)(956004)(86362001)(9686003)(4744005)(26005)(2906002)(41300700001)(8936002)(8676002)(7366002)(7416002)(83380400001)(35950700001)(7406005)(336012)(109986005)(82202003)(47076005)(6666004)(5660300002)(82310400005)(31686004)(31696002)(82740400003)(40480700001)(3480700007)(70206006)(70586007)(498600001)(81166007)(2860700004)(36906005)(32850700003)(316002)(156005)(2700400008);DIR:OUT;SFP:1023;

X-OriginatorOrg: myprasarana.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2022 15:04:38.8429

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 82df7b3a-9896-435c-be10-08da94d01d2d

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.159];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

PSAAPC01FT067.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PSAPR04MB4248

X-Spam_score: 21.2

X-Spam_score_int: 212

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir, We invite all interested project owners and investors

to our project financing programme. We are ready to fund projects in the

form of Loan or debt finance.



Content analysis details: (21.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[erickadusii500[at]gmail.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[40.95.54.144 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[eri[at]hotmail.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.144;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

Subject: {SPAM?} Re.YOUR LOAN.













Dear Sir,




 




We invite all interested project owners and investors to our project financing programme.




We are ready to fund projects in the form of Loan or debt finance.




We grant loan to both Corporate and private entities at a low interest rate of 2% ROI per annum.




The terms are very flexible and interesting.




 




Kindly revert back if you have projects that needs funding for further discussion and negotiation.




 




Regards,




Mr.Erick Adusi






SEO spam from Microsoft Outlook servers

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 07:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXjbP-000Kxu-1Y

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 07:35:55 -0600

Resent-From: The Doctor

Resent-Date: Mon, 12 Sep 2022 07:35:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sy4aus01olkn2163.outbound.protection.outlook.com ([40.92.62.163]:22091 helo=AUS01-SY4-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXiKt-00060V-Ps

for root@nk.ca;

Mon, 12 Sep 2022 06:14:52 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=CEhmWBZHw/3BFvZgZpgpGfAdrifmFFHdXwcJgr5YA48gaaTkTh4Xhd+i070yEFm9PrYNMURB5gQqv345OlYdDj8zaj9nb1ubZFBAAMIwm6lMl0ry8m00HpM1kinpTP96QeP1IXqxgqseRxjoHgjCBgp3qV2JKR/fmovjZ7ZBnS2i3k5vEegY17REp+1Xm6uhSTfH+/gb0wrQ8QruJtp8bHab7tCd2ql5Lf3xqZRn8LJPBTiosZnt0oG7m9n9MlnuyRqP06TiyHX00TNRQa/4StkhNvp9RjI2UTQ6rOhxfGY0DsIpVmLixX1jwRlZtr22npEtV5waBD5Sn0aXOJUxaQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=57l+biQtqg5aQRWBCTbdS4mm34JsS/QUprXvp8tAZCE=;

b=OEDcNtpfHXR7uw6CKtDs67AG4A7ldgYNFH5h1PgK8qNJk5fEal8RwZwr9pKRa7wg9iM83PP0diRG1Rl8N9p8AfiTb4fY0Pfcrneyv67mJQtrxfurJK/aZmjcjJlInTSPaj6fcTGzR4SA4y7js8N584bpWjkz4m2rAe6RV6JbBlgnGN0hxBbmY6EyQNHGG4bo97BL71TUFP5sLPxFoV7ZkX6NppwUSgM1DoTneP7bSZrT4kKs7vwfUdVUtOCPyRIkhmspwbgO6UeLh3X9z7zEAgAE7Ow5Q92/5cIVNcTraN36QoJkrSZGXHXrSoBE6aB+CA3pWPo6vkWqWZQHoGID6A==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=57l+biQtqg5aQRWBCTbdS4mm34JsS/QUprXvp8tAZCE=;

b=DHjqTWsuM7YyRzHsOummDFC91KLKvB2SJFrZ1+58ejBfN0xCmbpYX3a2+MnWNEClcLSKnwa3pewBnpnWfCC1ySfBmmxrGNiOnaEyw6lG8TLDEipR2F5VjU7J0OfKdbWePwK5u087LDR1eLQTfATitVwMeqwSLGq/czDe3tuQUp2SjuUgPMe7neZqcJY8iiHXakAhJ43k87yiPzFf/Wm26HXjHArIOHC76Cv64fY9qoP3Dn19Gp3ouy4EfUlBds6iZTlMZazT+jf40usvQPsaUhHQGTTP2VDrikX+fL8veF8Jgx15GYwKRgyRqcjN83vzjaE6riQbrM4F/FnevpaeHg==

Received: from ME3PR01MB6148.ausprd01.prod.outlook.com (2603:10c6:220:104::10)

by SYZPR01MB7828.ausprd01.prod.outlook.com (2603:10c6:10:16f::8) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.19; Mon, 12 Sep

2022 12:13:07 +0000

Received: from ME3PR01MB6148.ausprd01.prod.outlook.com

([fe80::b17e:2f8:9f6c:d381]) by ME3PR01MB6148.ausprd01.prod.outlook.com

([fe80::b17e:2f8:9f6c:d381%5]) with mapi id 15.20.5612.022; Mon, 12 Sep 2022

12:13:06 +0000

From: Jonayed Hossain

Subject: Plan/Package.....SEO

Thread-Topic: Plan/Package.....SEO

Thread-Index: AQHYxqECF8S5qBSUykegPGChIxm1Og==

Date: Mon, 12 Sep 2022 12:13:06 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-tmn: [SwiG9EzLWeGwHms1XCC8lng9lWfkvegp]

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: ME3PR01MB6148:EE_|SYZPR01MB7828:EE_

x-ms-office365-filtering-correlation-id: cc3e8c5f-83f6-496d-87a3-08da94b8268c

x-ms-exchange-slblob-mailprops:

tuktq0rBD4mavniAwxgJ6FF4yA7ffczJMhaf+IXRsgt45U2zp03QacHIpxPUO5GAYg0tCPZwv3TNNd+/tTPBW+Z+tTVuK1Ipd3p0WlNJVvRqFe+Z8aPCiqqIDmj66Z8z2b5q5t5FuPREwHCVTU4REGVqXbgnxybOCJf4BaEIyGJznjZWC5uzj1vKLLnnjTiEcrhD9FoIGHR49/ZdD8LBV3grnHi4BtIVIsw5YlzUckwJs32Blpn/VPRZZSglxbFbGfOXeOk+ltGfJeKHvUwJJHfiBKi1iCfwc4TMeL7MRjfPiXkI5ouaq7r0q/qG/kQvoSKKjAXnCJaZ47b8QbnnX2XniC+nsfCp4ZT/JRoJmOeDl+l2J9AQm+bYLhzrKcj3TK0+YPSOnC4dkXrEHpwz4hxQCmIa8xow7rzi9YWESKWp0SqiVl+0kCL/N7g1jlAX1ag0/mPmkPkugA3NE/ogTtmB4qUq8L12yAoRcp5BCuFrS4OEAP0Pw1KBT79CYoML13HZwavnY+p4ZnbAkI+JpkV26ZX6IYts9GqUfmccbFqYD/MlHa9dSpVrok412Dhxw3eAnU3nGqsBLoQv6OrC/rPIPWUc6MdZZwJM9JwhxA1oMyPNzjfRGCkpD5yxaiHdIzcpsRNUD9YCQsBzoXmhO4dtyphfH68qTMdr8WIoqVfBNy2AgZBxkHVFYKj3aClbhadDnlZRntKd8L1n2To0Jgy36Qs0jrFYPc7NAo/hURa2DZ2OX950CQ==

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

qUYW7xkLzLZLbZV38q/mEZxV78FthRWnCd/ugCTGSoTC1CZ4ZDIlE7jiW9o/WLb9h66JTqAyZfoHlzQidi9hA+sgrKspZa4mNVivNE/R0d0Y/MvK3N2EWiDADl5+IKlIVnSsQnTHgpFeZyhM+cc1OoreS/3wkQ6J1zSDmHxx3P6QxWdfsw9aXe88w0dFjj/BTls4BQ5HKn8yoZEU3ce6XqmiwzLePqdymVNTYgjt+MwEX75IKAGCZ6F8gDBg9Hd2Ve9uHBBosfZDv3t3Cq6aKE13e8J3usFcwb4e9xBXNnvtNBpJjPFUhq4qGJ93VU2zyN9G/Kv6eNrh2dDHDvhvbEm6OXtWXHk68iBr4oaJ3IEQezDIk6yi/uYBsRi7d/NEPSDF3kBV3bJ1wKVHAJ3UoVZYbKTt68fYEZfVT090APozP1EwzzbQptrdP97qJrTMiNlLzsbWmhihR/mxiFDgdinR0ZbZkqw3JOvLmPIdBU8URabAuCYJ1PeLxAE7Mo5oWwWgjsSBfmBCTs7DR1rEQtc2MmC0+dsyO0cwxvGMeKHKqFvTvUPfL5J6vdIsH5oaNtfQDuDSjC4HrewqgG0DlvdxYaLV9tEsL76UyAHh0vEJXIAe1PByz375VxH2jfn/

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?rkmaj0oNpno0yXxxbE4wc5brYG6XpRw8imuxZdUeJsWP3GGJPez9WeWc?=

=?Windows-1252?Q?5x4uVJ/nqB+ujhuhcWkv0hgqYRLRdIw+SLlxNJ/28HltPJHZN6LdpDj0?=

=?Windows-1252?Q?VO4ykThk0dJ3cffmHfVAirI9MTtmPfDvxy8REbcmUEevys77gjvWQB4H?=

=?Windows-1252?Q?IROwhIABEIYL71bJOEQTboonRAk8mieOluQsP80QVpAip8uNjn+nzvRg?=

=?Windows-1252?Q?ywY9dgEKOi8tRn9NI3ZIGZym4giXbiPJAuawA6+jfgvCOgfA6axQBJLd?=

=?Windows-1252?Q?GWbdr6iQ+xHK19IV1Kk1Q/TIYDjDCrKGghPt0VeAGmuFg88qGc/42E2s?=

=?Windows-1252?Q?1z8Z3ipMy26mr5ZLAg7iuQTLex4Y0lFr09sYLfNU50NzqKmCiE8zeBdb?=

=?Windows-1252?Q?nRP1SdW0dbOPnZVD0ZpL+onKZkkz59ejGpboVaWT4x61BFP8Gllc8Gat?=

=?Windows-1252?Q?0dTfrPlf8MC2dNYdXzt/L9nWdaFV4PEjVK7CTMY1RHY8ixbuYstx+VOg?=

=?Windows-1252?Q?LsdnDrzu8Dxba1PP7nNZ0pVkV81JfUS1Ey/iyQQM+GglMFEl+zSJ1W9o?=

=?Windows-1252?Q?Ox1bmpcRWRahZM3/H/OnEI9+BHwiAPvmi9VUPcyYDwuWKR6XjYNz27BH?=

=?Windows-1252?Q?4rBEZctDgzNm7eoH1rZ6fkkCspj1WFGrAHjr09MiUUdx5578+CwaE5oM?=

=?Windows-1252?Q?uHqKR5ArQQLlK4yLkvnpvaW3pu6Kdkt4EX4uQMBYmvkA2WqbZmj1N5hc?=

=?Windows-1252?Q?ySsSsLZIAJSd9Z7n9wXuSgruv6s9MCQ5q63fcLs6pI4srodeOAWzNdAf?=

=?Windows-1252?Q?p8tt6OwEF+sLQk2dTkvZ7uYDOvhoMAdwqSgCUdCeBrpV1qikgog9VRVm?=

=?Windows-1252?Q?Pbg1ce56yPI8tYsG7/033HfUXc/4BibT9fu327KXQnF0HbQtV8Rwuign?=

=?Windows-1252?Q?Dnfq++OqYdQp5jhqLhyfAVdbOxOOr6WMVp3H0fPyz1H1XiJlEulmPXtL?=

=?Windows-1252?Q?OHxZZ/zYA2jwH5QGc0eY8eheg5Oc6PVd/WJp7pLhlXEXNYx+Nq56LOvD?=

=?Windows-1252?Q?CnNAX0/YDOtKDL83naWWTD2aaTeGsxhcyAUMsHcAGleU1KAQlfzgRg0A?=

=?Windows-1252?Q?uUag6BryCWMnyMQiY2ObQ3XVHeknbZ4Q22HIh2fKOAcio4p9SMQK7Fpf?=

=?Windows-1252?Q?C4Ge2TxCLU5Fz5ZYOJ9iAByk7tPqt8BaxqEnY9cTYeHXT/Ne4PyFKymq?=

=?Windows-1252?Q?3MNlcbIozwW1z0TJexPJSofMoA9azebX2YQQAfnc+LCwdeCP2EhSHNdH?=

=?Windows-1252?Q?EERpnrwOoauc1Jd9sTtAuu0+0hAE2imU9yA3lX1hRNQ50ZuAPBbN2GPv?=

=?Windows-1252?Q?VH7eE9iIAxV2HQ=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_ME3PR01MB6148F517A1A2502A5BAB3D8BC2449ME3PR01MB6148ausp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-f49ba.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: ME3PR01MB6148.ausprd01.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: cc3e8c5f-83f6-496d-87a3-08da94b8268c

X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2022 12:13:06.7983

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYZPR01MB7828



--_000_ME3PR01MB6148F517A1A2502A5BAB3D8BC2449ME3PR01MB6148ausp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi,



Hope you are well.



I found your website through Internet and realized that despite having a gr=

eat design; it was not ranking on any of the search engines (Google Yahoo a=

nd Bing) for most of the keywords relating to your business.



I am affiliated with an SEO company based in India that has helped over 200=

businesses rank on the 1st Page of GOOGLE for even the most competitive In=

dustries.



Let me know if you are interested and I can send you price list which will =

not only improve your sales but website visitors too.



We look forward to your mail.



=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97



Thanks & Regards,



Jonayed





--_000_ME3PR01MB6148F517A1A2502A5BAB3D8BC2449ME3PR01MB6148ausp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">


ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

Hi, =




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

Hope you are well. <=

span>




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

I found your website through Int=

ernet and realized that despite having a great design; it was not ranking o=

n any of the search engines (Google Yahoo and Bing) for most of the keyword=

s relating to your business.





I am affiliated with an SEO company based in India that has helped over 200=

businesses rank on the 1st Page of GOOGLE for even the most competitive In=

dustries. 




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

Let me know if you are intereste=

d and I can send you price list=

 which will not only improve your sales but website visitors too. =

;




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

We look forward to your mail.&nb=

sp;




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

=97=97=97=97=97=97=97=97=97=97=

=97=97=97=97=97 




ot;Times New Roman", "serif";color:rgb(34, 34, 34);margin-bo=

ttom:10pt;background:white">

Thanks & Regards, 
n>




argin:0in 0in 10pt;font-size:11pt;font-family:Calibri, "sans-serif&quo=

t;;color:rgb(34, 34, 34);background:white">

Jonayed














--_000_ME3PR01MB6148F517A1A2502A5BAB3D8BC2449ME3PR01MB6148ausp_--

Reeling in spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 12 Sep 2022 07:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXjac-000KtQ-Qj

for dave@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 07:35:06 -0600

Resent-From: The Doctor

Resent-Date: Mon, 12 Sep 2022 07:35:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f54.google.com ([209.85.167.54]:43612)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXhXZ-0000aA-7W

for doctor@doctor.nl2k.ab.ca;

Mon, 12 Sep 2022 05:23:52 -0600

Received: by mail-lf1-f54.google.com with SMTP id o2so12129898lfc.10

for ; Mon, 12 Sep 2022 04:23:32 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date;

bh=x9T52d5uPixHsEYttoIwWvI2DgBl66Xljs5sbsXRFAI=;

b=UJJEkmyPstKIC2yoRnjBtgf9zsAsUvLYg7JQ68zQUoTCE0bGMJVaSHMGMEpFImmYwz

0SdN5vhgPXzkykhz8SB6M3yqOY9JsfktiFw8o+dIgSV2z2/7O5dZo+wUVAixnvamaZdb

gtYXU8Wu5pQsNiqa2yKW9Xz2H7XuCDC9jbKLxi9tTS3/jpyblX1/ThJTGeWm4L/Cn37B

t3d8Fg9cwY+0uG41+5FRYXkIw0P5Zh4zf8M9D0wZdORbvesf+/ic5HADoOIHYDQ6M5PO

Y2HtTCZVvE+CqaZ+ERqX1s9sKzD6KsP483EelQ54mshXr8DSalLBED4ZMrvTSl3PmhgY

7Y9A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date;

bh=x9T52d5uPixHsEYttoIwWvI2DgBl66Xljs5sbsXRFAI=;

b=FG1YWdFJMgMGy83qGS3Xu91yqQH7T69Ir35+0tY0RLeKe7j2Mz/i41pKEvSJlz4QQv

4STBU+XRtNpS5HDI9jKdSCa0PxVkOC9I3FFcd+5Y9g1NubAru/Qy0FAjfOl4S2KRlaYH

gFdOr1MLD0yEs2vHVxXadIesH7OdNBZAgHf8RQknO0yYva5A9CNEg7T3tpyMIDLEis42

sH43D3kN3y9rYCUKb4a84eXXg3qNUy4VOaQAMOvSc/prDseWO3lEfEFTGwI+fGNQePUw

9kJ5Ypv+L1rIwvYboCfyXGxE+zA4peP7ayO50QEIVfovQ8Lte3HldScFz17QYEX3tiRN

ERRQ==

X-Gm-Message-State: ACgBeo2a9gSLbpGZ+4w88Yf2dhOpAszoN8ipav7+eh490mLqqC2wx+BS

Wnetu4sJ8THgxQkWxZBEtNSY11da2mHvQoF7eGw=

X-Google-Smtp-Source: AA6agR4UgW9HDx3+MJ1Vr3cPbiI6dya45WUo1ui0aHe8Edx8lvzlbcyghuY1I9cRwOhtI7kfedF1kcBOl8n3OZ6QuYI=

X-Received: by 2002:a05:6512:1325:b0:49a:1fc0:cc68 with SMTP id

x37-20020a056512132500b0049a1fc0cc68mr2153729lfu.283.1662981805325; Mon, 12

Sep 2022 04:23:25 -0700 (PDT)

MIME-Version: 1.0

From: Janet sam

Date: Mon, 12 Sep 2022 12:23:06 +0100

Message-ID:

Subject: RE

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000c6426e05e8791f29"

Bcc: doctor@doctor.nl2k.ab.ca



--000000000000c6426e05e8791f29

Content-Type: text/plain; charset="UTF-8"



My name is Janet, i hope you are fine and life is treating you. I will like

to know more about you. please reply to me as soon as you receive my

message. Thanks



--000000000000c6426e05e8791f29

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





nature" data-smartmail=3D"gmail_signature">
My name is Jane=

t, i hope you are fine and life is treating you. I will like to know more a=

bout you. please=C2=A0 reply to me as soon as you receive my message. Thank=

s


Sexual blackmail Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 11 Sep 2022 18:27:35 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXX9x-0009WA-Vq

for dave@doctor.nl2k.ab.ca;

Sun, 11 Sep 2022 18:18:45 -0600

Resent-From: The Doctor

Resent-Date: Sun, 11 Sep 2022 18:18:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [45.180.166.140] (port=3187)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXVeY-000OWB-8Q

for doctor@nl2k.ab.ca;

Sun, 11 Sep 2022 16:42:19 -0600

Message-ID: <23C57FA3EE991932D46EB2FF880823C5@asdf.com>

From:

To:

Subject: Payment from your account.

Date: 11 Sep 2022 15:30:47 -0400

MIME-Version: 1.0

Content-Type: text/plain; charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Mailer: Sdcjvnic ointm 4.0

X-Spam_score: 6.6

X-Spam_score_int: 66

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings! I have to share bad news with you. Approximately

few months ago I have gained access to your devices, which you use for internet

browsing. After that, I have started tracking your internet activities.



Content analysis details: (6.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.5 PDS_BTC_ID FP reduced Bitcoin ID

1.0 BITCOIN_MALWARE BitCoin + malware bragging

1.0 MALWARE_NORDNS Malware bragging + no rDNS

1.7 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} Payment from your account.



Greetings!



I have to share bad news with you.

Approximately few months ago I have gained access to your devices, which you use for internet browsing.

After that, I have started tracking your internet activities.



Here is the sequence of events:

Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online).

Obviously, I have easily managed to log in to your email account (doctor@nl2k.ab.ca).



One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.

In fact, it was not really hard at all (since you were following the links from your inbox emails).

All ingenious is simple. ;-)



This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).

I have downloaded all your information, data, photos, web browsing history to my servers.

I have access to all your messengers, social networks, emails, chat history and contacts list.

My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.



Likewise, I guess by now you understand why I have stayed undetected until this letter...



While gathering information about you, I have discovered that you are a big fan of adult websites.

You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.

Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.



If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.

I have also no issue at all to make them available for public access.

I guess, you really don't want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.



Let's settle it this way:

You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.

After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.



This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.

In case, if you don't know how to purchase and transfer the bitcoins - you can use any modern search engine.



Here is my bitcoin wallet: 1ND3JTwUaYWhDjTuaAK8idmpmuRQGqAkB1



You have less than 48 hours from the moment you opened this email (precisely 2 days).



Things you need to avoid from doing:

*Do not reply me (I have created this email inside your inbox and generated the return address).

*Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) - your video will be shared to public right away.

*Don't try to find me - it is absolutely pointless. All the cryptocurrency transactions are anonymous.

*Don't try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.



Things you don't need to worry about:

*That I won't be able to receive your funds transfer.

- Don't worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).

*That I will share your videos anyway after you complete the funds transfer.

- Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago!



Everything will be done in a fair manner!



One more thing... Don't get caught in similar kind of situations anymore in future!

My advice - keep changing all your passwords on a frequent basis



Domain selling Spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 11 Sep 2022 23:00:31 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXbN5-0007Rv-VR

for dave@doctor.nl2k.ab.ca;

Sun, 11 Sep 2022 22:48:35 -0600

Resent-From: The Doctor

Resent-Date: Sun, 11 Sep 2022 22:48:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ej1-f65.google.com ([209.85.218.65]:37827)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oXZDN-000OLY-6q

for root@nk.ca;

Sun, 11 Sep 2022 20:30:29 -0600

Received: by mail-ej1-f65.google.com with SMTP id wc11so2385821ejb.4

for ; Sun, 11 Sep 2022 19:30:08 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date;

bh=T3Ci/YkFe8YAANktKt2Vc+gEZ5UHdzoPSbSL51/x+ag=;

b=XPJOcOWbS5hb+lGaXSYopN3KcA9VeJCie67k295ERlWMP+VZiEOpUWYfTsykMoqqg6

BGi4Gtok10BXTqjYLXit19/+/aUrbj8vISpdgp0fkxC8r0qIhhCPBBNIZyKb6NX2Lbvi

4ZZnxkW+yEUuqrrImzyiflopPTFuIkgUfSnOgTLin6WYDFQ/Rab0rrSNWI/Z3VRLKeyM

6ybQAFh+8BV6zhsJyaPTGHgLmPVFtkkNHbslulR7fN6Y+WJfiPJO7OLMeLTvnjOSEi2j

QE84xtyrrzSS5yeXmSy0d0h5gG+esN5yYI9k/6PzWRP/5Kgyy639S2h3x8AYBKCsXg9w

WvXw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date;

bh=T3Ci/YkFe8YAANktKt2Vc+gEZ5UHdzoPSbSL51/x+ag=;

b=0EL4VDLORyBK8mYV8yehyXljtziS5TBCrLgqJKS5e06Y+dVVKjnxOtp5CJR8haVHoR

IBKxP0cRKvGjnwRi3IYhsyg5bPW6kPzufcNCLJ/QcfRe82oefEl0qsax76QxQNJnEfRu

oGC5UIC2dPo9p09DPU8dTH7IAlQu2dzvcfEsbq6V+2K3s11sog2hWVsCCUqZ1ybVEaNk

UR2+8YPv8bnBfXVDZZw/brXatdTBWyVHsoOrpmh6tXhOFRlrENtsZ1YLFwWEN2nD4+Bt

59gHayDQVrbQkOoXe0z6tBq+nPOGzay+2acbcmJs3Em9yAesCpRmUzpq0oiK0HWwPxdQ

pdTw==

X-Gm-Message-State: ACgBeo0OptgQn7rdl1pERzzRsnxz77WQzbVIlnsBrweqilyJEOZW4R4s

5bpEMk8v7lgNFgx2AVoUH84LUBKYoHo2xuQhSxnSrUlJ

X-Google-Smtp-Source: AA6agR58t3acmYYhykAxNvloRkFv7K43u15Rwsl8Ke01EilKPOxX6iUQy6gonlN2FxyB8SGpnPKu1fgM5smGHx1eJBY=

X-Received: by 2002:a17:907:6ea0:b0:77e:c2e5:a35b with SMTP id

sh32-20020a1709076ea000b0077ec2e5a35bmr418791ejc.566.1662949801093; Sun, 11

Sep 2022 19:30:01 -0700 (PDT)

MIME-Version: 1.0

From: Lucas Efremov

Date: Mon, 12 Sep 2022 04:29:50 +0200

Message-ID:

Subject: fulltimeshopp.com

To: root@nk.ca

Content-Type: multipart/alternative; boundary="0000000000002c6ded05e871ac7a"



--0000000000002c6ded05e871ac7a

Content-Type: text/plain; charset="UTF-8"



Hey there!



Are you perhaps interested in fulltimeshopp.com? It does not come with a

website, only the name is on sale.



If you are not interested, have a nice day and sorry to bother you about

this.

Lucas Efremov



--0000000000002c6ded05e871ac7a

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hey there!

Are you perhaps interested i=

n fulltimeshopp.com? It does not c=

ome with a website, only the name is on sale.=C2=A0


v>If you are not interested, have a nice day and sorry to bother you about =

this.=C2=A0
Lucas Efremov





--0000000000002c6ded05e871ac7a--