Costco Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 22 Feb 2024 11:20:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rdDev-000000004Zi-48hz
for dave@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 11:19:01 -0700
Resent-From: The Doctor
Resent-Date: Thu, 22 Feb 2024 11:19:01 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ct2zaf01on2133.outbound.protection.outlook.com ([40.107.19.133]:5473 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rdAon-000000006hY-0TJd
for doctor@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 08:17:06 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=A28I31j2VFUGaWvSwZZzINML2OueB2aIhlUXm8jrjcqYzskKIaBPm08aZP0ijIA/nckMFUkQIsRuiZVNbWgKNP6aHug96/5rvVlC6/tydvPLE41ohbZN5cC3S7L75FGFhO9dhY223LVynYeJG99Mrye1tm3d9Oyirb+QCdqboG3IefF4ezrqn9AwYcHQeskhKqeLTrkh40csACbwWucqg4KSVu4wHMtTqMM8+3woB/dUYCTVuM05hmUB+xDIiBRsmmAJtWf52evad2/NrzRjf65nMZnAiF0w2WMJTPDqrt9ok1BKN8QsG11m7blxLzEjM62o0V6V6v47N7/aIObOLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=f8G8GIBZiSdoiB2Qm1zWL7DGx1IWKNYUR8rbWVtwCDI=;
b=gJ3U2M4PXM/ba6aKqOrTVPxYtVXVuHzBwtqjxXGhi5Un64YDP+NYSRfvi4SJ6pU8hk/4MVmmzIpr4YqDXJdsdG9nS/vEZfpoHV6Lvcn6eS6LW6+ZOz+CJ40vuDdBBXlPclmZVIbyzF0v5HLfiA0KrsZxz8ApxaRO0m3n2KB2Rx6iCJ4TY5C3WuVlssFY7oPZKw7pg0QdvyOVFBdsbSapFt9Zagda4HCDDZGOuzYAecEa2PeqDc5wiYKsFOBoDQ0FrheSmsdgLeDU/7Fuz65GKXDJM22C4JYfLR8ltRvYUhK06qtnzZJFakQnpTxn9FuGM6K0g/u3O1K0inorljS4Ug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=maynaroaas.onmicrosoft.com; dmarc=pass action=none
header.from=maynaroaas.onmicrosoft.com; dkim=pass
header.d=maynaroaas.onmicrosoft.com; arc=none
Received: from JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) by
CP7P275MB2390.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:52::10) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7316.24; Thu, 22 Feb 2024 15:14:55 +0000
Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:67::10) by
JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7316.22; Thu, 22 Feb 2024 15:12:39 +0000
Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
([fe80::448e:98a6:1c99:83a0]) by JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
([fe80::448e:98a6:1c99:83a0%7]) with mapi id 15.20.7316.023; Thu, 22 Feb 2024
15:12:39 +0000
From: Curran Juarez
To: lonley
Subject: Win Big: Complete Our Survey, CIaim Your P.rize
Thread-Topic: Win Big: Complete Our Survey, CIaim Your P.rize
Thread-Index: AQHaZaFR8ga7Ncow5kyWdNJHg6zoGw==
Date: Thu, 22 Feb 2024 15:12:38 +0000
Message-ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Maynaroaas.onmicrosoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic:
JN3P275MB2685:EE_|JN1P275MB2449:EE_|CP7P275MB2390:EE_
x-ms-office365-filtering-correlation-id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563
x-ld-processed: b78d2084-30db-44b7-aac0-828f2660b139,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
5wz10Iz/mqIQ9QHPmfOGGJuKIMKQLQ5kfW705IsDLsupSFpIFdwFToujhlm5MJSstHmqxnsfLThn6ciQdhBvCzCanCnkVeHs5Foxn5BCajvH8xdgcxRc1VKWf+isARUSQRt1z4XfokyYI6mYBPz6/bqywtqYxBeffjrD2fV5KKsnTaDjI74KYL/rnhCtMd5tZB81z1Fa8qRIHb7v4oS7nSs2JxSr6NK8gG863npoaArc8IquLdXucJlExXulgHPilhf1uiAGjd26xcu8PFRFwgscke/rIPHBNT0+JgqZp8+G9NNwe0CvyvnoLYocAoMJWba63u1Mc7Xo1MYihiwNgA==
x-forefront-antispam-report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
=?iso-8859-1?Q?/FkMH90SU5dDSvDfoqf6G5XyLA9yMRgk4CAfGHbwvuA2K2fnXK4bbvOr/N?=
=?iso-8859-1?Q?yWWRyKdd0dzHcoAXPjw9fgdZw/EKi97lsrCkLewBor9CARHN6i+uXOT4Lp?=
=?iso-8859-1?Q?HdDhkxCcMNZEPXIvAoi7yawAWyFc1FUL6iA74bP4Ueo0QO0DzVEqLoGUXY?=
=?iso-8859-1?Q?heI+GQTyUq38fEuYdkk001lCMRS4qWuIo8hI+JECgWK2NtNr8xBSLO43TN?=
=?iso-8859-1?Q?GnYAnQYA67jZvL6LeKL9KlTBFlO3olLC5mfZQ6nF6jQLirbF51f05TqClA?=
=?iso-8859-1?Q?cKHC60ESIlAcyXdwAkLkAvqelpG7XJoE0g61dOPfici6EoJ1VDPFPr9obB?=
=?iso-8859-1?Q?JCGfccteqvO0JSHw52Zx7XdJTiSsT9/3Wfuz3L7wePXRn7ls99mU1nt4f9?=
=?iso-8859-1?Q?mw9dXf31cqVLbTxpYUaKpN95JL2L00eW+URRmbewzoJJFQn4pDM23wbs6K?=
=?iso-8859-1?Q?NJhdzqoZwuquVk6Ft/REN0P9Mb54/y3ekOeo0yjLe/gu4/8ny5nmjeSCcW?=
=?iso-8859-1?Q?Jmr72MITNHh20aGFIoS6Iv0aRFXew04L4U6A8iDWOzDBEhEltGT2Qnv72F?=
=?iso-8859-1?Q?KXL0QwDjaRqI2kBPxefXWNvYfrTkpmdUQqQPCyHwCAgOT3nsyms4bRmQCN?=
=?iso-8859-1?Q?zp01YsR6md5LVG5NqILqGi65vVM0HdS/m+VQRbrhZy0pUPtc33eMEFF9jB?=
=?iso-8859-1?Q?bRTmqlo+NRlabenMvTgT6MiKtqkVR4jk2ysam2n+LrH9Ib0dXko5hHd9+i?=
=?iso-8859-1?Q?yAqA8saLMvTjh1BaZJ08e0D0Eam5C2Tw4cwDnvHbZLX20vFQLKJCPfPG3F?=
=?iso-8859-1?Q?eL7d4AsV2zBMtu0VtmSOf5objuSfscRFlf8Ny6bIXEjXZ9KpCeYE/RtTIQ?=
=?iso-8859-1?Q?NGoUxvK+LmJPFPwi6luVS0Z0/30XiDi1MGhDhbqWbP9QDk2UfWER3zDu9m?=
=?iso-8859-1?Q?tBHtPID6OZNaE47nzVUl6Qg9cpwa0RsU5GIDGH4Dbw4vQczyBO4n/G5kMA?=
=?iso-8859-1?Q?evosYqqT7LY7LM6pzYLdhPRHZMQEQB4OlkM1VXstEFxd+vLNdapjTOQm9E?=
=?iso-8859-1?Q?Ae1Yz8mUgxAQtBZ1ZGPARK3LNSAQUyvVB6BJuQg6hVM+VLw8myptmfvF76?=
=?iso-8859-1?Q?W5/OD+Db8Y0YXapB+Imjraqx47wsFkIYANktFeBbvPWz1y+l4kN1nUCIAz?=
=?iso-8859-1?Q?+1qbKzywxorGMQYuILKuJDwllPshhkzl7EGXdW5IuGiQq/HUn+ORALyXag?=
=?iso-8859-1?Q?s/jY4RBXIW0aKp6UDwV41utA6uUV79AZ8GKB2juXukMttkzR6YM3w80a1H?=
=?iso-8859-1?Q?pdBSdA1JATIkgYk7NQeIjh78GeykoIHJ9HeFYLhyr/55Mlw/OjNgrYt4Hi?=
=?iso-8859-1?Q?zwTO0vvjSNOZ1HrwScle+VyGUWKfzXk556MFp1xBeAjocw/nthmZhspeGN?=
=?iso-8859-1?Q?qLk4RdbSOHUs4LB57UIIdP7R+kJwk84IjTNEFZSLEtGvGxjNg2Xe6gKAM4?=
=?iso-8859-1?Q?WVtaVC/6f21mfi/CSWWRzLBQBaDb5/Th8VbqZC7vWdwyvF61Vuo5lKRUXt?=
=?iso-8859-1?Q?pj02C2hXBdIp4LIzZWQ6NSSlt7a+wcHxW+VadipKmgBxqs+k/CYU/201vz?=
=?iso-8859-1?Q?tptHNqFtBkqPhuUrD0MgM2TSfQ3oooOItidbRuPCZ6ghGOB6yeDZfTV2NY?=
=?iso-8859-1?Q?MlSCDAy8xGkxsDqC/cU=3D?=
Content-Type: multipart/alternative;
boundary="_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_"
MIME-Version: 1.0
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: Maynaroaas.onmicrosoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2024 15:12:38.9630
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b78d2084-30db-44b7-aac0-828f2660b139
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: c8fKJpltarWutvbFPZXISWIhAr7caVyXOq6RHr/45lMybZNckSNv8BeBI3JVOJVF6ipNd6XDhyf+apaojLtS5z088WaADflcq7q0nXtpVfcgOz8GwW58cLiI1IRtYzQ+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CP7P275MB2390
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: [https://reyna.blob.core.windows.net/reyna/1.png]
[https://reyna.blob.core.windows.net/reyna/2.png]
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: reyna.blob.core.windows.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.19.133 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.19.133 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[curranjuarez(at)maynaroaas.onmicrosoft.com]
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Win Big: Complete Our Survey, CIaim Your P.rize
X-Antivirus: AVG (VPS 240222-6, 2/22/2024), Inbound message
X-Antivirus-Status: Clean
--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
[https://reyna.blob.core.windows.net/reyna/1.png]
[https://reyna.blob.core.windows.net/reyna/2.png]
--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helve=
tica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
/urlz.fr/pE3z" id=3D"OWA207b1743-d842-9606-6bf4-92435c3c605c" class=3D"OWAA=
utoLink">
yna.blob.core.windows.net/reyna/1.png">
f">
ce, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">=
458" class=3D"OWAAutoLink">
src=3D"https://reyna.blob.core.windows.net/reyna/2.png">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 22 Feb 2024 11:20:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rdDev-000000004Zi-48hz
for dave@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 11:19:01 -0700
Resent-From: The Doctor
Resent-Date: Thu, 22 Feb 2024 11:19:01 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ct2zaf01on2133.outbound.protection.outlook.com ([40.107.19.133]:5473 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rdAon-000000006hY-0TJd
for doctor@doctor.nl2k.ab.ca;
Thu, 22 Feb 2024 08:17:06 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=A28I31j2VFUGaWvSwZZzINML2OueB2aIhlUXm8jrjcqYzskKIaBPm08aZP0ijIA/nckMFUkQIsRuiZVNbWgKNP6aHug96/5rvVlC6/tydvPLE41ohbZN5cC3S7L75FGFhO9dhY223LVynYeJG99Mrye1tm3d9Oyirb+QCdqboG3IefF4ezrqn9AwYcHQeskhKqeLTrkh40csACbwWucqg4KSVu4wHMtTqMM8+3woB/dUYCTVuM05hmUB+xDIiBRsmmAJtWf52evad2/NrzRjf65nMZnAiF0w2WMJTPDqrt9ok1BKN8QsG11m7blxLzEjM62o0V6V6v47N7/aIObOLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=f8G8GIBZiSdoiB2Qm1zWL7DGx1IWKNYUR8rbWVtwCDI=;
b=gJ3U2M4PXM/ba6aKqOrTVPxYtVXVuHzBwtqjxXGhi5Un64YDP+NYSRfvi4SJ6pU8hk/4MVmmzIpr4YqDXJdsdG9nS/vEZfpoHV6Lvcn6eS6LW6+ZOz+CJ40vuDdBBXlPclmZVIbyzF0v5HLfiA0KrsZxz8ApxaRO0m3n2KB2Rx6iCJ4TY5C3WuVlssFY7oPZKw7pg0QdvyOVFBdsbSapFt9Zagda4HCDDZGOuzYAecEa2PeqDc5wiYKsFOBoDQ0FrheSmsdgLeDU/7Fuz65GKXDJM22C4JYfLR8ltRvYUhK06qtnzZJFakQnpTxn9FuGM6K0g/u3O1K0inorljS4Ug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=maynaroaas.onmicrosoft.com; dmarc=pass action=none
header.from=maynaroaas.onmicrosoft.com; dkim=pass
header.d=maynaroaas.onmicrosoft.com; arc=none
Received: from JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) by
CP7P275MB2390.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:52::10) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7316.24; Thu, 22 Feb 2024 15:14:55 +0000
Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:67::10) by
JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7316.22; Thu, 22 Feb 2024 15:12:39 +0000
Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
([fe80::448e:98a6:1c99:83a0]) by JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
([fe80::448e:98a6:1c99:83a0%7]) with mapi id 15.20.7316.023; Thu, 22 Feb 2024
15:12:39 +0000
From: Curran Juarez
To: lonley
Subject: Win Big: Complete Our Survey, CIaim Your P.rize
Thread-Topic: Win Big: Complete Our Survey, CIaim Your P.rize
Thread-Index: AQHaZaFR8ga7Ncow5kyWdNJHg6zoGw==
Date: Thu, 22 Feb 2024 15:12:38 +0000
Message-ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Maynaroaas.onmicrosoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic:
JN3P275MB2685:EE_|JN1P275MB2449:EE_|CP7P275MB2390:EE_
x-ms-office365-filtering-correlation-id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563
x-ld-processed: b78d2084-30db-44b7-aac0-828f2660b139,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
5wz10Iz/mqIQ9QHPmfOGGJuKIMKQLQ5kfW705IsDLsupSFpIFdwFToujhlm5MJSstHmqxnsfLThn6ciQdhBvCzCanCnkVeHs5Foxn5BCajvH8xdgcxRc1VKWf+isARUSQRt1z4XfokyYI6mYBPz6/bqywtqYxBeffjrD2fV5KKsnTaDjI74KYL/rnhCtMd5tZB81z1Fa8qRIHb7v4oS7nSs2JxSr6NK8gG863npoaArc8IquLdXucJlExXulgHPilhf1uiAGjd26xcu8PFRFwgscke/rIPHBNT0+JgqZp8+G9NNwe0CvyvnoLYocAoMJWba63u1Mc7Xo1MYihiwNgA==
x-forefront-antispam-report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
=?iso-8859-1?Q?/FkMH90SU5dDSvDfoqf6G5XyLA9yMRgk4CAfGHbwvuA2K2fnXK4bbvOr/N?=
=?iso-8859-1?Q?yWWRyKdd0dzHcoAXPjw9fgdZw/EKi97lsrCkLewBor9CARHN6i+uXOT4Lp?=
=?iso-8859-1?Q?HdDhkxCcMNZEPXIvAoi7yawAWyFc1FUL6iA74bP4Ueo0QO0DzVEqLoGUXY?=
=?iso-8859-1?Q?heI+GQTyUq38fEuYdkk001lCMRS4qWuIo8hI+JECgWK2NtNr8xBSLO43TN?=
=?iso-8859-1?Q?GnYAnQYA67jZvL6LeKL9KlTBFlO3olLC5mfZQ6nF6jQLirbF51f05TqClA?=
=?iso-8859-1?Q?cKHC60ESIlAcyXdwAkLkAvqelpG7XJoE0g61dOPfici6EoJ1VDPFPr9obB?=
=?iso-8859-1?Q?JCGfccteqvO0JSHw52Zx7XdJTiSsT9/3Wfuz3L7wePXRn7ls99mU1nt4f9?=
=?iso-8859-1?Q?mw9dXf31cqVLbTxpYUaKpN95JL2L00eW+URRmbewzoJJFQn4pDM23wbs6K?=
=?iso-8859-1?Q?NJhdzqoZwuquVk6Ft/REN0P9Mb54/y3ekOeo0yjLe/gu4/8ny5nmjeSCcW?=
=?iso-8859-1?Q?Jmr72MITNHh20aGFIoS6Iv0aRFXew04L4U6A8iDWOzDBEhEltGT2Qnv72F?=
=?iso-8859-1?Q?KXL0QwDjaRqI2kBPxefXWNvYfrTkpmdUQqQPCyHwCAgOT3nsyms4bRmQCN?=
=?iso-8859-1?Q?zp01YsR6md5LVG5NqILqGi65vVM0HdS/m+VQRbrhZy0pUPtc33eMEFF9jB?=
=?iso-8859-1?Q?bRTmqlo+NRlabenMvTgT6MiKtqkVR4jk2ysam2n+LrH9Ib0dXko5hHd9+i?=
=?iso-8859-1?Q?yAqA8saLMvTjh1BaZJ08e0D0Eam5C2Tw4cwDnvHbZLX20vFQLKJCPfPG3F?=
=?iso-8859-1?Q?eL7d4AsV2zBMtu0VtmSOf5objuSfscRFlf8Ny6bIXEjXZ9KpCeYE/RtTIQ?=
=?iso-8859-1?Q?NGoUxvK+LmJPFPwi6luVS0Z0/30XiDi1MGhDhbqWbP9QDk2UfWER3zDu9m?=
=?iso-8859-1?Q?tBHtPID6OZNaE47nzVUl6Qg9cpwa0RsU5GIDGH4Dbw4vQczyBO4n/G5kMA?=
=?iso-8859-1?Q?evosYqqT7LY7LM6pzYLdhPRHZMQEQB4OlkM1VXstEFxd+vLNdapjTOQm9E?=
=?iso-8859-1?Q?Ae1Yz8mUgxAQtBZ1ZGPARK3LNSAQUyvVB6BJuQg6hVM+VLw8myptmfvF76?=
=?iso-8859-1?Q?W5/OD+Db8Y0YXapB+Imjraqx47wsFkIYANktFeBbvPWz1y+l4kN1nUCIAz?=
=?iso-8859-1?Q?+1qbKzywxorGMQYuILKuJDwllPshhkzl7EGXdW5IuGiQq/HUn+ORALyXag?=
=?iso-8859-1?Q?s/jY4RBXIW0aKp6UDwV41utA6uUV79AZ8GKB2juXukMttkzR6YM3w80a1H?=
=?iso-8859-1?Q?pdBSdA1JATIkgYk7NQeIjh78GeykoIHJ9HeFYLhyr/55Mlw/OjNgrYt4Hi?=
=?iso-8859-1?Q?zwTO0vvjSNOZ1HrwScle+VyGUWKfzXk556MFp1xBeAjocw/nthmZhspeGN?=
=?iso-8859-1?Q?qLk4RdbSOHUs4LB57UIIdP7R+kJwk84IjTNEFZSLEtGvGxjNg2Xe6gKAM4?=
=?iso-8859-1?Q?WVtaVC/6f21mfi/CSWWRzLBQBaDb5/Th8VbqZC7vWdwyvF61Vuo5lKRUXt?=
=?iso-8859-1?Q?pj02C2hXBdIp4LIzZWQ6NSSlt7a+wcHxW+VadipKmgBxqs+k/CYU/201vz?=
=?iso-8859-1?Q?tptHNqFtBkqPhuUrD0MgM2TSfQ3oooOItidbRuPCZ6ghGOB6yeDZfTV2NY?=
=?iso-8859-1?Q?MlSCDAy8xGkxsDqC/cU=3D?=
Content-Type: multipart/alternative;
boundary="_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_"
MIME-Version: 1.0
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: Maynaroaas.onmicrosoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2024 15:12:38.9630
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b78d2084-30db-44b7-aac0-828f2660b139
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: c8fKJpltarWutvbFPZXISWIhAr7caVyXOq6RHr/45lMybZNckSNv8BeBI3JVOJVF6ipNd6XDhyf+apaojLtS5z088WaADflcq7q0nXtpVfcgOz8GwW58cLiI1IRtYzQ+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CP7P275MB2390
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: [https://reyna.blob.core.windows.net/reyna/1.png]
[https://reyna.blob.core.windows.net/reyna/2.png]
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: reyna.blob.core.windows.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.19.133 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.19.133 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[curranjuarez(at)maynaroaas.onmicrosoft.com]
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Win Big: Complete Our Survey, CIaim Your P.rize
X-Antivirus: AVG (VPS 240222-6, 2/22/2024), Inbound message
X-Antivirus-Status: Clean
--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
[https://reyna.blob.core.windows.net/reyna/1.png]
[https://reyna.blob.core.windows.net/reyna/2.png]
--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helve=
tica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
/urlz.fr/pE3z" id=3D"OWA207b1743-d842-9606-6bf4-92435c3c605c" class=3D"OWAA=
utoLink">
yna.blob.core.windows.net/reyna/1.png">
f">
ce, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">=
458" class=3D"OWAAutoLink">
src=3D"https://reyna.blob.core.windows.net/reyna/2.png">
--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_--