Slavic women dating spam from outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Feb 2024 07:08:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdsgq-00000000HGG-0jkp

for dave@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 07:07:44 -0700

Resent-From: The Doctor

Resent-Date: Sat, 24 Feb 2024 07:07:44 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-he1eur01olkn2103.outbound.protection.outlook.com ([40.92.65.103]:64262 helo=EUR01-HE1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rds03-00000000DTK-46E2

for doctor@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 06:23:36 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=VKsPPuCvz2XOpPFovaVWcl8weBSgIxJnsq3vAseXMRnS/VYL1kyFlRIW17Z3hILp4g1V3w7qvNE/ojHHXcUxjJdjPDiT9YLBqO3iLmp4tewwUCQSkzu0w9BTreuJpWMxg0tjJggk415GDnf2EP16WGDUDL93FQ9EmS7bRlTCloYdZebgPRwVlIaPr/M1yFURZLPrjvIZ0vyqGlkN3OSM0hEox/M+Q0/x/HWnjDiYBWJBnyCrgwg5rrYe1CBvKcDVu8ILpoNv+SYzJV5bvaF5Ba56WocWobBq2bfGTzCAZEoijJ9okA7RJt/259xUh04pZ5BcE/fSCCtNrpcWVPvCaA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=4O4q0oIhxAax4AhHI07Xm1ocEGCGT/kbAoEJVW+N0zk=;

b=KA9tE19FlGgeVuH2d7GC/+QfGhL7MGqQb91o9ce2aSLADQ+y5eQwnVQukRScGio7DOioNNUF3FY2xPCfFrByNuHp25IXizZKXSsJYAQ9/Zup20J6ezaB1uCNhFwDzM8be4/Wfa5Z5g1u2YixpSw/Z+zWpEjwxY3ZdVkdjy1ux1C8CwsTuXZm9/ElNgmh6D17KhKi23/Ryz0SsXa4JSBV396pWoNda9veR1SoXUMOnKMFzsj11vR7TumwIfkuGwmE2ZF04+A2tntc52feFx8D8YYTMOXpl+y7w1LjA+O04bky/vOYWARbdO5EDZPBDgm3B0+iiLp5HkgVLgwnYggW/g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=4O4q0oIhxAax4AhHI07Xm1ocEGCGT/kbAoEJVW+N0zk=;

b=q7NBr8nT06LbuRGELf2V56B436V3VaBbJsHVlsH9PJS1wHdDk0ThDHLz1EJBJSR0ptz9U7+Vtn/qFffIAgXJ0DrOrpuiVuWlA6EEThZ3ksPl7ruGY2ugmrsZtSuqrCRbfwUBafvnUjM0o79J3Ija6YEul5P2tGXyrXH3ybZ73Eh4pK+dvjA0G2EVHJuZlXfFIjq4Ji3Q3plFS81P+OBorz/QhrEKjN1qhqgaONpXnhjDUdYVgmqLsysv9fUsQBa9McqSWbrYZ3i6OQizwdoB9C+n2Sk5jCr/4vgpU9a67CKKHwTCILEKt5P4HdveSd4pztwOPPt1Qis7o+1MTCfzJw==

Received: from AS2P192MB2246.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:64b::6)

by AM9P192MB1093.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:1f6::13) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.31; Sat, 24 Feb

2024 13:21:26 +0000

Received: from AS2P192MB2246.EURP192.PROD.OUTLOOK.COM

([fe80::3e9c:68ba:fa5c:3148]) by AS2P192MB2246.EURP192.PROD.OUTLOOK.COM

([fe80::3e9c:68ba:fa5c:3148%7]) with mapi id 15.20.7316.031; Sat, 24 Feb 2024

13:21:26 +0000

Content-Type: multipart/alternative; boundary="===============7153378297899397879=="

Subject: =?utf-8?b?UG9zdCBsaWtlZCBieSBmcmllbmQg4p2k77iP?=

From: SlavicLoveConnections

CC: SlavicLoveConnections

Date: Sat, 24 Feb 2024 13:21:11 +0000

X-TMN: [onasFIOLwyLQUXoMErCKxnugfyUQKtoF]

X-ClientProxiedBy: FR4P281CA0247.DEUP281.PROD.OUTLOOK.COM

(2603:10a6:d10:f5::10) To AS2P192MB2246.EURP192.PROD.OUTLOOK.COM

(2603:10a6:20b:64b::6)

Message-ID:



MIME-Version: 1.0

X-MS-Exchange-MessageSentRepresentingType: 1

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AS2P192MB2246:EE_|AM9P192MB1093:EE_

X-MS-Office365-Filtering-Correlation-Id: ddea1765-4b02-45c8-63fe-08dc353b7f7a

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?MDlKR0UrTFVkd0FEa1B2aEpzK0dLUldoVzFKNHQ2aUtvMnJXOW8zdTNVS2U4?=

=?utf-8?B?Wi9KYXZlTG9nRXlrVHFjWnRSbmp6WlJkV3VRek1lNmM0QWpJQTRybGFtNkZS?=

=?utf-8?B?Rk0weUNMbEsyKzdaYjhwNkFBcmYyV1AvblVLYnNzaGdwM1dpcCtVRHpYZnZX?=

=?utf-8?B?b1JWc3R3WGZVeGZLOVhvS0psYTJUU3lNUndNcmFGOU1lVUFHQ0J6MXVVWmlF?=

=?utf-8?B?T011cHJ0eExyTlQzOEdNamFqeXZvNUUyMjU4RzFEMUlodTlTdW1sRkpESDlZ?=

=?utf-8?B?ODYrQXJTU296THFXVXpnUkxyVjN5TzhJRkgyN2V3S3pSbXoyejJBNjhGNWF2?=

=?utf-8?B?UFpQVjRsNktucnk1WEoxdEtJWDJLd0h4ZWgrS0UxQ2psTndFSXU4T3E4anV0?=

=?utf-8?B?c1dkdkluNkxEQzhlMnNvWkZkbmsxeUFqRGYzdWdYa0JUMjhYNkZZSnIwNVc4?=

=?utf-8?B?TVBET3hIUm1IRGVoMjlzSnVESllPUVc5TjI1SGdLOTNPOUNoNFc3ZXozckU4?=

=?utf-8?B?L0w1NGlPdkhBVnhCMnNRK25jbGNXK2I1dDdaZGVvOHRPV2NWVTdqVHRjWFN6?=

=?utf-8?B?NU5mdFFtM2Qwc25YdzdGT0FZbUxQRVhoTXAzK1ZTeDdNeGt0bG1tN0IyYTZB?=

=?utf-8?B?L25VSGh3UGNwSlhEbDIvTmpqR1lEOXkvMzlTWmlvMWNCd0hYMldDRzRLcmE5?=

=?utf-8?B?MTJRRTZEWTloSjdYM1QwSE5hMG5BdkN4ODJiMlFTTlJBQ2ZPam9MNEpwdHpS?=

=?utf-8?B?OEhROGtVb282TnNFVGxJYmp0d28xMDJhTU5GZC9kZFVkeVhsSmpmRXRmaEJk?=

=?utf-8?B?d2k5bVErY2dvMVV2RnU2L014ZlJFNWRMSTFLd2lGMkt3NUpKb20zN1kvRXB2?=

=?utf-8?B?YVYxUTRWTXdGNHJ6cEJQbWlTQ0RFZDA5YStYc1pZbE9yZVFWcUNMU1o4d2lZ?=

=?utf-8?B?WjB6dUlwT2JBTmRWNEJXNjhMK2ZPcWkrVWt0eEFRYmNCUXpvbHBPNlJ5SUVL?=

=?utf-8?B?c3FnazBpeElDUXhvZ0ZWZzU3dG1CU3NHYjIzcTY1YjVjVDU1VGJjL05uaks2?=

=?utf-8?B?R0RVWkxLZ1ZiNmIrY2E1U1RoaGROUXZVbTB5WHRFanpmelRFcE0zcGx3NEls?=

=?utf-8?B?cGhmREhKYVVPSkFVYmpaY0lHL24rcGVwRWZ1TDhaRnRKTXhGZlBXbGdXUmtS?=

=?utf-8?B?UDE4N3cvNWVGTE1odTBXS2t6UlRxL0U3ZVd4Q3NHRmRtcDQwSmRGKzV1VmJT?=

=?utf-8?B?Vi95cG0zSWhzcFJJODRqTEJkblhRRXRKYkJrK3B0QnBoOHo4ZXdXUTJneWwx?=

=?utf-8?B?VzRKMmU3UnZSVUdidGtZeWFqSDNZdXFzYm5MQTVkbnowNTB5L2p1ajU2RFJ2?=

=?utf-8?B?aHpEOUtaZWJXcUdXVVk5cFJUenFWY21jbnVnbWgwZTl0VnJiQ055NWpabGhC?=

=?utf-8?B?bGZZaC9nZEVaOXprbGNab0xIS2M4Rkx4MVA4Ym40TmpDVnJ5Mm13eWRDSU4v?=

=?utf-8?Q?iOfD9GrILJZEbXBINyaUXa5m0fh?=

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?YTJnYys2SGM5UlR0aFBXN1U5ckZLVEw3Y1NsaXp5ZHpYZjFxVmo0bDMzSkpM?=

=?utf-8?B?REt3QjlTZ3pZWnkzcXZJZ3dWelg2aVU2U3JHcTdIOHV1blJna0NiKzZKMDRu?=

=?utf-8?B?ak50RkgzZ0FjY25CSi9qUlJTSldGbDF6bU8rcFpNUUJzN3FoK2FNTGJyei9o?=

=?utf-8?B?OERETHdUVHNzU0dnckFCTlVHTGNRVm5aSnRhbmlTR0JOejU4YzJuWGJnbjlk?=

=?utf-8?B?V3RhSmFQOEdxbzZQZFJSdXpGemRqcVNQTzEyWWp2SUtNcFpTbDk5QzdlSXlz?=

=?utf-8?B?ZGZrTFd1WVNJRUsyNXpnWVV1R2ozSENIUWtKdTlpV1dUa1Bma056WUtma0NT?=

=?utf-8?B?SmNTeXMyeGpIRnBPRDRkUHdsU1hZL2xCcmZDOW9tZXJXRXBXRkxpakZpUmcx?=

=?utf-8?B?TjAwU20rL1UwUlNwVk9SRHh0WVh2YTVUajJqOHYrZXZra2VlQ1FlVFIwNTFH?=

=?utf-8?B?dHlOVXYxbEJ1cXFEZWZ2RmpNczFNUEduYmxTWmYyUjRLWlJVdlVjNExyZ1Ay?=

=?utf-8?B?OVQzTDFiN3ZIKzF1TklhNzVFbFRYcHFDTDFsL0gxcWtyMGR0aWMrMzlNWHdv?=

=?utf-8?B?SFh5Y2NsaFBielYvU1lYNzAxNXVtNlVocWRTMU16MGFZd0ZZMmRCOW9BSHhX?=

=?utf-8?B?eUtUaTFYcFJVdkYydXpVM3d2ZHluc1F4Mk5RbU9lYU5XcEI5SEcwaWIwVDJh?=

=?utf-8?B?N2NHN3A0OC9FOUovMUV0aGNFSXY1L2hPc3ZFaEZlSFB3SWpQMlFQNGtQTmxJ?=

=?utf-8?B?YWJLSTdlR01tSThNMnVvYzZMWUV6MXIyZmFJd1F3NlZGQzVGeUlyQ3BaeElM?=

=?utf-8?B?UW1GQVZDMnZsY2MvTm9Gbnh6dDBKR1pQWTgrbDNBbjNNdU9walA5S1dxUmwr?=

=?utf-8?B?bGJWU2lKaFVvTUN0T1ZRL214ZSthNGxqWEQ0azFDVmo2bi8venFtRDhlUzFt?=

=?utf-8?B?YnlPSkZmWEhVQWIwUXAwWjFSZ2EyaUNTelNaK01rVGQza0Nud0JOSWhtdjQz?=

=?utf-8?B?a1prbm5KZGYzY2xlMmtldXJOenM4Yi9Uc1BRWWloell5NFA5OVhzSVNGYmdU?=

=?utf-8?B?MVBneXJRMjliaUQwODNRVDFDV2NuU2VSb0k2S1pvck5RY0EvUStpMXNKcURP?=

=?utf-8?B?OFdDVGtGVVFGbWJVOEl4ZG5iNE5CZytWdFl4b2c4SmtWREYyV0ZHQ1psUmdI?=

=?utf-8?B?TXRiU1FiNHJvaDE2TE1aSDR0d2tENVdyTXVqSUpldmZKVE9FQlcwWkhhL1FY?=

=?utf-8?B?cGJOMlB3VFA0NVRsZThMa3REaFk3RFVNTU94VmNEYlcrRVhwOUhHelpFdllF?=

=?utf-8?B?MDFhbTViK291TVdSSVp6YzkwbTN4NUFlQksyUVVYWGdDSHF6VllMVG5pVGhq?=

=?utf-8?B?c0Q2TUU4T1lSdTlMazZNREdLYVFzT2NUZTQ4NkFaNkduZXF2cFpobEtOQzBP?=

=?utf-8?B?UnZJd1A5d1ZLc2dmVGRxZkhWYisrVjRtNU9WcU1QdHZEbklDMkd5NGk1UmFB?=

=?utf-8?B?Ynp4WTNJaTY3SEFVczZaQXBGZk9tRzdxaHpuS2U2RWhQNmxlRk9KMWt0MWZv?=

=?utf-8?B?MWNKMkswNlg2ck0zbllnOG9RNzQ1cWF2dFhNVUxkV2svd2pXdDEyeUNXK0ZB?=

=?utf-8?B?OFlGWTVidFUrM0gvVnZ1ZWZlN0JMS256c1o2ZzhVV0xOaFpwSTNJN0VXK2t1?=

=?utf-8?Q?4CAAmkCePf6JA3/MRB++?=

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-Network-Message-Id: ddea1765-4b02-45c8-63fe-08dc353b7f7a

X-MS-Exchange-CrossTenant-AuthSource: AS2P192MB2246.EURP192.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2024 13:21:25.8617

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:

00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P192MB1093

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Take advantage of the holiday offer and create your account

today by clicking this link - completely free! Below, you can find the best

recommendation for you, based on your location. Browse profiles and choose

your best match. Visit their profile to see more photos!



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: shorturl.ac]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.92.65.103 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: shorturl.ac]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.92.65.103 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[hagwood.zandra(at)outlook.com]

3.0 FSL_HAS_TINYURL URI: No description available.

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} =?utf-8?b?UG9zdCBsaWtlZCBieSBmcmllbmQg4p2k77iP?=



--===============7153378297899397879==

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64



PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJz

ZXQ9dXRmLTgiPjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+Jm5ic3A7PC9wPgoKPHAgc3R5

bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjIwcHgiPjxzcGFu

IHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxzYW5zLXNlcmlmIj48c3BhbiBzdHlsZT0iY29sb3I6

IzAwMDAwMCI+PHN0cm9uZz5UYWtlIGFkdmFudGFnZSBvZiB0aGUgaG9saWRheSBvZmZlciBhbmQg

Y3JlYXRlIHlvdXIgYWNjb3VudCB0b2RheSBieSBjbGlja2luZyB0aGlzIDxhIGhyZWY9Imh0dHBz

Oi8vc2hvcnR1cmwuYWMvN2N4em0iPmxpbms8L2E+IC0gY29tcGxldGVseSBmcmVlITwvc3Ryb25n

Pjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+

Jm5ic3A7PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3BhbiBzdHlsZT0iZm9u

dC1zaXplOjE0cHgiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxzYW5zLXNlcmlmIj48

c3BhbiBzdHlsZT0iY29sb3I6IzAwMDAwMCI+PGVtPkJlbG93LCB5b3UgY2FuIGZpbmQgdGhlIGJl

c3QgcmVjb21tZW5kYXRpb24gZm9yIHlvdSwgYmFzZWQgb24geW91ciBsb2NhdGlvbi48YnI+CkJy

b3dzZSBwcm9maWxlcyBhbmQgY2hvb3NlIHlvdXIgYmVzdCBtYXRjaC4gVmlzaXQgdGhlaXIgcHJv

ZmlsZSB0byBzZWUgbW9yZSBwaG90b3MhPC9lbT48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3A+Cgo8

cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPiZuYnNwOzwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFs

aWduOmNlbnRlciI+Jm5ic3A7PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3Bh

biBzdHlsZT0iZm9udC1zaXplOjE4cHgiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxz

YW5zLXNlcmlmIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMDAwMCI+QmVsb3cgeW91IGNhbiBzZWUg

b25lIG9mIG91ciBtZW1iZXJzLjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0

ZXh0LWFsaWduOmNlbnRlciI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMy45OTk5OTk5OTk5OTk5

OThwdCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0

eWxlPSJjb2xvcjojMDAwMDAwIj48c3Ryb25nPjxpbWcgc3JjPSJodHRwczovL2xoNy11cy5nb29n

bGV1c2VyY29udGVudC5jb20vdUhYMlNOcWwwUF9MbjF3emN0MFJHeUJabm1ldnZhU3hXS2dFYmVj

UU5Jel80aUM3VXFJcEw3XzlZSGZkYmpIVFRtbjZuZzViQkh5dVVsOHlSRXE0bU5YR0w4T0ZLcHNX

WEdGeGh2TDVrU2RjWEdSREM5UVM1ZExycThQd3dUNDRmemtYVmlCNy1ucnA4OC1hMUpIZzZrYyIg

c3R5bGU9ImhlaWdodDo3ODBweDsgd2lkdGg6NjI0cHgiPjwvc3Ryb25nPjwvc3Bhbj48L3NwYW4+

PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PHNwYW4gc3R5bGU9ImZv

bnQtc2l6ZToxMy45OTk5OTk5OTk5OTk5OThwdCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFy

aWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAwMDAwIj48c3Ryb25nPk9ubGlu

ZSBub3chIPCfjLk8L3N0cm9uZz48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0i

dGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTMuOTk5OTk5OTk5OTk5

OTk4cHQiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxzYW5zLXNlcmlmIj48c3BhbiBz

dHlsZT0iY29sb3I6IzAwMDAwMCI+PHN0cm9uZz5GaW5kIG9uIGRhdGVmaW5kZXI8L3N0cm9uZz48

L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxi

cj4KPGJyPgo8YSBocmVmPSJodHRwOi8vdGlueXVybC5jb20vMmhhaHhweXIiIHN0eWxlPSJ0ZXh0

LWRlY29yYXRpb246bm9uZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxOHB0Ij48c3BhbiBzdHls

ZT0iZm9udC1mYW1pbHk6QXJpYWwsc2Fucy1zZXJpZiI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxMTU1

Y2MiPjx1PlNsYXZpY0xvdmVDb25uZWN0aW9uczwvdT48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L2E+

PGJyPgo8YnI+CjxzcGFuIHN0eWxlPSJmb250LXNpemU6MThweCI+RGF0ZUZpbmRlciAtIFlvdXIg

R2F0ZXdheSB0byBNZWFuaW5nZnVsIENvbm5lY3Rpb25zISBEaXNjb3ZlciB0aGUgd29ybGQgb2Yg

cm9tYW5jZSBhbmQgY29tcGFuaW9uc2hpcCBvbiBEYXRlRmluZGVyLCB3aGVyZSBnZW51aW5lIGNv

bm5lY3Rpb25zIGhhcHBlbi48L3NwYW4+PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVy

Ij48YnI+CjxzcGFuIHN0eWxlPSJmb250LXNpemU6MThweCI+VW5sZWFzaCB0aGUgcG90ZW50aWFs

IG9mIG9ubGluZSBkYXRpbmcgd2l0aCBvdXIgZGl2ZXJzZSBwcm9maWxlcyBhbmQgcGVyc29uYWxp

emVkIGFsZ29yaXRobXMsIGNyZWF0aW5nIGEgdW5pcXVlIGFuZCBmdWxmaWxsaW5nIGV4cGVyaWVu

Y2UuPC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PGJyPgo8c3BhbiBz

dHlsZT0iZm9udC1zaXplOjE4cHgiPkpvaW4gdXMgbm93IHRvIGVtYmFyayBvbiBhIGpvdXJuZXkg

b2YgZXhjaXRpbmcgcG9zc2liaWxpdGllcyBhbmQgZmluZCBtb3JlIHRoYW4ganVzdCBhIG1hdGNo

Ljwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxicj4KPHNwYW4gc3R5

bGU9ImZvbnQtc2l6ZToyMHB4Ij48c3Ryb25nPkNyZWF0ZSB5b3VyIHByb2ZpbGUgYW5kIHN0YXJ0

IHlvdXIgYWR2ZW50dXJlIG9uIERhdGVGaW5kZXIgdG9kYXkhPC9zdHJvbmc+PC9zcGFuPjwvcD4K

CjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+Jm5ic3A7PC9wPgoKPHAgc3R5bGU9InRleHQt

YWxpZ246Y2VudGVyIj4mbmJzcDs8L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxz

cGFuIHN0eWxlPSJmb250LXNpemU6MThweCI+PGVtPllvdXIgbG9uZWx5IGRheXMgbWF5IGJlIG92

ZXIgc29vbi4gVGFrZSB0aGlzIGNoYW5jZSBhbmQgc3RhcnQgdGhlIGFkdmVudHVyZSBvZiBtZWV0

aW5nIGEgbmV3IHBlcnNvbiwgeW91IG5ldmVyIGtub3cgd2hlcmUgaXQgd2lsbCB0YWtlIHlvdSE8

L2VtPjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPiZuYnNwOzwvcD4K

CjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxOHB4

Ij5Zb3Ugb25seSBsaXZlIG9uY2UsIHNvIGRvbid0IG92ZXJ0aGluayBpdCE8L3NwYW4+PC9wPgoK

PHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj4mbmJzcDs8L3A+Cgo8cCBzdHlsZT0idGV4dC1h

bGlnbjpjZW50ZXIiPjxicj4KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxNHB4Ij48c3BhbiBzdHls

ZT0iZm9udC1mYW1pbHk6QXJpYWwsc2Fucy1zZXJpZiI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDAw

MDAiPkRvbuKAmXQgd2FudCB0byByZWNlaXZlIGFueSBtb3JlIGVtYWlscz88L3NwYW4+PC9zcGFu

Pjxicj4KPGJyPgo8YSBocmVmPSJodHRwOi8vdC5seS9HVnJCSSIgc3R5bGU9InRleHQtZGVjb3Jh

dGlvbjpub25lIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6QXJpYWwsc2Fucy1zZXJpZiI+PHNw

YW4gc3R5bGU9ImNvbG9yOiMxMTU1Y2MiPjx1PlVuc3Vic2NyaWJlIGhlcmU8L3U+PC9zcGFuPjwv

c3Bhbj48L2E+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFu

IHN0eWxlPSJjb2xvcjojMDAwMDAwIj4uPC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9wPgoKPHAgc3R5

bGU9InRleHQtYWxpZ246Y2VudGVyIj48YnI+CiZuYnNwOzwvcD4K



--===============7153378297899397879==--

Lowe's phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Feb 2024 07:07:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdsfq-00000000Gqx-3yuv

for dave@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 07:06:42 -0700

Resent-From: The Doctor

Resent-Date: Sat, 24 Feb 2024 07:06:42 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2119.outbound.protection.outlook.com ([40.107.117.119]:8758 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdq2g-000000009Cf-2mEH

for doctor@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 04:18:10 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=He3LEX8Y3it+XjkmU/Ql6oZroiFh0bxe1bE2U5KIhornhSQbFskrZPGQLDS8b83AaDA1r+51ucYMhYve6Al3bsid+BsPjRL3pRwEYuZQdDnpO5A0mowXsOfvUz+KolxeGgf+ys27m16a9jzDP6Sjz7dvTOkJnHSTPQm+c5kdXcTcJZL0rTRtxBOJwL8TNHBWcT635JfplwJE2HgJRVk+y943H+hrRDHMFmJ4/c3Z2CcQZknh2zPq/qPw1PJ5yLLW1tTuypumiZ0gNA8J7ZTUCegf2DxizzCyAFBtXQjPk5Tt0Ne5vD+bj+GFny5PE5oZvSHpVEXozaaZekcJ/RwnIw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=EWdKZfoQX7X2PbUc2DAmw5UqY77XOdBx9VyHXHBuAwU=;

b=DCOXsFufp7gGcEjheJGS41gQNpKWMWhr0rrnR/+yjK+TUf5w8GcMuuPHemDmMwz24l+tlXmdIRDBzgwsk6BZDnuz8RDz1qOyaOb/OuQ8Y2gehozAZJngM15e2PGwMNL4JPZegQIdu2d4Hf0oiIU/MhOYXv0ZP9qOH3Rt1UfVJbXx8/fFuOJ+PTorRlB80aChLgvXmximFNoPpz+m5fZre94mX9ih4v4uKA6iiqeDhhjnPZ0Jvgj/B0dTFzBJ7hGGdZpy0OquCzRTI+m7FaTW38Gnc9U8ImNs/tzfKYtWGxn06M6jzmSh1jxNL8E/8b39ehGhavwsatjCjFAHDh37sg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

192.46.223.250) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=smkkartinibtm.onmicrosoft.com; dmarc=none action=none

header.from=smkkartinibtm.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=smkkartinibtm.onmicrosoft.com; s=selector1-smkkartinibtm-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=EWdKZfoQX7X2PbUc2DAmw5UqY77XOdBx9VyHXHBuAwU=;

b=vmEquBwqaGELoOVH5v4oQZ9/do5tcda3r7+DeZ76I0ho3wtpP0ml9LgFnoN0+HgNu9X85bRE5iAgAk97moGoGowqWijATrK8L/09qWrAWsoGmcU+XoxHs2xQinmtVHEQ7+nXtnZjnTL3wyUtqrmYlzH8zZznC4mWgqSmMJM41VfnOPnHbXANcuZyifdGTpdOyWNsmhsJutHkix1lbmyPRaaZoFZxvT9yxJzGWY0vhxjnW2mgXJPv1+oEWK4o5g4q3aExLUVzqvE1PCNMkvXF+L3v0Plx2RBblQriiqFo3s218HUQp1ErlQe4xc0MeZj9QMZni9FFonK5odBdCMaElw==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 192.46.223.250)

smtp.mailfrom=smkkartinibtm.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=smkkartinibtm.onmicrosoft.com;

Content-Type: multipart/alternative; charset="UTF-8";boundary="DntnxoEllGWrVddRM0fFdB"

x-priority: 1

X-Sender: email@smkkartinibtm.onmicrosoft.com

To: doctor

MIME-Version: 1.0

Reply-To: Lowe'S_Department_!!

Subject: Please_confirm_receipt!!

Delivered-To: doctor

From: Lowe'S_Department_!!

Date: Sat, 24 Feb 2024 12:59:25 +0200

Message-ID:

<79b2588c-ada6-4107-8ef6-56bd0674a669@SG1PEPF000082E5.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E5:EE_|OSQPR02MB7980:EE_

X-MS-Office365-Filtering-Correlation-Id: d866eb2f-0c71-4cda-d1cf-08dc3529fcd3

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

8E1cvbIclpE6Sg+TM6Jk4E0HV8eHy+CRgNo1oCUBYw1g8B2er1xbw0dsdtRrdwn+D67S6364fcAZgbAizIMgYVb+od9HSv6jEaXGpstmGfSIlP/zfIK7MnZWUiKn3jvAOGJdxuFWo/0U+sue/rUtB/G/3JcMWZeHyIlqFPHnN4oGiZhqvpSEtvLvv4UEi6oJFWxJTnc2niMvlJ775GANCJxQyc9lUbr3uCNaHxk1FyEq9AdgkUlc8tOGo6k8QR/zyYvJLiANjny7xu7+IuJPROyVAR/MiIhkn6ZBvxX9ObyJPPZsuy3ek7eFW27AloGt6bGr7jsl1A7PYshnvrTbzpIzNv7hy5BVEWHJiyPmVKQzrA06Q7B/uoX/ZaqaSErEZYKBK3wmrt+5+qHNSkqGdI/29zSq/EVdZD6f7Xd6Blw=

X-Forefront-Antispam-Report:

CIP:192.46.223.250;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schowalter.net;PTR:192-46-223-250.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(36860700004)(7200799017)(40470700004)(46966006)(3613699003);DIR:OUT;SFP:1102;

X-OriginatorOrg: smkkartinibtm.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2024 11:16:02.6907

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: d866eb2f-0c71-4cda-d1cf-08dc3529fcd3

X-MS-Exchange-CrossTenant-Id: 2df0098f-30b1-415f-82e4-efdb8f1ecd0d

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2df0098f-30b1-415f-82e4-efdb8f1ecd0d;Ip=[192.46.223.250];Helo=[mail.schowalter.net]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E5.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSQPR02MB7980

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo gyy1u8us3v6pz

gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz 2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja

2W0XrxBZNJja Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26 [...]



Content analysis details: (8.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.119 listed in list.dnswl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: topoffre.blob.core.windows.net]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.119 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[inbox.news(at)smkkartinibtm.onmicrosoft.com]

0.1 TW_XM BODY: Odd Letter Triples with XM

0.1 TW_JK BODY: Odd Letter Triples with JK

0.1 TW_VG BODY: Odd Letter Triples with VG

0.1 TW_IV BODY: Odd Letter Triples with IV

0.1 TW_SZ BODY: Odd Letter Triples with SZ

0.1 TW_GY BODY: Odd Letter Triples with GY

0.1 TW_ZX BODY: Odd Letter Triples with ZX

0.1 TW_GJ BODY: Odd Letter Triples with GJ

0.1 TW_KR BODY: Odd Letter Triples with KR

0.1 TW_MK BODY: Odd Letter Triples with MK

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 TVD_SPACE_RATIO No description available.

0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

1.0 XPRIO Has X-Priority header

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

Subject: {SPAM?} Please_confirm_receipt!!



--IYOeP7Ghxh43J1UANpGObRifrNlGbIqh

Content-Type: multipart/alternative; boundary="DntnxoEllGWrVddRM0fFdB"



--DntnxoEllGWrVddRM0fFdB

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo

gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz

2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja

Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs

wXPU9yb39JQax wXPU9yb39JQax wXPU9yb39JQax wXPU9yb39JQax

gyy1u8us3v6pz gyy1u8us3v6pz ivgjktszxbipo gyy1u8us3v6pz

2W0XrxBZNJja 2W0XrxBZNJja MfhdJmFkyUFU 2W0XrxBZNJja

fbmkrwuxmp fbmkrwuxmp mYLHRyODhR mYLHRyODhR

--DntnxoEllGWrVddRM0fFdB

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">










Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">















--DntnxoEllGWrVddRM0fFdB--