Phish | Entries from February 2024

Dewalt Canadian Tire Phish from MIcrosoft Outlook

â–‚â–ƒWelcome â–ƒâ–‚

ðŸ…²ðŸ…¾ðŸ…½ðŸ…¶ðŸ†ðŸ…°ðŸ†ƒðŸ†„ðŸ…»ðŸ…°ðŸ†ƒðŸ…¸ðŸ…¾ðŸ…½ðŸ†‚!

Dewalt Canadian Tire Phish from MIcrosoft Outlook

â–‚â–ƒâ–…â–‡â–ˆâ–“â–’â–‘ð™³ð™´ðš†ð™°ð™»ðšƒ ðŸ¸ðŸ¶ðŸ¶ ð™¿ðš’ðšŽðšŒðšŽ ð™¼ðšŽðšŒðš‘ðšŠðš—ðš’ðšŒðšœ ðšƒðš˜ðš˜ðš• ðš‚ðšŽðš ðš‚ðšžðš›ðš™ðš›ðš’ðšœðšŽâ–‘â–’â–“â–ˆâ–‡â–…â–ƒâ–‚

ãƒŸâ˜… "Shape Our Future & Win a Featured Product" â˜…å½¡

Tupperware Phish from Microsoft Outlook

Lowe's Phish from Microsoft Outlook

Sasktel phish

Lowe's phish from Microsoft Outlook

McAfee Phish from Google Gmail

Costco Phish from Microsoft Outlook

Costco Phish from Microsoft Outlook

French language postal phish from Google Gmail

Spanish Language phish

UN Phish from Microsoft Outlook

order phishing

Datefinder Phish from Microsoft Outlook

Ryobi one phish from Microsoft Outlook

Posted by Dave Yadallee on Monday, February 26. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 26 Feb 2024 13:15:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rehMz-00000000PNH-0Pn0

for dave@doctor.nl2k.ab.ca;

Mon, 26 Feb 2024 13:14:37 -0700

Resent-From: The Doctor

Resent-Date: Mon, 26 Feb 2024 13:14:37 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dm6nam11rlnn2068.outbound.protection.outlook.com ([40.95.38.68]:25056 helo=NAM11-DM6-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

id 1redur-00000000IQY-1cud

for cyrus@nl2k.ab.ca;

Mon, 26 Feb 2024 09:33:25 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=SzhUnotZ9AqExx0l9m58t7lILugtfPBHDGN/2XNFlDcebY/Iyt26HzoPJU3qFA/chkOO4e2AaaOAyMC+WDwvShIHMDJQ0gTnDhcSwcup05atcZrCp3Ncr+aUaPUvG8BBRRkO+gOW1jfJvKf020l1OWTN5kb8qOdNhA5vYgYxrxYo5tOHwt5S5Zgw5xRT1AzEw+5y17fwC05xcKOU4DJAcNS/iXLbpGke9sFDEKfvHM0bio8z30goigQG/YJlg/zf1cFuvoaKlihGiUOL14h1q3QQfvPg5eB+URjDR8u2+MOVGOvnCN/tVVNJgDH51B9aUBkNowDYTHt3kc+R9MOOig==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=UbK2/awdFIEfx6xfge2K7FC+9l9hM8H4b4IAHskuWTg=;

b=cUGmubnHoWtyBv3mdaVBlTEMOOwKALDvf1T93KsqBK7qQqcYMpyMN1Gsd/ZaKuZ53eRc+47W1r+rF5++Qd9BcZj1tN0SRbeSFQBvkqOtq3ugng8f4oTpfKxUCSS4y0cJVuBgi04vXufc+A8HtbmmkgOKX5/O3YVDgPkfGG1Dh/42WokvSobOtPbVjbdYAfhd93e1mr+SWaw3+UmcfLk212bWwifQzbjgp63zf1VDbj6aW8I8RcJHab5Hb4mNVOvAPkCftwic9jWT7PFPkLUKO2qPmY6diRprzgc+a/mNoWf0p4fKRO+YdVHX7P+SqQ92jAbjA9X0qaK2XNLKEVHXuw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

173.230.147.222) smtp.rcpttodomain=nl2k.ab.ca smtp.helo=aal.lres.sbs;

dmarc=none action=none header.from=aal.lres.sbs; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 173.230.147.222)

smtp.helo=aal.lres.sbs; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=aal.lres.sbs;

Subject: Make an Impact, Get a Dewalt EXTREME Drill Today

MIME-Version: 1.0

X-TOI-MSGID: <101741867707062.AC354F821938C.1705442930402@aal.lres.sbs>

From: Canadian Tire Department

In-Reply-To:

To: cyrus@nl2k.ab.ca

Content-Transfer-Encoding: 8bit

Content-Type: text/html; charset="UTF-8"

CC: cyrus@nl2k.ab.ca

Date: Mon, 26 Feb 2024 16:31:18 +0000

Message-ID:

<30319f4f-55cb-40ad-b4b4-f3a0cb78bf73@CH2PEPF00000099.namprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CH2PEPF00000099:EE_|LV8P220MB1556:EE_

X-MS-Office365-Filtering-Correlation-Id: a60479a6-7c34-441b-448b-08dc36e85bf1

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

uKegQWSjsttXFuF8AcSCtiGmkc2NMCvYSgC+dhOFx/wPQcq7ACZtkvN+Yd93oTFyK+lhBrqIYoFwgifAMWCxpzKGy36IBZqn0qKsdHKNVU0G+/8LvWohO9zDaGLS/zaCvzCgXoFjKj9q4z7jw0kxkeFP13+nnfuK8hY4wMOiYKiWGIEM/a9WpLDiB2nVD079r08zqP0MEayMJMX4hxntLMuUfwdlEZXAeVjtvCxOR4wL2PqFcPH6Mtz3wCDpW9V4CAgo43A9AlWUWTejY6qjZo6tozSVMcGvJN6fQZNhusZiih7gTRNEr4eb8rcnOyP0cbcdJxj4ye7MAc3pXL/c7NDVUkkC0E+lvcTuu4B5R7z16nldYFC6QcDXeDwqvJ7awmirOiZMngvZP30KSVxYLObgfJqZMMK/Ryq+xoGgCCYqbLQ0hDdsc85UiQpQZbS2eCj4EMukx3pvb4GJ/HQ/PI6CKHBWy9bgycdgufkBcZSubBmi6Pju4iy30kvo+m5imb9hVej7lvcg58Uw5DvdD0QGEAB2Trj01iKQPD8upe7W2ilikQr7eDhWxCZk1jndSVJ/fdUnJVf/xhzQ5wowSpQf1QNymRqEkLBKY+85Qdbm7v6hy2r/gZGXisYOc2wB4La4UJvsJPkiu2YhB/Yvltlm/md6zNDPO1t/lE5C8wmk2/u/aQsW4NnzuO5NuRUZyE2bet5WSCAAIFLUQX3d6FcKmkSXkbxX67EWwAe3a68=

X-Forefront-Antispam-Report:

CIP:173.230.147.222;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:aal.lres.sbs;PTR:173-230-147-222.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(35950700004);DIR:OUT;SFP:1022;

X-OriginatorOrg: aal.lres.sbs

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 16:31:18.0118

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: a60479a6-7c34-441b-448b-08dc36e85bf1

X-MS-Exchange-CrossTenant-Id: bd07f877-fda5-4bc6-9759-92d8571c2a42

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bd07f877-fda5-4bc6-9759-92d8571c2a42;Ip=[173.230.147.222];Helo=[aal.lres.sbs]

X-MS-Exchange-CrossTenant-AuthSource:

CH2PEPF00000099.namprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8P220MB1556

(1) Notifications

Posted by Dave Yadallee on Monday, February 26. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 26 Feb 2024 13:17:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rehOn-00000000PRd-1SNL

for dave@doctor.nl2k.ab.ca;

Mon, 26 Feb 2024 13:16:29 -0700

Resent-From: The Doctor

Resent-Date: Mon, 26 Feb 2024 13:16:29 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dm6nam10hn2226.outbound.protection.outlook.com ([52.100.156.226]:50177 helo=NAM10-DM6-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

id 1rehNl-00000000PKJ-2ZVX

for root@nk.ca;

Mon, 26 Feb 2024 13:15:30 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=LuCwU33zgvn7t+pRqOPPYW+6utM/RihjQY4kZBsM9vHeMrmeNkjIHxUGGEyS20NjMc3vj1piQEjJ6e6UYF5CUwO6fArRXjthx6keApM26yZ9Sn+OZqIen8Z6doq3tvohIqrBn8enVwgie8x180or0KHO36jZXBWEAimTqvhSRXw51TnvqRasuFM0YW9MdjH8DwBEiyKCWWgA4EZsVwxuVYsLxfdglr+NtMkMHwKHkIdFuBKK5U+4Ys1YPuSGxXgy94//Snj9ZcL089Vo3ahI5jLyvTZ4vFDglluakABB+cd355MMJeoAOzamiqxAsz9MG5NgeC8XXQ0E97bklUqiMQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=LwLGWwoDP82aHlgPZ3dh5iiyTbLMw1mm41tE1LykYJo=;

b=XB6mOmZktGcN613O6Q3oLlGWQ6b7iQx6Z85qx1S0G7SVD9uNZLP3925DrZPq5aO6jg3sClHIzJz6yqyA9m21jHWHcTCW9FXj5smQSgsYvrVRphB5UbMBjweSsg6OU4tMqQx9E/PMS8SURPVkW+6lNCIxXL/rMdNPh62oTCiGLmrZBhiletg2BqMlkW//AQQssSswNLfbDr+aToGtw/RgJLn6dzAUjvb6lkjbKgkOsds9PLMM/t6aQzXCDUoe0PEa14Vko5yRCSgo5yqbNSTasYwFAML0bq28D5pVyaR6AFeo9F3smwUXKzN8/qX+aQCtoVAYBPkBqHol1SKBeWPNKw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=permerror (sender ip

is 172.105.152.135) smtp.rcpttodomain=nk.ca smtp.helo=qmpj.lukychosetp.sbs;

dmarc=none action=none header.from=qmpj.lukychosetp.sbs; dkim=none (message

not signed); arc=none (0)

Received: from CH5PR05CA0019.namprd05.prod.outlook.com (2603:10b6:610:1f0::27)

by BL3PR13MB5146.namprd13.prod.outlook.com (2603:10b6:208:339::13) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Mon, 26 Feb

2024 20:13:24 +0000

Received: from SN1PEPF0002BA4D.namprd03.prod.outlook.com

(2603:10b6:610:1f0:cafe::f7) by CH5PR05CA0019.outlook.office365.com

(2603:10b6:610:1f0::27) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.25 via Frontend

Transport; Mon, 26 Feb 2024 20:13:23 +0000

X-MS-Exchange-Authentication-Results: spf=permerror (sender IP is

172.105.152.135) smtp.helo=qmpj.lukychosetp.sbs; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=qmpj.lukychosetp.sbs;

Received-SPF: PermError (protection.outlook.com: domain of

qmpj.lukychosetp.sbs used an invalid SPF mechanism)

Received: from qmpj.lukychosetp.sbs (172.105.152.135) by

SN1PEPF0002BA4D.mail.protection.outlook.com (10.167.242.70) with Microsoft

SMTP Server id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024

20:13:23 +0000

Subject: "message for root"

MIME-Version: 1.0

X-TOI-MSGID: <101741576207062.AC354F821938C.1705442930402@qmpj.lukychosetp.sbs>

From: Canadian Tire Department

In-Reply-To:

To: root@nk.ca

Content-Transfer-Encoding: 8bit

Content-Type: text/html; charset="UTF-8"

CC: root@nk.ca

Date: Mon, 26 Feb 2024 20:13:23 +0000

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4D:EE_|BL3PR13MB5146:EE_

X-MS-Office365-Filtering-Correlation-Id: cf478d09-e94d-4758-cb7c-08dc37076244

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

S9E+qjcIq2rVgFH63tTe7gbnpjVDlOYV0vBTwCvwE2KujKuMg1rd2P+HrMPPjAkM3iL9h2afziZdTOfA2b6p5P/3ZWNCPUKQX7oKKmArTt0EOa5DpMOFJWiCRf/uw03IXUWA30u+1xkoF5n3GoCpY6KSFf3f12pI4/MWjzUlfvO79UYFku7b1ZOvRrnd3mg9MmXJ+UtEC197n/aYz1NWZNQPjeRgE+Vg7TL0ItP+8ouJzltxOs+W534a6Ijl3dkh1aTjSR8at3j3ck0CpBRQr1TL7ywteHpTlMraHGUAF85Rg12IWnvpm1/RGnd3o7GWo7t48IYZetoZH4ZWGcr7vtarEHOgzTrsQ8ZDPAlZsE0LIPBy4U2OmsohGyOwI7NYrC6LDdlAf/JqTJrG04J9ZM8SH1jjuFwH2vBzvjK4dcTfc6kvRBraWTaby5MjlldiOSNLFZxmgaHIgemqoS2JMLl6aF3KQQXAszT4Qxyyq5a0yAPx/CHP9WrJ6qmTZYK/FRczJlF5BanlJ+CStfbDvKzLVmMPTdIlbiJJ06WdOA1jNQ+5SvvhaSiZlRx4msQbe4WCKK5YO2CGJngIZXNF6Dy/txsaohe7QktG86eyFD0T4ZBt0NqHewJQtVVH9yIYCvXDS8WcPzk3YxkzeZXwaRQ/Xn96xiTPk+tXl7SxAY3u36uQtpzXJ5S10QwBPuwoGYXI7wzzPF21yrTG/+5yu15DP05nIPB4/Q6XXfxoWzQ=

X-Forefront-Antispam-Report:

CIP:172.105.152.135;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:qmpj.lukychosetp.sbs;PTR:172-105-152-135.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(35950700004)(15920700032);DIR:OUT;SFP:1501;

X-OriginatorOrg: qmpj.lukychosetp.sbs

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 20:13:23.1648

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: cf478d09-e94d-4758-cb7c-08dc37076244

X-MS-Exchange-CrossTenant-Id: beb48577-e4da-482d-ad17-be7c9f875854

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=beb48577-e4da-482d-ad17-be7c9f875854;Ip=[172.105.152.135];Helo=[qmpj.lukychosetp.sbs]

X-MS-Exchange-CrossTenant-AuthSource:

SN1PEPF0002BA4D.namprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR13MB5146

(1) Notifications

Posted by Dave Yadallee on Monday, February 26. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 26 Feb 2024 00:07:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1reV4X-00000000BtV-07xA

for dave@doctor.nl2k.ab.ca;

Mon, 26 Feb 2024 00:06:45 -0700

Resent-From: The Doctor

Resent-Date: Mon, 26 Feb 2024 00:06:44 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tycjpn01on2119.outbound.protection.outlook.com ([40.107.114.119]:33816 helo=JPN01-TYC-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1reSRM-000000006fR-2PbS

for doctor@doctor.nl2k.ab.ca;

Sun, 25 Feb 2024 21:18:12 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=YCi6Ixv1t2Fby+CZjH/5r5NWcybJz40v6ayvqh6FzkPULpsS9Hkagm+SQrDxbIFHwayaRK8rS8SrDf6rJ8/AfEhu8HwokWxnEV1hWPlvcLkvntwa9fYaKU64ECTsoBiJIkyXDqWDYjqyw4slgsRfCU28xmx8BJPM9W0uqlEFBIPKEcI9pB66bsrz8mtf8dL+KBgztmmvgAw+Ihb6KLMaokUw77T+qPeJFfYaiVvlhHlqzZei3GKtlH9FwpI7qHjunMOMlz11ID1Yqf6tAHS9Q7TKrwMWRs4YIFJEiJi+g7afp6fdye4uGC67KcrrRxZ2IRc6naSbRqVaYj9M9rBv1w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=pt1Toczi58H16nS3keElahBKZ3mT61kZ3gPQnERYKwM=;

b=eMIJIZDf1+elYrb/ldLDmh60q4nQ2ZQHVjh1wUmQPPye8fg0AeyZjFGrdd6BMQVEGFj2hK+lrgeAK9ik3sL1iWxu9Txx9GDZJhOPbH30TnERMdI0OEXp3SyyXPZce2Q6HceDO4sijdjtt5qXLaVT9Hy3spuw+hWuumykTocY90SPpH/w5YTXnOyq2eO8M+9bfH3sFYvzmfaWcTEceZodrReQkmL01s6f8KIIHtqmamSgky+yptYSxgYo2YMmzvdPR7VFrrCMDceDpW4n7uXFaoNcVVA8VPuR4fyo6PJgUgBb2smsOYeZuSd32gO70qH807JJiBR1FsZBsEhqtFBIZQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

185.185.70.183) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=edwnv.bardoni.org; dmarc=none action=none

header.from=edwnv.bardoni.org; dkim=none (message not signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.185.70.183)

smtp.mailfrom=edwnv.bardoni.org; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=edwnv.bardoni.org;

Subject: =?UTF-8?B?V2luIGEgMzYgUGllY2UgVHVwcGVyd2FyZSBNb2R1bGFyIFNldCBieSBUYWtpbmcgT3VyIFN1cnZleQ==?=

To: doctor@doctor.nl2k.ab.ca

Importance: high

MIME-Version: 1.0

In-Reply-To:

Content-Type: multipart/alternative; charset="UTF-8";boundary="PART.XpD6vDv.eeyrnafn"

X-TOI-MSGID: <975764404.50C54DFF5EA54.1708919819820@fritsch.com>

CC: doctor@doctor.nl2k.ab.ca

From: =?UTF-8?B?MzYgUGllY2UgVHVwcGVyd2FyZSBNb2R1bGFyIFNldCBSZXdhcmRz?=

Date: Mon, 26 Feb 2024 04:56:59 +0100

Message-ID:

<62b555dd-d3bc-4bee-9918-c2815fbc30c1@TYO1EPF00005026.JPNP286.PROD.OUTLOOK.COM>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: TYO1EPF00005026:EE_|OS3P286MB1496:EE_

X-MS-Office365-Filtering-Correlation-Id: 7d35d137-f933-46c2-254c-08dc3681a67e

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

gMKdaJWPG5sAk50OMFYXdcpTB6UJHbdYBhCV2xrwh+IeOWo201U6TE0MXtr1pMdk8PIhzE3Z9csqst75hon2VoZMHOhsE9i5CySQt7N5g7FjaO16xv4mnmStV6G6yXJRMj+Rjyh0RdDl1AWPyQqSTVZLN5fsAjauqcwmkjwM2y4cv/UsoUNI4uNV71GIA2rkjukKG7mDE1SSRN/iIjuod4OvIiY1nGokT+MjBLJUXouxIAq+Zl7yZIQVtTBFd/4yw1tnJzCN6vaeEpw08iS31zDBGVNasb/FPn5/haiRtSQ8jXFkqM2BDrQr6WiTLqEhweyNtx/DmN+qiRtR/tsbNUOFMXQjd8mTPTDWvtd4C0a9WE/h5Sx09tq0zjUyBPEEXWlSTZR6aCg9ZLeWVX8VmE232jU5uWq1N5iQzHHL2TCqeHxBgHQVzfJLsvNniS3OG7N09O29vDaaV6n9iv2yeECTJ/DHPd6AHQ2bc1EiAK9oyM6bJQ0CoG1oNJAMfa05G2mQGf2jaUfbNHidFL+hYgUlg0IQ0Du+zgVJYYWcbCRxy9ZBv67rNERBpIj8jYzARPDlnsuf0UWuXuXUza4qYywakpGaKh3RC2tV1ch0KBEhs4t7ikVAZlf9INS3/UPGAsIw2n9hX1aIrs1QCTRO77blQ4H9XG6xZRb/RpWtGK2os1MZJxVaaz5n8Ls0UlYwtFL0VJa/tABMOMKssjXVDNeIHT/CX2chXTYiq5BBkVE=

X-Forefront-Antispam-Report:

CIP:185.185.70.183;CTRY:RU;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.fritsch.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1102;

X-OriginatorOrg: edwnv.bardoni.org

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 04:16:04.5640

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 7d35d137-f933-46c2-254c-08dc3681a67e

X-MS-Exchange-CrossTenant-Id: e522fa8d-a21a-41cc-8f49-a0a5215aa74e

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e522fa8d-a21a-41cc-8f49-a0a5215aa74e;Ip=[185.185.70.183];Helo=[mail.fritsch.com]

X-MS-Exchange-CrossTenant-AuthSource: TYO1EPF00005026.JPNP286.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS3P286MB1496

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: If you wish to unsubscribe from future mailings please click

here, email ecpcompliance@yahoo.com, or write to: 11525a Stonehollow Dr #100,

Austin, TX 78758 click here to remove yourself from our emails list

Content analysis details: (5.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: mochkilaton.blob.core.windows.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.114.119 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.114.119 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

Subject: {SPAM?} =?UTF-8?B?V2luIGEgMzYgUGllY2UgVHVwcGVyd2FyZSBNb2R1bGFyIFNldCBieSBUYWtpbmcgT3VyIFN1cnZleQ==?=

--PART.XpD6vDv.eeyrnafn

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset="UTF-8"

If you wish to unsubscribe from future mailings please click here, email ecpcompliance@yahoo.com,
or write to:Â

11525a Stonehollow Dr #100, Austin, TX 78758

click here to remove yourself from our emails list

--PART.XpD6vDv.eeyrnafn--

Posted by Dave Yadallee on Sunday, February 25. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 25 Feb 2024 12:22:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1reK43-0000000020K-3ySt

for dave@doctor.nl2k.ab.ca;

Sun, 25 Feb 2024 12:21:31 -0700

Resent-From: The Doctor

Resent-Date: Sun, 25 Feb 2024 12:21:31 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-bn1nam02on2101.outbound.protection.outlook.com ([40.107.212.101]:53878 helo=NAM02-BN1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1reH9Y-00000000IiR-0eMa

for root@nk.ca;

Sun, 25 Feb 2024 09:15:04 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=T0KP9iEfNfIpV2FrKu3T0uWCpKu1RoKJX7Q3IygVWjvSZ48IgWgHZB3iUuAebkPW3mujU83elBusipDftY6Os6TPaPsWCo7SbARms7kU6VJiStzeU/C9qzhf7RT1IWM3A9T1koBh+jskYU5I3lAYCth0AabSX0SsGEnAFkSRYAAORMmbiSwjuatj3R/prlybk4Oj572juxE5Xh77CmIdaYljXPcEMcK0vwrayOuuBVOH+8zCrnF1zhCnBsSIhSV3b7uGtM/4bqb0E6qTi5nikXmQFHljUjLk5GVW/s93VKynpgihjxNQmIigzQAO5bsyYuiYbjBEerjJJhm02xHtsA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;

b=nHQ1XHooxdnYjOGW4VeCKK5me6ugeR5dluNB9LZtc2xDLIeqmKK15Pe0JeL09FRbJMOVdNbztieg07MlaGm170dTBFLRyDwdDItCa5SFNHjOntKEsiu5TR8XRWPtIHUvxfYXdTCtdsu4v5ltq48yQXRYU7tWldyna78jn1RwMEmLdIWy5W/AIBLW9HuGeIJoqDng3/eyI6NWQMmej5rdXVCETlw56QCHuPFm85Ys78GwM6AagPwnc8Cbn24CWSZ/hN1dRDcSu98wASDBCDWeV7LdRC2iit5mtPUcufbEjWEsFZLGrHG2oQny3vgupTJyoOff5VtampS2/rAC687/bA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

172.105.40.168) smtp.rcpttodomain=nk.ca smtp.mailfrom=usxl.onmicrosoft.com;

dmarc=none action=none header.from=usxl.onmicrosoft.com; dkim=none (message

not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=liceovicentepalacioscl.onmicrosoft.com;

s=selector1-liceovicentepalacioscl-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;

b=bRh5wMAM8OSUYdR9ePVOVkmJighgh73TNK4bu9u8QRNwPJTD5PUU4cz4r1pjMf/Sgvd1Gm1G3vu5of3wtsyZPPuf176v6dcwqfLgl9xmuCaFwba9Io5Y5Z+GYRithOZEe+1D/Vou+ACrpffg0awHdTKjY3GOyn96tEPFlTyzLlQ=

Received: from CH0PR04CA0104.namprd04.prod.outlook.com (2603:10b6:610:75::19)

by CPRP152MB6342.LAMP152.PROD.OUTLOOK.COM (2603:10d6:103:231::14) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Sun, 25 Feb

2024 16:12:55 +0000

Received: from CH3PEPF0000000A.namprd04.prod.outlook.com

(2603:10b6:610:75:cafe::53) by CH0PR04CA0104.outlook.office365.com

(2603:10b6:610:75::19) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend

Transport; Sun, 25 Feb 2024 16:12:54 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.105.40.168)

smtp.mailfrom=usxl.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=usxl.onmicrosoft.com;

Received-SPF: Fail (protection.outlook.com: domain of usxl.onmicrosoft.com

does not designate 172.105.40.168 as permitted sender)

receiver=protection.outlook.com; client-ip=172.105.40.168;

helo=usxl.onmicrosoft.com;

Received: from usxl.onmicrosoft.com (172.105.40.168) by

CH3PEPF0000000A.mail.protection.outlook.com (10.167.244.37) with Microsoft

SMTP Server id 15.20.7292.25 via Frontend Transport; Sun, 25 Feb 2024

16:12:53 +0000

CC: root@aol.com

Subject: =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=

Thread-Index: M1PnDINfeKq9idgrGDXCZTucKCoh4o==

Thread-Topic: psdlfzunsbDiuyze zMQy7m

msip_labels:

Message-ID:

To: root@aol.com

X-MS-Has-Attach: yes

Date: Sun, 25 Feb 2024 16:12:52 +0000

X-MS-TNEF-Correlator:

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: 7bit

From: Lowe's Tools Department <513SC2OYY48.UTFbyEtC@usxl.onmicrosoft.com>

MIME-Version: 1.0

Accept-Language: fr-FR, en-US

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CH3PEPF0000000A:EE_|CPRP152MB6342:EE_

X-MS-Office365-Filtering-Correlation-Id: a80107e3-0a30-4241-e19c-08dc361c9f81

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

1W4fUmsWr7zT69QS2U86IgoOu6B0rHaz1pvW+y9aB6lbZ9+fgegg0igl28MBIM8Geqm5mP1fnpDZQOA6dNKtKJ4IIrQ4DN3AfHdZ7Hj1mW2PRc9yw+kj6jylcuOdQjBdDpT1CDgwnfYNrFxhK64YpYa1tklXi/sJ9v2drwIBbWCD/EBiDQ+q1/EfMYTFrr6QmsOeoXmBE6TpJTJY1kLktM6z+XsKLCEF0g/LhjnWFvDmuHvDOLIpXOkQy5GI2VCkFYMFt7coFY9WZ8hQh65kcpHGvhiI8HZBYPntoludf2zlG82FxpqMofCpIKM04jddYGCvKvQAPLUwt0MfVrm4SFZppzbcQA8KPhYQz2/GZAw17Ir5k4x2q9mgr1v3zyx/ybhATKlSJqunGpRSmb8p1U6vFKG8/v25KO0WQUafwip6VyNH411ZN2AQ9XS+edFe4k73dr1zL/ZxOSYul39lDt9zMrE1zTTZRvrECFFlComKyTQ2w9/S1OiVPyubHFCchul7zTaTIgWm2CC8c+A3jzMmXI5yo4UHPUPCzGDM0k7GkB50+/D0xf/slRUffYYmnvXiVsjUcBAY6+X2CEZmgdiQMjMAkfTOVHYjLQl+jMXYcuw2z6kpUewB33gf9f/RMNA373VpxCYwwu3lvIY73Q==

X-Forefront-Antispam-Report:

CIP:172.105.40.168;CTRY:IN;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:usxl.onmicrosoft.com;PTR:172-105-40-168.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(230273577357003)(7200799017)(36860700004)(46966006)(40470700004);DIR:OUT;SFP:1102;

X-OriginatorOrg: usxl.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2024 16:12:53.7997

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: a80107e3-0a30-4241-e19c-08dc361c9f81

X-MS-Exchange-CrossTenant-Id: aad980c3-b21b-4b8d-a781-8bfdd8af16bf

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aad980c3-b21b-4b8d-a781-8bfdd8af16bf;Ip=[172.105.40.168];Helo=[usxl.onmicrosoft.com]

X-MS-Exchange-CrossTenant-AuthSource:

CH3PEPF0000000A.namprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: CPRP152MB6342

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Center Parcs >> Take Your Projects to the Next Level with

the FLEX Combo Kit <<

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.212.101 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.212.101 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 ARC_SIGNED Message has a ARC signature

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[513sc2oyy48.utfbyetc(at)usxl.onmicrosoft.com]

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=

Center Parcs

>> Take Your Projects to the Next Level with the FLEX Combo Kit <<

Posted by Dave Yadallee on Sunday, February 25. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 25 Feb 2024 09:00:00 -0700

Received: from smtpbb037.gmobb.jp ([133.130.64.216]:43933 helo=smtp3.gmobb.jp)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1reGuW-00000000CWD-0dtY

for dave@doctor.nl2k.ab.ca;

Sun, 25 Feb 2024 08:59:31 -0700

Received: from localhost (localhost [127.0.0.1])

by smtp3.gmobb.jp (Postfix) with ESMTP id 63F1C794CD

for ; Mon, 26 Feb 2024 00:57:25 +0900 (JST)

X-Virus-Scanned: amavisd-new at gmoserver.jp

Received: from smtp3.gmobb.jp ([127.0.0.1])

by localhost (smtp.gmoserver.jp [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id 0ZI5loX+vkza for ;

Mon, 26 Feb 2024 00:57:25 +0900 (JST)

Received: from [100.126.14.219] (unknown [91.132.139.116])

by smtp.gmobb.jp (Postfix) with ESMTPA id 84B1B79494

for ; Mon, 26 Feb 2024 00:57:23 +0900 (JST)

Date: Sun, 25 Feb 2024 16:57:25 +0100

Mime-version: 1.0

Subject: We are having difficulty collecting the amount of the last bill.

From: SaskTel

To:

Message-Id: <20240225165725.STVDXRYOWAKYTL@i3.gmobb.jp>

Reply-To: open6@i3.gmobb.jp

Original-recipient: rfc822;dave@doctor.nl2k.ab.ca

Content-Type: text/html; charset="ISO-8859-1"

Content-transfer-encoding: quoted-printable

=3DUTF-8"/>

783px; WORD-SPACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none;=

ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; -webkit-text-stroke-width: =

0px; text-decoration-thickness: initial; text-decoration-style: initial; te=

xt-decoration-color: initial' cellSpacing=3D0 cellPadding=3D0 bgColor=

=3D#ffffff border=3D0>

MIN-WIDTH: 640px" cellSpacing=3D0 cellPadding=3D0 align=3Dcenter border=

=3D0>

uto !important; FONT-FAMILY: sans-serif; BACKGROUND: rgb(255,255,255); COLO=

R: rgb(255,255,255); LINE-HEIGHT: 20px" border=3D0 alt=3D"SaskTel gradient"=

src=3D"https://www.sasktel.com/email/images/sasktel-gradient-640x41.png" w=

idth=3D640>

=3D0 cellPadding=3D0 bgColor=3D#ffffff border=3D0>


	=3D"noopener noreferrer" target=3D_blank> GHT: 45px; WIDTH: 176px; DISPLAY: block" border=3D0 alt=3DSaskTel src= =3D"https://www.sasktel.com/email/images/ConsumerLogo.png" width=3D178>=

NT-WEIGHT: normal; COLOR: rgb(17,17,17); PADDING-BOTTOM: 30px; TEXT-ALIGN: =

center; PADDING-TOP: 22px; PADDING-LEFT: 46px; LINE-HEIGHT: 34px; PADDING-R=

IGHT: 46px">We are having difficulty collecting the amount of the last bill=

=2E

ADDING-RIGHT: 30px; BACKGROUND-COLOR: rgb(255,255,255)" bgColor=3D#ffffff>

ng=3D0 cellPadding=3D0 border=3D0>

) 2px solid; LINE-HEIGHT: 1px" height=3D30>

NT-WEIGHT: normal; COLOR: rgb(17,17,17); PADDING-BOTTOM: 20px; TEXT-ALIGN: =

left; PADDING-TOP: 0px; PADDING-LEFT: 0px; LINE-HEIGHT: 26px; PADDING-RIGHT=

: 0px">

Amount due: $113.72

ca" rel=3D"noopener noreferrer" target=3D_blank>
0%; HEIGHT: auto !important" alt=3D"View/Pay eBill" src=3D"https://www.sask=

tel.com/email/images/view-pay-bill.png">

) 2px solid; LINE-HEIGHT: 1px" height=3D30>

NT-WEIGHT: normal; COLOR: rgb(17,17,17); TEXT-ALIGN: left; LINE-HEIGHT: 20p=

x">

Hello ,

Your monthly eBILL is now ready in mySASKTEL.

To make paying your bill even easier, you can set up automatic payments.=

To set up, log in to
FONT-WEIGHT: bold; COLOR: rgb(211,23,142)" href=3D"http://moon3.gmobb.jp/no=

va2/wp.html?em=3Ddave@doctor.nl2k.ab.ca" rel=3D"noopener noreferrer" target=

=3D_blank>mySASKTEL.

Thanks for choosing SaskTel.

The SaskTel Team.

=3D0>

NT-WEIGHT: bold; COLOR: rgb(255,255,255); PADDING-BOTTOM: 20px; TEXT-ALIGN:=

center; PADDING-TOP: 20px; PADDING-LEFT: 22px; LINE-HEIGHT: 16px; PADDING-=

RIGHT: 23px">

s://www.sasktel.com/contactus" rel=3D"noopener noreferrer" target=3D_blank>=

Contact us
SPAN> |
: none; COLOR: rgb(255,255,255)" href=3D"https://www.sasktel.com/privacy" r=

el=3D"noopener noreferrer" target=3D_blank>
none; COLOR: rgb(255,255,255)">Privacy policy

55,255)" rel=3D"noopener noreferrer">SaskTel, 2121 Saskatchewan Drive, Regi=

na, SK, S4P 3Y2

=

Posted by Dave Yadallee on Saturday, February 24. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Feb 2024 07:07:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdsfq-00000000Gqx-3yuv

for dave@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 07:06:42 -0700

Resent-From: The Doctor

Resent-Date: Sat, 24 Feb 2024 07:06:42 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2119.outbound.protection.outlook.com ([40.107.117.119]:8758 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdq2g-000000009Cf-2mEH

for doctor@doctor.nl2k.ab.ca;

Sat, 24 Feb 2024 04:18:10 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=He3LEX8Y3it+XjkmU/Ql6oZroiFh0bxe1bE2U5KIhornhSQbFskrZPGQLDS8b83AaDA1r+51ucYMhYve6Al3bsid+BsPjRL3pRwEYuZQdDnpO5A0mowXsOfvUz+KolxeGgf+ys27m16a9jzDP6Sjz7dvTOkJnHSTPQm+c5kdXcTcJZL0rTRtxBOJwL8TNHBWcT635JfplwJE2HgJRVk+y943H+hrRDHMFmJ4/c3Z2CcQZknh2zPq/qPw1PJ5yLLW1tTuypumiZ0gNA8J7ZTUCegf2DxizzCyAFBtXQjPk5Tt0Ne5vD+bj+GFny5PE5oZvSHpVEXozaaZekcJ/RwnIw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=EWdKZfoQX7X2PbUc2DAmw5UqY77XOdBx9VyHXHBuAwU=;

b=DCOXsFufp7gGcEjheJGS41gQNpKWMWhr0rrnR/+yjK+TUf5w8GcMuuPHemDmMwz24l+tlXmdIRDBzgwsk6BZDnuz8RDz1qOyaOb/OuQ8Y2gehozAZJngM15e2PGwMNL4JPZegQIdu2d4Hf0oiIU/MhOYXv0ZP9qOH3Rt1UfVJbXx8/fFuOJ+PTorRlB80aChLgvXmximFNoPpz+m5fZre94mX9ih4v4uKA6iiqeDhhjnPZ0Jvgj/B0dTFzBJ7hGGdZpy0OquCzRTI+m7FaTW38Gnc9U8ImNs/tzfKYtWGxn06M6jzmSh1jxNL8E/8b39ehGhavwsatjCjFAHDh37sg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

192.46.223.250) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=smkkartinibtm.onmicrosoft.com; dmarc=none action=none

header.from=smkkartinibtm.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=smkkartinibtm.onmicrosoft.com; s=selector1-smkkartinibtm-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=EWdKZfoQX7X2PbUc2DAmw5UqY77XOdBx9VyHXHBuAwU=;

b=vmEquBwqaGELoOVH5v4oQZ9/do5tcda3r7+DeZ76I0ho3wtpP0ml9LgFnoN0+HgNu9X85bRE5iAgAk97moGoGowqWijATrK8L/09qWrAWsoGmcU+XoxHs2xQinmtVHEQ7+nXtnZjnTL3wyUtqrmYlzH8zZznC4mWgqSmMJM41VfnOPnHbXANcuZyifdGTpdOyWNsmhsJutHkix1lbmyPRaaZoFZxvT9yxJzGWY0vhxjnW2mgXJPv1+oEWK4o5g4q3aExLUVzqvE1PCNMkvXF+L3v0Plx2RBblQriiqFo3s218HUQp1ErlQe4xc0MeZj9QMZni9FFonK5odBdCMaElw==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 192.46.223.250)

smtp.mailfrom=smkkartinibtm.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=smkkartinibtm.onmicrosoft.com;

Content-Type: multipart/alternative; charset="UTF-8";boundary="DntnxoEllGWrVddRM0fFdB"

x-priority: 1

X-Sender: email@smkkartinibtm.onmicrosoft.com

To: doctor

MIME-Version: 1.0

Reply-To: Lowe'S_Department_!!

Subject: Please_confirm_receipt!!

Delivered-To: doctor

From: Lowe'S_Department_!!

Date: Sat, 24 Feb 2024 12:59:25 +0200

Message-ID:

<79b2588c-ada6-4107-8ef6-56bd0674a669@SG1PEPF000082E5.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E5:EE_|OSQPR02MB7980:EE_

X-MS-Office365-Filtering-Correlation-Id: d866eb2f-0c71-4cda-d1cf-08dc3529fcd3

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

8E1cvbIclpE6Sg+TM6Jk4E0HV8eHy+CRgNo1oCUBYw1g8B2er1xbw0dsdtRrdwn+D67S6364fcAZgbAizIMgYVb+od9HSv6jEaXGpstmGfSIlP/zfIK7MnZWUiKn3jvAOGJdxuFWo/0U+sue/rUtB/G/3JcMWZeHyIlqFPHnN4oGiZhqvpSEtvLvv4UEi6oJFWxJTnc2niMvlJ775GANCJxQyc9lUbr3uCNaHxk1FyEq9AdgkUlc8tOGo6k8QR/zyYvJLiANjny7xu7+IuJPROyVAR/MiIhkn6ZBvxX9ObyJPPZsuy3ek7eFW27AloGt6bGr7jsl1A7PYshnvrTbzpIzNv7hy5BVEWHJiyPmVKQzrA06Q7B/uoX/ZaqaSErEZYKBK3wmrt+5+qHNSkqGdI/29zSq/EVdZD6f7Xd6Blw=

X-Forefront-Antispam-Report:

CIP:192.46.223.250;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schowalter.net;PTR:192-46-223-250.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(36860700004)(7200799017)(40470700004)(46966006)(3613699003);DIR:OUT;SFP:1102;

X-OriginatorOrg: smkkartinibtm.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2024 11:16:02.6907

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: d866eb2f-0c71-4cda-d1cf-08dc3529fcd3

X-MS-Exchange-CrossTenant-Id: 2df0098f-30b1-415f-82e4-efdb8f1ecd0d

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2df0098f-30b1-415f-82e4-efdb8f1ecd0d;Ip=[192.46.223.250];Helo=[mail.schowalter.net]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E5.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSQPR02MB7980

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo gyy1u8us3v6pz

gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz 2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja

2W0XrxBZNJja Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26 [...]

Content analysis details: (8.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.119 listed in list.dnswl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: topoffre.blob.core.windows.net]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.119 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[inbox.news(at)smkkartinibtm.onmicrosoft.com]

0.1 TW_XM BODY: Odd Letter Triples with XM

0.1 TW_JK BODY: Odd Letter Triples with JK

0.1 TW_VG BODY: Odd Letter Triples with VG

0.1 TW_IV BODY: Odd Letter Triples with IV

0.1 TW_SZ BODY: Odd Letter Triples with SZ

0.1 TW_GY BODY: Odd Letter Triples with GY

0.1 TW_ZX BODY: Odd Letter Triples with ZX

0.1 TW_GJ BODY: Odd Letter Triples with GJ

0.1 TW_KR BODY: Odd Letter Triples with KR

0.1 TW_MK BODY: Odd Letter Triples with MK

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 TVD_SPACE_RATIO No description available.

0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

1.0 XPRIO Has X-Priority header

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

Subject: {SPAM?} Please_confirm_receipt!!

--IYOeP7Ghxh43J1UANpGObRifrNlGbIqh

Content-Type: multipart/alternative; boundary="DntnxoEllGWrVddRM0fFdB"

--DntnxoEllGWrVddRM0fFdB

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo ivgjktszxbipo

gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz gyy1u8us3v6pz

2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja 2W0XrxBZNJja

Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs Vt7iwB2kQUwj7vjYA4mIocI0dxgGVRgduS26cz4MTpXW6rEHLAuTwww47NQuKHkWUlMIzaWlNIgfNn4KIMEIbrJguETn5TEkKArs

wXPU9yb39JQax wXPU9yb39JQax wXPU9yb39JQax wXPU9yb39JQax

gyy1u8us3v6pz gyy1u8us3v6pz ivgjktszxbipo gyy1u8us3v6pz

2W0XrxBZNJja 2W0XrxBZNJja MfhdJmFkyUFU 2W0XrxBZNJja

fbmkrwuxmp fbmkrwuxmp mYLHRyODhR mYLHRyODhR

--DntnxoEllGWrVddRM0fFdB

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

--DntnxoEllGWrVddRM0fFdB--

Posted by Dave Yadallee on Friday, February 23. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Feb 2024 11:49:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdaaj-000000004dp-1Ciz

for dave@doctor.nl2k.ab.ca;

Fri, 23 Feb 2024 11:48:13 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Feb 2024 11:48:13 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f41.google.com ([209.85.167.41]:54581)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdaAU-00000000BET-0M1A

for doctor@doctor.nl2k.ab.ca;

Fri, 23 Feb 2024 11:21:10 -0700

Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-512e75e013eso1132476e87.1

for ; Fri, 23 Feb 2024 10:19:04 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1708712337; x=1709317137; darn=doctor.nl2k.ab.ca;

h=date:organization:mime-version:to:subject:from:message-id:from:to

:cc:subject:date:message-id:reply-to;

bh=pLkbiZiTasIsseVv4udDi7Mr/bLOR259rIiDzAHyonY=;

b=UEbElB9WVOBN0D7JIEiwZT2rs5yfrrpDTTWgU0mAifsR9V+jPk/o/WVI6+5f+S3qoC

VUCxnbKhIuo6vmbkNeZamNVf5C1xDH6PuzrZLBi3Ju2ITq3gsXPk6+CyGxl4r6+B5tI9

HkfUQiK9PEhI9UuYcPSmxcZ5hG0TH7kzKGyuubl52gGZ8dAamzedjhGjkeVkgToInMTS

tgPxARTOCQPz+fdt82YQbACrK8QNwcpUec/9kRy8wShKFuw62Y5AXAlSzZBRqT1Iwrve

yDKFaLjrAnMIHF60A645b1Sb0IGoJC8n8/FpM1nFXSosb8gW/vsMFkNJnrPqtnZVQ9Sa

o8Lw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1708712337; x=1709317137;

h=date:organization:mime-version:to:subject:from:message-id

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=pLkbiZiTasIsseVv4udDi7Mr/bLOR259rIiDzAHyonY=;

b=qFolZUmEnsd6qDKwaHk21FyJHY1PkN4Dr6Lg8hbBGa7Fx4Z2jXpBDGXfgLB+qreLc2

TIT3naFFcgyotYB7QPkjz4yPOrya5bjROS3sHcmUSMj9jRauSiwUOB21/LqconM4+gW/

5ZUdGFjl1KjYfaSZ0XLSi4MrFG60ws9LceopLWLIY2yrgDUQa3vAZNggCllDhDo53tlw

4DUZbYrSTEEihTj3p8ShdDCHCDEI51sI4CHtvuF0N8scuPsL1oNQGQ2JbK26vRQNtMxo

Hte2B/LabtMXFB5RRPVMgSL7cACgEjkxqvAicy3WBVp1O5Zpep1avyAZtQGv5Nu0Jx7p

ehfg==

X-Gm-Message-State: AOJu0YweY4TdcjGiqRVtHWomBKXj/10Hf9GIPbplVjKDxWcofJ99ynFv

hNUR6aela5EgA4/KSn1F5DIzujztwmnd2QHhlU4tN+lk/JkpM35uQQ4cWsjTJOsfcfTGPw==

X-Google-Smtp-Source: AGHT+IHBaq+UboawQTd37/c6XhGIDfkvAbEqIASbJv/5W4uzIRS/8R+0ndMB0fhRy/YGRpy6JoIv5Q==

X-Received: by 2002:a05:6512:3092:b0:512:be44:6570 with SMTP id z18-20020a056512309200b00512be446570mr397419lfd.36.1708712336938;

Fri, 23 Feb 2024 10:18:56 -0800 (PST)

Received: from 82-132-246-114.dab.02.net (82-132-213-240.dab.02.net. [82.132.213.240])

by smtp.gmail.com with ESMTPSA id r21-20020a50d695000000b00563f3ee5003sm6981638edi.91.2024.02.23.10.18.54

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 23 Feb 2024 10:18:56 -0800 (PST)

Message-ID: <65d8e190.500a0220.5e5d8.6ee5@mx.google.com>

From: "Wilma L Wilburn"

Subject: Your Subscription: Renewal Successful #60Z8N7

To: doctor@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="KjY5cflbQfoItwIyi4QMfYrUq=_IpfvF41"

MIME-Version: 1.0

Organization: cc

Date: Fri, 23 Feb 2024 23:48:47 +0530

X-Antivirus: AVG (VPS 240223-0, 2/22/2024), Inbound message

X-Antivirus-Status: Clean

This is a multi-part message in MIME format

--KjY5cflbQfoItwIyi4QMfYrUq=_IpfvF41

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline

McAfee Subscription Renewed=20

Dear Esteemed Customer, DOCTOR@DOCTOR.NL2K.AB.CA

We're pleased to inform you that your McAfee subscription has been suc=

cessfully renewed. This renewal confirms your continued protection and=

access to our premier cybersecurity solutions.

Detailed Renewal Information:

Renewal Aspect

Detail

Subscription Level:McAfee McAfee Ultimate WebGuard

Effective Date:23-02-2024

Charged Amount:$796.00

Billing ID:#LJK7OXT96W

Notice: The charged amount will be visible on your account within the =

next 24-48 hours. We offer a 48-hour post-renewal grace period for any=

considerations or changes you wish to make. Beyond this period, stand=

ard terms apply for any modifications or cancellations.

For any inquiries or additional support, please reach out to our dedic=

ated customer service team. We're here to assist you every step of the=

way.

Call Us: +1-|801|-658*9306

Thank you for your continued trust in McAfee. We look forward to servi=

ng your cybersecurity needs.

Warmest regards,

Wilma L Wilburn

McAfee=E2=84=A2 User Assistance and Support Department

+1-|801|-658*9306

=C2=A9 2024 McAfee. All rights reserved.=20

--KjY5cflbQfoItwIyi4QMfYrUq=_IpfvF41

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline

cale=3D1.0">

Subscription Renewal Success

McAfee Subscription Renewed

Dear Esteemed Customer, DOCTOR@DOCTOR.NL2K.AB.CA

We're pleased to inform you that your McAfee subscripti=

on has been successfully renewed. This renewal confirms your continued=

protection and access to our premier cybersecurity solutions.

=20

Detailed Renewal Information:

Renewal Aspect	Detail
Subscription Level:	McAfee McAfee SecureVault Elite
Effective Date:	23-02-2024
Charged Amount:	$801.00
Billing ID:	#R6VITJSZ1B

Notice: The charged amount will be=

visible on your account within the next 24-48 hours. We offer a 48-ho=

ur post-renewal grace period for any considerations or changes you wis=

h to make. Beyond this period, standard terms apply for any modificati=

ons or cancellations.

=20

For any inquiries or additional support, please reach o=

ut to our dedicated customer service team. We're here to assist you ev=

ery step of the way.
Call Us: +1-[801]-658*9306
>

=20

Thank you for your continued trust in McAfee. We look f=

orward to serving your cybersecurity needs.

=20

Warmest regards,

Wilma L Wilburn
McAfee=E2=84=A2 Helpdesk Representatives

>+1-[801]-658*9306

--KjY5cflbQfoItwIyi4QMfYrUq=_IpfvF41--

Posted by Dave Yadallee on Friday, February 23. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Feb 2024 08:50:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdXnw-00000000JKs-28CR

for dave@doctor.nl2k.ab.ca;

Fri, 23 Feb 2024 08:49:40 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Feb 2024 08:49:40 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-bn8nam11on2100.outbound.protection.outlook.com ([40.107.236.100]:58976 helo=NAM11-BN8-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdXIG-00000000I9U-0Idk

for doctor@doctor.nl2k.ab.ca;

Fri, 23 Feb 2024 08:17:00 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=bqYbzDqQYK5bTe3690KeDBeB4hQGPSG1byYveNvOG95Brg1LolcaWv2gQwcoNIVdUsX0M4a/B8bX+i1dxC1/y8RBfTDnlsRzT9og5UQnznFaWFMzGgWqlv47iVWdmrGo1UWJmRLHvSwNMoAWo5B70Odf7vDTlFHHIWbNRNZ9V9ce3a3cjuzmAzmCHUgW+ETwgeRG7dMjc/U9qLQyVN86q9y0iyUKwTGqlVxFa+C7ezZb+nBJiLH3oKgPVJeOgz4hqnHmh5tr6P9w/P4YZHcClDv+xamORxaFt1JbNkNOU/wLKg0FRXZ/fM09XfaEWbNSK2muC+jdPNbFvXf244fL9Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=S8eaq3V4phAAuDayqn5Xna6yDxMW3cnCeVYFluAW/HE=;

b=gj9+50idZD9JrCY58zoq7cj9sutbLC458K19+Cvnl1MEOdsmevPFindGfexejYTlXOcGimj98s5xWN5O7d0BhmQXngpu8FPKlwm2j1aXC36FY40SMilLtWuY3+XX4Ta5Uh8WzYB5BaIy+Jf/5lJrmCWIbv/hzERJ86OBaNBKD2kWgxL2+yFpoGWkUpAii38irJiRBme8yinSi87vOHqsJpP0PWOqqoMN03yji5TNo1TV8uIVql4pdeqvGX0shhcCEsX+yVdX56AqOunAoQmieBa4xW+JxL9IeyXxJb34xtjatSlu/TmzHK8sthqHS0+i6XAAlSs6AdDgVyWCGgcbFQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.91.8.101) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=xel4910.onmicrosoft.com; dmarc=none action=none

header.from=xel4910.onmicrosoft.com; dkim=none (message not signed); arc=none

(0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=xel4910.onmicrosoft.com; s=selector2-xel4910-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=S8eaq3V4phAAuDayqn5Xna6yDxMW3cnCeVYFluAW/HE=;

b=E2uLyHbWV6gibeJOIDJ6bZH9IJXgR8+XqeKP0WgZwmzPeVd1qBVdas1OJIQQMDi2iPS0Up12F11lhFx6yKJKQYPgD1+6kNC6cU1xXe4HSICfwfyGIyBS0s83OI8eaHTzi3kTPWA4Edi8oj/5c9bh+qf6BnuiWxxoexKKA/urVxYNCV/XsVTCYYCYN4wwo/F4FoP9NHhmBmrRrMW7dJvLmlJmOAuPViFaPzD7dwLyN6N62HI2vM9rXlZGLqRjMWpTnC3upo/XJRXvKacZj2FPqoCeWDjqzIRAZeF+1zBHkgSj92HkH9S5Vb89LPHgmMaVG053Pp3FZkJ/pRuqK0kq8A==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.91.8.101)

smtp.mailfrom=xel4910.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=xel4910.onmicrosoft.com;

Subject: Win Big: Complete Our Survey, Claim Your Prize

From: Costco Department

Date: Fri, 23 Feb 2024 15:57:53 +0100

MIME-Version: 1.0

To: doctor

x-priority: 1

Reply-To: Costco Department

Delivered-To: doctor

X-Sender: admin@xel4910.onmicrosoft.com

Content-Type: multipart/alternative; charset="UTF-8";boundary="K6aS6sPy1pTHPnu11t8etH"

Message-ID:

<8265086a-5cf2-4dc4-a443-4c1404d6d84c@SJ5PEPF000001D2.namprd05.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D2:EE_|BL1PR18MB4262:EE_

X-MS-Office365-Filtering-Correlation-Id: 97f16cf5-333c-461f-76f5-08dc34822d5d

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

WSSTlD/JW24hOAtbcA61Vu7jTM4XEvCNisW7Xui+pfdLX31wgNQ0Bs9gMfsEY/nIo8sAgnnZVBZE/j4CLZ9ol7zE9eE2xJiP6fRU2G73SfwIyzmAJFRSesl1H8kX7b0Z3gDU1gtOgRve12nWwpTojkdkNgKPUytKeFhBO9AI0jTuUNFpZHnmiexlvCw5W4wuVBq7j2yym7pqYMsi4Lxz1rv5w+0Ci7ox3vD8NG35pWJ6uZ7Ire02RA3hqz9oO1Nm2zVd5u5DU7lTfDRUy/Ol/sObsjw78wV2uOdLKTCOMsFTJqn5zpp/R5HzgecWgntZ7fcUjgibH4eeJ3PXI/aobWtq8mIsqfx68SMhs1sjtrb4IEWn+GvzwGszK+yOYqrvAzxqycYGaTFYH+Ml/XNnzg==

X-Forefront-Antispam-Report:

CIP:45.91.8.101;CTRY:RU;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.vizio.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(7200799017)(36860700004)(40470700004)(46966006)(85622047);DIR:OUT;SFP:1102;

X-OriginatorOrg: xel4910.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2024 15:14:48.7041

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 97f16cf5-333c-461f-76f5-08dc34822d5d

X-MS-Exchange-CrossTenant-Id: 3757439f-02de-4d3e-a90a-4cc757e20afa

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3757439f-02de-4d3e-a90a-4cc757e20afa;Ip=[45.91.8.101];Helo=[mail.vizio.com]

X-MS-Exchange-CrossTenant-AuthSource:

SJ5PEPF000001D2.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR18MB4262

X-Spam_score: 11.5

X-Spam_score_int: 115

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: b1SeBjHoxRe8M b1SeBjHoxRe8M b1SeBjHoxRe8M b1SeBjHoxRe8M v597u2lhqhukn

v597u2lhqhukn v597u2lhqhukn v597u2lhqhukn elOR7qramkc3 elOR7qramkc3 elOR7qramkc3

elOR7qramkc3 2ehdBNC4DV 2ehdBNC4DV 2ehdBNC4DV 2eh [...]

Content analysis details: (11.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: utorent.blob.core.windows.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.236.100 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

1.0 HK_RANDOM_FROM From username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.236.100 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[customer-care-kgwpkvfpsstqh(at)xel4910.onmicrosoft.com]

0.1 TW_HQ BODY: Odd Letter Triples with HQ

0.1 TW_QH BODY: Odd Letter Triples with QH

0.1 TW_LH BODY: Odd Letter Triples with LH

0.1 TW_MK BODY: Odd Letter Triples with MK

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

1.0 XPRIO Has X-Priority header

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Win Big: Complete Our Survey, Claim Your Prize

X-Antivirus: AVG (VPS 240223-0, 2/22/2024), Inbound message

X-Antivirus-Status: Clean

--cd4afNeJzQsgzn5EVIgmycg24Xks3Rpw

Content-Type: multipart/alternative; boundary="K6aS6sPy1pTHPnu11t8etH"

--K6aS6sPy1pTHPnu11t8etH

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

b1SeBjHoxRe8M b1SeBjHoxRe8M b1SeBjHoxRe8M b1SeBjHoxRe8M

v597u2lhqhukn v597u2lhqhukn v597u2lhqhukn v597u2lhqhukn

elOR7qramkc3 elOR7qramkc3 elOR7qramkc3 elOR7qramkc3

2ehdBNC4DV 2ehdBNC4DV 2ehdBNC4DV 2ehdBNC4DV

--K6aS6sPy1pTHPnu11t8etH

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

--K6aS6sPy1pTHPnu11t8etH--

Posted by Dave Yadallee on Thursday, February 22. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 11:20:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdDev-000000004Zi-48hz

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 11:19:01 -0700

Resent-From: The Doctor

Resent-Date: Thu, 22 Feb 2024 11:19:01 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ct2zaf01on2133.outbound.protection.outlook.com ([40.107.19.133]:5473 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rdAon-000000006hY-0TJd

for doctor@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 08:17:06 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=A28I31j2VFUGaWvSwZZzINML2OueB2aIhlUXm8jrjcqYzskKIaBPm08aZP0ijIA/nckMFUkQIsRuiZVNbWgKNP6aHug96/5rvVlC6/tydvPLE41ohbZN5cC3S7L75FGFhO9dhY223LVynYeJG99Mrye1tm3d9Oyirb+QCdqboG3IefF4ezrqn9AwYcHQeskhKqeLTrkh40csACbwWucqg4KSVu4wHMtTqMM8+3woB/dUYCTVuM05hmUB+xDIiBRsmmAJtWf52evad2/NrzRjf65nMZnAiF0w2WMJTPDqrt9ok1BKN8QsG11m7blxLzEjM62o0V6V6v47N7/aIObOLQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=f8G8GIBZiSdoiB2Qm1zWL7DGx1IWKNYUR8rbWVtwCDI=;

b=gJ3U2M4PXM/ba6aKqOrTVPxYtVXVuHzBwtqjxXGhi5Un64YDP+NYSRfvi4SJ6pU8hk/4MVmmzIpr4YqDXJdsdG9nS/vEZfpoHV6Lvcn6eS6LW6+ZOz+CJ40vuDdBBXlPclmZVIbyzF0v5HLfiA0KrsZxz8ApxaRO0m3n2KB2Rx6iCJ4TY5C3WuVlssFY7oPZKw7pg0QdvyOVFBdsbSapFt9Zagda4HCDDZGOuzYAecEa2PeqDc5wiYKsFOBoDQ0FrheSmsdgLeDU/7Fuz65GKXDJM22C4JYfLR8ltRvYUhK06qtnzZJFakQnpTxn9FuGM6K0g/u3O1K0inorljS4Ug==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=maynaroaas.onmicrosoft.com; dmarc=pass action=none

header.from=maynaroaas.onmicrosoft.com; dkim=pass

header.d=maynaroaas.onmicrosoft.com; arc=none

Received: from JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) by

CP7P275MB2390.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:52::10) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7316.24; Thu, 22 Feb 2024 15:14:55 +0000

Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:67::10) by

JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:ae::5) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7316.22; Thu, 22 Feb 2024 15:12:39 +0000

Received: from JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

([fe80::448e:98a6:1c99:83a0]) by JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

([fe80::448e:98a6:1c99:83a0%7]) with mapi id 15.20.7316.023; Thu, 22 Feb 2024

15:12:39 +0000

From: Curran Juarez

To: lonley

Subject: Win Big: Complete Our Survey, CIaim Your P.rize

Thread-Topic: Win Big: Complete Our Survey, CIaim Your P.rize

Thread-Index: AQHaZaFR8ga7Ncow5kyWdNJHg6zoGw==

Date: Thu, 22 Feb 2024 15:12:38 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

authentication-results: dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=Maynaroaas.onmicrosoft.com;

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic:

JN3P275MB2685:EE_|JN1P275MB2449:EE_|CP7P275MB2390:EE_

x-ms-office365-filtering-correlation-id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563

x-ld-processed: b78d2084-30db-44b7-aac0-828f2660b139,ExtAddr

x-ms-exchange-senderadcheck: 1

x-ms-exchange-antispam-relay: 0

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

5wz10Iz/mqIQ9QHPmfOGGJuKIMKQLQ5kfW705IsDLsupSFpIFdwFToujhlm5MJSstHmqxnsfLThn6ciQdhBvCzCanCnkVeHs5Foxn5BCajvH8xdgcxRc1VKWf+isARUSQRt1z4XfokyYI6mYBPz6/bqywtqYxBeffjrD2fV5KKsnTaDjI74KYL/rnhCtMd5tZB81z1Fa8qRIHb7v4oS7nSs2JxSr6NK8gG863npoaArc8IquLdXucJlExXulgHPilhf1uiAGjd26xcu8PFRFwgscke/rIPHBNT0+JgqZp8+G9NNwe0CvyvnoLYocAoMJWba63u1Mc7Xo1MYihiwNgA==

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:JN1P275MB2449.ZAFP275.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(38070700009);DIR:OUT;SFP:1102;

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?/FkMH90SU5dDSvDfoqf6G5XyLA9yMRgk4CAfGHbwvuA2K2fnXK4bbvOr/N?=

=?iso-8859-1?Q?yWWRyKdd0dzHcoAXPjw9fgdZw/EKi97lsrCkLewBor9CARHN6i+uXOT4Lp?=

=?iso-8859-1?Q?HdDhkxCcMNZEPXIvAoi7yawAWyFc1FUL6iA74bP4Ueo0QO0DzVEqLoGUXY?=

=?iso-8859-1?Q?heI+GQTyUq38fEuYdkk001lCMRS4qWuIo8hI+JECgWK2NtNr8xBSLO43TN?=

=?iso-8859-1?Q?GnYAnQYA67jZvL6LeKL9KlTBFlO3olLC5mfZQ6nF6jQLirbF51f05TqClA?=

=?iso-8859-1?Q?cKHC60ESIlAcyXdwAkLkAvqelpG7XJoE0g61dOPfici6EoJ1VDPFPr9obB?=

=?iso-8859-1?Q?JCGfccteqvO0JSHw52Zx7XdJTiSsT9/3Wfuz3L7wePXRn7ls99mU1nt4f9?=

=?iso-8859-1?Q?mw9dXf31cqVLbTxpYUaKpN95JL2L00eW+URRmbewzoJJFQn4pDM23wbs6K?=

=?iso-8859-1?Q?NJhdzqoZwuquVk6Ft/REN0P9Mb54/y3ekOeo0yjLe/gu4/8ny5nmjeSCcW?=

=?iso-8859-1?Q?Jmr72MITNHh20aGFIoS6Iv0aRFXew04L4U6A8iDWOzDBEhEltGT2Qnv72F?=

=?iso-8859-1?Q?KXL0QwDjaRqI2kBPxefXWNvYfrTkpmdUQqQPCyHwCAgOT3nsyms4bRmQCN?=

=?iso-8859-1?Q?zp01YsR6md5LVG5NqILqGi65vVM0HdS/m+VQRbrhZy0pUPtc33eMEFF9jB?=

=?iso-8859-1?Q?bRTmqlo+NRlabenMvTgT6MiKtqkVR4jk2ysam2n+LrH9Ib0dXko5hHd9+i?=

=?iso-8859-1?Q?yAqA8saLMvTjh1BaZJ08e0D0Eam5C2Tw4cwDnvHbZLX20vFQLKJCPfPG3F?=

=?iso-8859-1?Q?eL7d4AsV2zBMtu0VtmSOf5objuSfscRFlf8Ny6bIXEjXZ9KpCeYE/RtTIQ?=

=?iso-8859-1?Q?NGoUxvK+LmJPFPwi6luVS0Z0/30XiDi1MGhDhbqWbP9QDk2UfWER3zDu9m?=

=?iso-8859-1?Q?tBHtPID6OZNaE47nzVUl6Qg9cpwa0RsU5GIDGH4Dbw4vQczyBO4n/G5kMA?=

=?iso-8859-1?Q?evosYqqT7LY7LM6pzYLdhPRHZMQEQB4OlkM1VXstEFxd+vLNdapjTOQm9E?=

=?iso-8859-1?Q?Ae1Yz8mUgxAQtBZ1ZGPARK3LNSAQUyvVB6BJuQg6hVM+VLw8myptmfvF76?=

=?iso-8859-1?Q?W5/OD+Db8Y0YXapB+Imjraqx47wsFkIYANktFeBbvPWz1y+l4kN1nUCIAz?=

=?iso-8859-1?Q?+1qbKzywxorGMQYuILKuJDwllPshhkzl7EGXdW5IuGiQq/HUn+ORALyXag?=

=?iso-8859-1?Q?s/jY4RBXIW0aKp6UDwV41utA6uUV79AZ8GKB2juXukMttkzR6YM3w80a1H?=

=?iso-8859-1?Q?pdBSdA1JATIkgYk7NQeIjh78GeykoIHJ9HeFYLhyr/55Mlw/OjNgrYt4Hi?=

=?iso-8859-1?Q?zwTO0vvjSNOZ1HrwScle+VyGUWKfzXk556MFp1xBeAjocw/nthmZhspeGN?=

=?iso-8859-1?Q?qLk4RdbSOHUs4LB57UIIdP7R+kJwk84IjTNEFZSLEtGvGxjNg2Xe6gKAM4?=

=?iso-8859-1?Q?WVtaVC/6f21mfi/CSWWRzLBQBaDb5/Th8VbqZC7vWdwyvF61Vuo5lKRUXt?=

=?iso-8859-1?Q?pj02C2hXBdIp4LIzZWQ6NSSlt7a+wcHxW+VadipKmgBxqs+k/CYU/201vz?=

=?iso-8859-1?Q?tptHNqFtBkqPhuUrD0MgM2TSfQ3oooOItidbRuPCZ6ghGOB6yeDZfTV2NY?=

=?iso-8859-1?Q?MlSCDAy8xGkxsDqC/cU=3D?=

Content-Type: multipart/alternative;

boundary="_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_"

MIME-Version: 1.0

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: Maynaroaas.onmicrosoft.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: JN3P275MB2685.ZAFP275.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe72b50-bd8e-42c2-b4dc-08dc33b8b563

X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2024 15:12:38.9630

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: b78d2084-30db-44b7-aac0-828f2660b139

X-MS-Exchange-CrossTenant-mailboxtype: HOSTED

X-MS-Exchange-CrossTenant-userprincipalname: c8fKJpltarWutvbFPZXISWIhAr7caVyXOq6RHr/45lMybZNckSNv8BeBI3JVOJVF6ipNd6XDhyf+apaojLtS5z088WaADflcq7q0nXtpVfcgOz8GwW58cLiI1IRtYzQ+

X-MS-Exchange-Transport-CrossTenantHeadersStamped: CP7P275MB2390

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: [https://reyna.blob.core.windows.net/reyna/1.png]

[https://reyna.blob.core.windows.net/reyna/2.png]

Content analysis details: (7.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: reyna.blob.core.windows.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.19.133 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.19.133 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[curranjuarez(at)maynaroaas.onmicrosoft.com]

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Win Big: Complete Our Survey, CIaim Your P.rize

X-Antivirus: AVG (VPS 240222-6, 2/22/2024), Inbound message

X-Antivirus-Status: Clean

--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

[https://reyna.blob.core.windows.net/reyna/1.png]

[https://reyna.blob.core.windows.net/reyna/2.png]

--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helve=

tica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
/urlz.fr/pE3z" id=3D"OWA207b1743-d842-9606-6bf4-92435c3c605c" class=3D"OWAA=

utoLink">

yna.blob.core.windows.net/reyna/1.png">

f">
ce, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">=

458" class=3D"OWAAutoLink">
src=3D"https://reyna.blob.core.windows.net/reyna/2.png">

--_000_JN3P275MB2685C2A97F37AA78BD25EAC2F0562JN3P275MB2685ZAFP_--

Posted by Dave Yadallee on Thursday, February 22. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 06:19:00 -0700

Received: from mail-pj1-f52.google.com ([209.85.216.52]:51682)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd8y0-00000000Prc-3cTn

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 06:18:29 -0700

Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-29a64997159so104190a91.3

for ; Thu, 22 Feb 2024 05:16:29 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1708607783; x=1709212583; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=Re8uldqQpJVs0bCAy8wph3a1wa5Chv4Co6rcoZ/abBs=;

b=ClmbklPMKT2DFoPAvOTM7DA18XZeM8cHA0sSHBz1maYJflB8RnoVyB9CuBOrj3frkm

F2z5aHFPCX1Y3cVqL6rzkOb7OZdh9jM7dNJe6gnZtqGLpsns/15SwJb6x8pluuW2+WAc

zON6C7QeH7bQEitUAQel6YqB+8ZrTWKUbZ/GRpMwzBoGHq/ECf+VTeTXKKLLz50a3b70

96Fl+9gQhc5y9eCJBaWr4QyOT1/myfOaCvU2yHkyJ1TZrjkVdU42IHiq55dtJ7PNEtcy

4vz2cnpNrC6Q1xf2mULAHV3cSY1pkhXpkpmVAtC5PgUaocK6MePNrP/ebsyjlcr54Z6f

RV0w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1708607783; x=1709212583;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=Re8uldqQpJVs0bCAy8wph3a1wa5Chv4Co6rcoZ/abBs=;

b=CvEmId0U4POYZKFkQ59hgEO0pZ/Ff+SAa2kmOJe+EiB3tJBdWE+gJwOEqChUANMq6r

CGbQPLAH81oXvt/yKgl0EGg0TWspmZs484lOYOigxVUrLabomosdqoX97sTEM44aMuTj

csIgtT+6hTawN6V9cJtd+SJnKFSx58ZfC7/+pBfgwZ1iU89ymkgv0/9KDrNIQxzhzn5L

D+E2xgp0v2WpsnaWDKyRf/hX9/f+WIz1THeP95G3JXOWNSb4RTC3/iELwf+OZYJP7d3F

wcWWoW3DlEAn2mIhEKuZ56TCFBMV3V80oCekDV458ZGqLf2lPiOXX/csHT7Cl6Eow2na

PTKQ==

X-Forwarded-Encrypted: i=1; AJvYcCWtR+udlwnJDAL8bKNM9Nz54t5xfC2jzH3emfNQ8gSXERvT64pkB+TPknqbAs8XhskRSSqDuAUBYGts1CIUV4PUzrmWtYfC

X-Gm-Message-State: AOJu0Yx/O8fznPinYU9traoOOYomjUrsULqeFuBde8sxwuA8ncvaHwDo

HrQTyoHpZEUj2IQxTf83VJ2r/qpfwsMLhz7CCYxR0pBrb+KN+/L8R4V7jsIh8UK4D/fHM8UzPN/

UimXcr7nAAmM/nPX90MTot9p/zWo=

X-Google-Smtp-Source: AGHT+IGCiOD79zSvfa+fL8Btj5FaYkoo7UTPenS5TpXTxOjvBuwIaTaqY0HvGx9aj2ZMzORv5RaL/UfzaeQEKXvKbeI=

X-Received: by 2002:a17:90a:c697:b0:299:4269:b8c9 with SMTP id

n23-20020a17090ac69700b002994269b8c9mr14072862pjt.26.1708607783272; Thu, 22

Feb 2024 05:16:23 -0800 (PST)

MIME-Version: 1.0

From: Office Post

Date: Thu, 22 Feb 2024 05:16:12 -0800

Message-ID:

Subject: =?UTF-8?Q?FONDS_MON=C3=89TAIRE_INTERNATIONAL_=28HQ1=29?=

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000fb86b70611f83f4c"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 5.6

X-Spam_score_int: 56

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FONDS MONÃ‰TAIRE INTERNATIONAL (HQ1) 700 19th Street, N.W.,

Washington, D.C. 20431. FOND MONÃ‰TAIRE INTERNATIONAL.

Content analysis details: (5.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.52 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.52 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[officepost787463(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[officepost787463(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.0 FREEMAIL_REPLY From and body contain different freemails

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} =?UTF-8?Q?FONDS_MON=C3=89TAIRE_INTERNATIONAL_=28HQ1=29?=

X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message

X-Antivirus-Status: Clean

--000000000000fb86b70611f83f4c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

FONDS MON=C3=89TAIRE INTERNATIONAL (HQ1)

700 19th Street, N.W., Washington, D.C. 20431.

FOND MON=C3=89TAIRE INTERNATIONAL.

ATTENTION!! CHER

B=C3=89N=C3=89FICIAIRE

Site Internet : www.imf.org.

C/O Kristalina Georgieva

Bonjour cher b=C3=A9n=C3=A9ficiaire,

ORDRE DE PAIEMENT DU FONDS D=E2=80=99INDEMNISATION

Nous vous avons envoy=C3=A9 cette lettre il y a un mois, mais je n'ai pas e=

u de

vos nouvelles, je ne suis pas s=C3=BBr si vous l'avez re=C3=A7ue, et c'est =

pourquoi

je le r=C3=A9p=C3=A8te, tout d'abord, je suis Mme Kristalina Georgieva, dir=

ectrice

Directrice et Pr=C3=A9sidente du Fonds mon=C3=A9taire international (FMI) V=

ous faites

partie de la liste des personnes dont les fonds impay=C3=A9s ont =C3=A9t=C3=

=A9 approuv=C3=A9s

par les Nations Unies.

Le pr=C3=A9sident et l'organe directeur de l'unit=C3=A9 mon=C3=A9taire des =

Nations Unies

nous ont demand=C3=A9 d'enqu=C3=AAter sur les fonds non recouvr=C3=A9s qui =

=C3=A9taient depuis

longtemps =C3=A0 payer dans le panier du gouvernement de l'ONU, ce qui a la=

iss=C3=A9

les propri=C3=A9taires perplexes quant au fait que les fraudeurs utilisant =

le

nom des Nations Unies ont =C3=A9t=C3=A9 tromp=C3=A9s. Au cours de notre enq=

u=C3=AAte D'apr=C3=A8s

l'enregistrement des donn=C3=A9es de stockage de notre syst=C3=A8me avec vo=

tre

adresse e-mail, votre paiement figure parmi une liste de 150 destinataires

cat=C3=A9goris=C3=A9s comme : Fonds de loterie non livr=C3=A9s / fonds impa=

y=C3=A9s / Transfert

incomplet des fonds de succession / contrats.

Nous sommes constern=C3=A9s de constater que votre paiement a =C3=A9t=C3=A9=

inutilement

retard=C3=A9 par des agents bancaires corrompus dans le but de tromper votr=

e

fonds, entra=C3=AEnant de nombreuses pertes de votre part et des retards

inutiles dans la r=C3=A9ception de votre paiement. Les Nations Unies et le =

Fonds

mon=C3=A9taire international (FMI) ont d=C3=A9cid=C3=A9 de verser l'int=C3=

=A9gralit=C3=A9 des

compensations =C3=A0 150 b=C3=A9n=C3=A9ficiaires d'Am=C3=A9rique du Nord, d=

'Am=C3=A9rique du Sud,

des =C3=89tats-Unis, d'Europe et d'Asie,

Si ce message arrive =C3=A0 votre bureau, notez que votre adresse e-mail fa=

it

partie de la liste qui a =C3=A9t=C3=A9 s=C3=A9lectionn=C3=A9e dans le syst=

=C3=A8me de vote des

Nations Unies.

Le montant de l'approbation est de 2 500 000,00 USD (deux millions cinq

cent mille dollars am=C3=A9ricains).

La totalit=C3=A9 du Fonds a =C3=A9t=C3=A9 d=C3=A9pos=C3=A9e aupr=C3=A8s de =

la BANQUE EUROP=C3=89ENNE

D'INVESTISSEMENT. Contactez le gestionnaire Dr Wilson Taylor pour plus de

pr=C3=A9cisions sur la fa=C3=A7on de recevoir vos fonds sans d=C3=A9lai.

N'oubliez pas qu'=C3=A0 la banque, le seul paiement requis est les frais de

certificat de d=C3=A9charge (FMI), sans frais suppl=C3=A9mentaires.

Contactez l'email bancaire ci-dessous =F0=9F=91=87

(europeaninvestmentbank819@gmail.com) une fois que vous aurez contact=C3=

=A9 la

banque, la transaction commencera imm=C3=A9diatement.

Montants approuv=C3=A9s : (2 500 000,00 USD)

Site Internet : www.imf.org.

Utilisez ce code (R=C3=A9f : CLIENT-601) comme sujet de votre adresse e-mai=

l

pour vous identifier

Pour =C3=A9viter de nouveaux retards, nous avons demand=C3=A9 votre r=C3=A9=

ponse urgente =C3=A0

cet e-mail conform=C3=A9ment aux instructions.

Salutations

MME KRISTALINA GEORGIEVA, , RESPONSABLE DE L'INFORMATION PUBLIQUE. FONDS

MON=C3=89TAIRE INTERNATIONAL.

--000000000000fb86b70611f83f4c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

FONDS MON=C3=89TAIRE INTERNATIONAL (HQ1)

700 19th S=

treet, N.W., Washington, D.C. 20431.

=C2=A0 FOND MON=C3=89TAIRE INTE=

RNATIONAL.

ATTENTION!! CHER

B=C3=89N=C3=89FICIAIRE

=C2=

=A0 Site Internet : www.imf.org.
C/O =

Kristalina Georgieva

Bonjour cher b=C3=A9n=C3=A9ficiaire,

ORD=

RE DE PAIEMENT DU FONDS D=E2=80=99INDEMNISATION
Nous vous avons envoy=C3=

=A9 cette lettre il y a un mois, mais je n'ai pas eu de vos nouvelles, =

je ne suis pas s=C3=BBr si vous l'avez re=C3=A7ue, et c'est pourquo=

i je le r=C3=A9p=C3=A8te, tout d'abord, je suis Mme Kristalina Georgiev=

a, directrice Directrice et Pr=C3=A9sidente du Fonds mon=C3=A9taire interna=

tional (FMI) Vous faites partie de la liste des personnes dont les fonds im=

pay=C3=A9s ont =C3=A9t=C3=A9 approuv=C3=A9s par les Nations Unies.

L=

e pr=C3=A9sident et l'organe directeur de l'unit=C3=A9 mon=C3=A9tai=

re des Nations Unies nous ont demand=C3=A9 d'enqu=C3=AAter sur les fond=

s non recouvr=C3=A9s qui =C3=A9taient depuis longtemps =C3=A0 payer dans le=

panier du gouvernement de l'ONU, ce qui a laiss=C3=A9 les propri=C3=A9=

taires perplexes quant au fait que les fraudeurs utilisant le nom des Natio=

ns Unies ont =C3=A9t=C3=A9 tromp=C3=A9s. Au cours de notre enqu=C3=AAte D&#=

39;apr=C3=A8s l'enregistrement des donn=C3=A9es de stockage de notre sy=

st=C3=A8me avec votre adresse e-mail, votre paiement figure parmi une liste=

de 150 destinataires cat=C3=A9goris=C3=A9s comme : Fonds de loterie non li=

vr=C3=A9s / fonds impay=C3=A9s / Transfert incomplet des fonds de successio=

n / contrats.

Nous sommes constern=C3=A9s de constater que votre pai=

ement a =C3=A9t=C3=A9 inutilement retard=C3=A9 par des agents bancaires cor=

rompus dans le but de tromper votre fonds, entra=C3=AEnant de nombreuses pe=

rtes de votre part et des retards inutiles dans la r=C3=A9ception de votre =

paiement. Les Nations Unies et le Fonds mon=C3=A9taire international (FMI) =

ont d=C3=A9cid=C3=A9 de verser l'int=C3=A9gralit=C3=A9 des compensation=

s =C3=A0 150 b=C3=A9n=C3=A9ficiaires d'Am=C3=A9rique du Nord, d'Am=

=C3=A9rique du Sud, des =C3=89tats-Unis, d'Europe et d'Asie,
Si =

ce message arrive =C3=A0 votre bureau, notez que votre adresse e-mail fait =

partie de la liste qui a =C3=A9t=C3=A9 s=C3=A9lectionn=C3=A9e dans le syst=

=C3=A8me de vote des Nations Unies.

Le montant de l'approbation =

est de 2 500 000,00=C2=A0USD (deux millions cinq cent mille dollars am=C3=

=A9ricains).

La totalit=C3=A9 du Fonds a =C3=A9t=C3=A9 d=C3=A9pos=C3=

=A9e aupr=C3=A8s de la BANQUE EUROP=C3=89ENNE D'INVESTISSEMENT. Contact=

ez le gestionnaire Dr Wilson Taylor pour plus de pr=C3=A9cisions sur la fa=

=C3=A7on de recevoir vos fonds sans d=C3=A9lai.

N'oubliez pas qu=

'=C3=A0 la banque, le seul paiement requis est les frais de certificat =

de d=C3=A9charge (FMI), sans frais suppl=C3=A9mentaires.

Contactez l=

'email bancaire ci-dessous =F0=9F=91=87
=C2=A0 (
ropeaninvestmentbank819@gmail.com">europeaninvestmentbank819@gmail.com)=

une fois que vous aurez contact=C3=A9 la banque, la transaction commencera=

imm=C3=A9diatement.

Montants approuv=C3=A9s=C2=A0:=C2=A0(2=C2=A0500=

=C2=A0000,00=C2=A0USD)
Site Internet : ww=

w.imf.org.
Utilisez ce code (R=C3=A9f : CLIENT-601) comme sujet de v=

otre adresse e-mail pour vous identifier

Pour =C3=A9viter de nouveau=

x retards, nous avons demand=C3=A9 votre r=C3=A9ponse urgente =C3=A0 cet e-=

mail conform=C3=A9ment aux instructions.

Salutations
MME KRIS=

TALINA GEORGIEVA, , RESPONSABLE DE L'INFORMATION PUBLIQUE. FONDS MON=C3=

=89TAIRE INTERNATIONAL.

--000000000000fb86b70611f83f4c--

Posted by Dave Yadallee on Thursday, February 22. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 22 Feb 2024 05:10:18 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd7tp-00000000AzG-2rko

for dave@doctor.nl2k.ab.ca;

Thu, 22 Feb 2024 05:10:01 -0700

Resent-From: The Doctor

Resent-Date: Thu, 22 Feb 2024 05:10:01 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [159.89.118.86] (port=51885 helo=cp.torontotechsupport.ca)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rd62Y-000000007Zy-48R9

for doctor@nl2k.ab.ca;

Thu, 22 Feb 2024 03:11:02 -0700

Received: by cp.torontotechsupport.ca (Postfix, from userid 33)

id 451A537D469; Thu, 22 Feb 2024 06:03:50 -0300 (-03)

To: doctor@nl2k.ab.ca

Subject: Estimado(a) Ciudadano(a): doctor@nl2k.ab.ca , le notificamos acerca del proceso laboral. ID 27435

X-PHP-Originating-Script: 33:wp-login.php

From: Justicia del Trabajo

MIME-Version: 1.0

Content-type: text/html; charset=iso-8859-1

X-Mailer: PHP/5.5.9-1ubuntu4.29

Message-Id: <20240222093211.451A537D469@cp.torontotechsupport.ca>

Date: Thu, 22 Feb 2024 06:03:50 -0300 (-03)

X-Spam_score: 9.8

X-Spam_score_int: 98

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: doctor@nl2k.ab.ca - Por medio de la presente, y en cumplimiento

de las disposiciones legales correspondientes, le notificamos acerca del

proceso laboral identificado con los siguientes datos: Numero del proceso:

14962 Clase judicial: solicitud de pago Organo competente: Ministerio de

la Justicia del Trabajo Fecha de actuacion: 21 de Febrero de 2024 Tipo de

distribucion: email

Content analysis details: (9.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.89.118.86 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.1 HDRS_LCASE_IMGONLY Odd capitalization of message headers + image-only

HTML

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Estimado(a) Ciudadano(a): doctor@nl2k.ab.ca , le notificamos acerca del proceso laboral. ID 27435

X-Antivirus: AVG (VPS 240222-0, 2/21/2024), Inbound message

X-Antivirus-Status: Clean

doctor@nl2k.ab.ca

- Por medio de la presente, y en cumplimiento de las disposiciones legales correspondientes,

le notificamos acerca del proceso laboral identificado con los siguientes datos:

Numero del proceso: 14962

Clase judicial: solicitud de pago

Organo competente: Ministerio de la Justicia del Trabajo

Fecha de actuacion: 21 de Febrero de 2024

Tipo de distribucion: email

Para descargar el proceso en formato PDF, haga clic en el siguiente enlace: Descargar Proceso Laboral

Le solicitamos que tome conocimiento de la presente notificacion en el plazo establecido por la ley.

Quedamos a su disposicion para cualquier consulta o aclaracion adicional que puedan necesitar.

Para confirmar o recebimento deste e-mail, pedimos que responda a esta mensagem mencionando o seu nome.

Posted by Dave Yadallee on Wednesday, February 21. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 21 Feb 2024 06:40:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcmos-00000000He7-1VkT

for dave@doctor.nl2k.ab.ca;

Wed, 21 Feb 2024 06:39:30 -0700

Resent-From: The Doctor

Resent-Date: Wed, 21 Feb 2024 06:39:30 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vi1eur02olkn2032.outbound.protection.outlook.com ([40.92.48.32]:40129 helo=EUR02-VI1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rck56-00000000Icy-1oPw

for doctor@doctor.nl2k.ab.ca;

Wed, 21 Feb 2024 03:44:10 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=GC47I+/1u/NVwVg9wARVAa8TTFi2jgAphQwYEB72v+Uz5P2+0JmkyJ5aCVqVU1vW9H7BgROoDcjD725/Q0k6XrXG/w+jZf7C7gK3vRUn54gc1JmrcmLYb3/aixLjWMhv09MRHsMZGaP+vadaPnJi2cwLbTQXxg7UmwUlqvXFHliJ4pTfPGiI3ZJi+CPMdqW7BRcNlSMGf00uo23lJPhvbuR2RjBXyczzXCuXlGRfMh77SjYFP+5J36pcrWALam8VK6gW3aYWpIV8ge6eAFmTcA0Kfe3Ud9cPXMXhJU20C8e51XONWXGtCP5hTuv+WN8f9vprIBsuN+cLORlCtXp1bg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=ml3YRA/Z97re0OALNshx8Ff2CG+9SDuSbvK9a2QkMFQ=;

b=lFMVJZWRGjVxYVKHGZZC2qlbR8VWBHEWUaYwrFYbV8+IWrX7U7XJYQNABaJEBAIx8Zwuy+Wn8T3YBfSMxfU5uomR7Iu9JKd44D8yWfqpn6k00VikGRHkqfsZZro6ePks4Ss8pQrksXH2cAYkXs6TR2bzHVggIrrdknwCSI8S95RwrW1AqJziK2aqwJcrYAWMEaAb4qcO7LLqGXMlyE2PiKmPkNUPpVbvz4rssrCu96zNop4ySoHzX9lZy7flX0U1G5lIYFVQ2FVZ1xkmdGxHg3Rh8teA9zIrbHdGy6K1E6BEMI4JtUWmaGZkeTybG/Agl921q+EJsywqc9iT+OYr4g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=ml3YRA/Z97re0OALNshx8Ff2CG+9SDuSbvK9a2QkMFQ=;

b=un7c+dGTsML7/3ZCWEelpEBGOXHa8gqtQbZ4lH1UnMSbwfWrpTvs9LEML9GRl0t3CEADTFmcozbtHVJPjuTASbNDdWEmbX5Q62mSzBEPpKMedD0zhi+luk0ou+1H+2D/o2dlqER1zvddzeYiSX72KwdRBAO28MQh/Ly5UmvlDX2yuMtgnbmOQZunuVYooqRjcvOhH25BRXFfVhQzZv6YEmrPEPvTKnXvyZYxrtM0RCLi0S2Cvj2P9SSoHNcZl1ZZnh5LfpokJ5oimbGWaC9OnqXp3ngj7h526pUVuhzemK2p1NDdcbA/YOzZWH4MK3mS/+w9+xTLosYImKJzsxjxFA==

Received: from AS4P251MB0709.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:4c0::11)

by GV1P251MB0857.EURP251.PROD.OUTLOOK.COM (2603:10a6:150:8f::10) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.22; Wed, 21 Feb

2024 10:41:59 +0000

Received: from AS4P251MB0709.EURP251.PROD.OUTLOOK.COM

([fe80::7057:8513:3d0f:fd87]) by AS4P251MB0709.EURP251.PROD.OUTLOOK.COM

([fe80::7057:8513:3d0f:fd87%6]) with mapi id 15.20.7292.029; Wed, 21 Feb 2024

10:41:59 +0000

From: United Nation European Uniom

Subject: (Reference Number: UN/24/CC720511)

Thread-Topic: (Reference Number: UN/24/CC720511)

Thread-Index: AQHaZLKYfktKhYRAyUyoiqrt73Zqlw==

Date: Wed, 21 Feb 2024 10:41:59 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-exchange-messagesentrepresentingtype: 1

x-tmn: [M6tdRPwx/j2YArhAtWpLhc63HWYqUq7l]

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: AS4P251MB0709:EE_|GV1P251MB0857:EE_

x-ms-office365-filtering-correlation-id: f834494d-4b01-4158-ba54-08dc32c9bb46

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

mnDsZkam1vMOLTxC6Kco19BlSsU0NTr7ItO0fjmxESZl5acJyzR0dvE0zcoSSZsNfbBIWKLwyrm37fngIkGZnYLEWOLLOw+pimJeIDz80zeHrLyp43CjMJwMFSK9GoZyB/obdzAVLfAmZVJH1Cjd5UYpfgz3Q7abkhH2LVrzebqFC3VXe8o1ClU/oTWApv+/g99WOC4i7AWOi/PklPxVnCU1BONNsBtU2riuFyxfBTO1RSXyGCN05LUlqxcTTBunx6MJPXJ59H94PWrP8tVvFGrYkiVq5jKFMfEb+Kqig7bl5pz7qBdrj/xAKwdYCctfBxCth6SjTMLxS3LGfWOkyeY+S90oYMXIrug8hHfyXzBFR5Nn98l7XugSLA7sI0BVLhYNh6T/nc0Kd++RW/h83fROC9CRcltmOLXRh85lLvl+YvlEZUw36Q7c+2VhKInziOf0fyaOjVZR6DYuYUa1QfE9HUILDyj858Q3bjZiIQVGxfYHmPHnTDZIBmBSD2w19k5n2wNTRc3VP9KogyB7svaCMMlf6fhEU0bwp4cAZ0LuVZ0tOqS9HLOTJu9dJ0bk

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?xLxyxT+1I4FRu5ZWn/uuyYabeobM/9uHnAkAMg2TI5rhe5/rVLoFBjeK+s?=

=?iso-8859-1?Q?7stp5OaxsfoxSI++1ggfGG64hpbXSCF7SuvTE80PfRIcAd6I5oYD5XMc10?=

=?iso-8859-1?Q?DnGAJS9OREMe/agWVfUJbLIN5//gqM9LIIq10MC2CN6C+eDLbWzobRMkZV?=

=?iso-8859-1?Q?rs99laxIF0gmlDcdhzYfXafBhRMHAt8yumc3bXVBQ5116s5PHTaN+PSH0L?=

=?iso-8859-1?Q?gLyevizhDrWm4MsxRIEO53Jb/MS/xWwC3bMvExtdezUkFYawq5xSZbipEq?=

=?iso-8859-1?Q?SPYVIk2p3XdA2ualRY8Lmx/PZkko7+IzIpDifYM5INMaTD69D+zv0fKNrX?=

=?iso-8859-1?Q?xnETZqk5hUtb6gmfGNOhZIRA5mxyaqso5LawNOFsS5uC5SXS2hF9Vu05ew?=

=?iso-8859-1?Q?e/UwAiydstRHyUNPdutVe+ZByHAeAl4delrPWW49iDb8eHx+eUnviio7HN?=

=?iso-8859-1?Q?FEu+2MF7Hj/BUu3f12w19r76jPTlhuYNg+cOhitg2tIxFjd6YTcs/9VzcK?=

=?iso-8859-1?Q?L1TfkWnsuJ6TddHT/puRqGXzqz3+NN5AxJjILyuTaSX0Qv8BoDGUN7br8f?=

=?iso-8859-1?Q?Qi0NFIRjnsamftLETCl9s63aSHU0rZ5L3z1a4BmgvkSoYqdKSgDOcN2byI?=

=?iso-8859-1?Q?EhfZIDA7TgMS/+S+3m0EbSEhrDzfnJWZD8Um0g5pQX8lFTorpg8qfPphKj?=

=?iso-8859-1?Q?UBE6wyaQj49IUkb20xCcjTi9+u8p3+pib+NqFMmWEzAFUQYSMaUIOmfu8B?=

=?iso-8859-1?Q?A9J1qOnUBSeT9tg9zBKxO4Qv+B1R4fzjNMEjnqOov6l1R6tmhYWU5W4Xvb?=

=?iso-8859-1?Q?Ftdk9UrWmh035hFDFV5NV6APIvyMfjUk7TGa5RIZ+cJjMzAbJQNglw4dSY?=

=?iso-8859-1?Q?UeoorucC/+Lkm5UBbdza2GSY2uYjc+vqPQefKUQkcZKYm4NXloUuxdIM3f?=

=?iso-8859-1?Q?0MnmrU8USDssEQPhRhenQNrGSCasPvDQJzN94Lps2xeyMxVfgwvCzLj9kn?=

=?iso-8859-1?Q?4Il8JcYtGCPaAripdyELJtZm+7rr/7TTttgjWBMa7CHaR9MlYHn30gjOSm?=

=?iso-8859-1?Q?pa+x7mLVE/mbB6CCFCpGHp5nAGL3FgDBibH549bd1Kx/ziBBsbFO3DezgX?=

=?iso-8859-1?Q?ZxVPHXISYmXdHkpvbK5+e7pK96vqLmd+tgJsdDVcmVnrDyxmpvfVTTW7y/?=

=?iso-8859-1?Q?iSyqusWqIMkSM6Q3Efa4J9lxzgBPZiBOOLK1U/iOwiiQ476585XmTwpIHY?=

=?iso-8859-1?Q?MWElAoC2NYXvnuHZ9R+g=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_AS4P251MB0709A809320CF070567213C880572AS4P251MB0709EURP_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-00b75.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: AS4P251MB0709.EURP251.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: f834494d-4b01-4158-ba54-08dc32c9bb46

X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2024 10:41:59.0457

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P251MB0857

X-Spam_score: 22.8

X-Spam_score_int: 228

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: From: Compensation Settlement Center Subject: United Nations

Compensation Commission (UNCC) Treasury, Reference: UN/24/CC720511 Email

address; (signalglobal@gmx.com) Attention: Dear Foreign Beneficiary

Content analysis details: (22.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.92.48.32 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.92.48.32 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[un923(at)live.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[un923(at)live.com]

1.5 HK_SCAM_N8 BODY: No description available.

2.7 GUARANTEED_100_PERCENT BODY: One hundred percent guaranteed

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.9 URG_BIZ BODY: Contains urgent matter

3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:

2.5 MILLION_USD BODY: Talks about millions of dollars

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

2.0 HK_SCAM No description available.

1.0 FREEMAIL_REPLY From and body contain different freemails

0.0 LOTTO_DEPT Claims Department

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 XFER_LOTSA_MONEY Transfer a lot of money

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} (Reference Number: UN/24/CC720511)

X-Antivirus: AVG (VPS 240221-0, 2/20/2024), Inbound message

X-Antivirus-Status: Clean

--_000_AS4P251MB0709A809320CF070567213C880572AS4P251MB0709EURP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

From: Compensation Settlement Center

Subject: United Nations Compensation Commission (UNCC) Treasury, Reference:=

UN/24/CC720511

Email address; (signalglobal@gmx.com)

Attention: Dear Foreign Beneficiary

We are delighted to inform you that the contract/Inheritance panel of th=

e (UNCC) Compensation funds Payment, which just concluded it's seating in G=

eneva office in Switzerland just officially released your (E-mail Id & Name=

) among the currently approved beneficiaries who are to benefit from this v=

ery diplomatic 2nd quarter payment of the year. On behalf of the United Nat=

ions Compensation Commission (UNCC) Treasury and World Bank Directorate in =

collaboration with the Internal Revenue Service (IRS). To announce to you t=

hat you have been shortlisted among other beneficiaries by the United Natio=

ns Compensation Commission [ UNCC ] Be informed that we have been authorize=

d by the United Nations Compensation Commission (UNCC) to release your comp=

ensation funds of US$2,000,000.00 of (Two Million United State Dollars Only=

) to you via bank transfer. Meanwhile this Compensation department has been=

mandated by the United Nations to transfer your compensation funds to you=

through Online Transfer Payment which is 100% Guaranteed for payment to yo=

u.

(Reference Number: UN/24/CC720511)

You are hereby advised to contact the UNCC head office to receive your Co=

mpensation without further delay on this email address; ( globalib@financie=

r.com / signalglobal@gmx.com )

Anticipating your urgent cooperation response to this email so that we can =

monitor the transaction effectively. Wish you Best regards

Thank You.

sign

Compensation Settlement Center

Manual Philip Hillered

Senior Vice President

European Union Commission

Director International Remittance Department

Contact Via Email: signalglobal@gmx.com

=A92004-2024 worldwide All Rights Reserved

--_000_AS4P251MB0709A809320CF070567213C880572AS4P251MB0709EURP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

sans-serif, serif, EmojiFont; font-size: 12pt; color: rgb(0, 0, 0);">From:=

Compensation Settlement Center

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Subject: United Nations Compensatio=

n Commission (UNCC) Treasury, Reference: UN/24/CC720511

, 255, 255); margin: 0px;" class=3D"elementToProof">

font-size: 12pt; color: rgb(0, 0, 0);">Email address; (signalglobal@g=

mx.com)

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Attention: Dear Foreign Beneficiary=

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);"> We are delighted to in=

form you that the contract/Inheritance panel of the (UNCC) Compensation fun=

ds Payment, which just concluded it's seating

in Geneva office in Switzerland just officially released your (E-mail Id &=

amp; Name) among the currently approved beneficiaries who are to benefit fr=

om this very diplomatic 2nd quarter payment of the year. On behalf of =

the United Nations Compensation Commission

(UNCC) Treasury and World Bank Directorate in collaboration with the Inter=

nal Revenue Service (IRS). To announce to you that you have been short=

listed among other beneficiaries by the United Nations Compensation Commiss=

ion [ UNCC ] Be informed that we have

been authorized by the United Nations Compensation Commission (UNCC) to re=

lease your compensation funds of US$2,000,000.00 of (Two Million United Sta=

te Dollars Only) to you via bank transfer. Meanwhile this Compensation=

department has been mandated by the

United Nations to transfer your compensation funds to you through Online T=

ransfer Payment which is 100% Guaranteed for payment to you.

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

d-color: rgb(255, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);"> =

(Reference Number: UN/24/CC720511)

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);"> You are hereby advised to co=

ntact the UNCC head office to receive your Compensation without further del=

ay on this email address; ( globalib@financier.com

/ signalglobal@gmx.com )

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Anticipating your urgent cooperatio=

n response to this email so that we can monitor the transaction effectively=

. Wish you Best regards

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Thank You.

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">sign

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Compensation Settlement Center
n>

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Manual Philip Hillered

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Senior Vice President

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">European Union Commission
iv>

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Director International Remittance D=

epartment

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">Contact Via Email: signalglobal@gmx=

.com

, 255, 255); margin: 0px;">

font-size: 12pt; color: rgb(0, 0, 0);">

, 255, 255); margin: 0px;" class=3D"elementToProof">

font-size: 12pt; color: rgb(0, 0, 0);">=A92004-2024 worldwide All Rights R=

eserved

--_000_AS4P251MB0709A809320CF070567213C880572AS4P251MB0709EURP_--

Posted by Dave Yadallee on Wednesday, February 21. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 21 Feb 2024 06:36:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcmkW-00000000DRi-27qj

for dave@doctor.nl2k.ab.ca;

Wed, 21 Feb 2024 06:35:00 -0700

Resent-From: The Doctor

Resent-Date: Wed, 21 Feb 2024 06:35:00 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from zzs4kids.com ([87.251.86.117]:55526)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcgE1-0000000082S-0P7z

for root@nk.ca;

Tue, 20 Feb 2024 23:37:07 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=zzs4; d=zzs4kids.com;

h=Content-Type:From:To:Subject:Message-ID:Date:MIME-Version;

i=Jeremy_dCrmCjpn@zzs4kids.com;

bh=poLBRFJUm3vsiFeEC3n8XTTYOwP4SWvWBGOE3PQ9Spo=;

b=QYgXHdpf5Olkgs8hZyuRQLoO3w+l698Ew0bbVwYoLGu50mjxxoRjh71uRXFqX/tQMXG41KrvmBI5

4yZGLTQk0Q7GhHiE/pY2d0HD3RdikqL4PfpGNWZOaP0Q0fyz+YEPgem8+/WZbWYki8ZwNJcs6GUI

buTNk/CMZzwaczgjeopSyVOu3YWKp1nD9vjP7rrd243pXGJ0XZB8ZfbL/hkzogjufA9JJAtW+OIN

C6HoX5FrTHm6ryu8BryDj7edBv5aZfTa1ZD+veMjYyvPz2DgvDvEFoWJj9kEly7BUI8XBi6APrF3

RGxr2je432bCC+MfvnxgjkOocTY9tXLbZV8liA==

Content-Type: multipart/mixed; boundary="--_NmP-4cb021f32ad82898-Part_1"

X-Ms-Exchange-Organization-Messagedirectionality: Originating

X-Ms-Exchange-Organization-Authas: Internal

X-Ms-Exchange-Organization-Authmechanism: 02

X-Ms-Exchange-Organization-Authsource:

MWHPR22MB0014.namprd22.prod.outlook.com

X-Ms-Exchange-Organization-Network-Message-ID:

ffe8bf42-c85a-42c8-a084-08d75b722819

X-Ma4-Node: false

X-Priority: 1

X-Msmail-Priority: High

Importance: high

From: Jeremy

To: root@nk.ca

Subject: *** VIRUS ***new order _PO#cVEpX

Message-ID:

Date: Wed, 21 Feb 2024 06:35:03 +0000

MIME-Version: 1.0

X-Antivirus: AVG (VPS 240221-0, 2/20/2024), Inbound message

X-Antivirus-Status: Infected

X-Attachment: order_XLS.htm#3446217359 Virus: HTML:Phishing-CUY [Phish] Moved to chest

----_NmP-4cb021f32ad82898-Part_1

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

charset=3Dunicode">

none; text-indent: 0px; letter-spacing: normal; font-family: Times; =

font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px;=

white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255=

, 255); text-decoration-style: initial; font-variant-ligatures: normal; =

font-variant-caps: normal; -webkit-text-stroke-width: 0px; =

text-decoration-thickness: initial; text-decoration-color: initial;">

font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; =

vertical-align: baseline; font-stretch: inherit; font-feature-settings: =

inherit; font-kerning: inherit; font-optical-sizing: inherit; =

font-variation-settings: inherit;">Dear root

rgb(0, 0, 0) !important; text-transform: none; text-indent: 0px; =

letter-spacing: normal; font-family: Calibri, Arial, Helvetica, sans-serif;=

font-size: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; =

vertical-align: baseline; white-space: normal; orphans: 2; widows: 2; =

font-stretch: inherit; font-feature-settings: inherit; background-color: =

rgb(255, 255, 255); text-decoration-style: initial;=20

font-variant-ligatures: normal; font-variant-caps: normal; =

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-color: initial; font-variant-numeric: inherit; =

font-variant-east-asian: inherit; font-kerning: inherit; =

font-optical-sizing: inherit; font-variation-settings: inherit; =

font-variant-alternates: inherit;">

5px;">Please find the attached Purchase Order , Confirm if it will be ready=

for delivery within 40 days?

Kindly provide =

us the Proforma Invoice, Payment terms and estimated shipping date in =

return, treat urgently.

padding: 0px; border: 0px currentColor; color: rgb(0, 32, 96) !important; =

font-family: Arial, sans-serif; font-size: 8pt; vertical-align: baseline; =

font-stretch: inherit; font-feature-settings: inherit; font-kerning: =

inherit; font-optical-sizing: inherit; font-variation-settings: =

inherit;">

padding: 0px; border: 0px currentColor; color: rgb(0, 32, 96) !important; =

font-family: Arial, sans-serif; font-size: 8pt; vertical-align: baseline; =

font-stretch: inherit; font-feature-settings: inherit; font-kerning: =

inherit; font-optical-sizing: inherit; font-variation-settings: =

inherit;">Jeremy Kim

sans-serif; font-size: 14px;">해외송금과

aria-hidden=3D"true">

currentColor; font-family: inherit; font-size: 10pt; vertical-align: =

baseline; font-stretch: inherit; font-feature-settings: inherit; =

font-kerning: inherit; font-optical-sizing: inherit; =

font-variation-settings: inherit;">

currentColor; color: rgb(0, 32, 96) !important; font-family: Arial, =

sans-serif; font-size: 8pt; vertical-align: baseline; font-stretch: =

inherit; font-feature-settings: inherit; font-kerning: inherit; =

font-optical-sizing: inherit; font-variation-settings: inherit;">

C-307, Research Center, EtechHive, 410 Jeongseojin-Ro, Seo-Gu, Incheon, =

Korea.

currentColor; font-family: inherit; font-size: 8pt; vertical-align: =

baseline; font-stretch: inherit; font-feature-settings: inherit; =

font-kerning: inherit; font-optical-sizing: inherit; =

font-variation-settings: inherit;">

Tel
currentColor; vertical-align: baseline;">+82-32-424-1776 =

Fax
currentColor; vertical-align: baseline;">+82-

505-720-1785 Cell
style=3D"margin: 0px; padding: 0px; border: 0px currentColor; =

vertical-align: baseline;">+82-10-4070-1776
>

----_NmP-4cb021f32ad82898-Part_1--

Posted by Dave Yadallee on Tuesday, February 20. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 20 Feb 2024 14:50:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcXzV-000000001rw-1I8u

for dave@doctor.nl2k.ab.ca;

Tue, 20 Feb 2024 14:49:29 -0700

Resent-From: The Doctor

Resent-Date: Tue, 20 Feb 2024 14:49:29 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vi1eur05olkn2086.outbound.protection.outlook.com ([40.92.90.86]:36033 helo=EUR05-VI1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcWj3-00000000JrC-0MtN

for doctor@doctor.nl2k.ab.ca;

Tue, 20 Feb 2024 13:28:30 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=mrAp3oQW2gqGC7bgtx95PIodSf35uKCJz8oVyxuTo3syIqclg6iRr1zfreipM58h22f2vyo6EdzEiEXV5w/9xMGYzhwDK2PGmaqE+mpWQFH59Zke1hwJIVahaadB1ozge46xOxDpXDW4gNdaWZRPACm9F96XySwEb58UtlSVvlnsRWZ0lqiJZsknN4de4v9G7f6IQKMxVBNB+1pSBoFMYzZ9o68kYYMhE2Wc+mcitVPym17mt8MqAfo5m0alV7kAdmu5WFch3wP7B/znQMYZ90Y9AvZdlr3L4Z0cvBDBYHSX/Y2E0R+4bnXyJSjDujn18ryH621BR95X1vTYXFKqOw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=+Qh4T8mlLkg7qAlGouhH+nVVPeZE662feHb4eWthtVU=;

b=ghcz5Pu0a8DVZdZ20bb2X+oV0H5vxMtJ4Q7TjATvInURMU6ryt59NiBB9TRaM4wMyI55HdtfLzyyqUmAVgm7SSjuHL0J6XNXHnHl6euFHB59ly5bKd9R0TvHMCSUTZaoJjsKvRBrVljSx/CItRqGxXd6HkCIL9sf5CDbQL5EKVUMPJMmo+uhR1BPMsM2BxK4rik0Asc8wVEMyajL8pDVvcohIvaXWwIi9yLZRKuNmtP/AC6TrOa2dFyxB/26KSC1nEJeHfbLl0FTeFvQgs9SFl1DWJC/tTZbzhTRW1Clnl/sSBtBKoS49pQYxdFzgeXDvy+a1zPvWc6KSX1lTfDmvA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=+Qh4T8mlLkg7qAlGouhH+nVVPeZE662feHb4eWthtVU=;

b=TLjE4RnRlybdU78HkA7A+gsMqthd2iuX3GH9+uFat06SkDwqYrJJb/tU7/4onwv33Z0wELdGFXKLkpo/iKKgIQbBt0f+ZJsGCrEmw5Gu9wqBDtSxypXtN9870MJ4guIK26TKUsuvSWSwzCKzxX85gkyP+oEzbYyIGz4D2x7l3BQ4hopnopUJosnYfklAKehnSYr8U5Q8t/ew9U0qQXcHe4tt57kW5ZLHdBwWdW7041295iywr7P0R0HAex2SO2MoHXVkT68hfsdfE7OhsKphLuknFdyqroPqHCVsFdp2Un6932nJBdYkNOAiez9swhMITJD0A5mvvigbmAQCaSAi9Q==

Received: from AS4P251MB0413.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:4bd::8)

by DU0P251MB0435.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:347::8) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.39; Tue, 20 Feb

2024 20:26:11 +0000

Received: from AS4P251MB0413.EURP251.PROD.OUTLOOK.COM

([fe80::1c76:b763:1524:3011]) by AS4P251MB0413.EURP251.PROD.OUTLOOK.COM

([fe80::1c76:b763:1524:3011%7]) with mapi id 15.20.7270.036; Tue, 20 Feb 2024

20:26:11 +0000

Content-Type: multipart/alternative; boundary="===============3325682761253975343=="

Subject: Profile visit from match

From: MariaBW

CC: MariaBW

Date: Tue, 20 Feb 2024 20:25:58 +0000

X-TMN: [QZtcVJ9sjjeRRCupIXMod9N181Xc1SJS]

X-ClientProxiedBy: FR2P281CA0010.DEUP281.PROD.OUTLOOK.COM

(2603:10a6:d10:a::20) To AS4P251MB0413.EURP251.PROD.OUTLOOK.COM

(2603:10a6:20b:4bd::8)

Message-ID:

MIME-Version: 1.0

X-MS-Exchange-MessageSentRepresentingType: 1

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AS4P251MB0413:EE_|DU0P251MB0435:EE_

X-MS-Office365-Filtering-Correlation-Id: b1f1a3de-259e-4ea8-c0ff-08dc32522d0f

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?SFZteTAxWGVDK0VJRVpmWnU1cXN2RlpITEZ4TE1ISXIwQTN2dnh2MGlGSk9B?=

=?utf-8?B?cmRuNlIvRTlFTjZBelVySVpKY3lGeWVuaXpEUWl0bFo2bmFONnNDdkJnVmZk?=

=?utf-8?B?YkVHOHVtRXVqazBaTXJTc3lGYWZkUnZmeFR1LzRwd2RXSW9OdmZ0a0t6U2x1?=

=?utf-8?B?Vi83Rm90WGR2YzVNUVhja2w2NEUwMFV1WjlqNFVIUDZLQXNjRElvVVowQjZj?=

=?utf-8?B?ajhIQWU4YnBhWnV6cHB4WFdXaVZZSmptOHNWeW5OVkFIbTRsNXhkRXpmRm9T?=

=?utf-8?B?T3hVZEVsa3JHTXA0ajBmdFgwQ3BTL1EyeTJ2TFB0bmlaSk1KR2RGaFllRXIz?=

=?utf-8?B?WW83YlRRRmthU2I3WHZueTg5WjVYaVVwdXJ2WlRFUU8wOGh3SWt6VnVRclk2?=

=?utf-8?B?UXFaQ0MwbFNKb0VUMmpFMEREMUZhK1Z5YVBMZDZUMTlSU2lrYnBScmcyV2d5?=

=?utf-8?B?cHhqWmJmTFFjVjEyd0p0VmlrU3VwR21RU1FlYURNaGxQdkkvQWluMDFMT0J3?=

=?utf-8?B?S0ZyaGlac2hDYVhMQ29PV1o3MXdZdWdiT0FZY1RBYmN3QkJieitJU1VaL0tw?=

=?utf-8?B?VFpJRm1wL0pRREpnQTRUTzZYckhGTWhzNU9ocEtaQWdZWld2clVBc0o4VURX?=

=?utf-8?B?SVBORHk2RnVCYzVmU2xkOXI4Uk1YdjlkMk9STm8zSGczZWU1VGZhRU1nZHdt?=

=?utf-8?B?SEFBblVHYklBaitwMnFQYk5BVExSbVRYa3FZRTBPcWJLczI1N2RlL2tlWFdD?=

=?utf-8?B?UXVRNTMxRDhPSWU0OFdMdktiS2pBd0duanFtRE5MTTNyYjFseTBkOGI4dlNn?=

=?utf-8?B?c3JTTmVKMEhqZ0prV1ZMWWVlU3NJRGxHdTJnUExVZVAxTXdxblRKZEpPUm9q?=

=?utf-8?B?SWFqTktQK1NMelIwNWNGblU1b2dMZDMwbkFvNi95REVMRjJIbUFZRkRLNHJh?=

=?utf-8?B?dyt1cUx1TGd3UlpqdlIvSnhPNFVyZU10QlgrVVlNUEhRTUE1K1Y4UzZoL0hz?=

=?utf-8?B?MDdEUU5vRCsyQ1RVRE9VWWYyVlExRUdiS2NXaENUcEpNbVRLeUEzYit1Wkhr?=

=?utf-8?B?azJLK242Z3dMZzJwaHhTbnQ0RTlxSXhKT21ucFRsRmpiMjY0TFUzK2JERDI2?=

=?utf-8?B?cXBhbWdJNTFnejVyeHFpaHV2ejVFdlY4Yzl2M1RLWFJJazNZWlJwanlpdWZo?=

=?utf-8?B?OFNMcVM0Y2Uzay9kUmpFbXU2ZVpUWmhRMWZGVHZpRWRuVHNhdlpoOVZtUStU?=

=?utf-8?B?RTY1M25qNzBQMWdOOGQ5bFBIeGl3UTFjdXhmd2dFc3hETGVtQm16UElhVmR0?=

=?utf-8?B?V0lRMWZ1SUc0KzIwdlFQUEVPSERRWUYxTjBUcU0xbzJIcy9NTWw2Tkh6YmNl?=

=?utf-8?B?dG90bjhEQ3hrWkoxck53V3NnZ1FWUE5QZm11UEt1TzNMNmh0WUx4TnFOSDI0?=

=?utf-8?B?bFV1VUgyMVM1K1l2cjMxeThwbG92dFF0bTBQK3dZMmNZWkFETDNsNmJSaVRi?=

=?utf-8?B?dkNObTJqc0FoYnFmM2xmTml2MiswL2tGdEl3NXVaTkJOcXRXcTFOcVhMVkhE?=

=?utf-8?B?VGMrakwrMFV0ZEV0N2liTnRzT01xcEpxZDRIRjdVMlRNYnAvNzAzMUJhM0hP?=

=?utf-8?B?QU5rMUdzVG9VRVhzQ3RsRVpLMHZXeWFXUHMrRnVqbWhldE96bDBnZ0dGZ01D?=

=?utf-8?Q?E0xeSg2rFNBveHQk8z45?=

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?YkhFWStOb3RscTJTeUZHZ1FBU0orY3BnSmlqaHVQVzlhY0w0WnFwejhVY1Rm?=

=?utf-8?B?U1NyT1JMRloxY3dGNGVuM3FvcmFKZmNJN1dYL2ZKRWhIdWVWclNtMzdYVzI1?=

=?utf-8?B?OFhJd2l4cUQ5L3IxbjFmTklhcDdWSHZ5dHd2Vm54VzdNUGMxUmIwUDdPanZI?=

=?utf-8?B?ZjdUUFdUcGpaK3NFZDBVdTliOEYwU3V6Vkg1ODBFNEJQcTVrSkg1ODExMkhk?=

=?utf-8?B?emFkSGxFeldqN0xWN2JUNk81NXZTQW5pb3F1UlREKzVucEdzMDNMUFFHSHpP?=

=?utf-8?B?NkxRam9TL0Q3NHdZUzlyalo0SklxVXlFeTQrNHFMSjNRYWNWWmYreUUxSFVY?=

=?utf-8?B?RzhiQ1BpVG40bnVoSGpUaWtYMHJuQkdGMTdYNU5lRERPNlQrdGQvUjMrUm5n?=

=?utf-8?B?OVV3SmlVWHo3dUJPUUtHK0FXeDJsVG1SNzgxbnFYbXZ4UTlCL2lLazhucEZM?=

=?utf-8?B?amxUZmJXejU1ZzI0ZEhWYm1ZemxWS2tlWG11b3R1dnovK25jNzhWcU9HTVh5?=

=?utf-8?B?VmdTRDFRRVcwMGgrZG01WGtUSlJEZ2lBSEtNQThpWmdCazVXZVRRV1dJVjVF?=

=?utf-8?B?WDUzWU1KZ2FuMmtOOGxaWU9jUGdLQzZoRVVFSy8vTFhUVU1GQTdNRTVMT1dB?=

=?utf-8?B?VlNzeXFYNkdHcWxNcHM0Q2lCMk83SG53ZWpseCs4bFk5dWI0MG5jTU5qcE8v?=

=?utf-8?B?bzEvU1U4bzJzNjhxbkNxd1VwVU1oK2dneEphZDJYVFQ4Q3NCOGJXM0Ywd0Fv?=

=?utf-8?B?cTRyU3FBeUhiRFZqQ1Z0NHpXSFQ5VWFuVkxGVyttaVZoQWhGTGcvd0g1RzFt?=

=?utf-8?B?YmpzVG8wd1R6MGExcnZyNlpzeGUwREdrZmdSYUJGVHhpOUNrUlBIbnh6UGtV?=

=?utf-8?B?M0hKdnNVVi80bkErTlByUzF2aWMrd0wrS3VJMXRkU1RkODhWY3dsY1pxNjk1?=

=?utf-8?B?YXQrblhwM2JuTWdXd0M4WVBtUDM1NUd3cHltZTJpdkFaT0JoeGJQYUd0MlBp?=

=?utf-8?B?QUxzYTg3Q1B6dFhXY1M2VzZXMU0rUk5ra0VFMWFnbmVwMjZUZTV1WE5VYkNw?=

=?utf-8?B?c3RRSGdEWEZQSWZhRXYrbEdaMGFuQytMT1dUN3J2c1JWNmcydFAyajVSQUJT?=

=?utf-8?B?dnNnRitOZFVVdjdJSTVZVS9SMHU3enREcFZuaWh4OXBkRTFiT3loVkpSQlZw?=

=?utf-8?B?SkUzeDJuZVJnTkZvZUFibVk1NnBXRzh5RWxMTlVHbythUHJCYlk5bmx0VG85?=

=?utf-8?B?THp3Mmo2dVFHN1dOS1FTSElmVzZyZ0oxSm1Vb0RWamJISGlpM1RvdWkydzl5?=

=?utf-8?B?Ynk5bHp0bERtWTZIT1M4LzNYQ0h3TGFhWEZVd25ZcFc5cWlUZGxYcXFpTFZs?=

=?utf-8?B?a0l4VVhJWnlVWGFlRVhVZm8rcytoSkZzQjR2RGp3L2o1azd0MmxBQjMweUlB?=

=?utf-8?B?OTNJN2hUM3pMRXNNWGJwYWZIZ3U3OWdsaHpaYU9ZM0hQeDgrL3FDeGVFeER6?=

=?utf-8?B?T1JwdWIwRnFscHZGbnIyV0txN3AwdlVhaVRjOVpwaXhaMEs0UEI5THFOOU9y?=

=?utf-8?B?WEhzbnBlOHVxZ3RjdmhWWUNDRHgxM05Qbi9lNEQzbkNEM0lJQWZ5UjFPZ0Z1?=

=?utf-8?Q?kDeoDqOs8RwalkJ1ZGG2NoKEpga9L8Nq0REE8iZyhPCk=3D?=

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-Network-Message-Id: b1f1a3de-259e-4ea8-c0ff-08dc32522d0f

X-MS-Exchange-CrossTenant-AuthSource: AS4P251MB0413.EURP251.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2024 20:26:10.8543

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:

00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P251MB0435

X-Spam_score: 6.4

X-Spam_score_int: 64

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Take advantage of the holiday offer and create your account

today by clicking this link - completely free! Below, you can find the best

recommendation for you, based on your location. Browse profiles and choose

your best match. Check her profile for more photos!

Content analysis details: (6.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.92.90.86 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.92.90.86 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: shorturl.ac]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[lonna_ko(at)outlook.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

Subject: {SPAM?} Profile visit from match

--===============3325682761253975343==

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64

PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJz

ZXQ9dXRmLTgiPjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+Jm5ic3A7PC9wPgoKPHAgc3R5

bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjIwcHgiPjxzcGFu

IHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxzYW5zLXNlcmlmIj48c3BhbiBzdHlsZT0iY29sb3I6

IzAwMDAwMCI+PHN0cm9uZz5UYWtlIGFkdmFudGFnZSBvZiB0aGUgaG9saWRheSBvZmZlciBhbmQg

Y3JlYXRlIHlvdXIgYWNjb3VudCB0b2RheSBieSBjbGlja2luZyB0aGlzIDxhIGhyZWY9Imh0dHBz

Oi8vdC5seS9ZZEJhbyI+bGluazwvYT4gLSBjb21wbGV0ZWx5IGZyZWUhPC9zdHJvbmc+PC9zcGFu

Pjwvc3Bhbj48L3NwYW4+PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj4mbmJzcDs8

L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6

MTRweCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0

eWxlPSJjb2xvcjojMDAwMDAwIj48ZW0+QmVsb3csIHlvdSBjYW4gZmluZCB0aGUgYmVzdCByZWNv

bW1lbmRhdGlvbiBmb3IgeW91LCBiYXNlZCBvbiB5b3VyIGxvY2F0aW9uLjxicj4KQnJvd3NlIHBy

b2ZpbGVzIGFuZCBjaG9vc2UgeW91ciBiZXN0IG1hdGNoLiBDaGVjayBoZXIgcHJvZmlsZSBmb3Ig

bW9yZSBwaG90b3MhPC9lbT48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4

dC1hbGlnbjpjZW50ZXIiPiZuYnNwOzwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+

Jm5ic3A7PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3BhbiBzdHlsZT0iZm9u

dC1zaXplOjE4cHgiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpBcmlhbCxzYW5zLXNlcmlmIj48

c3BhbiBzdHlsZT0iY29sb3I6IzAwMDAwMCI+QmVsb3cgeW91IGNhbiBzZWUgb25lIG9mIG91ciBt

ZW1iZXJzLjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNl

bnRlciI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMy45OTk5OTk5OTk5OTk5OThwdCI+PHNwYW4g

c3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0eWxlPSJjb2xvcjoj

MDAwMDAwIj48c3Ryb25nPjxpbWcgc3JjPSJodHRwczovL2xoNy11cy5nb29nbGV1c2VyY29udGVu

dC5jb20vaUpPX1QzWHBNZTdJbW5wc3FJZ2VqdEhybm9DYUZ5d1p5NGJ5eWZRaTVmVjZqV0FyT2RC

NDJ6eG03NnJhaXFjSFUzSmkxU3BlN3pqRl9mLVlsbDFaSW5aQ1FJZTBIemJ0cEpUN0poVGwzZjA5

Z2JwQ2dJUDlBX202cW5MVzlHcHk2T2xWSGZzRmphZThHdVZ3XzVjWHExSSIgc3R5bGU9ImhlaWdo

dDo3NzlweDsgd2lkdGg6NjI0cHgiPjwvc3Ryb25nPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvcD4K

CjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMy45

OTk5OTk5OTk5OTk5OThwdCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2Vy

aWYiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAwMDAwIj48c3Ryb25nPk9ubGluZSBub3cg8J+MuTwv

c3Ryb25nPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNl

bnRlciI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMy45OTk5OTk5OTk5OTk5OThwdCI+PHNwYW4g

c3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0eWxlPSJjb2xvcjoj

MDAwMDAwIj48c3Ryb25nPkZpbmQgb24gZGF0ZWZpbmRlcjwvc3Ryb25nPjwvc3Bhbj48L3NwYW4+

PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PGJyPgo8YnI+CjxhIGhy

ZWY9Imh0dHA6Ly9zaG9ydHVybC5hYy83Y2dsMCIgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25l

Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjE4cHQiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpB

cmlhbCxzYW5zLXNlcmlmIj48c3BhbiBzdHlsZT0iY29sb3I6IzExNTVjYyI+PHU+TWFyaWFCVzwv

dT48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L2E+PGJyPgo8YnI+CjxzcGFuIHN0eWxlPSJmb250LXNp

emU6MThweCI+RGF0ZUZpbmRlciAtIFlvdXIgR2F0ZXdheSB0byBNZWFuaW5nZnVsIENvbm5lY3Rp

b25zISBEaXNjb3ZlciB0aGUgd29ybGQgb2Ygcm9tYW5jZSBhbmQgY29tcGFuaW9uc2hpcCBvbiBE

YXRlRmluZGVyLCB3aGVyZSBnZW51aW5lIGNvbm5lY3Rpb25zIGhhcHBlbi48L3NwYW4+PC9wPgoK

PHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48YnI+CjxzcGFuIHN0eWxlPSJmb250LXNpemU6

MThweCI+VW5sZWFzaCB0aGUgcG90ZW50aWFsIG9mIG9ubGluZSBkYXRpbmcgd2l0aCBvdXIgZGl2

ZXJzZSBwcm9maWxlcyBhbmQgcGVyc29uYWxpemVkIGFsZ29yaXRobXMsIGNyZWF0aW5nIGEgdW5p

cXVlIGFuZCBmdWxmaWxsaW5nIGV4cGVyaWVuY2UuPC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0

LWFsaWduOmNlbnRlciI+PGJyPgo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjE4cHgiPkpvaW4gdXMg

bm93IHRvIGVtYmFyayBvbiBhIGpvdXJuZXkgb2YgZXhjaXRpbmcgcG9zc2liaWxpdGllcyBhbmQg

ZmluZCBtb3JlIHRoYW4ganVzdCBhIG1hdGNoLjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4dC1h

bGlnbjpjZW50ZXIiPjxicj4KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToyMHB4Ij48c3Ryb25nPkNy

ZWF0ZSB5b3VyIHByb2ZpbGUgYW5kIHN0YXJ0IHlvdXIgYWR2ZW50dXJlIG9uIERhdGVGaW5kZXIg

dG9kYXkhPC9zdHJvbmc+PC9zcGFuPjwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+

Jm5ic3A7PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj4mbmJzcDs8L3A+Cgo8cCBz

dHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MThweCI+PGVt

PllvdXIgbG9uZWx5IGRheXMgbWF5IGJlIG92ZXIgc29vbi4gVGFrZSB0aGlzIGNoYW5jZSBhbmQg

c3RhcnQgdGhlIGFkdmVudHVyZSBvZiBtZWV0aW5nIGEgbmV3IHBlcnNvbiwgeW91IG5ldmVyIGtu

b3cgd2hlcmUgaXQgd2lsbCB0YWtlIHlvdSE8L2VtPjwvc3Bhbj48L3A+Cgo8cCBzdHlsZT0idGV4

dC1hbGlnbjpjZW50ZXIiPiZuYnNwOzwvcD4KCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+

PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxOHB4Ij5Zb3Ugb25seSBsaXZlIG9uY2UsIHNvIGRvbid0

IG92ZXJ0aGluayBpdCE8L3NwYW4+PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj4m

bmJzcDs8L3A+Cgo8cCBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxicj4KPHNwYW4gc3R5bGU9

ImZvbnQtc2l6ZToxNHB4Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6QXJpYWwsc2Fucy1zZXJp

ZiI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDAwMDAiPkRvbuKAmXQgd2FudCB0byByZWNlaXZlIGFu

eSBtb3JlIGVtYWlscz88L3NwYW4+PC9zcGFuPjxicj4KPGJyPgo8YSBocmVmPSJodHRwOi8vdC5s

eS9HVnJCSSIgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lIj48c3BhbiBzdHlsZT0iZm9udC1m

YW1pbHk6QXJpYWwsc2Fucy1zZXJpZiI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxMTU1Y2MiPjx1PlVu

c3Vic2NyaWJlIGhlcmU8L3U+PC9zcGFuPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9ImZvbnQtZmFt

aWx5OkFyaWFsLHNhbnMtc2VyaWYiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAwMDAwIj4uPC9zcGFu

Pjwvc3Bhbj48L3NwYW4+PC9wPgoKPHAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48YnI+CiZu

YnNwOzwvcD4K

--===============3325682761253975343==--

February '24

Posted by Dave Yadallee on Tuesday, February 20. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 19 Feb 2024 18:28:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcEuy-00000000MDd-3NoN

for dave@doctor.nl2k.ab.ca;

Mon, 19 Feb 2024 18:27:32 -0700

Resent-From: The Doctor

Resent-Date: Mon, 19 Feb 2024 18:27:32 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-be0deu01on2105.outbound.protection.outlook.com ([40.107.127.105]:44352 helo=DEU01-BE0-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rcEK4-00000000Dcl-0zXw

for doctor@doctor.nl2k.ab.ca;

Mon, 19 Feb 2024 17:49:28 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=hg++3TQNEw+LMYhHThwVPD6s95dFRfzox20JpMx4YxaFpqTnsbszg7ltGztHWo8ROeDl5pxZYngOpHrxNliOo863G4NWguZP2PcFYTewoJtrAYvOX1pWNwEP64xE0s+VnNLZH9tjEE1ZkJLjjaG1um9vODDE3B8oL7dcX7xjLEwptL6FayXSGuQEHD1gcK5ykwp1VyuflUNIx0mIDHjZ3umiZsbhZl4sSUEhYvd+vnQWvW8xxClVdXGveOC7FhNgKxjpCSjI6oOdxX6pTDcaxyIvzaAdDjYc6iy86dyW8JMOwjAAygspGC3PzLxufrXJLNVZuvgMYunPmtPgH/IBPg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=WSk4pCwCayg+HpRuGcOvi91kXE1rTbj6c4t5tgWQTyo=;

b=WxJWt9YxJxersxtniHW8Ii9h8Jx/eEJN5ztd1UcexwshLMP+WaMYH6L2GqizcrECUhWDKC/6cGI2Oj9j7kkwqpcRkSgr5fcXubxllr/OREeJcUrr4YNG8wftYUBfKsxr+RbTHCka7R0HatbJ4LedNdERC4d1bVhV29MWhwmXrG2fIdVEe0fimsyudxk13wafJ2yyRjBz8Xe74Tr4l0aFKakSUZ6rNOwG77yhh2g+nTJGrN2rc8YLL+AFWPjE7DSRs65M3f4ze7q9q/pezLYNBZoAEfzN/OJR2UJkIi9uKHCeq1oA+Q84VsH2PbQNju0K8t/ZiW83znaf7Hix8InwGw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

141.8.194.43) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=hbdokmwt.onmicrosoft.com; dmarc=none action=none

header.from=hbdokmwt.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 141.8.194.43)

smtp.mailfrom=hbdokmwt.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=hbdokmwt.onmicrosoft.com;

MIME-Version: 1.0

From: Deals

To: doctor

Subject: Shipment Pending - Ryobi One Chainsaw

Date: Tue, 20 Feb 2024 01:45:42 +0100

x-priority: 1

Content-Type: multipart/alternative; charset="UTF-8";boundary="d4uTz0QPnKHYKXK.xlfejnpkgu.43619"

Delivered-To: doctor

Reply-To: Deals

X-Sender: admin@hbdokmwt.onmicrosoft.com

Message-ID:

<364d1790-052e-4fec-96ec-4b3aa6c1beea@BE0DEU01FT003.eop-deu01.prod.protection.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BE0DEU01FT003:EE_|FR2P281MB2687:EE_

X-MS-Office365-Filtering-Correlation-Id: 37ba9a88-0944-4428-e426-08dc31ad7d1a

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

gTt/A1xh/FqR4AvurGUqjFgue4LKqJE1oXYBD1tgqUnSmR1gcSSuTOmC7kY+IkA9sHnr/pNpRFpzx5e7Q6GS6QbNbh+aW16w2HIoPwkfOwqVE6Ga+umqWcMymTCYYMn1ogrtTN9hFAd0msT1woOhTSY2/bE3OtbiSjHmoPZs+Gc813DY4mWRes7CmvUvLsM1fEU95qDTF5b2duBXQDe/ChvGMe4PJdKMOBzTTrIwcXb4j+gqMu3UMrG1FYEps8HsEJ0ir1Aar0Gr1/xso2IsUxHg5IKyuIxYkMSiVe+9gOh8IE0gli8Ww8wDjiE4csGvui5vsX3mT9r0/dzXjCESFS7Vx3iatpEaA0CfCklPvU6XcrkB6diKr1UdQSWXhoXH

X-Forefront-Antispam-Report:

CIP:141.8.194.43;CTRY:RU;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.vizio.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(7200799017)(46966006)(40470700004);DIR:OUT;SFP:1102;

X-OriginatorOrg: hbdokmwt.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2024 00:47:17.6379

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 37ba9a88-0944-4428-e426-08dc31ad7d1a

X-MS-Exchange-CrossTenant-Id: 51342385-4adc-4e08-bc54-ffeb5ae20642

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=51342385-4adc-4e08-bc54-ffeb5ae20642;Ip=[141.8.194.43];Helo=[mail.vizio.com]

X-MS-Exchange-CrossTenant-AuthSource:

BE0DEU01FT003.eop-deu01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB2687

X-Spam_score: 19.7

X-Spam_score_int: 197

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: doctor(371045762904643567694237871994)

Content analysis details: (19.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.127.105 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.127.105 listed in wl.mailspike.net]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[lwvmofeh.dffcyozo(at)hbdokmwt.onmicrosoft.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

1.5 URI_IMG_CWINDOWSNET Non-MSFT image hosted by Microsoft Azure infra,

possible phishing

1.0 FORGED_SPF_HELO No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 SCC_BODY_SINGLE_WORD Message body seems like one word

0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for

an image

1.0 HOSTED_IMG_FREEM Image hosted at large ecomm, CDN or hosting site or

redirected, freemail from or reply-to

3.5 HOSTED_IMG_DIRECT_MX Image hosted at large ecomm, CDN or hosting

site, message direct-to-mx

1.0 XPRIO Has X-Priority header

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 BODY_SINGLE_WORD Message body is only one word (no spaces)

1.2 BODY_SINGLE_URI Message body is only a URI

0.0 T_REMOTE_IMAGE Message contains an external image

1.8 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to

Subject: {SPAM?} Shipment Pending - Ryobi One Chainsaw

--d4uTz0QPnKHYKXK.xlfejnpkgu.43619

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset="UTF-8"

doctor(371045762904643567694237871994)

--d4uTz0QPnKHYKXK.xlfejnpkgu.43619--