Ninja fryer Phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwXM-00000000L9j-3rxF

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:52 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:52 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-db5eur01on2125.outbound.protection.outlook.com ([40.107.15.125]:64798 helo=EUR01-DB5-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1ritIv-00000000Cjl-3xCB

for sales@nk.ca;

Sat, 09 Mar 2024 02:47:50 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=mJeqK666f/LuBVEtSqxsy8sB4+4gDQLqmhMribS8jBfl3wsOLmPBTFan7xlstycIZrGwr/VRW4tDTZlIx6q/8m+epYCIMnoPyEkBaKKRGQkoOk9D5qo+ptdP2Zvv3X4lMzSHV41DlJDIsQEj82MA0nZS8CjqSFDMk4bY+tPxMq23xl9lHB3ikzdLkql03TlHzkvB42x3z7pyTFf3F27jfYlkWIYdb2Mu8HwR1/ny/HwullmwPGmxqbvyFHJtM4PTRXshr8W2/i6PQVRam4DhTvEYOaV6k0dVDLRfLT0xIGNT7Ckr667iXFSn3NvTM3Ql+AtmCuk59RNLzf/QfdXDjQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=nEvo/ZFAmfM3FnSFTDAUhBVT83rJD8rmfSRNw3J0/oc=;

b=HhpTArrYW0y8wRgqluLAsL0R1cwJvOA5IkNmzioOKZ2VTjFY+gqjeqwhUw6steRYjlVPEPiy3hiKbQ0e8jHSBy2wkHgAGmnt0CTy5O7/tiIgORRtYhy1o1TvX5K8z7gq0PF+EWKW0AX6AejDE+f0HYHJkIFMmnGAzGZB7jXeymDIgsoUyRiWeA0em7pIzip0mN8Sif8TSB1cD//IRY+4p3aGnOXu6fhDPlyYZMfbq8+GddKyHFTo4waLtI6BaftB1sIcIpM69AH1jPWxykg92Qe15cy0Mr7LEqqY0/7Nwx2xy3r4nuDbKoDhqPhAvJridCGhd4TI/QSGZvxvTNUpVA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=asahipro01.prtlandermino.online; dmarc=pass action=none

header.from=asahipro01.prtlandermino.online; dkim=pass

header.d=asahipro01.prtlandermino.online; arc=none

Authentication-Results: dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=asahipro01.prtlandermino.online;

Subject: 🅽🅸🅽🅹🅰 🅰🅸🆁 🅵🆁🆈🅴🆁

From: 🅽 🅸 🅽 🅹 🅰-𝑺𝒖𝒓𝒑𝒓𝒊𝒔𝒆-𝑾𝒆 𝑯𝒂𝒗𝒆 𝒂 𝑺𝒖𝒓𝒑𝒓𝒊𝒔𝒆 < pstuswgayd@asahipro01.prtlandermino.online

>

Content-Type: multipart/alternative; boundary="2491178-15761-33af048268cd3a0c294196d4e1689fbe"

X-TOI-MSGID: <396278296440410.EV457D584638C.7546726751942pstuswgayd@asahipro01.prtlandermino.online

To: Undisclosed recipients:;

Date: Sat, 9 Mar 2024 09:45:39 +0000

X-ClientProxiedBy: BL1PR13CA0134.namprd13.prod.outlook.com

(2603:10b6:208:2bb::19) To HE1P190MB0329.EURP190.PROD.OUTLOOK.COM

(2603:10a6:7:58::25)

Message-ID:



MIME-Version: 1.0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HE1P190MB0329:EE_|DU0P190MB1777:EE_

X-MS-Office365-Filtering-Correlation-Id: 340ee889-137e-432f-c581-08dc401dae3b

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

aAFi4MzeLcBRsdsqmQbLOhcZCVu4wa1TLQ3XSubvkxPXxCaHs3IYaEzUokOuyr5lpXGfpyP9PgvzkI0GHE47DxeYR6KX9xrVYjekwqYdlG9z9/eOAYsA2FSSJxy8yE/VZq9+iq2hSgs//bAOiz6sOr5OYfcVrI/9itDr2i1TvcVQuGCSl4HK+OabJ0OYkSp5olRKqPKpBXrk3wZm/0E9yw9bnLITyuxVh2bah2B76gR2+KlYyxBRyZ3nfZc4T0R0Rm1UhXGA/2ErbRmCAbrfcl/txP3lUYytjdVURrfYPgJvR+G3DOGDT0w/9VHRJBC4DHb1FqSDalu843EKHU7qdw9ZWx2/pOnl22uCRzZVbwqCblurUOpjBYWbnnePN/3XYmrXmWmwx35dyUPDO9wb79LkhdUge4q3Y9x3krEmWggtuWxOtN6uCJXXHzgmLVnS1VSiLfo9Lt1kR2KyPGf5bt+uEPWYEYjdEumZd91fAebQgeo7xQah86Zs2zGgKVkeNM6BG7aaw8L14oWzGSOdm7ayU59E0Q7nRNcYM6qFiNhVuOFWwu7CJDZ/xyIm+BNED75kwASgk1XIZwX4W1l30rJyykkMsx09fwA0pAQvLWs8C1wXZ5tiSeK5EKCw6CGeBUpW2MLdFLNuV9fQ+FClCO34LywOw02r6S/b3kWWKT8=

X-Forefront-Antispam-Report:

CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:HE1P190MB0329.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(376005)(41320700004)(1800799015)(37730700002);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?R25vMnhlaXlNUGRUVWhPTkhBSW5FRC9vSmIyS2U1QU1XVUZ3YXRFVmRidlZU?=

=?utf-8?B?SFRML0hLZ002bENGS0s5MFRkTENOdk91clZPMDU1bjZOakZ6VHluM09JaFMy?=

=?utf-8?B?cGt4RFU4cXY4bEgvMGI2a3QwYUlLeTdkK0RiNE5zaFRZaVE0b3k2NnRiSjNz?=

=?utf-8?B?NG4rbjVMa1lYYlVvMVZvZ1RCSnlMemNNSlI3RlhiZ2FoR2ZENVgyRHhIWHZ0?=

=?utf-8?B?eWhoRDFFSkNySVljdW9rcGJiYVU2QmE2UFJlVkwxMjEwaCtnN3Q3TnlydzZO?=

=?utf-8?B?VGIzZ1FjK0RtTStzV0Z4eEVoZ1ZjZGJGYy9CclZKNFJCbFNCQ0ovV1FiQkxG?=

=?utf-8?B?YlkzZ3RuQmFnWkJOQWhaZElBczA2MnBYUGdmMnB2TyticXBmdTM3QjZpMkJO?=

=?utf-8?B?UjZqVDlrOW40Q1lpaVNoeFhQMUpTcW5xNmVobnIzdnlMc0h3VFFwTmpzQ2Zh?=

=?utf-8?B?TUd0c3BhV2p0Y2lTT2JHT24xK2o4SW8xN2wxbVU5QW5mSEVOODhnZHpjU2k3?=

=?utf-8?B?ZVYreGhqVVFISWQ3cTY5bmswc3Y0cnh4amh2eU12V095TXAzaW5KMkJKY2lY?=

=?utf-8?B?QTNtelVPOEtCa3kyeHNWVEYrOVhWcjVJcTRUWkJQK3NINjlPRmY0d1lHWmpK?=

=?utf-8?B?b2I5d25kNmdqZ0pqb0d3b1dTa0l6UE1vb083MFNydURzR0dmNE1sTXBvU1FJ?=

=?utf-8?B?dEFTWlJUZ0NwRDFNb1gxRVVYcnlYWk5iaWRkaXV5ZUcvTXJiQ1c0N0JNS0xv?=

=?utf-8?B?N1NCOGVZODhmMitKZ25rV0Fja0p6UlBJZnMzbzFSNDZnS0FyTTBzMnJsVU5X?=

=?utf-8?B?dTd6K3JFZkJ6V2VBUCtSWWhSSDZIYm5TM0h5U05KNndHTTVrbzRtdVptVWlZ?=

=?utf-8?B?VWpOUjBOQ2gvbjBOem9qdzFRREowMWFTYnVNcVkvUmFCUVQ4b21rSjZWQ0t1?=

=?utf-8?B?eHc2blAzbmYwT3Y3dU85Q3VVOW4xRFVieVdET0thcnp0OWtQYWZSUnBQN1hE?=

=?utf-8?B?R1d4TEVaMmhuTDNhSGNIM3lXUHRPSE1tWTE2aHhpY1ZaTGlCSldPdUJ5TDcy?=

=?utf-8?B?VTlQUVVabXBwSm9wLzQwNWtPT2xRcWxDU3gzWC9CSTJGNWFDZ3JKVGFmQ3Fq?=

=?utf-8?B?WmdZb0FGSERZaHdjRUo3Z21ZMlVFdmlXT1dERmJEQVJVR250cVM2Q2o3Wnln?=

=?utf-8?B?c1ZXVGNCWnA2dGUzTGl5VXdxRm9uYlpRUWxIYVVzRnRNMVlObi9qSDI3WkJI?=

=?utf-8?B?MlQwRkFKRU93SmY4SFFKWEthTGt4K2k3ZEh3Tk5iUTdTVGJ0cXNFbmtiZ01Y?=

=?utf-8?B?Rm9YS2YvcTZyVStFUzA2OHlrZGROK0lMWlYxaWJiNjR4NlVxRy9OdGdwckhs?=

=?utf-8?B?UkVaaEltTWlYUzJlZWgwam9DcjNOQ0ZyYVVWSkV3NHJHUm9DN3p2dEdJa3o5?=

=?utf-8?B?WUFBS1BEZzZEM1hiMnVoNGVkNExtbmZpQktpczJ2dHMrelJYTW9zL0p0cFRN?=

=?utf-8?B?V3ZpZlFydGhJa3l6bHJTeTJkYTJmM1ZSY2xCUTU4dzFJVHdQZEo3NU1GdGVV?=

=?utf-8?B?czRMNUI3OW9UTHE0SnlxVjNLd05yR3JnZTU3NHdMcEpIWmJiT05tVE9vd3VI?=

=?utf-8?B?NFVNSnFVUWRmWnZIOU4zNk1SZDFoQy9xMDk5RTBzbGJ2b0dBd0lwTXpLVm4w?=

=?utf-8?B?VWtFNjlqV0ZOb0p2QjFkeDJ0aFdVQ1FqdzJUUFE2Q2pHRkdWTmc0Uk5qRlhD?=

=?utf-8?B?SUI3UHVBUUs2am1UZWNUMHZib1Fza2lTUFpjT0VoSlhTWGIzTTI2ZERqY1li?=

=?utf-8?B?TTFDczB4bDhwZmRGMmdIQ0RDc1M0MlpTYlRLOXJSUjQvLzZBMlBLMkc5Zlli?=

=?utf-8?B?dWdJWUhBNHQ5MW5jVnh2VlhuSE95WkhISG9lWDhZUjhaYnZSVnVtWDIwOCtP?=

=?utf-8?B?Z05Zckc4WGV1VEJBVFdhZnFOU3UxWUhRYU5BZC9CQ3lmNjlKOWFIMSsyYXR6?=

=?utf-8?B?Qk9LZ254RmF1bFI1dHVwNklRdkRhMGFZTE0wZTJsdEJPTnBKWWw3Mm1vMnh4?=

=?utf-8?B?RHRtb2dKWHJQbFlESEtZME51NkdDTmlPbUpVOHQ4Zm1hK0V1anJWMWVyRUhZ?=

=?utf-8?B?S1JmbjJ2YXoydXFCMVptcUQyc1ExMUF2SWxlTmZzZHFGbEE1UEdZTzdVbnVi?=

=?utf-8?Q?5Jez/ta9pwV440LSN+R4S20Wo5RwasICR9emnpN3a3g4?=

X-OriginatorOrg: asahipro01.prtlandermino.online

X-MS-Exchange-CrossTenant-Network-Message-Id: 340ee889-137e-432f-c581-08dc401dae3b

X-MS-Exchange-CrossTenant-AuthSource: HE1P190MB0329.EURP190.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:45:40.1895

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: fb8f5ef4-c517-4425-86eb-9158322ada26

X-MS-Exchange-CrossTenant-MailboxType: HOSTED

X-MS-Exchange-CrossTenant-UserPrincipalName: Cyf4AKkmVEY5n6pYbQCSaMGiXTKuVLUJHdQLj/ruQ7LYZhzheoyczl6rrgImghj4ALk7xf0MuqEhNzuOnkc570QmK7Rz6Xuh0LDUDiA9yGsE5OxZPYQzr7JzOG9eoY8GVfVoaoHxb5F2nvFlffUHsQ==

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P190MB1777

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: (1) Notifications (1) Notifications You W E L C O M E



Content analysis details: (12.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: cj6js1jhf0sdfkf7dg.page.link]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.15.125 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.15.125 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

2.7 FROM_WSP_TRAIL Trailing whitespace before '>' in From header field

2.4 FROM_UNBAL2 From with unbalanced angle brackets, '<' missing

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

2.0 SUSP_UTF8_WORD_FROM Word in From name using only suspicious UTF-8

characters

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} 🅽🅸🅽🅹🅰 🅰🅸🆁 🅵🆁🆈🅴🆁



--2491178-15761-33af048268cd3a0c294196d4e1689fbe

Content-Type: text/plain; charset="UTF-8"



(1) Notifications



--2491178-15761-33af048268cd3a0c294196d4e1689fbe

Content-Type: text/html; charset="UTF-8"





(1) Notifications





















































You W E L C O M E







- 𝕬𝖎𝖗 𝕱𝖗𝖞𝖊𝖗 -🅽🅸🅽🅹🅰


























--2491178-15761-33af048268cd3a0c294196d4e1689fbe--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:15:24 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWl-00000000L8n-1gyv

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:14:15 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:14:15 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2094.outbound.protection.outlook.com ([40.107.117.94]:60632 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <600266532084@ndfsgheryesr.maarredesvirs.life>)

id 1risdz-00000000BQW-3X1n

for www@nl2k.ab.ca;

Sat, 09 Mar 2024 02:05:32 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=F8ILysviViKrwTbusbZkvhrsHTRNp2hJdv3uNdE5ftfmKiuJdP0NP7P2uYTBuJ2/Y2NDD7D9/oiJwnz7jObSEl4GsqDzpD9JmOWYb8+0ginRhy7iGOkePFKQhD+ozgOa8mVaSpOfvv96XNy5hqJt+Lh+3/8UUA+hffWgjvveRw4gvy+13hIN/fkv/xHTabrOccrMQ9Ub8H+rFCfPRFnRa6WsC3LOky1pX9uKg3De3BZRrBuGspFO0XA762r7f4QMKZ2LLtb8aTmAtxV3QiTTgXDhVMPQUIZNPrDFEulqkpVY3drdi0tTkq5LOe/QpBqtmCBTtN0OqeEn+AuqXB4Kwg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=7CfWSFmUeBCPlYzsgCR6iLRG0jpjK3T8Ql0yCvtO5/Q=;

b=nBHgHNMHbfl2w2AKRjR+ipCEHZ0QM//Cw+Hol5uGbcEzDyDGaNpl7jqc5RZuRQXTB4eZnSLYkBNcSG54QpsEAhXgAACAfBMfbVomunBI8Yqs7djaBR3+OKQ5B3zXwM6rhXcVdDB8ZLkTe9zWdm7jcaS4oI0TIa5jTJ+h3AG2tGoeBd0jxzjhngD6B1YRb4374vEpWW91tgvP3yLie055be/pjPog/kAl8SpEuvrWotD23FnX58QJPcQE+lor1t6qZumxxasmvmTaw93upL1tpzpXG3+AqN6iOGB4SKle8mmvPBwmuyGs81WfLoMfQxHBqSO0e8j7Z3NSxqOLPPdPhg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=ndfsgheryesr.maarredesvirs.life; dmarc=none action=none

header.from=ndfsgheryesr.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=ndfsgheryesr.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=ndfsgheryesr.maarredesvirs.life;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: www@nl2k.ab.ca

Cc: www@outlook.com

Content-Type: multipart/alternative;

boundary="_75934916-a8db-4128-a958-239d335de6b9_"

Date: Sat, 09 Mar 2024 08:58:16 +0000

MIME-Version: 1.0

Message-ID:

<7499166f-53de-46ce-bc44-c9030b4fe515@HK2PEPF00006FB3.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK2PEPF00006FB3:EE_|TY0PR0101MB4818:EE_

X-MS-Office365-Filtering-Correlation-Id: df516974-c769-4b84-b5b8-08dc4017c650

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

WSS/RL1+0jfjY7v1FV0pB9gCQK9vJks+67cZ888lzM7BfXvA7RfFl0Q+YOVZxv6o1laVAi5bEFJjI+zd8KJGZeikhA1+DGP4fmYe/uoYYxUufsN1YDvOidcaRmr3wZ5LWHZiZHkLHXzZSdn7hL9Ys7VCVsK1kMp9Q2GAjfWGZTofD1ZmIB6d414SwKta57B8XSQH2mTolmL1YtM05erCNCIBGmJOSp4uSuAbJ96QdZzRSf8G2vjeoQSVeRKRrIt2LHoJvQlKmJpl4abSRdZP1EorT5moq35z22B2UJefoSZs59l3txCOD9IDCCcVl577hGSbIaTlnESzHHI20tD56wmAhg6dp461UViXMdlL4B8xG6Vx1NpDTfuDO5ErSE32fnZ5IEqQfIdwlionyNagYs6j8f5Dnnsev6CUCJskuE4Ypyd0rJQCPGm4V15BniZWJiL6khnCvLRoEGT+rlLY/X8kGacKhiin5fjZZmTiUz/egNebCWW9FEAhxLI7ezcTKutzMwAbSBlo4EgGSCKGHgAkoTUWbH609VKWg0EhiWfhWyJktZZT5NdJVixaLF+756OUXyoWEy9+Q9RZoXWcV6xzHGxsmZS9V45XphrCsTJi5WsTaBJF5sRFfUqkGzyZUQKt4+mMyhhrYXrK753ci6x1NlE/bs6D5UG3HrXA9VKElqWOp/0B8YHraNz2omXJd6CcUqnJcaVB6C75mgHsLctYSeaDFNykCWwL3N0ckCE=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ndfsgheryesr.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(36860700004)(376005)(61400799018)(34070700005)(82310400014)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: ndfsgheryesr.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 09:03:23.0683

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: df516974-c769-4b84-b5b8-08dc4017c650

X-MS-Exchange-CrossTenant-Id: 1f3f1b49-6efb-417c-b460-e297ef72af14

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f3f1b49-6efb-417c-b460-e297ef72af14;Ip=[176.123.3.128];Helo=[ndfsgheryesr.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK2PEPF00006FB3.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY0PR0101MB4818

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.



Content analysis details: (8.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.94 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.94 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_HK_NAME_DR No description available.

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=



--_75934916-a8db-4128-a958-239d335de6b9_

Content-Type: text/plain; charset="UTF-8";









--_75934916-a8db-4128-a958-239d335de6b9_

Content-Type: text/html; charset="UTF-8";



















Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.













src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">





src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" FMaVvTkTiMuh>















































--_75934916-a8db-4128-a958-239d335de6b9_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:14:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWR-00000000L7n-4Aqm

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:13:55 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:13:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-tyzapc01on2122.outbound.protection.outlook.com ([40.107.117.122]:17421 helo=APC01-TYZ-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <209479238566@aswtgdsysd.maarredesvirs.life>)

id 1ris9F-00000000AKB-3KGo

for doctor@nl2k.ab.ca;

Sat, 09 Mar 2024 01:33:46 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=hcH124z8YZ1UmCFINbQyu0Od3j/ia9J3zmcBkd7uATcD9AW0JCJ+/J6TtDyiEdUK0ec5otGLiHAzTda0azpUcAZN5a1auuqku7CszRx1nXcvge2qrXrr7mFI6EJBjothWhJkwryRO30rJ83SQneA4XfSxGX2BOlAugQl0HWlnlj63WZxyu00IKL6FFNLsxkEc9RjBLOdMoGR3dWlkqXboc5g6E3omi960eytnKKBm5CWCrRQCjuxV2fuqbvgWm1Y4hlEe2vnDRmDgrFObx14fxf2/hGPBOqEpzbCDr0w8qtIu00Lwh4H+njPTvrph7j/5TESYJBEjW97a9oF/uQAYw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=BrLHrTNGRw5v9M07IiTsZYXLnvCBN5Esqeh/2nQ7pvo=;

b=OV6ccskPTjDVBKzEsy7bJg7lS+g/5wOVhnF/k0PLvnRYejpq0v9gbk1B1Mqz4QCH1wvRdhi9uH1Tumv2xuGxflcYmyTxJF0Yslf1ll4J1FqoG9Xk7MChwynqcUzc2GWvFwSJ6/l7rCZ3bjIpi2XpW8FLWWRpnpsFuEulm5zH1WU2zSXAkN+BRvOYI4/spsj5nb9pa2Z/n/iQ6uRyWDLtIeS2xlI8wLCf32jj72AA/P3n+QkMoCpbdr3RFZLwjQtTYoaJlbh1A7c+A4Cf9J9tUMdss0EDgssw6LhDe+cdZyc+uF8jwTURuQPFFs3yqDrHlgKhn6vI56SB2mx0M0w4Gw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=nl2k.ab.ca

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from SI2PR01CA0036.apcprd01.prod.exchangelabs.com

(2603:1096:4:192::22) by SEYPR06MB6062.apcprd06.prod.outlook.com

(2603:1096:101:d4::16) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.26; Sat, 9 Mar

2024 08:31:36 +0000

Received: from HK2PEPF00006FAF.apcprd02.prod.outlook.com

(2603:1096:4:192:cafe::1f) by SI2PR01CA0036.outlook.office365.com

(2603:1096:4:192::22) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.31 via Frontend

Transport; Sat, 9 Mar 2024 08:31:36 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=aswtgdsysd.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=aswtgdsysd.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

aswtgdsysd.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=aswtgdsysd.maarredesvirs.life;

Received: from aswtgdsysd.maarredesvirs.life (176.123.3.128) by

HK2PEPF00006FAF.mail.protection.outlook.com (10.167.8.5) with Microsoft SMTP

Server id 15.20.7386.12 via Frontend Transport; Sat, 9 Mar 2024 08:31:35

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: doctor@nl2k.ab.ca

Sender: oMXFDYYVVAso@aswtgdsysd.maarredesvirs.life

Cc: doctor@outlook.com

Content-Type: multipart/alternative;

boundary="_95a756f8-48c7-4622-8e54-bf4b09b4339f_"

Date: Sat, 09 Mar 2024 08:31:29 +0000

MIME-Version: 1.0

Message-ID:

<7ad15569-0223-41a4-8a0d-931bf09026f1@HK2PEPF00006FAF.apcprd02.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK2PEPF00006FAF:EE_|SEYPR06MB6062:EE_

X-MS-Office365-Filtering-Correlation-Id: 25d191f6-ab92-4d94-f60f-08dc4013550d

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

Iqa2bH4+Ty+ahh2UL3lRN9Irs3YX8eGQ7ovQQYTLFZflKd7SkyTVGA7HS2sV/prXZ0XTKoTD3eAtKvoOkBZnzAc0RxmTCY7LI+4xxMVecXtSUIfhI/GVyO6ZJQO5YhqJVLoXouaq3gGIucwaCx3vpFZrOUL3zGt/5IVp/E3G1RYPo68kqhsLe4ocDf4AI+Xz/MfuJH01DIovBUOarX/v1klJR2Qkvom9d3yOH2T7cHTrtBvamyfjkg0srO1hqxtkxbm0KkbBXTPNtNFxQYpZEYjoTO9W36SXGEt80vkXF3HOU/ROnmn/flp6idil3vzfFVK1XB7XqP4D/ax6Vfm4pIG4ozX724K8BVAlnSo7iuLrrNC5jMMBGwprmRNirq8ihobnp5uZbKmopnXn8mFD73bNjhuLbYfdwEs10pfyzPMbm8F+J6wtngiOOIXzan1NVBzHKkhtkTnQxn3H9pOCvbzgsc9eft+tnY+8Cg+k+Wr+dyFipdIaWtfgQC9vgzHYt3PrhAAhI00LSIm0c/77QzUtjbdf6f/YLQM+hkKwb1Hj08ReaknVFYugGXcQuhdVpYYfaZnqndV7DAzSM9c4xceZNPbjHvDUPA7hJJartfPQTdC9wS+9eK6bGiZ8fRN8IiJnLuc3O4HgHkrmxLoGC7KWfzi9zFjGE7j4mKQ6HJvmxURZTBjHaAlIk6jubVEiHP9FGrweI7ubMX8TIn653OsfdCLDmFPEfEqaEU4tdDI=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:aswtgdsysd.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(36860700004)(61400799018)(41320700004)(34070700005)(82310400014)(376005)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: aswtgdsysd.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:31:35.0614

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 25d191f6-ab92-4d94-f60f-08dc4013550d

X-MS-Exchange-CrossTenant-Id: a4ebb3ee-4eb6-460a-bea6-5f3165f203d2

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a4ebb3ee-4eb6-460a-bea6-5f3165f203d2;Ip=[176.123.3.128];Helo=[aswtgdsysd.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK2PEPF00006FAF.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR06MB6062

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.



Content analysis details: (6.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.117.122 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.117.122 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_HK_NAME_DR No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=



--_95a756f8-48c7-4622-8e54-bf4b09b4339f_

Content-Type: text/plain; charset="UTF-8";









--_95a756f8-48c7-4622-8e54-bf4b09b4339f_

Content-Type: text/html; charset="UTF-8";



















Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.













src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">





src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" yCjMIuxMcfpR>















































--_95a756f8-48c7-4622-8e54-bf4b09b4339f_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 09 Mar 2024 06:14:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riwWN-00000000L7d-1bnb

for dave@doctor.nl2k.ab.ca;

Sat, 09 Mar 2024 06:13:51 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 06:13:51 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastasiaazon11022011.outbound.protection.outlook.com ([52.101.128.11]:43400 helo=HK2PR02CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <683339915592@wzestesgydf.maarredesvirs.life>)

id 1ris4I-00000000A96-3E9v

for root@mail.nl2k.ab.ca;

Sat, 09 Mar 2024 01:28:39 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=ek6hgAybOn/eerYkjUMJVohxuFrUuRoZVvfwpDCr1drCl5jJG2GCKOi2rSOS9xRx3i7a1qXEu65scr5gRUgV0arwolOHBTgU6NuCLwaFpbEwDxcnLBRDXWe7+uFbR0mSTN8cNzmUJAGqwhoHOsaoq44zegfZpomuqEnLntP6URzZbmtEP0zRK25/pUgKxtoWaO/sk+HdyPAo6xD0nxhIFy36DbJxq+b7VCPI9uk3KyNGO0P/H9GrjJdIMrcf1FUDdw+i3UEfPkt/sF+FVceV/pp2XM+3bMrpit/DkM5iYTMXZfhDfbT4/ss5E1o1e3xGK972DBI277GFzxy2op8ISA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=v9GIyyI2wFE+TzdO0b1ZaYLhdRdRbvdlwJ7oqgG6Vdw=;

b=MvEJ9PdR2cAA3uo/THb8AvqnMFD3NgwB3zTU1tNKpJLTvNOzh/Q4LIKAFhIBCRBBRkRJwX5vdJjOhetC78dT50FYo0cP6o3Nx0x8aDWij29xNrDjmVIPvg3WDql0gWmr7++SFCrgcu4Z0c63F791GlFINsGRGNNZVhf+FZzRP4VxCJpmvTtzH2NMF46r2Aif1qMUeuTF0qivdtKZ9X21ovugZptHJ97krNbhBQWsQQ/uhHHT6Lg4sAy2WLara3/J8opI7b3vtBwV5yQiqn/z1ZhDI6Q34c+5EGsCJqj/RQ8CE6S9o9GOaWUYQp6x1ERvou9SsjYKFxFqjmZd6ed+iw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

176.123.3.128) smtp.rcpttodomain=mail.nl2k.ab.ca

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life; dkim=none (message not signed);

arc=none (0)

Received: from PSBPR02CA0011.apcprd02.prod.outlook.com (2603:1096:301::21) by

TYZPR04MB7741.apcprd04.prod.outlook.com (2603:1096:405:74::14) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7362.26; Sat, 9 Mar 2024 08:26:26 +0000

Received: from HK3PEPF00000221.apcprd03.prod.outlook.com

(2603:1096:301:0:cafe::1d) by PSBPR02CA0011.outlook.office365.com

(2603:1096:301::21) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.31 via Frontend

Transport; Sat, 9 Mar 2024 08:26:26 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 176.123.3.128)

smtp.mailfrom=wzestesgydf.maarredesvirs.life; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=wzestesgydf.maarredesvirs.life;

Received-SPF: Fail (protection.outlook.com: domain of

wzestesgydf.maarredesvirs.life does not designate 176.123.3.128 as permitted

sender) receiver=protection.outlook.com; client-ip=176.123.3.128;

helo=wzestesgydf.maarredesvirs.life;

Received: from wzestesgydf.maarredesvirs.life (176.123.3.128) by

HK3PEPF00000221.mail.protection.outlook.com (10.167.8.43) with Microsoft SMTP

Server id 15.20.7386.12 via Frontend Transport; Sat, 9 Mar 2024 08:26:25

+0000

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: root@mail.nl2k.ab.ca

Sender: gqULBGIiZiCq@wzestesgydf.maarredesvirs.life

Cc: root@outlook.com

Content-Type: multipart/alternative;

boundary="_c84080d3-0050-42f0-be74-4eb13186a347_"

Date: Sat, 09 Mar 2024 08:26:20 +0000

MIME-Version: 1.0

Message-ID:

<05fdb39a-034d-4a15-8330-61913404a2e6@HK3PEPF00000221.apcprd03.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: HK3PEPF00000221:EE_|TYZPR04MB7741:EE_

X-MS-Office365-Filtering-Correlation-Id: cb398f19-71c3-4d61-96a0-08dc40129c7c

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

jcaPPxvCGf9cSn0yjAq1gjbzf1zl8H6/ypalP7OSlZVjSAHEUzKM6EUEVFoRhvsw/9ZzdICtcGBKbFQTgReYYUPM2e8p3O0jvj/YWa8xZBueTiQ/Hro4nqVJXrIrvjjXx09kZD8RXZbY8jUNvlCxFBEAiqkOSik34FPSIE8g9BGDxlZnfDeQCBBGNQ033hAHXWBZIiFBj1n7Nv6WRORMtFXB7nWYR29z0JAq1Q4noKiOlPF62dj2CiceXyR1oB5B6Fd/pCpo9FeARI+piCiih25oR73s2OPi4viC3x72tQRpTgMPTh/3DUQY5zmKt5KBQ2XzX43HcZvMvlRPVjJI8Ei+gNHYnwwbSXd/+W/Sa7E1luA5yf6E7DW1UjTfetS/iJoZ8YiydMVPYd2lLJZYRO/VCK2qB5/GuGsjOoQRLqAPPbd2VQ77QQlQhdDEzQ59LvARlvhN2bjVZqd9N4BviZ7rHACWJS5oRyH8kgpXxBGRYUnW+Z40OvGokGmTwhQAcdBzBvdl27fYvhoJn7EqoIRvewJtWuuGvrzorhmqozq4ZLZb2dpe4VI5zBNDSW3MEffyP036b2JQtQLxBkSTCzYgCN+MfejjWgkXjgguYpMeBrn33HJ0xlI/72r8onvExmewb1I3jQK+dwjuLOOyN8KDYM3VrJVmaM9qVDOGJAyRlw5O2dan7Z/XnSBWwdtXQPPGEmDCYCXT4RkRtCfZz0fcGGCQL4rFYeXTdgbzs4U=

X-Forefront-Antispam-Report:

CIP:176.123.3.128;CTRY:MD;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:wzestesgydf.maarredesvirs.life;PTR:zamoura.decisionmakers.online;CAT:NONE;SFS:(13230031)(41320700004)(82310400014)(376005)(34070700005)(61400799018)(36860700004)(20072699006);DIR:OUT;SFP:1102;

X-OriginatorOrg: wzestesgydf.maarredesvirs.life

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 08:26:25.4236

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: cb398f19-71c3-4d61-96a0-08dc40129c7c

X-MS-Exchange-CrossTenant-Id: dddde438-3f2d-4a18-9530-ce685755e312

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=dddde438-3f2d-4a18-9530-ce685755e312;Ip=[176.123.3.128];Helo=[wzestesgydf.maarredesvirs.life]

X-MS-Exchange-CrossTenant-AuthSource:

HK3PEPF00000221.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB7741

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.



Content analysis details: (5.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.101.128.11 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_HK_NAME_DR No description available.

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=



--_c84080d3-0050-42f0-be74-4eb13186a347_

Content-Type: text/plain; charset="UTF-8";









--_c84080d3-0050-42f0-be74-4eb13186a347_

Content-Type: text/html; charset="UTF-8";



















Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.













src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">





src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" CJDcnQehlqBi>















































--_c84080d3-0050-42f0-be74-4eb13186a347_--

Dr. OZ phish from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Sat, 09 Mar 2024 05:50:00 -0700

Received: from ns2.nk.ca ([204.209.81.3]:43273 helo=gallifrey.nk.ca)

by doctor.nl2k.ab.ca with smtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riw8L-00000000KTd-31RO

for dave@nk.ca;

Sat, 09 Mar 2024 05:49:07 -0700

Received: from doctor by gallifrey.nk.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1riw6T-00000000K9L-3DqY

for dave@nk.ca;

Sat, 09 Mar 2024 05:47:05 -0700

Resent-From: The Doctor

Resent-Date: Sat, 9 Mar 2024 05:47:05 -0700

Resent-Message-ID:

Resent-To: dave@nk.ca

Received: from mail-psaapc01hn2207.outbound.protection.outlook.com ([52.100.0.207]:21089 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by gallifrey.nk.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from <623172099177@19ygkihjkhj.volcanicallyactive.store>)

id 1riui1-000000006ce-0mp9

for news@gallifrey.nk.ca;

Sat, 09 Mar 2024 04:17:59 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=RJFX2U0IQLBlLRdozzr7yVFILohWWA7/g/4vxRi3lXh+WXMGjsfLd6EafRSNZu3oozmWK7Ewk6SyL7ARC7xAY2cql+xDwuQehxsV5UWdxNOS+G0CSW6jj2k6MvfjyZk/QZZ5d80ZVrmqHMrRjIFXpWbhnT34REXrINF5devxUnswewTBFSiUFCaTPh8NZEngErJYlk5L/eUhJ6erQ9y23Y9uyIk12H+3GTlnqcbropy76IxflY4AL6J8UC4hRiNdnYWxUCMzXONj9RvcQ6IY4jNioBqXJxd+N19cPv6jGEWflssgm8CmLEkVJzYA6vsLVhMOSxCf4bNrhXylspM4vA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=z0PTn+/yY7ginIa2NaPumVlDYWqf4/Hzea4JYHuNP7A=;

b=bLvVWfYE4yEuR5S1bBrd3tSVd2ztXz72cO+Fkwrci7iTHHvQ+CT0GTfovs4IQXyaUVGpmweSEBfJUPl/da93X5oNOQsI1jPf0pbenz0wLlf2QO23kGbUToDaMh8FqYyMANVc5/4rhfXdPRd2jNlubNdmhIPeUSqegKrN/pei5VMbcHME3N4vfCkoH2r+j7OlTQsJWYMYJLX0ZXTKU7Q9BeXJR/ah3SULcSx4fSv6VUpck/wTFHT7eDraHE22A5b+vZoVMOJbQKJIbHlm69y7AlRnyjF9Ne4FqrjZeE39XNPjmAml65C70XQ4XjRJHXEyi+6FrsPc/F1+xg42GpKASQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.148.244.11) smtp.rcpttodomain=gallifrey.nk.ca

smtp.mailfrom=19ygkihjkhj.volcanicallyactive.store; dmarc=none action=none

header.from=19ygkihjkhj.volcanicallyactive.store; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.148.244.11)

smtp.mailfrom=19ygkihjkhj.volcanicallyactive.store; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=19ygkihjkhj.volcanicallyactive.store;

Received-SPF: Fail (protection.outlook.com: domain of

19ygkihjkhj.volcanicallyactive.store does not designate 45.148.244.11 as

permitted sender) receiver=protection.outlook.com; client-ip=45.148.244.11;

helo=19ygkihjkhj.volcanicallyactive.store;

From: "=?UTF-8?Q?Dr. Oz. ?="

Subject: =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=

To: news@gallifrey.nk.ca

Sender: CaqJSQiOulGk@19ygkihjkhj.volcanicallyactive.store

Cc: news@outlook.com

Content-Type: multipart/alternative;

boundary="_959c3d16-a88d-4384-a49b-c2633ceb5eb7_"

Date: Sat, 09 Mar 2024 11:16:50 +0000

MIME-Version: 1.0

Message-ID:



X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SG1PEPF000082E4:EE_|TYZPR01MB5786:EE_

X-MS-Office365-Filtering-Correlation-Id: 05003c97-f190-4760-6b2e-08dc402a6e8d

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?b1NyOEFvd01GWE4xMHl4ZmdXeUtLeTRZRkVMN29WZVBYYW02Uld5WHkreEhF?=

=?utf-8?B?bWF2Y2xFejBhbnNsejdrTHpsdEIwOEh2cTRYYk5QdEp0RXB1ZkRFRCtXOTNw?=

=?utf-8?B?VnZ4dFpya0c0bE0rRW54RWdSRnVOckdxVzB6N1lJcUVaOWk5elEzdFJYS1U0?=

=?utf-8?B?WTgrYUs1L04vZzFGK1lTRkZURHcwVzRDOW1wU2trTFUvZVJYZnU2TUo5T2N6?=

=?utf-8?B?WVdveEJtQmNzbmhzdjlUZkFsNzVLMUtuYjh6Q0pnQ3VsMi90Ry9Uekl5ZjFr?=

=?utf-8?B?aXZZdTJQaWpaYzFaMU9KVk5IWk8rd1ZnSFNDdXh2dkxUWnpFM2FyY2NxR0JI?=

=?utf-8?B?MDZ1enN0UStPZndoWDBBSlAyeXl3cEhGQkx4NnJCYXBlMTJjOHQ2djlXUmkw?=

=?utf-8?B?djNoYnM4Zkh6UHpxZXhGWDJySi83TTN5cm1YZ2dhQkwvSURES3BoY3ZWZkwv?=

=?utf-8?B?bWRiUDBQQmhvZlFGNTU0Q1BvNjl1eVd0Q3hDRXkvemRLcFhYb21MU0o1QU5p?=

=?utf-8?B?TUphRFp0YW1tOFRBRVpyMFRINERnWVJuT1pOVHQ1a2xsUjdhOE51blkrbUZP?=

=?utf-8?B?MHlKdVNwMkxZRUsvcGhjQ1czT1REN3k2TTZxaWs2NklDNmlPOWFCRzdIek1z?=

=?utf-8?B?Y2lqTDRXRmNzbVJ0bitYSUZYQjZCbjJPaC8vclpCMjBtRlhUNWN6UEc2aWhK?=

=?utf-8?B?TXQwYXp5NVpxTytsOS9rVE9NcTRHVStSVGNCTGRwT3htcm9PRXVpNFFLWmJR?=

=?utf-8?B?R2YwU2NVc3ZxUW9xZWluTmZuKzJIT2wxdnE2SDJGb04xanFucGtvNEVTWElI?=

=?utf-8?B?WTlZbGk5NFVpaEpwRURWUUJUSVFKVlRValg5MmY0bTlMbDZtNUh2SXFqOSty?=

=?utf-8?B?WnVUdEtFdVZkcmJhOEdyazE3VjluMzBzOG1HaFlYck5wU3VwNWVmMG5FRDNK?=

=?utf-8?B?R3VUeU5mMzBlOXdrakZldUJNbXVWNzNoWXlrTkxqN1JDWXpESDFRUDRQdnVC?=

=?utf-8?B?cUlpSk5mSkQxVTZDeWN6ck9paGlweEVRZ0kzbmhhb2FUR25KYlFMVFloVGhq?=

=?utf-8?B?c3dNQmVjWm1ySnczRHhhNStKWmhxRmZyL1pRVXQzM3AxZTJRL0RWbWlyRElh?=

=?utf-8?B?b2xta0o0SDdrNDhhcnh2TDNXZ1orc2ZTbklncVFnbWhKbGRXY1VEQnB4dEcz?=

=?utf-8?B?SjhvRkMxdUo3cERxSTFHZUozdjZZcGwvL0FxcTVqODcvNTNxejRNYitPVEc1?=

=?utf-8?B?TjNsVElsdU9LYlhBQzRaVVc4eVo0SlkydjlNZHI4ZnlZYWxWZzZwNFU2NGpT?=

=?utf-8?B?bUdURkRYTjBvUS9YdTl2ZGxNV1kyakFON2lhazJtTU9lb2pwZUFpZmZzaWx5?=

=?utf-8?B?RnUzbFE2ZW9XeVdFRVV4MzM5a3kwd3R6QWpKbGFpS2EzWkVMVzZzNjB0OWpj?=

=?utf-8?B?RVVEMzN2OUtEblJQemo1Q3hISjdzeElZTlVTY1RZc2tNdnc0RGlUT3pMYUJW?=

=?utf-8?B?QWxBR0oySzB0WHM5VE1EcDdZZmlDWVR0d0g4aWMyc2JtQlNXSExzdHd5ZGRT?=

=?utf-8?B?ZDJwZzh6SzJhY2xpeUtrUkFISWloZXMwN1I0eVZMMTBKMmxtWENLTktuRHNS?=

=?utf-8?B?Q1BlbzI4WEh3REltZ0ZmL0RlM3Z4UkVxRzBFV2VaSmJMZGNIMlNkakJaTy8z?=

=?utf-8?B?bTM5cXJKN3czMHE1YlRiV2h5cDBta0pRSy9VamdzenQzcTdlb1BCTHVPQkxL?=

=?utf-8?B?NnFJQ3M5SU4zT29HdEVrbmtIN1o1SzFqaWJTRkdZdmJocDhQTURhMXBWRDI1?=

=?utf-8?Q?hHZ2sZNl6OvWSdjHBBad3ZQ5JDQjyHWGKK8ko=3D?=

X-Forefront-Antispam-Report:

CIP:45.148.244.11;CTRY:NL;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:19ygkihjkhj.volcanicallyactive.store;PTR:rebertocarlos.avecnos.life;CAT:OSPM;SFS:(13230031)(61400799018)(376005)(36860700004)(82310400014)(41320700004)(34070700005)(20072699006);DIR:OUT;SFP:1501;

X-OriginatorOrg: 19ygkihjkhj.volcanicallyactive.store

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2024 11:16:56.3583

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 05003c97-f190-4760-6b2e-08dc402a6e8d

X-MS-Exchange-CrossTenant-Id: 0a1d0ac8-3d8f-436b-a70a-2dcb1f3c7ef5

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0a1d0ac8-3d8f-436b-a70a-2dcb1f3c7ef5;Ip=[45.148.244.11];Helo=[19ygkihjkhj.volcanicallyactive.store]

X-MS-Exchange-CrossTenant-AuthSource:

SG1PEPF000082E4.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR01MB5786

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.



Content analysis details: (6.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.100.0.207 listed in list.dnswl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.0.207 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_HK_NAME_DR No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Exclusive: Wow! Look at me now! Wanna know how - the amazing

new diet taking the world by storm.



Content analysis details: (6.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.100.0.207 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.0.207 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 172.105.21.95]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

0.0 ARC_SIGNED Message has a ARC signature

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence

0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_HK_NAME_DR No description available.

2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable

Subject: {SPAM?} =?UTF-8?B?RHJvcCAyOCBsYnMuIGluIE9uZSBNb250aA==?=



--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_

Content-Type: text/plain; charset="UTF-8";









--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_

Content-Type: text/html; charset="UTF-8";



















Exclusive: Wow! Look at me now! Wanna know how - the amazing new diet taking the world by storm.













src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/e4ee669b-98e9-4a44-880c-7a97be392fa6/KETOCA4086.png?t=1709972029">





src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/3b16d6e7-90a8-4564-a4bf-3a173f61f213/KETOCA4086_UNS.png" sDBTrYGLZOkv>















































--_959c3d16-a88d-4384-a49b-c2633ceb5eb7_--

Nigerian spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 08 Mar 2024 22:14:00 -0700

Received: from mail-wm1-f49.google.com ([209.85.128.49]:51206)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rip1l-000000002s0-3zvg

for dave@doctor.nl2k.ab.ca;

Fri, 08 Mar 2024 22:13:49 -0700

Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4130ff11782so10487645e9.2

for ; Fri, 08 Mar 2024 21:11:50 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1709961104; x=1710565904; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=kgdrMN9g0GsHAgBR9i3BNGcLKyU+bx+O5QOpq6bqOQ4=;

b=Ic4Krz4SOOPgK9lPxa2PRgVBqaLaWZMCuECvYSKFWD1s8Lnc4s2IBuza7LYMHLhXfY

atq8kHx5bnKQGKSaJ4j75PoVI9FJjk8sBnNGQcpYJdD9vi/Ht7S42qB2ZqLPkM2/Msw6

SqyQv9PhEHtrkUcYms+vqfiApB6668BRALZtpB6xLxus5UNJCR+lItNM1godNRHauDx1

DgjJdhVrOrEzwJD78ZwlQFpG9+A+O2rkM6VTFr2wx89Cizeh+Mpbv+yHhWoQei9x4MRe

4bTunEmdQVPknn4C88gy2RBlkk0QWLGStzzhIfzjQvG2oBRtCA+XEaaRLij9nzlgPjJA

Dvog==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1709961104; x=1710565904;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=kgdrMN9g0GsHAgBR9i3BNGcLKyU+bx+O5QOpq6bqOQ4=;

b=MyShskezygDyEwJjQF75jYWZgFtWEzQN+HZaTLkeR2bR3Zl0aEGx0sPxM1MfZjA/Xf

yOsKX7g5tW8LnqofTgW7RXUGePST8GRQIpH5hxDTLfS6ENenTWKHdOsEmgww1O7hYI0B

z8nKAHxdUfxP2JlU9nSxmUEuUzEKBENpGNOES50Arzw/pt4BfDq+N9B7XtpUryGKJfrg

vGe9cdMa4STM563y/tcIPhGmIpvaVuim3cr1W2thoLsRDYCqiLNhtn8MQ2E+Sf8mWep6

VLg4CGrih4GYV1gkFWlCWzUi0XtHPVFHJZDW9DuYoJ2OKTbio1GPoA26Ua+Z+Cq6e35B

dZtw==

X-Forwarded-Encrypted: i=1; AJvYcCXM9Sg6Z8xV6II2M/4WfZ4oITMp2Asdef7uje7g/LlH2yMvpSXiJLsWtAV38lHWJHMQXtmL8KgTH21jegVUpQjE4iYd5szE

X-Gm-Message-State: AOJu0YytTVICALeAfjp8+w/172+quTZ0Vi/+/J+qmKN+VH6YLFD6zWf1

4yLb3mXWl5w0YLbPGAaAzkdkl5dqZNaLs2mBpCWqPQAzB+uxDXHnPMGLoSDPfpZ9oyjNbutUm6V

/xqeO2O9vIS6VDbVm1IUyT5HF+BQugozkkvUaEf0w

X-Google-Smtp-Source: AGHT+IGo0rERGeqseQ0U9M9TEj/4XAGfyyjCM02wa/88K5hDU9RLZdjKAi4jyOZFCQXCU3Pdr9o05f19S7yqBVZFfuI=

X-Received: by 2002:a05:600c:310c:b0:413:1ae3:8dd2 with SMTP id

g12-20020a05600c310c00b004131ae38dd2mr628873wmo.37.1709952788541; Fri, 08 Mar

2024 18:53:08 -0800 (PST)

MIME-Version: 1.0

Reply-To: Mrs.BillChantal233@mail.com

From: Mrs Bill Chantal

Date: Fri, 8 Mar 2024 18:52:54 -0800

Message-ID:

Subject: =?UTF-8?B?5ZWG5Lia5o+Q5qGI?=

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000008b395d0613316894"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I have a business proposal for you. If you are interested,

please contact my private email (Mrs.BillChantal233@mail.com) for further

information thank you I have a business proposal for you. If you are interested,

please contact my private email (Mrs.BillChantal233@mail.com) for further

information thank you



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[mrs.billchantal233(at)mail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[michellebarack01(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[michellebarack01(at)gmail.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.49 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.49 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 HK_NAME_FM_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} =?UTF-8?B?5ZWG5Lia5o+Q5qGI?=



--0000000000008b395d0613316894

Content-Type: text/plain; charset="UTF-8"



I have a business proposal for you. If you are interested, please contact

my private email (Mrs.BillChantal233@mail.com) for further information

thank you



--0000000000008b395d0613316894

Content-Type: text/html; charset="UTF-8"



I have a business proposal for you. If you are interested, please contact my private email (Mrs.BillChantal233@mail.com) for further information thank you




--0000000000008b395d0613316894--

Nigerian spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 08 Mar 2024 22:14:00 -0700

Received: from mail-wm1-f49.google.com ([209.85.128.49]:51206)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rip1l-000000002s0-3zvg

for dave@doctor.nl2k.ab.ca;

Fri, 08 Mar 2024 22:13:49 -0700

Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4130ff11782so10487645e9.2

for ; Fri, 08 Mar 2024 21:11:50 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1709961104; x=1710565904; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=kgdrMN9g0GsHAgBR9i3BNGcLKyU+bx+O5QOpq6bqOQ4=;

b=Ic4Krz4SOOPgK9lPxa2PRgVBqaLaWZMCuECvYSKFWD1s8Lnc4s2IBuza7LYMHLhXfY

atq8kHx5bnKQGKSaJ4j75PoVI9FJjk8sBnNGQcpYJdD9vi/Ht7S42qB2ZqLPkM2/Msw6

SqyQv9PhEHtrkUcYms+vqfiApB6668BRALZtpB6xLxus5UNJCR+lItNM1godNRHauDx1

DgjJdhVrOrEzwJD78ZwlQFpG9+A+O2rkM6VTFr2wx89Cizeh+Mpbv+yHhWoQei9x4MRe

4bTunEmdQVPknn4C88gy2RBlkk0QWLGStzzhIfzjQvG2oBRtCA+XEaaRLij9nzlgPjJA

Dvog==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1709961104; x=1710565904;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=kgdrMN9g0GsHAgBR9i3BNGcLKyU+bx+O5QOpq6bqOQ4=;

b=MyShskezygDyEwJjQF75jYWZgFtWEzQN+HZaTLkeR2bR3Zl0aEGx0sPxM1MfZjA/Xf

yOsKX7g5tW8LnqofTgW7RXUGePST8GRQIpH5hxDTLfS6ENenTWKHdOsEmgww1O7hYI0B

z8nKAHxdUfxP2JlU9nSxmUEuUzEKBENpGNOES50Arzw/pt4BfDq+N9B7XtpUryGKJfrg

vGe9cdMa4STM563y/tcIPhGmIpvaVuim3cr1W2thoLsRDYCqiLNhtn8MQ2E+Sf8mWep6

VLg4CGrih4GYV1gkFWlCWzUi0XtHPVFHJZDW9DuYoJ2OKTbio1GPoA26Ua+Z+Cq6e35B

dZtw==

X-Forwarded-Encrypted: i=1; AJvYcCXM9Sg6Z8xV6II2M/4WfZ4oITMp2Asdef7uje7g/LlH2yMvpSXiJLsWtAV38lHWJHMQXtmL8KgTH21jegVUpQjE4iYd5szE

X-Gm-Message-State: AOJu0YytTVICALeAfjp8+w/172+quTZ0Vi/+/J+qmKN+VH6YLFD6zWf1

4yLb3mXWl5w0YLbPGAaAzkdkl5dqZNaLs2mBpCWqPQAzB+uxDXHnPMGLoSDPfpZ9oyjNbutUm6V

/xqeO2O9vIS6VDbVm1IUyT5HF+BQugozkkvUaEf0w

X-Google-Smtp-Source: AGHT+IGo0rERGeqseQ0U9M9TEj/4XAGfyyjCM02wa/88K5hDU9RLZdjKAi4jyOZFCQXCU3Pdr9o05f19S7yqBVZFfuI=

X-Received: by 2002:a05:600c:310c:b0:413:1ae3:8dd2 with SMTP id

g12-20020a05600c310c00b004131ae38dd2mr628873wmo.37.1709952788541; Fri, 08 Mar

2024 18:53:08 -0800 (PST)

MIME-Version: 1.0

Reply-To: Mrs.BillChantal233@mail.com

From: Mrs Bill Chantal

Date: Fri, 8 Mar 2024 18:52:54 -0800

Message-ID:

Subject: =?UTF-8?B?5ZWG5Lia5o+Q5qGI?=

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000008b395d0613316894"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I have a business proposal for you. If you are interested,

please contact my private email (Mrs.BillChantal233@mail.com) for further

information thank you I have a business proposal for you. If you are interested,

please contact my private email (Mrs.BillChantal233@mail.com) for further

information thank you



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[mrs.billchantal233(at)mail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[michellebarack01(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[michellebarack01(at)gmail.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.49 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.49 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 HK_NAME_FM_MR_MRS No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} =?UTF-8?B?5ZWG5Lia5o+Q5qGI?=



--0000000000008b395d0613316894

Content-Type: text/plain; charset="UTF-8"



I have a business proposal for you. If you are interested, please contact

my private email (Mrs.BillChantal233@mail.com) for further information

thank you



--0000000000008b395d0613316894

Content-Type: text/html; charset="UTF-8"



I have a business proposal for you. If you are interested, please contact my private email (Mrs.BillChantal233@mail.com) for further information thank you




--0000000000008b395d0613316894--