Web / SEO / App spam from Microsoft Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Aug 2024 11:52:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1shuvN-00000000FS2-3T6h

for dave@doctor.nl2k.ab.ca;

Sat, 24 Aug 2024 11:51:41 -0600

Resent-From: The Doctor

Resent-Date: Sat, 24 Aug 2024 11:51:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastasiaazolkn19010011.outbound.protection.outlook.com ([52.103.64.11]:31286 helo=HK2PR02CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1shsrx-00000000JC0-1cWK

for sales@nk.ca;

Sat, 24 Aug 2024 09:40:05 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=OSPmvqFMmKqXUd5ccH8yC9CGlB7YRPGxGNrO9B2i/8mwm1ttzGDmnH7SblfPa2vOwvfCRHrNroLmisWdiwAfBXsjn1UPMshCbzc8sWQV3KQ69TIvlOkWWfIZRfE6i5+W5gjsB+dxX8FFHEQOrwiehVZu4tk4qQ5JUCvXsi8VTsuPw1Ee5t85rD+P+9Ig/B5FMDU0qDDCNDXpf/j2GcRtdzc75tuwZcuuh4TXpVLJONfLRJDLPM6g+2Vrzy5NtxepE2qsZIbfBE1gjejrobJPj6M0Q7+3JS0gb3EbBqOeP1EYIybV6yuBGOXTt4syx3WOZ49fPl0Ag8cMvY6k1tVJ7A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=NVOAqA45bevgf6b1N6ZNevcWBpSpEaZHDosvd7KVgmM=;

b=RPRUHehH32l+Q311KUjA8Z/Q2PO5hOtYJJMU9vguDTiZf9zHcFwL60d2BWd3M67XO1LCHP0dt2jNHbjymu1okdb0EG8aIe9M+lGHde1aaXGPzoN2cIutGMRMoMdL16ir4l8ftqFEl4XIuMOo517sIgNr8sM8n73xstoTpc4GLnxEetWliiUySL19jV4YJy7cRjCHOkecXZibi7+ZWLVcRLaj9SumcMPVwPv0HBl0Gb3mRnXUWgFMX3MRBx0FGEYzcZ1ROhqNWDMoKUOknHhB2v6SWME7aEh5wFu7cXhjQpT3iA0KIQvbYwzmO24Pq9jFDeoK/9Z9CRla6nrF/Ifgsg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=NVOAqA45bevgf6b1N6ZNevcWBpSpEaZHDosvd7KVgmM=;

b=WSwaFAf14sT4aNRmtdGQYMhDp12EMmBt5r/ww9NBrGpb0QMlXhlWB1r1jXvPzV4xRaQVvVd0fpkkmHpsfEGwj95gTS95AXB7IX49ROlREA0HZPFTPIb+X0K78xEbmYqlVFSU5WxttrcWmYcPWNVqE7h7WTtaDkIt4ILX5k6LPYdQ39s5LHYrdSkg/psemVr1IIizSw3eRXSJ1W5tScpYdKAEQTTG3ATSILal7eE1sGSKJXX7Ohrm6GEq8gNqKzVhWOhmb3bmL2gTTetlX7bbiGK9AoByQ0Ys3AUI+gU273rHxtYAvYy/35lqehfmTrcUrWbLHVSlU7RyuYnMWSAElA==

Received: from SEZPR01MB4456.apcprd01.prod.exchangelabs.com

(2603:1096:101:73::8) by SEYPR01MB5978.apcprd01.prod.exchangelabs.com

(2603:1096:101:1d6::11) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Sat, 24 Aug

2024 15:37:37 +0000

Received: from SEZPR01MB4456.apcprd01.prod.exchangelabs.com

([fe80::418d:f47d:3438:354e]) by SEZPR01MB4456.apcprd01.prod.exchangelabs.com

([fe80::418d:f47d:3438:354e%4]) with mapi id 15.20.7897.021; Sat, 24 Aug 2024

15:37:37 +0000

From: shriya joy

To: shriya joy

Subject: =?Windows-1252?Q?Re:_=93Update=94=3F?=

Thread-Topic: =?Windows-1252?B?k1VwZGF0ZZQ/?=

Thread-Index: AQHa9juMc3QtzRDElkSQVikbqubD0Q==

Date: Sat, 24 Aug 2024 15:37:37 +0000

Message-ID:



References:



In-Reply-To:



Accept-Language: en-GB, en-US

Content-Language: en-GB

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-tmn: [Q1XBiWHOTVtinCa2rkVc5xQbXuJ1DLqt]

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB4456:EE_|SEYPR01MB5978:EE_

x-ms-office365-filtering-correlation-id: d4f03a89-f4a5-4f80-8f86-08dcc452ae86

x-microsoft-antispam:

BCL:0;ARA:14566002|461199028|19110799003|15080799006|8060799006|15030799003|3412199025|440099028|102099032|1710799026;

x-microsoft-antispam-message-info:

B5+2sO0F8idSQlTmP2178L2pcoev7bztxynHqW4zQlL85/fWU5mtbHGgsJJD9810NGd87mb1pPlMC5NKJEVUxcpBhs2rDAPRbE1/8kPf+woZeFlYee2nvLTkA1c2JGDQt+77I0a+JXG9EEyUVBVSdvcpTckTTXYLm7X0526rJQQEgnLcM+R0CW3SmxTEOv+mYj0E4JWKCQ17m0fWIJrlTn1/wxJzDRCkPWMKP0VokeSD9B3IjvpJ7VI8qeDO/VQTH6K2BGadzDNPiIUjarZSiKAyDefoHeefwOTl8kdXC8uT3qMHi7kl+W4MixL9G+YeQohzRVuW8AcPgsaYNoSJ3Wq4HN0waiJmugcAhOpNRPc/oWSbHP0w+Ch+PxtnCmVD6TiixheEm3BlDSxb0w3MxHmBWgUGSqPxjHKtGtxr5vrqnO+T0RZMRduJ/LwXlYk9+Fb2CI2sUY6Cu2rvmNZoTHrQWXy8aIkWTayzg36wHaCcBf3vVqYFro7zcMfACB+Isj4Lrgt3/RMJnPFNRH8uqrKKjYkSr73OzmvF0/tI6ChgN4ICydGCcszF2FbB0fmBQZKtyEZ9xZDRTWVAwQQLA9BDBNkkvNOssrlyVFoVY5baserP9ggZEOwU36TMUHVl51MaBxWRETqoHHAhZ4ps4BjH//9voz+/QCwcmChRa1J6a+GFrBjR0rXXEE6wCM03mgzqSEyE3H3d0CPRconEJhA649svsEZTB7poCna9rTOx4kbSsMaPSIFKUqwLD8iu

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?e5oCHvnYg3VdwMMYLq8wGeZ2X4tzEzr89YQxFJ366xBEg2rcWlTDNLuT?=

=?Windows-1252?Q?p7eQlHzB0amDbYfdrix44gvb4uPDy0hTKtwHYhEQ9ZS8bS04HrEpW3LE?=

=?Windows-1252?Q?FZ0jVJIoGNFBtux84u83Kx+CsTGbjX0T99eyB3k2HOpNB/qC4mrbUtO9?=

=?Windows-1252?Q?3rkHnhVZSwi8bys25OFXzjBvNAjDoIaOoVz5GTS4mwseoPMg5oGAlI+K?=

=?Windows-1252?Q?aERCL5e3u8IzYZHtuZOmtb70VrHkjApBk2qb86LiPjO8e7HpZdfxSXY3?=

=?Windows-1252?Q?4NTjH8ohyh//oP7ECPOw1ECnkgwgOn0TqJHDDF5BhhhG8PqkyFuB2ewq?=

=?Windows-1252?Q?JHRMEswTKWUlKxWpO6olft/45L7U3sRUPo659NyXPlMHKrgoL/Ltuyuq?=

=?Windows-1252?Q?amidM2crlRbWt5YPCNqvAfxqQ1DoAButbwt61Cfc2DReosChF1hcLbmE?=

=?Windows-1252?Q?MJOhnXMxFCSd+3jOwMlxWTPhLoAGllTfYDZaNLchCFWD4FBMjQEz9MHL?=

=?Windows-1252?Q?YBTtvxz12QeXESl2/1wed7FIb2Z/01vqvU5uLp4KgkA3YPQZreLT+rkk?=

=?Windows-1252?Q?Tc/9WfEytmRHPhLW3vsQJXyvFgXztSupw7JzMUNE7VuuhRjR504OhD5E?=

=?Windows-1252?Q?xv30PDK/zdy/43ApqqiJuV7CaPKLl3sQK3wo1GqekZe2XOO1gkqg48za?=

=?Windows-1252?Q?r2pYMNgKtydgZB1UPXFF6fx924HHXaH90aPwAeI/bZGX0XNAVy4OJFp5?=

=?Windows-1252?Q?8xtler/hQEGFWxQFo+FGvLUj96LAWrsflIHaoUcPoJQAuZv9NO+apQKx?=

=?Windows-1252?Q?fqeYcax6clxWSUDuCR29Yy6H5ZKrTBDLfcrTb8/XrdMelYkiZERtWyyU?=

=?Windows-1252?Q?SJ28GBWSX/oSgik/AAcJu29CN1KuAo9Q+PKbznd/DHELRJAKnx7IZTGx?=

=?Windows-1252?Q?0ylu3cFmSdQJOxdcVkQFXjspf15LCQxw+OHkt2OVah5t+PXsdrl+Mf89?=

=?Windows-1252?Q?zvx6aY66NvZZ8QaaQZYJQFWNUftynTQacxsyuIgyMiPvdKDtVScaCiio?=

=?Windows-1252?Q?mDeT6uZppmyIU7yTK6rVXf8LwJ/FxtMgH13+xIOKpNlxiD0GazXqWvFF?=

=?Windows-1252?Q?Kpdy9rbhoDMgCsWKQzBzLfGqFs2Xk80J29sjauzcb9oGqimYwDotz0pb?=

=?Windows-1252?Q?rpIenqglBkMEm/IKLDM1IVhMl8gKQWfnZlHtW4nrmZmZjwySOs0LRX2H?=

=?Windows-1252?Q?liS+eTdI/VzMPPoDjgK3zvo/R/n63eMvHwv1nynl6z6IkFiCNRLbrkPI?=

=?Windows-1252?Q?ToZ90rtJL8hPWgBFhkaH7G+jGeMMpUkmlH7b9VpHPxWvICmkIQXt2Oxo?=

=?Windows-1252?Q?GQe74Rn7m9qwRQ=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_SEZPR01MB4456BF7BC365A271B71222248A892SEZPR01MB4456apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-b4c57.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB4456.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: d4f03a89-f4a5-4f80-8f86-08dcc452ae86

X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2024 15:37:37.3597

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR01MB5978



--_000_SEZPR01MB4456BF7BC365A271B71222248A892SEZPR01MB4456apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi,



Just following up on my previous email. If you're interested, may I send yo=

u our complete proposal along with an analysis of your site's current statu=

s?



Thanks

________________________________

From: shriya joy

Sent: 21 August 2024 17:47

Subject: "Get the Best Quotation for Maximum Savings"



Hi,



Need better search results? We=92re here to help.



May I send you a tailored SEO report with pricing details? It will outline =

simple steps to boost your rankings effectively.



Does that sound good? If yes, I=92ll send you our Quotes Packages.



Thanks!



--_000_SEZPR01MB4456BF7BC365A271B71222248A892SEZPR01MB4456apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Hi,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Just following up on my previous email. If you're interested, may I send yo=

u our complete proposal along with an analysis of your site's current statu=

s?



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Thanks








yle=3D"font-size:11pt" color=3D"#000000">From: shriya joy


Sent: 21 August 2024 17:47


Subject: "Get the Best Quotation for Maximum Savings"
t>

 









nt,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:=

rgb(0,0,0)">

Hi,



bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">







bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Need better search results? We=92re here to help.



bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">







bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

May I send you a tailored SEO report with pricing details? It will outline =

simple steps to boost your rankings effectively.



bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">







bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Does that sound good? If yes, I=92ll send you our Quotes Packages.



bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">







nt,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:=

rgb(0,0,0)">

Thanks!










--_000_SEZPR01MB4456BF7BC365A271B71222248A892SEZPR01MB4456apcp_--

Canada REvenue agency phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Aug 2024 06:52:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1shqFC-000000004XP-0Gh8

for dave@doctor.nl2k.ab.ca;

Sat, 24 Aug 2024 06:51:50 -0600

Resent-From: The Doctor

Resent-Date: Sat, 24 Aug 2024 06:51:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.bellabeal.online ([86.48.6.240]:50001)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1shkAA-00000000NZ2-0q2D

for sales@nk.ca;

Sat, 24 Aug 2024 00:22:19 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=bellabeal.online;

h=MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding:

Message-ID; i=admin@bellabeal.online;

bh=YqzWLxjU2K1cTNP85sLfALG7iTkoW2nulQnFynG146s=;

b=HwyaS7Y8ojFntNbOOujS6W9ESi1Scrbv2jUmWN0u9X67nHF+H4e8KQhTRblVMK2qrKg69kS20c1+

FLsImUOi2h99AJfPCIQzqNe6u8cpuz5xaRRXe2VSGQdL9UtEGWACxD+Y0qbvqrYKhtIHlBfuLbK+

GCAsZAVIx5MCSAPMsvzENWUWgnY6aJZxwlMq/eYBIjGZmycQd7c2Uu4cmJBimvyWBAkb04a8EM1G

ETfwasDLIEflWhLOm3AoAaxC1mAZzIkkldJ0wJy9LnbYoCHBZhYoLObD3wZod7t27CdZ69lcYlNl

hQiCJQHTn9cO0T+QfClRwble+WNlNm9o/TZDsQ==

MIME-Version: 1.0

From: "Revenue Agency"

To: sales@nk.ca

Date: 24 Aug 2024 02:20:09 -0400

Subject: Updated Tax Document!

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable

Message-ID: <0.0.E.67D.1DAF5EDACCFF85C.0@mail1.bellabeal.online>

X-Spam_score: 17.6

X-Spam_score_int: 176

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: The Revenue Agency sent you new mail online called: Updated

Tax Document



Content analysis details: (17.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[86.48.6.240 listed in dnsbl.ahbl.org]

[86.48.6.240 listed in dnsbl.ahbl.org]

[86.48.6.240 listed in dnsbl.ahbl.org]

[86.48.6.240 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[86.48.6.240 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[86.48.6.240 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[86.48.6.240 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[86.48.6.240 listed in dnsbl.ahbl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: beneficial-industrious-plane.glitch.me]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

[86.48.6.240 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: bellabeal.online (online)]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.6 MIXED_HREF_CASE Has href in mixed case

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Updated Tax Document!



 

=0D=0A



The Revenue Agency  sent you new mail=

online called:

Updated Tax Document

This mail may require=

your attention.
 

=0D=0A

If you have My Account, sign-in and=

click on "Mail" to read your mail.

=0D=0A


rel=3D"noopener noreferrer" target=3D_blank>View Document Here

=

=0D=0A

 

=0D=0A



If you signed up to receive mail online=

but don't have My Account, go to the  web page to register.

This=

is an automated email message. Please do not reply.

=0D=0A

 





Web / SEO / App spam from Google Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 24 Aug 2024 06:52:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1shqF2-000000004W4-0T5g

for dave@doctor.nl2k.ab.ca;

Sat, 24 Aug 2024 06:51:40 -0600

Resent-From: The Doctor

Resent-Date: Sat, 24 Aug 2024 06:51:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f65.google.com ([209.85.216.65]:58516)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1shjqF-00000000M7K-3kjV

for root@nk.ca;

Sat, 24 Aug 2024 00:01:45 -0600

Received: by mail-pj1-f65.google.com with SMTP id 98e67ed59e1d1-2d3c99033d6so2113672a91.0

for ; Fri, 23 Aug 2024 22:59:45 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=customsoftusa-com.20230601.gappssmtp.com; s=20230601; t=1724479179; x=1725083979; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=lv8cn8OeJAHKb2vxcyLWtHdnRieNY8l2vSm22gSHN2g=;

b=Fekqer2JFlgq9i8RGavuw5FT8//c83bgI/QojWYk4+EDjtAMePEasyodeQCJOX/MG5

PMHmEMDyXF6pPfit/r8ABrS4mwiNprmKILg18LAEx46tbIn7g1ZnFESpRkbrkcaM2rOk

0MItUkYd+HchffPSPNnG9nd5vbp/9Jgdsv0tHcAcT11uAPCtlR7vBtXtYZbW+kJz8xwi

0tkqF9kIJfq/jGQEoVzQwtO/DUgysfvXsSEa2397/DuFmpPnWvmy2V2xN8+0zD3H634E

istJIWoj7aWpG/TTVT//gbmTVNGKSg0U0nejCGKI3NSy+J4sXdJm84sHvGR0HLsWcHGv

nuog==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1724479179; x=1725083979;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=lv8cn8OeJAHKb2vxcyLWtHdnRieNY8l2vSm22gSHN2g=;

b=Bt489cw+xXTGmu7TcDF8eDCC3ZniUwIuf0UsOwIU0/eElDW+l+PYTEXs/XW9TF3o9L

C4NKegpCx6LHyiSZe6aJ5falL40qlBmKW4j7SLrWXMxAZ0CGi42aZ8Q4xOKvL9ZYYM01

VSWdmoxD/IBC8OGNm6rIMreAKOAQNQh26JFxavUC+xnAIEtDiOQED8jiwtVbpYdfyuIP

077Kl2eeXBZ+MNxynhsbYjZX1HKyZW8HFEPnimsYxsW6ESjpEiJ//OdXShvB6/bJNCIh

lCzDXzUptMHGCTm7AGGTW6m2MkYtx1/FUroUqqUo9dFKBYlg9vuyWpIjm4ebZw3RDOqZ

K6xA==

X-Gm-Message-State: AOJu0Yx7JMjw0QJEBo/zhNwWeJzxHd7+ZTAO+hBFK7t++52PE5UTeMFk

4JIequBuC3dhlcOhN82PPNqz3TP6gAHFICNCVvoOOeEkxlve6ZrMzKR+VJaPhHjlUhu0s1kihhC

7F9M=

X-Google-Smtp-Source: AGHT+IHdS10dsoEq03Ks7xJw5KDzuwSvkvL9elFwNq1UK+qp08qoaBOn1d80GEtg6gUSY0qFtoFYWQ==

X-Received: by 2002:a17:90b:303:b0:2c9:7ebd:b957 with SMTP id 98e67ed59e1d1-2d646be66ebmr4343646a91.11.1724479178940;

Fri, 23 Aug 2024 22:59:38 -0700 (PDT)

Received: from BhatiSahab ([2409:40d2:10b1:f270:b04d:ce24:d27c:3085])

by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d6136fce0asm5179935a91.11.2024.08.23.22.59.37

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 23 Aug 2024 22:59:38 -0700 (PDT)

From: "Pinki"

To:

Subject: Designers \ Developers

Date: Sat, 24 Aug 2024 11:23:03 +0530

Message-ID: <1b10701daf5ea$cdb710d0$69253270$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_1B108_01DAF618.E76F4CD0"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Adr14bbXrAVcc+82QQm1vImwZ7XWzQ==

Content-Language: en-in

X-Spam_score: 5.2

X-Spam_score_int: 52

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, I hope you are fine. We are an India based website

design and development company with PHP development offering services at a

moderate price. We have a dedicated team of over 100 professionals with over

12 years of experi [...]



Content analysis details: (5.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

[209.85.216.65 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.65 listed in dnsbl.ahbl.org]

[209.85.216.65 listed in dnsbl.ahbl.org]

[209.85.216.65 listed in dnsbl.ahbl.org]

[209.85.216.65 listed in dnsbl.ahbl.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in dnsbl.ahbl.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in dnsbl.ahbl.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in dnsbl.ahbl.org]

[2409:40d2:10b1:f270:b04d:ce24:d27c:3085 listed]

[in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.65 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.65 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.65 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.65 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.65 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.65 listed in wl.mailspike.net]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Designers \ Developers



This is a multi-part message in MIME format.



------=_NextPart_000_1B108_01DAF618.E76F4CD0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit



Hello,







I hope you are fine.







We are an India based website design and development company with PHP

development offering services at a moderate price. We have a dedicated team

of over 100 professionals with over 12 years of experience and live by the

idea that design makes a difference.







1. Do you want to create a new company website?



2. Do you want to redesign/revamp your website with a new, modern, and

industry-standard look?







We use the latest technologies, user-friendly CMS, and frameworks for

designing a professional website such as: WordPress, Magento 2.0, Core PHP,

Laravel, Node js, Vue js, React js, Angular js and Shopify.







Let me know if you're ready to talk about a possible website

redesign/redesign or a new website design. I will send you more details with

complete solution.







I am waiting for your answer.







Best regards,



Pinki





------=_NextPart_000_1B108_01DAF618.E76F4CD0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">
style=3D'word-wrap:break-word'>


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'>Hello,


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>I =

hope you are fine.


lang=3DEN-US style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>We =

are an India based website design and development company with PHP =

development offering services at a moderate price. We have a dedicated =

team of over 100 professionals with over 12 years of experience and live =

by the idea that design makes a difference.


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>1. Do =

you want to create a new company website?


class=3DMsoNoSpacing>2. Do =

you want to redesign/revamp your website with a new, modern, and =

industry-standard look?


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>We =

use the latest technologies, user-friendly CMS, and frameworks for =

designing a professional website such as: WordPress, Magento 2.0, Core =

PHP, Laravel, Node js, Vue js, React js, Angular js and =

Shopify.


style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>Let =

me know if you're ready to talk about a possible website =

redesign/redesign or a new website design. I will send you more details =

with complete solution.


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>I am =

waiting for your answer.


class=3DMsoNoSpacing>
style=3D'font-size:12.0pt'> 


class=3DMsoNoSpacing>Best =

regards,


style=3D'font-size:12.0pt;line-height:107%'>Pinki


ody>

------=_NextPart_000_1B108_01DAF618.E76F4CD0--



Starbucks voucher phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Aug 2024 18:39:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1sheno-00000000H6H-39dx

for dave@doctor.nl2k.ab.ca;

Fri, 23 Aug 2024 18:38:48 -0600

Resent-From: The Doctor

Resent-Date: Fri, 23 Aug 2024 18:38:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 172-233-217-210.ip.linodeusercontent.com ([172.233.217.210]:60411 helo=buro-perevodov-rostov.ru)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1shejp-00000000GcH-21Cx

for root@doctor.nl2k.ab.ca;

Fri, 23 Aug 2024 18:34:46 -0600

Date: Sat, 24 Aug 2024 00:32:48 +0000

Message-Id: <204134402980364.9.WEA3639056335@buro-perevodov-rostov.ru>

From: "Special treat!"@doctor.nl2k.ab.ca

Subject: Claim your Starbucks voucher now

Content-Type: text/html; charset="UTF-8"

Mime-Version: 1.0

Content-Transfer-Encoding: 8bit

X-Spam_score: 23.7

X-Spam_score_int: 237

X-Spam_bar: +++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Claim your Starbucks voucher now Hello, %%firstname%%, Feeling

thirsty? Worry no more! Quickly click on the button below, enter our short

survey and see directly on your screen if you have the opportunity to WIN

10 x $100 Starbucks vouchers!



Content analysis details: (23.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

[172.233.217.210 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[172.233.217.210 listed in dnsbl.ahbl.org]

[172.233.217.210 listed in dnsbl.ahbl.org]

[172.233.217.210 listed in dnsbl.ahbl.org]

[172.233.217.210 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[172.233.217.210 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[172.233.217.210 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[172.233.217.210 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[172.233.217.210 listed in dnsbl.ahbl.org]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: azdiibrabbwiseneness.uk]

2.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: azdiibrabbwiseneness.uk]

0.0 TVD_RCVD_IP Message was received from an IP address

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_HTML_TAG_BALANCE_CENTER Malformatted HTML

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

4.0 DYNAMIC_IMGUR dynamic IP + hosted image

0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.0 FROM_ADDR_WS Malformed From address

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} Claim your Starbucks voucher now







Claim your Starbucks voucher now






















































































     
  Hello, %%firstname%%,

Feeling thirsty? Worry no more!



Quickly click on the button below, enter our short survey and see directly on your screen if you have the opportunity to WIN 10 x $100 Starbucks vouchers!


Check your chance now!

 


























 













 







 


 
  Good luck and enjoy the competition!
 



































width="1" height="1" border="0">