urgency donation spam from Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 22 Aug 2022 07:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oQ7Ck-000El7-By
for dave@doctor.nl2k.ab.ca;
Mon, 22 Aug 2022 07:10:58 -0600
Resent-From: The Doctor
Resent-Date: Mon, 22 Aug 2022 07:10:58 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-psaapc01rlhn2177.outbound.protection.outlook.com ([40.95.53.177]:28161 helo=APC01-PSA-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oQ5jD-0006c8-Jf
for doctor@doctor.nl2k.ab.ca;
Mon, 22 Aug 2022 05:36:29 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Bh0dwwvucHixpzfMhzUy/aW6oTnoyVZVlmmNXNz/4dzTsoJslgcqKCgZV2aDCDNzrYzphxbk354xPV1cAU3gw4joOMxDULMsuQut4ex2O6ZqnCwWCYZ4WB22H9swzT55PJ68XlIlDAclbuWwfHn5Cq5PdNhGsWfp8BAclAhlxH82pUngQcgSHDDsLhiMBYzEJmSK0oNqiWk9HsmN7RPvmjRUBZA7SmFqlr8Sf3kOOZCRrJJ37fW05hsB1Dnsxuzr0p1GZZpb/APLP5h/zte4T55f/mz0XS9kEWWI/blwYT6d3P5q61nYumcpt1byjTMM1LoMdpnlD1VZt6kiCG/88Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=kCaCBdlwlj5Cy9sKQnX9GQU97OPgbvxmsmepjrlkxr0=;
b=mXsgI/R4+V94WzevHPbLzngLzO3vLjFBf67rv9dpkkkiUQTnx1Telf3T0hGoUAVIVN/vXBfBjvsE4T/LXBw1mAQW/8QweVoDwnOvndMf+XGgQDQSP+6epekyHcaOEgur4XKORmdfG9P5zp2sSUHPBWOIdNb4r1WY3btIFBOWA3KToHAJu6W1XxcwkFISebvCsjcwpWWytAgEgO2qd6q98H7ZV23Mjq+X06siIi8XCceqcW3jX26uIAtq4FM4nWoS28QfkTQStNw5PYPopq1F+azfkMBePjEMXK0netAERRxPap/vV46W5h3TqM/aEPhOlnrXpXZJJYfPDq7uhYc9iQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 203.189.69.107) smtp.rcpttodomain=gmail.com smtp.mailfrom=gmail.com;
dmarc=fail (p=none sp=quarantine pct=100) action=none header.from=gmail.com;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=hemascol.onmicrosoft.com; s=selector2-hemascol-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=kCaCBdlwlj5Cy9sKQnX9GQU97OPgbvxmsmepjrlkxr0=;
b=GCkgoKijhl07y+02SHdv04W+M32snOmO2a6DEETXlYVednQ9qn+vVH9YIGGs+dqDlRRJBQ2pHyVp0hd5KTUlcsAS80L+vmdEdjbHvzb6DNQsYD0g4jiMb1ji9Ev39BcC9EtwVQbUyDQ81VVrvrkGTaJVgW3g+7tpObcaXA6FsqI=
Received: from PU1PR01CA0028.apcprd01.prod.exchangelabs.com
(2603:1096:803:16::16) by PS2PR06MB3640.apcprd06.prod.outlook.com
(2603:1096:300:6e::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.16; Mon, 22 Aug
2022 11:35:54 +0000
Received: from PSAAPC01FT062.eop-APC01.prod.protection.outlook.com
(2603:1096:803:16:cafe::92) by PU1PR01CA0028.outlook.office365.com
(2603:1096:803:16::16) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.22 via Frontend
Transport; Mon, 22 Aug 2022 11:35:54 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
203.189.69.107) smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=gmail.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
gmail.com discourages use of 203.189.69.107 as permitted sender)
Received: from mail.atlas.lk (203.189.69.107) by
PSAAPC01FT062.mail.protection.outlook.com (10.13.38.171) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.5546.15 via Frontend Transport; Mon, 22 Aug 2022 11:35:54 +0000
Received: from cpcex01.cpc.local (192.168.13.16) by cpcex01.cpc.local
(192.168.13.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 22 Aug
2022 16:50:56 +0530
Received: from User (163.123.143.229) by cpcex01.cpc.local (192.168.13.16)
with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Mon, 22 Aug
2022 16:50:46 +0530
Reply-To:
From: Estelle Prat
Subject: A CALL FOR YOUR HELP
Date: Mon, 22 Aug 2022 04:21:48 -0700
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <8c70010ef2044a4eb5ea986b11b97612@cpcex01.cpc.local>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fd628341-dcd9-43f8-9591-08da8432793a
X-MS-TrafficTypeDiagnostic: PS2PR06MB3640:EE_
X-Hemas-MessageTracker: #G01
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?mFtkby0iQe5LHCitwYdWNUSibPHT5rUZhUfsoL4ZeB201oLJVMH+VEpC?=
=?windows-1251?Q?+IToewpNvpHcC1gZjEYJyl3RtKb4bvJtB8Gxk8o26JIBzECmhUH3VBOG?=
=?windows-1251?Q?rZb4gjleRLeONBSSBLFYWZ6EN2mTOAFsPT7KmN8HOc5EIy2Z/iGP+Jxp?=
=?windows-1251?Q?86AANI/HpoOn+mT7txKbQyAeHGmENqv1YxlSTzGhteyidTcZM7u/fuD4?=
=?windows-1251?Q?cTOEWW4MWWBCRokg5ftoh+LIWM6KBtaM6Tr/Oiscn1AXK+hzo06OPZNp?=
=?windows-1251?Q?6zh0cpGUtCzvBa7pZF3ww42c6KDYs7FIawlHbO3LuYjh7Tg3dlZvfzTZ?=
=?windows-1251?Q?jUCVOQr+8Pw268KxTfFiJnJ6Qz3Sw6+f4byWggdj2PaWcDeBV2NItJ6g?=
=?windows-1251?Q?ziAVybdbZglGFwRvJL0+2csb8Rcs6ZRLQUNgNVf5iYMGQU70X6bVB8Za?=
=?windows-1251?Q?zyRvRdgxkWLlKE/OL9a5Vtry3GDLsUgBJ+1Lz3InDDGKmKPR1jhQnozq?=
=?windows-1251?Q?VCqMWtKSoFSddA6U+EbzOdeZtQ6jA0U5aP3uxbE6H/mH8K9PN7Rr0KOH?=
=?windows-1251?Q?6WiwZYNAu+64nnG15KZ5cErJxinf6o1LtwuJphNHPtLdCikX4HssVrLE?=
=?windows-1251?Q?Sywo5tfPHdNE3mReY8KicmTBVy/CVZgvEsoN9zZNg+bjJ86X1vAtaTjK?=
=?windows-1251?Q?ss0VN1TGAMs+x78ginWgchdocw99BtmSImHKH4cAkiU+dgJV7gL5xwmz?=
=?windows-1251?Q?oinTECFs73MS8Gc3FUAx8rP0qxBZOV1c9qLFfSJMR8Qiu4TD81a+U6Ic?=
=?windows-1251?Q?uy0YY8DJXf2x7/ZiGfE+qEupbrW1CRvTrIkvFmFJHeYBT1RoPUHq454N?=
=?windows-1251?Q?ZnvC3MatOBhJQ+RzgCXs6v30Nnfu5EwenU/+oehfMbjLTTNOhIkYixOL?=
=?windows-1251?Q?NmDATlnX7MslZpIx56pe7TKoLdG1rzNhw7B7DwdqhHHJWmHNxaSZixkv?=
=?windows-1251?Q?sGlmR1ZrsieNadygOSewbUiO06bT2FhUf5ZuoH09XPc8N+88ESa53opB?=
=?windows-1251?Q?cJ2hoJx0uP/eqN0qJh6TUO8PsNJlJEyC3Bx+1NPZI7HKDomrouKvcImn?=
=?windows-1251?Q?usQtzQT/Q23ElsFoe3/ZIWHTEBVhH09lmDfaApKLtEKDDFnbCOo0djjN?=
=?windows-1251?Q?O+u8KG4Gj8D0RaMqh8qKHkh7bZUsF5o62CXc7xUVBh5iZ080h/iLniCi?=
=?windows-1251?Q?/bHDuqN8nzQ6mI4MHbotAp6eUI3HuLIY7fNfxJf5?=
X-Forefront-Antispam-Report:
CIP:203.189.69.107;CTRY:LK;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.atlas.lk;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(396003)(376002)(136003)(346002)(39860400002)(84040400005)(84050400002)(40470700004)(82202003)(5660300002)(8936002)(35950700001)(73392003)(336012)(956004)(32650700002)(7416002)(7406005)(7366002)(2906002)(66574015)(83380400001)(70586007)(9686003)(70206006)(8676002)(26005)(498600001)(108616005)(40460700003)(82740400003)(356005)(24736004)(82310400005)(40480700001)(76482006)(81166007)(41300700001)(316002)(86362001)(2860700004)(109986005)(23876008);DIR:OUT;SFP:1023;
X-OriginatorOrg: hemascol.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2022 11:35:54.0335
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fd628341-dcd9-43f8-9591-08da8432793a
X-MS-Exchange-CrossTenant-Id: 0b2ad702-c4fe-4319-a94f-4c01f321d5e7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b2ad702-c4fe-4319-a94f-4c01f321d5e7;Ip=[203.189.69.107];Helo=[mail.atlas.lk]
X-MS-Exchange-CrossTenant-AuthSource:
PSAAPC01FT062.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS2PR06MB3640
X-Spam_score: 20.3
X-Spam_score_int: 203
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notification Alert ATTENTION: This email came from an external
source. Do not open attachments or click on links from unknown senders or
unexpected emails. Greetings,
Content analysis details: (20.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.53.177 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.53.177 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.95.53.177 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[40.95.53.177 listed in ix.dnsbl.manitu.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[estelle011prat[at]gmail.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=bounces%2Bsrs%3Doaw6g%3Dy2%40hemascol.onmicrosoft.com;ip=40.95.53.177;r=doctor.nl2k.ab.ca]
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'
headers
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-PSA-obe.outbound.protection.outlook.com;ip=40.95.53.177;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 XPRIO Has X-Priority header
2.0 SPOOFED_FREEMAIL No description available.
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} A CALL FOR YOUR HELP
l4/strict.dtd">
251">
Notification Alert
lvetica',Helvetica,Arial,sans-serif; font-weight: 300; font-size: 14px; col=
or: rgb(33, 33, 35); height: 100%; line-height: 1.6em; width: 100% ! import=
ant; background-color: rgb(233, 234, 234);">
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Greetings,
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 22 Aug 2022 07:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oQ7Ck-000El7-By
for dave@doctor.nl2k.ab.ca;
Mon, 22 Aug 2022 07:10:58 -0600
Resent-From: The Doctor
Resent-Date: Mon, 22 Aug 2022 07:10:58 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-psaapc01rlhn2177.outbound.protection.outlook.com ([40.95.53.177]:28161 helo=APC01-PSA-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oQ5jD-0006c8-Jf
for doctor@doctor.nl2k.ab.ca;
Mon, 22 Aug 2022 05:36:29 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Bh0dwwvucHixpzfMhzUy/aW6oTnoyVZVlmmNXNz/4dzTsoJslgcqKCgZV2aDCDNzrYzphxbk354xPV1cAU3gw4joOMxDULMsuQut4ex2O6ZqnCwWCYZ4WB22H9swzT55PJ68XlIlDAclbuWwfHn5Cq5PdNhGsWfp8BAclAhlxH82pUngQcgSHDDsLhiMBYzEJmSK0oNqiWk9HsmN7RPvmjRUBZA7SmFqlr8Sf3kOOZCRrJJ37fW05hsB1Dnsxuzr0p1GZZpb/APLP5h/zte4T55f/mz0XS9kEWWI/blwYT6d3P5q61nYumcpt1byjTMM1LoMdpnlD1VZt6kiCG/88Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=kCaCBdlwlj5Cy9sKQnX9GQU97OPgbvxmsmepjrlkxr0=;
b=mXsgI/R4+V94WzevHPbLzngLzO3vLjFBf67rv9dpkkkiUQTnx1Telf3T0hGoUAVIVN/vXBfBjvsE4T/LXBw1mAQW/8QweVoDwnOvndMf+XGgQDQSP+6epekyHcaOEgur4XKORmdfG9P5zp2sSUHPBWOIdNb4r1WY3btIFBOWA3KToHAJu6W1XxcwkFISebvCsjcwpWWytAgEgO2qd6q98H7ZV23Mjq+X06siIi8XCceqcW3jX26uIAtq4FM4nWoS28QfkTQStNw5PYPopq1F+azfkMBePjEMXK0netAERRxPap/vV46W5h3TqM/aEPhOlnrXpXZJJYfPDq7uhYc9iQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 203.189.69.107) smtp.rcpttodomain=gmail.com smtp.mailfrom=gmail.com;
dmarc=fail (p=none sp=quarantine pct=100) action=none header.from=gmail.com;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=hemascol.onmicrosoft.com; s=selector2-hemascol-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=kCaCBdlwlj5Cy9sKQnX9GQU97OPgbvxmsmepjrlkxr0=;
b=GCkgoKijhl07y+02SHdv04W+M32snOmO2a6DEETXlYVednQ9qn+vVH9YIGGs+dqDlRRJBQ2pHyVp0hd5KTUlcsAS80L+vmdEdjbHvzb6DNQsYD0g4jiMb1ji9Ev39BcC9EtwVQbUyDQ81VVrvrkGTaJVgW3g+7tpObcaXA6FsqI=
Received: from PU1PR01CA0028.apcprd01.prod.exchangelabs.com
(2603:1096:803:16::16) by PS2PR06MB3640.apcprd06.prod.outlook.com
(2603:1096:300:6e::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.16; Mon, 22 Aug
2022 11:35:54 +0000
Received: from PSAAPC01FT062.eop-APC01.prod.protection.outlook.com
(2603:1096:803:16:cafe::92) by PU1PR01CA0028.outlook.office365.com
(2603:1096:803:16::16) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.22 via Frontend
Transport; Mon, 22 Aug 2022 11:35:54 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
203.189.69.107) smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=gmail.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
gmail.com discourages use of 203.189.69.107 as permitted sender)
Received: from mail.atlas.lk (203.189.69.107) by
PSAAPC01FT062.mail.protection.outlook.com (10.13.38.171) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.5546.15 via Frontend Transport; Mon, 22 Aug 2022 11:35:54 +0000
Received: from cpcex01.cpc.local (192.168.13.16) by cpcex01.cpc.local
(192.168.13.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 22 Aug
2022 16:50:56 +0530
Received: from User (163.123.143.229) by cpcex01.cpc.local (192.168.13.16)
with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Mon, 22 Aug
2022 16:50:46 +0530
Reply-To:
From: Estelle Prat
Subject: A CALL FOR YOUR HELP
Date: Mon, 22 Aug 2022 04:21:48 -0700
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <8c70010ef2044a4eb5ea986b11b97612@cpcex01.cpc.local>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fd628341-dcd9-43f8-9591-08da8432793a
X-MS-TrafficTypeDiagnostic: PS2PR06MB3640:EE_
X-Hemas-MessageTracker: #G01
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?mFtkby0iQe5LHCitwYdWNUSibPHT5rUZhUfsoL4ZeB201oLJVMH+VEpC?=
=?windows-1251?Q?+IToewpNvpHcC1gZjEYJyl3RtKb4bvJtB8Gxk8o26JIBzECmhUH3VBOG?=
=?windows-1251?Q?rZb4gjleRLeONBSSBLFYWZ6EN2mTOAFsPT7KmN8HOc5EIy2Z/iGP+Jxp?=
=?windows-1251?Q?86AANI/HpoOn+mT7txKbQyAeHGmENqv1YxlSTzGhteyidTcZM7u/fuD4?=
=?windows-1251?Q?cTOEWW4MWWBCRokg5ftoh+LIWM6KBtaM6Tr/Oiscn1AXK+hzo06OPZNp?=
=?windows-1251?Q?6zh0cpGUtCzvBa7pZF3ww42c6KDYs7FIawlHbO3LuYjh7Tg3dlZvfzTZ?=
=?windows-1251?Q?jUCVOQr+8Pw268KxTfFiJnJ6Qz3Sw6+f4byWggdj2PaWcDeBV2NItJ6g?=
=?windows-1251?Q?ziAVybdbZglGFwRvJL0+2csb8Rcs6ZRLQUNgNVf5iYMGQU70X6bVB8Za?=
=?windows-1251?Q?zyRvRdgxkWLlKE/OL9a5Vtry3GDLsUgBJ+1Lz3InDDGKmKPR1jhQnozq?=
=?windows-1251?Q?VCqMWtKSoFSddA6U+EbzOdeZtQ6jA0U5aP3uxbE6H/mH8K9PN7Rr0KOH?=
=?windows-1251?Q?6WiwZYNAu+64nnG15KZ5cErJxinf6o1LtwuJphNHPtLdCikX4HssVrLE?=
=?windows-1251?Q?Sywo5tfPHdNE3mReY8KicmTBVy/CVZgvEsoN9zZNg+bjJ86X1vAtaTjK?=
=?windows-1251?Q?ss0VN1TGAMs+x78ginWgchdocw99BtmSImHKH4cAkiU+dgJV7gL5xwmz?=
=?windows-1251?Q?oinTECFs73MS8Gc3FUAx8rP0qxBZOV1c9qLFfSJMR8Qiu4TD81a+U6Ic?=
=?windows-1251?Q?uy0YY8DJXf2x7/ZiGfE+qEupbrW1CRvTrIkvFmFJHeYBT1RoPUHq454N?=
=?windows-1251?Q?ZnvC3MatOBhJQ+RzgCXs6v30Nnfu5EwenU/+oehfMbjLTTNOhIkYixOL?=
=?windows-1251?Q?NmDATlnX7MslZpIx56pe7TKoLdG1rzNhw7B7DwdqhHHJWmHNxaSZixkv?=
=?windows-1251?Q?sGlmR1ZrsieNadygOSewbUiO06bT2FhUf5ZuoH09XPc8N+88ESa53opB?=
=?windows-1251?Q?cJ2hoJx0uP/eqN0qJh6TUO8PsNJlJEyC3Bx+1NPZI7HKDomrouKvcImn?=
=?windows-1251?Q?usQtzQT/Q23ElsFoe3/ZIWHTEBVhH09lmDfaApKLtEKDDFnbCOo0djjN?=
=?windows-1251?Q?O+u8KG4Gj8D0RaMqh8qKHkh7bZUsF5o62CXc7xUVBh5iZ080h/iLniCi?=
=?windows-1251?Q?/bHDuqN8nzQ6mI4MHbotAp6eUI3HuLIY7fNfxJf5?=
X-Forefront-Antispam-Report:
CIP:203.189.69.107;CTRY:LK;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.atlas.lk;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(396003)(376002)(136003)(346002)(39860400002)(84040400005)(84050400002)(40470700004)(82202003)(5660300002)(8936002)(35950700001)(73392003)(336012)(956004)(32650700002)(7416002)(7406005)(7366002)(2906002)(66574015)(83380400001)(70586007)(9686003)(70206006)(8676002)(26005)(498600001)(108616005)(40460700003)(82740400003)(356005)(24736004)(82310400005)(40480700001)(76482006)(81166007)(41300700001)(316002)(86362001)(2860700004)(109986005)(23876008);DIR:OUT;SFP:1023;
X-OriginatorOrg: hemascol.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2022 11:35:54.0335
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fd628341-dcd9-43f8-9591-08da8432793a
X-MS-Exchange-CrossTenant-Id: 0b2ad702-c4fe-4319-a94f-4c01f321d5e7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b2ad702-c4fe-4319-a94f-4c01f321d5e7;Ip=[203.189.69.107];Helo=[mail.atlas.lk]
X-MS-Exchange-CrossTenant-AuthSource:
PSAAPC01FT062.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS2PR06MB3640
X-Spam_score: 20.3
X-Spam_score_int: 203
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notification Alert ATTENTION: This email came from an external
source. Do not open attachments or click on links from unknown senders or
unexpected emails. Greetings,
Content analysis details: (20.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.53.177 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.53.177 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.95.53.177 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[40.95.53.177 listed in ix.dnsbl.manitu.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[estelle011prat[at]gmail.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=bounces%2Bsrs%3Doaw6g%3Dy2%40hemascol.onmicrosoft.com;ip=40.95.53.177;r=doctor.nl2k.ab.ca]
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'
headers
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-PSA-obe.outbound.protection.outlook.com;ip=40.95.53.177;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 XPRIO Has X-Priority header
2.0 SPOOFED_FREEMAIL No description available.
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} A CALL FOR YOUR HELP
l4/strict.dtd">
251">
lvetica',Helvetica,Arial,sans-serif; font-weight: 300; font-size: 14px; col=
or: rgb(33, 33, 35); height: 100%; line-height: 1.6em; width: 100% ! import=
ant; background-color: rgb(233, 234, 234);">
e:10.0pt;color:red">ATTENTION: This email came from an external source. =
Do not open attachments or click on links from unknown senders or unexpecte=
d emails.
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Greetings,
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
I am Miss Estelle Prat. Please can you help and assist me invest my
r=3D"none">
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
inheritance in your country? and to help me to come over to your country
clear=3D"none">
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
and start a new life and continue my education.
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Please can you help me?. When I hear from you I will give you every d=
etail.
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Best regards,
if; font-size: small; font-style: normal; font-weight: 400; letter-spacing:=
normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: n=
one; white-space: normal; widows: 2; word-spacing: 0px; background-color: r=
gb(255, 255, 255);" dir=3D"ltr">
Miss Estelle Prat
rdana",sans-serif;color:gray">
CONFIDENTIALITY
This message contains confidential information and is intended only for the=
individual named herein. Any attachment transmitted with this email is con=
fidential and intended solely for the use of the individual or entity to wh=
om this email is addressed. If you
are not the named addressee you should not disseminate, distribute or copy=
this e-mail. Please notify the sender immediately by e-mail if you have re=
ceived this e-mail by mistake and delete this e-mail from your system or pl=
ease notify the system manager.
If you are not the intended recipient you are hereby notified that disclos=
ing, copying, distributing or taking any action in reliance on the contents=
of this information is strictly prohibited and in the event of any unautho=
rized disclosure, copying and/or
distribution of the contents the generating entity and/or the sender reser=
ves the right to take any action against such unauthorized use in law, equi=
ty or otherwise.
rdana",sans-serif;color:gray">The recipient should check this email an=
d any attachments for the presence of viruses. The sender accepts no liabil=
ity for any damage caused by any virus transmitted
by this email, delays, data corruption, unauthorized access or unauthorize=
d amendments.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments