Investment spam from Hotmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 02 Nov 2022 07:02:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oqDKT-000BKE-51
for dave@doctor.nl2k.ab.ca;
Wed, 02 Nov 2022 06:58:49 -0600
Resent-From: The Doctor
Resent-Date: Wed, 2 Nov 2022 06:58:49 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn1nam07hn2226.outbound.protection.outlook.com ([52.100.160.226]:20442 helo=NAM02-BN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oq6Q5-000G6p-MS
for root@nk.ca;
Tue, 01 Nov 2022 23:36:15 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=GN7cnyxIIqr8BF0tmOwpYhYN+7Els7BkWwvp6QxnioiyjyqXO3GT1YT/a9etg+Tc7dscpRWBRkD5lcyoDL1btaid+6fsYfbUK3OvytojZtjVRTiULQGeHlgoQli2X/6rAYOrGTGsSnUaFBtdfpCZ73JiGJSd0b2KWS2gqPHAspRIGC5PvdNTFK8FGBAcKT8E4e/s7m48kxITk0rlKO8rvOuTSe4zwVTo/UC0dwt4eZgtE4EMftdByPkmmrFCE1S7rRbgvMXMC7rRNxf/jGeQfd5Lysfg8SaREu/d9N/EnffiImVhQyY1ojD2xpPjcDl1dJ/QUiiUJwndFBYxfhOk8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=mSLNISkTH5DIY5J9bcd9rj7xANlj4h/3C9mEl+WXyg4=;
b=RAszIV4PNCPXHQrGm1NI6S1oNsQEWbqmXftk1YswueHWOzlL17Zhc6w0W+Qt+a4qE17zAjsb3u+SIpsnIOhqZF3IHLybBhR7XnbLFQzdE8UD+CNawpL4TU6gPirNg3miU5Yrd8WawTaho6jHv4HVoidEaQ6Zihgys2w7vwFUHSNijb5c79ej8ugEFvMt+MmZ5YuVN7ii73IQhuOHFkVoVY89bFgkueR8fOXYtH9Z6RPH985lKhkxyXLI7kXcx2XCiRgr+blMqtNUMjMsRzIfMQx8GIHXsy44EYiFqpgfzYhlu7/ck/lJtAkz0+Hz17Mnvex4T4oth54D49HW2toa4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 209.184.167.3) smtp.rcpttodomain=hotmail.com smtp.mailfrom=sheldonisd.com;
dmarc=none action=none header.from=sheldonisd.com; dkim=none (message not
signed); arc=none
Received: from DM6PR10CA0032.namprd10.prod.outlook.com (2603:10b6:5:60::45) by
MN0PR15MB5321.namprd15.prod.outlook.com (2603:10b6:208:370::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.16; Wed, 2 Nov
2022 05:33:15 +0000
Received: from DM6NAM12FT040.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:60:cafe::6) by DM6PR10CA0032.outlook.office365.com
(2603:10b6:5:60::45) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.20 via Frontend
Transport; Wed, 2 Nov 2022 05:33:15 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
209.184.167.3) smtp.mailfrom=sheldonisd.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=sheldonisd.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
sheldonisd.com discourages use of 209.184.167.3 as permitted sender)
Received: from mail.sheldonisd.com (209.184.167.3) by
DM6NAM12FT040.mail.protection.outlook.com (10.13.179.73) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5791.17 via Frontend Transport; Wed, 2 Nov 2022 05:33:15 +0000
Received: from MAIL-365.ad.sheldonisd.com (10.1.16.82) by
MAIL-365.ad.sheldonisd.com (10.1.16.82) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2106.2; Wed, 2 Nov 2022 00:33:05 -0500
Received: from User (193.47.61.107) by MAIL-365.ad.sheldonisd.com (10.1.16.82)
with Microsoft SMTP Server id 15.1.2106.2 via Frontend Transport; Wed, 2 Nov
2022 00:32:59 -0500
Reply-To:
From: JAMES SEALY
Subject: [EXTERNAL EMAIL - USE CAUTION] Attention Dear,
Date: Tue, 1 Nov 2022 22:33:05 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT040:EE_|MN0PR15MB5321:EE_
X-MS-Office365-Filtering-Correlation-Id: a8e69124-f138-4af7-2d2b-08dabc93bdc8
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?e2IyRHlrAtgw8UBbJf+WJeRtq48HPVUOKR4NQoMIjO7qLbNEG/zcPQkU?=
=?windows-1251?Q?M68/cJ1pGm3MefOC8MoRpq3OBsI6cFCIXqa7ThAiUgf9/PGZzGBx61iz?=
=?windows-1251?Q?KydYKYDrc5XDtNqBN0awLzWor0IVfdmVNJrAIeSyR4dRmqsfM1PWBsQ+?=
=?windows-1251?Q?ZO8nZEgw5K/QA/RhMO7CVdicyqO5U+MrydNdRD4S27ErBDT02qIFIKVp?=
=?windows-1251?Q?kej6GwEXp05HCPIdPI7eyBLWSbTQ+ccxto4FBs3iXoWh37draG8pFqq7?=
=?windows-1251?Q?MBJkSegKIWv0X38VIkvzqdPj5fywDBglx4FrRJUksK5LufuFUcO0G35v?=
=?windows-1251?Q?WnQDbJZO1muOSXBZQnJKq6XRyVwpl3ifbBuHjdA3PFb2Bf8Iz8mdqgDs?=
=?windows-1251?Q?4qTyOvE2sTuCtvbEAdazip5DfEXfAu5htuCPf/xxC/7p+ggXWq0OZHDL?=
=?windows-1251?Q?z/60ZRkjgYTLN+8U7GTzE36wzvr4QX+hWlef3uIgZse7ygG4Qu0SrGBq?=
=?windows-1251?Q?qlAnCeGzFLhSq6MfqcYz8J4ad0aFJ39oYrQkC/VXYLm5fmrT84QKVmil?=
=?windows-1251?Q?6pTN4V7DQRba8kbk33Yd2UpK3D1gL+0G6WfvNVjCuv5dta6qX8d/SkHs?=
=?windows-1251?Q?yZx1WFjxEtFFyRL0iaGcrMd1jCrHR8vvXRFFMZMJsWAS1/HcY6kg+zQm?=
=?windows-1251?Q?OxQbtUosy3CE1m6yKnnlxL0GYRr8LbxvsTxhbRhaSh2LZ54PoxyOLIO8?=
=?windows-1251?Q?w8hrS3OyjR91E3t4L/WXLPGhMq0myaR4wFZwd9rqsNpzKutbPqRo2N+s?=
=?windows-1251?Q?v0rXCJ821EB37AM2ipwWY1E8PIHCK0QzmMZ59Jd/aAHp/07sfiuR2nQy?=
=?windows-1251?Q?8WmoghrFAYylzFkZQMzfIqtKEVlBAT/hCS2/u7W8U5VJwrTemgjwzX6H?=
=?windows-1251?Q?o10t/mYhupIXQKJ2Ee64lyx6VOF3r87cSGIwZiNnLPiBbv1TU5L2RhjR?=
=?windows-1251?Q?/7oVjI3TMZZ5Rku57kXy0PSjhz61/gb/iXRt21wbs4hRG8WmHX0V/Nbq?=
=?windows-1251?Q?wk2ZjubYfW0lyxgYG4Afo3Koo4oA6TevFKvzybPVIVlir6k5xe7+5UZh?=
=?windows-1251?Q?ok/3aBAQWmKbD0JcSbIqp25PxFUoCMyS4BLvUnLwy7EmiMPSmQG4aG8k?=
=?windows-1251?Q?PfLghMMkJkO9Q4QI/DNAMB2iNT1o8ocrdSRMSnBVHR3ncsdBX/Mnc5X3?=
=?windows-1251?Q?zRgxWywiao32crPZWCaPxcGFOlYI+H7sqaSJ2y2VFxv8BGOiqT8v4PyT?=
=?windows-1251?Q?1pAPtg=3D=3D?=
X-Forefront-Antispam-Report:
CIP:209.184.167.3;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.sheldonisd.com;PTR:mail.sheldonisd.com;CAT:OSPM;SFS:(13230022)(396003)(376002)(346002)(39860400002)(136003)(451199015)(109986013)(36840700001)(40470700004)(82740400003)(41300700001)(36860700001)(40480700001)(31686004)(26005)(32650700002)(70206006)(31696002)(786003)(8676002)(82310400005)(2860700004)(316002)(41320700001)(70586007)(4744005)(83170400001)(2906002)(40460700003)(956004)(7596003)(186003)(7416002)(8936002)(356005)(7636003)(7406005)(83380400001)(336012)(7366002)(42882007)(5660300002)(478600001)(426003)(6666004)(32550700012)(4001630100005);DIR:OUT;SFP:1501;
X-OriginatorOrg: sheldonisd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2022 05:33:15.5792
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a8e69124-f138-4af7-2d2b-08dabc93bdc8
X-MS-Exchange-CrossTenant-Id: 3237ab13-a154-4aab-bc15-73e6206d6acc
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3237ab13-a154-4aab-bc15-73e6206d6acc;Ip=[209.184.167.3];Helo=[mail.sheldonisd.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT040.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR15MB5321
X-Spam_score: 9.3
X-Spam_score_int: 93
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAUTION: This email originated from outside of the organization.
DO NOT click links, provide credentials or open attachments unless you validate
the sender and know the content is safe. Attention Dear,
Content analysis details: (9.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[jamessealy162[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[wendyarandas[at]sheldonisdnoc.onmicrosoft.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 XPRIO Has X-Priority header
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} [EXTERNAL EMAIL - USE CAUTION] Attention Dear,
X-Antivirus: AVG (VPS 221102-0, 11/1/2022), Inbound message
X-Antivirus-Status: Clean
CAUTION: This email originated from outside of the organization. DO NOT cli=
ck links, provide credentials or open attachments unless you validate the s=
ender and know the content is safe.
Attention Dear,
A HIGH LEVEL INVESTMENT OPPORTUNITY IS AVAILABLE NOW. THE INVESTMENT CAPITA=
L IS USD48 MILLION.
REQUIREMENT: CAPABLE AND EXPERIENCED PROFESSIONAL FUND/INVESTMENT MANAGER E=
ITHER CORPORATE BODY OR INDIVIDUAL.
THE INVESTMENT FUND IS DOMICILED IN TURKEY. THE PROCESSING AND TRANSFER WIL=
L TAKE PLACE IN TURKEY AND AS SUCH YOU WILL BE REQUIRED TO COME TO TURKEY.
A ROUND TRIP TICKET WITH FULLY PAID HOTEL ACCOMMODATION FOR 3 NIGHTS IN A H=
OTEL WILL BE ARRANGED FOR YOUR TRIP TO TURKEY.
IF YOU HAVE THE CAPACITY AND WILLINGNESS TO HANDLE THIS PROJECT, KINDLY RES=
POND WITH YOUR DETAILS.
THANKS
BEST REGARDS,
JAMES SEALY
CONSULTANT/BROKER.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 02 Nov 2022 07:02:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oqDKT-000BKE-51
for dave@doctor.nl2k.ab.ca;
Wed, 02 Nov 2022 06:58:49 -0600
Resent-From: The Doctor
Resent-Date: Wed, 2 Nov 2022 06:58:49 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn1nam07hn2226.outbound.protection.outlook.com ([52.100.160.226]:20442 helo=NAM02-BN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oq6Q5-000G6p-MS
for root@nk.ca;
Tue, 01 Nov 2022 23:36:15 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=GN7cnyxIIqr8BF0tmOwpYhYN+7Els7BkWwvp6QxnioiyjyqXO3GT1YT/a9etg+Tc7dscpRWBRkD5lcyoDL1btaid+6fsYfbUK3OvytojZtjVRTiULQGeHlgoQli2X/6rAYOrGTGsSnUaFBtdfpCZ73JiGJSd0b2KWS2gqPHAspRIGC5PvdNTFK8FGBAcKT8E4e/s7m48kxITk0rlKO8rvOuTSe4zwVTo/UC0dwt4eZgtE4EMftdByPkmmrFCE1S7rRbgvMXMC7rRNxf/jGeQfd5Lysfg8SaREu/d9N/EnffiImVhQyY1ojD2xpPjcDl1dJ/QUiiUJwndFBYxfhOk8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=mSLNISkTH5DIY5J9bcd9rj7xANlj4h/3C9mEl+WXyg4=;
b=RAszIV4PNCPXHQrGm1NI6S1oNsQEWbqmXftk1YswueHWOzlL17Zhc6w0W+Qt+a4qE17zAjsb3u+SIpsnIOhqZF3IHLybBhR7XnbLFQzdE8UD+CNawpL4TU6gPirNg3miU5Yrd8WawTaho6jHv4HVoidEaQ6Zihgys2w7vwFUHSNijb5c79ej8ugEFvMt+MmZ5YuVN7ii73IQhuOHFkVoVY89bFgkueR8fOXYtH9Z6RPH985lKhkxyXLI7kXcx2XCiRgr+blMqtNUMjMsRzIfMQx8GIHXsy44EYiFqpgfzYhlu7/ck/lJtAkz0+Hz17Mnvex4T4oth54D49HW2toa4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 209.184.167.3) smtp.rcpttodomain=hotmail.com smtp.mailfrom=sheldonisd.com;
dmarc=none action=none header.from=sheldonisd.com; dkim=none (message not
signed); arc=none
Received: from DM6PR10CA0032.namprd10.prod.outlook.com (2603:10b6:5:60::45) by
MN0PR15MB5321.namprd15.prod.outlook.com (2603:10b6:208:370::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.16; Wed, 2 Nov
2022 05:33:15 +0000
Received: from DM6NAM12FT040.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:60:cafe::6) by DM6PR10CA0032.outlook.office365.com
(2603:10b6:5:60::45) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.20 via Frontend
Transport; Wed, 2 Nov 2022 05:33:15 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
209.184.167.3) smtp.mailfrom=sheldonisd.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=sheldonisd.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
sheldonisd.com discourages use of 209.184.167.3 as permitted sender)
Received: from mail.sheldonisd.com (209.184.167.3) by
DM6NAM12FT040.mail.protection.outlook.com (10.13.179.73) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5791.17 via Frontend Transport; Wed, 2 Nov 2022 05:33:15 +0000
Received: from MAIL-365.ad.sheldonisd.com (10.1.16.82) by
MAIL-365.ad.sheldonisd.com (10.1.16.82) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2106.2; Wed, 2 Nov 2022 00:33:05 -0500
Received: from User (193.47.61.107) by MAIL-365.ad.sheldonisd.com (10.1.16.82)
with Microsoft SMTP Server id 15.1.2106.2 via Frontend Transport; Wed, 2 Nov
2022 00:32:59 -0500
Reply-To:
From: JAMES SEALY
Subject: [EXTERNAL EMAIL - USE CAUTION] Attention Dear,
Date: Tue, 1 Nov 2022 22:33:05 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT040:EE_|MN0PR15MB5321:EE_
X-MS-Office365-Filtering-Correlation-Id: a8e69124-f138-4af7-2d2b-08dabc93bdc8
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?e2IyRHlrAtgw8UBbJf+WJeRtq48HPVUOKR4NQoMIjO7qLbNEG/zcPQkU?=
=?windows-1251?Q?M68/cJ1pGm3MefOC8MoRpq3OBsI6cFCIXqa7ThAiUgf9/PGZzGBx61iz?=
=?windows-1251?Q?KydYKYDrc5XDtNqBN0awLzWor0IVfdmVNJrAIeSyR4dRmqsfM1PWBsQ+?=
=?windows-1251?Q?ZO8nZEgw5K/QA/RhMO7CVdicyqO5U+MrydNdRD4S27ErBDT02qIFIKVp?=
=?windows-1251?Q?kej6GwEXp05HCPIdPI7eyBLWSbTQ+ccxto4FBs3iXoWh37draG8pFqq7?=
=?windows-1251?Q?MBJkSegKIWv0X38VIkvzqdPj5fywDBglx4FrRJUksK5LufuFUcO0G35v?=
=?windows-1251?Q?WnQDbJZO1muOSXBZQnJKq6XRyVwpl3ifbBuHjdA3PFb2Bf8Iz8mdqgDs?=
=?windows-1251?Q?4qTyOvE2sTuCtvbEAdazip5DfEXfAu5htuCPf/xxC/7p+ggXWq0OZHDL?=
=?windows-1251?Q?z/60ZRkjgYTLN+8U7GTzE36wzvr4QX+hWlef3uIgZse7ygG4Qu0SrGBq?=
=?windows-1251?Q?qlAnCeGzFLhSq6MfqcYz8J4ad0aFJ39oYrQkC/VXYLm5fmrT84QKVmil?=
=?windows-1251?Q?6pTN4V7DQRba8kbk33Yd2UpK3D1gL+0G6WfvNVjCuv5dta6qX8d/SkHs?=
=?windows-1251?Q?yZx1WFjxEtFFyRL0iaGcrMd1jCrHR8vvXRFFMZMJsWAS1/HcY6kg+zQm?=
=?windows-1251?Q?OxQbtUosy3CE1m6yKnnlxL0GYRr8LbxvsTxhbRhaSh2LZ54PoxyOLIO8?=
=?windows-1251?Q?w8hrS3OyjR91E3t4L/WXLPGhMq0myaR4wFZwd9rqsNpzKutbPqRo2N+s?=
=?windows-1251?Q?v0rXCJ821EB37AM2ipwWY1E8PIHCK0QzmMZ59Jd/aAHp/07sfiuR2nQy?=
=?windows-1251?Q?8WmoghrFAYylzFkZQMzfIqtKEVlBAT/hCS2/u7W8U5VJwrTemgjwzX6H?=
=?windows-1251?Q?o10t/mYhupIXQKJ2Ee64lyx6VOF3r87cSGIwZiNnLPiBbv1TU5L2RhjR?=
=?windows-1251?Q?/7oVjI3TMZZ5Rku57kXy0PSjhz61/gb/iXRt21wbs4hRG8WmHX0V/Nbq?=
=?windows-1251?Q?wk2ZjubYfW0lyxgYG4Afo3Koo4oA6TevFKvzybPVIVlir6k5xe7+5UZh?=
=?windows-1251?Q?ok/3aBAQWmKbD0JcSbIqp25PxFUoCMyS4BLvUnLwy7EmiMPSmQG4aG8k?=
=?windows-1251?Q?PfLghMMkJkO9Q4QI/DNAMB2iNT1o8ocrdSRMSnBVHR3ncsdBX/Mnc5X3?=
=?windows-1251?Q?zRgxWywiao32crPZWCaPxcGFOlYI+H7sqaSJ2y2VFxv8BGOiqT8v4PyT?=
=?windows-1251?Q?1pAPtg=3D=3D?=
X-Forefront-Antispam-Report:
CIP:209.184.167.3;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.sheldonisd.com;PTR:mail.sheldonisd.com;CAT:OSPM;SFS:(13230022)(396003)(376002)(346002)(39860400002)(136003)(451199015)(109986013)(36840700001)(40470700004)(82740400003)(41300700001)(36860700001)(40480700001)(31686004)(26005)(32650700002)(70206006)(31696002)(786003)(8676002)(82310400005)(2860700004)(316002)(41320700001)(70586007)(4744005)(83170400001)(2906002)(40460700003)(956004)(7596003)(186003)(7416002)(8936002)(356005)(7636003)(7406005)(83380400001)(336012)(7366002)(42882007)(5660300002)(478600001)(426003)(6666004)(32550700012)(4001630100005);DIR:OUT;SFP:1501;
X-OriginatorOrg: sheldonisd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2022 05:33:15.5792
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a8e69124-f138-4af7-2d2b-08dabc93bdc8
X-MS-Exchange-CrossTenant-Id: 3237ab13-a154-4aab-bc15-73e6206d6acc
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3237ab13-a154-4aab-bc15-73e6206d6acc;Ip=[209.184.167.3];Helo=[mail.sheldonisd.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT040.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR15MB5321
X-Spam_score: 9.3
X-Spam_score_int: 93
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: CAUTION: This email originated from outside of the organization.
DO NOT click links, provide credentials or open attachments unless you validate
the sender and know the content is safe. Attention Dear,
Content analysis details: (9.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[jamessealy162[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[wendyarandas[at]sheldonisdnoc.onmicrosoft.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 XPRIO Has X-Priority header
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} [EXTERNAL EMAIL - USE CAUTION] Attention Dear,
X-Antivirus: AVG (VPS 221102-0, 11/1/2022), Inbound message
X-Antivirus-Status: Clean
CAUTION: This email originated from outside of the organization. DO NOT cli=
ck links, provide credentials or open attachments unless you validate the s=
ender and know the content is safe.
Attention Dear,
A HIGH LEVEL INVESTMENT OPPORTUNITY IS AVAILABLE NOW. THE INVESTMENT CAPITA=
L IS USD48 MILLION.
REQUIREMENT: CAPABLE AND EXPERIENCED PROFESSIONAL FUND/INVESTMENT MANAGER E=
ITHER CORPORATE BODY OR INDIVIDUAL.
THE INVESTMENT FUND IS DOMICILED IN TURKEY. THE PROCESSING AND TRANSFER WIL=
L TAKE PLACE IN TURKEY AND AS SUCH YOU WILL BE REQUIRED TO COME TO TURKEY.
A ROUND TRIP TICKET WITH FULLY PAID HOTEL ACCOMMODATION FOR 3 NIGHTS IN A H=
OTEL WILL BE ARRANGED FOR YOUR TRIP TO TURKEY.
IF YOU HAVE THE CAPACITY AND WILLINGNESS TO HANDLE THIS PROJECT, KINDLY RES=
POND WITH YOUR DETAILS.
THANKS
BEST REGARDS,
JAMES SEALY
CONSULTANT/BROKER.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments