Health spam from Microsoft Outlook
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 04 Mar 2024 08:27:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rh9sB-00000000DiG-3nFJ
for dave@doctor.nl2k.ab.ca;
Mon, 04 Mar 2024 08:04:59 -0700
Resent-From: The Doctor
Resent-Date: Mon, 4 Mar 2024 08:04:59 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-psaapc01on2134.outbound.protection.outlook.com ([40.107.255.134]:45152 helo=APC01-PSA-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rh8pN-00000000BdL-34Jt
for root@nk.ca;
Mon, 04 Mar 2024 06:58:05 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=dbMzJzBUG5cCEn56RpaTIJIW4zXFZu4+IqNZ3+/Z51I9hqrwgQH6ikteR0JgRDrPQNPPVJQwtDW8sZMsyY0loFSLujFtpDAa1AHw9bxCMAj+sc77OApW8CEBJ5Spb5PI1b2FHYdMFtJgU22fOptO3rSvgzmwJzA6Z/+17iNNLsetnf18PIzD1fppTIS02Toplj7ef73PPM8/bmhJ+dyguTeIzTHlN/lPXipgIAmPIDrxnWeUb6asg1QZ5hgVxIXM9X+yuZnHZA+4xrBYjk5gnYyv/rp5sf3tFpnpc2RqXhchwCpt5ujQQ9GACbtqpNVtSE6zEnueD2S7PP6/X/pH7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zwnmIsUahO7bu1Rl8EIL3m4tIOYIlxsia7Eyy2zf8/Y=;
b=OZV9zADiC3uGkq2GmJYHIfvReoqpUWDufAT+QLvaR8s1QHba14O/Pddx5+M+gtUqUCfrfR9PZ0J5N1fB6Mt85Q2krLVgp/fZx4raM8FuqRQfXenmRY3stgjrIaW5zqRP3tIOizmRwo9t0AGuRPGnkwCrIm93UYqlw9qOv0RpPwOBsuTdA9ZCp3ji1BrOMSjLCnwj08jTYl8DedxVfPVtpJiCYiIjaZ6jP3/egO9oBAs1uod53gbYs+g13CuACnXsK713DnVZqUFkh6H1CVPxWP1rBnFpLh6aOKYNcVUiV1Duq2j7sEV+IWW997KfOc5iFrYFKrsdkvgJW7gjpiWtVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
172.105.21.95) smtp.rcpttodomain=nk.ca
smtp.mailfrom=15dguhgfjg.volcanicallyactive.store; dmarc=bestguesspass
action=none header.from=15dguhgfjg.volcanicallyactive.store; dkim=none
(message not signed); arc=none (0)
Received: from PU1PR06CA0012.apcprd06.prod.outlook.com (2603:1096:803:2a::24)
by KL1PR02MB7142.apcprd02.prod.outlook.com (2603:1096:820:110::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.37; Mon, 4 Mar
2024 13:55:58 +0000
Received: from HK2PEPF00006FAE.apcprd02.prod.outlook.com
(2603:1096:803:2a:cafe::e6) by PU1PR06CA0012.outlook.office365.com
(2603:1096:803:2a::24) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.38 via Frontend
Transport; Mon, 4 Mar 2024 13:55:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 172.105.21.95)
smtp.mailfrom=15dguhgfjg.volcanicallyactive.store; dkim=none (message not
signed) header.d=none;dmarc=bestguesspass action=none
header.from=15dguhgfjg.volcanicallyactive.store;
Received-SPF: Pass (protection.outlook.com: domain of
15dguhgfjg.volcanicallyactive.store designates 172.105.21.95 as permitted
sender) receiver=protection.outlook.com; client-ip=172.105.21.95;
helo=15dguhgfjg.volcanicallyactive.store; pr=C
Received: from 15dguhgfjg.volcanicallyactive.store (172.105.21.95) by
HK2PEPF00006FAE.mail.protection.outlook.com (10.167.8.4) with Microsoft SMTP
Server id 15.20.7362.11 via Frontend Transport; Mon, 4 Mar 2024 13:55:56
+0000
From: "=?UTF-8?Q?Health Affiliate ?="
Subject: =?UTF-8?Q?It started out innocently enough=E2=80=A6?=
To: root@nk.ca
Sender: PPSQKbbJGbao@15dguhgfjg.volcanicallyactive.store
Cc: root@outlook.com
Content-Type: multipart/alternative;
boundary="_0d86c7ae-d398-44d8-a83a-ea346be680c6_"
Date: Mon, 04 Mar 2024 13:55:50 +0000
MIME-Version: 1.0
Message-ID:
<216b8b6f-446c-44d1-9844-be3ed975c33b@HK2PEPF00006FAE.apcprd02.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: HK2PEPF00006FAE:EE_|KL1PR02MB7142:EE_
X-MS-Office365-Filtering-Correlation-Id: 5ed605b4-f43c-4dbe-a267-08dc3c52d126
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
5rx5J/SerCKe1XAJYHgLjNvXqr0vmtGo10Wo5MeNAHy1zxLTFMZDrxKwKrgrNv97dVTGNT3Ejey+yCh5Kt4xZ5fExI/3pt/AA4kMsdA76TQjL+GMHmkCUWG/thvkP9HhefQzfWbnVYTSsa4/FxYBSmle/v1IlK/3EfbMxUJP095EXCkxadctiDXp67XwT71E4eQ50DxhDHLUdYzyfeUGKznap2YqTm82ZfPlyYcK1SUvhgw+0rLqWCogTaTxFsaBV1qeg07H501v3fplFT5xfNIksx65MV0TSnqRH/j4DwzbJpNvMbqQXA+X9XiFVn6KRTZwrektdwfkWIqk+UxWq2JXoVBQNlkQwSZgkCqgdjnunUcL0vbQn6ahJMP5nrxUyQsFuU4wnvJZOLFyI6PvN2NQxe/DWpC4AF5oghEjX3FRRHtxRv5F/3cLW0zJM2b3Z2WqkamY1oK6fJp2m0jMrcgsyG67NTYsl6clhcfy/pc/+Sf3CEG3MQV8Q5IUXIa4PXy7d7vEY3/+WYG85avT/Nxiwef2wepupGD5V4G0MbEaaJ3Tdks8b1/UwjhtgSJsW3gShdAid6tqCGGkKzSSPm+hlp4COT+IcTIm9sixF966A/SDcy3gj/hrY3j1t+i3/VW0Wf0WV0VwxAO+J71JgoT//EKe60kJdfdf/Y814pPw+OP5uRrKh2oUM6R5CI4HHQSUjbe1U2f5HR6gX9rjYA==
X-Forefront-Antispam-Report:
CIP:172.105.21.95;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:15dguhgfjg.volcanicallyactive.store;PTR:172-105-21-95.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(36860700004)(41320700004)(82310400014)(34070700005)(376005)(61400799018);DIR:OUT;SFP:1102;
X-OriginatorOrg: 15dguhgfjg.volcanicallyactive.store
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Mar 2024 13:55:56.9191
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ed605b4-f43c-4dbe-a267-08dc3c52d126
X-MS-Exchange-CrossTenant-Id: 495b80d5-d650-4a23-be96-124d50507823
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=495b80d5-d650-4a23-be96-124d50507823;Ip=[172.105.21.95];Helo=[15dguhgfjg.volcanicallyactive.store]
X-MS-Exchange-CrossTenant-AuthSource:
HK2PEPF00006FAE.apcprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR02MB7142
X-Spam_score: 5.4
X-Spam_score_int: 54
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Find Out How To Save Your Brain And Your Memories Today!
It started out innocently enough… Working with limited resources in rural
China, a doctor by the name of Chung T’Hsu sought to cure the ringing in
his ears that was driving him mad.
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.255.134 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.255.134 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header
0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence
0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?Q?It started out innocently enough=E2=80=A6?=
--_0d86c7ae-d398-44d8-a83a-ea346be680c6_
Content-Type: text/plain; charset="UTF-8";
--_0d86c7ae-d398-44d8-a83a-ea346be680c6_
Content-Type: text/html; charset="UTF-8";
Find Out How To Save Your Brain And Your Memories Today!
|
--_0d86c7ae-d398-44d8-a83a-ea346be680c6_--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments