Oral-B Health Kit Phish from Microsoft
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Oct 2025 13:07:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1v8kLz-00000000MxX-0bhS
for dave@doctor.nl2k.ab.ca;
Tue, 14 Oct 2025 13:06:35 -0600
Resent-From: The Doctor
Resent-Date: Tue, 14 Oct 2025 13:06:35 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-northcentralusazhn15013047.outbound.protection.outlook.com ([52.102.146.47]:11003 helo=CH4PR04CU002.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.2 (FreeBSD))
id 1v8idX-00000000ETx-2yTv
for doctor@doctor.nl2k.ab.ca;
Tue, 14 Oct 2025 11:16:44 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=siP4/Vca+ru1KafPFiptkSoMRCMrD12fhSlUDsjchPDng9nS8RMNfGqhaFvdfwuRWD8NxRslrWpefRGH3zXiE+iNVz88XTAH9z3eU3VUCAlz8BqihpRdf0iDWjhIHdd3ey3Ltse9BmESarnbx8LxP6gWgcbgmz6nxYlC/T82K9eoUjIPD4UJdQDaUcGYYHXGKwoP4rwKzdXU9rOMrJ0JkY9qRYdDqa7MZwUxb4FY8s6sE8Z2rvR+s3JnlM/W/S/H5P3jNIVN+TSudjZZIvJU3Xm7zl9gqaSRlRBOHWdc618Rs1yYnbPWNCC51YDJ/Vp6Q+w/VH37dsaKtsksoEdkyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=RmNIQh6AZf+WPHgW3TCtaYiui712kmIDD2oOusJHpD8=;
b=jYaad0NPlOiIVNlB1h2CKjMVZssCj9+vjcKLZ1cO63l9dBdKNyzj9PipFnEkb8G+8z8YGr/U19L+3PqghjAutgCF0+3BsxxLJQA1ngddri9q/k2jKKe2y/yfsmi5fjIseYIy8mKa5E29wiKME9PtvSlJOOKliyuCfKfi1eqMxLlagSbIotmbX235BTVtVC8bu0HeOdAf4fGM/R7nAW25AxBkKPuJjC6HrwOxSP1VJ6oksfeBbDuxXDwqRFF5pHRbsWnyzbhsXt9Mpqpi6blmjWEkHvGcVnlCoX4grlKSWn0EyJiZNpw/QjNQGQdrnAoakL7DBwXU1zRhGon1An1hVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 103.6.170.98) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=bekn9.russanassa.ru.com; dmarc=none action=none
header.from=bekn9.russanassa.ru.com; dkim=none (message not signed); arc=none
(0)
Received: from DM6PR03CA0010.namprd03.prod.outlook.com (2603:10b6:5:40::23) by
SA0PR10MB6426.namprd10.prod.outlook.com (2603:10b6:806:2c0::5) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.9228.9; Tue, 14 Oct 2025 17:15:41 +0000
Received: from DS3PEPF000099E1.namprd04.prod.outlook.com
(2603:10b6:5:40:cafe::15) by DM6PR03CA0010.outlook.office365.com
(2603:10b6:5:40::23) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.9203.13 via Frontend Transport; Tue,
14 Oct 2025 17:15:34 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 103.6.170.98)
smtp.helo=bekn9.russanassa.ru.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=bekn9.russanassa.ru.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
bekn9.russanassa.ru.com discourages use of 103.6.170.98 as permitted sender)
Received: from bekn9.russanassa.ru.com (103.6.170.98) by
DS3PEPF000099E1.mail.protection.outlook.com (10.167.17.196) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.9228.7 via Frontend Transport; Tue, 14 Oct 2025 17:15:35 +0000
Subject: Claim Your Exclusive Oral-B Dental Kit
Content-Type: multipart/alternative; boundary="32137274714=hjrodasilqdmfxblhebrck"
Date: Tue, 14 Oct 2025 19:12:41 +0200
Precedence: bulk
From: Your Free Oral-B Kit Awaits You
To: doctor@doctor.nl2k.ab.ca
Message-ID:
<99503ad1-2529-4fa6-8a36-3d4a5a4da0c9@DS3PEPF000099E1.namprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099E1:EE_|SA0PR10MB6426:EE_
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 057e72b2-fe16-407a-727b-08de0b454a0b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|376014|586017|34020700016|35950700016|61400799027|69100299015|82310400026|1032899013|2066899003|4076899003|8096899003|15920700032;
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?QWtqSmtPOXA2M0JIbmJublcwazRKQk5Wb3JINndGd3JVNmZmMGR1Zy9qK2g4?=
=?utf-8?B?YWFmd29PWGNjS1dZTEc1N1NNb3JGSHYzd3NRa0xoVkVrSXd0Y0RaOHlqTzFB?=
=?utf-8?B?TjJKYkdwNWxSdm1rek1IWHh0RCtrSXAwSDFBUlZGMEFPZTNkcklQd1VtQURF?=
=?utf-8?B?elhxOEk1eU0yNW51QWRsNXkvck5SYXFyRi9mMEJnNm93ZE9qajYvZllDZlNI?=
=?utf-8?B?M0pYRGpQbVl3RllHSFRGQktQS045WVlST09pWFBDSmtYSmRBazlFUVNKcUFi?=
=?utf-8?B?bXM0UW1PUnFzMlNSam1EZVZ1cngrUmF4akNwSndDOG1wOFhUeFNKWmNnK3JE?=
=?utf-8?B?OHM0b0dEVG5YSUovK0FGTmxuRm15TzliSnFrdkxuN3NTYitveEZXUWQ3UHhz?=
=?utf-8?B?TzZyeVN0SUs4SUJXeGY1ZmE4b1Z3M1hiWm05Wmo4WUFHWEsxUGVLMURiYThx?=
=?utf-8?B?Q1BTZWNaTG90YS8yaUlSRmk1NlNNNm90VzVJb3ZJRXRkTXhHMnREbDU2VnFa?=
=?utf-8?B?dXBzMFBHTFRKck1ub08wTUFDeU4xd3JxUXZrL28ySm5na0ZFTEZRL0RBbEVj?=
=?utf-8?B?aStLM2pISmR3NEk1Zys4SzJBcGJIUDN1WEkwNXg2YURGcXpxdTRwbVIvR0Y2?=
=?utf-8?B?TTNWUGU2RTBKSWl3V3ZyS29DQSs1S215MWlrY0xjTitCM3prL1g2S01zU2hR?=
=?utf-8?B?R3c5cGJCMi9JVWtvdVkvUXlPcUpuNC9EUGpjblJ5dEJ1czJETHZiSnhsZk5R?=
=?utf-8?B?SWEvN3RtdDZkdHJWUmdwTHFDK0VNZENjU2IzUks2SWkwTnp3MWx3TmdEbkxz?=
=?utf-8?B?MFYxV0JrUHA5NXZQRXY2c2crQm9pbDhaemVoM3RRRjYwZHZzeVlQU3ZTYi9T?=
=?utf-8?B?RjF4MEhzZW9UT2xxL21wT1ExOXJLVEd4dHNxdWlCTjYzakNyUVpWMXc0RDBP?=
=?utf-8?B?dFhOVWQvV253eUN0cHdPQUFsSmV3WXRhditGWE1ORzQvTHQ0ekxhS0EwOVE4?=
=?utf-8?B?ZDhkL0h2YWpydW5zK1Vkd0x5dy9DbTUrMHhFdmRZVE9wZHZvS3VTeURaZmR2?=
=?utf-8?B?cktHODgvMGgyd3grRU41bWk5ZU1lTk16VzlyRmpJdEFIZktFTm5ZcHlsbjVM?=
=?utf-8?B?QlFaWjFJNTRTUEVpTC8zb0ozZU1nNUdaeWQvZ1lDUUFYYVNDYVRVOEswMWFB?=
=?utf-8?B?empLZmdDbmNjT25IZldhdXRucFRYSHlXTFBZNlV4Qm42YkVVMEwzNUo5NnRp?=
=?utf-8?B?R1NKTHJPQTBGM21uTHplczNHMmxHUGdNNytlRXFmS3FHWVFrVDNtV3luMzJ1?=
=?utf-8?B?YmozRDZqeGtiMWVzdEptdzc1Um9aSEZ3QnR0WEZSMnZ2dEs5ZjJXMkxwaEI1?=
=?utf-8?B?QSt3TWhFNjVKdlVIZ3M5TmlTc3Zab09HcExyelliSXFJbHRJcTJpb2ZOSnFN?=
=?utf-8?B?VUJNd3JVV2l4bnhKWGs1aE9vd2JIR01TUXFCWXdmeGhkNVdrMzNiV1pkRDFk?=
=?utf-8?B?NDdWNTF0QnBnOWMydmV3QjdjcVZjRDhQTlQ3bmVHUXJtYmp0N1JtNjE2MXpU?=
=?utf-8?B?NUZoNGhIeER1UUU5YkZXSk1oRnFmemxxOUNUeS9GSEduUC91eVFJdmtxdTNK?=
=?utf-8?B?a3I1WlBSSjVnTU1UYnRvMnRLcjNSM0lHb3ErVnJTc0FQMVRNYWJoUmlvRFBN?=
=?utf-8?B?SmRHamhMK1lZT3g3cDYyNnVhUFlhTXZhdFRHWkNrUXdVT201bExvU1NEdTFz?=
=?utf-8?B?bzE4S0dYbHdVdjlCRE83Tk5lZVByc2h3Q29Rb1FOVHQwNEVwbktaYmV4b0Vx?=
=?utf-8?B?RDB1RVJlbkJlTWlWaXI2WllVTEpxRWNnYnZybjdTU1hOcnV5N3lGQWdsZXZj?=
=?utf-8?B?UFdCNlpEd1EwbFNmb0MvYnNvUEtyMmlNWHNxZGZhNE02YmRtRmlEYklaWUpu?=
=?utf-8?Q?AzaS9rugG0I=3D?=
X-Forefront-Antispam-Report:
CIP:103.6.170.98;CTRY:AU;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:bekn9.russanassa.ru.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(586017)(34020700016)(35950700016)(61400799027)(69100299015)(82310400026)(1032899013)(2066899003)(4076899003)(8096899003)(15920700032);DIR:OUT;SFP:1501;
X-OriginatorOrg: bekn9.russanassa.ru.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Oct 2025 17:15:35.0892
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 057e72b2-fe16-407a-727b-08de0b454a0b
X-MS-Exchange-CrossTenant-Id: 625cc1fe-159b-4766-aa76-6630e1138e81
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=625cc1fe-159b-4766-aa76-6630e1138e81;Ip=[103.6.170.98];Helo=[bekn9.russanassa.ru.com]
X-MS-Exchange-CrossTenant-AuthSource:
DS3PEPF000099E1.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR10MB6426
X-Spam_score: 17.0
X-Spam_score_int: 170
X-Spam_bar: +++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: March 21, 2017 Dear Students, Faculty and Managerial Staff,
AUB is in the final stages of implementing a robust online learning platform
that offers a suite of on-demand courses appropriate for highe [...]
Content analysis details: (17.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.102.146.47 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.102.146.47 listed in wl.mailspike.net]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.0 FORGED_SPF_HELO No description available.
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
2.0 VOWEL_URI_6 URI hostname with 6 consecutive vowels
2.0 MIXED_HREF_CASE Has href in mixed case
1.8 COMBO_IMAGEONLY1 Appears to be an image only message
Subject: {SPAM?} Claim Your Exclusive Oral-B Dental Kit
--32137274714=hjrodasilqdmfxblhebrck
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
--32137274714=hjrodasilqdmfxblhebrck--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Oct 2025 13:07:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1v8kLz-00000000MxX-0bhS
for dave@doctor.nl2k.ab.ca;
Tue, 14 Oct 2025 13:06:35 -0600
Resent-From: The Doctor
Resent-Date: Tue, 14 Oct 2025 13:06:35 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-northcentralusazhn15013047.outbound.protection.outlook.com ([52.102.146.47]:11003 helo=CH4PR04CU002.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.2 (FreeBSD))
id 1v8idX-00000000ETx-2yTv
for doctor@doctor.nl2k.ab.ca;
Tue, 14 Oct 2025 11:16:44 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=siP4/Vca+ru1KafPFiptkSoMRCMrD12fhSlUDsjchPDng9nS8RMNfGqhaFvdfwuRWD8NxRslrWpefRGH3zXiE+iNVz88XTAH9z3eU3VUCAlz8BqihpRdf0iDWjhIHdd3ey3Ltse9BmESarnbx8LxP6gWgcbgmz6nxYlC/T82K9eoUjIPD4UJdQDaUcGYYHXGKwoP4rwKzdXU9rOMrJ0JkY9qRYdDqa7MZwUxb4FY8s6sE8Z2rvR+s3JnlM/W/S/H5P3jNIVN+TSudjZZIvJU3Xm7zl9gqaSRlRBOHWdc618Rs1yYnbPWNCC51YDJ/Vp6Q+w/VH37dsaKtsksoEdkyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=RmNIQh6AZf+WPHgW3TCtaYiui712kmIDD2oOusJHpD8=;
b=jYaad0NPlOiIVNlB1h2CKjMVZssCj9+vjcKLZ1cO63l9dBdKNyzj9PipFnEkb8G+8z8YGr/U19L+3PqghjAutgCF0+3BsxxLJQA1ngddri9q/k2jKKe2y/yfsmi5fjIseYIy8mKa5E29wiKME9PtvSlJOOKliyuCfKfi1eqMxLlagSbIotmbX235BTVtVC8bu0HeOdAf4fGM/R7nAW25AxBkKPuJjC6HrwOxSP1VJ6oksfeBbDuxXDwqRFF5pHRbsWnyzbhsXt9Mpqpi6blmjWEkHvGcVnlCoX4grlKSWn0EyJiZNpw/QjNQGQdrnAoakL7DBwXU1zRhGon1An1hVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 103.6.170.98) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=bekn9.russanassa.ru.com; dmarc=none action=none
header.from=bekn9.russanassa.ru.com; dkim=none (message not signed); arc=none
(0)
Received: from DM6PR03CA0010.namprd03.prod.outlook.com (2603:10b6:5:40::23) by
SA0PR10MB6426.namprd10.prod.outlook.com (2603:10b6:806:2c0::5) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.9228.9; Tue, 14 Oct 2025 17:15:41 +0000
Received: from DS3PEPF000099E1.namprd04.prod.outlook.com
(2603:10b6:5:40:cafe::15) by DM6PR03CA0010.outlook.office365.com
(2603:10b6:5:40::23) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.9203.13 via Frontend Transport; Tue,
14 Oct 2025 17:15:34 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 103.6.170.98)
smtp.helo=bekn9.russanassa.ru.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=bekn9.russanassa.ru.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
bekn9.russanassa.ru.com discourages use of 103.6.170.98 as permitted sender)
Received: from bekn9.russanassa.ru.com (103.6.170.98) by
DS3PEPF000099E1.mail.protection.outlook.com (10.167.17.196) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.9228.7 via Frontend Transport; Tue, 14 Oct 2025 17:15:35 +0000
Subject: Claim Your Exclusive Oral-B Dental Kit
Content-Type: multipart/alternative; boundary="32137274714=hjrodasilqdmfxblhebrck"
Date: Tue, 14 Oct 2025 19:12:41 +0200
Precedence: bulk
From: Your Free Oral-B Kit Awaits You
To: doctor@doctor.nl2k.ab.ca
Message-ID:
<99503ad1-2529-4fa6-8a36-3d4a5a4da0c9@DS3PEPF000099E1.namprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099E1:EE_|SA0PR10MB6426:EE_
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 057e72b2-fe16-407a-727b-08de0b454a0b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|376014|586017|34020700016|35950700016|61400799027|69100299015|82310400026|1032899013|2066899003|4076899003|8096899003|15920700032;
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?QWtqSmtPOXA2M0JIbmJublcwazRKQk5Wb3JINndGd3JVNmZmMGR1Zy9qK2g4?=
=?utf-8?B?YWFmd29PWGNjS1dZTEc1N1NNb3JGSHYzd3NRa0xoVkVrSXd0Y0RaOHlqTzFB?=
=?utf-8?B?TjJKYkdwNWxSdm1rek1IWHh0RCtrSXAwSDFBUlZGMEFPZTNkcklQd1VtQURF?=
=?utf-8?B?elhxOEk1eU0yNW51QWRsNXkvck5SYXFyRi9mMEJnNm93ZE9qajYvZllDZlNI?=
=?utf-8?B?M0pYRGpQbVl3RllHSFRGQktQS045WVlST09pWFBDSmtYSmRBazlFUVNKcUFi?=
=?utf-8?B?bXM0UW1PUnFzMlNSam1EZVZ1cngrUmF4akNwSndDOG1wOFhUeFNKWmNnK3JE?=
=?utf-8?B?OHM0b0dEVG5YSUovK0FGTmxuRm15TzliSnFrdkxuN3NTYitveEZXUWQ3UHhz?=
=?utf-8?B?TzZyeVN0SUs4SUJXeGY1ZmE4b1Z3M1hiWm05Wmo4WUFHWEsxUGVLMURiYThx?=
=?utf-8?B?Q1BTZWNaTG90YS8yaUlSRmk1NlNNNm90VzVJb3ZJRXRkTXhHMnREbDU2VnFa?=
=?utf-8?B?dXBzMFBHTFRKck1ub08wTUFDeU4xd3JxUXZrL28ySm5na0ZFTEZRL0RBbEVj?=
=?utf-8?B?aStLM2pISmR3NEk1Zys4SzJBcGJIUDN1WEkwNXg2YURGcXpxdTRwbVIvR0Y2?=
=?utf-8?B?TTNWUGU2RTBKSWl3V3ZyS29DQSs1S215MWlrY0xjTitCM3prL1g2S01zU2hR?=
=?utf-8?B?R3c5cGJCMi9JVWtvdVkvUXlPcUpuNC9EUGpjblJ5dEJ1czJETHZiSnhsZk5R?=
=?utf-8?B?SWEvN3RtdDZkdHJWUmdwTHFDK0VNZENjU2IzUks2SWkwTnp3MWx3TmdEbkxz?=
=?utf-8?B?MFYxV0JrUHA5NXZQRXY2c2crQm9pbDhaemVoM3RRRjYwZHZzeVlQU3ZTYi9T?=
=?utf-8?B?RjF4MEhzZW9UT2xxL21wT1ExOXJLVEd4dHNxdWlCTjYzakNyUVpWMXc0RDBP?=
=?utf-8?B?dFhOVWQvV253eUN0cHdPQUFsSmV3WXRhditGWE1ORzQvTHQ0ekxhS0EwOVE4?=
=?utf-8?B?ZDhkL0h2YWpydW5zK1Vkd0x5dy9DbTUrMHhFdmRZVE9wZHZvS3VTeURaZmR2?=
=?utf-8?B?cktHODgvMGgyd3grRU41bWk5ZU1lTk16VzlyRmpJdEFIZktFTm5ZcHlsbjVM?=
=?utf-8?B?QlFaWjFJNTRTUEVpTC8zb0ozZU1nNUdaeWQvZ1lDUUFYYVNDYVRVOEswMWFB?=
=?utf-8?B?empLZmdDbmNjT25IZldhdXRucFRYSHlXTFBZNlV4Qm42YkVVMEwzNUo5NnRp?=
=?utf-8?B?R1NKTHJPQTBGM21uTHplczNHMmxHUGdNNytlRXFmS3FHWVFrVDNtV3luMzJ1?=
=?utf-8?B?YmozRDZqeGtiMWVzdEptdzc1Um9aSEZ3QnR0WEZSMnZ2dEs5ZjJXMkxwaEI1?=
=?utf-8?B?QSt3TWhFNjVKdlVIZ3M5TmlTc3Zab09HcExyelliSXFJbHRJcTJpb2ZOSnFN?=
=?utf-8?B?VUJNd3JVV2l4bnhKWGs1aE9vd2JIR01TUXFCWXdmeGhkNVdrMzNiV1pkRDFk?=
=?utf-8?B?NDdWNTF0QnBnOWMydmV3QjdjcVZjRDhQTlQ3bmVHUXJtYmp0N1JtNjE2MXpU?=
=?utf-8?B?NUZoNGhIeER1UUU5YkZXSk1oRnFmemxxOUNUeS9GSEduUC91eVFJdmtxdTNK?=
=?utf-8?B?a3I1WlBSSjVnTU1UYnRvMnRLcjNSM0lHb3ErVnJTc0FQMVRNYWJoUmlvRFBN?=
=?utf-8?B?SmRHamhMK1lZT3g3cDYyNnVhUFlhTXZhdFRHWkNrUXdVT201bExvU1NEdTFz?=
=?utf-8?B?bzE4S0dYbHdVdjlCRE83Tk5lZVByc2h3Q29Rb1FOVHQwNEVwbktaYmV4b0Vx?=
=?utf-8?B?RDB1RVJlbkJlTWlWaXI2WllVTEpxRWNnYnZybjdTU1hOcnV5N3lGQWdsZXZj?=
=?utf-8?B?UFdCNlpEd1EwbFNmb0MvYnNvUEtyMmlNWHNxZGZhNE02YmRtRmlEYklaWUpu?=
=?utf-8?Q?AzaS9rugG0I=3D?=
X-Forefront-Antispam-Report:
CIP:103.6.170.98;CTRY:AU;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:bekn9.russanassa.ru.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(586017)(34020700016)(35950700016)(61400799027)(69100299015)(82310400026)(1032899013)(2066899003)(4076899003)(8096899003)(15920700032);DIR:OUT;SFP:1501;
X-OriginatorOrg: bekn9.russanassa.ru.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Oct 2025 17:15:35.0892
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 057e72b2-fe16-407a-727b-08de0b454a0b
X-MS-Exchange-CrossTenant-Id: 625cc1fe-159b-4766-aa76-6630e1138e81
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=625cc1fe-159b-4766-aa76-6630e1138e81;Ip=[103.6.170.98];Helo=[bekn9.russanassa.ru.com]
X-MS-Exchange-CrossTenant-AuthSource:
DS3PEPF000099E1.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR10MB6426
X-Spam_score: 17.0
X-Spam_score_int: 170
X-Spam_bar: +++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: March 21, 2017 Dear Students, Faculty and Managerial Staff,
AUB is in the final stages of implementing a robust online learning platform
that offers a suite of on-demand courses appropriate for highe [...]
Content analysis details: (17.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[103.6.170.98 listed in will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
[52.102.146.47 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[103.6.170.98 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[52.102.146.47 listed in dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:cafe:0:0:15 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
[2603:10b6:5:40:0:0:0:23 listed in]
[dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[103.6.170.98 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.102.146.47 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.102.146.47 listed in wl.mailspike.net]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.0 FORGED_SPF_HELO No description available.
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
2.0 VOWEL_URI_6 URI hostname with 6 consecutive vowels
2.0 MIXED_HREF_CASE Has href in mixed case
1.8 COMBO_IMAGEONLY1 Appears to be an image only message
Subject: {SPAM?} Claim Your Exclusive Oral-B Dental Kit
--32137274714=hjrodasilqdmfxblhebrck
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
 |
 |
--32137274714=hjrodasilqdmfxblhebrck--
