06-18-2017: "Thank you for confirming receipt" Weight Loss Spam Campaign

First email href redirect: 

hxxp://www[.]royalgemsandarts[.]com/neutrality[.]php

Obfuscated href JS redirect: 

hxxp://loss5weight-fast[.]world/?a=417768&c=cpcdiet&s=good_live

Third-layer PHP redirect: 

hxxp://loss5weight-fast[.]world/int/eqyy/forskolin/?bhu=Q8aE9FQfMfJZxJHHuGyxUz7qZ4Xcny

Final landing page: 

hxxps://premium-forskolin-extract[.]com/forskolin_int/?click_id=06_85469609_32230874-37af-4605-94f7-a96bba399453&subid1=326675&netid=3&ver=old&ad=1kgC

I. Original email spam:

Email headers:

Authentication-Results: spf=none (sender IP is 62[.]176[.]169[.]100) smtp.mailfrom=innovationcorp.net; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=innovationcorp.net;Received-SPF: None (protection.outlook.com: innovationcorp.net does not designate permitted sender hosts)Received: from BAY004-MC5F14.hotmail.com by SN1NAM01FT010.mail.protection.outlook.com with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1157.12 via Frontend Transport; Sat, 17 Jun 2017 13:59:14 +0000X-IncomingTopHeaderMarker: OriginalChecksum:C4EC5D1CED9159B632F69622160D2CDB0826E69A1A0A6B56396F57CA34D8B853;UpperCasedChecksum:E0D5D0F87E9B7555077E317749ABDABF68C51B317B0F4B4B52E7CC6CB90E0999;SizeAsReceived:704;Count:13Received: from raider.solvere.sk ([62[.]176[.]169[.]100]) by BAY004-MC5F14.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143); Sat, 17 Jun 2017 06:59:13 -0700

II.  Review the link href PHP page via the curl command 

curl hxxp://www[.]royalgemsandarts[.]com/neutrality[.]php

IV.  Encoded JavaScript href() redirect from 

hxxp://loss5weight-fast[.]world/?a=417768&c=cpcdiet&s=good_live -> 

hxxp://loss5weight-fast[.]world/us/xxrr/cla-safflower-oil/bhu=Q8aEvU5pCPVc8KBpNcbWBXvbBotjvr

hxxps://cla-extr[.]com/?click_id=06_85042356_6b816138-2c39-4493-9eab-aff53ec51810&subid1=313491&netid=3&ver=old&ad=1kgC