Metrics spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 May 2022 16:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr5Nx-0006mE-C4

for dave@doctor.nl2k.ab.ca;

Tue, 17 May 2022 16:09:45 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 May 2022 16:09:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yb1-f179.google.com ([209.85.219.179]:37403)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr3eW-00023a-LB

for sales@nk.ca;

Tue, 17 May 2022 14:18:49 -0600

Received: by mail-yb1-f179.google.com with SMTP id v71so250768ybi.4

for ; Tue, 17 May 2022 13:18:27 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=kentik.com; s=google;

h=from:mime-version:date:message-id:subject:to;

bh=aMjCxgU+++uyhxC/0MkjLDCK90KCMG7OO6+0Wp6q7+c=;

b=K7fZI7l2aQva3k8FNO4JeUuY4Yu8oGJ00ihlPlC5qG6WKXsC5ZM4luGkIqcNs2VqIe

BuYC0q+099CNSy0Ktjptv3OcBtuX0G2TxlEnwGeFTg+hn25+VDyZmB9BgqFfY0++LjYt

vQGogUCymIRKjfjex1017rhxHzZzFAxu6jB5s=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:from:mime-version:date:message-id:subject:to;

bh=aMjCxgU+++uyhxC/0MkjLDCK90KCMG7OO6+0Wp6q7+c=;

b=tSbX2SSR2bmGSlYlPf0rpdMO5Yt1lYKLXc77bAHG2OigSc9Mv7a7jJQWHikGKPbjcK

QRkblsDXE35OhTLkHInH4xO6MbDWpHLQt184+ZrUus8f6hfhMWf5MKihk/qb/SVnokQr

fdoQGzXBIkELzeMORz53PbI9KCLiMz2nsLBlPZc+EjLPH1JC3NQ7iG610v4bG7ecT/7j

fDHpgsJB8Vr+/8svolUNrHWDPDuqWUDauuHL0iKlFbm1N8kcbAYMukJYKJXTA5V+KBee

yYwlCEnXkcawYOYIwA6tznSdMYd+KOWYChiesp8+glvuhQPuR9GIdYpE3Du7/pAw42wm

qv9g==

X-Gm-Message-State: AOAM532Bdh3VT44IhnoV43iKsYcUC4+bnnYktgY89mVTMptZoxidpjQg

yp6BVRHuBNWAg/e+q4XQmkCWMqX/VGNhtKFksynZZhx1t1s=

X-Google-Smtp-Source: ABdhPJy6Lf/6TDCVJzOk2teTZIYvpaqR6h1kdzfkb06/ddYLpfAdQUyvBrNIIAw25iIwV7fD9kkM97at07NpJPrTMo8=

X-Received: by 2002:a25:4086:0:b0:64b:ac85:2b3 with SMTP id

n128-20020a254086000000b0064bac8502b3mr21272256yba.519.1652818701526; Tue, 17

May 2022 13:18:21 -0700 (PDT)

Received: from 300935273661 named unknown by gmailapi.google.com with

HTTPREST; Tue, 17 May 2022 13:18:21 -0700

From: Briggs Heaney

Mime-Version: 1.0

Date: Tue, 17 May 2022 13:18:21 -0700

Message-ID:

Subject: Improve QoE metrics report

To: David Yadalee

Content-Type: multipart/alternative; boundary="0000000000009541da05df3ad7ae"



--0000000000009541da05df3ad7ae

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



David,



As a regional service provider, your team is tasked with providing services

that stand apart from the larger national/global providers.



In addition to needing to deliver the highest performing network, you also

need to be able to anticipate issues before your end users know there's a

problem.



Here is a report


B2HI4DTHIXS653XO4XGWZLOORUWWLTDN5WS64TFONXXK4TDMVZS63TFOR3W64TLFVWWK5DSNFRX=

GLLUNBQXILLNMF2HIZLSF47XGYTSMM6TCYSSPJSXAM3ZLFBFI2TFOJGW4WCLKVCWGT3XEUZUIJJ=

TIQSTENDFJNAS25L2JVMVSZJNKU4VUWCKGRQUOY2DKESTGRBFGNCA=3D=3D=3D=3D/www-kenti=

k-com-resources-network-metrics-that-matter>

on the most important metrics to focus on to ensure a best-in-class

customer experience.



Let me know if you think this report hits that mark or whether we could

improve the content.



Thanks,

Briggs



Briggs Heaney

Strategic Account Manager

briggs@kentik.com

510.410.7776

[image: Kentik Detect - Cybersecurity Excellence Awards]





Would you like to opt out?


7990>



--0000000000009541da05df3ad7ae

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




>

David,=



=C2=A0=



As a r=

egional service provider, your team is tasked with providing services that =

stand apart from the larger national/global providers.=C2=A0


=C2=A0=



In add=

ition to needing to deliver the highest performing network, you also need t=

o be able to anticipate issues before your end users know there's a pro=

blem.


=C2=A0=





=C2=A0=



Let me=

know if you think this report hits that mark or whether we could improve t=

he content.


=C2=A0=




-family:Arial,Helvetica,sans-serif;font-size:11pt">Thanks,

Briggs


=C2=A0


Briggs Heaney


Strategic Account Manager




510.410.7776=C2=A0



oads/2016/11/235169.jpg" alt=3D"Kentik Detect - Cybersecurity Excellence Aw=

ards" width=3D"96" height=3D"20">









-9c86-4a1e66577990.gif" alt=3D"" width=3D"1" height=3D"1">



--0000000000009541da05df3ad7ae--

Chinese products spam from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 May 2022 16:09:31 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr5NI-0006kR-FW

for dave@doctor.nl2k.ab.ca;

Tue, 17 May 2022 16:09:04 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 May 2022 16:09:04 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [183.253.44.100] (port=49430 helo=sio-no.mail.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr362-0000Q2-Ig

for root@nk.ca;

Tue, 17 May 2022 13:43:11 -0600

Date: Wed, 18 May 2022 03:42:37 +0800 (CST)

From: Wendy_lan66

Sender: poeeptpw

To: root

Message-ID: <1516392524.748399.1652816557751@sio-no.mail.protection.outlook.com>

Subject: =?UTF-8?Q?Re:_STOCK_MEN_&_LADY=E2=80=99S_PADDING_JACKET?=

=?UTF-8?Q?_FROM_WENDY_FACTORY_OF_CHINA_JINJIANG_?=

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DEAR MY PURCHASER : HOW ARE YOU ? Nice to meet you . This

is wendy . Now our factory have some stock lady & men’s padding jacket ,

their quality are quite goods , in virus time last year our factory make

some item desi [...]



Content analysis details: (8.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.6 SUBJ_ALL_CAPS Subject is all capitals

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[183.253.44.100 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[wendy_lan66[at]163.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and

EnvelopeFrom freemail headers are

different

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

Subject: {SPAM?} =?UTF-8?Q?Re:_STOCK_MEN_&_LADY=E2=80=99S_PADDING_JACKET?=

=?UTF-8?Q?_FROM_WENDY_FACTORY_OF_CHINA_JINJIANG_?=




size:18px;font-family:'Arial','sans-serif';color:black">DEA=

R MY PURCHASER :


om:2px;">


;">
ans-serif';color:black">HOW ARE YOU ? Nice to meet you . This is wendy =

.  Now our factory have some stock lady & men=E2=80=99s padding ja=

cket , their quality are quite goods , in virus time last year our factory =

make some item design by ourselves to do , just hope labors have themselves=

things to do in factory keep busy .


-top:2px;margin-bottom:2px;">
ily:'Arial','sans-serif';color:black">
=


style=3D"margin-top:2px;margin-bottom:2px;">
ze:14px;font-family:'Arial','sans-serif';color:black">So no=

w wendy hope you can help me to enqury your customer , Maybe they are  =

;interested in buying our men or lady=E2=80=99s stock padding jacket  =

?? if yes ,pls let us to know it , they are very good quality , making them=

just maintain production line can keep busy in 2019 covid-virus time .
pan>


an style=3D"font-size:14px;font-family:'Arial','sans-serif'=

;color:black">


ttom:2px;">


px;">
;sans-serif';color:black">OF course , our factory is also making bulk p=

roductions in there , our padding jacket or thin jacket were shipped out to=

: ENGLAND , GERMEN , IDALLY , POLAND , USA , MEXICO COUNTRIES more than 25=

years yet . WECOME YOU ENQUIRY TO US QUOTATION BASE ON YOUR DESIGN JACKET =

.


g>
';color:black">


in-bottom:2px;">


tom:2px;">
,'sans-serif';color:black">AT LAST , WENDY IS WAITTING FOR YOUR REP=

LYON TIME  , IN VIRUS TIME MABYE SOME CUSTOMERS WOULD LIKE TO BUY SURE=

 AND WE CAN SENT OUT TO YOU FOR CHECKING . NOW WE ARE WAITTING FOR YO=

UR POSITIVE REPLY . MANY TKS




Canadian Who's who spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 May 2022 16:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr5M0-0006gN-Fu

for dave@doctor.nl2k.ab.ca;

Tue, 17 May 2022 16:07:44 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 May 2022 16:07:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yb1-f199.google.com ([209.85.219.199]:35339)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nr0vb-000JZH-Id

for sales@nk.ca;

Tue, 17 May 2022 11:24:18 -0600

Received: by mail-yb1-f199.google.com with SMTP id p2-20020a25d802000000b0064d9002a5abso6190491ybg.2

for ; Tue, 17 May 2022 10:23:54 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=thecbrb-ca.20210112.gappssmtp.com; s=20210112;

h=mime-version:message-id:date:subject:from:to;

bh=K0oNzd23njLsCFxfmC2JcaFiqEksgriH/tmOTszbYe8=;

b=Cu13OrjhVJjJV2F31GzU5VXacfmRs5aO+ArbBRSOvBKCIJA6g1woabS7+ouNXqAxG/

m2nncI2Wz/B/lCOang3/H7ta7e0SFcrwah4EjHg2yi5/+g0oI68DCx8uGFhJJzJmLrIw

+dneshsWkVuQNlcwIa0tCeTJo/WtJ8Vn6Sl7o23sXMUGBYVd444s3QB/Zbxj3nMZmFce

fCqwgvJFuiE8p6ZmwDcQl3FI+G5jbCYDe42zQMAmOL33t+FBQ0HS/UxO4Ww+4Q2kMiFP

5uIkgz0VbSQPyvZlsP2mOhjh9l1mDFOxOCI9pFsEljrGi7XjiUBpQEkx8QBlAYULtOyn

SWJw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:message-id:date:subject:from:to;

bh=K0oNzd23njLsCFxfmC2JcaFiqEksgriH/tmOTszbYe8=;

b=NfyRIf3IvGRxb2lwpK2QPQ+znCvDA85jNGl8sR4j8GXQMzqfDWC958jsSpW5jydDHg

/vI3uEDpl2ifiJyqQPXT6JBEpgflmFfeNJ/oKyXRcg1Dv1aHfcE4GuIPQ2xXkwH89Y+E

9SpYAUqE/s5AJCZQHPZXVJxkXjpoQ7kWUt1JXAw4N+QkfC22a32fjOmGnKZJXVFDsqUD

PtaH4zys7mpVoM8DdEz9+Qa3TGVgSt7IeXTRLDn1/iJc6G59Ej2r7KxIzZ27WZqN+UK0

v1cw9tM0VOGgeo5mnkmw2SWR4LeHaEMK5CgizOFObuG5xnbRG0J9hwWVaJpPDpkZV2n6

vFTw==

X-Gm-Message-State: AOAM531hneSiXZGbwbxcOp4XqYRBSqwMVDhxUrVqVtaNbY4U4fY2AME/

hteFed4yG+CD2YDBGdv9q4Mb/VcAKSgz

X-Google-Smtp-Source: ABdhPJxQoPwLhXS5fkLmoyXDgEMbdgjopDlDY5udI4LSew7+RPa+KD3Dd0D3h6mFoPdxansZEXvuxaP2Yg==

MIME-Version: 1.0

X-Received: by 2002:a25:658b:0:b0:64d:f9d1:b16e with SMTP id

z133-20020a25658b000000b0064df9d1b16emr4188723ybb.50.1652808228615; Tue, 17

May 2022 10:23:48 -0700 (PDT)

Message-ID: <000000000000593bb405df38679c@google.com>

Date: Tue, 17 May 2022 17:23:48 +0000

Subject: Healthcare & Rehab Specialties selected for CBRB Best Businesses In

Canada 2022

From: businessverification@thecbrb.ca

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Hello,



Congratulations on being selected and approved for the CBRB Best Businesses

In Canada 2022.



This offer is presented only to businesses that have maintained a 4+ star

Google review rating or equivalent proof of customer satisfaction.



Representing the Best Businesses in Canada, the CBRB Canadian Business

Review Board Inc. has found that your business meets strong consumer

satisfaction standards and we look forward to recommending your services.



Membership in the CBRB Best Businesses In Canada 2022 Brand Awareness

Program includes listing in the exclusive 2022 Best Businesses Directory,

use of the 2022 CBRB Best Businesses verification badge, and custom content

to promote Healthcare & Rehab Specialties commitment to upholding:



- Strong Vision

- Customer-centric Approach

- Customer Satisfaction

- Business Leadership



Following registration, you will receive:



-CBRB Best Businesses In Canada 2022 Verification Certificate



-CBRB Best Businesses In Canada 2022 Verification Badge



-CBRB Best Businesses In Canada 2022 Directory Listing & Profile Page



-CBRB Canadian Business Review Board Inc will promote your business

excellence on social media and multiple marketing platforms including ads

targeting specific clients in your city and surrounding areas.



To accept your CBRB Best Businesses In Canada Membership & Verification,

please submit the following form:

https://forms.gle/9yLsYYsX9YigxT1z8



If you have any questions, feel free to let us know!



Richard Erwin

CBRB Canadian Business Review Board Inc

Membership Committee

Best Businesses In Canada

1-855-222-5550

www.thecbrb.ca

@thecbrb

@thecbrb_canada











If you would like to unsubscribe from future correspondence, please email

your request to unsubscribe@thecbrb.com

Sexual Blackmail phishing originating from Tanzania

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 May 2022 07:38:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqxOh-0005XC-Kb

for dave@doctor.nl2k.ab.ca;

Tue, 17 May 2022 07:37:59 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 May 2022 07:37:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [197.221.212.134] (port=9198)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqqjm-0004HD-Vk

for doctor@nk.ca;

Tue, 17 May 2022 00:31:24 -0600

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 17 May 2022 13:06:05 -0800

Message-ID: <002c01d86a36$04b62d2b$a8039fbf$@cmamkting.com>

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-2"

Content-Transfer-Encoding: 8bit

X-Mailer: Microsoft Outlook 15.0

Thread-Index: Ac0snihsftwr9v3q0snihsftwr9v3q==

Content-Language: en-us

X-Spam_score: 8.9

X-Spam_score_int: 89

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (8.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel

letters

2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:

date

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_ID FP reduced Bitcoin ID

1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers

1.6 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (doctor@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1mxMw4vzaKZfqXeAqFP2aqB5QmJFRDKZv



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Ukrainian moeny scam from gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 May 2022 08:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqyMK-0009gk-MA

for dave@doctor.nl2k.ab.ca;

Tue, 17 May 2022 08:39:36 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 May 2022 08:39:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f193.google.com ([209.85.214.193]:45930)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqxg7-0006Py-Ef

for doctor@nl2k.ab.ca;

Tue, 17 May 2022 07:56:03 -0600

Received: by mail-pl1-f193.google.com with SMTP id q18so17377861pln.12

for ; Tue, 17 May 2022 06:55:42 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to

:content-transfer-encoding;

bh=Vp6ad3ipIO480wv5V9N3yuR3QGpSlcdLUjP2rzSiDVU=;

b=V9tVSKWH2VhwS9N7scwlCT4ldzS2EVluUYqpX0wObpoUapakh8qZZdiy6yQ0FPwdsa

SjU3nZNU95W7mPbctdTgn798ExJBO4WNfl2jQiDsXctWbUA2vYQU3/O8eXC7YPHZgZPe

SQCw4dMn9ItHXZW8iYk4qoJoVEelJJhL6N5+0Fzc7jy7PIk/ynqXH1YbFWvyMIxPrz0L

cMy1oxfA+vlUWGyIRp7WsLkT/52yDpz41bWmzHNyboTj64S4ua2IyvxlysBtOjLxMvPI

dLrRRjRS8LX1p26fxq7KElBo6or/IcB+5PWn9fhm++S0mYe0wdPkvl1H+7j+H15M17GW

wCiw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to:content-transfer-encoding;

bh=Vp6ad3ipIO480wv5V9N3yuR3QGpSlcdLUjP2rzSiDVU=;

b=7Pn+q6mbd4yNkfNX6Em7ZpIxo+g6s2orooaQC/aagtmyAQtEdNmGRaMl+XVF5bkozT

qLxAN/vWmnrESRJtDPXQBtwu0feDK5KbKcTqKauo1q5F+XrP0DfwVZXr5WfP/hphwGxg

0bSA6b3t6xjBre8xF27Ct/G/LN6rZ7uMwhxVpINBw2PDlGQNjIB+vdQUhzQ/VwtEtHk1

XuADQ6is26W/8ZIcLkSdNLAMhWR84HiaWq2WaEZR/tjV0PWK6RDwwVEwQdaWcr4VFzY3

mbTGqVLo/tvX3DeNcJNyeG5063SkvwxE717LWAJs6buiHSWKIZxHYdtLlMA0jwp1e4aa

1nVg==

X-Gm-Message-State: AOAM530Sm+u9eMdRC4eDDmAAzihVRR4CjKmx3WCeDgvTOliFj2+kEa/x

vjskLst6WscI21aRJk1qx1sx86skoW8X9XsOv1Q=

X-Google-Smtp-Source: ABdhPJwoX19lOOxH51gm5xBVpKwuqgtTmho91iCb9F71YwKr5xcMCYOYrZIkghNgIZaobLBx4dqBXtds+3ej8YIC+ec=

X-Received: by 2002:a17:90a:4d49:b0:1df:78ca:ae49 with SMTP id

l9-20020a17090a4d4900b001df78caae49mr6233253pjh.121.1652795736572; Tue, 17

May 2022 06:55:36 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:7022:911:b0:3e:56c5:c88f with HTTP; Tue, 17 May 2022

06:55:35 -0700 (PDT)

Reply-To: hon.oleksiy@hotmail.com

From: "Hon. Oleksiy Honcharuk"

Date: Tue, 17 May 2022 14:55:35 +0100

Message-ID:

Subject: Ukraine Prime Minister (Rtd), Urgent Help.

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 8.0

X-Spam_score_int: 80

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Ukraine Prime Minister (Rtd) Hello Friend, COMPLEMENT OF

THE SEASON! We understands coronavirus as called “COVID-19 pandemic”

has caused heavy obstruction and deserter outbreak globally, but the living

once shall continue their lifespan.



Content analysis details: (8.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.214.193 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[chidigahna[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.0 T_SCC_BODY_TEXT_LINE No description available.

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Ukraine Prime Minister (Rtd), Urgent Help.



--=20

Ukraine Prime Minister (Rtd)

Hello Friend,



COMPLEMENT OF THE SEASON!



We understands coronavirus as called =E2=80=9CCOVID-19 pandemic=E2=80=9D ha=

s caused

heavy obstruction and deserter outbreak globally, but the living once

shall continue their lifespan.



However, I beseech you with love, how are you? I know that this

message might come to you as a surprise for the fact we didn=E2=80=99t know

each other before, but am open with positive mind. Please before I

proceed with the topic of my message, I will not fail to ask about the

modification of your health which is momentous in human dignity,

nevertheless; I strongly believed you are doing fine by the grace of

God.



Straight to my Topic:



I am the =E2=80=9Cformal=E2=80=9D Ukraine Prime Minister who resigned peace=

fully due

to the political issues in my country (Ukraine). As a matter of fact,

I tendered my resignation letter then and strictly resigned.



But my major reason contacting you now is; there is certain sum of

money i moved to a bank security vault outside Ukraine, as a result of

the on-going war between my country, Ukraine and Russia; so can you

please help me to go and receive it from the security company for

proper self-keeping in your country until we see what this war will

end with?



Please this is very confidential as I will put you more through on

your positive reply.



Yours faithfully,



Hon. Oleksiy Honcharuk

Ukraine Prime Minister (Rtd)

Sexual Blackmail phishing originating from Germany

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 May 2022 23:52:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqq6o-00013j-Py

for dave@doctor.nl2k.ab.ca;

Mon, 16 May 2022 23:51:02 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 May 2022 23:51:02 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from dslb-088-069-159-127.088.069.pools.vodafone-ip.de ([88.69.159.127]:48692)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqnH2-0007l5-I5

for sales@nk.ca;

Mon, 16 May 2022 20:49:46 -0600

Message-ID: <002d01d869a9$03ed0dcb$84cf2a9e@kokhf>

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 17 May 2022 05:31:00 +0100

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-2"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.0570

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.0570

X-Spam_score: 11.1

X-Spam_score_int: 111

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (11.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP

address

[88.69.159.127 listed in dnsbl.sorbs.net]

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.5 PDS_BTC_ID FP reduced Bitcoin ID

3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP

addr 1)

0.8 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)

0.0 BITCOIN_XPRIO Bitcoin + priority

0.2 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

1.7 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

1.0 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (sales@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1mxMw4vzaKZfqXeAqFP2aqB5QmJFRDKZv



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



CRA phish from UTAH USA

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 May 2022 23:50:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqq4t-0000x2-Kk

for dave@doctor.nl2k.ab.ca;

Mon, 16 May 2022 23:49:03 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 May 2022 23:49:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [143.244.184.248] (port=62867 helo=calgarystampede.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqlyq-0001yt-Vb

for postmaster@nl2k.ab.ca;

Mon, 16 May 2022 19:26:46 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: postmaster@nl2k.ab.ca

Subject: REMINDER: Deposit Your $1210.50 Interac e-Transfer Refund

Date: 16 May 2022 18:26:07 -0700

Message-ID: <20220516182607.38D733A48486D490@calgarystampede.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 10.1

X-Spam_score_int: 101

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $1210.50 CAD from Canada Revenue Agency



Content analysis details: (10.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.7 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

Subject: {SPAM?} REMINDER: Deposit Your $1210.50 Interac e-Transfer Refund






=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">








" />




=3Dedge" />








0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">






padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">




table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">





ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">


display: table;

width: 100%" class=3D"preheader__inner--inline">




splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20






splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20










-container">
















ine">


display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">




s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello


t;">You have a refund of $1210.50 CAD from Canada Revenue Agency 







=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider"> 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 18th May, 2022.







=20=20=20=20=20=20=20=20



=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>





=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">


height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">





=20=20=20=20=20=20=20=20









=20=20


nt-size:20px;"> 


=20=20

=20=20=20=20=20=20






display: table;

width: 100%" class=3D"layout__inner">






Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20


line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20




line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














display: table;

width: 100%" class=3D"layout__inner">




25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">


Margin-right: 20px" class=3D"column__padding--inline">


line-height: 19px" class=3D"email-footer__subscription--inline">


lang=3D"en">Preferences
  |  

scribe style=3D"text-decoration: underline;">Unsubscribe















 










Sexual Blackmail phishing originating from Senegal

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 May 2022 17:35:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqkDx-000DhS-2L

for dave@doctor.nl2k.ab.ca;

Mon, 16 May 2022 17:34:01 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 May 2022 17:34:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [154.124.12.65] (port=45233)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqjJr-000Pvw-Fe

for doctor@nl2k.ab.ca;

Mon, 16 May 2022 16:36:09 -0600

Message-ID: <6282D1C0.6050801@tramadol50mg.us>

Date: Mon, 16 May 2022 21:35:44 -0100

From:

User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

MIME-Version: 1.0

To:

Subject: You have an outstanding payment. Debt settlement required.

Content-Type: text/plain; charset=ISO-8859-2; format=flowed

Content-Transfer-Encoding: 8bit

X-Spam_score: 6.2

X-Spam_score_int: 62

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (6.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel

letters

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[154.124.12.65 listed in bb.barracudacentral.org]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.5 PDS_BTC_ID FP reduced Bitcoin ID

1.2 BITCOIN_SPAM_02 BitCoin spam pattern 02

1.0 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (doctor@nl2k.ab.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1mxMw4vzaKZfqXeAqFP2aqB5QmJFRDKZv



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Sexual Blackmail phishing scam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 May 2022 23:49:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqq4B-0000uf-7J

for dave@doctor.nl2k.ab.ca;

Mon, 16 May 2022 23:48:19 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 May 2022 23:48:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 45.5.34.2.novelltelecom.com.br ([45.5.34.2]:26362)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nqlid-0000oy-14

for root@nk.ca;

Mon, 16 May 2022 19:09:53 -0600

Message-ID: <001801d86971$0324cd25$f4f0b88c@mhagdqd>

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 16 May 2022 17:44:15 -0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-2"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.3827

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.3827

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (10.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

DNSWL was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[45.5.34.2 listed in list.dnswl.org]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_XPRIO Bitcoin + priority

0.2 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

1.7 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (root@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1mxMw4vzaKZfqXeAqFP2aqB5QmJFRDKZv



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.