mailbox phish on nk.ca users

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 16:17:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvRCv-0008Al-6V

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 16:16:21 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 16:16:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [23.247.102.116] (port=50750 helo=sabatir.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvQpV-0007Ec-RU

for sales@nk.ca;

Sun, 29 May 2022 15:52:13 -0600

Reply-To: n0-reply@sendgrid.com

From: "nk.ca-Support"< n0-reply@sendgrid.com >

To: sales@nk.ca

Subject: Unreceived: Clustered Emails Due to Quota Shortage

Date: 29 May 2022 21:51:46 -0700

Message-ID: <20220529215146.2F1B94EDF12DBD4E@sendgrid.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable
















; text-indent: 0px; letter-spacing: normal; font-family: "Lucida Grande", V=

erdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-style: normal;=

font-weight: 600; margin-top: 0px; margin-bottom: 1.5em; word-spacing: 0px=

; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 25=

5, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-style:=20

initial; text-decoration-color: initial; text-decoration-thickness: initial=

;'>sales, your mailbox is almost full.




(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


, 60, 47); margin: 0px; width: 321px; font-family: Roboto, RobotoDraft, Hel=

vetica, Arial, sans-serif;"> 
224, 224, 224); margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, A=

rial, sans-serif;"> 



(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=




botoDraft, Helvetica, Arial, sans-serif;">
, 47); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif, seri=

f, EmojiFont; font-weight: bold;">4.86 GB
Helvetica, Arial, sans-serif;">
raft, Helvetica, Arial, sans-serif, serif, EmojiFont; font-weight: bold;">4=

=2E18 GB



ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-style: initial;=20

text-decoration-color: initial; text-decoration-thickness: initial;'>You&nb=

sp;might experience delays or can no longer send and receive messages.=




ast.com/iobox/index.php?%20user=3Dsales@nk.ca" target=3D"_blank" rel=3D"noo=

pener noreferrer">


(8, 44, 64); border-image: none; text-align: center; color: rgb(231, 24, 76=

); letter-spacing: 2px; font-family: "Lucida Grande", Verdana, Arial, Helve=

tica, sans-serif, serif, EmojiFont; font-size: 24px; font-variant: small-ca=

ps; font-weight: bold;'>CLEAR STORAGE




ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-style: initial;=20

text-decoration-color: initial; text-decoration-thickness: initial;'>
le=3D"font-weight: bolder;">Mailbox address:
sales@nk.ca

<=

/html>

Legal spam from outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 17:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvSCS-000BQy-Ql

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 17:19:56 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 17:19:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-psaapc01hn2226.outbound.protection.outlook.com ([52.100.0.226]:60609 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvRxL-000An5-GK

for root@nl2k.ab.ca;

Sun, 29 May 2022 17:04:24 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=aTekjAGRmeI1HvzM2KJW2sqDWsmabvA3kDFbg/prU00femkKO2gm4LOeh90UEbNzKXAwoKn7P1jHHFC+Z0dor93IfqW9b+agNFvqv/sJmlQMRIxabS7Gio4EU2dNpe33lqe/OfPVEfZk7zzgFC6MDBUo6ZbjJAWL2JCMSX6cej1q7EdCwzEWAv4TFp5oy1y19a0XQcpwLupdip23waKiPoojPMLAR6n96EZd8S2L5BtRe+7Er6T6bxq7oSvbLAVQy+ZVIGlO+rZlHcHt7p+WcQAdIGhYgm4CR156E6UPDbEJl+yqUVvQ76zFPrhMOSHjFYJ7ZTBdCHz41x+sLNa/ug==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=34rAHs24jVRgp144ZTfu7lHdQhnRlCFbhR6oKBD/D9Q=;

b=NAHWvne3ThsAXPtN0Qu/XdaVDG1F8KI9fbvddvF02uQUE8wSxE+S8TQ2uIMddPH75hhBFBREwkyW2+EbOqE01u8icBHbPhQrVH3tcYWnAN2NsDFLc4jxp6yjTuc7qV/Y+EowJLbvnT+UdyMMx+7xtTbNz2xy2C6lQVxShIh8rzvXXDis9C3g1r9KxJEeE59PgyuLvnC+cXmEK+LkBSZ4nslY+FTw2cPReBJuA4D/u02ODIJ4pWn3GZZAKPE7LnEBPV/iKJP3gHA8StDjBUGgpO0vw6oP2LGC2ek2446AMI2L5Dn0trHsbGHSSQGo2whTzeeLSbYia3WOyNC24hx8bA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

23.175.48.211) smtp.rcpttodomain=marsat.ru smtp.mailfrom=prasarana.com.my;

dmarc=fail (p=quarantine sp=none pct=70) action=pctquarantine

header.from=prasarana.com.my; dkim=none (message not signed); arc=none (0)

Received: from SG2PR04CA0190.apcprd04.prod.outlook.com (2603:1096:4:14::28) by

HK0PR04MB2386.apcprd04.prod.outlook.com (2603:1096:203:4f::23) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.5293.13; Sun, 29 May 2022 23:03:54 +0000

Received: from SG2APC01FT0044.eop-APC01.prod.protection.outlook.com

(2603:1096:4:14:cafe::66) by SG2PR04CA0190.outlook.office365.com

(2603:1096:4:14::28) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13 via Frontend

Transport; Sun, 29 May 2022 23:03:54 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 23.175.48.211)

smtp.mailfrom=prasarana.com.my; dkim=none (message not signed)

header.d=none;dmarc=fail action=pctquarantine header.from=prasarana.com.my;

Received-SPF: Fail (protection.outlook.com: domain of prasarana.com.my does

not designate 23.175.48.211 as permitted sender)

receiver=protection.outlook.com; client-ip=23.175.48.211; helo=User;

Received: from mail.prasarana.com.my (58.26.8.158) by

SG2APC01FT0044.mail.protection.outlook.com (10.13.36.162) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5293.13 via Frontend Transport; Sun, 29 May 2022 23:03:53 +0000

Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by

MRL-EXH-01.prasarana.com.my (10.128.66.100) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.2176.14; Mon, 30 May 2022 07:03:51 +0800

Received: from User (23.175.48.211) by MRL-EXH-02.prasarana.com.my

(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Mon, 30 May 2022 07:03:38 +0800

Reply-To:

From: kelly David

Subject: Hi

Date: Sun, 29 May 2022 19:03:49 -0700

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-ID: <8462b7e8-5954-4891-aee1-d4a4243d1484@MRL-EXH-02.prasarana.com.my>

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-Exchange-SkipListedInternetSender: ip=[23.175.48.211];domain=User

X-MS-Exchange-ExternalOriginalInternetSender: ip=[23.175.48.211];domain=User

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 0a10c055-0853-44f9-a19e-08da41c7803d

X-MS-TrafficTypeDiagnostic: HK0PR04MB2386:EE_

X-Microsoft-Antispam-PRVS:



X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?windows-1251?Q?y6kumw5Wu4mjuEpwNOQItNGxF2u2ix3PT20wj6UnqZvn+kHnBgRpXqCh?=

=?windows-1251?Q?k1eWlABG31LdqeOlgyomMvQnUxdfQzV/zareAbRUdKt/gv5o8rIUaD4e?=

=?windows-1251?Q?lHJEFc5vWOrH99KccREG3R6YNeJ/pWCmUjN5dONY252+musTb+4kguNc?=

=?windows-1251?Q?twXIxRpV62cuSr8VrZAvM8l2eSJ8wkSuBgn/P3X+0VcfmWYw6vQrQ1Bb?=

=?windows-1251?Q?nyjvxCRrKqHVbIjg7ufhe+2oAIYatvR6ODE2A+I6zt0QiCBDsADt+Za1?=

=?windows-1251?Q?yj7kuYlZXY08lz8aYD/JWHCeqE5HZ5KoF5s7qG+iOaTEh+v4HG8mszby?=

=?windows-1251?Q?BU5RQXf6eG0mezFle6kRIbS8dFw8pa+ZPCgz2DobRkDrDTf7AE9nvwGU?=

=?windows-1251?Q?bncB8QkyiMth6z0ijRTY2VxNW1PZiYv9xucjf8IvGaamxmKdvSPcUDyM?=

=?windows-1251?Q?J0mV9FW3lppYhd84OV/vtnoNdYEGnelw6o3zArnyGU7HaXbIG20tjWPN?=

=?windows-1251?Q?/Z2RW7lst4nJ/pwOaW4FMub//xU55P6vNEcFr+pGckpa0/38flRqGZCx?=

=?windows-1251?Q?ios+JJxzwTf1udSUANJ7J4Iwmip91AQDRN1Fqfi+OJWDMMfV2NXVC2uK?=

=?windows-1251?Q?7IyZRimX94PDnPHajXOa+8dzC/8wec0aqy7Hv3rhk0O8cf5qDsIvU4OU?=

=?windows-1251?Q?OMNn242h5f2X63MTLNK/qadFKpEzi4HPqWDrfgnv0tJl7Onr/7tEdWQv?=

=?windows-1251?Q?Yh6ntp40eYKpeaJ37qKazjMutqbzCK98QeXLXp9jMDHZfBnEVoU2vS6O?=

=?windows-1251?Q?DtGJIY1SEKOrJ8CeBTIG/dufyO1qu953tZupEEqin/GZNUBHMooJ+HTz?=

=?windows-1251?Q?9SlEvfDU+uvJXu55sb+4BxALjTD1m84AeQ4zWNyLqzBWo9pI+J+aAJ5a?=

=?windows-1251?Q?bNadMtJTIcyPf8sDXKudadbSxPBpgJ2IlFAPJaADvYVtwAp4Dficgtap?=

=?windows-1251?Q?tG0QtIodZWoYUNvbLMzEGxaYIg18A9MaUEUk2QNAWUFhxnZF20EFe6po?=

=?windows-1251?Q?wlu/NknBknfLb8BODHglSRUri5iVsj7Kb7x7/iRLg+kAIR9jXfYjO1zZ?=

=?windows-1251?Q?DNeGTR/MM4/gomdC8oU706zaltMj3EfVTpkf2g564mTKDDVpMWeJOFGO?=

=?windows-1251?Q?sUbKB/sGRrduLfPkTMfh/oZp7CtPMIbi1BgtdlxDbwvxtoJrRqpewTBW?=

=?windows-1251?Q?f/KiNMlhO5C503BdfamYZuNWpwLqveQrAR6WiuB+cj1vszj2cmuHZR3m?=

=?windows-1251?Q?ckAdGdCO5ktlW2alZCgh0u7HUy83z32ngPNaTo2wrGzDuYiLbxTox0Ol?=

=?windows-1251?Q?Hxck/WhNfkVH1+vQrhoUPWOIlO+q+WlERnS4EptggZkK9fYD9k8JG5bR?=

=?windows-1251?Q?7wd9FOGNM86x4IpCLHggXx26qSygzC14UTyuOcfbITs/7bc44fWvY4Je?=

=?windows-1251?Q?456ylFOCi+PkOa6ZfTJIKyszYe9xeQkxNA2kzmxPTBTyP44iGPKZlKkQ?=

=?windows-1251?Q?h7tPNAHhiOFCdLYDieLOLfeXc7hZeAWx5633jTmDVaF/TxIVxSH47aQV?=

=?windows-1251?Q?iek=3D?=

X-Forefront-Antispam-Report:

CIP:58.26.8.158;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230001)(36840700001)(46966006)(40470700004)(508600001)(86362001)(26005)(40460700003)(8676002)(6666004)(7406005)(7366002)(3480700007)(7416002)(316002)(5660300002)(32850700003)(558084003)(2860700004)(36906005)(31686004)(7116003)(36860700001)(186003)(8936002)(2906002)(426003)(336012)(956004)(82310400005)(70586007)(70206006)(109986005)(81166007)(31696002)(47076005)(156005)(2700400008);DIR:OUT;SFP:1501;

X-OriginatorOrg: prasarana.com.my

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 May 2022 23:03:53.1541

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 0a10c055-0853-44f9-a19e-08da41c7803d

X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.158];Helo=[mail.prasarana.com.my]

X-MS-Exchange-CrossTenant-AuthSource:

SG2APC01FT0044.eop-APC01.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR04MB2386

X-Spam_score: 7.9

X-Spam_score_int: 79

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, A claim was filed on your behalf. If you did not

file this claim, kindly reply to this email. Thanks.



Content analysis details: (7.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 NSL_RCVD_FROM_USER Received from User

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[davieskelly379[at]gmail.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

Subject: {SPAM?} Hi













Good day,




A claim was filed on your behalf. If you did not file this claim, kindly reply to this email.




Thanks.






Nigerian spam from Google

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 16:16:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvRBc-00087V-2c

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 16:15:00 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 16:15:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f67.google.com ([209.85.217.67]:44569)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvP8s-00023o-MB

for bin@nl2k.ab.ca;

Sun, 29 May 2022 14:04:06 -0600

Received: by mail-vs1-f67.google.com with SMTP id 68so9016221vse.11

for ; Sun, 29 May 2022 13:03:45 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to

:content-transfer-encoding;

bh=SBgtwvWkIYwrI4NNUchOadkQP815ewxm/3gr0Bmy3PM=;

b=k6+bafiRly0kgfp/sbNNXQ3C1giowV0ccQ584Wu/IO72u59PKRLWMm7vM0wQW+HlCI

6FoQ369uEoKJsgfnJeOdn8skFGOBpOhEzyDaPajVgQl2haG9GTmV4dLbjHOUzASRvmo4

ndHm8UW8r8TDuWhl2AjQexF/uAoGT1dYcs7JzzzTj0peMtoxSbzW1QbYpnC1+NEmIDDW

EbobjPnhSgOYlS33ndZ7jzrtlBZqWZ6bC11ufSaUh113JyDlYxp1XEZJmERCRBBn2NZi

RSakZtYdmY72CdCCE3LXsd/fAJqv22yhN0A6ShnXAsqcX6Tvfk3vpEwps78LXRMIR36W

8puw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to:content-transfer-encoding;

bh=SBgtwvWkIYwrI4NNUchOadkQP815ewxm/3gr0Bmy3PM=;

b=c0Y63AKPR2IVSdG8Bpsb0QlAZ7FlfVYn27MQUm718/+KPoGbmtVH+6lgUgzbATQ0vz

FvvHXA/ATHuHjRVEQQXV53rP3zCRpMKBT2nM4j6DwR48ijGVkVc58ehx1p17v4nTrqGb

Q9Hf6nS4J+JkFCbjNBJLq5lbVjKpJc2adMDNJx4vdNOue7FGhG70fp6DgdtgZMyh+t1B

63g5oFCXbdlk32i6tIGrfQiBoJe+8mKbBRsCNIdJbE0UJN8gr3J2btPgS62QBloZ7Gt0

KZBQHHamuvcNhYiFKp5eugdmKzBSXATAAdus1uwrJcTqXji995MzlBWmfl+YDCNE1/vk

RY8g==

X-Gm-Message-State: AOAM530TXxivIN3I/an5PRajfiupeEqxc4bZWVMNMdSjxHfB/LmenokR

qPlMF6ymJ8NXijToMcIM58yxxJ6vZMPEFK7Xi9w=

X-Google-Smtp-Source: ABdhPJz66wIKvi6M1/2VQU2SulasyjM9xX2/I8NVVwvWIfVN2hctGyOqRW9k6Y5ElDZxLOWQlRXd9nuUyLSewpIvTBo=

X-Received: by 2002:a67:1a02:0:b0:320:a51f:8067 with SMTP id

a2-20020a671a02000000b00320a51f8067mr21317052vsa.38.1653854619516; Sun, 29

May 2022 13:03:39 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:612c:6aa:b0:2bd:1789:bd2a with HTTP; Sun, 29 May 2022

13:03:38 -0700 (PDT)

Reply-To: kristalinageorgieva17@yahoo.com

From: IMF OFFICE

Date: Sun, 29 May 2022 13:03:38 -0700

Message-ID:

Subject: Greetings

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Bcc: bin@nl2k.ab.ca

X-Spam_score: 20.5

X-Spam_score_int: 205

X-Spam_bar: ++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Greeting from IMF office INTERNATIONAL MONETARY FUND (IMF)

OFFICE OF REGISTER 700 19th STREET, NW, SUITE HQ1_3_544 WASHINGTON, DC 20431,

USA Are you alive or dead? We received several emails from one Mr. David

Trent Mallory who narrated to us about the auto car accident you had 2 weeks

ago. Mr. David Trent Mallory made us to understand tha [...]



Content analysis details: (20.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[robertumar001[at]gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.67 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[robertumar001[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[kristalinageorgieva17[at]yahoo.com]

1.1 HK_SCAM_N3 BODY: No description available.

2.5 HK_SCAM_N2 BODY: No description available.

3.6 NA_DOLLARS BODY: Talks about a million North American dollars

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

0.0 HK_SCAM No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 FILL_THIS_FORM Fill in a form with personal information

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

0.0 MONEY_FORM Lots of money if you fill out a form

1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.3 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of

money

3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases

Subject: {SPAM?} Greetings



--=20

Greeting from IMF office

INTERNATIONAL MONETARY FUND (IMF)

OFFICE OF REGISTER

700 19th STREET, NW, SUITE HQ1_3_544

WASHINGTON, DC 20431, USA



Are you alive or dead? We received several emails from one Mr. David

Trent Mallory

who narrated to us about the auto car accident you had 2 weeks ago.

Mr. David Trent Mallory

made us to understand that you are in hospital for treatment but there is n=

o

hope of your recovery. He stated that he is your business associates and

your next of kin who you have chosen and permitted to inherit all your

properties, he is contacting this office base on your contract

/Inheritance payment fund

valid $8.5 Million US Dollars,so we request your confirmation before

we can process this transfer to Mr. David Trent Mallory

Bank Account. This is to avoid releasing your money to wrong person because



Mr. David Trent Mallory is too eager and ready to follow every

instruction to have this

money into his account. If you did not have auto accident and you did not p=

ermit

Mr. David Trent Mallory to claim your money, kindly reply this message

with your full contact information so we can process the release of

the $8.5 Million US Dollars dollars to you, and please if anyone

emails with my name without this very code (006955). Please that email

is a scam and do not reply.so here is the information we need now to

start processing your release of your funds.



Full Name:=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=

=E2=80=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=

=E2=80=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=

=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6

Full Address:=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=

=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=

=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=

=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6

Direct Telephone Number:=E2=80=A6=E2=80=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=

=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=

=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6

IDENTITY CARD OR PASSPORT COPY...........

Please, reconfirm your direct cell phone number to enable voice communicati=

on

Here to contact my office with the information.



Mrs. Georgieva Kristalina

Managing Director

Contact Email:

kristalinageorgieva17@yahoo.com

Text number:+1 (315) 238-4879

WhatsApp: number +1 (972) 848-7050

Waiting to here from you.

Sexual Blackmail phishing scam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 05:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvHCy-000DtX-8N

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 05:35:44 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 05:35:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [39.37.141.181] (port=13111)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvHAv-000D9U-AO

for root@nk.ca;

Sun, 29 May 2022 05:33:43 -0600

Message-ID: <2A09053C202630193A360F1315032A09@6REU5TMC>

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 29 May 2022 20:22:10 +0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-2"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.5931

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994

X-Spam_score: 11.2

X-Spam_score_int: 112

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (11.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

DNSWL was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[39.37.141.181 listed in list.dnswl.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=39.37.141.181;r=doctor.nl2k.ab.ca]

2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date

0.0 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam

(FTSDMCXX/boundary variant) + no rDNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_XPRIO Bitcoin + priority

0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (root@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1490 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1FToadJPpfWv9GxwAY2L7Uv3bvJHtNCCQV



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.