USPS Phishing attempt from Germany

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 30 May 2022 18:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvpgm-0008RH-GD

for dave@doctor.nl2k.ab.ca;

Mon, 30 May 2022 18:24:48 -0600

Resent-From: The Doctor

Resent-Date: Mon, 30 May 2022 18:24:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vsmx001.mijndomein.xion.oxcs.net ([157.97.78.141]:51191)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvpfZ-0008JF-QA

for doctor@doctor.nl2k.ab.ca;

Mon, 30 May 2022 18:23:38 -0600

Received: from vsmx001.mijndomein.xion.oxcs.net (unknown [10.93.2.1])

by mx-out.mijndomein.xion.oxcs.net (Postfix) with ESMTP id 3692D34D6939

for ; Tue, 31 May 2022 00:23:09 +0000 (UTC)

Received: from proxy-2.proxy.shared.ns.xion.oxcs.net (proxy-2.proxy.shared.ns.xion.oxcs.net [140.238.159.46])

by mx-out.mijndomein.xion.oxcs.net (Postfix) with ESMTPA id 7D58DA404DB

for ; Tue, 31 May 2022 00:23:08 +0000 (UTC)

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=supportusps.store;

s=mail1; t=1653956589;

bh=5evGQtzieP9k9staXeRkVRCNzg5l9vz1ZokRkxwOkC0=;

h=From:To:Reply-To:Date:Subject:From;

b=cnMAwpj+iT0bcXkhwLUBbjU410bgqABNM8/N9xU9AYvZZOTG+Y8SuuWnDc5PhopN2

ADVar3UGh0z2CzfwvTbvpuYyvf848gVU7JE/MQB53iqrbvH/M5HGDaqamVApL1fDiX

Xpreuju4oEq3DPrN2PB1g3iZM0jZf211pHcyLsPI=

MIME-Version: 1.0

From: " "

To: doctor@doctor.nl2k.ab.ca

Reply-To: info@supportusps.store

Date: 31 May 2022 00:23:08 +0000

Subject: Reroute Reminder

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64

X-VadeSecure-Status: LEGIT

X-VADE-STATUS: LEGIT

X-VadeSecure-Status: LEGIT

X-VADE-STATUS: LEGIT

X-Spam_score: 6.7

X-Spam_score_int: 67

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Customer, Information on your shipment US/9514901185421

is still pending. You have received this email as a reminder for a package

that arrived at USA originating facility 05/27/2022.



Content analysis details: (6.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records

3.4 FROMSPACE Idiosyncratic "From" header format

0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in

DNS

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 MISSING_MID Missing Message-Id: header

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: cgicrnesp.com, pngio.com]

Subject: {SPAM?} Reroute Reminder



PFA+DQo8UD4NCjxQPjxCUj48L1A+DQo8VEFCTEUgY2VsbFNwYWNpbmc9MCBjZWxsUGFk

ZGluZz00MCB3aWR0aD0iOTglIiBib3JkZXI9MD4NCjxUQk9EWT4NCjxUUj4NCjxURCBz

dHlsZT0iRk9OVC1GQU1JTFk6ICdsdWNpZGEmIzEzOyYjMTA7ICAgICAgICBncmFuZGUn

LHRhaG9tYSx2ZXJkYW5hLGFyaWFsLHNhbnMtc2VyaWYiIGJnQ29sb3I9I2Y3ZjdmNyB3

aWR0aD0iMTAwJSI+DQo8VEFCTEUgY2VsbFNwYWNpbmc9MCBjZWxsUGFkZGluZz0wIHdp

ZHRoPTU2MCBib3JkZXI9MD4NCjxUQk9EWT4NCjxUUj4NCjxURCBzdHlsZT0iRk9OVC1T

SVpFOiAxNnB4OyBGT05ULUZBTUlMWTogJ2x1Y2lkYSBncmFuZGUnLHRhaG9tYSx2ZXJk

YW5hLGFyaWFsLHNhbnMtc2VyaWY7IFZFUlRJQ0FMLUFMSUdOOiBtaWRkbGU7IEJBQ0tH

Uk9VTkQ6IHdoaXRlOyBGT05ULVdFSUdIVDogYm9sZDsgQ09MT1I6IGJsYWNrOyBQQURE

SU5HLUJPVFRPTTogNHB4OyBURVhULUFMSUdOOiBsZWZ0OyBQQURESU5HLVRPUDogNHB4

OyBQQURESU5HLUxFRlQ6IDhweDsgTEVUVEVSLVNQQUNJTkc6IC0wLjAzZW07IFBBRERJ

TkctUklHSFQ6IDhweCIgYm9yZGVyQ29sb3I9I2ZmMDAwMD48SU1HIGFsdD0iIiBzcmM9

Imh0dHBzOi8vaW1nLnBuZ2lvLmNvbS91c3BzLXBuZy1sb2dvLWZyZWUtdHJhbnNwYXJl

bnQtcG5nLWxvZ29zLXVzcHMtbG9nby1wbmctMTAyMF8yNjEucG5nIiB3aWR0aD00ODkg

aGVpZ2h0PTEyMCBtb3otZG8tbm90LXNlbmQ9InRydWUiPiA8L1REPg0KPFREIHN0eWxl

PSJGT05ULVNJWkU6IDEycHg7IEZPTlQtRkFNSUxZOiAnbHVjaWRhIGdyYW5kZScsdGFo

b21hLHZlcmRhbmEsYXJpYWwsc2Fucy1zZXJpZjsgVkVSVElDQUwtQUxJR046IG1pZGRs

ZTsgQkFDS0dST1VORDogd2hpdGU7IEZPTlQtV0VJR0hUOiBib2xkOyBDT0xPUjogcmdi

KDI1NSwyNTUsMjU1KTsgUEFERElORy1CT1RUT006IDRweDsgVEVYVC1BTElHTjogcmln

aHQ7IFBBRERJTkctVE9QOiA0cHg7IFBBRERJTkctTEVGVDogOHB4OyBQQURESU5HLVJJ

R0hUOiA4cHgiPjxCUj48L1REPjwvVFI+DQo8VFI+DQo8VEQgc3R5bGU9IkZPTlQtRkFN

SUxZOiAnbHVjaWRhJiMxMzsmIzEwOyAgICAgICAgICAgICAgICBncmFuZGUnLHRhaG9t

YSx2ZXJkYW5hLGFyaWFsLHNhbnMtc2VyaWY7IFBBRERJTkctQk9UVE9NOiAxNXB4OyBQ

QURESU5HLVRPUDogMTVweDsgUEFERElORy1MRUZUOiAxNXB4OyBQQURESU5HLVJJR0hU

OiAxNXB4OyBCQUNLR1JPVU5ELUNPTE9SOiByZ2IoMjU1LDI1NSwyNTUpIiBoZWlnaHQ9

MjkyIHZBbGlnbj10b3AgY29sU3Bhbj0yPg0KPFRBQkxFIHdpZHRoPSI5MCUiPg0KPFRC

T0RZPg0KPFRSPg0KPFREIHN0eWxlPSJGT05ULVNJWkU6IDEycHgiIGhlaWdodD0yNTYg

dkFsaWduPXRvcCB3aWR0aD01MjYgYWxpZ249bGVmdD4NCjxQPjxTUEFOPkRlYXIgQ3Vz

dG9tZXIsPC9TUEFOPjwvUD4NCjxQPjxTUEFOPjwvU1BBTj48U1BBTiBsYW5nPWVuIGNs

YXNzPVZJaXlpPjxTUEFOIGNsYXNzPSJKTHFKNGIgQ2hNazBiIiBkYXRhLWxhbmd1YWdl

LWZvci1hbHRlcm5hdGl2ZXM9ImVuIiBkYXRhLWxhbmd1YWdlLXRvLXRyYW5zbGF0ZS1p

bnRvPSJkZSIgZGF0YS1waHJhc2UtaW5kZXg9IjAiIGRhdGEtbnVtYmVyLW9mLXBocmFz

ZXM9IjMiPjxTUEFOIGNsYXNzPVE0aUFXYz5JbmZvcm1hdGlvbiBvbiB5b3VyIHNoaXBt

ZW50IFVTLzk1MTQ5MDExODU0MjEgaXMgc3RpbGwgcGVuZGluZy48L1NQQU4+PC9TUEFO

PjxTUEFOIGNsYXNzPUpMcUo0YiBkYXRhLWxhbmd1YWdlLWZvci1hbHRlcm5hdGl2ZXM9

ImVuIiBkYXRhLWxhbmd1YWdlLXRvLXRyYW5zbGF0ZS1pbnRvPSJkZSIgZGF0YS1waHJh

c2UtaW5kZXg9IjEiIGRhdGEtbnVtYmVyLW9mLXBocmFzZXM9IjMiPjxTUEFOIGNsYXNz

PVE0aUFXYz4gPEJSPjwvU1BBTj48L1NQQU4+PC9TUEFOPjwvUD4NCjxQPjxTUEFOIGxh

bmc9ZW4gY2xhc3M9VklpeWk+PFNQQU4gY2xhc3M9SkxxSjRiIGRhdGEtbGFuZ3VhZ2Ut

Zm9yLWFsdGVybmF0aXZlcz0iZW4iIGRhdGEtbGFuZ3VhZ2UtdG8tdHJhbnNsYXRlLWlu

dG89ImRlIiBkYXRhLXBocmFzZS1pbmRleD0iMSIgZGF0YS1udW1iZXItb2YtcGhyYXNl

cz0iMyI+PFNQQU4gY2xhc3M9UTRpQVdjPjwvU1BBTj48L1NQQU4+PFNQQU4gY2xhc3M9

IkpMcUo0YiBDaE1rMGIiIGRhdGEtbGFuZ3VhZ2UtZm9yLWFsdGVybmF0aXZlcz0iZW4i

IGRhdGEtbGFuZ3VhZ2UtdG8tdHJhbnNsYXRlLWludG89ImRlIiBkYXRhLXBocmFzZS1p

bmRleD0iMiIgZGF0YS1udW1iZXItb2YtcGhyYXNlcz0iMyI+PFNQQU4gY2xhc3M9UTRp

QVdjPllvdSBoYXZlIHJlY2VpdmVkIHRoaXMgZW1haWwgYXMgYSByZW1pbmRlciBmb3Ig

YSBwYWNrYWdlIHRoYXQgYXJyaXZlZCBhdCBVU0EmbmJzcDtvcmlnaW5hdGluZyBmYWNp

bGl0eSAwNS8yNy8yMDIyLjwvU1BBTj48L1NQQU4+PC9TUEFOPjwvUD4NCjxQPjxTUEFO

IGxhbmc9ZW4gY2xhc3M9VklpeWk+PFNQQU4gY2xhc3M9IkpMcUo0YiBDaE1rMGIiIGRh

dGEtbGFuZ3VhZ2UtZm9yLWFsdGVybmF0aXZlcz0iZW4iIGRhdGEtbGFuZ3VhZ2UtdG8t

dHJhbnNsYXRlLWludG89ImRlIiBkYXRhLXBocmFzZS1pbmRleD0iMiIgZGF0YS1udW1i

ZXItb2YtcGhyYXNlcz0iMyI+PFNQQU4gY2xhc3M9UTRpQVdjPlRoZSBwYXJjZWwgd2ls

bCBiZSByZXR1cm5lZCB0byB0aGUgc2VuZGVyIGFmdGVyIDA2LzAxLzIwMjIgMDk6MDAg

Q0VULjxCUj48L1A+PC9TUEFOPjwvU1BBTj48L1NQQU4+DQo8UD48U1RST05HPjwvU1RS

T05HPjxTVFJPTkc+PC9TVFJPTkc+PFNUUk9ORz48U1BBTiBsYW5nPWRlIGNsYXNzPVZJ

aXlpPjxTUEFOIGNsYXNzPSJKTHFKNGIgQ2hNazBiIiBkYXRhLWxhbmd1YWdlLWZvci1h

bHRlcm5hdGl2ZXM9ImRlIiBkYXRhLWxhbmd1YWdlLXRvLXRyYW5zbGF0ZS1pbnRvPSJm

ciIgZGF0YS1waHJhc2UtaW5kZXg9IjAiIGRhdGEtbnVtYmVyLW9mLXBocmFzZXM9IjEi

PjxTUEFOIGNsYXNzPVE0aUFXYz48L1NQQU4+PC9TUEFOPjwvU1BBTj48L1NUUk9ORz48

U1RST05HPjxTUEFOIGxhbmc9ZGUgY2xhc3M9VklpeWk+PFNQQU4gY2xhc3M9IkpMcUo0

YiBDaE1rMGIiIGRhdGEtbGFuZ3VhZ2UtZm9yLWFsdGVybmF0aXZlcz0iZGUiIGRhdGEt

bGFuZ3VhZ2UtdG8tdHJhbnNsYXRlLWludG89ImZyIiBkYXRhLXBocmFzZS1pbmRleD0i

MCIgZGF0YS1udW1iZXItb2YtcGhyYXNlcz0iMSI+PFNQQU4gY2xhc3M9UTRpQVdjPjxT

UEFOIGxhbmc9ZW4gY2xhc3M9VklpeWk+PFNQQU4gY2xhc3M9IkpMcUo0YiYjMTM7JiMx

MDsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoTWswYiIgZGF0

YS1sYW5ndWFnZS1mb3ItYWx0ZXJuYXRpdmVzPSJlbiIgZGF0YS1sYW5ndWFnZS10by10

cmFuc2xhdGUtaW50bz0iZGUiIGRhdGEtcGhyYXNlLWluZGV4PSIwIiBkYXRhLW51bWJl

ci1vZi1waHJhc2VzPSIxIj48U1BBTiBjbGFzcz1RNGlBV2M+SG93IGRvIEkgY2FuY2Vs

IHRoZSByZXJvdXRlIDwvU1BBTj48L1NQQU4+PC9TUEFOPj88L1NQQU4+PC9TUEFOPjwv

U1BBTj48L1NUUk9ORz48L1A+DQo8RElWPg0KPFRBQkxFIHN0eWxlPSJCT1JERVItQ09M

TEFQU0U6IGNvbGxhcHNlIiBjZWxsU3BhY2luZz0wIGNlbGxQYWRkaW5nPTAgd2lkdGg9

NTIwPg0KPFRCT0RZPg0KPFRSPg0KPFREIHN0eWxlPSJQQURESU5HLUJPVFRPTTogMTBw

eDsgUEFERElORy1UT1A6IDEwcHg7IFBBRERJTkctTEVGVDogMTBweDsgUEFERElORy1S

SUdIVDogMTBweDsgQkFDS0dST1VORC1DT0xPUjogcmdiKDI1NSwyNDksMjE1KSIgYm9y

ZGVyQ29sb3I9I2ZmMDAwMD4NCjxESVYgY2xhc3M9ZWN4c3R5bGUyIHN0eWxlPSJGT05U

LVNJWkU6IDExcHg7IE1BUkdJTi1CT1RUT006IDJweCI+PEEgY2xhc3M9ZWN4c3R5bGUy

IGhyZWY9Imh0dHA6Ly9jZ2ljcm5lc3AuY29tL3UiIHRhcmdldD1fYmxhbmsgbW96LWRv

LW5vdC1zZW5kPSJ0cnVlIj48U1BBTiBsYW5nPWVuIGNsYXNzPVZJaXlpPjxTUEFOIGNs

YXNzPSJKTHFKNGIgQ2hNazBiIiBkYXRhLWxhbmd1YWdlLWZvci1hbHRlcm5hdGl2ZXM9

ImVuIiBkYXRhLWxhbmd1YWdlLXRvLXRyYW5zbGF0ZS1pbnRvPSJkZSIgZGF0YS1waHJh

c2UtaW5kZXg9IjAiIGRhdGEtbnVtYmVyLW9mLXBocmFzZXM9IjEiPjxTUEFOIGNsYXNz

PVE0aUFXYz5Db25maXJtIHNoaXBwaW5nIGZlZXMuPEJSPjwvU1BBTj48L1NQQU4+PC9T

UEFOPjwvQT48L0RJVj48L1REPjwvVFI+PC9UQk9EWT48L1RBQkxFPjwvRElWPg0KPFAg

Y2xhc3M9ZWN4c3R5bGU1PjxTVFJPTkc+T3VyIFRlYW08L1NUUk9ORz4gaXMgaGVyZSB0

byBoZWxwLjwvUD4NCjxQIGNsYXNzPWVjeHN0eWxlNT5BdCB5b3VyIHNlcnZpY2UhPC9Q

PjwvVEQ+PC9UUj48L1RCT0RZPjwvVEFCTEU+PC9URD48L1RSPg0KPFRSPg0KPFREIHN0

eWxlPSJGT05ULVNJWkU6IDExcHg7IEZPTlQtRkFNSUxZOiAnbHVjaWRhJiMxMzsmIzEw

OyAgICAgICAgICAgICAgICBncmFuZGUnLHRhaG9tYSx2ZXJkYW5hLGFyaWFsLHNhbnMt

c2VyaWY7IENPTE9SOiByZ2IoMTUzLDE1MywxNTMpOyBQQURESU5HLUJPVFRPTTogMTBw

eDsgUEFERElORy1UT1A6IDEwcHg7IFBBRERJTkctTEVGVDogMTBweDsgUEFERElORy1S

SUdIVDogMTBweCIgYm9yZGVyQ29sb3I9Izk5OTk5OSBjb2xTcGFuPTI+DQo8RElWPjxT

UEFOIGNsYXNzPWVjeHN0eWxlMTA+PEJSPjwvU1BBTj4NCjxQIHN0eWxlPSJGT05ULVNJ

WkU6IDlweDsgQ09MT1I6IGdyZXkiPlRoaXMgbWVzc2FnZSBpcyBzZW50IHRvIHlvdSBi

eSBVU1BTIGFuZCBpcyBpbnRlbmRlZCB0byBpbmZvcm0geW91IG9mIHRoZSBzdGF0dXMg

b2YgdGhlIGRlbGl2ZXJ5IG9mIHlvdXIgcGFja2FnZS4gWW91ciBjb250YWN0IGRldGFp

bHMgaGF2ZSBiZWVuIHRyYW5zbWl0dGVkIHRvIHVzLCBmb3IgdGhlIGV4Y2x1c2l2ZSBu

ZWVkcyBvZiB0aGUgZGVsaXZlcnksIGJ5IHRoZSBzZW5kZXIgb2YgeW91ciBwYWNrYWdl

LiBUaGV5IHdpbGwgYmUga2VwdCBmb3IgNiBtb250aHMgdGhlbiBhcmNoaXZlZCBmb3Ig

YSBtYXhpbXVtIHBlcmlvZCBvZiAzIHllYXJzLiBUaGV5IHdpbGwgbm90IGJlIHVzZWQg

Zm9yIGNvbW1lcmNpYWwgcHJvc3BlY3RpbmcgcHVycG9zZXMuIEluIGFjY29yZGFuY2Ug

d2l0aCB0aGUgcmVndWxhdGlvbnMgYXBwbGljYWJsZSB0byBwZXJzb25hbCBkYXRhLCB5

b3UgaGF2ZSB0aGUgcmlnaHQgdG8gYWNjZXNzLCByZWN0aWZ5IGFuZCBvcHBvc2UgeW91

ciBwZXJzb25hbCBkYXRhIGZvciBsZWdpdGltYXRlIHJlYXNvbnMgd2hpY2ggeW91IGNh

biBleGVyY2lzZSB2aWEgdGhlIGZvcm0gb24gd3d3LnVzcHMuY29tIGV4ZXJjaXNlLW9m

LXJpZ2h0cy1vbi1wZXJzb25hbC1kYXRhIG9yIGJ5IG1haWwgdG8gdGhlIGZvbGxvd2lu

ZyBhZGRyZXNzOiBVU1BTIFNBUyAtIENvbnRhY3QgSW5mb3JtYXRpcXVlIGV0IExpYmVy

dMOpcyAtIDMwMCBOIE5ldyBZb3JrIEF2ZSwgV2ludGVyIFBhcmssIEZMIDMyNzg5cywg

aW5kaWNhdGluZyB5b3VyIG5hbWUsIGZpcnN0IG5hbWUsIHBvc3RhbCBhZGRyZXNzIGFu

ZCBhdHRhY2hpbmcgYSBjb3B5IG9mIGJvdGggc2lkZXMgb2YgeW91ciBpZGVudGl0eSBk

b2N1bWVudC4gQW55IHJlcXVlc3QgcmVsYXRpbmcgdG8gdGhlIHBlcmZvcm1hbmNlIG9m

IHRoZSB0cmFuc3BvcnQgc2VydmljZSBtdXN0IGJlIGFkZHJlc3NlZCB0byBDdXN0b21l

ciBTZXJ2aWNlLiwqICJHcmVlbiBkZWxpdmVyeSIgem9uZXMgMTAwJSBvZiBsYXN0IG1p

bGUgZGVsaXZlcmllcyBpbiBlbGVjdHJpYyB2ZWhpY2xlcywgbmF0dXJhbCBnYXMgb3Ig

Y2FyZ28gYmlrZXM8L1A+PC9ESVY+PC9URD48L1RSPjwvVEJPRFk+PC9UQUJMRT48L1RE

PjwvVFI+PC9UQk9EWT48L1RBQkxFPiZuYnNwOyANCjxQPjwvUD4mbmJzcDsgDQo8UD48

L1A+



mailbox phish on nk.ca users

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 16:17:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvRCv-0008Al-6V

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 16:16:21 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 16:16:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [23.247.102.116] (port=50750 helo=sabatir.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvQpV-0007Ec-RU

for sales@nk.ca;

Sun, 29 May 2022 15:52:13 -0600

Reply-To: n0-reply@sendgrid.com

From: "nk.ca-Support"< n0-reply@sendgrid.com >

To: sales@nk.ca

Subject: Unreceived: Clustered Emails Due to Quota Shortage

Date: 29 May 2022 21:51:46 -0700

Message-ID: <20220529215146.2F1B94EDF12DBD4E@sendgrid.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable
















; text-indent: 0px; letter-spacing: normal; font-family: "Lucida Grande", V=

erdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-style: normal;=

font-weight: 600; margin-top: 0px; margin-bottom: 1.5em; word-spacing: 0px=

; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 25=

5, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-style:=20

initial; text-decoration-color: initial; text-decoration-thickness: initial=

;'>sales, your mailbox is almost full.




(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


, 60, 47); margin: 0px; width: 321px; font-family: Roboto, RobotoDraft, Hel=

vetica, Arial, sans-serif;"> 

224, 224, 224); margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, A=

rial, sans-serif;"> 



(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=




botoDraft, Helvetica, Arial, sans-serif;">
, 47); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif, seri=

f, EmojiFont; font-weight: bold;">4.86 GB

Helvetica, Arial, sans-serif;">
raft, Helvetica, Arial, sans-serif, serif, EmojiFont; font-weight: bold;">4=

=2E18 GB



ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-style: initial;=20

text-decoration-color: initial; text-decoration-thickness: initial;'>You&nb=

sp;might experience delays or can no longer send and receive messages.=




ast.com/iobox/index.php?%20user=3Dsales@nk.ca" target=3D"_blank" rel=3D"noo=

pener noreferrer">


(8, 44, 64); border-image: none; text-align: center; color: rgb(231, 24, 76=

); letter-spacing: 2px; font-family: "Lucida Grande", Verdana, Arial, Helve=

tica, sans-serif, serif, EmojiFont; font-size: 24px; font-variant: small-ca=

ps; font-weight: bold;'>CLEAR STORAGE




ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-style: initial;=20

text-decoration-color: initial; text-decoration-thickness: initial;'>
le=3D"font-weight: bolder;">Mailbox address:
sales@nk.ca

<=

/html>

Sexual Blackmail phishing scam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 May 2022 05:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvHCy-000DtX-8N

for dave@doctor.nl2k.ab.ca;

Sun, 29 May 2022 05:35:44 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 May 2022 05:35:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [39.37.141.181] (port=13111)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nvHAv-000D9U-AO

for root@nk.ca;

Sun, 29 May 2022 05:33:43 -0600

Message-ID: <2A09053C202630193A360F1315032A09@6REU5TMC>

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 29 May 2022 20:22:10 +0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-2"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.5931

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994

X-Spam_score: 11.2

X-Spam_score_int: 112

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (11.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

DNSWL was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[39.37.141.181 listed in list.dnswl.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=39.37.141.181;r=doctor.nl2k.ab.ca]

2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date

0.0 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam

(FTSDMCXX/boundary variant) + no rDNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_XPRIO Bitcoin + priority

0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (root@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1490 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1FToadJPpfWv9GxwAY2L7Uv3bvJHtNCCQV



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Sexual Blackmail phishing scam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 May 2022 06:42:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuvlT-000LXw-QG

for dave@doctor.nl2k.ab.ca;

Sat, 28 May 2022 06:41:55 -0600

Resent-From: The Doctor

Resent-Date: Sat, 28 May 2022 06:41:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 200-96-105-125.user3p.brasiltelecom.net.br ([200.96.105.125]:43570)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuryB-0004I1-W4

for sales@nk.ca;

Sat, 28 May 2022 02:38:54 -0600

Message-ID: <6291B53C.5040009@nk.ca>

Date: Sat, 28 May 2022 01:38:04 -0400

From:

User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0

MIME-Version: 1.0

To:

Subject: You have an outstanding payment. Debt settlement required.

Content-Type: text/plain; charset=ISO-8859-2; format=flowed

Content-Transfer-Encoding: 8bit

X-Spam_score: 16.6

X-Spam_score_int: 166

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (16.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP

address

[200.96.105.125 listed in dnsbl.sorbs.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[200.96.105.125 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[200.96.105.125 listed in psbl.surriel.com]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=200.96.105.125;r=doctor.nl2k.ab.ca]

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_ID FP reduced Bitcoin ID

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.6 BITCOIN_SPAM_02 BitCoin spam pattern 02

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address

1.6 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (sales@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1490 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1FToadJPpfWv9GxwAY2L7Uv3bvJHtNCCQV



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Phish attempt against nk.ca users

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 May 2022 07:05:05 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuZeA-000BMc-8s

for dave@doctor.nl2k.ab.ca;

Fri, 27 May 2022 07:04:54 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 May 2022 07:04:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mx.scs-net.org ([213.178.226.243]:54670)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuUb0-000LVE-S7

for root@nk.ca;

Fri, 27 May 2022 01:41:24 -0600

Received: from mx.scs-net.org (localhost.localdomain [127.0.0.1])

by mx.scs-net.org (Proxmox) with ESMTP id EDBB4376495

for ; Fri, 27 May 2022 10:26:53 +0300 (EEST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=

partnerekspor.id; h=cc:content-transfer-encoding:content-type

:content-type:date:from:from:message-id:mime-version:reply-to

:subject:subject:to:to; s=default; bh=xp7XhgW4K7Jfdp0yj4OOc066aW

SVa7BpuYtYkeF0d7g=; b=wnQS9Y1No9FQhFnWJfZdsLZ6DOBRl14ur0VOm1QS3X

zgY5OyoAQ3bScj6FDmdVpfcCetepW9zckP7/fFF0Yt8wTy++Jsk6ILB4q9v8sNEN

beNOLSP8jDYYZP0ezsfvcRkylrMdgdW1LFX0iECizEcg4K5UCSTwWzo6IGWdpjJ3

Q=

Received: from mail.scs-net.org (outmail246.scs-net.org [213.178.226.246])

by mx.scs-net.org (Proxmox) with ESMTP id E18323764BE

for ; Fri, 27 May 2022 10:26:53 +0300 (EEST)

Received: from [193.56.28.246] (unknown [193.56.28.246])

by mail.scs-net.org (Postfix) with ESMTPA id A46B11A0865

for ; Fri, 27 May 2022 10:25:21 +0300 (EEST)

From: nk.ca E-mail Server Administrator

To: root@nk.ca

Subject: Take a Verification to Recieve Pending Incoming Mails on root@nk.ca

Date: 27 May 2022 00:26:54 -0700

Message-ID: <20220527002654.2341362265F83577@partnerekspor.id>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 6.4

X-Spam_score_int: 64

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear root To continue using your mail account root@nk.ca and

allow server to receive pending incoming emails Kindly confirm your ownership

Confirm root@nk.ca



Content analysis details: (6.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 GB_URI_FLEEK_STO_HTM URI: Html file stored on Fleek cloud

1.0 GB_URI_FLEEK_STO_HTM URI: Html file stored on Fleek cloud

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source

of phish via Google proxy?

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 GOOG_REDIR_HTML_ONLY Google redirect to obscure spamvertised

website + HTML only

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: sendgrid.net]

Subject: {SPAM?} Take a Verification to Recieve Pending Incoming Mails on root@nk.ca




w3.org/TR/html4/loose.dtd">












 






xt-transform: none; text-indent: 0px; letter-spacing: normal; font-family: =

"Times New Roman"; font-size: 11px; font-style: normal; font-weight: 400; w=

ord-spacing: 0px; white-space: normal; border-collapse: collapse; table-lay=

out: fixed; border-spacing: 0px; background-color: rgb(255, 255, 255); font=

-variant-ligatures: normal; font-variant-caps: normal; text-decoration-styl=

e: initial; text-decoration-color: initial;'=20

border=3D"0" cellspacing=3D"0" cellpadding=3D"0">


















e>






href=3D"https://u24267397.ct.sendgrid.net/asm/unsubscribe/?user_id=3D242673=

97&data=3DbE32WCAeL1GNCbyUODmHl7-LDy6v7_-2YV8jnDhjHxOW9mvIBs7z20bkfci_B=

a-6mnq-qVOo1bubdGeVaWn3H1NBaAmxoGsWbmLSdLI_KJbJx57z20gttTc4Rj14ZkUjMl51VMc-=

UP1qH9xh5ieSrdVqBGCLYEOyxYsOKl4_3WwIWMm-UeJFUbIi1w6ZFMA46Qhf3KlSAdixdQy2BOx=

Npyu61uG3PeE0Ih8CuD3Jt0o2zfZ4BJQX1sTaKdWpWchRq5a15LtaBn-hfiJUfqUZOlQoswZqz_=

pTsD0LUkqYk8OLxcXKAonzlLeuetVVRHK-4n5C1Db9JU9CmJOKQYjl2gvGEvQDwISM0eh28C6xk=

EhWHIFwVp_GCV7_esX9fyoFfdljZmS_90Pt9CH0I_LRwYzsiOxmVqCYm

%0DjDjLludHOzU5zCf5M6jWFJOsRQQ3aSuQc3K6kTuZ00t8mp1jbEwFbtjH4pXQ6H-hRE2=

Y2XJAI8rsJXNwVBfcdbCfdm82GK4sNhfKy7aa4zrkWyob-nrknIYNYREulj1qOEnKEXj-7DOv2n=

S1ug3-7xpo4DhV_p0DXQYDf6WBUGpkwcytH39Ls1upYLSV1RKsht_XFBoO_YrDb5lAgLjCy4m0L=

owsVCbe3NeLzvZIBKDoQ1D5To46-e5U65dQl0I4AA02ahlKixO-3gkxdVMyhuC0VQQYgfvAEznP=

l1Mtj8FKWdORIcz7ZKNDx0uTgYx9prklhX2nUDEt41blJXfvTs-ytSOQMYW0V4xzDXjyBhV1G85=

kV8-L0u6KTlfcmnk5KH8dEMrfBDUL-1cwkdRCZ7QM0X2N8LrifiZBD-MneMFqT6pT53r6_Ad8Wg=

s3EF9umGD5-vFixUrr3uUq5QDqs-xN34vgJ4ZMp34K1boL1LxZ

CgKVS mxk%0DPK57S_gubxMFIPRQTM7Xb5VPaFdJnQRgaYfQhBVmOVuQXY3tLUVaoIIUtvK=

6reexv30-I4Po21BlSnDHgdOx6jmMWWEiCCx0Z-eIA0dUfUBhuBAMAqRxb8le72FAfNz6tCVv0w=

VBQam12gEKY4vq56PUPI5wNXzVhc6_UsyCXAw" target=3D"_blank"=20

data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://u24267397.ct=

=2Esendgrid.net/asm/unsubscribe/?user_id%3D24267397%26data%3DbE32WCAeL1GNCb=

yUODmHl7-LDy6v7_-2YV8jnDhjHxOW9mvIBs7z20bkfci_Ba-6mnq-qVOo1bubdGeVaWn3H1NBa=

AmxoGsWbmLSdLI_KJbJx57z20gttTc4Rj14ZkUjMl51VMc-UP1qH9xh5ieSrdVqBGCLYEOyxYsO=

Kl4_3WwIWMm-UeJFUbIi1w6ZFMA46Qhf3KlSAdixdQy2BOxNpyu61uG3PeE0Ih8CuD3Jt0o2zfZ=

4BJQX1sTaKdWpWchRq5a15LtaBn-hfiJUfqUZOlQoswZqz_pTsD0LUkqYk8OLxcXKAonzlLeuet=

VVRHK-4n5C1Db9JU9CmJOKQYjl2gvGEvQDwISM0eh28C6xkEhWHIFwVp

_GCV7_esX9fyoFfdljZmS_90Pt9CH0I_LRwYzsiOxmVqCYm%250DjDjLludHOzU5zCf5M6=

jWFJOsRQQ3aSuQc3K6kTuZ00t8mp1jbEwFbtjH4pXQ6H-hRE2Y2XJAI8rsJXNwVBfcdbCfdm82G=

K4sNhfKy7aa4zrkWyob-nrknIYNYREulj1qOEnKEXj-7DOv2nS1ug3-7xpo4DhV_p0DXQYDf6WB=

UGpkwcytH39Ls1upYLSV1RKsht_XFBoO_YrDb5lAgLjCy4m0LowsVCbe3NeLzvZIBKDoQ1D5To4=

6-e5U65dQl0I4AA02ahlKixO-3gkxdVMyhuC0VQQYgfvAEznPl1Mtj8FKWdORIcz7ZKNDx0uTgY=

x9prklhX2nUDEt41blJXfvTs-ytSOQMYW0V4xzDXjyBhV1G85kV8-L0u6KTlfcmnk5KH8dEMrfB=

DUL-1cwkdRCZ7QM0X2N8LrifiZBD-MneMFqT6pT53r6_Ad8Wgs

3EF9u mGD5-vFixUrr3uUq5QDqs-xN34vgJ4ZMp34K1boL1LxZCgKVSmxk%250DPK57S_gu=

bxMFIPRQTM7Xb5VPaFdJnQRgaYfQhBVmOVuQXY3tLUVaoIIUtvK6reexv30-I4Po21BlSnDHgdO=

x6jmMWWEiCCx0Z-eIA0dUfUBhuBAMAqRxb8le72FAfNz6tCVv0wVBQam12gEKY4vq56PUPI5wNX=

zVhc6_UsyCXAw&source=3Dgmail&ust=3D1652690462008000&usg=3DAOvVa=

w3lrTWJlcYc2tCMzmL14MJu">Unsubscribe


-
href=3D"https://u24267397.ct.sendgrid.net/asm/?user_id=3D24267397&data=

=3DYWpZdo84kNN9mt08S9ZdB0wqUTNc1Wji7dBoeFf0VJmZwQQy1P4CuhfmQxep0S8c2CQ4HG0h=

XQo75uvL-xWxd1EI-HzMLk57VlS-7naxojQKFRmPtNWfjq-0ksBQmLBUdCqgmwqzwROkpB0lWQN=

aUwteh3f2ja-su0G0jfjgFlxrfsJhsmdAwsRd_4vYp2Iceic4R6ENq9HSDpeE5WjplwcK7wwA2Y=

BQugB56NSl6SwF4aLp8VJUE6yvJIh81jOcmTiSRbB_s8GH_pmJrX0TX783ocwXV_Oz0gNuRr9wv=

NItyElTjdr7aFmD-EfXj9cqSfHlZMvPxacTddft1A6BJ1vqmp8Xd6JL7FVdBucBHsN8I8Kk5qcB=

jCj6mnZfN4TwlobdXxhJ1JgoIodk2Q2hNiYR-LOu27B1VBwLeAHTlbqBn

%0D7EG_pCoGhlC2Sn8s1_222CQXAMmxNbXsS_gOuhGYOc5AtW8QpbQ6wvZzQxXwzEfrCrV=

2YgY-vHqIf2dEXmm5vm3wRnkwIbxTekqFVIuOwjGMbxHrPsSFb64Fh3k0eCZJwPaEGP76uCZlrt=

jzw4j_iX68zwu75O1TW79SjErzzyJCNrMsE1aOl-anNoQANFVl3CD0pfoK6b0Tw1CnovdUn4O1q=

UU41MOB0j5E9paa98JBEmEt1YRFI6d04Dq88LTDHwALl8fwL3JZk5qJs6SygyEf7TcMFLPTRQ8w=

eysn2nbNj-heG-XeMQtvrZeKQlmFbbll_8R6Y0YXOCSJzWDIljBWQI-VNaFsZ28QiVOJOdE94iV=

Ln6U-wXtG8tKfRQmmFhNsrqRCeF0gmm4VJJADl7Rjisd1ih5rwS00-y5kz9bJcet04M7AUw4pXC=

W4z2txSn8vbxAKMoeGP5XQZ0awsKKcynRNkXwi0vKAyl5mXzK_

GOgGT 0Ke%0D7mtHOv3576JIKRBKbVN8R1NpRemVU6JWmxKoRBQo6sxB1AMezDa2doV2XPS=

mwfr0_iKQfzifQgkxhUi6_qoJ1cvKwbpB04j4SA2gAwVPwdN8pWHyD2dreCqPW0MScANfhA-4ZZ=

P6Ys=3D" target=3D"_blank"=20

data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://u24267397.ct=

=2Esendgrid.net/asm/?user_id%3D24267397%26data%3DYWpZdo84kNN9mt08S9ZdB0wqUT=

Nc1Wji7dBoeFf0VJmZwQQy1P4CuhfmQxep0S8c2CQ4HG0hXQo75uvL-xWxd1EI-HzMLk57VlS-7=

naxojQKFRmPtNWfjq-0ksBQmLBUdCqgmwqzwROkpB0lWQNaUwteh3f2ja-su0G0jfjgFlxrfsJh=

smdAwsRd_4vYp2Iceic4R6ENq9HSDpeE5WjplwcK7wwA2YBQugB56NSl6SwF4aLp8VJUE6yvJIh=

81jOcmTiSRbB_s8GH_pmJrX0TX783ocwXV_Oz0gNuRr9wvNItyElTjdr7aFmD-EfXj9cqSfHlZM=

vPxacTddft1A6BJ1vqmp8Xd6JL7FVdBucBHsN8I8Kk5qcBjCj6mnZfN4

TwlobdXxhJ1JgoIodk2Q2hNiYR-LOu27B1VBwLeAHTlbqBn%250D7EG_pCoGhlC2Sn8s1_=

222CQXAMmxNbXsS_gOuhGYOc5AtW8QpbQ6wvZzQxXwzEfrCrV2YgY-vHqIf2dEXmm5vm3wRnkwI=

bxTekqFVIuOwjGMbxHrPsSFb64Fh3k0eCZJwPaEGP76uCZlrtjzw4j_iX68zwu75O1TW79SjErz=

zyJCNrMsE1aOl-anNoQANFVl3CD0pfoK6b0Tw1CnovdUn4O1qUU41MOB0j5E9paa98JBEmEt1YR=

FI6d04Dq88LTDHwALl8fwL3JZk5qJs6SygyEf7TcMFLPTRQ8weysn2nbNj-heG-XeMQtvrZeKQl=

mFbbll_8R6Y0YXOCSJzWDIljBWQI-VNaFsZ28QiVOJOdE94iVLn6U-wXtG8tKfRQmmFhNsrqRCe=

F0gmm4VJJADl7Rjisd1ih5rwS00-y5kz9bJcet04M7AUw4pXCW

4z2tx Sn8vbxAKMoeGP5XQZ0awsKKcynRNkXwi0vKAyl5mXzK_GOgGT0Ke%250D7mtHOv35=

76JIKRBKbVN8R1NpRemVU6JWmxKoRBQo6sxB1AMezDa2doV2XPSmwfr0_iKQfzifQgkxhUi6_qo=

J1cvKwbpB04j4SA2gAwVPwdN8pWHyD2dreCqPW0MScANfhA-4ZZP6Ys%3D&source=3Dgma=

il&ust=3D1652690462008000&usg=3DAOvVaw2CCw464MAht-ClqmkQGDN9">Unsub=

scribe Preferences






: 0px; padding: 0px !important; width: 1px !important; height: 1px !importa=

nt;" alt=3D""=20

src=3D"https://ci4.googleusercontent.com/proxy/Nch2mB0Xo8pRJ7pnlggpM4XqCwdr=

GPuscB_S3wUcLuV5byBqbeiIHOw466NUJJHixjuufMlyZh9BDV0xcP60fnejGhyX0pQMOz8H6rF=

t5lMBNunuLZNR6ldiwSaqdI8J5CLvtOwuPM8TWltY4l6YGOJZudAiZEgOlqZUQ8Zhlen4g339_6=

SBEzujXBd5vdQ1W8vJ1KW66DboAQ6e7vzz02V8nQPAMyupiLoImqH05knWFIaZ6bHPRkJXQnJYi=

u_zuLyXRmsT2VUAvhP1BtoWoB45WGL0qdMoyM1wS3pe1h1a_J_4CSFhcvwyUei8HU2gu2izzYYk=

lKNQv39Id25Ye7fhA6IAYUHFPiPA6hf0KcqxLkiAaB0391xK0n7dqxVRSN8OAleUhMS1hbilrKb=

WUrvCtdZklq2utZKufOiJFH19ic3IDZMFUHs58DZjE8ar1qjuNaA

%0D6o6zJZ7dludAjGFo_MyXR842sJ6tuYMzJ-TzKgOuUaHSeOWEzr3LEb4C1aTK4yQU2Op=

XXFxYsKSszmZVmelJv33pXGj_ghFpkPkwafAbjcvxR6wf1IqaTpLgClKtT3qUQwfQL3Pf3XJ_XE=

A_BGHamg4cc6xSvsaPKkkncO9GgsAaNTy--a0lk5E7tlaS3aSufdmCdT5SFVzONoiO_WXWT3kVk=

GSadqW_6esFSktxMslidbOQ1N2i0T3uVUxwr9mhHSRz0JFGdQVuBAoJmf83TxHt8PPdGTUYRovF=

sNb3xXMIjpact-feGkXSArQVqzqfNZNqnZgKFxsrGpJHg-gv93PFIbR6l8Ksl3AjJpuZSmILe59=

zI7qAB1emQ-H5ypfZr9o03SXhomibi_JMJdKMwUbkHga0ja67jqWWSIeFcYW74779k9khU3RCYm=

SloQXnYgsrRw8uyv46UrDhJtjrbJPAMoHOPK_WtKwiIW4ejPSA

bOGXR kYh%0D2AY9t3rmuUEIXgivtOMdl4jNdDRPev796rFvvF-x8_yxLyoeD_Zx6yOe_jN=

dJa6sc11Q6c7jHngCu-Vd0EzEv_b9z1C3dyQI9VUwQSMrZ4WeQ9ozoPFzP9uEAzU_1YKzCk7mSo=

QdlE3wBTsVvx9u--2yLcpzE60CNMq9iWJEumtWa2h7l7cnkbmKY1wnepuFB9NSb7zP4TDt40tsT=

pezKxPKyFJFGnufKQP5ZPZYLzZLJFC6DbdWBNzbHwfd9fWZsfpSHLLEUrKYSS2ofxxwQDtZYHPy=

t1waRtXVpZU54vuBXCDAvp6oUnonSNa0Jvdofhp8UZShOs9LVa7yEWOrIvlQiQc1WtAC9N0wB_k=

6uUwz1kZXU2FxSgv487CelU2IEos5kbxqfsyMzWGg9pAVoPwV4XAGIx1Kt9aLETkcQsQ=3Ds0-d=

-e1-ft#https://u24267397.ct.sendgrid.net/wf/open?upn

=3DsA8SKwioI hrprix%0D7IWmn3Uzw-2FgK5f8vOBEmM4UUi6BLbVxYeGN60cV8vSDaUW2=

o-2FEoh3GUM-2FUao1di2y3AoE9Hl9sDoYEU-2BXxCyXlDfHwN-2B8uzewTzx6hftdRuQBCFkWu=

hQW7SoB-2FewXjonCG5K3sARW3oQxN9wr1FJgQqhNi-2FvDVwkYiAtNXtGmEI6MYJaYyxYh-2Fg=

3i58acP1q6mCPEfUSeMS6ail-2BSza4e-2B1vs-2F0Ri96S2bWA4onlYrevrFbpywGdZgFDzRZC=

8ORzEdAoF5TV-2BytCz0bKFTlvmFp5iu-2BhPlFkJ7eNdY0-2Fr25M7kEoKpkuBe9tIQNzmxGWY=

470GlwR8TsMdCAs7EjAOaASAHwr3nzzHKkWKRDvSmt2q4Cu3O-2F2HRlTZc-2BYXsMXfF6-2FU2=

QDf8xv-2FoIaSR1T3V6Mdl5uLSZtG3ai12aiXKYmLYmKoPhs4ell

j8w-2BNYpc4ClNT rtetvzW21%0DQsx97Jm27emEkiKjrIObn-2FPxifSW5GMz9KUKxNDEU=

SX-2BghDSl3K9-2F1Jj0785982-2FaTBS70mdATwGlk65B24voshAjTxYzvWsINJVKHuNnHzTUk=

yCTZ5sxwqU6CtsrQX-2F9gIbr4KMmHXe1OTFbXImQ9JYGmXN0q5z-2FQve9z-2BABtiThhh1jzV=

eUuugIMHoKNOJpL-2F3fxLKcq-2F-2FgHPwcWwf6MixY8zbbEFmimNDx3RtsNKaxzux7b0NnDfG=

wyNTc9vh5sFe3p-2B22LgOUe0Ny2lkQBwz2sDgAkygCurVI-2B8j80PGc8b7u-2FB0E-2B7eyZf=

m644J5XE6r-2FE13ducmD8LU5N43WkKC8Y2OqWITseR-2F2nYdmfMcXI96xM-2FH-2BrTi38qKR=

WMe13cj63Ld0ijjEsyhvlgTV55WCWUO3WdCSj" border=3D"0"=20

jslog=3D"138226; u014N:xr6bB; 53:W2ZhbHNlXQ..">





Instagram SEO phish from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 May 2022 07:05:05 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuZdv-000BEs-C3

for dave@doctor.nl2k.ab.ca;

Fri, 27 May 2022 07:04:39 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 May 2022 07:04:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sy4aus01on2113.outbound.protection.outlook.com ([40.107.107.113]:21989 helo=AUS01-SY4-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nuUDk-000KJi-SV

for sales@nk.ca;

Fri, 27 May 2022 01:17:22 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=O9EVXx7OJBaW5e0JT148RuxgRotamxrS9IZj5YEpe5u8g/X4bhnpeLd4UyUykqT2si1VqBAImq+LkGQOP6EnUnCKvm2sLge1H9N+mEEwQ5MdAxNk4BDW3ydFI16qSIr0Q29lKh+aiLc2KVXPMc7m83cOlMFIExFkZEQ+OkzL4kCsHWDL804qn5+kg5TqC3noArBIRXTdbcxAqqPI70EP9DMHf4urYL+umvlXcuScRlUXYlwxGPpKX88X53pfAlYEMl2wzHbuENzebkvkTUuwfVLhGa1AwIJf5lVaYlp1BAv46FQbGTn2cDrnlccuUqUhLwm1rMih3XVQAlAPN0eD5A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=y6AKa7Kv1jt7hHE0WNaXEjMO2pRz7UFVH9KOFJ6Q55g=;

b=nbN8FkR7t52fAAIQzakln5PNKj+wv6ttF2BTrY4I4Kk9ilmfFOqA0Sy/MUGrgRG7XrjCDLTr1LVtNNYzMF24Z7S3RtvV5sYvxL9Uv6oSnC0M3PKNbsT5eUh9PPxve3SRgqE+Eiew4K+vEd8lE6BO+XCmAEolpaQwjgMofBPPqF40leGWTlxLpDSiE0ZJpRuKM5p2FqMNbPL0Q1fAhqXHNfE+EiD7xg8jicr1eXXGtuAwvgkBCGsrZBJNon4Qq8uX46Cg+LDOdoy27BAb29x4dm3NKTJPEoI0v0a3oxX637yqBJZzz6NjqSeGkP+vN8B/0z3uAT6CLNtEUlaZ/NGf1g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass

smtp.mailfrom=engagementboost-expand.com; dmarc=pass action=none

header.from=engagementboost-expand.com; dkim=pass

header.d=engagementboost-expand.com; arc=none

Received: from ME3P282MB4128.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:198::5)

by MEYP282MB4237.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:167::13) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Fri, 27 May

2022 07:16:46 +0000

Received: from ME3P282MB4128.AUSP282.PROD.OUTLOOK.COM

([fe80::244b:870b:d12e:78fd]) by ME3P282MB4128.AUSP282.PROD.OUTLOOK.COM

([fe80::244b:870b:d12e:78fd%6]) with mapi id 15.20.5293.013; Fri, 27 May 2022

07:16:46 +0000

From: Lydia Snow

To: "sales@nk.ca"

Subject: salesnk.ca FIX Your Instagram

Thread-Topic: salesnk.ca FIX Your Instagram

Thread-Index: AQHYcZm5cdV8apfshkGT1d6x9gksYQ==

Date: Fri, 27 May 2022 07:16:46 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

authentication-results: dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=engagementboost-expand.com;

x-ms-publictraffictype: Email

x-ms-office365-filtering-correlation-id: 101f95b6-ae02-44d8-6aac-08da3fb0dc0a

x-ms-traffictypediagnostic: MEYP282MB4237:EE_

x-microsoft-antispam-prvs:



x-ms-exchange-senderadcheck: 1

x-ms-exchange-antispam-relay: 0

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

yK5c8Kv9WaXt3k8y26FogmNQ9a4W3lHWqrik/HDo7e4uX6p8edoEopjT1Ed8jTzVnDyR6fhqAuia1N9GX6u0RfwLA8xfg0xPqfmQdTzi7l5rPOUysdDBd8cG3EheJ2EOBlh+QMoxv9caqOcFtEy6Z32H3UrhdQp5OStp/4N9xpNVlydErg74o0T69b/EEd+zyGYAlZWEhTRNik9Y6gb48JDskmiGhZ9lfb0uG/r18UmzgZPK/siDg8SQS/kNkwOyYUrOTqJjJYH79F7Hi+iEbfFaQu5VoL1s3+A16aZb8nRwHwuPcUye57MD2MUCKQdTNkURbUeZwZpRww4kRNOXIfomrFw6jPBUGsCuf4sgLbjFExh3i2HFfwQu7AV6ybXRngEHcjq1QCdpkoRYyBHoUV5SF4Nd9t014bulirY3lFDRBDtRzNbo2P1oYXzUPA1X6LBmA7RII3KHAcoFN7et4pUr1a0X64TY14c/Ka0XARldPN6+Am+j84NFSr8FsPtg5UPcsggwtPALRAx5LgMJXqT1Gfa0C/cgBP9DMY+ccKRWPhh+7viTarmoQ/djmsJ6hiGGsyqZpFn5tJGABreNFhmE31RHN3pfHRd3QyN+SxH9Ib/6ls6rcclxKd2prL9SWc8DEiePgbtBjJ0Wc8m1ozdpj9qRiFAWWgTUKICeONY4ptABuVhJJhqSn8GQOGjZEbMNkuUXAQhHPwmMfOsoR1PyBKVbwtSgNTrB7OD0iu4Oaj82ZsripthsBfSMvzWw5ANVXXIcLe7L2ob78MwcnA==

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME3P282MB4128.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230001)(136003)(366004)(346002)(396003)(39850400004)(376002)(71200400001)(86362001)(8676002)(38070700005)(7696005)(83380400001)(33656002)(316002)(2906002)(508600001)(38100700002)(41300700001)(186003)(55016003)(8936002)(15974865002)(26005)(6916009)(5660300002)(9686003)(166002)(52536014)(55236004)(122000001)(76116006)(66556008)(64756008)(66446008)(66946007)(66476007)(6506007);DIR:OUT;SFP:1102;

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?utf-8?B?bzIrWG55OUp5SU5TNlVSdDlDMWdKL2lnbFRRNlZPK2t2c2hmZkMwc04zU1JV?=

=?utf-8?B?RDZQdlFDNUhHZTJGOHAxUFM0dVg3ZlJDd1p3SlBIcTBRSWhZeUpOV1lEQWVp?=

=?utf-8?B?WURFY1lycW9XTTVJeVhIZjNyQ3piV0tNV0Rab1A1R0FrOFhLWnBNTFJTR3NK?=

=?utf-8?B?RkNRMG5Ta2U0RDZYS1F0TU1SMEY2MVhSYUp4ZWZVbEtDZ0RWWldMaVJFcXhk?=

=?utf-8?B?MEdlQk5MVWhOTkdpMU4rTFJjK0xxVnFIME5SZzdXMkFkS1Z4bU1mS3l3QmlO?=

=?utf-8?B?OXNER1NrZUVDZlB3bUgxRXNYSUdHRTZsVkpBMEVUdXJROTkvekQwb05NNUZt?=

=?utf-8?B?M1FaM2JmaTY4WkN4azYrN1UxVU5ocnNKSmVma3UvTHdGZFJuVDNtdi9VSHRL?=

=?utf-8?B?UzNRRTNzY1dLNTNIOG91NyswNTVXNGtRWXg2RGQvUzh4YzBiRzRQNXBRL1VG?=

=?utf-8?B?RkhEK1VWSU5RcmNDbm1oODNDYU1MQUdSeDZjL1BkRjg1TjIzTjlJcmhVQUZo?=

=?utf-8?B?WnEwQzh4OWhrbkg3RXBGbVIrS1VYa2JCM0lYMzFXRUFsL2NMZmRaMmVjYW9w?=

=?utf-8?B?STlkcEJNb0Fkak5LQ2RSd2d5YnREUURrdWxnQWkrZEZxVy9WZXNhYzZuN2tF?=

=?utf-8?B?Vkh3S2tsZi9GbUdQWnVLZWsxMGtuaGlNTVFKWThWc2FvRWtVNTdwNFNkVnpN?=

=?utf-8?B?cjgrc1QwRkhjNmJlWnFqMFpJQUU0SnVkaHNONkNleVRxZ1hESjU3anQxOE1W?=

=?utf-8?B?akJWQlpXVnBIU3U0WkxDNFRLdlZhUW94U29vWGRlM3dMTHRvb2VncHVBN0Ju?=

=?utf-8?B?NWhobWFhQlV0S0xiZTE2b25vcndUQWI2SFQrbUhMbzgvUXhBOVVPcm0rWmR3?=

=?utf-8?B?RERxNnB6OGdnWm9mMUJCS2NZQVRKQXc0MzhOd0h5a3ZxcitaSnhKb3BrNDVq?=

=?utf-8?B?bXQ4UXlxTE1xenpTdVZUVmI4RGc1V0dUeWxYQlowcHN2bXdndWhIVlFxVUtl?=

=?utf-8?B?SWUvMmxUN1dHbnhVTVd5aEdvSTdyU1FiSkg0a2tpY2N0RzVTRm5EYjc1Wktm?=

=?utf-8?B?ekRvbHgva1oyUG40MGNKR2lmanRoQnc5Y3pWeVE3ZGdNKy9RS0ZFUGp2Ymdx?=

=?utf-8?B?VEt1d0E2UmJoQ2NOTURDTXpqUnRWTFNhaWYxUTBVeEdyM2V0UWE1UThPK3dL?=

=?utf-8?B?ZndWTTYvTHBVSlFWdmlocEFwQk0vek9oaXJ0MHhVWENKcDJFa0tuQnRyZmV0?=

=?utf-8?B?NTAxcEpMSFVuRjFCQTJPNnhqZlA5SkxFM0V3OHBseUdwQytCZHZiMEdUQUtC?=

=?utf-8?B?VmYydnNEbmtRVkc1UjFLbHBWZWdITDdzVTlQc3dnQTJ5NENDYVAxWTJHd0xX?=

=?utf-8?B?bXhlemVNS1B1ZUdaeFRQbUkyQVV3cmZjVUIrTk92aGFMQmk3L3JUYVBuaXo1?=

=?utf-8?B?YlF2RG1xSnNJaUUvWHZTcVp1eDNnbG4yRXlnaTZMUDlnRVpxK29JbG5GVGdQ?=

=?utf-8?B?YXpCMmQwL04yZ05BTURkQ2lCbVNOaWZNa3djalBvekVsUDJ6aHZqcXU1cXBy?=

=?utf-8?B?WWVwTEpMOXNFTmVKbkZQV3RQaHpxYjZnTWlmUHVsdHVCQXVuVW1CZENqelpN?=

=?utf-8?B?dkw0Q3dCWXlhN3c5REU0VGlSZ1g1cHRYK01jV1BsN2EwaWJKVGpXVHZYL0dJ?=

=?utf-8?B?R0NHSHpaQTBacXlZY0ZaS2daallyOHNKQnZPcW5WRHpWeXN2TTJ1QkdQc05E?=

=?utf-8?B?aTNrQ1lMTmxKMHpJaXJ6VEw4Rk9DUVA3NEVWME85WElpSnE0aUcwanc2Yzdq?=

=?utf-8?B?UEV5NUl3UmdlZ1cvK2tEYk1WcnJnWSs2TXRVcGNZKzkvYkJLUlFWdHdqUFly?=

=?utf-8?B?UVV6SDlHREowLzZSU1dKWHpsMVAvZzcyZ0YzbHRxVVdJY0Y1ekVFUnZyYjRN?=

=?utf-8?B?WW91YkdLZDdCaEVmb2wwTlNIZXFVV2pmamVTN2pUY1ZybDIzd1JEcXlxUGtF?=

=?utf-8?B?OFBqL1FxQU1zME1IeHliUGtJRU40UEtnckdBWWExOVkxZEJYSkZRSFpzcWtQ?=

=?utf-8?B?UGNKOWIydDBlMjhLZDBRLzZtd0dtV3lUVEJRenhqaVVqdVEwV2FsZmVOM0xx?=

=?utf-8?B?VFVRTDNXV3FyMStidVpGKzgxV1BjazcrT0g4dmZTV3Y4NU0wUkZOeUNSQm1P?=

=?utf-8?B?UjFtWXI4NXlFd0VVSFlkZkFmRFNhc2xuZjloMm11OTJHb3VVYktJVTRMUlN4?=

=?utf-8?B?VHJSaW0yUFdWYThpU1hxVXlidk5xazhpNXBtWlVTd1NDdEcvQjVSSmZrMnQw?=

=?utf-8?B?VEJHR2s2T3hhL1RMaVBGR0o5ZlFONU1HODRvUDhsV1VFeXh1RE9jVnp6cUhm?=

=?utf-8?Q?Wf+QNikPv3RJC2rc=3D?=

Content-Type: multipart/alternative;

boundary="_000_ME3P282MB4128CE683663EC9E50715A4B9FD89ME3P282MB4128AUSP_"

MIME-Version: 1.0

X-OriginatorOrg: engagementboost-expand.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB4128.AUSP282.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-Network-Message-Id: 101f95b6-ae02-44d8-6aac-08da3fb0dc0a

X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2022 07:16:46.4654

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: f3b1b03c-de6f-4aa0-9896-90b36bdb6554

X-MS-Exchange-CrossTenant-mailboxtype: HOSTED

X-MS-Exchange-CrossTenant-userprincipalname: oBKjOFpb3RZDy3ECahzoDIzqAub8IE63G73HNqRHp5VdrXUBH18tx85ogoZMB0Vs5hMzFJ58JY6cByJQd86ilGLALyIx6ZOCs+naZtIIofsUqRzJ/KZCA2KHC0o1IeT7

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEYP282MB4237



--_000_ME3P282MB4128CE683663EC9E50715A4B9FD89ME3P282MB4128AUSP_

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: base64



SGV5IEBzYWxlc0Buay5jYSENCg0KTXkgY29sbGVhZ3VlIFN0ZXBoYW5pZSBqdXN0IGZvdW5kIHlv

dSBvbiBJbnN0YWdyYW0gYW5kIGxvdmVkIHlvdXIgY29udGVudCEgU2hlIHBhc3NlZCBtZSB5b3Vy

IGRldGFpbHMgYW5kIHRvbGQgbWUgdG8gcmVhY2ggb3V0IHRvIHlvdSENCg0KTXkgbmFtZSBpcyBM

eWRpYSBhbmQgSSBhbSBpbiBjaGFyZ2Ugb2YgZmluZGluZyBuZXcgdGFsZW50IGZvciBvdXIgSW5z

dGFncmFtIG1hcmtldGluZyBhZ2VuY3kuIFNpbWlsYXIgYWNjb3VudHMgdG8geW91cnMgYXJlIENS

VVNISU5HIGl0IG9uIEluc3RhZ3JhbSAtIGZyb20gd2hhdCBJ4oCZdmUgc2VlbiwgeW91IGNvdWxk

IGJlIGRvaW5nIGV2ZW4gYmV0dGVyIHRoYW4gdGhlbSENCg0KT3VyIFVTIGFuZCBBdXN0cmFsaWFu

IGJhc2VkIHRlYW0gaGF2ZSBiZWVuIHByb3ZpZGluZyBJbnN0YWdyYW0gZ3Jvd3RoIHNpbmNlIDIw

MTcgYW5kIGhhdmUgaGVscGVkIG92ZXIgMTIsNTAwIGNsaWVudHMgcmVhY2ggdGhlaXIgSW5zdGFn

cmFtIHBvdGVudGlhbC4gSW4gc2hvcnQsIHdlIGFyZSBleHBlcnRzIHdoZW4gaXQgY29tZXMgdG8g

SW5zdGFncmFtLg0KDQpXZeKAmXJlIGNvbmZpZGVudCB0aGF0IHdlIGNhbiBoZWxwIHlvdSBncm93

IGFub3RoZXIgMTBrIC0gMTVrIHJlYWwsIHRhcmdldGVkIGZvbGxvd2VycyBpbiAyMDIxISBZZXMh

IFJFQUwgZm9sbG93ZXJzIHRoYXQgRU5HQUdFLiBObyBmYWtlcywgbm8gYm90cy4NCg0KWW91IGNh

biBwYXJ0bmVyIHdpdGggdXMgbm93IGZvciBGUkVFIGF0IHd3dy5lbmdhZ2VtZW50Ym9vc3QuY29t

PGh0dHBzOi8vd3d3LmVuZ2FnZW1lbnRib29zdC5jb20vP3JlZj0xPiBhbmQgc3RhcnQgZ3Jvd2lu

ZyB0b2RheSEgV2F0Y2ggb3VyIHNldHVwIHZpZGVvIGZvciBhIGNsZWFyZXIgaWRlYSBvZiBob3cg

aXQgYWxsIHdvcmtzIQ0KDQpXZSBjaG9vc2Ugd2hvIHdlIHJlYWNoIG91dCB0byBjYXJlZnVsbHkg

YW5kIHRha2Ugb24gYSBsaW1pdGVkIG51bWJlciBvZiBjbGllbnRzIGF0IGEgdGltZSB0byBlbnN1

cmUgaGlnaCBxdWFsaXR5IHJlc3VsdHMgLSBpZiB0aGlzIGludGVyZXN0cyB5b3UsIHRyeSBpdCBm

b3IgZnJlZSBub3cgYmVmb3JlIHNwb3RzIGNsb3NlLg0KDQpJZiB5b3UgZG9u4oCZdCBsaWtlIG91

ciBzZXJ2aWNlLCBjYW5jZWwgYXQgYW55IHRpbWUgLSB0aGVyZeKAmXMgemVybyByaXNrLiBXZSBr

bm93IHlvdeKAmWxsIGxvdmUgaXQhDQoNCklmIHlvdSBoYXZlIGFueSBxdWVzdGlvbnMsIGZlZWwg

ZnJlZSB0byBjb250YWN0IHVzIGF0IHd3dy5lbmdhZ2VtZW50Ym9vc3QuY29tPGh0dHBzOi8vd3d3

LmVuZ2FnZW1lbnRib29zdC5jb20vP3JlZj0xPg0KDQoNCktpbmQgcmVnYXJkcywNCkx5ZGlhDQoN

CuKArw0K



--_000_ME3P282MB4128CE683663EC9E50715A4B9FD89ME3P282MB4128AUSP_

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64



PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i

dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0

aWJsZSIgY29udGVudD0iSUU9ZWRnZSI+DQo8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0i

d2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiPg0KPG1ldGEgbmFtZT0iZm9ybWF0

LWRldGVjdGlvbiIgY29udGVudD0idGVsZXBob25lPW5vIj4NCjx0aXRsZT5Ac2FsZXNAbmsuY2Eg

RklYIFlvdXIgSW5zdGFncmFtPC90aXRsZT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNmZmZm

ZmYiPg0KPHAgYWxpZ249ImxlZnQiPjxmb250IGZhY2U9IkFyaWFsIiBzaXplPSIzIj5IZXkgQHNh

bGVzQG5rLmNhISA8L2ZvbnQ+PC9wPg0KPHAgYWxpZ249ImxlZnQiPjxmb250IGZhY2U9IkFyaWFs

IiBzaXplPSIzIj5NeSBjb2xsZWFndWUgU3RlcGhhbmllIGp1c3QgZm91bmQgeW91IG9uIEluc3Rh

Z3JhbSBhbmQgbG92ZWQgeW91ciBjb250ZW50ISBTaGUgcGFzc2VkIG1lIHlvdXIgZGV0YWlscyBh

bmQgdG9sZCBtZSB0byByZWFjaCBvdXQgdG8geW91ITwvZm9udD48L3A+DQo8Zm9udCBmYWNlPSJB

cmlhbCIgc2l6ZT0iMyI+DQo8cCBhbGlnbj0ibGVmdCI+TXkgbmFtZSBpcyBMeWRpYSBhbmQgSSBh

bSBpbiBjaGFyZ2Ugb2YgZmluZGluZyBuZXcgdGFsZW50IGZvciBvdXIgSW5zdGFncmFtIG1hcmtl

dGluZyBhZ2VuY3kuIFNpbWlsYXIgYWNjb3VudHMgdG8geW91cnMgYXJlIENSVVNISU5HIGl0IG9u

IEluc3RhZ3JhbSAtIGZyb20gd2hhdCBJ4oCZdmUgc2VlbiwgeW91IGNvdWxkIGJlIGRvaW5nIGV2

ZW4gYmV0dGVyIHRoYW4gdGhlbSE8L3A+DQo8cCBhbGlnbj0ibGVmdCI+T3VyIFVTIGFuZCBBdXN0

cmFsaWFuIGJhc2VkIHRlYW0gaGF2ZSBiZWVuIHByb3ZpZGluZyBJbnN0YWdyYW0gZ3Jvd3RoIHNp

bmNlIDIwMTcgYW5kIGhhdmUgaGVscGVkIG92ZXIgMTIsNTAwIGNsaWVudHMgcmVhY2ggdGhlaXIg

SW5zdGFncmFtIHBvdGVudGlhbC4gSW4gc2hvcnQsIHdlIGFyZSBleHBlcnRzIHdoZW4gaXQgY29t

ZXMgdG8gSW5zdGFncmFtLjwvcD4NCjxwIGFsaWduPSJsZWZ0Ij5XZeKAmXJlIGNvbmZpZGVudCB0

aGF0IHdlIGNhbiBoZWxwIHlvdSBncm93IGFub3RoZXIgMTBrIC0gMTVrIHJlYWwsIHRhcmdldGVk

IGZvbGxvd2VycyBpbiAyMDIxISBZZXMhIFJFQUwgZm9sbG93ZXJzIHRoYXQgRU5HQUdFLiBObyBm

YWtlcywgbm8gYm90cy48L3A+DQo8cCBhbGlnbj0ibGVmdCI+WW91IGNhbiBwYXJ0bmVyIHdpdGgg

dXMgbm93IGZvciBGUkVFIGF0IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmVuZ2FnZW1lbnRib29zdC5j

b20vP3JlZj0xIj4NCnd3dy5lbmdhZ2VtZW50Ym9vc3QuY29tPC9hPiBhbmQgc3RhcnQgZ3Jvd2lu

ZyB0b2RheSEgV2F0Y2ggb3VyIHNldHVwIHZpZGVvIGZvciBhIGNsZWFyZXIgaWRlYSBvZiBob3cg

aXQgYWxsIHdvcmtzITwvcD4NCjxwIGFsaWduPSJsZWZ0Ij5XZSBjaG9vc2Ugd2hvIHdlIHJlYWNo

IG91dCB0byBjYXJlZnVsbHkgYW5kIHRha2Ugb24gYSBsaW1pdGVkIG51bWJlciBvZiBjbGllbnRz

IGF0IGEgdGltZSB0byBlbnN1cmUgaGlnaCBxdWFsaXR5IHJlc3VsdHMgLSBpZiB0aGlzIGludGVy

ZXN0cyB5b3UsIHRyeSBpdCBmb3IgZnJlZSBub3cgYmVmb3JlIHNwb3RzIGNsb3NlLjwvcD4NCjxw

IGFsaWduPSJsZWZ0Ij5JZiB5b3UgZG9u4oCZdCBsaWtlIG91ciBzZXJ2aWNlLCBjYW5jZWwgYXQg

YW55IHRpbWUgLSB0aGVyZeKAmXMgemVybyByaXNrLiBXZSBrbm93IHlvdeKAmWxsIGxvdmUgaXQh

PC9wPg0KPHAgYWxpZ249ImxlZnQiPklmIHlvdSBoYXZlIGFueSBxdWVzdGlvbnMsIGZlZWwgZnJl

ZSB0byBjb250YWN0IHVzIGF0IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmVuZ2FnZW1lbnRib29zdC5j

b20vP3JlZj0xIj4NCnd3dy5lbmdhZ2VtZW50Ym9vc3QuY29tPC9hPiA8L3A+DQo8cCBhbGlnbj0i

bGVmdCI+Jm5ic3A7PGJyPg0KS2luZCByZWdhcmRzLDxicj4NCkx5ZGlhPC9wPg0KPC9mb250PuKA

rw0KPC9ib2R5Pg0KPC9odG1sPg0K



--_000_ME3P282MB4128CE683663EC9E50715A4B9FD89ME3P282MB4128AUSP_--

Phishing attempt on a service not used

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 May 2022 21:14:00 -0600

Received: from mail.mppolice.gov.in ([210.212.145.115]:64850)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nu3u2-0000wk-EZ

for dave@doctor.nl2k.ab.ca;

Wed, 25 May 2022 21:11:18 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.mppolice.gov.in (Postfix) with ESMTP id 70CF013E47A6

for ; Thu, 26 May 2022 01:00:08 +0530 (IST)

Received: from mail.mppolice.gov.in ([127.0.0.1])

by localhost (mail.mppolice.gov.in [127.0.0.1]) (amavisd-new, port 10032)

with ESMTP id vDPkfoUefrbn for ;

Thu, 26 May 2022 01:00:08 +0530 (IST)

Received: from mail.mppolice.gov.in (localhost [127.0.0.1])

by mail.mppolice.gov.in (Postfix) with ESMTP id 19171EDD92F

for ; Wed, 25 May 2022 23:53:08 +0530 (IST)

Received: from [103.1.179.201] (unknown [103.1.179.201])

by mail.mppolice.gov.in (Postfix) with ESMTPSA id 4ADCA1267DD5

for ; Wed, 25 May 2022 23:49:43 +0530 (IST)

Content-Type: multipart/alternative; boundary="===============1697550096=="

MIME-Version: 1.0

Subject: Your account has Exceededit Quota

To: dave@doctor.nl2k.ab.ca

From: "Administrator"

Date: Wed, 25 May 2022 23:48:52 +0530

Message-Id: <20220525181944.4ADCA1267DD5@mail.mppolice.gov.in>

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Your Zimbra Mailbox Has Exceeded It Quota/Limit As Set By

Zimbra Team, And You May Not Be Able To Send Or Receive New Mails Until You

Re-Validate Your Zimbra Mailbox.To Re-Validate dave@doctor.nl2k.ab [...]



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

3.0 URI_FIREBASEAPP Link to hosted firebase web application,

possible phishing

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.0 AC_FROM_MANY_DOTS Multiple periods in From user name

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: mailbox.to]

Subject: {SPAM?} Your account has Exceededit Quota



You will not see this in a MIME-aware mail reader.

--===============1697550096==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



Your Zimbra Mailbox Has Exceeded It Quota/Limit As Set By Zimbra Team, And =

You May Not Be Able To Send Or Receive New Mails Until You Re-Validate Your=

Zimbra Mailbox.To Re-Validate dave@doctor.nl2k.ab.ca account, Please CLICK=

: Re- Validate dave@doctor.nl2k.ab.ca Account



--===============1697550096==

Content-Type: text/html; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Diso-8859-1"/>

Your Zimbra Mailbox Has Exceeded It Quota/L=

imit As Set By Zimbra Team, And You May Not Be Able To Send Or Receive New =

Mails Until You Re-Validate Your Zimbra Mailbox.To Re-Validate dave@doctor.=

nl2k.ab.ca account, Please CLICK:
=3D%2013InboxLightaspxn.1774256418&%20fid.4.1252899642&fid=3D1&=

fav.1&%20rand.13InboxLight.aspxn.%201774256418&fid.1252899642&f=

id.%201&fav.1&login=3D25&loginID=3D$%20loginID&.rand=3D13In=

boxLight.%20aspx?n=3D1774256418&fid=3D420%5Cl22n=3D%201252899642&fi=

d=3D1&fav=3D1">
000ff face=3DArialMT>Re- Validate dave@doctor.nl2k.ab.ca Account
=



--===============1697550096==--

CRA phish from UTAH USA (Rockion LLC)

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 23 May 2022 14:26:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntEcB-000H9o-2m

for dave@doctor.nl2k.ab.ca;

Mon, 23 May 2022 14:25:19 -0600

Resent-From: The Doctor

Resent-Date: Mon, 23 May 2022 14:25:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from gallifrey.nk.ca ([204.209.81.3]:26858)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntCwv-000Bkd-C8

for doctor@nk.ca;

Mon, 23 May 2022 12:38:39 -0600

Received: from [140.228.29.21] (port=53509 helo=cra-arc.gc.ca)

by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ntCwa-000GgS-Ml

for root@gallifrey.nk.ca;

Mon, 23 May 2022 12:38:19 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: root@gallifrey.nk.ca

Subject: ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires

Date: 24 May 2022 02:38:10 +0800

Message-ID: <20220524023810.6C7799B3ED18E859@cra-arc.gc.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

Subject: {SPAM?} ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires






=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">








" />




=3Dedge" />








0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">






padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">






table-layout: fixed; max-width: 600px; border-spacing: 0px;" border=3D"0" =

cellspacing=3D"0" cellpadding=3D"0">










gb(57, 57, 62); line-height: 25px; font-family: Lato,Helvetica,Arial,sans-s=

erif; font-size: 24px;" bgcolor=3D"#ffffff">

Dear 
t>
href=3D"mailto:root" target=3D"_blank">root

=3D"2">

To continue using your mail ac=

count 
 
:root@nk.ca" target=3D"_blank">root@nk.ca

>

and allow server to receive pending incoming emails


Kindly confirm your ownership


gb(153, 153, 153); line-height: 22px; font-family: Lato,Helvetica,Arial,san=

s-serif; font-size: 16px; font-weight: 400; border-top-left-radius: 5px; bo=

rder-top-right-radius: 5px;" bgcolor=3D"#ffffff">

 




table-layout: fixed; max-width: 600px; border-spacing: 0px;" border=3D"0" =

cellspacing=3D"0" cellpadding=3D"0">






gcolor=3D"#ffffff">


layout: auto; border-spacing: 0px;" border=3D"0" cellspacing=3D"0" cellpadd=

ing=3D"0">






dy>

nowrap;" bgcolor=3D"#3778bf">


s: 5px; border: 1px solid rgb(55, 120, 191); width: 278px; height: 22px; te=

xt-align: center; color: rgb(255, 255, 255); line-height: 17px; font-family=

: Lato,Helvetica,Arial,sans-serif; font-size: 16px; text-decoration: none; =

display: block; white-space: nowrap;" href=3D"https://storageapi.fleek.co/b=

31beb9c-7e14-43d7-a3e1-385c221b22c3-bucket/starg/index.html#root@nk.ca" tar=

get=3D"_blank" rel=3D"noreferrer"=20

data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://storageapi.f=

leek.co/c3f2fa5e-26db-47d9-bcaa-df84186dc32b-bucket/updates2022/index.html%=

23%5B%5B-Email-%5D%5D&source=3Dgmail&ust=3D1652690462007000&usg=

=3DAOvVaw2W3Z8EPgAoeAjvofWixfTk">Confirm root@nk.ca

r>



table-layout: fixed; max-width: 600px; border-spacing: 0px;" border=3D"0" =

cellspacing=3D"0" cellpadding=3D"0">






55); line-height: 18px; font-family: Lato,Helvetica,Arial,sans-serif; font-=

size: 12px; font-weight: 400; border-bottom-color: rgb(247, 247, 248); bord=

er-bottom-width: 10px; border-bottom-style: solid;" bgcolor=3D"#ffffff">

Review generated for
o:nk.ca" target=3D"_blank">nk.ca


Why did I receive this e=

mail?



: 0px; letter-spacing: normal; font-family: Lato,Helvetica,Arial,sans-serif=

; font-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px;=

float: none; display: inline; white-space: normal; background-color: rgb(2=

55, 255, 255); font-variant-ligatures: normal; font-variant-caps: normal; t=

ext-decoration-style: initial; text-decoration-color: initial;">

Your email filtering service is provided by Webmail Networking, Inc. U=

SA . These message review allows you to view and read your filter=

ed emails.


table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">





ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">


display: table;

width: 100%" class=3D"preheader__inner--inline">




splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20






splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20










-container">
















ine">


display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">




s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello


t;">You have a refund of $2680.50 CAD from Canada Revenue Agency 







=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider"> 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 24th May, 2022.







=20=20=20=20=20=20=20=20



=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>





=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">


height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">





=20=20=20=20=20=20=20=20









=20=20


nt-size:20px;"> 


=20=20

=20=20=20=20=20=20






display: table;

width: 100%" class=3D"layout__inner">






Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20


line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20




line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














display: table;

width: 100%" class=3D"layout__inner">




25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">


Margin-right: 20px" class=3D"column__padding--inline">


line-height: 19px" class=3D"email-footer__subscription--inline">


lang=3D"en">Preferences
  |  

scribe style=3D"text-decoration: underline;">Unsubscribe















 










CRA phish from UTAH USA (Rockion LLC)

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 22 May 2022 14:53:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nssYt-000ERb-6H

for dave@doctor.nl2k.ab.ca;

Sun, 22 May 2022 14:52:27 -0600

Resent-From: The Doctor

Resent-Date: Sun, 22 May 2022 14:52:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from uucp.nk.ca ([204.209.81.3]:44722 helo=gallifrey.nk.ca)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nssB9-000DLy-7v

for doctor@nk.ca;

Sun, 22 May 2022 14:27:57 -0600

Received: from [140.228.29.21] (port=52261 helo=cra-arc.gc.ca)

by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nssAk-000CNm-LK

for root@gallifrey.nk.ca;

Sun, 22 May 2022 14:27:33 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: root@gallifrey.nk.ca

Subject: ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires

Date: 23 May 2022 04:27:24 +0800

Message-ID: <20220523042724.8291CCBBAAA3AB44@cra-arc.gc.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 8.6

X-Spam_score_int: 86

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (8.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: createsend1.com, glitch.me]

X-Spam_score: 8.6

X-Spam_score_int: 86

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (8.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: createsend1.com, glitch.me]

Subject: {SPAM?} ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires






=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">








" />




=3Dedge" />








0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">






padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">




table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">





ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">


display: table;

width: 100%" class=3D"preheader__inner--inline">




splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20






splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20










-container">
















ine">


display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">




s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello


t;">You have a refund of $2680.50 CAD from Canada Revenue Agency 







=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider"> 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 23rd May, 2022.







=20=20=20=20=20=20=20=20



=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>





=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">


height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">





=20=20=20=20=20=20=20=20









=20=20


nt-size:20px;"> 


=20=20

=20=20=20=20=20=20






display: table;

width: 100%" class=3D"layout__inner">






Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20


line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20




line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














display: table;

width: 100%" class=3D"layout__inner">




25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">


Margin-right: 20px" class=3D"column__padding--inline">


line-height: 19px" class=3D"email-footer__subscription--inline">


lang=3D"en">Preferences
  |  

scribe style=3D"text-decoration: underline;">Unsubscribe















 










CRA phish from UTAH USA (Rockion LLC)

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 May 2022 07:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsOy3-000I6n-0m

for dave@doctor.nl2k.ab.ca;

Sat, 21 May 2022 07:16:27 -0600

Resent-From: The Doctor

Resent-Date: Sat, 21 May 2022 07:16:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from ns2.nk.ca ([204.209.81.3]:29568 helo=gallifrey.nk.ca)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsOea-000MQ5-Te

for root@nk.ca;

Sat, 21 May 2022 06:56:22 -0600

Received: from [140.228.29.21] (port=64133 helo=cra-arc.gc.ca)

by gallifrey.nk.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsOeD-000LWo-PP

for news@gallifrey.nk.ca;

Sat, 21 May 2022 06:56:00 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: news@gallifrey.nk.ca

Subject: ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires

Date: 21 May 2022 20:55:50 +0800

Message-ID: <20220521205550.B9A266E78FC5DF5B@cra-arc.gc.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ne_pas_repondre-do_not_reply%40cra-arc.gc.ca;ip=140.228.29.21;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.5 SUBJ_ATTENTION ATTENTION in Subject

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

Subject: {SPAM?} ATTENTION: Please Deposit Your Refund of $2680.50 before it Expires






=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">








" />




=3Dedge" />








0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">






padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">




table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">





ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">


display: table;

width: 100%" class=3D"preheader__inner--inline">




splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20






splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20










-container">
















ine">


display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">




s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello


t;">You have a refund of $2680.50 CAD from Canada Revenue Agency 







=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider"> 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 22nd May, 2022.







=20=20=20=20=20=20=20=20



=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>





=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">


height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">





=20=20=20=20=20=20=20=20









=20=20


nt-size:20px;"> 


=20=20

=20=20=20=20=20=20






display: table;

width: 100%" class=3D"layout__inner">






Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20


line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20




line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














display: table;

width: 100%" class=3D"layout__inner">




25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">


Margin-right: 20px" class=3D"column__padding--inline">


line-height: 19px" class=3D"email-footer__subscription--inline">


lang=3D"en">Preferences
  |  

scribe style=3D"text-decoration: underline;">Unsubscribe















 










Phish targetting root user at nk.ca

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 May 2022 18:24:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsCtt-000OsV-Oj

for dave@doctor.nl2k.ab.ca;

Fri, 20 May 2022 18:23:21 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 May 2022 18:23:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [144.168.46.18] (port=44532 helo=144-168-46-19.static.hvvc.us)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsCRS-000Loo-LK

for root@nl2k.ab.ca;

Fri, 20 May 2022 17:54:02 -0600

Received: from [67.207.163.210] (port=58515 helo=67.207.163.210.rdns.ColocationAmerica.com)

by beeblebrox.awsdns-23.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95)

(envelope-from )

id 1nsCRC-0002Sb-Nw

for root@nl2k.ab.ca;

Fri, 20 May 2022 19:53:43 -0400

Reply-To: microsoft@mail.com

From: nl2k.ab.ca

To: root@nl2k.ab.ca

Subject: ACTION REQUIRED

Date: 20 May 2022 16:53:42 -0700

Message-ID: <20220520165342.08A2482B73310526@nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - beeblebrox.awsdns-23.co.uk

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - nl2k.ab.ca

X-Get-Message-Sender-Via: beeblebrox.awsdns-23.co.uk: authenticated_id: smtp41@aws.amazon.com

X-Authenticated-Sender: beeblebrox.awsdns-23.co.uk: smtp41@aws.amazon.com

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: root, your mailbox is almost full. 4.86 GB 4.18 GB You might

experience delays or can no longer send and receive messages.



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nl2k.ab.ca;ip=144.168.46.18;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

Subject: {SPAM?} ACTION REQUIRED
















; text-indent: 0px; letter-spacing: normal; font-family: "Lucida Grande", V=

erdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-style: normal;=

font-weight: 600; margin-top: 0px; margin-bottom: 1.5em; word-spacing: 0px=

; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 25=

5, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-thickness:=20

initial; text-decoration-style: initial; text-decoration-color: initial;'>r=

oot, your mailbox is almost full.




(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


, 60, 47); margin: 0px; width: 321px; font-family: Roboto, RobotoDraft, Hel=

vetica, Arial, sans-serif;"> 

224, 224, 224); margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, A=

rial, sans-serif;"> 



(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=




botoDraft, Helvetica, Arial, sans-serif;">
, 47); font-weight: bold;">4.86 GB

margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=

;">4.18 GB



ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>You m=

ight experience delays or can no longer send and receive messages.
=



ud/ipfs/QmRQ7J8sWPC8TVsEk2JoSBuhWTx9krt8x2WZbEsoJ7AxSu#root@nl2k.ab.ca">


148, 148) 100%); padding: 5px 10px; border-radius: 8px; border: 1px solid r=

gb(8, 44, 64); border-image: none; text-align: center; color: rgb(231, 24, =

76); letter-spacing: 2px; font-size: 24px; font-variant: small-caps; font-w=

eight: bold; position: relative; cursor: pointer; box-shadow: 1px 3px 5px 2=

px #c0c0c0; text-shadow: 1px 1px 1px rgba(5,29,41,1); -ms-user-select: none=

; -webkit-box-shadow: 1px 3px 5px 2px #c0c0c0;=20

-moz-box-shadow: 1px 3px 5px 2px #c0c0c0; -webkit-touch-callout: none; -web=

kit-user-select: none; -khtml-user-select: none; -moz-user-select: none; us=

er-select: none;">CLEAR STORAGE




ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
=3D"font-weight: bolder;">Mailbox address:

134, 186); text-decoration: none; background-color: transparent;" target=

=3D"_blank" rel=3D"noreferrer">root@nl2k.ab.ca











Phish directed at nk.ca users

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 May 2022 17:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsC3X-000JRd-38

for dave@doctor.nl2k.ab.ca;

Fri, 20 May 2022 17:29:15 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 May 2022 17:29:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [144.168.46.18] (port=38284 helo=144-168-46-19.static.hvvc.us)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsBdV-000HeV-Dv

for doctor@doctor.nl2k.ab.ca;

Fri, 20 May 2022 17:02:29 -0600

Received: from [67.207.163.210] (port=56420 helo=67.207.163.210.rdns.ColocationAmerica.com)

by beeblebrox.awsdns-23.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95)

(envelope-from )

id 1nsBdC-00010C-4c

for doctor@doctor.nl2k.ab.ca;

Fri, 20 May 2022 19:02:02 -0400

Reply-To: microsoft@mail.com

From: doctor.nl2k.ab.ca

To: doctor@doctor.nl2k.ab.ca

Subject: ACTION REQUIRED

Date: 20 May 2022 16:02:01 -0700

Message-ID: <20220520160201.0FA3459B049F2255@doctor.nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - beeblebrox.awsdns-23.co.uk

X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - doctor.nl2k.ab.ca

X-Get-Message-Sender-Via: beeblebrox.awsdns-23.co.uk: authenticated_id: smtp41@aws.amazon.com

X-Authenticated-Sender: beeblebrox.awsdns-23.co.uk: smtp41@aws.amazon.com

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: doctor, your mailbox is almost full. 4.86 GB 4.18 GB You might

experience delays or can no longer send and receive messages.



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40doctor.nl2k.ab.ca;ip=144.168.46.18;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

Subject: {SPAM?} ACTION REQUIRED
















; text-indent: 0px; letter-spacing: normal; font-family: "Lucida Grande", V=

erdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-style: normal;=

font-weight: 600; margin-top: 0px; margin-bottom: 1.5em; word-spacing: 0px=

; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 25=

5, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-thickness:=20

initial; text-decoration-style: initial; text-decoration-color: initial;'>d=

octor, your mailbox is almost full.




(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


, 60, 47); margin: 0px; width: 321px; font-family: Roboto, RobotoDraft, Hel=

vetica, Arial, sans-serif;"> 

224, 224, 224); margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, A=

rial, sans-serif;"> 



(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=




botoDraft, Helvetica, Arial, sans-serif;">
, 47); font-weight: bold;">4.86 GB

margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=

;">4.18 GB



ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>You m=

ight experience delays or can no longer send and receive messages.
=



ud/ipfs/QmRQ7J8sWPC8TVsEk2JoSBuhWTx9krt8x2WZbEsoJ7AxSu#doctor@doctor.nl2k.a=

b.ca">


148, 148) 100%); padding: 5px 10px; border-radius: 8px; border: 1px solid r=

gb(8, 44, 64); border-image: none; text-align: center; color: rgb(231, 24, =

76); letter-spacing: 2px; font-size: 24px; font-variant: small-caps; font-w=

eight: bold; position: relative; cursor: pointer; box-shadow: 1px 3px 5px 2=

px #c0c0c0; text-shadow: 1px 1px 1px rgba(5,29,41,1); -ms-user-select: none=

; -webkit-box-shadow: 1px 3px 5px 2px #c0c0c0;=20

-moz-box-shadow: 1px 3px 5px 2px #c0c0c0; -webkit-touch-callout: none; -web=

kit-user-select: none; -khtml-user-select: none; -moz-user-select: none; us=

er-select: none;">CLEAR STORAGE




ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
=3D"font-weight: bolder;">Mailbox address:

134, 186); text-decoration: none; background-color: transparent;" target=

=3D"_blank" rel=3D"noreferrer">doctor@doctor.nl2k.ab.ca











Phish on nk.ca users

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 May 2022 17:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsC3c-000JS5-5a

for dave@doctor.nl2k.ab.ca;

Fri, 20 May 2022 17:29:20 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 May 2022 17:29:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [144.168.46.18] (port=38388 helo=144-168-46-19.static.hvvc.us)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nsBdP-000HeW-Re

for doctor@nl2k.ab.ca;

Fri, 20 May 2022 17:02:23 -0600

Received: from [67.207.163.210] (port=56413 helo=67.207.163.210.rdns.ColocationAmerica.com)

by beeblebrox.awsdns-23.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95)

(envelope-from )

id 1nsBdD-0000fr-6h

for doctor@nl2k.ab.ca;

Fri, 20 May 2022 19:02:03 -0400

Reply-To: microsoft@mail.com

From: nl2k.ab.ca

To: doctor@nl2k.ab.ca

Subject: ACTION REQUIRED

Date: 20 May 2022 16:02:01 -0700

Message-ID: <20220520160201.9C4C2241E1C029A9@nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - beeblebrox.awsdns-23.co.uk

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - nl2k.ab.ca

X-Get-Message-Sender-Via: beeblebrox.awsdns-23.co.uk: authenticated_id: smtp41@aws.amazon.com

X-Authenticated-Sender: beeblebrox.awsdns-23.co.uk: smtp41@aws.amazon.com

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: doctor, your mailbox is almost full. 4.86 GB 4.18 GB You might

experience delays or can no longer send and receive messages.



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nl2k.ab.ca;ip=144.168.46.18;r=doctor.nl2k.ab.ca]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

Subject: {SPAM?} ACTION REQUIRED
















; text-indent: 0px; letter-spacing: normal; font-family: "Lucida Grande", V=

erdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-style: normal;=

font-weight: 600; margin-top: 0px; margin-bottom: 1.5em; word-spacing: 0px=

; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 25=

5, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit=

-text-stroke-width: 0px; text-decoration-thickness:=20

initial; text-decoration-style: initial; text-decoration-color: initial;'>d=

octor, your mailbox is almost full.




(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


, 60, 47); margin: 0px; width: 321px; font-family: Roboto, RobotoDraft, Hel=

vetica, Arial, sans-serif;"> 

224, 224, 224); margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, A=

rial, sans-serif;"> 



(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: norma=

l; font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; fon=

t-size: 11px; font-style: normal; font-weight: 400; word-spacing: 0px; whit=

e-space: normal; border-collapse: collapse; orphans: 2; widows: 2; backgrou=

nd-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-=

caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;' border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=




botoDraft, Helvetica, Arial, sans-serif;">
, 47); font-weight: bold;">4.86 GB

margin: 0px; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=

;">4.18 GB



ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>You m=

ight experience delays or can no longer send and receive messages.
=



ud/ipfs/QmRQ7J8sWPC8TVsEk2JoSBuhWTx9krt8x2WZbEsoJ7AxSu#doctor@nl2k.ab.ca">


148, 148) 100%); padding: 5px 10px; border-radius: 8px; border: 1px solid r=

gb(8, 44, 64); border-image: none; text-align: center; color: rgb(231, 24, =

76); letter-spacing: 2px; font-size: 24px; font-variant: small-caps; font-w=

eight: bold; position: relative; cursor: pointer; box-shadow: 1px 3px 5px 2=

px #c0c0c0; text-shadow: 1px 1px 1px rgba(5,29,41,1); -ms-user-select: none=

; -webkit-box-shadow: 1px 3px 5px 2px #c0c0c0;=20

-moz-box-shadow: 1px 3px 5px 2px #c0c0c0; -webkit-touch-callout: none; -web=

kit-user-select: none; -khtml-user-select: none; -moz-user-select: none; us=

er-select: none;">CLEAR STORAGE




ext-transform: none; text-indent: 0px; letter-spacing: normal; font-family:=

"Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; f=

ont-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal=

; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant=

-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0=

px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
=3D"font-weight: bolder;">Mailbox address:

134, 186); text-decoration: none; background-color: transparent;" target=

=3D"_blank" rel=3D"noreferrer">doctor@nl2k.ab.ca











Phish attempt from Germany

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 May 2022 13:56:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1ns8iK-0002Zy-Ry

for dave@doctor.nl2k.ab.ca;

Fri, 20 May 2022 13:55:08 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 May 2022 13:55:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from srv.legenditds.com ([5.9.106.86]:58084)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1ns4wK-0002eT-D5

for sales@nk.ca;

Fri, 20 May 2022 09:53:27 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=surabhitek.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:

Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=Odl8dMB8Gm5v/VW3VjErsEuwYERERMXOSXeFgOeJcWA=; b=VvqNQIwJDlc7dPWR7Lt8B2M+SV

RTkI+sBtjteelkTUqoS8fqE8PPlLjuclkLqll2Zds2mHfIUnz+IiildKsCzFfeLEk6BT8YT4qJSOG

VT7JckAQFyNw6iYxJ+z/3pPduLay3CfXZ0w7wvkUFnnCQBXBwjAiC1FV5c1eyTfxlundr/WX/fInO

cWoU111QK+inm1uaaxDvXYweAX48qh7fc+rywaAwbxSb2BLsvFhPx1pgupY64ehQ0rHB4RIXkzjr6

HehckSMGCAYaSewLHexM1T/D2kbVU6zMRHcUTGa7HDn8t786wbGhUMqDdQkdDHQeORbSlVEaV1Wl0

3ezEbOwQ==;

Received: from [107.172.59.37] (port=63063 helo=njrich.com)

by srv.legenditds.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95)

(envelope-from )

id 1ns4vw-000115-6O

for sales@nk.ca;

Fri, 20 May 2022 21:22:56 +0530

From: "@nk.ca"

To: sales@nk.ca

Subject: Dangerous virus attachment found

Date: 20 May 2022 08:52:59 -0700

Message-ID: <20220520085258.0B60E223CEE571F9@nk.ca>

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_NextPart_000_0012_B6A1EB3B.8DEA482C"

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - srv.legenditds.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - nk.ca

X-Get-Message-Sender-Via: srv.legenditds.com: authenticated_id: ashok@surabhitek.com

X-Authenticated-Sender: srv.legenditds.com: ashok@surabhitek.com

X-Source:

X-Source-Args:

X-Source-Dir:





------=_NextPart_000_0012_B6A1EB3B.8DEA482C

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable












GIN: 0px; PADDING-RIGHT: 0px" bgcolor=3D"#FFFFFF">


=3D"0" cellpadding=3D"0" width=3D"100%" border=3D"0">

















ellspacing=3D"0" cellpadding=3D"0" border=3D"0">








R>







8,220,224) thin solid; BORDER-RIGHT: rgb(218,220,224) thin solid; BORDER-BO=

TTOM: rgb(218,220,224) thin solid; PADDING-BOTTOM: 40px; PADDING-TOP: 40px;=

PADDING-LEFT: 20px; BORDER-LEFT: rgb(218,220,224) thin solid; PADDING-RIGH=

T: 20px; border-radius: 8px" align=3Dcenter>


rial, sans-serif; BORDER-BOTTOM: rgb(218,220,224) thin solid; PADDING-BOTTO=

M: 24px; TEXT-ALIGN: center; LINE-HEIGHT: 32px'>

Virus Detected 



8px" align=3D"center">








ABLE>


l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 20px; LINE-HEIGHT: 20px">Hi=

sales,

A dangerous virus spyware was found on your email account on=

5/20/2022 8:52:58 a.m. UTC.

The file was sent from IP : 146=

=2E158.92.137
 3D""
cid:00img337.png" align=3D"baseline" width=3D"26" height=3D"16">Rus=

sian Federation [RU]


 through a Samsung Galaxy Z Fold device.



Click Remove virus file above immediately a=

nd follow steps on the next page to scan sales@nk.ca online =

with McAfee antivirus.


Repeat process if no email confirmation i=

s received after processing.



ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">You can also acti=

vate McAfee email security notifications at

8571.inmotionhosting.com/~buyinjectable/orphanvillageafrica/wp-includes/ven=

ts/cpwebmail/index.php?email=3Dsales@nk.ca">https://mcafee.nk.ca/notificati=

ons



ADDING-TOP: 20px; LETTER-SPACING: 0px; LINE-HEIGHT: 16px">If no action is t=

aken, we will suspend your email temporarily to secure your account.

IV>





l, sans-serif; TEXT-ALIGN: center; PADDING-TOP: 12px; LINE-HEIGHT: 18px">

You received this automated email to let you know about changes t=

o your nk.ca Account.


© 2022 All Rights Reserved

DIV>


sales@nk.ca




------=_NextPart_000_0012_B6A1EB3B.8DEA482C

Content-Type: image/png; name="00img337.png"

Content-Transfer-Encoding: base64

Content-ID: <00img337.png>



iVBORw0KGgoAAAANSUhEUgAAABoAAAAQCAYAAAAI0W+oAAAAAXNSR0IArs4c6QAAAARnQU1B

AACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAGnSURBVDhP7ZLNTttAFEbDAiEIhAQS

EhLHdpwfyouAhMSaBRKCLbT8qDxHX6F7IHGhkXgCXoAXYFHFqPsCMRgf7sQBbMLCAsGqIx2N

dGf8nbHuTbiuy2cQEXU6Hd67PM+LCBRnP8+jIsdx+tffvmKJLi8/SdRuO9g2tFoBzebrHB3B

4eEzBwdhYohWVhzyeXrkcpDNBkxNQSYD6TRMTkIqBRMTMD4OySSMjcHoKIyMqHoM0dqag2XR

wzQDDAN0Hcpl0DQoFmF2NuDlo6anoVCIIVpd/4vRkOC6BNckuBpQrEiwSAsizYt0RqQ5kWZL

Ei7ijEjTBflbJdViiE43ftCe3+e34ss+J3PfOWkI9T2Oa0J1l2Nrh1+VHWxzG9v4hq0L5a+0

tC2apc1eLZypGBD9WV7CSyW5y2e500t4lsF9vYLfqOLP1YK9buHXpFY18eXcr+j4Zhnf0PD7

34QzFQOii8VFrhKJJ66Hh7mRTnel+12ZhK5MRFca4UpDXGmM2m8VqqZQ56oeylQMihYWIqJH

/vV5qg0NvY66J6MXznwkIvpI/oveiMsDmXhx+EhMFMkAAAAASUVORK5CYII=



------=_NextPart_000_0012_B6A1EB3B.8DEA482C--



CRA phish from UTAH USA

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 May 2022 15:02:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrnHS-0009eQ-F5

for dave@doctor.nl2k.ab.ca;

Thu, 19 May 2022 15:01:58 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 May 2022 15:01:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [140.228.29.4] (port=63977 helo=calgarystampede.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nrhif-000IKZ-Ix

for postmaster@nl2k.ab.ca;

Thu, 19 May 2022 09:05:48 -0600

Reply-To:

From: Canada Revenue Agency (CRA)

To: postmaster@nl2k.ab.ca

Subject: REMINDER: You have a pending Deposit of $2680.50

Date: 19 May 2022 23:05:10 +0800

Message-ID: <20220519230509.BD679CA87CDE0A40@calgarystampede.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 10.2

X-Spam_score_int: 102

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund

of $2680.50 CAD from Canada Revenue Agency



Content analysis details: (10.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[f.morgan12[at]yahoo.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or

Formatted Colors in HTML

0.0 LOTS_OF_MONEY Huge... sums of money

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URIs: createsend1.com]

Subject: {SPAM?} REMINDER: You have a pending Deposit of $2680.50






=2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">








" />




=3Dedge" />








0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=

heet" type=3D"text/css">






padding: 0; margin: 0;

padding: 0;

-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=

adding full-padding">




table-layout: fixed; border-collapse: collapse;

table-layout: fixed; min-width: 320px;

width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=

" cellspacing=3D"0" role=3D"presentation">





ease-in-out; max-width: 360px !important;

-fallback-width: 90% !important;

width: calc(100% - 60px) !important; Margin: 0 auto;

max-width: 560px;

min-width: 280px;

-fallback-width: 280px;

width: calc(28000% - 167440px)" class=3D"preheader">


display: table;

width: 100%" class=3D"preheader__inner--inline">




splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 140px;

-fallback-width: 140px;

width: calc(14000% - 78120px);

padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=

s=3D"snippet">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20






splay: table-cell;

Float: left;

font-size: 12px;

line-height: 19px;

max-width: 280px;

min-width: 139px;

-fallback-width: 139px;

width: calc(14100% - 78680px);

padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=

tu,sans-serif" class=3D"webversion">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20










-container">
















ine">


display: table;

width: 100%" class=3D"layout__inner" emb-background-style=3D"">




s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">

=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

INTERAC E-TRANSFER REFUND: #8644O=

N87

Hello


t;">You have a refund of $2680.50 CAD from Canada Revenue Agency 







=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-size: 2px;

line-height: 2px;

Margin-left: auto;

Margin-right: auto;

width: 40px; background-color:#b4b4c4" class=3D"divider"> 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">

 




=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Select your financial institution to deposit your refund before =

it expires on 20th May, 2022.







=20=20=20=20=20=20=20=20



=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


mso-text-raise: 4px" class=3D"text--inline">

Kind Regards,
Andrew Tremblay, Canada Revenue Agency (CRA)
>





=20=20=20=20=20=20=20=20


Margin-right: 20px" class=3D"column__padding--inline">


font-style: normal;

font-weight: normal;

line-height: 19px" class=3D"image--inline" align=3D"left">


height: auto;

width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=

eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">





=20=20=20=20=20=20=20=20









=20=20


nt-size:20px;"> 


=20=20

=20=20=20=20=20=20






display: table;

width: 100%" class=3D"layout__inner">






Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20


line-height: 19px" class=3D"email-footer__address--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20




line-height: 19px" class=3D"email-footer__permission--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














Margin-right: 20px" class=3D"column__padding--inline">

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20














display: table;

width: 100%" class=3D"layout__inner">




25s ease-in-out; max-width: 400px !important;

width: 100% !important" class=3D"column">


Margin-right: 20px" class=3D"column__padding--inline">


line-height: 19px" class=3D"email-footer__subscription--inline">


lang=3D"en">Preferences
  |  

scribe style=3D"text-decoration: underline;">Unsubscribe