Return-path:
Envelope-to: dave@nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 23:42:00 -0600
Received: from ip127-61-15-186.ct.co.cr ([186.15.61.127]:31216)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrYuB-000PPt-8x
for dave@nl2k.ab.ca;
Wed, 18 May 2022 23:41:05 -0600
Message-ID: <51E341A22BF300C87AD83BB26A9951E3@4XHA2TI3Y>
From:
To:
Subject: You have an outstanding payment. Debt settlement required.
Date: 18 May 2022 16:17:31 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
X-Spam_score: 15.9
X-Spam_score_int: 159
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all
devices that you use to browse internet. Afterwards, I have proceeded with
[...]
Content analysis details: (15.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[186.15.61.127 listed in dnsbl.sorbs.net]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[186.15.61.127 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[186.15.61.127 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=dave%40nl2k.ab.ca;ip=186.15.61.127;r=doctor.nl2k.ab.ca]
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_XPRIO Bitcoin + priority
3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr 1)
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
1.6 BITCOIN_ONAN BitCoin + [censored]
Subject: {SPAM?} You have an outstanding payment. Debt settlement required.
Hello!
Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.
Afterwards, I have proceeded with monitoring all internet activities of yours.
You can check out the sequence of events summarize below:
Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).
Clearly, I could effortlessly log in to your email account as well (dave@nl2k.ab.ca).
One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.
Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).
Genius is in simplicity. ( ~_^)
Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).
I could easily download all your data, photos, web browsing history and other information to my servers.
I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.
This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.
Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...
While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.
You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.
To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.
If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.
In addition, I can upload them online for entire public to access.
I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.
We can still resolve it in the following manner:
You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.
Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.
It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.
If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.
My bitcoin wallet is as follows: 1771s891APz1wNKdn5fe3Vknmf5pN18cWu
You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).
Don't forget to keep in mind and abstain from doing the following:
> Do not attempt to reply my email (this email was generated in your inbox together with the return address).
> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.
> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.
> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.
Things you should be concerned about:
> That I will not receive the funds transfer you make.
Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).
> That I will still distribute your videos after you have sent the money to me.
Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!
It all will be settled on fair conditions and terms!
One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!
My suggestion - make sure you change all your passwords as often as possible.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 16:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrRln-000NhN-3C
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 16:03:51 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 16:03:51 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [5.119.3.141] (port=39502 helo=[5.233.140.189])
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrQYF-000Jq7-Hm
for sales@nk.ca;
Wed, 18 May 2022 14:45:52 -0600
Message-ID: <85E58B9531EBFB2F4F213F9B415185E5@5BU5WV8T5>
From:
To:
Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
Date: 19 May 2022 03:36:22 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0048_01D86B1D.0377FB1E"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
X-Spam_score: 13.1
X-Spam_score_int: 131
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. I have bad news for you. Unfortunately, something bad
happened. One of your credentials was compromised, and that led to a chain
of events that I will explain to you now. Using your password, our team got
access to your email. We downloaded all data, and with some [...]
Content analysis details: (13.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=5.119.3.141;r=doctor.nl2k.ab.ca]
2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam
(FTSDMCXX/boundary variant) + no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_XPRIO Bitcoin + priority
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
This is a multi-part message in MIME format.
------=_NextPart_000_0048_01D86B1D.0377FB1E
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_0048_01D86B1D.0377FB1E
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted =
files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_0048_01D86B1D.0377FB1E--
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 16:04:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrRlj-000Ngw-7I
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 16:03:47 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 16:03:47 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 93-141-69-47.adsl.net.t-com.hr ([93.141.69.47]:15832)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrQKi-000JHm-AM
for doctor@nk.ca;
Wed, 18 May 2022 14:31:53 -0600
From:
To:
Subject: =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
Date: 18 May 2022 23:20:24 +0100
Message-ID: <003001d86b07$067754c4$12f317b9$@nk.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_002D_01D86B07.067377DA"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac8t9bkg9r3t3hq18t9bkg9r3t3hq1==
Content-Language: en-us
X-Spam_score: 22.5
X-Spam_score_int: 225
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi. I have bad news for you. Unfortunately, something bad
happened. One of your credentials was compromised, and that led to a chain
of events that I will explain to you now. Using your password, our team got
access to your email. We downloaded all data, and with some [...]
Content analysis details: (22.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see ]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[93.141.69.47 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[93.141.69.47 listed in bb.barracudacentral.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nk.ca;ip=93.141.69.47;r=doctor.nl2k.ab.ca]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 PDS_BTC_ID FP reduced Bitcoin ID
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} =?UTF-8?B?Q2FyZWZ1bCwgaXQncyBpbXBvcnRhbnQ=?=
This is a multi-part message in MIME format.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
(filtered medium)">
link=3D"#0563C1" vlink=3D"#954F72">
class=3DMsoNormal>Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of =
events that I will explain to you now.
Using your password, our team got access to your email. We downloaded =
all data, and with some effort used it to get access to your backup =
files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and =
videos, chats, documents, emails, contacts, your browsing history, =
notes, social media history and more, including some deleted =
files.
I am sure that you dont want any part of your private information to be =
seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information =
against you.
If you are not sure of what can be done, just imagine what would happen =
if we use your email and phone number to send the most private and =
damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to =
delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing =
to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is =
1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that =
you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
------=_NextPart_000_002D_01D86B07.067377DA--
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 16:01:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrRi9-000NMu-1F
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 16:00:05 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 16:00:05 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from bl17-242-116.dsl.telepac.pt ([188.82.242.116]:19185)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrQiV-000KHF-RS
for support@nk.ca;
Wed, 18 May 2022 14:56:29 -0600
Message-ID: <004e01d86b02$077394a4$28744996@icqot>
From:
To:
Subject: You have an outstanding payment. Debt settlement required.
Date: 18 May 2022 21:32:00 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam_score: 18.8
X-Spam_score_int: 188
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all
devices that you use to browse internet. Afterwards, I have proceeded with
[...]
Content analysis details: (18.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[188.82.242.116 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[188.82.242.116 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[188.82.242.116 listed in bb.barracudacentral.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=support%40nk.ca;ip=188.82.242.116;r=doctor.nl2k.ab.ca]
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_XPRIO Bitcoin + priority
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
1.6 BITCOIN_ONAN BitCoin + [censored]
Subject: {SPAM?} You have an outstanding payment. Debt settlement required.
Hello!
Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.
Afterwards, I have proceeded with monitoring all internet activities of yours.
You can check out the sequence of events summarize below:
Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).
Clearly, I could effortlessly log in to your email account as well (support@nk.ca).
One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.
Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).
Genius is in simplicity. ( ~_^)
Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).
I could easily download all your data, photos, web browsing history and other information to my servers.
I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.
This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.
Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...
While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.
You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.
To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.
If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.
In addition, I can upload them online for entire public to access.
I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.
We can still resolve it in the following manner:
You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.
Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.
It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.
If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.
My bitcoin wallet is as follows: 1771s891APz1wNKdn5fe3Vknmf5pN18cWu
You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).
Don't forget to keep in mind and abstain from doing the following:
> Do not attempt to reply my email (this email was generated in your inbox together with the return address).
> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.
> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.
> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.
Things you should be concerned about:
> That I will not receive the funds transfer you make.
Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).
> That I will still distribute your videos after you have sent the money to me.
Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!
It all will be settled on fair conditions and terms!
One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!
My suggestion - make sure you change all your passwords as often as possible.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 15:51:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrRYy-000Mqi-TZ
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 15:50:36 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 15:50:36 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [140.228.29.4] (port=61237 helo=calgarystampede.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrMcD-0008bx-6h
for sales@netknow.ca;
Wed, 18 May 2022 10:33:43 -0600
Reply-To:
From: Canada Revenue Agency (CRA)
To: sales@netknow.ca
Subject: Deposit Your Interac e-Transfer Refund
Date: 19 May 2022 00:33:09 +0800
Message-ID: <20220519003309.92208B51386A2E93@calgarystampede.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 9.1
X-Spam_score_int: 91
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: INTERAC E-TRANSFER REFUND: #8644ON87 Hello You have a refund
of $2680.50 CAD from Canada Revenue Agency
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[f.morgan12[at]yahoo.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or
Formatted Colors in HTML
0.0 LOTS_OF_MONEY Huge... sums of money
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: createsend1.com, glitch.me]
Subject: {SPAM?} Deposit Your Interac e-Transfer Refund
" />
=3Dedge" />
=3D"text/css" emb-not-inline>
@media only screen and (min-width: 620px){.wrapper{min-width:600px !importa=
nt}.wrapper h1{}.wrapper h1{font-size:26px !important;line-height:34px !imp=
ortant}.wrapper h2{}.wrapper h3{}.column{}.wrapper .size-8{font-size:8px !i=
mportant;line-height:14px !important}.wrapper .size-9{font-size:9px !import=
ant;line-height:16px !important}.wrapper .size-10{font-size:10px !important=
;line-height:18px !important}.wrapper .size-11{font-size:11px !important;li=
ne-height:19px !important}.wrapper .size-12{font-size:12px !important;line-=
height:19px !important}.wrapper .size-13{font-size:13px !important;line-hei=
ght:21px !important}.wrapper .size-14{font-size:14px !important;line-height=
:21px !important}.wrapper .size-15{font-size:15px !important;line-height:23=
px !important}.wrapper .size-16{font-size:16px !important;line-height:24px =
!important}.wrapper .size-17{font-size:17px !important;line-height:26px !im=
portant}.wrapper .size-18{font-size:18px !important;line-height:26px !impor=
tant}.wrapper .size-20{font-size:20px !important;line-height:28px !importan=
t}.wrapper .size-22{font-size:22px !important;line-height:31px !important}.=
wrapper .size-24{font-size:24px !important;line-height:32px !important}.wra=
pper .size-26{font-size:26px !important;line-height:34px !important}.wrappe=
r .size-28{font-size:28px !important;line-height:36px !important}.wrapper .=
size-30{font-size:30px !important;line-height:38px !important}.wrapper .siz=
e-32{font-size:32px !important;line-height:40px !important}.wrapper .size-3=
4{font-size:34px !important;line-height:43px !important}.wrapper .size-36{f=
ont-size:36px !important;line-height:43px !important}.wrapper .size-40{font=
-size:40px !important;line-height:47px !important}.wrapper .size-44{font-si=
ze:44px !important;line-height:50px !important}.wrapper .size-48{font-size:=
48px !important;line-height:54px !important}.wrapper .size-56{font-size:56p=
x !important;line-height:60px !important}.wrapper .size-64{font-size:64px !=
important;line-height:63px !important}}
0,700,400italic,700italic|Ubuntu:400,700,400italic,700italic" rel=3D"styles=
heet" type=3D"text/css">
>
=2Ewrapper{background-color:#ededf1}.wrapper h1{color:#3e4751}.wrapper h1{f=
ont-size:22px;line-height:31px}.wrapper h1{}.wrapper h1{font-family:Ubuntu,=
sans-serif}.wrapper h2{color:#3e4751}.wrapper h2{font-size:16px;line-height=
:24px}.wrapper h2{}.wrapper h2{font-family:Ubuntu,sans-serif}.wrapper h3{co=
lor:#788991}.wrapper h3{font-size:16px;line-height:24px}.wrapper a{color:#4=
eaacc}.fixed-width .column,.full-width--inline .column,.column__background_=
_inner--inline{color:#7c7e7f}.fixed-width .column,.full-width--inline .colu=
mn,.column__background__inner--inline{font-size:14px;line-height:21px}.fixe=
d-width .column,.full-width--inline .column,.column__background__inner--inl=
ine{font-family:PT Serif,Georgia,serif}.fixed-width.has-border .layout__inn=
er{border-top:1px solid #b4b4c4;border-right:1px solid #b4b4c4;border-botto=
m:1px solid #b4b4c4;border-left:1px solid #b4b4c4}.full-width--inline.has-b=
order,.has-gutter.has-border .column__background{border-top:1px solid #b4b4=
c4;border-bottom:1px solid #b4b4c4}.border{background-color:#b4b4c4}.wrappe=
r blockquote{border-left:4px solid #b4b4c4}.divider{background-color:#b4b4c=
4}.wrapper .btn a{color:#fff}.wrapper .btn a{font-family:PT Serif,Georgia,s=
erif}.btn--flat a,.btn--shadow a,.btn--depth a{background-color:#4eaacc}.bt=
n--ghost a{border:1px solid #4eaacc}.snippet,.webversion,.email-footer .col=
umn{color:#7c7e7f}.snippet,.webversion,.email-footer .column{font-family:Ub=
untu,sans-serif}.wrapper .preheader a,.wrapper .footer__left a{color:#7c7e7=
f}.logo{color:#c3ced9}.logo{font-family:Roboto,Tahoma,sans-serif}.wrapper .=
logo a{color:#c3ced9}.email-footer a{color:#7c7e7f}.email-footer a:hover{co=
lor:#7c7e7f !important}.email-footer .footer__share-button__link--inline{ba=
ckground-color:#777779;border-color:#777779;mso-border-color-alt:#777779}
padding: 0; margin: 0;
padding: 0;
-webkit-text-size-adjust: 100%; background-color:#ededf1" class=3D"full-p=
adding full-padding">
table-layout: fixed; border-collapse: collapse;
table-layout: fixed; min-width: 320px;
width: 100%; background-color:#ededf1" class=3D"wrapper" cellpadding=3D"0=
" cellspacing=3D"0" role=3D"presentation">
ease-in-out; max-width: 360px !important;
-fallback-width: 90% !important;
width: calc(100% - 60px) !important; Margin: 0 auto;
max-width: 560px;
min-width: 280px;
-fallback-width: 280px;
width: calc(28000% - 167440px)" class=3D"preheader">
display: table;
width: 100%" class=3D"preheader__inner--inline">
splay: table-cell;
Float: left;
font-size: 12px;
line-height: 19px;
max-width: 280px;
min-width: 140px;
-fallback-width: 140px;
width: calc(14000% - 78120px);
padding: 10px 0 5px 0; color:#7c7e7f; font-family:Ubuntu,sans-serif" clas=
s=3D"snippet">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20
splay: table-cell;
Float: left;
font-size: 12px;
line-height: 19px;
max-width: 280px;
min-width: 139px;
-fallback-width: 139px;
width: calc(14100% - 78680px);
padding: 10px 0 5px 0; text-align: right; color:#7c7e7f; font-family:Ubun=
tu,sans-serif" class=3D"webversion">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20
-container">
"Margin-top:20px;Margin-bottom:25px;">
>
pg" alt=3D"" width=3D"165" style=3D"max-width:165px">
ine">
display: table;
width: 100%" class=3D"layout__inner" emb-background-style=3D"">
s ease-in-out; max-width: 400px !important;
width: 100% !important" class=3D"column">
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
mso-text-raise: 4px" class=3D"text--inline">
INTERAC E-TRANSFER REFUND: #8644O=
N87 Hello
t;">You have a refund of $2680.50 CAD from Canada Revenue Agency
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
font-size: 2px;
line-height: 2px;
Margin-left: auto;
Margin-right: auto;
width: 40px; background-color:#b4b4c4" class=3D"divider">
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
mso-text-raise: 4px" class=3D"text--inline">
Select your financial institution to deposit your refund before =
it expires on 19th May, 2022.
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
=
e" fix-pos data-vml-width=3D"182" height=3D"48" style=3D"background-color: =
#1c1601; color: #ffffff !important; font-family: PT Serif, Georgia, serif; =
border-radius: 4px;">Deposit Your Refund
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
mso-text-raise: 4px" class=3D"text--inline">
Kind Regards, Andrew Tremblay, Canada Revenue Agency (CRA)
>
=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
font-style: normal;
font-weight: normal;
line-height: 19px" class=3D"image--inline" align=3D"left">
height: auto;
width: 100%; max-width:160px" alt=3D"" width=3D"160" src=3D"https://i1.cr=
eatesend1.com/resize/ti/t/78/34E/B40/eblogo/signature4cropped.png">
=20=20=20=20=20=20=20=20
=20=20
nt-size:20px;">
=20=20
=20=20=20=20=20=20
display: table;
width: 100%" class=3D"layout__inner">
Margin-right: 20px" class=3D"column__padding--inline">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
line-height: 19px" class=3D"email-footer__address--inline">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
line-height: 19px" class=3D"email-footer__permission--inline">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
Margin-right: 20px" class=3D"column__padding--inline">
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
display: table;
width: 100%" class=3D"layout__inner">
25s ease-in-out; max-width: 400px !important;
width: 100% !important" class=3D"column">
Margin-right: 20px" class=3D"column__padding--inline">
line-height: 19px" class=3D"email-footer__subscription--inline">
lang=3D"en">Preferences |
scribe style=3D"text-decoration: underline;">Unsubscribe
piled/app/global/polyfill/polyfill.min.js?h=3D3B4C328A201904141205">
t>
led/app/content/emailPreview-iframe.min.js?h=3DD454A4CD201904141205" data-m=
odel=3D'{"Scrollbars":false}'>
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 15:50:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrRXy-000MmX-0G
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 15:49:34 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 15:49:33 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-tycjpn01olkn2040.outbound.protection.outlook.com ([40.92.99.40]:64494 helo=JPN01-TYC-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrM5H-00073o-T3
for info@nk.ca;
Wed, 18 May 2022 09:59:40 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=CSv4REe4VL4cGxcprDtPQkkWvoP1+1CfmXaC85tjWp/sMu1s4QcgpR9/QlED+4uVNUr2STZQVcFIYzZeQYVkSsm6AXy4B8BGAVerTk8bkDcFkcNNfxzQBSnaTNU7HT5CW3hYOLStZhXXfm4NHaPy282kYX98xo4Z281JMm2NAQRUTx3E7xi/afjPiFiSUDQnCfiqedwgGdkRphG8CPg/mYKrWQsGXLww5PJQoaF1yVpYMxx1zje7OdWjR57k1A3zQFH9kv+6gtZo4oo1Q0FZPgJTTz4mM01D/E5H5Rky6fMmkOcz8V/fn8rSX8TOg8+/FWWoRg/kJL1QPZGQGx4rbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=nX1Y0WKbTJjIuoJYgph8145MC3geBaEtmgMMiCYEdZg=;
b=c/5ZSxic+VwqQjVEDlD/y/m7MNveI07zyXzt7/2HrSVTYWco57KSaXxAx9d+CVYgRn8JYLAFTvqxEL3tGoJcBpHufVNBuR/x8yFvhQcTyxSDxt0Ll/vOyiv+vVLIy0WfHPMl6WOpaOWPpVj5C9hEvARSq/5nI4SrBe8/2Fpm3TALONCAOYm6EP8JOatW0DD0pg3kF65SD6pTB8xMfR/+HeljVYCALO1lz6EOUSTMwfcnPsrJrUaXrupaInWf8oI4zB+Ipjf7CwtiZ3YG1F3CrtPe2IgnG5NUouE9j/y7LLpOezU9o3TxwwFQ36DxOfQ8sdKGuly9PLDc8pOm8RfjGg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=nX1Y0WKbTJjIuoJYgph8145MC3geBaEtmgMMiCYEdZg=;
b=NJykHt3Jdwz64Uf4FoYQ4ksFB7n72h08JYEc1LbPIPogSsqhhhf3A/ZpfOCr55WdSaOwB2lrWmHBtijUhbuivN3Ei3X2ZzsvNkoxPCBmyqFKT0ug8/ydqD33yPe9K0/BGDAmSG7Du/syflrxjqOYdQFCJQGjRR8f/HstGExoaz+BYjVmQAn+YbrOJ+A67DS2DYC7UyJy7su/v+XDx1WTUCZcAhpKcR4yaSC7GMRO46HI77UyC5NhJ6dzVsLL82V7+oEeWRkA4n6UlVefP2DlEt10priFEJJeOln368n4pJKPC2Ep9lcS/U03VeRDxpcd5H52h9y1Sz6CNpfK/2lwyA==
Received: from OSZP286MB0760.JPNP286.PROD.OUTLOOK.COM (2603:1096:604:e8::13)
by TYCP286MB1658.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:183::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.14; Wed, 18 May
2022 15:58:25 +0000
Received: from OSZP286MB0760.JPNP286.PROD.OUTLOOK.COM
([fe80::dd20:26b5:910a:736e]) by OSZP286MB0760.JPNP286.PROD.OUTLOOK.COM
([fe80::dd20:26b5:910a:736e%9]) with mapi id 15.20.5273.015; Wed, 18 May 2022
15:58:25 +0000
From: David Smith
Subject: Prices
Thread-Topic: Prices
Thread-Index: AQHYatASHwHPyjPt1EGSYTsxpdOofg==
Date: Wed, 18 May 2022 15:58:25 +0000
Message-ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-tmn: [q/sWQUdNOVCoTNbow/xZ+DkyE6nESBEH]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e80a88a8-0aa1-488b-b0c4-08da38e73e0e
x-ms-traffictypediagnostic: TYCP286MB1658:EE_
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
KXJivNWC9D2zT/n/OViTGKR0VLoGfKYYwJFH8i0HHcFc2qknH8YCMKe6jbTZINP8G0ti/kQKx1mtWwt74/OdHs9U9iz3ng+4qSru6SHh/t6c0YJIMlhkwdvF2VixhGWOZftstx5J64Cor5y7UFd9vjfV1e7Vl52g2ckHMBEafu2z5ev7zP+6xjJwlDZImyC/Jo0++iIV+t38Zddi8z+LjlpMDrXZDh5r6Ib7lH57TJh97Ld5oXKeCqZ7s+boAbZACwiDPiL14zCWksKB8KOjA4ra8i6s40xk7o+LARj/yuj/sBpCoVst0gTAm1cMaXcH6doZBJakma9mchkORtDscfN3WyfwbffW/pPyoxLgJ3/JTfwSXNjLlXdCSTLqC1NuftXrrQls1DlVUo0pzrCfZ9wHjV9888axRTAUBmMdZbKsY6VlVLi8oflE5Hrow3BE66yLogVFX8E18UlDckkaEcXrd6iambxlDTLzXHs6rssudD7J/H9D0YoVeCuq3Ub1rm5IXPoD3ImHi0MEgugJGjOOV3zPbx28r/SgTWgaMVdUe5nNjUrkxq3Ii/qn81yf
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
=?iso-8859-1?Q?URS3YO51gU8UTeHi7QUZhnKHNu34rgr0kQgg4DBstT5PX9h00IeIiPeuFK?=
=?iso-8859-1?Q?pOrXrcNgnV6B4gsisjMJ9NJJWtnyRVhaN3CsHgRB7bgCejO/113PZwbt+o?=
=?iso-8859-1?Q?eHMD6IFfvAtgS5oejGOQOxkhkjJNv2Y611ThGESt0p5eYia4sS2PDEPX6S?=
=?iso-8859-1?Q?79X92/g+Zj6qY2EyhvNRkJ3GHy4/VsXmk1jmSa4Ek7z0pxAZ8AnJtxvoes?=
=?iso-8859-1?Q?7Yxi5MDe4WRoGARNgCciKTcoRk1KA833pG4lKRCcA8OVp93g7AUH2B34tM?=
=?iso-8859-1?Q?Oy4gNLRkc+U9/VqOXfH7U/yPTHJyjx+TCetTJThQkUnw2mp64HvPZ8rkF9?=
=?iso-8859-1?Q?3EZXmCg5OvZ1BIFTwd9sih0t4+CCEZXdB5akTunn6+9qnEHIN4WJfAhlLV?=
=?iso-8859-1?Q?tBwJLfhHBJ05LYGzmhck+uHb7MI4/ZJxP7D8MopuMBf9EJn8++kgN+q2El?=
=?iso-8859-1?Q?JYAG90GV0ZLcW65FJSFSdb6WW7rpJcEvYoL9ZR4QpUBzwDUarHkGBqV7pn?=
=?iso-8859-1?Q?AzRGLZbJKEAOYwcTR/vCeog+GTyTaszeBC0pEuuowePfwrguzS7ofGi/fk?=
=?iso-8859-1?Q?d6+Xg1frAvGfpMv+15B/N/5prDSflCJ48wlD9HLnnpxEWybitkXrzzDCsX?=
=?iso-8859-1?Q?VoP1ZmdbneygtceoeSQYxOLB14S5T2l5LDp89TwgDsERyL4fi/ZAyYg4FT?=
=?iso-8859-1?Q?+kJcxdePMa4gZonx/nGBGV45plfApjAhW6OKlx2sG9e6eylsc2CHl3JweT?=
=?iso-8859-1?Q?rgOIzDAWCkSbzUTkpX2fhz/JptXCMMsmUD4Ac2Y6Wp5d++ZQRG242kAcGG?=
=?iso-8859-1?Q?d3uStxIeRORMlBHQT3iAjlxQClpnqbBPD15LQS72hO5L6gRHToTjdCd9KR?=
=?iso-8859-1?Q?Hidzd54VsgS/SsSiyZMIgE40ZJnajpBO/it6Pz8ChjJ0S6MWB9PwovNQiD?=
=?iso-8859-1?Q?jrlLrTQzHeSFNjGIYyQQOF7J6TI9R9rk3DER0fYiepSOmu0yNNlOezqc1B?=
=?iso-8859-1?Q?x8PB3i7G3ERhWAxOQ8FUqinY8TCN1YoagSoVOmYzcdWF9ojadTd8209osA?=
=?iso-8859-1?Q?gL/+p3h6liyl2ioFgz+t4Jfo9al5y6FM1dgqXODsNN72dzpyM/79D0hDQp?=
=?iso-8859-1?Q?aRBUGV9rapfWnbKQ8v8VuktSPxUlK7nHOeAeh9XLZWc28trJLecoL/vxWH?=
=?iso-8859-1?Q?CVitMV8V5KwBsGxI4VAXa9yecTca62PydaCsbtUrLEVr1UjM1d/V5h5W0y?=
=?iso-8859-1?Q?ZBU5UTm4tMdX3/6ZkFXjWhmdl7U1R5V38ibDd4ndrjQZ2MCXGlK00btuw/?=
=?iso-8859-1?Q?zMETQ5O5VrHZsrNrg+3bnBVQePlNlDLfDvXdDDRlQ48pkP5L1IDo7WOvdx?=
=?iso-8859-1?Q?/2NRG/it+ALE9Juj5vQ3tK6qay4WGtd6h/ep5bgGj1zXFt8wDMr6csJLLK?=
=?iso-8859-1?Q?cnWiNA3XM0/r8zUlnKuYfIWo9Tg9CAbs5JfZnXGvyVjLAH5Jhs/gYKDqva?=
=?iso-8859-1?Q?0=3D?=
Content-Type: multipart/alternative;
boundary="_000_OSZP286MB076075E203E4DAF4D57E3DEBB4D19OSZP286MB0760JPNP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: OSZP286MB0760.JPNP286.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: e80a88a8-0aa1-488b-b0c4-08da38e73e0e
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2022 15:58:25.5316
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB1658
--_000_OSZP286MB076075E203E4DAF4D57E3DEBB4D19OSZP286MB0760JPNP_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi,
I am reaching out to see if there is anything that would like to upgrade, r=
epair or redesign on your site. I am a web designer/developer that can do j=
ust about anything you can imagine at very affordable prices.
Are you looking to create a new website and updating (WordPress, Joomla, Ma=
gento, Shopify, PHP, Wix, Odoo, ERP and CMS, Prestashop, HTML, E-commerce W=
ebsite, etc?
I'd be happy to send some of our Designing and Development samples & price =
list, if you'd like to assess our work. Please feel free to share your requ=
irements and queries.
Kind Regards,
David Smith
Web designer & developer
***************************************************************************=
*********************
--_000_OSZP286MB076075E203E4DAF4D57E3DEBB4D19OSZP286MB0760JPNP_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
color: rgb(0, 0, 0);">
Hi,
I am reaching out to see if there is anything that would like to upgra=
de, repair or redesign on your site. I am a web designer/developer that can=
do just about anything you can imagine at very affordable prices.
Are you looking to create a new website and updating (WordPress, Jooml=
a, Magento, Shopify, PHP, Wix, Odoo, ERP and CMS, Prestashop, HTML, E-comme=
rce Website, etc?
I'd be happy to send some of our Designing and Development samples &am=
p; price list, if you'd like to assess our work. Please feel free to share =
your requirements and queries.
Kind Regards,
David Smith
Web designer & developer
**********************************************************************=
**************************
--_000_OSZP286MB076075E203E4DAF4D57E3DEBB4D19OSZP286MB0760JPNP_--
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 07:58:27 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrKBF-000NPr-Ur
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 07:57:37 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 07:57:37 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vs1-f49.google.com ([209.85.217.49]:35803)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrK4l-000MxZ-Fs
for root@nk.ca;
Wed, 18 May 2022 07:50:59 -0600
Received: by mail-vs1-f49.google.com with SMTP id d22so2101635vsf.2
for ; Wed, 18 May 2022 06:50:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=ZAXpFFAU9tnT7Bj8C67YZcRl8DY9Q86U+Q+cIyfPwpk=;
b=aeetabiVBaHyAZqo6+Z7w1Q/Us54eiqgyXmBkzF7LzcA4HozpFnBoeMILqHlZlHOFz
SuM6/PKTvJhMTBUOGvsyHM1mcPt/xrqPwD6oMTqgVcNjMwUvppFGApjywEcDiMJDvihA
ZHPQmi7fJZGc0JK/71j+pWBFWh1MEyPM9RGEYdKYQYXWQvxxRIwKOuTHCvPueAhlfLf3
k/iXmm8Ck1zZe7RvUAWR9fXSonZu+Mlfb8z3Z6RdFmhkY2CRUEkO4sdnBemKHeRBSMSy
okt80dTG0ZYmn5ucSzgmc+5UIrfGdbd/KZxkVkY7JiqLG0WYEeZKNIqNzMz5+qCKBy/g
bZlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=ZAXpFFAU9tnT7Bj8C67YZcRl8DY9Q86U+Q+cIyfPwpk=;
b=1XwC4b8LUctSzLSD643cZ6D77IdCWxIhLVusPs/BkHf1fGfhbXxgWU9Ix0UW4BHZ94
6y15vWLa0yhOMc1l5P1sFUCdnPdLxyYd9s3NdS7PyOJ8TO8hkomIjcYANhgICo7ee98N
eBC6N/nFGpNoPkoIJA2K9k4cQRGsLKlelWzJfb47RlKs/LGWwlDiHUkg71zO5ETIyaT4
DPNFw6Keec52jrYWPWbD/FyTufn12TiHAYSIwJYD4FH5mnEYb4puREtPi5rcjjDUbDXI
PPEJPVKmjolgUYWncrn7g4W6n7kWzviL4gG5JVCZfQPwMPjvj9SotAhWjzl4aARuIWPl
I2Cg==
X-Gm-Message-State: AOAM530nilAVGWt/uupyY24DPTliZZDE4TLRm8z+LDEFENU5wRj3GMoM
nV2T6X1zmJxc0BzKmMdCZ4TsSgQhsGyI3gH+ZC0=
X-Google-Smtp-Source: ABdhPJw+yrTp2U5yCn2+lVZCmbAhFf3Xo+9hv7NWQsjIpXeBXes5BN3pIW0fYEkYMwadhE+0Uh1SSKEloA60VWeiF8s=
X-Received: by 2002:a67:d803:0:b0:335:d948:d0d6 with SMTP id
e3-20020a67d803000000b00335d948d0d6mr735645vsj.32.1652881826100; Wed, 18 May
2022 06:50:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a67:1905:0:0:0:0:0 with HTTP; Wed, 18 May 2022 06:50:25
-0700 (PDT)
Reply-To: m.wood@indamail.hu
From: Kristalina Georgieva
Date: Wed, 18 May 2022 14:50:25 +0100
Message-ID:
Subject: Urgent Attention!
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: root@nk.ca
X-Spam_score: 12.1
X-Spam_score_int: 121
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attn beneficiary, We have been waiting for you to contact
us about your package that was seized some time ago as a result of not paying
the charge for IMF Tax Clearance . Now, all modalities regarding your fund
release [...]
Content analysis details: (12.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[maijiddamustapha222[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.217.49 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[maijiddamustapha222[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
Subject: {SPAM?} Urgent Attention!
Attn beneficiary,
We have been waiting for you to contact us about your package that was
seized some time ago as a result of not paying the charge for IMF Tax
Clearance . Now, all modalities regarding your fund release have been
put in place and your total sum of US$2,500,000.00 has been logged
into a certified Bank draft to be delivered to your doorstep. This is
as a result of the financial report we received from the US President
Joe Biden to boost the exercise of clearing all outstanding debts owed
to you and other lucky individuals who have been found not to have
received their overdue funds.
It is my pleasure to inform you that your certified Bank Draft has
been registered with DHL Express for delivery to your doorstep and it
is estimated to be delivered within the next 3 working days. You are
therefore advised to contact DHL Dispatch Agent so he can issue to you
the delivery tracking information which will enable you to monitor the
movement of the delivery until it finally arrives at your doorstep.
Reconfirm your delivery details such as Full Name/Address/Phone number
and also include your registration number(DHLGX000909)
Below is the contact information.
DHL Express Service Point
Contact Person: Michael Wood
Email: m.wood@indamail.hu
Tel +1 (516) 953 4055
Congratulations, your long awaited funds will now be delivered to you
without further delay.
Regards,
Kristalina Georgieva
Managing Director(IMF)
1900 Pennsylvania Avenue NW,20431
Washington, D.C, United States
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 07:31:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrJkt-000LO7-CL
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 07:30:23 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 07:30:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wm1-f43.google.com ([209.85.128.43]:43936)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrEjh-000ATo-A9
for root@doctor.nl2k.ab.ca;
Wed, 18 May 2022 02:08:53 -0600
Received: by mail-wm1-f43.google.com with SMTP id l38-20020a05600c1d2600b00395b809dfbaso590106wms.2
for ; Wed, 18 May 2022 01:08:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=message-id:from:mime-version:content-transfer-encoding
:content-description:subject:to:date:reply-to;
bh=oA+TwLL6kjsQGzSvkVY2lBDg7Mw58gyWbxPSF1mFzu0=;
b=ck0X2kyMH7Ze4vd9K+qqgaxJgsB8guC7Vs9TDuQ9nbDeQy+9IjoQAuNzlnkZDmfsuS
TSDP74oKueuS6stP96KmXzXbBbhNRf5RFyrhnEMXvvm9MRCYTu6tYpgBtAow0Ha4Xosp
se+unWZtKLJQpZk89x3DQDsMnNpY0YqeQOGZDP/prJXhC+6XpcTNhKueEsXBhrXPe1X/
j0x49vug1BLb33lddDV0kCfs21nLLqPJsLSiEZXxC4dBnqpWxFf7PCV6szMaNpxHeLVG
1bKyxgf33qLQMcuJvi1kVVY7kXSPPbnCc1m63q9WLj7ajQCQjesoFEeIn8wZuZKFZ2s+
Pv2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:from:mime-version
:content-transfer-encoding:content-description:subject:to:date
:reply-to;
bh=oA+TwLL6kjsQGzSvkVY2lBDg7Mw58gyWbxPSF1mFzu0=;
b=4pe8ebdpDBqtx5M4wyGZYtpZPGmE8ZGD8itkcqIYr6WS7gP08owTpQHDk07SQ4A3R/
/FIH30lN2LwFnxrt/lfOxik6iFR4xJPBE+7KLdnwicDUSfYX+tnnsseMoMlOt58NxpQa
m6v1LAvMud7ZxNt1xZI2ozqJsdMFRZ5PI8p2QIBTkLkJOUly9pzBFD8ms+EzVFBgd+jk
NLgf6vkoyOYphoHSsJVFCs9Bb3faPhEm16yFRi35r5Bsnoppv3AYU5u0g5/1Xo136+pk
UWs5J7eniWUQJSIb+o/ttQWNZyAnnejElTR3OAe7I3wupjLBXphR3DHrpNti3radXN71
ZbmA==
X-Gm-Message-State: AOAM5323fN9VDqMaWEw7nVI4IbxlHBXvB5tbLWHyDjikgC29PK67V2iJ
t5dt1eYn6RIWzo6Xpicpmuk=
X-Google-Smtp-Source: ABdhPJwa/3PFjmgA0BH0ypUs7BeytijvArs4M5q17KsFE+00AhldHj3dx0m00pcDAti/RJPomFkj0Q==
X-Received: by 2002:a05:600c:1e8a:b0:397:171e:92a9 with SMTP id be10-20020a05600c1e8a00b00397171e92a9mr6298101wmb.159.1652861298904;
Wed, 18 May 2022 01:08:18 -0700 (PDT)
Received: from [192.168.8.100] ([105.112.178.173])
by smtp.gmail.com with ESMTPSA id r18-20020a05600c159200b003949dbc3790sm1018318wmf.18.2022.05.18.01.08.15
(version=TLS1 cipher=AES128-SHA bits=128/128);
Wed, 18 May 2022 01:08:18 -0700 (PDT)
Message-ID: <6284a972.1c69fb81.f81cc.5017@mx.google.com>
From: "Hon. Oleksiy Honcharuk"
X-Google-Original-From: "Hon. Oleksiy Honcharuk"
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Ukraine Prime Minister (Rtd)
To: Recipients
Date: Wed, 18 May 2022 09:08:14 +0100
Reply-To: hon.oleksiy@hotmail.com
Ukraine Prime Minister (Rtd)
Hello Friend,
COMPLEMENT OF THE SEASON!
We understands coronavirus as called =E2=80=9CCOVID-19 pandemic=E2=80=9D ha=
s caused heavy obstruction and deserter outbreak globally, but the living o=
nce shall continue their lifespan.
However, I beseech you with love, how are you? I know that this message mig=
ht come to you as a surprise for the fact we didn=E2=80=99t know each other=
before, but am open with positive mind. Please before I proceed with the t=
opic of my message, I will not fail to ask about the modification of your h=
ealth which is momentous in human dignity, nevertheless; I strongly believe=
d you are doing fine by the grace of God.
Straight to my Topic:
I am the =E2=80=9Cformal=E2=80=9D Ukraine Prime Minister who resigned peace=
fully due to the political issues in my country (Ukraine). As a matter of f=
act, I tendered my resignation letter then and strictly resigned.
But my major reason contacting you now is; there is certain sum of money i =
moved to a bank security vault outside Ukraine, as a result of the on-going=
war between my country, Ukraine and Russia; so can you please help me to g=
o and receive it from the security company for proper self-keeping in your =
country until we see what this war will end with? =
Please this is very confidential as I will put you more through on your pos=
itive reply.
Yours faithfully, =
Hon. Oleksiy Honcharuk
Ukraine Prime Minister (Rtd)
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 18 May 2022 00:17:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrCzI-000PGc-O6
for dave@doctor.nl2k.ab.ca;
Wed, 18 May 2022 00:16:48 -0600
Resent-From: The Doctor
Resent-Date: Wed, 18 May 2022 00:16:48 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mo-csg1515.securemx.jp ([210.130.202.183]:52314 helo=mo-csg.securemx.jp)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nrAin-000KGQ-Hr
for doctor@nl2k.ab.ca;
Tue, 17 May 2022 21:51:42 -0600
Received: by mo-csg.securemx.jp (mx-mo-csg1515) id 24I3pIvh016850; Wed, 18 May 2022 12:51:18 +0900
X-Iguazu-Qid: 34tMJGoc1GIIlZYVW7
X-Iguazu-QSIG: v=2; s=0; t=1652845877; q=34tMJGoc1GIIlZYVW7; m=KPFjVUeh3KXgSkEbo2UpAIOLr50EowIiD2aGZbyU8rE=
Received: from ic-lando.co.jp (210x140x88x63.rev.barem.jp [210.140.88.63] (may be forged))
by relay.securemx.jp (mx-mr1511) id 24I3oM7o026008;
Wed, 18 May 2022 12:51:17 +0900
Received: from ettech.com (unknown [20.222.149.183])
by ic-lando.co.jp (Postfix) with ESMTPA id 72A1B93822C
for ; Wed, 18 May 2022 12:42:28 +0900 (JST)
From: Linkedin
To: doctor@nl2k.ab.ca
Subject: =?UTF-8?B?UkU6IFJFOua+s+a0siBMaW5kaW4gSW50IE1lbW9yeSBQbGMgT2ZmZXI=?=
Date: 18 May 2022 03:42:28 +0000
Message-ID: <20220518034228.13961C1BCA4E8501@ettech.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.1
X-Spam_score_int: 61
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: LinkedIn LinkedIn Reminder sent you a message Date: 1/14/2022
Content analysis details: (6.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=editor%40ettech.com;ip=210.130.202.183;r=doctor.nl2k.ab.ca]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or
Formatted Colors in HTML
1.0 FORGED_SPF_HELO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FROM_MISSP_SPF_FAIL No description available.
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sunbin.org]
Subject: {SPAM?} =?UTF-8?B?UkU6IFJFOua+s+a0siBMaW5kaW4gSW50IE1lbW9yeSBQbGMgT2ZmZXI=?=
ITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(32,3=
1,30); FONT: 12px arial, sans-serif; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px aut=
o; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); text-decorat=
ion-style: initial; text-decoration-color: initial; -webkit-text-stroke-wid=
th: 0px; text-decoration-thickness: initial; -webkit-font-smoothing: antial=
iased; transform: scale(0.972727, 0.972727);=20
transform-origin: left top" cellspacing=3D"0" cellpadding=3D"0" width=3D"55=
0" border=3D"0">
iased">
bkit-font-smoothing: antialiased">LinkedIn
LinkedIn Reminder =
sent you a message
Date: =
1 /14/2022
Subject: &nb=
sp; You have a new message in your inbox
n/lin/index.html#doctor@nl2k.ab.ca" rel=3Dnofollow target=3D_blank>http://w=
ww.linkedin.com/?folder=3DInbox&viewMsg=3D2845ec7a89&userid=3D97698=
; TEXT-ALIGN: center; PADDING-TOP: 5px; PADDING-LEFT: 15px; PADDING-RIGHT: =
15px; -webkit-font-smoothing: antialiased">
f=3D"https://sunbin.org//cgi-etc/ok/lin/lin/index.html#doctor@nl2k.ab.ca" r=
el=3Dnofollow target=3D_blank>View/reply to this message
-TOP: 15px; COLOR: rgb(153,153,153); PADDING-TOP: 15px; -webkit-font-smooth=
ing: antialiased" data-event-added=3D"1">
Don't want to receive e-mail notifications?
=3D"BORDER-TOP: 0px; BORDER-RIGHT: 0px; VERTICAL-ALIGN: baseline; BORDER-BO=
TTOM: 0px; COLOR: rgb(0,102,204); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PA=
DDING-LEFT: 0px; BORDER-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; -webkit=
-font-smoothing: antialiased" href=3D"https://sunbin.org//cgi-etc/ok/lin/li=
n/index.html#doctor@nl2k.ab.ca" rel=3D"noopener noreferrer" target=3D_blank=
data-auth=3D"NotApplicable" data-linkindex=3D"2">
Adjust your message settings.
This email was intended for u-email@hotmail.com. © 2022, LinkedIn=
Corporation.
DER-LEFT-WIDTH: 0px; CURSOR: pointer; BORDER-RIGHT-WIDTH: 0px; BORDER-TOP-C=
OLOR: ; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: 1px dashed; BORDER-LEFT-CO=
LOR: ; COLOR: ; PADDING-BOTTOM: 1px; PADDING-TOP: 1px; PADDING-LEFT: 0px; M=
ARGIN: 0px; BORDER-RIGHT-COLOR: ; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px=
; -webkit-font-smoothing: antialiased; border-image: initial; font-stretch:=
inherit" data-markjs=3D"true">
Stierl=
in Ct. Mountain View, CA 94043, USA
=
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 17:30:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr6cv-000A0j-UB
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 17:29:17 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 17:29:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f65.google.com ([209.85.221.65]:38596)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr6Rk-0009bj-Rf
for doctor@doctor.nl2k.ab.ca;
Tue, 17 May 2022 17:17:51 -0600
Received: by mail-wr1-f65.google.com with SMTP id k30so311248wrd.5
for ; Tue, 17 May 2022 16:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:sender:from:date:message-id:subject:to
:content-transfer-encoding;
bh=RXCWk2pZtmfRVKIjiamNyYuM01pPdTjkgscpTtkt2vI=;
b=brK43OMbtJ2qTjecTk2XU/IhFp92/IR3GkLbyN6UgieXkKsA6Dv4W+09T8ADL7r+tv
Mep3qcp/hPfcFJsK/fpqB2ChBxmlebWO1pxQ2tYi0twQB5BTX9M8lu5qmS6Dkh4YyuFc
Nn88KHpQZr+iw+fYczOUtU/y5VhlNDe1aivQLW9UjIZOIv2di5tAJMxnDad3NpdOgMG1
kDK9uGC9Fuf0wqtI7R1ytIvukOQ+f56ubVJx5UalvSnWcFNhydagyBXEaoCzz56kW5EJ
rYrRsaTuRofSNpmetDb6msJ/YPRKx9G+3HgRyy2SQncSthf+SpOTf7MI+S+QceABWS3L
5SVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:sender:from:date
:message-id:subject:to:content-transfer-encoding;
bh=RXCWk2pZtmfRVKIjiamNyYuM01pPdTjkgscpTtkt2vI=;
b=0vwJ8fAsiBP0ryAKL02DXEm5dNitglahMzteDAk6fgCISGob8iN5bgaYGCKW2+xVtH
Zp4lPDvjYHhfTw7OvdM/GbGZhX0tbj1UVhLp3LSPexcRuAkzYPvoumemh46zObnz4TC5
weUVm/pUDBXS7RULoa8hIMNti3hz/dCTSVtyHg2XChjblGVJSlpBvqJFNfDDNEbayOtm
Ed1HfPKvf4pCiTI0d9SIuYYhNM8uzgfS2OB1v7raTA0W8sXIJLfzfAQ3XfvhzlLRBnNn
5/hrzY/FD3WqwIkanClwaU86ta034FHkhBYbPmIClTuA2PgaiQg0/n/3racU1FHcc3tU
BtwA==
X-Gm-Message-State: AOAM531xjL/63rM3x+UwrSS5136+Aa58sAuXz1ECeiCnWcp+8uUORnWu
FL0AxfR+khr4kqdmankYK9MrIBkKzh8UAqnmf4E=
X-Google-Smtp-Source: ABdhPJxOjrooPTxRgESjAqrYIAV3MAE8CK6el3Prh64EJBhedGCOgw6V02S6qnis+qHDeIRZ7vBf9WvqWSfTqXOkfN0=
X-Received: by 2002:a5d:4585:0:b0:20a:da03:7131 with SMTP id
p5-20020a5d4585000000b0020ada037131mr19952911wrq.693.1652829437197; Tue, 17
May 2022 16:17:17 -0700 (PDT)
MIME-Version: 1.0
Reply-To: vinniebarbara1496@yahoo.com
Sender: fatimaibrahim4003@gmail.com
Received: by 2002:a5d:6844:0:0:0:0:0 with HTTP; Tue, 17 May 2022 16:03:46
-0700 (PDT)
From: "Ms. Vinnie Barbara"
Date: Tue, 17 May 2022 16:03:46 -0700
X-Google-Sender-Auth: aKMN2DgtIsgszqcUgqzJjM_T3Mg
Message-ID:
Subject: compensation
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 10.0
X-Spam_score_int: 100
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, I am sorry, but happy to inform you about my
success in getting those funds transferred under the cooperation of a new
partner from Vietnam. Though, I tried my best to involve you in the business,
but [...]
Content analysis details: (10.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[fatimaibrahim4003[at]gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.65 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[vinniebar454[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[vinniebarbara1496[at]yahoo.com]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
1.5 HK_SCAM_N8 BODY: No description available.
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} compensation
Dear Friend,
I am sorry, but happy to inform you about my success in getting those
funds transferred under the cooperation of a new partner from Vietnam.
Though, I tried my best to involve you in the business, but everything
changed completely. Presently, I am in Vietnam for investment projects
with my own share of the total sum. Meanwhile, I didn't forget your
past efforts and attempts to assist me in transferring those funds
despite that it failed us somehow.
Now, contact my secretary in Burkina Faso. Her name is Ms. Vinnie
Barbara . Her email address is vinniebarbara1496@yahoo.com
Ask her to send you the total sum of $450,000.00 which I kept for your
compensation over the past efforts and attempts to assist me in this
matter. I appreciated your efforts at that time very much. So, feel
free and contact my secretary Ms. Vinnie Barbara and instruct her
where to send the amount to you. Please, do let me know immediately
you receive it so that we can share joy after all the sufferings at
that time.
At the moment, I=E2=80=99m very busy here. Because of the investment projec=
ts
which my new partner and I are having at hand. Finally, remember that
I had forwarded instructions to the secretary on your behalf to
receive that money. So, feel free and get in touch with Ms. Vinnie
Barbara
Extend my greetings to your family.
Best regards,
Yours brother
Mr. Abu Salam
Greetings from Vietnam
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 16:10:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr5Nx-0006mE-C4
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 16:09:45 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 16:09:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f179.google.com ([209.85.219.179]:37403)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr3eW-00023a-LB
for sales@nk.ca;
Tue, 17 May 2022 14:18:49 -0600
Received: by mail-yb1-f179.google.com with SMTP id v71so250768ybi.4
for ; Tue, 17 May 2022 13:18:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=kentik.com; s=google;
h=from:mime-version:date:message-id:subject:to;
bh=aMjCxgU+++uyhxC/0MkjLDCK90KCMG7OO6+0Wp6q7+c=;
b=K7fZI7l2aQva3k8FNO4JeUuY4Yu8oGJ00ihlPlC5qG6WKXsC5ZM4luGkIqcNs2VqIe
BuYC0q+099CNSy0Ktjptv3OcBtuX0G2TxlEnwGeFTg+hn25+VDyZmB9BgqFfY0++LjYt
vQGogUCymIRKjfjex1017rhxHzZzFAxu6jB5s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:mime-version:date:message-id:subject:to;
bh=aMjCxgU+++uyhxC/0MkjLDCK90KCMG7OO6+0Wp6q7+c=;
b=tSbX2SSR2bmGSlYlPf0rpdMO5Yt1lYKLXc77bAHG2OigSc9Mv7a7jJQWHikGKPbjcK
QRkblsDXE35OhTLkHInH4xO6MbDWpHLQt184+ZrUus8f6hfhMWf5MKihk/qb/SVnokQr
fdoQGzXBIkELzeMORz53PbI9KCLiMz2nsLBlPZc+EjLPH1JC3NQ7iG610v4bG7ecT/7j
fDHpgsJB8Vr+/8svolUNrHWDPDuqWUDauuHL0iKlFbm1N8kcbAYMukJYKJXTA5V+KBee
yYwlCEnXkcawYOYIwA6tznSdMYd+KOWYChiesp8+glvuhQPuR9GIdYpE3Du7/pAw42wm
qv9g==
X-Gm-Message-State: AOAM532Bdh3VT44IhnoV43iKsYcUC4+bnnYktgY89mVTMptZoxidpjQg
yp6BVRHuBNWAg/e+q4XQmkCWMqX/VGNhtKFksynZZhx1t1s=
X-Google-Smtp-Source: ABdhPJy6Lf/6TDCVJzOk2teTZIYvpaqR6h1kdzfkb06/ddYLpfAdQUyvBrNIIAw25iIwV7fD9kkM97at07NpJPrTMo8=
X-Received: by 2002:a25:4086:0:b0:64b:ac85:2b3 with SMTP id
n128-20020a254086000000b0064bac8502b3mr21272256yba.519.1652818701526; Tue, 17
May 2022 13:18:21 -0700 (PDT)
Received: from 300935273661 named unknown by gmailapi.google.com with
HTTPREST; Tue, 17 May 2022 13:18:21 -0700
From: Briggs Heaney
Mime-Version: 1.0
Date: Tue, 17 May 2022 13:18:21 -0700
Message-ID:
Subject: Improve QoE metrics report
To: David Yadalee
Content-Type: multipart/alternative; boundary="0000000000009541da05df3ad7ae"
--0000000000009541da05df3ad7ae
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
David,
As a regional service provider, your team is tasked with providing services
that stand apart from the larger national/global providers.
In addition to needing to deliver the highest performing network, you also
need to be able to anticipate issues before your end users know there's a
problem.
Here is a report
B2HI4DTHIXS653XO4XGWZLOORUWWLTDN5WS64TFONXXK4TDMVZS63TFOR3W64TLFVWWK5DSNFRX=
GLLUNBQXILLNMF2HIZLSF47XGYTSMM6TCYSSPJSXAM3ZLFBFI2TFOJGW4WCLKVCWGT3XEUZUIJJ=
TIQSTENDFJNAS25L2JVMVSZJNKU4VUWCKGRQUOY2DKESTGRBFGNCA=3D=3D=3D=3D/www-kenti=
k-com-resources-network-metrics-that-matter>
on the most important metrics to focus on to ensure a best-in-class
customer experience.
Let me know if you think this report hits that mark or whether we could
improve the content.
Thanks,
Briggs
Briggs Heaney
Strategic Account Manager
briggs@kentik.com
510.410.7776
[image: Kentik Detect - Cybersecurity Excellence Awards]
Would you like to opt out?
7990>
--0000000000009541da05df3ad7ae
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
>
David,=
=C2=A0=
As a r=
egional service provider, your team is tasked with providing services that =
stand apart from the larger national/global providers.=C2=A0
=C2=A0=
In add=
ition to needing to deliver the highest performing network, you also need t=
o be able to anticipate issues before your end users know there's a pro=
blem.
=C2=A0=
66577990/NB2HI4DTHIXS653XO4XGWZLOORUWWLTDN5WS64TFONXXK4TDMVZS63TFOR3W64TLFV=
WWK5DSNFRXGLLUNBQXILLNMF2HIZLSF47XGYTSMM6TCYSSPJSXAM3ZLFBFI2TFOJGW4WCLKVCWG=
T3XEUZUIJJTIQSTENDFJNAS25L2JVMVSZJNKU4VUWCKGRQUOY2DKESTGRBFGNCA=3D=3D=3D=3D=
/www-kentik-com-resources-network-metrics-that-matter" target=3D"_blank" re=
l=3D"noopener">Here is a report on the most important metrics to focus =
on to ensure a best-in-class customer experience.
=C2=A0=
Let me=
know if you think this report hits that mark or whether we could improve t=
he content.
=C2=A0=
-family:Arial,Helvetica,sans-serif;font-size:11pt">Thanks,
Briggs
=C2=A0
Briggs Heaney
Strategic Account Manager
510.410.7776=C2=A0
oads/2016/11/235169.jpg" alt=3D"Kentik Detect - Cybersecurity Excellence Aw=
ards" width=3D"96" height=3D"20">
79a4-4a9b-9c86-4a1e66577990">Would you like to opt out?
-9c86-4a1e66577990.gif" alt=3D"" width=3D"1" height=3D"1">
--0000000000009541da05df3ad7ae--
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 16:09:31 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr5NI-0006kR-FW
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 16:09:04 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 16:09:04 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [183.253.44.100] (port=49430 helo=sio-no.mail.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr362-0000Q2-Ig
for root@nk.ca;
Tue, 17 May 2022 13:43:11 -0600
Date: Wed, 18 May 2022 03:42:37 +0800 (CST)
From: Wendy_lan66
Sender: poeeptpw
To: root
Message-ID: <1516392524.748399.1652816557751@sio-no.mail.protection.outlook.com>
Subject: =?UTF-8?Q?Re:_STOCK_MEN_&_LADY=E2=80=99S_PADDING_JACKET?=
=?UTF-8?Q?_FROM_WENDY_FACTORY_OF_CHINA_JINJIANG_?=
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 8.1
X-Spam_score_int: 81
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DEAR MY PURCHASER : HOW ARE YOU ? Nice to meet you . This
is wendy . Now our factory have some stock lady & men’s padding jacket ,
their quality are quite goods , in virus time last year our factory make
some item desi [...]
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 SUBJ_ALL_CAPS Subject is all capitals
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[183.253.44.100 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[wendy_lan66[at]163.com]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
Subject: {SPAM?} =?UTF-8?Q?Re:_STOCK_MEN_&_LADY=E2=80=99S_PADDING_JACKET?=
=?UTF-8?Q?_FROM_WENDY_FACTORY_OF_CHINA_JINJIANG_?=
size:18px;font-family:'Arial','sans-serif';color:black">DEA=
R MY PURCHASER :
om:2px;">
;">
ans-serif';color:black">HOW ARE YOU ? Nice to meet you . This is wendy =
. Now our factory have some stock lady & men=E2=80=99s padding ja=
cket , their quality are quite goods , in virus time last year our factory =
make some item design by ourselves to do , just hope labors have themselves=
things to do in factory keep busy .
-top:2px;margin-bottom:2px;">
ily:'Arial','sans-serif';color:black"> =
style=3D"margin-top:2px;margin-bottom:2px;">
ze:14px;font-family:'Arial','sans-serif';color:black">So no=
w wendy hope you can help me to enqury your customer , Maybe they are  =
;interested in buying our men or lady=E2=80=99s stock padding jacket =
?? if yes ,pls let us to know it , they are very good quality , making them=
just maintain production line can keep busy in 2019 covid-virus time .
pan>
an style=3D"font-size:14px;font-family:'Arial','sans-serif'=
;color:black">
ttom:2px;">
px;">
;sans-serif';color:black">OF course , our factory is also making bulk p=
roductions in there , our padding jacket or thin jacket were shipped out to=
: ENGLAND , GERMEN , IDALLY , POLAND , USA , MEXICO COUNTRIES more than 25=
years yet . WECOME YOU ENQUIRY TO US QUOTATION BASE ON YOUR DESIGN JACKET =
.
g>
';color:black">
in-bottom:2px;">
tom:2px;">
,'sans-serif';color:black">AT LAST , WENDY IS WAITTING FOR YOUR REP=
LYON TIME , IN VIRUS TIME MABYE SOME CUSTOMERS WOULD LIKE TO BUY SURE=
AND WE CAN SENT OUT TO YOU FOR CHECKING . NOW WE ARE WAITTING FOR YO=
UR POSITIVE REPLY . MANY TKS
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 16:08:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr5M0-0006gN-Fu
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 16:07:44 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 16:07:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f199.google.com ([209.85.219.199]:35339)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nr0vb-000JZH-Id
for sales@nk.ca;
Tue, 17 May 2022 11:24:18 -0600
Received: by mail-yb1-f199.google.com with SMTP id p2-20020a25d802000000b0064d9002a5abso6190491ybg.2
for ; Tue, 17 May 2022 10:23:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=thecbrb-ca.20210112.gappssmtp.com; s=20210112;
h=mime-version:message-id:date:subject:from:to;
bh=K0oNzd23njLsCFxfmC2JcaFiqEksgriH/tmOTszbYe8=;
b=Cu13OrjhVJjJV2F31GzU5VXacfmRs5aO+ArbBRSOvBKCIJA6g1woabS7+ouNXqAxG/
m2nncI2Wz/B/lCOang3/H7ta7e0SFcrwah4EjHg2yi5/+g0oI68DCx8uGFhJJzJmLrIw
+dneshsWkVuQNlcwIa0tCeTJo/WtJ8Vn6Sl7o23sXMUGBYVd444s3QB/Zbxj3nMZmFce
fCqwgvJFuiE8p6ZmwDcQl3FI+G5jbCYDe42zQMAmOL33t+FBQ0HS/UxO4Ww+4Q2kMiFP
5uIkgz0VbSQPyvZlsP2mOhjh9l1mDFOxOCI9pFsEljrGi7XjiUBpQEkx8QBlAYULtOyn
SWJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:message-id:date:subject:from:to;
bh=K0oNzd23njLsCFxfmC2JcaFiqEksgriH/tmOTszbYe8=;
b=NfyRIf3IvGRxb2lwpK2QPQ+znCvDA85jNGl8sR4j8GXQMzqfDWC958jsSpW5jydDHg
/vI3uEDpl2ifiJyqQPXT6JBEpgflmFfeNJ/oKyXRcg1Dv1aHfcE4GuIPQ2xXkwH89Y+E
9SpYAUqE/s5AJCZQHPZXVJxkXjpoQ7kWUt1JXAw4N+QkfC22a32fjOmGnKZJXVFDsqUD
PtaH4zys7mpVoM8DdEz9+Qa3TGVgSt7IeXTRLDn1/iJc6G59Ej2r7KxIzZ27WZqN+UK0
v1cw9tM0VOGgeo5mnkmw2SWR4LeHaEMK5CgizOFObuG5xnbRG0J9hwWVaJpPDpkZV2n6
vFTw==
X-Gm-Message-State: AOAM531hneSiXZGbwbxcOp4XqYRBSqwMVDhxUrVqVtaNbY4U4fY2AME/
hteFed4yG+CD2YDBGdv9q4Mb/VcAKSgz
X-Google-Smtp-Source: ABdhPJxQoPwLhXS5fkLmoyXDgEMbdgjopDlDY5udI4LSew7+RPa+KD3Dd0D3h6mFoPdxansZEXvuxaP2Yg==
MIME-Version: 1.0
X-Received: by 2002:a25:658b:0:b0:64d:f9d1:b16e with SMTP id
z133-20020a25658b000000b0064df9d1b16emr4188723ybb.50.1652808228615; Tue, 17
May 2022 10:23:48 -0700 (PDT)
Message-ID: <000000000000593bb405df38679c@google.com>
Date: Tue, 17 May 2022 17:23:48 +0000
Subject: Healthcare & Rehab Specialties selected for CBRB Best Businesses In
Canada 2022
From: businessverification@thecbrb.ca
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Hello,
Congratulations on being selected and approved for the CBRB Best Businesses
In Canada 2022.
This offer is presented only to businesses that have maintained a 4+ star
Google review rating or equivalent proof of customer satisfaction.
Representing the Best Businesses in Canada, the CBRB Canadian Business
Review Board Inc. has found that your business meets strong consumer
satisfaction standards and we look forward to recommending your services.
Membership in the CBRB Best Businesses In Canada 2022 Brand Awareness
Program includes listing in the exclusive 2022 Best Businesses Directory,
use of the 2022 CBRB Best Businesses verification badge, and custom content
to promote Healthcare & Rehab Specialties commitment to upholding:
- Strong Vision
- Customer-centric Approach
- Customer Satisfaction
- Business Leadership
Following registration, you will receive:
-CBRB Best Businesses In Canada 2022 Verification Certificate
-CBRB Best Businesses In Canada 2022 Verification Badge
-CBRB Best Businesses In Canada 2022 Directory Listing & Profile Page
-CBRB Canadian Business Review Board Inc will promote your business
excellence on social media and multiple marketing platforms including ads
targeting specific clients in your city and surrounding areas.
To accept your CBRB Best Businesses In Canada Membership & Verification,
please submit the following form:
https://forms.gle/9yLsYYsX9YigxT1z8
If you have any questions, feel free to let us know!
Richard Erwin
CBRB Canadian Business Review Board Inc
Membership Committee
Best Businesses In Canada
1-855-222-5550
www.thecbrb.ca
@thecbrb
@thecbrb_canada
If you would like to unsubscribe from future correspondence, please email
your request to unsubscribe@thecbrb.com
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 07:38:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nqxOh-0005XC-Kb
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 07:37:59 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 07:37:59 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [197.221.212.134] (port=9198)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nqqjm-0004HD-Vk
for doctor@nk.ca;
Tue, 17 May 2022 00:31:24 -0600
From:
To:
Subject: You have an outstanding payment. Debt settlement required.
Date: 17 May 2022 13:06:05 -0800
Message-ID: <002c01d86a36$04b62d2b$a8039fbf$@cmamkting.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac0snihsftwr9v3q0snihsftwr9v3q==
Content-Language: en-us
X-Spam_score: 8.9
X-Spam_score_int: 89
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all
devices that you use to browse internet. Afterwards, I have proceeded with
[...]
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.6 HK_RANDOM_ENVFROM Envelope sender username looks random
1.0 HK_RANDOM_FROM From username looks random
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel
letters
2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
date
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 PDS_BTC_ID FP reduced Bitcoin ID
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
1.6 BITCOIN_ONAN BitCoin + [censored]
Subject: {SPAM?} You have an outstanding payment. Debt settlement required.
Hello!
Unfortunately, I have some unpleasant news for you.
Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.
Afterwards, I have proceeded with monitoring all internet activities of yours.
You can check out the sequence of events summarize below:
Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).
Clearly, I could effortlessly log in to your email account as well (doctor@nk.ca).
One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.
Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).
Genius is in simplicity. ( ~_^)
Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).
I could easily download all your data, photos, web browsing history and other information to my servers.
I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.
This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.
Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...
While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.
You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.
To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.
If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.
In addition, I can upload them online for entire public to access.
I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.
We can still resolve it in the following manner:
You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.
Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.
It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.
If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.
My bitcoin wallet is as follows: 1mxMw4vzaKZfqXeAqFP2aqB5QmJFRDKZv
You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).
Don't forget to keep in mind and abstain from doing the following:
> Do not attempt to reply my email (this email was generated in your inbox together with the return address).
> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.
> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.
> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.
Things you should be concerned about:
> That I will not receive the funds transfer you make.
Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).
> That I will still distribute your videos after you have sent the money to me.
Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!
It all will be settled on fair conditions and terms!
One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!
My suggestion - make sure you change all your passwords as often as possible.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 May 2022 08:40:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1nqyMK-0009gk-MA
for dave@doctor.nl2k.ab.ca;
Tue, 17 May 2022 08:39:36 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 May 2022 08:39:36 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pl1-f193.google.com ([209.85.214.193]:45930)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1nqxg7-0006Py-Ef
for doctor@nl2k.ab.ca;
Tue, 17 May 2022 07:56:03 -0600
Received: by mail-pl1-f193.google.com with SMTP id q18so17377861pln.12
for ; Tue, 17 May 2022 06:55:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=Vp6ad3ipIO480wv5V9N3yuR3QGpSlcdLUjP2rzSiDVU=;
b=V9tVSKWH2VhwS9N7scwlCT4ldzS2EVluUYqpX0wObpoUapakh8qZZdiy6yQ0FPwdsa
SjU3nZNU95W7mPbctdTgn798ExJBO4WNfl2jQiDsXctWbUA2vYQU3/O8eXC7YPHZgZPe
SQCw4dMn9ItHXZW8iYk4qoJoVEelJJhL6N5+0Fzc7jy7PIk/ynqXH1YbFWvyMIxPrz0L
cMy1oxfA+vlUWGyIRp7WsLkT/52yDpz41bWmzHNyboTj64S4ua2IyvxlysBtOjLxMvPI
dLrRRjRS8LX1p26fxq7KElBo6or/IcB+5PWn9fhm++S0mYe0wdPkvl1H+7j+H15M17GW
wCiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=Vp6ad3ipIO480wv5V9N3yuR3QGpSlcdLUjP2rzSiDVU=;
b=7Pn+q6mbd4yNkfNX6Em7ZpIxo+g6s2orooaQC/aagtmyAQtEdNmGRaMl+XVF5bkozT
qLxAN/vWmnrESRJtDPXQBtwu0feDK5KbKcTqKauo1q5F+XrP0DfwVZXr5WfP/hphwGxg
0bSA6b3t6xjBre8xF27Ct/G/LN6rZ7uMwhxVpINBw2PDlGQNjIB+vdQUhzQ/VwtEtHk1
XuADQ6is26W/8ZIcLkSdNLAMhWR84HiaWq2WaEZR/tjV0PWK6RDwwVEwQdaWcr4VFzY3
mbTGqVLo/tvX3DeNcJNyeG5063SkvwxE717LWAJs6buiHSWKIZxHYdtLlMA0jwp1e4aa
1nVg==
X-Gm-Message-State: AOAM530Sm+u9eMdRC4eDDmAAzihVRR4CjKmx3WCeDgvTOliFj2+kEa/x
vjskLst6WscI21aRJk1qx1sx86skoW8X9XsOv1Q=
X-Google-Smtp-Source: ABdhPJwoX19lOOxH51gm5xBVpKwuqgtTmho91iCb9F71YwKr5xcMCYOYrZIkghNgIZaobLBx4dqBXtds+3ej8YIC+ec=
X-Received: by 2002:a17:90a:4d49:b0:1df:78ca:ae49 with SMTP id
l9-20020a17090a4d4900b001df78caae49mr6233253pjh.121.1652795736572; Tue, 17
May 2022 06:55:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:7022:911:b0:3e:56c5:c88f with HTTP; Tue, 17 May 2022
06:55:35 -0700 (PDT)
Reply-To: hon.oleksiy@hotmail.com
From: "Hon. Oleksiy Honcharuk"
Date: Tue, 17 May 2022 14:55:35 +0100
Message-ID:
Subject: Ukraine Prime Minister (Rtd), Urgent Help.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@nl2k.ab.ca
X-Spam_score: 8.0
X-Spam_score_int: 80
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Ukraine Prime Minister (Rtd) Hello Friend, COMPLEMENT OF
THE SEASON! We understands coronavirus as called “COVID-19 pandemicâ€
has caused heavy obstruction and deserter outbreak globally, but the living
once shall continue their lifespan.
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.214.193 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[chidigahna[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Ukraine Prime Minister (Rtd), Urgent Help.
--=20
Ukraine Prime Minister (Rtd)
Hello Friend,
COMPLEMENT OF THE SEASON!
We understands coronavirus as called =E2=80=9CCOVID-19 pandemic=E2=80=9D ha=
s caused
heavy obstruction and deserter outbreak globally, but the living once
shall continue their lifespan.
However, I beseech you with love, how are you? I know that this
message might come to you as a surprise for the fact we didn=E2=80=99t know
each other before, but am open with positive mind. Please before I
proceed with the topic of my message, I will not fail to ask about the
modification of your health which is momentous in human dignity,
nevertheless; I strongly believed you are doing fine by the grace of
God.
Straight to my Topic:
I am the =E2=80=9Cformal=E2=80=9D Ukraine Prime Minister who resigned peace=
fully due
to the political issues in my country (Ukraine). As a matter of fact,
I tendered my resignation letter then and strictly resigned.
But my major reason contacting you now is; there is certain sum of
money i moved to a bank security vault outside Ukraine, as a result of
the on-going war between my country, Ukraine and Russia; so can you
please help me to go and receive it from the security company for
proper self-keeping in your country until we see what this war will
end with?
Please this is very confidential as I will put you more through on
your positive reply.
Yours faithfully,
Hon. Oleksiy Honcharuk
Ukraine Prime Minister (Rtd)