More sexual blackmail phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 17 Sep 2022 16:14:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZftB-0002B5-8g

for dave@doctor.nl2k.ab.ca;

Sat, 17 Sep 2022 16:02:17 -0600

Resent-From: The Doctor

Resent-Date: Sat, 17 Sep 2022 16:02:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from static-host119-73-102-216.link.net.pk ([119.73.102.216]:15539)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZcXn-0005ZS-9U

for games@nl2k.ab.ca;

Sat, 17 Sep 2022 12:28:05 -0600

Message-ID: <1EF1754FAC9ACB9679FDC72412431EF1@WKG47VVKUV>

From:

To:

Subject: You have outstanding debt.

Date: 18 Sep 2022 02:48:31 +0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-3"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.2180

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello there! Unfortunately, there are some bad news for you.

Around several months ago I have obtained access to your devices that you

were using to browse internet. Subsequently, I have proceeded with tracking

do [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[119.73.102.216 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=games%40nl2k.ab.ca;ip=119.73.102.216;r=doctor.nl2k.ab.ca]

2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP

addr 1)

0.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE

0.0 BITCOIN_XPRIO Bitcoin + priority

1.0 BITCOIN_YOUR_INFO BitCoin with your personal info

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

1.0 BITCOIN_MALWARE BitCoin + malware bragging

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address

Subject: {SPAM?} You have outstanding debt.



Hello there!



Unfortunately, there are some bad news for you.

Around several months ago I have obtained access to your devices that you were using to browse internet.

Subsequently, I have proceeded with tracking down internet activities of yours.



Below, is the sequence of past events:

In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).

Clearly, I have effortlessly logged in to email account of yours (games@nl2k.ab.ca).



A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.

Actually, that was quite simple (because you were clicking the links in inbox emails).

All smart things are quite straightforward. (^-^)



The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.

I have managed to download all your personal data, as well as web browsing history and photos to my servers.

I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.

My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.



So, by now you should already understand the reason why I remained unnoticed until this very moment...



While collecting your information, I have found out that you are also a huge fan of websites for adults.

You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.

I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.



If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.

It is also not a problem for me to allow those vids for access of public as well.

I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.



Let's resolve it like this:

All you need is $1450 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.

Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.



That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.

If you are unaware how to buy and send bitcoins - it can be easily fixed by searching all related information online.



Below is bitcoin wallet of mine: 1C2ek9b57xdVY9rPUaUnczxN5vGjVS8EhA



You are given not more than 48 hours after you have opened this email (2 days to be precise).



Below is the list of actions that you should not attempt doing:

> Do not attempt to reply my email (the email in your inbox was created by me together with return address).

> Do not attempt to call police or any other security services. Moreover, don't even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) - the video of yours will become available to public immediately.

> Do not attempt to search for me - there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.

> Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.



Below is the list of things you don't need to be concerned about:

> That I will not receive the money you transferred.

- Don't you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).

> That I still will make your videos available to public after your money transfer is complete.

- Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!



Everything will be carried out based on fairness!



Before I forget...moving forward try not to get involved in this kind of situations anymore!

An advice from me - regularly change all the passwords to your accounts.



French DHL Phish from Website welcome

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 17 Sep 2022 06:17:53 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZWSe-000893-CK

for dave@doctor.nl2k.ab.ca;

Sat, 17 Sep 2022 05:58:16 -0600

Resent-From: The Doctor

Resent-Date: Sat, 17 Sep 2022 05:58:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from gateway34.websitewelcome.com ([192.185.148.104]:17989)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZVhT-0000Fn-2h

for doctor@doctor.nl2k.ab.ca;

Sat, 17 Sep 2022 05:09:36 -0600

Received: from cm10.websitewelcome.com (cm10.websitewelcome.com [100.42.49.4])

by gateway34.websitewelcome.com (Postfix) with ESMTP id 1A58C452DD

for ; Sat, 17 Sep 2022 06:09:13 -0500 (CDT)

Received: from web2.mwp104.cmh.pro1.webhostingservices.com ([162.214.59.22])

by cmsmtp with SMTP

id ZVhAoUwiXQLX5ZVhAoLVag; Sat, 17 Sep 2022 06:09:13 -0500

X-Authority-Reason: nr=8

Received: by web2.mwp104.cmh.pro1.webhostingservices.com (Postfix, from userid 1388)

id D5607104766; Sat, 17 Sep 2022 11:04:50 +0000 (UTC)

To: doctor@doctor.nl2k.ab.ca

Subject: Status : shipment arrived.

Date: Sat, 17 Sep 2022 11:04:50 +0000

From: "Dhl.com"

Message-ID: <7d8732e854f13abee19de87f75f63749@youresportshome.net>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_7d8732e854f13abee19de87f75f63749"

Content-Transfer-Encoding: 8bit



This is a multi-part message in MIME format.



--b1_7d8732e854f13abee19de87f75f63749

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit





Â

Cher client [ doctor@doctor.nl2k.ab.ca ]Â ,

Â

 Le colis qui vous a été envoyé par nos services a été livré au bureau du DHLÂ

et en attente de traitement en raison : frais du livraison impayés



Â

Avis d'arrivée :





Tracking ID : #7140012563



Expected health medical today-marketthehealth medical todayDelivery health medical today-marketthehealth medical todayDate : 17 / 09 / 2022



Shipping health medical today-marketthehealth medical todayCosts :Â ( 2,56 CAD)Â

Â

Que devrais-je faire ?



Veuillez consulter le lien sécurisé ci-dessous pour confirmer votre adresse et payer les frais de livraison impayés

  Veuillez authentifier votre carte via l'authentification de l'application ou en recevant l'authentification OTP par SMS

Â

Suivez health medical today-marketmon health medical today-marketcolis

Â

Â

Noter : Veuillez compléter la vérification en ligne pour faire livrer votre colis à votre domicile

Â

Salutations,

MyDHL

______________________________________________________________________________________________________________

2022 © Dhealth HL International GmbH





--b1_7d8732e854f13abee19de87f75f63749

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable



3D=<br
"Logo DHL" src=3D"https://th.bing.com/th/id/OIP.kAyFTsYHFu05mQPrHFR53wHaBD?=

w=3D394&h=3D56&c=3D7&r=3D0&o=3D5&dpr=3D1.5&pid=3D1.7" width=3D382 align=3Db=

aseline height=3D73>



=C2=A0



Cher client [ doct=

or@doctor.nl2k.ab.ca ]
=C2=A0,



=C2=A0




BOTTOM: 10px" align=3Dleft>
ze=3D5>=C2=A0 Le colis qui vous a =C3=A9t=C3=A9 envoy=C3=A9 par nos=

services a =C3=A9t=C3=A9 livr=C3=A9 au bureau du
DHL
ONG>
=C2=A0



BOTTOM: 10px" align=3Dleft>
ze=3D5>e

UI">t en attente de traitement en raison=C2=A0:=

=C2=A0frais du livraison
impay=C3=A9s

T>



BOTTOM: 10px" align=3Dleft>
>



BOTTOM: 10px" align=3Dleft>
egoe UI">
=C2=A0



BOTTOM: 10px" align=3Dleft>=

Avis d'arriv=C3=A9e :







  • BOTTOM: 10px" align=3Dleft>
    ONG>Tracking ID
    :
    color=3D#c0c0c0 size=3D4>#7140012563





  • BOTTOM: 10px" align=3Dleft>
    ONG>Expected

    ">health medical today-marketthe

    style=3D"FONT-SIZE: 0px">health medical today
    Deliver=

    y
    health me=

    dical today-marketthe

    ONT-SIZE: 0px">health medical today
    Date
    T> :
    17 / 09 / 2022<=

    /FONT>





  • BOTTOM: 10px" align=3Dleft>
    ONG>Shipping
    tyle=3D"FONT-SIZE: 0px">health medical today-market=

    the
    health medical today=

    Costs
    :=C2=A0

    c0c0 size=3D3>( 2,56 CAD)

    =3D"PADDING-LEFT: 10px">
    ,0)">=C2=A0
    <=

    /FONT>

    0>



ONT face=3DArial>
=C2=A0


r=3D#000000>


azHf tw-nfl" style=3D"OVERFLOW: hidden; POSITION: relative; OUTLINE-WIDTH: =

0px; OUTLINE-STYLE: none; OUTLINE-COLOR: invert">Que devrais-je =

faire ?



azHf tw-nfl" style=3D"OVERFLOW: hidden; POSITION: relative; OUTLINE-WIDTH: =

0px; OUTLINE-STYLE: none; OUTLINE-COLOR: invert">

ass=3D"tw-data-placeholder tw-text-small tw-ta" style=3D"FONT-SIZE: 16px; O=

VERFLOW: hidden; BORDER-TOP: medium none; FONT-FAMILY: inherit; BORDER-RIGH=

T: medium none; WIDTH: 270px; WHITE-SPACE: pre-wrap; BORDER-BOTTOM: medium =

none; POSITION: relative; FONT-WEIGHT: normal; COLOR: black; PADDING-BOTTOM=

: 0px; TEXT-ALIGN: left; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: =

medium none; MARGIN: 0px; LINE-HEIGHT: 24px; PADDING-RIGHT: 0.14em; BACKGRO=

UND-COLOR: transparent; resize: none; overflow-wrap: break-word" dir=3Dltr =

data-placeholder=3D"">



ADDING-LEFT: 10px">Veuillez consulter le lien s=C3=A9cur=

is=C3=A9 ci-dessous pour confirmer votre adresse et payer les frais de livr=

aison impay=C3=A9s




=3D"PADDING-LEFT: 10px">=C2=A0=C2=A0 Veuillez authentifier votre c=

arte via l'authentification de l'application ou en recevant l'authentificat=

ion OTP par SMS




le=3D"PADDING-LEFT: 10px">
=C2=A0


000>
=3DArial>
10px">


KGROUND: #d40511; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #fff; PADDING=

-BOTTOM: 6px; PADDING-TOP: 6px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px; bo=

rder-radius: 2px" href=3D"http://bitly.ws/unxA">
2px; FONT-FAMILY: Verdana; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; F=

ONT-WEIGHT: 700; COLOR: rgb(255,255,255); FONT-STYLE: normal; ORPHANS: 2; W=

IDOWS: 2; BACKGROUND-COLOR: rgb(212,5,17); hyphens: manual; text-decoration=

-line: none">Suivez

ana; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; FONT-WEIGHT: 700; COLOR=

: rgb(255,255,255); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; BACKGROUND-C=

OLOR: rgb(212,5,17); hyphens: manual; text-decoration-line: none">health me=

dical today-market

na; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; FONT-WEIGHT: 700; COLOR:=

rgb(255,255,255); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; BACKGROUND-CO=

LOR: rgb(212,5,17); hyphens: manual; text-decoration-line: none">mon
>
ine; WHITE-SPACE: normal; FONT-WEIGHT: 700; COLOR: rgb(255,255,255); FONT-S=

TYLE: normal; ORPHANS: 2; WIDOWS: 2; BACKGROUND-COLOR: rgb(212,5,17); hyphe=

ns: manual; text-decoration-line: none">health medical today-market
<=

SPAN style=3D"FONT-SIZE: 12px; FONT-FAMILY: Verdana; VERTICAL-ALIGN: baseli=

ne; WHITE-SPACE: normal; FONT-WEIGHT: 700; COLOR: rgb(255,255,255); FONT-ST=

YLE: normal; ORPHANS: 2; WIDOWS: 2; BACKGROUND-COLOR: rgb(212,5,17); hyphen=

s: manual; text-decoration-line: none">colis


ZE: 16px; FONT-FAMILY: Verdana; VERTICAL-ALIGN: baseline; WHITE-SPACE: norm=

al; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WI=

DOWS: 2; hyphens: manual; text-decoration-line: none">



WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(68,68,68); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: =

2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; LINE-HEIGHT: 33px; PADDI=

NG-RIGHT: 0px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initial" a=

lign=3Dleft>=

=C2=A0


face=3DArial>


PADDING-LEFT: 10px">
AN>
=C2=A0




DDING-LEFT: 10px">
0>Noter
: Veuillez compl=C3=A9ter la v=C3=A9rification en lig=

ne pour faire livrer votre colis =C3=A0 votre domicile
=




WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(68,68,68); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: =

2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; LINE-HEIGHT: 33px; PADDI=

NG-RIGHT: 0px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initial" a=

lign=3Dleft>
10px">
=C2=A0




WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(68,68,68); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: =

2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; LINE-HEIGHT: 33px; PADDI=

NG-RIGHT: 0px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initial" a=

lign=3Dleft>
10px">Salutations,




WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(68,68,68); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: =

2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; LINE-HEIGHT: 33px; PADDI=

NG-RIGHT: 0px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initial" a=

lign=3Dleft>
10px">MyDHL




WORD-SPACING: 0px; TEXT-TRANSFORM: none; COLOR: rgb(68,68,68); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: =

2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; LINE-HEIGHT: 33px; PADDI=

NG-RIGHT: 0px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initial" a=

lign=3Dleft>
10px">_____________________________________________________________________=

_________________________________________

>




ace=3D"Segoe UI">2022 =C2=A9 D
=3D"FONT-SIZE: 0px">health
HL International=

GmbH







--b1_7d8732e854f13abee19de87f75f63749--



Credential phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 16 Sep 2022 22:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZP2N-00024b-GT

for dave@doctor.nl2k.ab.ca;

Fri, 16 Sep 2022 22:02:39 -0600

Resent-From: The Doctor

Resent-Date: Fri, 16 Sep 2022 22:02:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [59.61.79.94] (port=52128 helo=cxmsmtp.cgmh.com.cn)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZOhN-000PA4-Ao

for sales@nk.ca;

Fri, 16 Sep 2022 21:41:08 -0600

Received: from adm.cgmh.com.cn (unknown [10.36.11.108])

by cxmsmtp.cgmh.com.cn (Postfix) with ESMTP id C257910097E3;

Sat, 17 Sep 2022 11:36:59 +0800 (CST)

From: "Account Email Administration"

To: info@accountupgrade.com

Reply-To: belmontrichard0@gmail.com

Subject: Pending Mails Recovery Portal.

Date: Sat, 17 Sep 2022 11:36:59 +0800

Message-Id: <20220917033634.M83766@adm.cgmh.com.cn>

X-Mailer: OpenWebMail 2.54

X-OriginatingIP: 189.191.190.199 (chenzz)

MIME-Version: 1.0

Content-Type: text/html;

charset=gb2312

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Pending Mails Recovery Portal Access expiration counter to

your pending mails. To continue using your account you need to confirm your

mailbox. Enter your password below.



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 HK_RANDOM_FROM From username looks random

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[belmontrichard0[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[ailacctdministration[at]hotmail.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML

only

1.6 SPOOFED_FREEMAIL No description available.

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

Subject: {SPAM?} Pending Mails Recovery Portal.
















ures: normal; font-variant-caps: normal; letter-spacing: normal; text-align=

: start; text-indent: 0px; text-transform: none; white-space: normal; word-=

spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: in=

itial; text-decoration-style: initial; text-decoration-color: initial; font=

-family: Roboto, sans-serif; margin-top: 0px; line-height: 1.2;">
r=3D"#0000ff">Pending Mails Recovery Portal




t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=

; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=

: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial; font-size: =

14px; border-width: 1px; border-style: solid; border-color: rgb(224, 224, 2=

24); font-family: Roboto, sans-serif; background: rgb(249, 249, 249) none r=

epeat scroll 0% 50%; color: rgb(32, 31, 30); padding: 13px 18px; margin: 0p=

x;">Access expiration counter to your =

pending mails.








t-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start=

; text-indent: 0px; text-transform: none; white-space: normal; word-spacing=

: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; =

text-decoration-style: initial; text-decoration-color: initial; font-size: =

11px; margin-bottom: 0px; font-family: Verdana, Arial, Helvetica, sans-seri=

f; margin-top: 0px; color: rgb(51, 51, 51);">



2, 31, 30);" />






ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
otoDraft, Helvetica, Arial, sans-serif;">To continue using your acc=

ount you need 
 
=3D"font-size: 12pt;">
, sans-serif;">
Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">to confir=

m your mailbox.


Enter your password below.





E-mail:







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">


Arial, Helvetica, sans-serif;">
=3D"font-size: 13px;">
rif;">Password:
pan>




 







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">Please reply and confirm your mailbox or you will lose y=

our account within 24 hours.







ant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: sta=

rt; text-indent: 0px; text-transform: none; white-space: normal; word-spaci=

ng: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial; font-size=

: 12px; font-family: Verdana; color: rgb(0, 0, 0);">
e: 12pt;">
;">
style=3D"font-family: Helvetica, Arial, sans-serif;">
ze: 16px;">







res: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: n=

ormal; text-align: start; text-indent: 0px; text-transform: none; white-spa=

ce: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decorat=

ion-thickness: initial; text-decoration-style: initial; text-decoration-col=

or: initial; font-size: 14px; font-family: Roboto, sans-serif; margin: 0px;=

">© 2022<=

span> 
Access Control Portal.
nt>











extortion phish from gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 16 Sep 2022 14:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZHl4-000P7G-Lp

for dave@doctor.nl2k.ab.ca;

Fri, 16 Sep 2022 14:16:18 -0600

Resent-From: The Doctor

Resent-Date: Fri, 16 Sep 2022 14:16:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f44.google.com ([209.85.216.44]:50719)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oZGk2-000HPP-Tm

for support@netknow.ca;

Fri, 16 Sep 2022 13:11:14 -0600

Received: by mail-pj1-f44.google.com with SMTP id fv3so21988206pjb.0

for ; Fri, 16 Sep 2022 12:10:45 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=date:mime-version:to:subject:from:message-id:from:to:cc:subject

:date;

bh=fvtr8DhJgaTotHgo/0O4ow5ynEgTk49/NY1oyUNqCYI=;

b=QpPe15+D0iG09b234nH4QWx02GyIznX86sH09GE6smC+Yewt0V6VBYkfd3+6Pq8pDe

JAO2WyQmCaSw16W37kOK7iYVyYv2QTPu+ppNUOm7nZGG9277l3xL5lXEmK1Az0VeubHO

pErQkinjt/uCPE4VUZgT/ilsenSkNS3eQ2w+lJPnrMhpM2PSvYlTrobBXZxPrV9R4ufL

3+x1H6UEHv0/49GLGdBdFl0uDTuTpDIako3r3Wg5kInCTtstncgkKs9oDuDVsBqJhZYI

t73Mkdp5FmWF/xSsOKgxzHYZCzi8Bs9w2vwtiKOj3X4JILeCHs5/aUArhSJWwas5u+va

PMxQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=date:mime-version:to:subject:from:message-id:x-gm-message-state

:from:to:cc:subject:date;

bh=fvtr8DhJgaTotHgo/0O4ow5ynEgTk49/NY1oyUNqCYI=;

b=xX9tvli4djnjHSuEUbyYHCdPYzJwi9EZP8pJ+8B3HxoIBaPveisRtN4LjM7dnhS1Tb

Dcrq7P7dxMs4nsHSIGfpbTRjR+Cc+gpLxXL4r+phfrmZo21ky36pW6eus9P+vkzKIapx

WnJazin6kGFkEzvxRBsVa1SZVg0yLMffIS3AJryfmkN9R97TG1WaN12ulJbQwYx+Toy1

03oUqUBBno5xkO7kCNRNGHVynn7QfHp9Ad6NzjbdfUSTqfERMHwV8O+ydzsxMtdQTR23

BJj6xhGJsG9hkbux4X3+Qll4j1rcnCjiUuXWlRY/MBofvs4swPWjEmhqGml5/+V/Jheh

0bFw==

X-Gm-Message-State: ACrzQf0/4Ctv4iv/AsUmr4Lb7CMRgiZMGRcsuwpqM3yOz0Zg9Nqnm8HR

9nxvathO3MmOQ2ABWHZmgkkUjX5XuefUREEiHiA=

X-Google-Smtp-Source: AMsMyM6vBz2t+/PTalILpdkktkP9f22xnqVQeAGkXqkLxLqSR5k045M3SJkzUU7QE34ONs1W9t2WEw==

X-Received: by 2002:a17:902:7c8f:b0:176:cdd8:7258 with SMTP id y15-20020a1709027c8f00b00176cdd87258mr1229636pll.49.1663355440011;

Fri, 16 Sep 2022 12:10:40 -0700 (PDT)

Received: from 45.248.78.242 ([45.248.78.242])

by smtp.gmail.com with ESMTPSA id cp19-20020a170902e79300b00176be23bbb3sm15156271plb.172.2022.09.16.12.10.38

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 16 Sep 2022 12:10:39 -0700 (PDT)

Message-ID: <6324ca2f.170a0220.edb2d.c2de@mx.google.com>

From: "Ryan"

Subject: Payment alert*5987DE9704

To: "support"

Content-Type: multipart/alternative; boundary="2F5kmSmOGSfGO=_vYtloEw3qV6l4jvuOf7"

MIME-Version: 1.0

Date: Sat, 17 Sep 2022 00:40:39 +0530



This is a multi-part message in MIME format



--2F5kmSmOGSfGO=_vYtloEw3qV6l4jvuOf7

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline



Hello, support@netknow.ca



We thank you for shopping online with us again on 15 Sep, 2022.



Walmart has accepted your order request, we are dealing with it and ge=

tting your product r=C3=AAady for the shipment.



You have purchased VANKYO Full Video Projector worth $ 599.99 from the=

PayPal credit balance, the charge will reflect on statement in few ho=

urs.



Here is your purchase order information:-



VANKYO 1080p Full HD Video Projector

Delivered By - 16 Sep, 2022

Quantity - 03 only

Am=C3=B8unt - $ 599.99



Please be noted we will send y=C3=B5u a copy of the purchase r=C3=AAce=

ipt in another email or you can also download it from the 'purchase or=

der section page'.



If you find any error in this transaction or you would like to cancel/=

modify the order, please feel free to reach out our support representa=

tive to discuss further.



Customer Help & Support Toll-free +1 (888) 687 1505





Thank you again for your cooperation, we look forward to see you soon!=







--2F5kmSmOGSfGO=_vYtloEw3qV6l4jvuOf7

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline






8">






3px 0px; font-family: Helvetica, Arial, sans-serif;" bgcolor=3D"#ebebe=

b" marginheight=3D"0" marginwidth=3D"0">


; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-=

spacing: normal; font-family: "Times New Roman"; font-size: medium; fo=

nt-style: normal; font-weight: 400; margin-bottom: 10px !important; wo=

rd-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-vari=

ant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-=

width: 0px; text-decoration-thickness: initial; text-decoration-style:=

initial; text-decoration-color: initial;'>Hello, support@netknow.ca
p>


none; text-indent: 0px; letter-spacing: normal; font-family: "Times N=

ew Roman"; font-size: medium; font-style: normal; font-weight: 400; ma=

rgin-bottom: 10px !important; word-spacing: 0px; white-space: normal; =

orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-ca=

ps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initi=

al;'>We thank you for shopping online with us again on 15 Sep, 2022.
p>


none; text-indent: 0px; letter-spacing: normal; font-family: "Times N=

ew Roman"; font-size: medium; font-style: normal; font-weight: 400; ma=

rgin-bottom: 10px !important; word-spacing: 0px; white-space: normal; =

orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-ca=

ps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial; text-decoration-color: initi=

al;'>Walmart has accepted your order request, we are dealing with it a=

nd getting your product r=C3=AAady for the shipment.


xt-align: center; color: rgb(0, 0, 0); text-transform: none; text-inde=

nt: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-=

size: medium; font-style: normal; font-weight: 400; margin-bottom: 10p=

x !important; word-spacing: 0px; white-space: normal; orphans: 2; wido=

ws: 2; font-variant-ligatures: normal; font-variant-caps: normal; -web=

kit-text-stroke-width: 0px; text-decoration-thickness: initial; text-d=

ecoration-style: initial; text-decoration-color: initial;'>You have pu=

rchased VANKYO
strong> Full Video Projector worth $ 599.99 from the=

PayPal credit balance, the charge will reflect on statement in few ho=

urs.


sform: none; text-indent: 0px; letter-spacing: normal; font-family: "T=

imes New Roman"; font-size: medium; font-style: normal; font-weight: 4=

00; margin-bottom: 10px !important; word-spacing: 0px; white-space: no=

rmal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-vari=

ant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thic=

kness: initial; text-decoration-style: initial; text-decoration-color:=

initial;'>Here is your purchase o=

rder information:-


rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: =

normal; font-family: "Times New Roman"; font-size: medium; font-style:=

normal; font-weight: 400; margin-bottom: 10px !important; word-spacin=

g: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-ligat=

ures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0p=

x; text-decoration-thickness: initial; text-decoration-style: initial;=

text-decoration-color: initial;'>VANKYO 1080p Full HD Video Projector=


Delivered By - 16 Sep, 2022
Quantity - 03 only
Am=C3=B8unt -=

$ 599.99


-transform: none; text-indent: 0px; letter-spacing: normal; font-famil=

y: "Times New Roman"; font-size: medium; font-style: normal; font-weig=

ht: 400; margin-bottom: 10px !important; word-spacing: 0px; white-spac=

e: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font=

-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration=

-thickness: initial; text-decoration-style: initial; text-decoration-c=

olor: initial;'>Please be noted we will send y=C3=B5u a copy of the pu=

rchase r=C3=AAceipt in another email or you can also download it from =

the 'purchase order section page'.


color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: "Times New Roman"; font-size: medium; font=

-style: normal; font-weight: 400; margin-bottom: 10px !important; word=

-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-varian=

t-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wi=

dth: 0px; text-decoration-thickness: initial; text-decoration-style: i=

nitial; text-decoration-color: initial;'>If you find any error in this=

transaction or you would like to cancel/modify the order, please feel=

free to reach out our support representative to discuss further.

<=

p style=3D'text-align: center; color: rgb(0, 0, 0); text-transform: no=

ne; text-indent: 0px; letter-spacing: normal; font-family: "Times New =

Roman"; font-size: medium; font-style: normal; font-weight: 400; margi=

n-bottom: 10px !important; word-spacing: 0px; white-space: normal; orp=

hans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: in=

itial; text-decoration-style: initial; text-decoration-color: initial;=

'>Customer Help & Support Toll=

-free
 <=

span style=3D"color: rgb(61, 142, 185);">+1 (888) 687 1505
ong>


sform: none; text-indent: 0px; letter-spacing: normal; font-family: "T=

imes New Roman"; font-size: medium; font-style: normal; font-weight: 4=

00; margin-bottom: 10px !important; word-spacing: 0px; white-space: no=

rmal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-vari=

ant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thic=

kness: initial; text-decoration-style: initial; text-decoration-color:=

initial;'>
Thank you again for your cooperation, we look forward t=

o see you soon!







--2F5kmSmOGSfGO=_vYtloEw3qV6l4jvuOf7--