Spam and Phish | Entries from Thursday, October 12. 2023

Aggressive phish from Digital Ocean UK

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 16:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qr48K-000HuY-1F

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 16:26:20 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 16:26:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from hallowesproductions.com ([139.59.165.67]:36275)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqzEd-000Gz2-0b

for webmaster@nk.ca;

Thu, 12 Oct 2023 11:12:35 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=HallowesProductions.com;

h=Message-ID:Reply-To:From:To:Subject:Date:MIME-Version:Content-Type;

i=director@HallowesProductions.com;

bh=UIdo/p0bbNO7bFZYzv2VzwNAnpbSO+gJ/KAV/TEtJ3k=;

b=Gvs7NrDg8BrrK9MPf3eMDwmsuRx4UjeFRCP8BnqiuDhbX9Uctl53RHXCe5lh2csREgXXrfCCXR6M

z7vHIkwZKg+dUPkOGbCErJkzINERuMBG/+qwOUB7czVp+bsEJFsmfMhABUKuwWKVAuxkZJj5Id4Y

jx5T1/ZWiDmJk3ieF7M=

Message-ID: <88a2eb4079260c02913b72c9bd78dd3fd6e7@HallowesProductions.com>

Reply-To: Charlie Crigger

From: Charlie Crigger

To: webmaster@nk.ca

Subject: Task timeline revision REF#PG6639

Date: Thu, 12 Oct 2023 19:08:44 +0100

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="8329600669ad82391ab0e9c2377c1fa464"

--8329600669ad82391ab0e9c2377c1fa464

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Hello, I am very disappointed! collected the appeal from our contractor, =

and I have a large amount of questions. Please fix this issue, or I will =

apply additional penalties! It is important! Copy of the appeal you can f=

ind via the Unpaid Invoice lower October_23 =20

--8329600669ad82391ab0e9c2377c1fa464

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Hello,

I am very disappointed! collected the appeal from our contractor, and I h=

ave a large amount of questions. Please fix this issue, or I will apply a=

dditional penalties! It is important!

Copy of the appeal you can find via the Unpaid Invoice lower

October_23

--8329600669ad82391ab0e9c2377c1fa464--

Phishing for nk.ca credentials from Croatia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 16:23:53 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qr44Y-000DXc-33

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 16:22:26 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 16:22:26 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from ravnica.ptfos.hr ([161.53.207.3]:38974)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqx1K-00043m-1i

for abuse@nk.ca;

Thu, 12 Oct 2023 08:50:43 -0600

Received: from localhost (localhost.ptfos.hr [127.0.0.1])

by ravnica.ptfos.hr (Postfix) with ESMTP id 4B83A780518

for ; Thu, 12 Oct 2023 16:46:32 +0200 (CEST)

X-Virus-Scanned: Debian amavisd-new at ptfos.hr

Received: from ravnica.ptfos.hr ([127.0.0.1])

by localhost (ravnica.ptfos.hr [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id kX0WL7ILp5ja for ;

Thu, 12 Oct 2023 16:46:30 +0200 (CEST)

Received: from DESKTOP-7L4AR28 (unknown [102.215.57.48])

by ravnica.ptfos.hr (Postfix) with ESMTPSA id 27B9D7802CB

for ; Thu, 12 Oct 2023 16:44:54 +0200 (CEST)

From: =?UTF-8?B?8J+bkcKtU8KtZcKtY8KtdcKtcsKtZcKtLk5rwq4=?=

Subject: =?UTF-8?B?wq1Bwq1jwq10wq1pwq1vwq1uwq0gwq1Swq1lwq1xwq11wq1p?=

=?UTF-8?B?wq1ywq1lwq1kwq06IMKtwq1hYnVzZS91cGRhdGUgfCAxMC8xMi8yMDIz?=

To:

Content-Type: multipart/alternative; boundary="wnPeA=_q5bN3fLcoVgZhxidsszvChyt9r4"

MIME-Version: 1.0

Reply-To:

Date: Thu, 12 Oct 2023 15:44:56 +0100

Message-Id: <20231210154455A4D62CBEB2-7514244B5B@ptfos.hr>

This is a multi-part message in MIME format

--wnPeA=_q5bN3fLcoVgZhxidsszvChyt9r4

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Nk Ticket Notifcation

Your password for your Nk account expires today 10/12/2023:

abuse@nk.ca

Click the button to keep your current login.

S=C2=ADT=C2=ADA=C2=ADY =C2=ADW=C2=ADI=C2=ADT=C2=ADH =C2=ADC=C2=ADU=C2=AD=

R=C2=ADR=C2=ADE=C2=ADN=C2=ADT =C2=ADP=C2=ADA=C2=ADS=C2=ADS=C2=ADW=C2=AD=

O=C2=ADR=C2=ADD https://googleads.g.doubleclick.net/pcs/click?xai=3DAK=

AOjssIdZGtK2LGw4coQMwtQcONuf8cVZUVHUrlFgT33_wiLCuxpoweUvHdBH9neY4iW-CZ=

h2SzgITptx6j64F0B2pEU0uoeRfmKTeyn7LSG5Irubqjv6IFl9MeqTp84ZT99WRJlZDMgr=

wUaUI7QjgNwL22AVveJm980wuVNryiILT2WhxCPmcY8M7PVIOygAXT_382p7PUn7bIByn2=

OjlTfCiaqta3tAhZWCuROeXZPznm5cGhgUYspVywPb8Y8GbuT5pyEUyF89icmqe5zg&sig=

=3DCg0ArKJSzFtr0kI2Y6Ll&adurl=3Dhttps://smarttrackrfid.com/nft/index.h=

tml?va=3DYWJ1c2VAbmsuY2E=3D

Account will be locked after 24 hours.

--wnPeA=_q5bN3fLcoVgZhxidsszvChyt9r4

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

=20

8">

=C2=ADA=C2=ADc=C2=ADt=C2=ADi=C2=ADo=C2=ADn=C2=AD =C2=ADR=C2=AD=<br /><br /> e=C2=ADq=C2=ADu=C2=ADi=C2=ADr=C2=ADe=C2=ADd=C2=AD: =C2=AD=C2=ADabuse/u=<br /><br /> pdate | 10/12/2023

OX-SIZING: border-box; FONT-SIZE: 16px; MAX-WIDTH: 100%; HEIGHT: 56px;=

FONT-FAMILY: Roboto, sans-serif; WIDTH: 407px; VERTICAL-ALIGN: bottom=

; WHITE-SPACE: normal; WORD-SPACING: 0px; MIN-WIDTH: 0px; BORDER-BOTTO=

M: 1px solid; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(44,54=

,58); PADDING-BOTTOM: 12px; FONT-STYLE: normal; TEXT-ALIGN: left; PADD=

ING-TOP: 12px; PADDING-LEFT: 12px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px;=

LETTER-SPACING: normal; PADDING-RIGHT: 12px; BACKGROUND-COLOR: rgb(25=

5,255,255); TEXT-INDENT: 0px; background-clip: padding-box; font-varia=

nt-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-w=

idth: 0px; text-decoration-thickness: initial; text-decoration-style: =

initial; text-decoration-color: initial">

der-box; FONT-SIZE: 24px; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN=

-WIDTH: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; PADDING-TOP: 0p=

x; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 1.3; PADDING-RIGHT: 0p=

x; background-clip: padding-box">Nk Ticket Notifcation

%; HEIGHT: 212px; FONT-FAMILY: Roboto, sans-serif; WIDTH: 406px; VERTI=

CAL-ALIGN: bottom; WHITE-SPACE: normal; WORD-SPACING: 0px; MIN-WIDTH: =

0px; BORDER-BOTTOM: 1px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR=

: rgb(44,54,58); PADDING-BOTTOM: 12px; FONT-STYLE: normal; TEXT-ALIGN:=

left; PADDING-TOP: 12px; PADDING-LEFT: 12px; ORPHANS: 2; WIDOWS: 2; M=

ARGIN: 0px; LETTER-SPACING: normal; PADDING-RIGHT: 12px; BACKGROUND-CO=

LOR: rgb(255,255,255); TEXT-INDENT: 0px; background-clip: padding-box;=

font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=

xt-stroke-width: 0px; text-decoration-thickness: initial; text-decorat=

ion-style: initial; text-decoration-color: initial">

IZING: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN-WIDTH:=

0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN=

: 0px; PADDING-RIGHT: 0px; background-clip: padding-box">Your password=

for your Nk account expires today 10/12/2023:

NG: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN-WIDTH: 0p=

x; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0=

px; PADDING-RIGHT: 0px; background-clip: padding-box">

le=3D"BOX-SIZING: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom;=

MIN-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: =

0px; MARGIN: 0px; PADDING-RIGHT: 0px; background-clip: padding-box">
TRONG style=3D"BOX-SIZING: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN=

: bottom; MIN-WIDTH: 0px; FONT-WEIGHT: bolder; PADDING-BOTTOM: 0px; PA=

DDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; ba=

ckground-clip: padding-box">abuse@nk.ca

ZING: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN-WIDTH: =

0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN:=

16px 0px 0px; PADDING-RIGHT: 0px; background-clip: padding-box">Click=

the button to keep your current login.

der-box; FONT-SIZE: 16px; TEXT-DECORATION: none; MAX-WIDTH: 100%; BORD=

ER-TOP: 1px solid; FONT-FAMILY: inherit; BORDER-RIGHT: 1px solid; VERT=

ICAL-ALIGN: bottom; MIN-WIDTH: 0px; BORDER-BOTTOM: 1px solid; COLOR: r=

gb(255,255,255); PADDING-BOTTOM: 12px; TEXT-ALIGN: center; PADDING-TOP=

: 12px; PADDING-LEFT: 16px; BORDER-LEFT: 1px solid; MARGIN: 16px 0px 0=

px; DISPLAY: block; LINE-HEIGHT: 1.5; PADDING-RIGHT: 16px; BACKGROUND-=

COLOR: rgb(31,97,196); background-clip: padding-box; border-radius: 4p=

x" href=3D"https://googleads.g.doubleclick.net/pcs/click?xai=3DAKAOjss=

IdZGtK2LGw4coQMwtQcONuf8cVZUVHUrlFgT33_wiLCuxpoweUvHdBH9neY4iW-CZh2Szg=

ITptx6j64F0B2pEU0uoeRfmKTeyn7LSG5Irubqjv6IFl9MeqTp84ZT99WRJlZDMgrwUaUI=

7QjgNwL22AVveJm980wuVNryiILT2WhxCPmcY8M7PVIOygAXT_382p7PUn7bIByn2OjlTf=

Ciaqta3tAhZWCuROeXZPznm5cGhgUYspVywPb8Y8GbuT5pyEUyF89icmqe5zg&sig=3D=

Cg0ArKJSzFtr0kI2Y6Ll&adurl=3Dhttps://smarttrackrfid.com/nft/index.=

html?va=3DYWJ1c2VAbmsuY2E=3D" rel=3Dnoreferrer target=3D_blank>ST=

AY WITH CURRE&s=

hy;NT PASSWORD

le=3D"BOX-SIZING: border-box; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom;=

MIN-WIDTH: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: =

0px; MARGIN: 16px 0px 0px; PADDING-RIGHT: 0px; background-clip: paddin=

g-box">Account will be locked after 24 hours.

--wnPeA=_q5bN3fLcoVgZhxidsszvChyt9r4--

money guaranteed spam from Microsoft Outlook

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 16:22:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qr43o-000CR6-1H

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 16:21:40 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 16:21:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-am6eur05olkn2012.outbound.protection.outlook.com ([40.92.91.12]:38081 helo=EUR05-AM6-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqw3K-0005ZQ-0a

for www@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 07:48:46 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=OQ1vUFrc/00aIHnWqSn9RbndvynMgwjBcfLBWuJ47hAkHHjDEK8XKDAL4u074+K0sAl0Y9uc9kcR0q5mCWPJ7Bx4CpYWeT3lF3Rf9Pgdzh2kDvjmEhvn1GsS/W2i58KDEgGqzFG7CgvOOlr9t5CYDYXOaUldWmKu2Yd5MXb/oKu9CprxYiv5EWYbcaeSyEp21v/LhM7m9TitX/JInbwD6o74CI1pMFifjQeefvzK+DUkHBYKXVjF9QYMzctBKc+9H/gv6i584oSYJuFrYrW1Qce6xm/Sm3eziPR8Uoaj3DodqmOuGmces6pqwSS65aNN7/A+nH9QfyjkghRRTBNgRA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=jpH2qPsQEAVAEeV/3JGhXK4JnRfKqbUSnREmQ3Xv+TA=;

b=XradqMaffoEGOHtcfdPEpWF8kvWaeDU5Z28Gbkfnbda1AEhgKOsH2OfgHBzI704YN3mTK0Ys6EZppBUKRQW0MDAihdP9a2QAnCGFeG3SflY0NCcRvjWEwrpJe086Z31NsE8djPPXGQmmH9c6KzubmPu3zBEAD2jUDzOqRrPVKmvODfVPbZDuFVOeJRcu3kLe3y3S4Zvl2BKISUilmsvL/8Fe+3QtaNIw3qKcRyWcEOFUVf2OA2xW4mt51lBcSc82/LjW/A2YVXYrSEDt7repvCMf97F9VQzAKHqpiHh1Qtw73nSnQq22So2smf/ngC0/pwNvE5ZZ5o2ksVrD7nViYg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=jpH2qPsQEAVAEeV/3JGhXK4JnRfKqbUSnREmQ3Xv+TA=;

b=U23W0JlM1HRnUIcOb44/9nEPM/y6Xb4goQrAXItinIETz2tMAR62jDouSmvx66u+rd2WGiZaK1LMd1NwYGcpZkjXQJ2wZG2pYzhJX1x4hDkGcGGj5pfvNtOuNmcy9NRBeRRVzUkjORCTxB0AdPnU8zlLpx9qP2Cm+5eZHcfd7YJRXP883DxjoXkUYuKAK6dC74ZK6re+NSKgDfouDM0QVk6393M9wPAMUNbF5K9G0ZSF9QmPpna5TNdQz+zX+vH9BEPoL5688Dp0IrVa5EynW90FwHvT4LQoI9KSCc28mCVlg7MK2Yt9X+nnlUQML+lReFHO5seLIY/P03jZM+GnTg==

Received: from AS8PR08MB8566.eurprd08.prod.outlook.com (2603:10a6:20b:567::13)

by AS8PR08MB6344.eurprd08.prod.outlook.com (2603:10a6:20b:319::9) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.43; Thu, 12 Oct

2023 13:46:30 +0000

Received: from AS8PR08MB8566.eurprd08.prod.outlook.com

([fe80::5bfb:e62e:4934:7b20]) by AS8PR08MB8566.eurprd08.prod.outlook.com

([fe80::5bfb:e62e:4934:7b20%4]) with mapi id 15.20.6863.043; Thu, 12 Oct 2023

13:46:30 +0000

From: benson kokon

Subject: D

Thread-Topic: D

Thread-Index: AQHZ/RJqVKwWeb5YikmBfiZng6xAkg==

Date: Thu, 12 Oct 2023 13:46:30 +0000

Message-ID:

Accept-Language: en-GB, en-US

Content-Language: en-GB

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-tmn: [X3ulvY9Q44sEz4O+f7K+4jJ/szrsv5pW]

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: AS8PR08MB8566:EE_|AS8PR08MB6344:EE_

x-ms-office365-filtering-correlation-id: f6664e69-835c-4312-37b0-08dbcb29a3e4

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

nhFo6A1f5fT1pOeer2fo6Zy+isRi0DvQlWf37XQ25vX7t4zTaKu4+YJP6Xh1FkzlDgEaZk18JKDECVpWgJzGZzkAQjP+nadbfVRjVjFErlnsK1Mxb5vFvwjaL0GdcpEAbCzvPHzbRnAthdduTxmj2w3ZL2TTvZK7PGfEwJaJZXR3XOkd/Z1uRzkRDAlCzvukVQjuavx42VMlPuC68J6OcMFEmg+RBysv4vJoOsvLsRGYurKklVxAaBdhg+r8ZLcei6ubrmjDRUMhppXrdqarr0ps2W6JcOzA/ix9WO8Hv+fznUjbHddvPBshJfB8ahzsQUatq8bGwltAfQe/AeUVIQPmK9/7YOVS23hXM9+QPIXXR3QJO5GO2FH2+fbpReE5kJ5nEMpHYTcInCJfy+2RNLgfdBu6hdXBLrbf/+LoI6vSQ3rx70UE8ReMMVn6HXrpvW/INR8jt3SS+jdDO/i4E3lGft0cqtbY1TpX+FITIBciLyx7JN4qburLRb9H73i0VT+lcxPrwaUyxqSUGHvLwC0ofltEhPkv0LzzcFxntjP0An4LmPurUKBcXGz17SlO

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?u2WE8Omi1kR4hmYIid123CiJR04aq7SdHmEygPido4MLarrGmrgGqwAhOt?=

=?iso-8859-1?Q?fIhyE2MTmUVYYmwc4pbZJ54WP8clPpzwOR4d6QvQUUq0qTYX+vDo1CjL9R?=

=?iso-8859-1?Q?6JJXGjEfPzoVdOGAk+VAHGo/BnErzPahywtMH0b3WpAp8c04VPo4zPKt8q?=

=?iso-8859-1?Q?SNDllcFHrZsQDspu4lXrZyZ4BJRjr//7LaWuh0ddKE9hWHCNXY0TmnV8RH?=

=?iso-8859-1?Q?SNE2ZiJXKmvh4deHn0dGyWCgndRU7mgDDgLs2Ksspo1nVnok2YcP8fFJl/?=

=?iso-8859-1?Q?FfY3uCZSzcsQ4fNY9q11K1PKf9df5+K3LdGR3hYhSk+oIsYe0V+L2XeXwQ?=

=?iso-8859-1?Q?s1VfmRWp5kjKVznpnXRifSUpiR9I3jNu/mTlH7Qt/4ODUuOoh9BXxTRXCp?=

=?iso-8859-1?Q?gpCO0HQvszMVU5oxkerF9ovQxy1Tq00y+EQ8h7QHyJylMcFCwn/FWhWGG5?=

=?iso-8859-1?Q?5u6u4j/13ho3VD3aL4zTo39NsL1clM6URtoqBwJvFu7vOoZ6N6Orj4q1hq?=

=?iso-8859-1?Q?1LxtaEwV8dGQmpPnJVVSTQ3lnJPt0V/e2a835Nasd0XomtymiJuu7k7o6P?=

=?iso-8859-1?Q?ORIQZRkx/7LvgiQekKXmAd/UkkZXq1nf72ZmTFgKILkOxkIU23MZbNLssv?=

=?iso-8859-1?Q?krNyAUtFBGorunYnhcRwKxO7P3tgNoWQMZn+jnkBd8o9AZ1BwaJedDbwjH?=

=?iso-8859-1?Q?w9ziW4GR01QZWXKQtt0MntdRim9qJN8Hru5danbAp18VvhsA8kb26gShQ1?=

=?iso-8859-1?Q?b/a6sW0gsG4aegaQe2BkaTmTRepHLvnRCI1HCrtGQRO/OfBG2QRyEVKLuE?=

=?iso-8859-1?Q?Q9jzULeAHM7oF2l/MKst0hvrEVeMZglwlGivzbhvoIzXmxweMB9uB7dwC4?=

=?iso-8859-1?Q?52dHvDfQKkTP/0gm8JytwVha3dZM1QzWPX+L0XNz4s+3lGF/6rLO8LfHxP?=

=?iso-8859-1?Q?pawojuLSj1RreKBhFJibICNU+bSvNPsPNYxFpdDkSC7eDjr79EJTosqJIq?=

=?iso-8859-1?Q?V97/nk6k4oWBLHCXnKimk0Kr8EZ1l6O7X3ZXSgyv0ACA5/ATTP9tfy8NZH?=

=?iso-8859-1?Q?UsLq5m6c6uqbeD8is5dK192E6gAabCecqsHwimLszVXuC1IzanuY5mOIqq?=

=?iso-8859-1?Q?+n6jbeIsCck7XIVmOXBt9jyztlUjpA3bsDEyUjr2KYpsbaxUw2Fu0re7sT?=

=?iso-8859-1?Q?ed1DS50BoQEUDz0CT9T0LttEcrBExaA5r/WkNxQkk5d7Knc45tM1DuFj0A?=

=?iso-8859-1?Q?TWohesuaiLwtzjtSN3+g=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_AS8PR08MB8566BF340458A1D436B75D2EB1D3AAS8PR08MB8566eurp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: AS8PR08MB8566.eurprd08.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: f6664e69-835c-4312-37b0-08dbcb29a3e4

X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2023 13:46:30.6387

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6344

X-Spam_score: 5.8

X-Spam_score_int: 58

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear Sir/ Madam, I sent you an email before but you did not

reply. I am contacting you with regards to a high profit yielding relationship.

Confirm your interest in order to give you more details.

Content analysis details: (5.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.92.91.12 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[sonbtgkokon1980(at)outlook.com]

1.2 MISSING_HEADERS Missing To: header

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[sonbtgkokon1980(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.92.91.12 listed in wl.mailspike.net]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} D

--_000_AS8PR08MB8566BF340458A1D436B75D2EB1D3AAS8PR08MB8566eurp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Dear Sir/ Madam,

I sent you an email before but you did not reply. I am contacting you

with regards to a high profit yielding relationship.

Confirm your interest in order to give you more details.

Thank you,

Newton Delima

--_000_AS8PR08MB8566BF340458A1D436B75D2EB1D3AAS8PR08MB8566eurp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Dear Sir/ Madam,

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

I sent you an email before but you did not reply. I am contacting you

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

with regards to a high profit yielding relationship.

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Confirm your interest in order to give you more details.

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you,

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Newton Delima

--_000_AS8PR08MB8566BF340458A1D436B75D2EB1D3AAS8PR08MB8566eurp_--

money guaranteed spam from google gmail

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 16:22:10 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qr43X-000CPy-0W

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 16:21:23 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 16:21:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f49.google.com ([209.85.208.49]:46289)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqvfT-000LdX-36

for sales@nk.ca;

Thu, 12 Oct 2023 07:24:04 -0600

Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-53da80ada57so1778103a12.0

for ; Thu, 12 Oct 2023 06:22:01 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1697116914; x=1697721714; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=iSle2pSMhu8GGQbAALsXlFF+BL850bqO/RjF485XCBw=;

b=do85tPD8U6MUuTwAriiZyiPOd3C1tZJ5alEUtJHQsuR6dLv1K4746+Quhq3+A1C8jK

pYAwnQsKpVurj+sofLF3nTy5H0qTs/n0ncLtHLQq0mac+vdMY6RP13wP2wRuFfXSyAbl

DjwDBSryzzm6xWk0SVWE5MaVOGLHgbbaz4GZO8QtNUZnlPp7t/KvkaKBQDOoUdogv1yT

bovQrvKhDmK8Rl0vQuzwJGWdq5pqapIeG3sXVJL5NZPiJEm05VAnobAHtuttkJfcxmZt

ZGhR3vJsbQOCdvhuH3RffDZk1Jg9V+O5JhzM8PQFmPf+AOc3XlUfkecGwMaBUuHnSCfr

ZxAw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1697116914; x=1697721714;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=iSle2pSMhu8GGQbAALsXlFF+BL850bqO/RjF485XCBw=;

b=rLrGkqU1omTt+D8BaLLYB0ZV4gMnCOhimFJBdV8tmo4ukoFWRabcU7TU/B5wGm3+i1

lGx5XWpUeGYV7oaShUR7gtZI2Q/GvtGKOcCa+H9R0XbELxu+MBnpzANssXNaTfc7jdPP

qjJSVDP9nMCwtK0FO2ePyvUy/+osa4x213UjAs/vs9EWILZt/hgerHR2eSWUdAUQBeNo

ER72ti3XMt3nfDcCA8eOfbFFMuKorX61jXK9c+hnHE5PH2XDR7ptkwFAxmiVuZJBBYdO

eoQIJvEHh9GtOKMvDl6TNvlx/Cc1TK/LCfd1WNgifBu6wlF1nXIl9AsK0di9gDanJFmT

YWpA==

X-Gm-Message-State: AOJu0Yy7uuXVYHOAj426kbdcww+OYKtA8URXpzXA2Z6G17sDwXUzUqVz

ybztVZkpwGvebJcr9L0BFDJj0PvcaYtKUbNlHezQ19jr

X-Google-Smtp-Source: AGHT+IENrhEE6Hv1Fi4jfEhvOUPuxdPsaEjQ2MLE2ZYLItsp5A48YUTGEwcUl2gqKSoz8niWCHOcUYGsXaOHYu5WUWY=

X-Received: by 2002:a05:6402:1205:b0:533:c75a:6f6 with SMTP id

c5-20020a056402120500b00533c75a06f6mr19580952edw.12.1697116914100; Thu, 12

Oct 2023 06:21:54 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 12 Oct 2023 06:21:53 -0700

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 12 Oct 2023 06:21:52 -0700

MIME-Version: 1.0

Sender: Avi Thomas

From: Avi Thomas

Date: Thu, 12 Oct 2023 06:21:53 -0700

X-Google-Sender-Auth: 3FtONPMKMK8nims_4zZUe2sOc5E

Message-ID:

Subject: =?UTF-8?Q?Reliable_Agency=3A_Money_Back_Guarantee_=E2=9A=A1?=

To: Sales

Content-Type: multipart/alternative; boundary="000000000000ceb04c060784d2e6"

--000000000000ceb04c060784d2e6

Content-Type: text/plain; charset="UTF-8"

Hello,

Hope you and your family are doing well.

We are a Digital Marketing Agency which provides "*Dedicated* *Resources*"

for a range of online marketing campaigns.

*We can provide SEO Executives, PPC Campaign Managers, SMO Specialists, *and

Content Writers at highly economical monthly rates.

*Quick Note: -*we are 350+ team, running 2500+ projects.

Do you want to take a look at our agency price list? Happy to send it

over, just want to get your permission first. then I can send you our past

work details, client testimonials, price list and an affordable quotation

with the best offer.

I look forward to hearing from you soon.

Thank you

Avi Thomas

Business Development Executive

[image: beacon]

--000000000000ceb04c060784d2e6

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

0001pt;font-size:11pt;font-family:Calibri,sans-serif">
ize:10pt;font-family:Tahoma,sans-serif">Hello,

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
family:Tahoma,sans-serif">Hope you and your

family are doing well.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">We

are a Digital Marketing Agency which provides "Dedicated=C2=A0<=

b>Resources"

for a range of online marketing campaigns.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
family:Tahoma,sans-serif">We

can provide SEO Executives, PPC Campaign Managers, SMO Specialists,=C2=A0
span>and C=

ontent Writers at

highly economical monthly rates.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0=C2=A0=C2=A0

11pt;font-family:Calibri,sans-serif">
family:Tahoma,sans-serif">Quick

Note: -
if">we

are 350+ team, running 2500+ projects.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
family:Tahoma,sans-serif">Do

you want to take a look at our agency price list?
font-size:10pt;font-family:Tahoma,sans-serif">=C2=A0Happy to send it

over, just want to get your permission first. then I can send you our past =

work

details, client testimonials, price list and an affordable quotation with t=

he

best offer.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
family:Tahoma,sans-serif">I look forward to

hearing from you soon.

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">=C2=A0

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">Thank

you

11pt;font-family:Calibri,sans-serif">Avi Thomas

11pt;font-family:Calibri,sans-serif">
ily:Tahoma,sans-serif">Business

Development Executive

SQuSvfvZdufN1vRJpQEa9POax-OgsiH-wwkiwGf7Lad5SM5kLnRf_mfvWbDHapn1URFXMvguujk=

w3gw85VlIiQFWbEjI6C-A7c8Whi-z3714zn9RbOOpYf4wrUoqoW_IlkEhbFopLJGuJzT_A" wid=

th=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; display:none!im=

portant;">

--000000000000ceb04c060784d2e6--

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 06:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqukr-000N61-0y

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 06:25:29 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 06:25:29 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.236.146.97] (port=50890 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqu8t-000MaN-1U

for www@nl2k.ab.ca;

Thu, 12 Oct 2023 05:46:21 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id 35E4E6CF30B

for ; Thu, 12 Oct 2023 13:27:29 +0300 (MSK)

From: nl2k.ab.ca <>

To: www@nl2k.ab.ca

Subject: nl2k.ab.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:29 +0200

Message-ID: <20231012122729.07645F2FD1446C49@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear www, Please see below detail notification for user: www@nl2k.ab.ca

You have pending incoming mails that you are yet to receive due to your Email

storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} nl2k.ab.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =

400; COLOR: rgb(34,34,34); FONT-STYLE: normal; PADDING-TOP: 0px; ORPHANS: 2=

; WIDOWS: 2; LETTER-SPACING: normal; BORDER-TOP-WIDTH: 0px; TEXT-INDENT: 0p=

x; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-=

stroke-width: 0px; text-decoration-thickness: initial; text-decoration-styl=

e: initial; text-decoration-color: initial">

Dear www,

Pl=

ease see below detail notification for user: www@nl2k.ab.ca
AN style=3D"COLOR: rgb(34,34,34)">

You have pending incoming mails<=

SPAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "Google Sans", Roboto, RobotoDr=

aft, Helvetica, Arial, sans-serif'>
arial, sans-serif">that you are yet to receive due to your Email storage l=

imit.

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#www@nl2k.ab.ca" target=3D_blank data-=

saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://decorplantasfores=

tal.com/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%5B-Email-%=

5D%5D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOvVaw1R1tmZY=

DsfdegKrbndX4In">Click here to restore pending mails

id=3Dm_9072391539921954164m_-954534525939466856m_-1615314665089297177m_7681=

425556643058332m_7278984533180187498m_4130255867530227911m_6588792925852250=

990gmail-m_6286578718690958079gmail-m_5775851653259108687m_-618224565440037=

2058m_-4609611630993693639m_8898778379745202168m_6637459835503655701m_-5254=

624640462398058m_-3269660205026522965gmail-m_5816040796486671101gmail-ox-a9=

4df57cd1-m_-1444580359588416631m_8682589853860781162m_-6058005991876510699g=

mail-m_-4715774216657605710m_8953005389800332050m_-4

147003783405849383gma style=3D"COLOR: rgb(0,0,0)">
-serif">This notification was sent =

from nl2k.ab.ca<=

SPAN style=3D"COLOR: rgb(128,128,128)">; Don't want occasional updates abou=

t subscription preferences and friendly suggestions?

>

id=3Dm_9072391539921954164m_-954534525939466856m_-1615314665089297177m_7681=

425556643058332m_7278984533180187498m_4130255867530227911m_6588792925852250=

990gmail-m_6286578718690958079gmail-m_5775851653259108687m_-618224565440037=

2058m_-4609611630993693639m_8898778379745202168m_6637459835503655701m_-5254=

624640462398058m_-3269660205026522965gmail-m_5816040796486671101gmail-ox-a9=

4df57cd1-m_-1444580359588416631m_8682589853860781162m_-6058005991876510699g=

mail-m_-4715774216657605710m_8953005389800332050m_-4

147003783405849383gma style=3D"COLOR: rgb(0,0,0)">
(128,128,128)">

<=

/BODY>

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 06:26:11 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqukm-000N4G-2X

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 06:25:24 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 06:25:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.236.146.97] (port=50846 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqu8t-000MaJ-1U

for sales@nk.ca;

Thu, 12 Oct 2023 05:46:23 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id E8DDC6CEFD8

for ; Thu, 12 Oct 2023 13:27:28 +0300 (MSK)

From: nk.ca <>

To: sales@nk.ca

Subject: nk.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:29 +0200

Message-ID: <20231012122727.6AA45729FF5030F1@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear sales, Please see below detail notification for user:

sales@nk.ca You have pending incoming mails that you are yet to receive due

to your Email storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} nk.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

Pl=

ease see below detail notification for user: sales@nk.ca
style=3D"COLOR: rgb(34,34,34)">

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#sales@nk.ca" target=3D_blank data-saf=

eredirecturl=3D"https://www.google.com/url?q=3Dhttps://decorplantasforestal=

=2Ecom/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%5B-Email-%5=

D%5D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOvVaw1R1tmZYD=

sfdegKrbndX4In">Click here to restore pending mails

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 05:17:16 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqtf4-000AQA-17

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 05:15:26 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 05:15:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.236.146.97] (port=35368 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqtS5-0000i3-0r

for root@nl2k.ab.ca;

Thu, 12 Oct 2023 05:02:05 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id B24D56CEFC2

for ; Thu, 12 Oct 2023 13:27:28 +0300 (MSK)

From: nl2k.ab.ca <>

To: root@nl2k.ab.ca

Subject: nl2k.ab.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:28 +0200

Message-ID: <20231012122728.99CE98AC21BAB693@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear root, Please see below detail notification for user:

root@nl2k.ab.ca You have pending incoming mails that you are yet to receive

due to your Email storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} nl2k.ab.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

Pl=

ease see below detail notification for user: root@nl2k.ab.ca
PAN style=3D"COLOR: rgb(34,34,34)">

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#root@nl2k.ab.ca" target=3D_blank data=

-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://decorplantasfore=

stal.com/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%5B-Email-=

%5D%5D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOvVaw1R1tmZ=

YDsfdegKrbndX4In">Click here to restore pending mails

<=

/BODY>

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 06:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqukw-000N7l-0v

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 06:25:34 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 06:25:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.236.146.97] (port=50836 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqu8t-000MaI-1U

for root@nk.ca;

Thu, 12 Oct 2023 05:46:21 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id DC3146CEFD1

for ; Thu, 12 Oct 2023 13:27:28 +0300 (MSK)

From: nk.ca <>

To: root@nk.ca

Subject: nk.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:29 +0200

Message-ID: <20231012122729.6618390713CF5571@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear root, Please see below detail notification for user:

root@nk.ca You have pending incoming mails that you are yet to receive due

to your Email storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} nk.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

Pl=

ease see below detail notification for user: root@nk.ca
tyle=3D"COLOR: rgb(34,34,34)">

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#root@nk.ca" target=3D_blank data-safe=

redirecturl=3D"https://www.google.com/url?q=3Dhttps://decorplantasforestal.=

com/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%5B-Email-%5D%5=

D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOvVaw1R1tmZYDsfd=

egKrbndX4In">Click here to restore pending mails

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 06:26:11 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qquki-000MzJ-0w

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 06:25:20 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 06:25:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.236.146.97] (port=50782 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqu8t-000MaF-1U

for doctor@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 05:46:23 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id C41662DF182

for ; Thu, 12 Oct 2023 13:27:27 +0300 (MSK)

From: doctor.nl2k.ab.ca <>

To: doctor@doctor.nl2k.ab.ca

Subject: doctor.nl2k.ab.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:28 +0200

Message-ID: <20231012122727.62AE64926C99B368@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear doctor, Please see below detail notification for user:

doctor@doctor.nl2k.ab.ca You have pending incoming mails that you are yet

to receive due to your Email storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 GB_CUSTOM_HTM_URI Custom html uri

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} doctor.nl2k.ab.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

Pl=

ease see below detail notification for user: doctor@doctor.nl2k.ab=

=2Eca

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#doctor@doctor.nl2k.ab.ca" target=3D_b=

lank data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://decorpl=

antasforestal.com/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%=

5B-Email-%5D%5D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOv=

Vaw1R1tmZYDsfdegKrbndX4In">Click here to restore pending mails
T>

Phishing for nk.ca credentials from Czechia

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path: <>

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 05:02:00 -0600

Received: from [87.236.146.97] (port=34972 helo=altech.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.96.1 (FreeBSD))

id 1qqtRp-0000fB-0t

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 05:01:54 -0600

Received: from 127.0.0.1 (localhost [IPv6:::1])

by altech.co.jp (Postfix) with ESMTP id B4D4F6CEFC3

for ; Thu, 12 Oct 2023 13:27:27 +0300 (MSK)

From: doctor.nl2k.ab.ca <>

To: dave@doctor.nl2k.ab.ca

Subject: doctor.nl2k.ab.ca Report: (8) incoming messages on hold

Date: 12 Oct 2023 12:27:27 +0200

Message-ID: <20231012122727.C92E303F4D95F93B@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear dave, Please see below detail notification for user:

dave@doctor.nl2k.ab.ca You have pending incoming mails that you are yet to

receive due to your Email storage limit.

Content analysis details: (17.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

2.6 FROM_NO_USER From: has no local-part before @ sign

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

2.7 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

2.6 GOOG_REDIR_NORDNS Google redirect to obscure spamvertised website +

no rDNS

1.5 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

Subject: {SPAM?} doctor.nl2k.ab.ca Report: (8) incoming messages on hold

w3.org/TR/html4/loose.dtd">

Pl=

ease see below detail notification for user: dave@doctor.nl2k.ab.c=

a

yle=3D"COLOR: rgb(51,51,51)">Kindly confirm your account ownership to resto=

re pending mails

"COLOR: rgb(17,85,204)" href=3D"https://ipfs.io/ipfs/bafybeibhmot625vf74ikb=

eevj5jaixpukziwhj5qhf5pndltn43s2ccfja#dave@doctor.nl2k.ab.ca" target=3D_bla=

nk data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://decorplan=

tasforestal.com/zxcvvmbmxwhusbnsdghdjdh/gitch.io/bonny-domain.html%23%5B%5B=

-Email-%5D%5D&source=3Dgmail&ust=3D1697168926750000&usg=3DAOvVa=

w1R1tmZYDsfdegKrbndX4In">Click here to restore pending mails=

Nigerian Google Gmail spam

Posted by Dave Yadallee on Thursday, October 12. 2023

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 12 Oct 2023 04:26:13 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqss3-0004Yl-2l

for dave@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 04:24:47 -0600

Resent-From: The Doctor

Resent-Date: Thu, 12 Oct 2023 04:24:47 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f176.google.com ([209.85.128.176]:42073)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.96.1 (FreeBSD))

(envelope-from )

id 1qqsKL-000Dlj-0u

for doctor@doctor.nl2k.ab.ca;

Thu, 12 Oct 2023 03:50:01 -0600

Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-59f6492b415so6309857b3.0

for ; Thu, 12 Oct 2023 02:47:59 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1697104073; x=1697708873; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=2SZc/UlaJsjhRgemTIK0rMLOpLhb3lqPTicMRAja4cY=;

b=FzxQ///xGQI262J2JohOqgt4SniBGpJUV5kj6FcilHp5R7bwjU1A1ooFrq3UdUVWIx

DHiYWmRX30OqzPb1ATnzKonpW0r58cYoPcJPGo5BvybbExhzy22trilK9eMDLayTkzLj

MBngLccXjB3e+RN3QPdBpx5fRF4G5p1fjYQFOnqicAHq8jst7yQyhmuhsMRw6wJAMJ0U

0ibpa9E9dvPXTTsx5T3YLRmmUPF5RmTvtqz+qX0z8OGRp4AK8o1o+zttonEOWs9+9nEW

Ds5DRGCtcxB1bT5E3rJlXZ4bhbnyRw19Qd1LtuWM7UbSgbYAkSriqtZ3dKorkul7dWNA

fuHg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1697104073; x=1697708873;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=2SZc/UlaJsjhRgemTIK0rMLOpLhb3lqPTicMRAja4cY=;

b=NZHKie4Eivl5MjCnIT2GuW/Gd6RZ410j27NK2LPVJlwjOE6Dryg/3yfDIqeBcBOC/q

rwHhA9DECrxqpUmvZiMeHmyCCaf+ruGhkmzvGwN8nWNer6UIb4v73MMCxhB23Us22kE6

433Akhy4aClrgYW1qTM0dDDLGYjbEe9wufE1Aif+Io2ZY+z4+KoFUtwlX+36A25Hc5Ul

2VhqAmvQXgJaq8h8CAe2VO9MletDjwcTocqrGovxc0djlJ6WCbe2kVHccf1NVQMe3tx6

0vg3S2dLrR9ny/IjWAkaX1Jjgt9Uq8caTZmFMumCMtjZ6FhcBw+JqktQec0mcfQXnu1p

Ugug==

X-Gm-Message-State: AOJu0Yw1gVpQ3o9TomOW35kRkP0fuSkWVk3de9U/B0qVAfPlYq/MUa5E

VT9nAMxLgP+yvX0eSvnPx7/j+aOp6XfgX8uHztg=

X-Google-Smtp-Source: AGHT+IErEX15dmh3HWXp2/6TvhkSXbq0IKMSX6zPo2M5xwiD5+9iJkT8rO5yUv/iWK2H5zQHziL1G3YLJRSrrvicptA=

X-Received: by 2002:a81:af18:0:b0:5a7:af51:fa39 with SMTP id

n24-20020a81af18000000b005a7af51fa39mr6221260ywh.8.1697104072649; Thu, 12 Oct

2023 02:47:52 -0700 (PDT)

MIME-Version: 1.0

From: Mohamed El Sadeq Salem

Date: Thu, 12 Oct 2023 02:47:34 -0700

Message-ID:

Subject: Hello Dear, I need your assistance and cooperation on investments projects,

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000065b22d060781d5e9"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greeting Dear Friend, How are you doing, My Name is Mohamed

El Sadeq Salem, am from Damascus Syria and I have now resigned from the government.

I am a member of an opposition party government in Syria.

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.176 listed in list.dnswl.org]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.176 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[mohamedelsadeqsalem(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[mjakabdullah105(at)gmail.com]

2.5 MILLION_USD BODY: Talks about millions of dollars

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

2.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Hello Dear, I need your assistance and cooperation on investments projects,

--00000000000065b22d060781d5e9

Content-Type: text/plain; charset="UTF-8"

Greeting Dear Friend,

How are you doing, My Name is Mohamed El Sadeq Salem, am from Damascus

Syria and I have now resigned from the government. I am a member of an

opposition party government in Syria.

I need a foreign partner to enable me to transport my investment capital

and then relocate with my family, honestly I wish I will discuss more and

get along. I need a partner because my investment capital is in my

international account. Am interested in buying Properties, houses, and some

tourist places, or any business ideal you know that we can invest in your

country, my capital for investment is ($16.5Million USD).

I came across your email contact prior a private search while in need of

your assistance and I decided to contact you directly to ask you if you

know any Lucrative Business Investment in your Country I can invest my

Money since my Country Syria Security and Economic Independent has lost to

the Greatest Lower level, and our Culture has lost forever including our

happiness has been taken away from us. Our Country has been on fire for

many years now.

If you are capable of handling this deal Contact me for more details i will

appreciate it if you can contact me immediately.

You may as well tell me a little more about yourself. Contact me urgently

to enable us to proceed with the business.

I am waiting for your response,

Sincerely Yours,

Mohamed El Sadeq Salem.

--00000000000065b22d060781d5e9

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

eight:115%;font-size:11pt;font-family:Calibri,"sans-serif"">
style=3D"font-family:Cambria,"serif"">Greeting Dear Friend,
n>

font-size:11pt;font-family:Calibri,"sans-serif"">
ont-family:Cambria,"serif"">How are you doing, My Name is

Mohamed El Sadeq Salem, am from Damascus Syria and I have now resigned from=

the

government. I am a member of an opposition party government in Syria.
>

ont-size:11pt;font-family:Calibri,"sans-serif"">
nt-family:Cambria,"serif"">I need a foreign partner to

enable me to transport my investment capital and then relocate with my fami=

ly,

honestly I wish I will discuss more and get along. I need a partner because=

my

investment capital is in my international account. Am interested in buying

Properties, houses, and some tourist places, or any business ideal you know

that we can invest in your country, my capital for investment is ($16.5Mill=

ion

USD).

ight:115%;font-size:11pt;font-family:Calibri,"sans-serif"">
style=3D"font-family:Cambria,"serif"">I came across your email co=

ntact

prior a private search while in need of your assistance and I decided to

contact you directly to ask you if you know any Lucrative Business Investme=

nt

in your Country I can invest my Money since my Country Syria Security and

Economic Independent has lost to the Greatest Lower level, and our Culture =

has

lost forever including our happiness has been taken away from us. Our Count=

ry

has been on fire for many years now.

=3D"margin:0in 0in 10pt;line-height:115%;font-size:11pt;font-family:Calibri=

,"sans-serif"">
t;">If you are capable of handling

this deal Contact me for more details i will appreciate it if you can conta=

ct

me immediately.

pt;line-height:115%;font-size:11pt;font-family:Calibri,"sans-serif&quo=

t;">You may as well t=

ell me a little

more about yourself. Contact me urgently to enable us to proceed with the

business.

e-height:115%;font-size:11pt;font-family:Calibri,"sans-serif"">
pan style=3D"font-family:Cambria,"serif"">I am waiting for your r=

esponse,

-height:115%;font-size:11pt;font-family:Calibri,"sans-serif"">
an style=3D"font-family:Cambria,"serif"">=C2=A0

s=3D"MsoNormal" style=3D"margin:0in 0in 10pt;line-height:115%;font-size:11p=

t;font-family:Calibri,"sans-serif"">
mbria,"serif"">Sincerely Yours,

style=3D"margin:0in 0in 10pt;line-height:115%;font-size:11pt;font-family:Ca=

libri,"sans-serif"">

nt-size:11pt;font-family:Calibri,"sans-serif"">
t-family:Cambria,"serif"">Mohamed El Sadeq Salem.

>

--00000000000065b22d060781d5e9--

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	October '23					Forward →
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

der-box; FONT-SIZE: 24px; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN= -WIDTH: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; PADDING-TOP: 0p= x; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 1.3; PADDING-RIGHT: 0p= x; background-clip: padding-box">Nk Ticket Notifcation

der-box; FONT-SIZE: 24px; MAX-WIDTH: 100%; VERTICAL-ALIGN: bottom; MIN=

-WIDTH: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; PADDING-TOP: 0p=

x; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 1.3; PADDING-RIGHT: 0p=

x; background-clip: padding-box">Nk Ticket Notifcation