ovh credential phishing

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 Dec 2023 16:36:13 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rGSO8-00000000Anv-2m23

for dave@doctor.nl2k.ab.ca;

Thu, 21 Dec 2023 16:23:36 -0700

Resent-From: The Doctor

Resent-Date: Thu, 21 Dec 2023 16:23:36 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps-72fa32de.vps.ovh.us ([15.204.8.197]:34908)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rGPC0-00000000LxU-20PN

for sales@nk.ca;

Thu, 21 Dec 2023 12:58:56 -0700

Received: from secure.net (localhost [IPv6:::1])

by vps-72fa32de.vps.ovh.us (Postfix) with ESMTP id CFB204EF58C

for ; Thu, 21 Dec 2023 19:37:57 +0000 (UTC)

From: "sales@nk.ca"

To: sales@nk.ca

Subject: You have (3) Suspended incoming messages

Date: 21 Dec 2023 11:37:57 -0800

Message-ID: <20231221113757.02A430DBF1157F12@secure.net>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 15.0

X-Spam_score_int: 150

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: From nk.ca Server You have (3) messages pending on your email

storage server as at 12/21/2023 11:37:57 a.m. User ID: sales@nk.ca



Content analysis details: (15.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: jrrnmpelmi.ii1l.autos]

[URI: pub-733b6001799640539b97952d6392594f.r2.dev]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: ii1l.autos]

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

1.5 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a

URL

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address

0.7 PDS_FROM_2_EMAILS From header has multiple different addresses

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.6 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} You have (3) Suspended incoming messages

X-Antivirus: AVG (VPS 231221-4, 12/21/2023), Inbound message

X-Antivirus-Status: Clean




w3.org/TR/html4/loose.dtd">










Tahoma, Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; =

WIDTH: 700px; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; BORDER-BOTTOM-=

WIDTH: 0px; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: norma=

l; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=

; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=

decoration-style: initial; text-decoration-color: initial; font-variant-num=

eric: inherit; font-variant-east-asian: inherit; font-stretch: inherit">


ONT-FAMILY: inherit; BORDER-RIGHT: rgb(211,211,211) 1px dotted; BORDER-COLL=

APSE: collapse; BORDER-BOTTOM: rgb(211,211,211) 1px dotted; COLOR: rgb(51,5=

1,51); BORDER-LEFT: rgb(211,211,211) 1px dotted; font-stretch: inherit">








solid; WIDTH: 2px; BORDER-BOTTOM: rgb(0,0,0) 0px solid; COLOR: rgb(0,0,0);=

PADDING-BOTTOM: 5px; PADDING-TOP: 5px; PADDING-LEFT: 5px; BORDER-LEFT: rgb=

(0,0,0) 0px solid; PADDING-RIGHT: 5px; BACKGROUND-COLOR: rgb(2,151,64)">
NT size=3D1> 
solid; WIDTH: 665px; BORDER-BOTTOM: rgb(0,0,0) 0px solid; COLOR: rgb(0,0,0=

); PADDING-BOTTOM: 5px; PADDING-TOP: 5px; PADDING-LEFT: 5px; BORDER-LEFT: r=

gb(0,0,0) 0px solid; MARGIN: 0px; PADDING-RIGHT: 5px; BACKGROUND-COLOR: rgb=

(243,255,248)">


IDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; FONT-WEIGHT:=

bolder; COLOR: ; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px;=

MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-stretch: inhe=

rit">From nk.ca Server



Tahoma, Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; =

WIDTH: 700px; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; BORDER-BOTTOM-=

WIDTH: 0px; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: norma=

l; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=

; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=

decoration-style: initial; text-decoration-color: initial; font-variant-num=

eric: inherit; font-variant-east-asian: inherit; font-stretch: inherit">
>



Tahoma, Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; =

WIDTH: 700px; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; BORDER-BOTTOM-=

WIDTH: 0px; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: norma=

l; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=

; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=

decoration-style: initial; text-decoration-color: initial; font-variant-num=

eric: inherit; font-variant-east-asian: inherit; font-stretch: inherit">You=

have (3) messages pending on your email stora=

ge server as at 12/21/2023 11:37:57 a.m.



Tahoma, Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; =

WIDTH: 700px; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; BORDER-BOTTOM-=

WIDTH: 0px; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: norma=

l; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=

; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=

decoration-style: initial; text-decoration-color: initial; font-variant-num=

eric: inherit; font-variant-east-asian: inherit; font-stretch: inherit">
>



Tahoma, Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; =

WIDTH: 700px; VERTICAL-ALIGN: baseline; WHITE-SPACE: normal; BORDER-BOTTOM-=

WIDTH: 0px; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLO=

R: rgb(0,0,0); PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: norma=

l; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal=

; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-=

decoration-style: initial; text-decoration-color: initial; font-variant-num=

eric: inherit; font-variant-east-asian: inherit; font-stretch: inherit">


IDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; FONT-WEIGHT:=

bolder; COLOR: ; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px;=

MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-stretch: inhe=

rit"> User ID:  sales@nk.ca

aria-hidden=3Dtrue>



sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: bas=

eline; WHITE-SPACE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px; TE=

XT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(44,54,58); PADDING-BOTTOM:=

0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: 2; =

WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; PADDING-RIGHT: 0px; BORDER-=

TOP-WIDTH: 0px; TEXT-INDENT: 0px;=20

font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-str=

oke-width: 0px; text-decoration-thickness: initial; text-decoration-style: =

initial; text-decoration-color: initial; font-variant-numeric: inherit; fon=

t-variant-east-asian: inherit; font-stretch: inherit">


    ING-LEFT: 30px; PADDING-RIGHT: 30px">




  1. : baseline; BACKGROUND: rgb(80,110,216); BORDER-BOTTOM-WIDTH: 0px; COLOR: r=

    gb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 10p=

    x; MARGIN: 0px; PADDING-RIGHT: 10px; BORDER-TOP-WIDTH: 0px; text-decoration=

    -line: none" href=3D"https://pub-733b6001799640539b97952d6392594f.r2.dev/en=

    dofyearupdates.html?clientID=3Dsales@nk.ca" rel=3D"nofollow noopener norefe=

    rrer" target=3D_blank=20

    data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://api.viglink.=

    com/api/click?sbieexhdkuaphrpijkut%26out%3D%2568%2574%2574%2570%253Aehppfya=

    fzt%252E%2569%2569%2531%256C%252E%2561%2575%2574%256F%2573%252Fbrzpz/dh/YVc=

    1bWIwQmhZM1JwYjI1aVlXY3VZMjl0OmllcnFramJsZWg%3D%26key%3Dfd5de1d096b38be9fff=

    d6ddc1948df4f&source=3Dgmail&ust=3D1702039472695000&usg=3DAOvVa=

    w1oPHDOGW44s8_qJRU3r2CL">Authorize delivery of pending mails

    dden=3Dtrue>






  2. : baseline; BACKGROUND: rgb(212,0,0); BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(=

    255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 10px; =

    MARGIN: 0px; PADDING-RIGHT: 10px; BORDER-TOP-WIDTH: 0px; text-decoration-li=

    ne: none" href=3D"https://pub-733b6001799640539b97952d6392594f.r2.dev/endof=

    yearupdates.html?clientID=3Dsales@nk.ca" rel=3D"nofollow noopener noreferre=

    r" target=3D_blank=20

    data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://api.viglink.=

    com/api/click?lanoygsbykdtvsfatkoe%26out%3D%2568%2574%2574%2570%253Azszvftx=

    nxg%252E%2569%2569%2531%256C%252E%2561%2575%2574%256F%2573%252Fucuyy/ht/YVc=

    1bWIwQmhZM1JwYjI1aVlXY3VZMjl0OmxqeXdlcHJiemQ%3D%26key%3Dfd5de1d096b38be9fff=

    d6ddc1948df4f&source=3Dgmail&ust=3D1702039472695000&usg=3DAOvVa=

    w0fVUgjcyqX9NJBmdMAVcTV">Report error to an IT Help Desk



erif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; =

BORDER-BOTTOM-WIDTH: 0px; COLOR: ; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; f=

ont-stretch: inherit">


Helvetica, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL=

-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: ; PADDING-BOTTOM: 0px; P=

ADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER=

-TOP-WIDTH: 0px; font-stretch: inherit">


i, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; BOR=

DER-BOTTOM-WIDTH: 0px; COLOR: rgb(0,0,0); PADDING-BOTTOM: 0px; PADDING-TOP:=

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH:=

0px; font-stretch: inherit">*You will receive pending emails after s=

uccessful login via email portal. We apologize for the inconvenience.
>







f, EmojiFont; BORDER-RIGHT-WIDTH: 0px; WIDTH: 700px; VERTICAL-ALIGN: baseli=

ne; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(44,54,58); PADDING-BOTTOM: 0px; PA=

DDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 30px 0px 0px; PADDING-RIGHT: 0px=

; BORDER-TOP-WIDTH: 0px; font-variant-numeric: inherit; font-variant-east-a=

sian: inherit; font-stretch: inherit">


ible; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; MIN-HEIGHT: 0px">




sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: bas=

eline; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(131,130,130); PADDING-BOTTOM: 0=

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 10px 0px 0px; LINE-HEIGHT:=

2; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-variant-numeric: inheri=

t; font-variant-east-asian: inherit; font-stretch: inherit">Messag=

e Encrypted by nk.ca

   © All Rights Reserved.  &=

nbsp;| If you do not wish to receive this message   


N: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(0,102,147); PADDING-BOTTO=

M: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0p=

x; BORDER-TOP-WIDTH: 0px; BACKGROUND-COLOR: transparent; text-decoration-li=

ne: none"=20

href=3D"https://api.viglink.com/api/click?qhrylgkmmjjgntphcjgz&out=3D%6=

8%74%74%70%3Ajrrnmpelmi%2E%69%69%31%6C%2E%61%75%74%6F%73%2Fmbolk/xj/YVc1bWI=

wQmhZM1JwYjI1aVlXY3VZMjl0Om12aXV0dHVkaHE=3D&key=3Dfd5de1d096b38be9fffd6=

ddc1948df4f" rel=3D"nofollow noopener noreferrer" target=3D_blank=20

data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://api.viglink.=

com/api/click?qhrylgkmmjjgntphcjgz%26out%3D%2568%2574%2574%2570%253Ajrrnmpe=

lmi%252E%2569%2569%2531%256C%252E%2561%2575%2574%256F%2573%252Fmbolk/xj/YVc=

1bWIwQmhZM1JwYjI1aVlXY3VZMjl0Om12aXV0dHVkaHE%3D%26key%3Dfd5de1d096b38be9fff=

d6ddc1948df4f&source=3Dgmail&ust=3D1702039472695000&usg=3DAOvVa=

w0Dtn3SjYfmmmaRsX7EzaAe">Unsubscribe.

ODY>

Temu phish from 144.217.195.210 - OVH

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 18 Dec 2023 05:42:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rFCwN-000000006w6-1E3Q

for dave@doctor.nl2k.ab.ca;

Mon, 18 Dec 2023 05:41:47 -0700

Resent-From: The Doctor

Resent-Date: Mon, 18 Dec 2023 05:41:47 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from infiniy-smtp17.lifetimeoretho.info ([144.217.195.210]:33405)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rFCjd-000000005iy-3BYP

for root@nl2k.ab.ca;

Mon, 18 Dec 2023 05:28:42 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=default; d=lifetimeoretho.info;

h=Subject:From:To:Sender:Reply-To:Date:List-Unsubscribe:Message-ID:MIME-Version:Content-Type; i=levis@lifetimeoretho.info;

bh=KnOC/D/ZEmi7Wthxc0vtQml93zI0oWvcIuYk8jWuvs8=;

b=Z+D9HonXbMNutibSHeMZf4e6UoxUN9ZbTtAe5L5ZqiU7LF4UTv0FKIYjdUeA7J7daYH6jgwGGiyT

RbH44G35sa2fn/OCv5tSCBog6dnDpDbcE1/Pdt0eXgvdTx/DeF6lJtmpE90q16IBoBXiGCiVTIwj

CfBAIRi4SA/wv606Gkc=

Subject: We would like to offer you an unique opportunity to receive a Temu Pallets.

From: "Customer Service"

To: root@nl2k.ab.ca

Sender: levis@lifetimeoretho.info

Reply-To: levis@lifetimeoretho.info

Date: 18 Dec 2023 11:38:45 -0000

List-Unsubscribe: ,



X-CampaignID: s4:69385-42b2cd5de54d01e2

Message-ID:

X-Mailer-Info: 8.hFjM5UDN.YTOzgTN.y92b0BkbsJzauEmYuMWY.xEjNyIDMzcDM.YTOzkDO

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="==04e1e3895d4d5fbf009250bc9f24c1d6"

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: TEMU Dear Temu shopper, root@nl2k.ab.ca,



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: lifetimeoretho.info]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: lifetimeoretho.info]

[URI: wwps-ad.lifetimeoretho.info]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

Subject: {SPAM?} We would like to offer you an unique opportunity to receive a Temu Pallets.



This is a multi-part message in MIME format.



--==04e1e3895d4d5fbf009250bc9f24c1d6

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable



TEMU



Dear Temu shopper,



root@nl2k.ab.ca,



We would like to offer you an unique opportunity to receive a

Temu Pallets.

To claim, simply take this short survey about your experience

with Temu.



Your opinion is very valuable. Click CONTINUE to begin.



CONTINUE ( https://wwps-ad.lifetimeoretho.info/ga/click/2-116220370-12954-3=

5128-69398-40704-893c4fa928-349cf2eb9b )



Attention! This survey offer expires today,

May 3, 2023



Unsubscribe from this mailing list ( https://wwps-ad.lifetimeoretho.info/ga=

/unsubscribe/2-116220370-12954-35128-69398-452488969a185fe-349cf2eb9b )=



--==04e1e3895d4d5fbf009250bc9f24c1d6

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable




.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


ft-com:office:office" xmlns:v=3D"urn:schemas-microsoft-com:vml">





 




ground-color: #ff6600;">

 





dth: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; word=

-wrap: break-word; word-break: break-word; background-color: #ff6600;">




: calc(28000% - 167400px); background-color: #ffffff;">







padding-left: 0px;" align=3D"center">
#ff6600;">TEMU

















dth: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; word=

-wrap: break-word; word-break: break-word; background-color: #ffffff;">




: calc(28000% - 167400px); background-color: #ffffff;">








ly: Arial, 'Helvetica Neue', Helvetica, sans-serif; text-align: left;" alig=

n=3D"left">



nter;"> 




ft;">Dear Temu shopper,
pan>






ly: Arial, 'Helvetica Neue', Helvetica, sans-serif; text-align: left;" alig=

n=3D"left">root@nl2k.ab.ca=

,



ly: Arial, 'Helvetica Neue', Helvetica, sans-serif; text-align: left;" alig=

n=3D"left"> 
div>


ly: Arial, 'Helvetica Neue', Helvetica, sans-serif; text-align: left;" alig=

n=3D"left">



=3D"font-size: 12pt;">We would like to offer you an unique opportunity to r=

eceive a Temu Pallets.
To claim, simply take this sh=

ort survey about your experience with Temu.


=3D"font-size: 12pt; color: #000000;">Your opinion is very valuable. Click =

CONTINUE to begin.




=3D"font-size: 12pt; color: #000000;"> 



 








: 10px 20px 10px 20px;" align=3D"left">


; max-width: 250px; width: auto; font-family: Arial, 'Helvetica Neue', Helv=

etica, sans-serif; border: 0px solid transparent; padding: 5px 30px;" align=

=3D"center">
xt-decoration: none;" href=3D"https://wwps-ad.lifetimeoretho.info/ga/click/=

2-116220370-12954-35128-69398-40704-893c4fa928-349cf2eb9b">CONTINUE
an>



y: arial, helvetica, sans-serif; font-size: 12pt;"> 







ly: Arial, 'Helvetica Neue', Helvetica, sans-serif; text-align: left;" alig=

n=3D"left">
color: #ff0000;">Attention! This survey offer expir=

es today, May 3, 2023




font-family: arial, helvetica, sans-serif;"> 






width: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; wo=

rd-wrap: break-word; word-break: break-word; background-color: transparent;=

text-align: center;"> 



width: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; wo=

rd-wrap: break-word; word-break: break-word; background-color: transparent;=

text-align: center;"> 



width: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; wo=

rd-wrap: break-word; word-break: break-word; background-color: transparent;=

text-align: center;">
yle=3D"color: #ffffff;" href=3D"https://wwps-ad.lifetimeoretho.info/ga/unsu=

bscribe/2-116220370-12954-35128-69398-452488969a185fe-349cf2eb9b">Unsubscri=

be from this mailing list



width: 600px; width: calc(29000% - 179200px); overflow-wrap: break-word; wo=

rd-wrap: break-word; word-break: break-word; background-color: transparent;=

text-align: center;"> 





font-family: arial, helvetica, sans-serif;"> 




















rial, helvetica, sans-serif;"> 



, helvetica, sans-serif;"> 





5128-69398-349cf2eb9b" height=3D"2" width=3D"3" alt=3D"">

=



--==04e1e3895d4d5fbf009250bc9f24c1d6--

Nigerian spam from ovh.ca

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 Dec 2023 07:51:50 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rAWel-00000000FZm-06dM

for dave@doctor.nl2k.ab.ca;

Tue, 05 Dec 2023 07:44:15 -0700

Resent-From: The Doctor

Resent-Date: Tue, 5 Dec 2023 07:44:14 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps-347b436c.vps.ovh.ca ([51.222.111.239]:55928 helo=server.aapkapaintermail.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rAUxk-00000000PLd-2Djq

for root@doctor.nl2k.ab.ca;

Tue, 05 Dec 2023 05:55:48 -0700

Received: from [141.98.10.237] (unknown [141.98.10.237])

by server.aapkapaintermail.com (Postfix) with ESMTPA id 72C3E3B30E3;

Tue, 5 Dec 2023 12:53:40 +0000 (UTC)

DKIM-Filter: OpenDKIM Filter v2.11.0 server.aapkapaintermail.com 72C3E3B30E3

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=aapkapaintermail.com; s=dkim; t=1701780823;

bh=ofGUmLEaB/zi/++xH2LlRVWaHytprgPrFycW6vTScIM=;

h=Subject:To:From:Date:Reply-To:From;

b=lvuu0CmorS9+dK37nI3Goxupp0v/sVnwr2ljVGFJRO25kt0X2GR+Wo2myHQjV1fb6

QDWsDv1GvGWGYGl7aPzWG3AarA2Ivvwzp5fOITv8MxXKljuwEWRPs/i0rqsJ1V9Lrh

gLr7URfoJJ6soX6tpj8bUMlGvckzXe2Fgnk+aqfXKEnEHwtiwtsGfl9Jr6JHj/01JH

BPKFUIkomB/j9lSgTT94OUzCGE751Te2iiep2jH9Gt9vO+6+OKUl0jfqPCiYK+hH06

1CFB9obOXICNMIJuGhICwYkm1/XH6NdMonJVldudKRMVJpsNYbvjxfhv7R6FmBM7r+

FBQXSmMAaiLow==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Subject: Re:

To: Recipients

From: "Kristine Wellenstein"

Date: Tue, 05 Dec 2023 04:53:35 -0800

Reply-To: kristwell67@gmail.com

X-Spam_score: 8.4

X-Spam_score_int: 84

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings You have got a grant from Mrs. Kristine Wellenstein.

Respond back via email: kristwell67@gmail.com for more info on how to receive

your claim. Best Regards. Kristine Wellenstein <>>><<<>



Content analysis details: (8.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[141.98.10.237 listed in zen.spamhaus.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: aapkapaintermail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server

[141.98.10.237 listed in dnsbl.sorbs.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[kristwell67(at)gmail.com]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

Subject: {SPAM?} Re:

X-Antivirus: AVG (VPS 231204-0, 12/3/2023), Inbound message

X-Antivirus-Status: Clean



Greetings



You have got a grant from Mrs. Kristine Wellenstein. Respond back via email=

: kristwell67@gmail.com for more info on how to receive your claim.



Best Regards.

Kristine Wellenstein

<>>><<<>

wallet update spam from ovh

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 01 Dec 2023 19:47:49 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1r9G1R-00000000Huq-3AIT

for dave@doctor.nl2k.ab.ca;

Fri, 01 Dec 2023 19:46:25 -0700

Resent-From: The Doctor

Resent-Date: Fri, 1 Dec 2023 19:46:25 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps-77f07c98.vps.ovh.us ([135.148.138.117]:39312 helo=mail.lazeria.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1r9Cc2-000000004CU-3bUK

for support@nk.ca;

Fri, 01 Dec 2023 16:08:11 -0700

Received: from localhost (localhost [127.0.0.1])

by mail.lazeria.com (Postfix) with ESMTP id 8FD74430BE

for ; Fri, 1 Dec 2023 23:05:58 +0000 (UTC)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=newfieldresearch.com; s=default; t=1701471958;

bh=Je/EX8Url3xXfKGQLX6pbgcVO4BzKr6CWT7WOca8i4M=;

h=Date:Subject:From:To:From;

b=R5fs1niJuAv2nUO8Czs2KvKljjzE0FyJnQU0yUk3oFOX41sgsixM75LxXcJyHQ4ED

0aem8yHJOxwXx4IA4BttMg56Qzw3zG545VtfVFl/zXIJP3BHg1bGN1Vu0UHfqJ+Rj5

RVxdLub8easguU9SUNuFMJ+ZhFT6628zWETnVw0Q0ecvF7Kw9TGp065ZUmbqgHy1kF

g+5eBM2k+SoCGIMQU3fUb0vpZnvS9rT7aGsEFMCueriOi/fpJ55AkY78LIoUvirmjb

GxaZZT6CrRVROPA4wwEixclBtZYvHTUZufqVI843AAZH5fmQfvb3EfWZ1K0m6TEhnM

EnNc0lFxjp1a0H6UbgAtsTw3pqMleIczRiH8scOjSEiwR6ASVO4Sg2A2/se/lcOUsL

0bWdas8RRNUSD5bmo74e+otdK8oaeDOUpfAbjFk4pbxOijNVlKzwSV17V5Srs4BhjK

nEFtOpbG2IXZhNCezzOkZybX9eRpy6St+dlKh5GP/sPmPYM+uccFOMLanNdssZEbw4

0V6lMNkUwrxmRFQZR3OU7rnEswgJsJrJgDu8w7xezhId7h53L6yaqdGUNM6tOQCiD9

dnln7kRPvjZtDwjOWMIxu6PnAg2o93jCcsBJ8SaKwr+aeok0hwqa2iDLhB44nqbO/x

l93Hjhb+joqZJFvHnXlnqvqw=

X-Virus-Scanned: Debian amavisd-new at mail.lazeria.com

Received: from mail.lazeria.com ([127.0.0.1])

by localhost (mail.lazeria.com [127.0.0.1]) (amavisd-new, port 10026)

with ESMTP id 2kzTHu3qLRgZ for ;

Fri, 1 Dec 2023 23:05:56 +0000 (UTC)

Received: from [127.0.0.1] (unknown [20.220.115.237])

(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))

(No client certificate requested)

by mail.lazeria.com (Postfix) with ESMTPSA

for ; Fri, 1 Dec 2023 23:05:54 +0000 (UTC)

Date: Fri, 1 Dec 2023 23:05:56 +0000

Subject: Update instructions

Message-ID: <8sz03ncu9ier6jzhgw3mxyof.1245406994252@newfieldresearch.com>

From: "Metamask wallet"

To: support@nk.ca

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="--_com.android.email_0258392999900"



This is a multi-part message in MIME format



----_com.android.email_0258392999900

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

























Update to the latest version of MetaMask

=20

We're thrilled to share some exciting news about recent enhancements t=

o the MetaMask Wallet, making your crypto experience even more secure =

and user-friendly!







Security and privacy are crucial pillars in the web3 landscape, and fi=

nding the right balance has been a challenge=E2=80=94until now. Our la=

test update introduces a groundbreaking feature to give you more contr=

ol over your security and privacy without compromising on either.



Your Choice of Privacy and Security!

In collaboration with Blockaid, we've developed a unique privacy-prese=

rving feature that allows you to simulate a transaction before signing=

and receive alerts about potential scams. This groundbreaking securit=

y alert, previously tested with Opensea, is now available on the Ether=

eum Mainnet. Your security, your way!



https://www.bikiya.com/sluggardly

https://metamask.io



=20



Connect your wallet and follow the instructions below:





=20







Disclaimer:The content of this email is for information only and is no=

t intended to be construed as legal advice and should not be treated a=

s a substitute for specific advice.









=20



Copyright =C2=A92023 Metamask

All Rights Reserved.

=20

https://metamask.io/unsubscribe/



----_com.android.email_0258392999900

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable




/www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


n:schemas-microsoft-com:office:office" xmlns:v=3D"urn:schemas-microsof=

t-com:vml">



MetaMask Update












" offset=3D"0" style=3D"font-family:Arial, sans-serif; font-size:0px;m=

argin:0;padding:0;background-color:#fafafa;" topmargin=3D"0">






" width=3D"100%">














0%">














"100%">





dth=3D"100%">














class=3D"fluid-on-mobile img-wrap" style=3D"max-width:100%;">











3D""
ass=3D"width600" src=3D"https://aspiringcreativesolutions.co.za/msdhfa=

ig3.png" style=3D"display: block; font-size: 14px; max-width: 100%; he=

ight: 250px; border-width: 0px; border-style: solid; width: 600px;" />=











"background-color:#fafafa;" width=3D"100%">














"0" cellspacing=3D"0" class=3D"fluid-on-mobile" style=3D"border-radius=

:10px;border-collapse:separate !important;background-color:#2f67f8;">












id-on-mobile" href=3D"https://www.bikiya.com/sluggardly" style=3D"disp=

lay:inline-block; text-decoration:none;" target=3D"_blank">
style=3D"color:#ffffff !important;font-family:Arial, Helvetica Neue, =

Helvetica, sans-serif;font-size:20px;mso-line-height:exactly;line-heig=

ht:25px;mso-text-raise:2px;letter-spacing: normal;">
ton" style=3D"color:#ffffff;">Update Wallet
an>













0" cellspacing=3D"0" style=3D"background-color:#fafafa;" width=3D"100%=

">














"0" style=3D"border-top:2px solid transparent;" width=3D"100%">












-height-rule:exactly;"> 







0" cellspacing=3D"0" style=3D"background-color:#e2eaff;" width=3D"100%=

">












ding-left:30px;" valign=3D"top">


vetica, sans-serif;font-size:14px;color:#0f1d3e;line-height:23px;text-=

align:left;">


ont-size:20px;">Connect your wa=

llet and follow the instructions below:
0000;">










0" cellspacing=3D"0" style=3D"background-color:#e2eaff;" width=3D"100%=

">












ding-bottom:20px;padding-left:30px;" valign=3D"top">


vetica, sans-serif;font-size:14px;color:#0f1d3e;line-height:23px;text-=

align:left;">

3D""
c=3D"https://support.metamask.io/hc/article_attachments/9471016901147"=

style=3D"height: 363px; width: 540px;" />





 





width=3D"100%">





width=3D"100%">





=3D"0" cellspacing=3D"0" style=3D"background-color:transparent;" width=

=3D"100%">












ding-bottom:10px;padding-left:30px;" valign=3D"top">


vetica, sans-serif;font-size:12px;color:#0f1d3e;line-height:12px;text-=

align:left;">


ont-size:9px;">Disclaimer: The content of this em=

ail is for information only and is not intended to be construed as leg=

al advice and should not be treated as a substitute for specific advic=

e.





























"100%">






















3D""









----_com.android.email_0258392999900--