DHL Phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 13:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtuet-00000000MrB-2VYa

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 13:27:59 -0600

Resent-From: The Doctor

Resent-Date: Mon, 8 Apr 2024 13:27:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vm-dad845ed-abd5-44c0-90af-082dbff6c093.ams.resource.cloud ([83.96.254.206]:60074 helo=mail37.suw17.mcsv.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtuXy-00000000JjR-2j0I

for sales@nk.ca;

Mon, 08 Apr 2024 13:20:55 -0600

Date: Mon, 8 Apr 2024 21:08:03 +0200

To: sales@nk.ca

From: DHL Online

Subject: Re: AW: [EXTERNAL] Outstanding delivery. 206

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1baceccfbba672dd8dff703dee2aafba6"

Content-Transfer-Encoding: 8bit

X-Spam_score: 5.5

X-Spam_score_int: 55

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Good day , Your DHL package with tracking number CS470434653690723781

is subject to a customs fee. To avoid delivery impact, click the link below

to make payment.. https://del.dhl.com/prg/shipment-options.xhtml

Content analysis details: (5.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=mail37.suw17.mcsv.net;ip=83.96.254.206;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

2.5 HTML_SINGLET_MANY Many single-letter HTML format blocks

0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

1.7 SINGLETS_LOW_CONTRAST Single-letter formatted HTML + hidden text

Subject: {SPAM?} Re: AW: [EXTERNAL] Outstanding delivery. 206

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

--1baceccfbba672dd8dff703dee2aafba6

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Good dayÂ Â ,Â

Your DHL package with tracking number CS470434653690723781 is subject to a customs fee.

To avoid delivery impact, click the link below to make payment..

https://del.dhl.com/prg/shipment-options.xhtml

Have a great day.

Best regards,DHL Express

DHL Group

Â© 2024 - All right reservedÂ

Â

Â

a

a

a

Â

a

a

a

a

a

a

a

Â

Â

Â

Â

Â

Â

Â

aaa

Â

Â

a

a

a

a

a

a

Â

a

a

a

a

a

a

Â

a

Â

Â

Â

Â

Â

Â

Â

Â

Â

--1baceccfbba672dd8dff703dee2aafba6

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

Good dayÂ Â ,Â

Your DHL package with tracking number CS470434653690723781 is subject to a customs fee.

To avoid delivery impact, click the link below to make payment..

https://del.dhl.com/prg/shipment-options.xhtml

Have a great day.

Best regards,

DHL Express

DHL Group

Â

a

Â

a

Â

aaa

Â

a

Â

a

Â

a

Â

--1baceccfbba672dd8dff703dee2aafba6--

DHL Phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 13:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtuWR-00000000JmX-2T4A

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 13:19:15 -0600

Resent-From: The Doctor

Resent-Date: Mon, 8 Apr 2024 13:19:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vm-dad845ed-abd5-44c0-90af-082dbff6c093.ams.resource.cloud ([83.96.254.206]:54754 helo=mail37.suw17.mcsv.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtuNr-000000001h0-28Sr

for root@nk.ca;

Mon, 08 Apr 2024 13:10:28 -0600

Date: Mon, 8 Apr 2024 21:08:03 +0200

To: root@nk.ca

From: DHL Online

Subject: Re: AW: [EXTERNAL] Outstanding delivery. 206

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1baba482ee99cfb39cd48eaad678c73d9"

Content-Transfer-Encoding: 8bit

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

--1baba482ee99cfb39cd48eaad678c73d9

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Good dayÂ Â ,Â

Your DHL package with tracking number CS470434653690723781 is subject to a customs fee.

To avoid delivery impact, click the link below to make payment..

https://del.dhl.com/prg/shipment-options.xhtml

Have a great day.

Best regards,DHL Express

DHL Group

Â© 2024 - All right reservedÂ

Â

Â

a

a

a

Â

a

a

a

a

a

a

a

Â

Â

Â

Â

Â

Â

Â

aaa

Â

Â

a

a

a

a

a

a

Â

a

a

a

a

a

a

Â

a

Â

Â

Â

Â

Â

Â

Â

Â

Â

--1baba482ee99cfb39cd48eaad678c73d9

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

Good dayÂ Â ,Â

Your DHL package with tracking number CS470434653690723781 is subject to a customs fee.

To avoid delivery impact, click the link below to make payment..

https://del.dhl.com/prg/shipment-options.xhtml

Have a great day.

Best regards,

DHL Express

DHL Group

Â

a

Â

a

Â

aaa

Â

a

Â

a

Â

a

Â

--1baba482ee99cfb39cd48eaad678c73d9--

Looyd's bank phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 13:18:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtuUp-00000000GzQ-1ezX

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 13:17:35 -0600

Resent-From: The Doctor

Resent-Date: Mon, 8 Apr 2024 13:17:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps25954.inmotionhosting.com ([104.247.77.47]:46342)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rts5B-00000000KcD-1FTy

for root@nk.ca;

Mon, 08 Apr 2024 10:43:00 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=deepacollege.com; s=default; h=Reply-To:Date:From:To:Subject:MIME-Version:

Content-Type:Sender:Message-ID:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=/2I3LwtbsKmwX6jAZzKYXt4eo5NRbj8vznbf3jZh3A4=; b=DNd1lCd6aFVOV2aJQxi8dShvMO

Pum9GT1JPI0nC0EDX6ONwVKdOTJabur4mnOxdjNTpSCLyHSz/2G2oZj2vcxUJU2ay6qIfH/JdrGHL

iz1SQv8FclTnVVS5adI88ZBysrkG5vhnwK/ClKWvkQiRkd49YevgSmujVJ0fM0m1Jj11YOS3TbPJc

kTWqQSnRAX9+HoL6NeVA5z692jlSgiyfLB8d8fRqpHBs2KUf0DWws0zgTIa7Uo+mi40MewVx6Rm8e

HfLS3GGIrWykbquxV++Hp6Wdq62JikQpc6j7+qI8Uhwuk5oZN3xhxQlj4JiyHDd06uz2SEHySMipT

g/hMAG2Q==;

Received: from [157.254.236.49] (port=59181)

by vps25954.inmotionhosting.com with esmtpa (Exim 4.96.2)

(envelope-from )

id 1rts3B-0006Vt-05;

Mon, 08 Apr 2024 12:40:53 -0400

Content-Type: multipart/alternative; boundary="===============0325503744=="

MIME-Version: 1.0

Subject: 2% Low Interest Rate

To: Recipients

From: "Lloyds Loan & Financial Firm"

Date: Mon, 08 Apr 2024 09:40:42 -0700

Reply-To: info@lyodbk.com

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - vps25954.inmotionhosting.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - deepacollege.com

X-Get-Message-Sender-Via: vps25954.inmotionhosting.com: authenticated_id: backup@deepacollege.com

X-Authenticated-Sender: vps25954.inmotionhosting.com: backup@deepacollege.com

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

You will not see this in a MIME-aware mail reader.

--===============0325503744==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Lloyds Loan Firm Affordable loan at 2% low interest rate.. Apply within 24h=

rs to get it processed.

--===============0325503744==

Content-Type: text/html; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

=3Diso-8859-1"/>Lloyds Loan Firm Affordable loan at 2% low interest =

rate.. Apply within 24hrs to get it processed.

--===============0325503744==--

McAfee Phish from Google Gmail

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 08:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtqKk-0000000027f-3fdS

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 08:50:54 -0600

Resent-From: The Doctor

Resent-Date: Mon, 8 Apr 2024 08:50:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f177.google.com ([209.85.214.177]:45385)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtq6i-000000000uS-4AV6

for doctor@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 08:36:28 -0600

Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1e3dda73192so10142185ad.3

for ; Mon, 08 Apr 2024 07:34:30 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1712586865; x=1713191665; darn=doctor.nl2k.ab.ca;

h=list-post:list-subscribe:list-id:list-owner:list-unsubscribe

:x_mailer:priority:importance:content-class:to:from:subject

:mime-version:date:message-id:from:to:cc:subject:date:message-id

:reply-to;

bh=3N42/qBn2FKeBNNEMGQJB3DKQCXEKTWZ9DhUg+fG8Uc=;

b=IMPLQGLwdRRGg7HOveKA3SYndAaPIQ9Z7/Zo+MfxNbGFxgCI8CW1QYYoHIlwWUYt/j

F7LPBXQClpmRWEdugaTdRAALrhaQF7QX57ruewL1ahk/Cw70Nzxe7MwrP+depC2yY+KO

h9/r7CdlnP4bIhSQII/HT2rs4wYfMvEGkTU8x5IdMJ/vVEVHllW+0DcRXAaaoYL6gFxq

QyhAfwy+S2lah2uUrUCpXlfdZGUe0hSTjCQNCe0PPE00IGuKziafUoXxvYAgrCKHaBjw

kXOGDre+DgC+rSoIYeC0zkA1wsuxbkD07LyhwdMGjxt1ZaLVOpiwuCKQCt8J2vTNkKIQ

h++w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1712586865; x=1713191665;

h=list-post:list-subscribe:list-id:list-owner:list-unsubscribe

:x_mailer:priority:importance:content-class:to:from:subject

:mime-version:date:message-id:x-gm-message-state:from:to:cc:subject

:date:message-id:reply-to;

bh=3N42/qBn2FKeBNNEMGQJB3DKQCXEKTWZ9DhUg+fG8Uc=;

b=cin3nqAZEyVvSiOPF8uEIHwR5ypFaSqXEisTR6dEYZ+ULjv4Bvhh/o8mons6xBi/2y

BAMOCupZ07o3ADjMY5Ds0ZJkpSa9bo8xOonLk5Cxd1WR2hITpYdKYvul/111vUUXDzQu

Jl8h+qbEybwyHoRgJTlYqFpQH2eZaJaMPHvvObKzVXUCO72ejdMWTY8YcyIc1oogim33

xfDPRz1lKa6w7p5grEXpVz724oAetDy0qBuDzVrMYRsmhJECIN3NhuUUUKBsS/fJ7IoR

n5RPShDAI/ieY6VeXBOOxUkiG+A/mDZEFC5yEMvcckY9WAi59XMbz5kijT9Y7rWycx7r

u+Bg==

X-Gm-Message-State: AOJu0Yy0ni4cU2sNNS6TQRYsU1ASKQBsVL91UHw58L/yg7RqMowSe6ke

FTcHwRlcJL5YftV2iibX4prQ6Ef4aohEN3j5oKlN75oE2H1n9gyC3o7oPwETE5xDlA==

X-Google-Smtp-Source: AGHT+IGqKnoYmqHxrhY2zwP2NnqAZ1E2Vnw6EKEWwLm7Z7PD25UunF5wy5X0gO0EYcXoj4Xry5Z/CQ==

X-Received: by 2002:a17:903:94d:b0:1e4:49:de46 with SMTP id ma13-20020a170903094d00b001e40049de46mr3555257plb.47.1712586864596;

Mon, 08 Apr 2024 07:34:24 -0700 (PDT)

Received: from [10.203.16.123] ([43.128.224.38])

by smtp.gmail.com with ESMTPSA id e12-20020a170902d38c00b001e250e630ffsm7045023pld.237.2024.04.08.07.34.23

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Mon, 08 Apr 2024 07:34:24 -0700 (PDT)

Message-ID: <66140070.170a0220.74acf.2161@mx.google.com>

Date: Mon, 08 Apr 2024 07:34:24 -0700 (PDT)

Content-Type: multipart/mixed; boundary="===============8218412906161064892=="

MIME-Version: 1.0

Subject: Order Confirmation: Your Purchase Completed RH712050NH

From: Jonathan Schlaudraff

To: doctor@doctor.nl2k.ab.ca

Content-Class: urn:content-classes:message

Importance: normal

Priority: normal

X-Priority: 3

X-MimeOLE: Produced By Microsoft MimeOLE

x_mailer: ZuckMail [version 1.00]

List-Unsubscribe:

List-Owner:

List-ID: alisaojaghi@gmail.com

List-Subscribe: alisaojaghi@gmail.com

List-Post:

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

--===============8218412906161064892==

MIME-Version: 1.0

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64

RGVhciA8Yj5kb2N0b3I8L2I+LDxicj4KJiM3MzsmIzExMDsmIzExODsmIzExMTsmIzEwNTsmIzk5

OyYjMTAxOyBEYXRlOiBBcHJpbCAwOCwgMjAyNDxicj4KPGJyPgo8Yj5Zb3VyICYjNzM7JiMxMTA7

JiMxMTg7JiMxMTE7JiMxMDU7JiM5OTsmIzEwMTsgRGV0YWlsczwvYj4KPGJyPgpDbGllbnQ6IGRv

Y3Rvcjxicj4KT3JkZXJlZCBJdGVtOiAmIzc3OyYjOTk7JiM5NzsmIzEwMjsmIzEwMTsmIzEwMTsg

VG90YWwgUHJvdGVjdGlvbjxicj4KU3VwcG9ydCBEdXJhdGlvbjogNSB5ZWFyczxicj4KPGJyPgpB

Y3RpdmF0aW9uIEtleTogWlExMDc3Q1c8YnI+Cjxicj4KPGJyPgpXZSdyZSB0aHJpbGxlZCB0byBp

bmZvcm0geW91IHRoYXQgeW91ciA8Yj4mIzc3OyYjOTk7JiM5NzsmIzEwMjsmIzEwMTsmIzEwMTsg

VG90YWwgUHJvdGVjdGlvbjwvYj4gdHJhbnNhY3Rpb24gaXMgbm93IGNvbXBsZXRlLjxicj4gVGhl

IHN1bSBvZiA8Yj4kNDk2Ljk2PC9iPiBmb3IgdGhlIDxiPiYjNzc7JiM5OTsmIzk3OyYjMTAyOyYj

MTAxOyYjMTAxOyBUb3RhbCBQcm90ZWN0aW9uPC9iPiBoYXMgYmVlbiBzdWNjZXNzZnVsbHkgcmVj

ZWl2ZWQgYW5kIHByb2Nlc3NlZC48YnI+SWYgeW91IHJlcXVpcmUgYW55IGFkZGl0aW9uYWwgaW5m

b3JtYXRpb24gb3IgY2xhcmlmaWNhdGlvbiByZWdhcmRpbmcgdGhpcyB0cmFuc2FjdGlvbiwgcGxl

YXNlIGNvbnRhY3QgdXMgYXQgeW91ciBlYXJsaWVzdCBjb252ZW5pZW5jZS48YnI+UGxlYXNlIGdl

dCBpbiB0b3VjaCB3aXRoIG91ciBjdXN0b21lciBzZXJ2aWNlIHRlYW0gYXQgPGI+JiM0MzsmIzQ5

Oyg4NTYpICYjNTI7JiM1MTsyLSYjNTI7JiM1MDs2MDwvYj4gd2l0aGluIHRoZSBuZXh0IHNpeCBo

b3VycyBpZiB5b3UgbmVlZCBhc3Npc3RhbmNlLgo8YnI+Cjxicj4KPGJyPgpUaGFuayB5b3UgZm9y

IHBsYWNpbmcgeW91ciB0cnVzdCBpbiA8Yj4mIzc3OyYjOTk7JiM5NzsmIzEwMjsmIzEwMTsmIzEw

MTsgVG90YWwgUHJvdGVjdGlvbjwvYj47IHdlIGdlbnVpbmVseSBhcHByZWNpYXRlIHlvdXIgY2hv

aWNlLjxicj4KPGJyPgo8YnI+Cldhcm0gcmVnYXJkcyw8YnI+CiYjNzc7JiM5OTsmIzk3OyYjMTAy

OyYjMTAxOyYjMTAxOyBUb3RhbCBQcm90ZWN0aW9uPGJyPgoxMTAzIEUgUml2ZXIgR2EgVW5pdGVk

IFN0YXRlczxicj4KRm9yIGlucXVpcmllcywgcGxlYXNlIHN1cHBvcnQgdXMgYXQgPGI+JiM0Mzsm

IzQ5Oyg4NTYpICYjNTI7JiM1MTsyLSYjNTI7JiM1MDs2MDwvYj4u

--===============8218412906161064892==--

McAfee Phish from Google Gmail

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 08:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtqKc-0000000027N-3k7e

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 08:50:46 -0600

Resent-From: The Doctor

Resent-Date: Mon, 8 Apr 2024 08:50:46 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f178.google.com ([209.85.214.178]:49409)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtq6S-000000000u4-0I4l

for doctor@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 08:36:12 -0600

Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1e411e339b8so8260905ad.3

for ; Mon, 08 Apr 2024 07:34:13 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1712586847; x=1713191647; darn=doctor.nl2k.ab.ca;

h=list-post:list-subscribe:list-id:list-owner:list-unsubscribe

:x_mailer:priority:importance:content-class:to:from:subject

:mime-version:date:message-id:from:to:cc:subject:date:message-id

:reply-to;

bh=0kUDHfyyTwf0SyWjyKDuYdDNMWC3vEIFAdyMUdJBosM=;

b=MAD+7CYiW+03wXZgr1CM/E9Z7+pcmmLXRpt3C9dEY4q1WftZhCkXkVx+zQfmu205Al

+egH7oL2y0amsufXfDeY211S9a6b35jVBwALdFN9JxMBehl6RWg4M3CMVqBnOMF58P8n

HNV6xK/BkCgwnt1S5mBxFbSoNna4Vo51VC7QZ7NR8V+WNgFa9e7tr81AQLg0n08J6QVR

v5lnCebdGPA2wFFKc3UzcfU2eeDUyd5CvKOQbaitmZ7+NpIlZIe7Ee0nj9Gk990GCJhJ

fUSF+WOmR35fLSdAVhx/5+18P87tlc+YG7w6Q3Evf7zr6kqIAcQ5oFiPxuYDm5P/yLmX

iXkA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1712586847; x=1713191647;

h=list-post:list-subscribe:list-id:list-owner:list-unsubscribe

:x_mailer:priority:importance:content-class:to:from:subject

:mime-version:date:message-id:x-gm-message-state:from:to:cc:subject

:date:message-id:reply-to;

bh=0kUDHfyyTwf0SyWjyKDuYdDNMWC3vEIFAdyMUdJBosM=;

b=JdfZPLafjc8jaDPF158iKO9pi3atCf6tYBTFxYnKZixqbgKJ2xUTz97h0YKpTic8m5

03zGRiPNflTq04yyzx9/hTcGcD9x+BY2PC0xsOD6HdtVK1XxF0X2RXj3QCuS9RAinLAi

DD8FnaQRu4/bLgFcC9jVaYeBJYZltNnQ7zvAPiVJnXQ7Ie1qhfUlB03OJGtZ0Adae3U1

QYgWDa03pm4BWPuhvllNPGutO3XpWs4oqNWkL+9WRiOr9H4h1OxHUvbiuL8zkn+BSbQZ

r/8WFtSeczO0LVpmQN3Jo174TjO7/GdgUJfX50GYRfcZEb1VjnF+oFpSWBwbakivh7ux

fXQg==

X-Gm-Message-State: AOJu0YykY7jP2PePzHY5/2zwzoGSXw7E0/rdf5zfBWIx3/JfJuYTV4tB

kvKoJ8ci+cL6i3vGbKr8PdNvTVnDyznKS2/t739kX0tlpjiV0SfDyGgZke3jEv9xxg==

X-Google-Smtp-Source: AGHT+IGV29k2tIp+vhBZqEABj0+6n5iUoFht3HNX9sElBNeAneqUE1wGXnWMlpvCmd2KlKYEf6yNpw==

X-Received: by 2002:a17:902:ec8b:b0:1dc:cf38:3a77 with SMTP id x11-20020a170902ec8b00b001dccf383a77mr11987995plg.55.1712586847421;

Mon, 08 Apr 2024 07:34:07 -0700 (PDT)

Received: from [10.203.16.62] ([124.156.217.146])

by smtp.gmail.com with ESMTPSA id u14-20020a170902e80e00b001e41c665992sm2562939plg.29.2024.04.08.07.34.06

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Mon, 08 Apr 2024 07:34:07 -0700 (PDT)

Message-ID: <6614005f.170a0220.5e155.5201@mx.google.com>

Date: Mon, 08 Apr 2024 07:34:07 -0700 (PDT)

Content-Type: multipart/mixed; boundary="===============0785335702796003275=="

MIME-Version: 1.0

Subject: Payment information letter of your order no HG911095DF

From: Stephanie Gotschall

To: doctor@doctor.nl2k.ab.ca

Content-Class: urn:content-classes:message

Importance: normal

Priority: normal

X-Priority: 3

X-MimeOLE: Produced By Microsoft MimeOLE

x_mailer: TechWizMail [version 3.5]

List-Unsubscribe:

List-Owner:

List-ID: alisaojaghi@gmail.com

List-Subscribe: alisaojaghi@gmail.com

List-Post:

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

--===============0785335702796003275==

MIME-Version: 1.0

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64

RGVhciA8Yj5kb2N0b3I8L2I+LDxicj4KJiM3MzsmIzExMDsmIzExODsmIzExMTsmIzEwNTsmIzk5

OyYjMTAxOyBEYXRlOiBBcHJpbCAwOCwgMjAyNDxicj4KPGJyPgpXZSdyZSBwbGVhc2VkIHRvIGlu

Zm9ybSB5b3UgdGhhdCB0aGUgdHJhbnNhY3Rpb24gZm9yIDxiPiYjNzc7JiM5OTsmIzk3OyYjMTAy

OyYjMTAxOyYjMTAxOyBTZWN1cmU8L2I+IGhhcyBiZWVuIHByb2Nlc3NlZC48YnI+IFRoZSBwcm9j

ZXNzaW5nIG9mIHlvdXIgPGI+JDQzMy4zMzwvYj4gJiM4MDsmIzk3OyYjMTIxOyYjMTA5OyYjMTAx

OyYjMTEwOyYjMTE2OyBmb3IgdGhlIDxiPiYjNzc7JiM5OTsmIzk3OyYjMTAyOyYjMTAxOyYjMTAx

OyBTZWN1cmU8L2I+IGhhcyBiZWVuIGNvbXBsZXRlZC48YnI+RmVlbCBmcmVlIHRvIHJlYWNoIG91

dCB0byB1cyBpZiB5b3UgbmVlZCBhbnkgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBvciBjbGFyaWZp

Y2F0aW9uIGFib3V0IHRoaXMgdHJhbnNhY3Rpb24uPGJyPklmIHlvdSBuZWVkIGFzc2lzdGFuY2Us

IHBsZWFzZSBnZXQgaW4gdG91Y2ggd2l0aCBvdXIgY3VzdG9tZXIgc2VydmljZSB0ZWFtIGF0IDxi

PiYjNDM7JiM0OTsoODU2KSAmIzUyOyYjNTE7Mi0mIzUyOyYjNTA7NjA8L2I+IHdpdGhpbiB0aGUg

bmV4dCBzaXggaG91cnMuCjxicj4KPGJyPgo8YnI+CllvdXIgdHJ1c3QgaW4gPGI+JiM3NzsmIzk5

OyYjOTc7JiMxMDI7JiMxMDE7JiMxMDE7IFNlY3VyZTwvYj4gaXMgZGVlcGx5IHZhbHVlZCwgYW5k

IHdlIHRoYW5rIHlvdSBmb3IgeW91ciBjaG9pY2UuPGJyPgo8YnI+Cjxicj4KPGI+WW91ciAmIzcz

OyYjMTEwOyYjMTE4OyYjMTExOyYjMTA1OyYjOTk7JiMxMDE7IERldGFpbHM8L2I+Cjxicj4KQ2xp

ZW50OiBkb2N0b3I8YnI+Ck9yZGVyZWQgSXRlbTogJiM3NzsmIzk5OyYjOTc7JiMxMDI7JiMxMDE7

JiMxMDE7IFNlY3VyZTxicj4KU3VwcG9ydCBEdXJhdGlvbjogNSB5ZWFyczxicj4KPGJyPgpBY3Rp

dmF0aW9uIEtleTogWlE4MzgxQ1c8YnI+Cjxicj4KV2FybSByZWdhcmRzLDxicj4KJiM3NzsmIzk5

OyYjOTc7JiMxMDI7JiMxMDE7JiMxMDE7IFNlY3VyZTxicj4KMzEwMiBTdyAxMjlUaCBUZXJyIEZs

IFVuaXRlZCBTdGF0ZXM8YnI+CkZvciBpbnF1aXJpZXMsIHBsZWFzZSBzdXBwb3J0IHVzIGF0IDxi

PiYjNDM7JiM0OTsoODU2KSAmIzUyOyYjNTE7Mi0mIzUyOyYjNTA7NjA8L2I+Lg==

--===============0785335702796003275==--

Germanic language phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 04:20:26 -0600

Received: from [146.19.191.154] (port=61284 helo=tube-hosting.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtm6V-000000006jX-2Kuw

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 04:20:01 -0600

From: "Bitvavo" ;

To: dave@doctor.nl2k.ab.ca

Subject: Bij frequente meldingen van ons dient u direct actie te ondernemen

Date: 8 Apr 2024 13:17:59 +0300

Message-ID: <20240408131759.901EC05102580BC4@info.bitvavo.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Geachte klant, U ontvangt dit bericht omdat uw Bitvavo registratie,

en daarbij ook uw inschrijving over 2 werkdagen op inactief zal staan geregistreerd.

Deze maatregel wordt toegepast omdat u enige tijd gebruik maak [...]

Content analysis details: (13.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: mashizadesigns.co.za]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: mashizadesigns.co.za]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: mashizadesigns.co.za]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[146.19.191.154 listed in bl.mailspike.net]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=tube-hosting.com;ip=146.19.191.154;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.1 TW_JV BODY: Odd Letter Triples with JV

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Bij frequente meldingen van ons dient u direct actie te ondernemen

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

=20=20=20=20

=20=20=20=20

pse: separate; background-color: rgb(246, 246, 246);" bgcolor=3D"#f6f6f6" b=

order=3D"0" cellspacing=3D"0" cellpadding=3D"0">

p" style=3D"font-family: sans-serif; font-size: 14px; vertical-align: top;"=

>

argin: 0px auto; padding: 10px; width: 580px; font-family: sans-serif; font=

-size: 14px; vertical-align: top; display: block; max-width: 580px;">

display: block; max-width: 580px;">

=20=20=20=20=20=20=20=20=20=20=20=20

55, 255, 255); border-radius: 3px; width: 100%; border-collapse: separate;"=

>

nt-family: sans-serif; font-size: 14px; vertical-align: top;">

se: separate;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=

cal-align: top;">

=09=09=09=09=09=20=20

14px; font-weight: normal;">
der-color: rgb(0, 0, 0); width: 211px; height: 94px;" src=3D"https://th.bin=

g.com/th/id/OIP.neTguRhgM9hJmWWsMGWqzwHaDS?rs=3D1&pid=3DImgDetMain"=

>

14px; font-weight: normal;">

font-weight: normal;">Geachte klant,

font-weight: normal;">U ontvangt dit bericht omdat uw Bitvavo registratie,=

en daarbij ook uw inschrijving over 2 werkdagen op inacti=

ef zal staan geregistreerd. Deze maatregel wordt toegepast omdat u enige ti=

jd gebruik maakt van verouderde registratiegegevens.

font-weight: normal;">Na meerdere contact pogingen hebben wij niets vanuit=

u vernomen en zijn wij daarom genoodzaakt om maatregelen uit te voeren. Hi=

ernaast riskeert de u ook een boete bedrag van €5.2=

00,-.

font-weight: normal;">Om te voorkomen dat uw registratie definitief w=

ordt uitgeschreven uit het Bitvavo register kunt u nog eenmalig&n=

bsp;gratis uw profiel gegev=

ens online actualiseren. Vanuit de Bitvavo is het voor consumente=

n verplicht hun gegevens up to date te houden.

font-weight: normal;">Wij vertrouwen erop u hiermee voldoende te hebben ge=

informeerd.

font-weight: normal;">

r-collapse: separate;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
ody>

nt-family: sans-serif; font-size: 14px; vertical-align: top;">

lspacing=3D"0" cellpadding=3D"0">
ble>

top" style=3D"border-radius: 5px; text-align: center; font-family: sans-ser=

if; font-size: 14px; vertical-align: top; background-color: rgb(52, 152, 21=

9);" bgcolor=3D"#3498db">
om_zimbra_url" role=3D"link">
5_com_zimbra_url" role=3D"link">

x solid rgb(52, 152, 219); border-image: none; color: rgb(255, 255, 255); t=

ext-transform: capitalize; font-size: 14px; font-weight: bold; text-decorat=

ion: none; display: inline-block; background-color: rgb(52, 152, 219);" hre=

f=3D"http://mashizadesigns.co.za/viv" target=3D"_blank" rel=3D"nofollow noo=

pener noreferrer">Ga naar Inloggen

font-weight: normal;">Hoogachtend,

nt-family: sans-serif; font-size: 14px; font-weight: normal;">

yle=3D"margin: 0px 0px 15px; font-family: sans-serif; font-size: 14px; font=

-weight: normal;">Bitvavo

t-size: 14px; font-weight: normal;'>
_DWT1428_com_zimbra_url" role=3D"link">
FIX_DWT1436_com_zimbra_url" role=3D"link">

4UCkVeuqplxJ1uioal2TasPv0xUNh7z8_fKNjuh7hjp5S3IiZgpxQw2AkYWEaq2tbFFrOWFkyw2=

C0A6gt2FqNg4OJbNMUxk1WyQWh7X2x9pfXnt-Sen98Xris-49b2bXT8nI9dFhhNYeo1O-e-e8oN=

5yZb1GUrYBOQJdSyvf7fIRIj3w8dgGd3N2yfS0TQtnIgM6vLo_Oe_KiUkwbeeJ8IMl4htlZMf6r=

sifVT6RwfkxZafUXAAD__4ZsT8I" target=3D"_blank" rel=3D"nofollow noopener nor=

eferrer">

=09=09=09=09=09=09

">

t: 10px;">

=

=3D"link">
ole=3D"link">

BgZpSQ6dOXYocnWMbWwrStSJ5-uKh0P3nh-_qCG8xPSBgyRsSYWIelBw1QxDanpU5C6HYDFwai2=

KSXHjejtZqp9CrcWq9Ms5MyBaQ3RDEOlxeB3or_P35eaHGDB_3pu_88nKLKq1y1bFq-c9-ClNmG=

8xE91w1XSX7SvallHp_zDFlfNbXuLPdLdvX4kE2liVwYXV1diFgqFpOuGFAqkdkBEd4OiqCP9Lp=

H-k7Yzo-umkV_w0AAP__9gxPgQ" target=3D"_blank" rel=3D"nofollow noopener nore=

ferrer">

=20=20=20=20=20=20=20=20=20=20=20=20

Spanish Language ING phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 07 Apr 2024 21:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtg4z-00000000Pgb-1v6U

for dave@doctor.nl2k.ab.ca;

Sun, 07 Apr 2024 21:53:57 -0600

Resent-From: The Doctor

Resent-Date: Sun, 7 Apr 2024 21:53:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [104.152.208.231] (port=54782 helo=localhost)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rteI0-000000009qN-1vBz

for doctor@mail.nl2k.ab.ca;

Sun, 07 Apr 2024 19:59:20 -0600

Received: by localhost (Postfix, from userid 1169)

id 7D55B462D09; Sun, 7 Apr 2024 19:20:14 -0400 (EDT)

To: doctor@mail.nl2k.ab.ca

Subject: ING Banco Online - doctor@mail.nl2k.ab.ca , actualiza tu telefono ahora y evita multas.

From: ING|Banco Online

MIME-Version: 1.0

Content-type: text/html; charset=iso-8859-1

X-Mailer: PHP/7.4.30

Message-Id: <20240408013116.7D55B462D09@localhost>

Date: Sun, 7 Apr 2024 19:20:14 -0400 (EDT)

X-Spam_score: 14.8

X-Spam_score_int: 148

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Documento Cuidamos muy bien tus datos para proteger tu privacidad

Content analysis details: (14.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[104.152.208.231 listed in bb.barracudacentral.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[104.152.208.231 listed in wl.mailspike.net]

0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS

3.6 HELO_LOCALHOST No description available.

0.0 FSL_HELO_NON_FQDN_1 No description available.

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[104.152.208.231 listed in ix.dnsbl.manitu.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 TO_IN_SUBJ To address is in Subject

3.0 HOSTED_IMG_MULTI_PUB_01 Multiple hosted images at public site

2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} ING Banco Online - doctor@mail.nl2k.ab.ca , actualiza tu telefono ahora y evita multas.

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

Documento

Cuidamos muy bien tus datos para proteger tu privacidad

Hemos identificado que el numero de telefono de tu cuenta esta desactualizado desde hace mucho tiempo!

Debido a las nuevas recomendaciones de seguridad impuestas, debes verificar y actualizar tu numero de telefono, para mantener nuestra comunicacion siempre funcional y activa.

Incluso si su numero de telefono sigue siendo el mismo, se recomienda que pase por el proceso de verificacion para sincronizar su numero con nuestro sistema de seguridad.

Actualizar telefono