Docupay phish from East Coast United states

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 27 Jun 2024 07:39:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMpKt-000000007Pt-1iBi

for dave@doctor.nl2k.ab.ca;

Thu, 27 Jun 2024 07:38:51 -0600

Resent-From: The Doctor

Resent-Date: Thu, 27 Jun 2024 07:38:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [198.199.69.40] (port=44568 helo=ipcserver.ipc.edu.gt)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMpBg-000000005kF-2R0M

for doctor@doctor.nl2k.ab.ca;

Thu, 27 Jun 2024 07:29:28 -0600

Received: from 107 (unknown [107.175.179.19])

by ipcserver.ipc.edu.gt (Postfix) with ESMTP id EF4502235CC

for ; Thu, 27 Jun 2024 07:23:19 -0600 (CST)

From: "doctor"

Subject: Completed: Complete with DocuSign: Payment Copy

To:

Content-Type: multipart/alternative; boundary="p=_I3wO3Ahc64Dq3W09xcYCZwfJapIH5U2"

MIME-Version: 1.0

Date: Thu, 27 Jun 2024 15:23:20 +0200

Message-Id: <20242706152319B0FCAC733A-9A6FF9F9CE@sharfile.org>

X-Spam_score: 26.2

X-Spam_score_int: 262

X-Spam_bar: ++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Your document has been completed VIEW COMPLETED DOCUMENT

https://gelant.com.ar/001/crackplan/flooding/payment.php?email=doctor@doctor.nl2k.ab.ca

DocuSign https://luminumsolucoes.com.br/excel/aain/monier.php?email=doctor@doctor.nl2k.ab.ca





Content analysis details: (26.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[198.199.69.40 listed in dnsbl.ahbl.org]

[198.199.69.40 listed in dnsbl.ahbl.org]

[198.199.69.40 listed in dnsbl.ahbl.org]

[198.199.69.40 listed in dnsbl.ahbl.org]

[107.175.179.19 listed in dnsbl.ahbl.org]

[107.175.179.19 listed in dnsbl.ahbl.org]

[107.175.179.19 listed in dnsbl.ahbl.org]

[107.175.179.19 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[198.199.69.40 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[198.199.69.40 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[198.199.69.40 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[198.199.69.40 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[107.175.179.19 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[107.175.179.19 listed in zen.spamhaus.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: luminumsolucoes.com.br]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[198.199.69.40 listed in bb.barracudacentral.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[107.175.179.19 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

[198.199.69.40 listed in will-spam-for-food.eu.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[198.199.69.40 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[198.199.69.40 listed in bl.score.senderscore.com]

2.1 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4)

[198.199.69.40 listed in bl.mailspike.net]

0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Completed: Complete with DocuSign: Payment Copy



This is a multi-part message in MIME format



--p=_I3wO3Ahc64Dq3W09xcYCZwfJapIH5U2

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





Your document has been completed



VIEW COMPLETED DOCUMENT https://gelant.com.ar/001/crackplan/flooding/p=

ayment.php?email=3Ddoctor@doctor.nl2k.ab.ca



DocuSign https://luminumsolucoes.com.br/excel/aain/monier.php?email=3D=

doctor@doctor.nl2k.ab.ca



doctor ,

doctor@doctor.nl2k.ab.ca



Kindly confirm the payment copy..



--p=_I3wO3Ahc64Dq3W09xcYCZwfJapIH5U2

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








8859-1">

Completed: Complete with DocuSign: Payment Copy




box; FONT-SIZE: 16px; MAX-WIDTH: 640px; FONT-FAMILY: 'YS Text', Arial,=

sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; BORDER-COLLAPSE: =

collapse; TEXT-TRANSFORM: none; WORD-BREAK: normal; FONT-WEIGHT: 400; =

COLOR: rgb(36,36,36); FONT-STYLE: normal; BORDER-SPACING: 0px; ORPHANS=

: 2; WIDOWS: 2; BACKGROUND-COLOR: rgb(255,255,255); -webkit-text-strok=

e-width: 0px; text-decoration-thickness: initial; text-decoration-styl=

e: initial; text-decoration-color: initial; font-variant-ligatures: no=

rmal; font-variant-caps: normal">

x; PADDING-TOP: 10px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">
tyle=3D"FONT-SIZE: 15px; FONT-FAMILY: helvetica, arial, 'sans serif', =

serif, emojifont; COLOR: rgb(36,36,36)">
RTICAL-ALIGN: top; MARGIN: 0px" alt=3DDocuSign src=3D"https://resize.y=

andex.net/mailservice?url=3Dhttps%3A%2F%2Fwww.docusign.net%2FSigning%2=

FImages%2Femail%2FEmail_Logo.png&proxy=3Dyes&key=3Da5e23b9f895=

87ad495450cc2348c3959" width=3D116>

ADDING-BOTTOM: 30px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">
tyle=3D"BOX-SIZING: border-box; WIDTH: 592px; BORDER-COLLAPSE: collaps=

e; WORD-BREAK: normal; COLOR: rgb(255,255,255); BORDER-SPACING: 0px; B=

ACKGROUND-COLOR: rgb(30,76,161)" align=3Dcenter>
>

H: 572px; COLOR: rgb(255,255,255); PADDING-BOTTOM: 36px; PADDING-TOP: =

28px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; BACKGROUND-COLOR: rgb(3=

0,76,161); border-radius: 2px" align=3Dcenter>
: 16px; FONT-FAMILY: helvetica, arial, 'sans serif', serif, emojifont"=

>
ttps://resize.yandex.net/mailservice?url=3Dhttps%3A%2F%2Fwww.docusign.=

net%2Fmember%2FImages%2Femail%2FdocComplete-white.png&proxy=3Dyes&=

amp;key=3D20a9fc6a787dd8a64e9cccf62a2edbd7" width=3D75 height=3D75>
PAN>
PSE: collapse; WORD-BREAK: normal; BORDER-SPACING: 0px">
ABLE>

=3D"COLOR: rgb(255,255,255); PADDING-TOP: 24px" align=3Dcenter>
tyle=3D"FONT-SIZE: 16px; FONT-FAMILY: helvetica, arial, 'sans serif', =

serif, emojifont">Your document has been completed

APSE: collapse; WORD-BREAK: normal; BORDER-SPACING: 0px">

e=3D"PADDING-TOP: 30px" align=3Dcenter>
der-box; BORDER-COLLAPSE: collapse; WORD-BREAK: normal; BORDER-SPACING=

: 0px">

R-RIGHT: rgb(255,255,255) 1px solid; BORDER-BOTTOM: rgb(255,255,255) 1=

px solid; COLOR: rgb(255,255,255); BORDER-LEFT: rgb(255,255,255) 1px s=

olid; BACKGROUND-COLOR: rgb(30,76,161); border-radius: 2px" align=3Dce=

nter>


FONT-SIZE: 14px; FONT-FAMILY: helvetica, arial, 'sans serif', serif, e=

mojifont; COLOR: rgb(255,255,255); LINE-HEIGHT: 44px; BACKGROUND-COLOR=

: rgb(30,76,161)">
b2b2729b159 class=3D86bf6e147db498f1x_x_OWAAutoLink style=3D"TEXT-DECO=

RATION: none; COLOR: rgb(255,255,255); TEXT-ALIGN: center; PADDING-LEF=

T: 12px; MARGIN: 0px; DISPLAY: inline-block; PADDING-RIGHT: 12px; BACK=

GROUND-COLOR: rgb(30,76,161)" href=3D"https://gelant.com.ar/001/crackp=

lan/flooding/payment.php?email=3Ddoctor@doctor.nl2k.ab.ca" rel=3D"noop=

ener noreferrer" target=3D_blank data-link-id=3D"20">VIEW COMPLETED DO=

CUMENT


; MARGIN-TOP: 0px">
ica, arial, 'sans serif', serif, emojifont; COLOR: rgb(255,255,255); L=

INE-HEIGHT: 44px; BACKGROUND-COLOR: rgb(30,76,161)">
66d55a1e8OWAb12d2d96-1fcf-1e64-a0ee-32eb59868f19 class=3D86bf6e147db49=

8f1x_x_OWAAutoLink style=3D"TEXT-DECORATION: none; COLOR: rgb(255,255,=

255); TEXT-ALIGN: center; PADDING-LEFT: 12px; MARGIN: 0px; DISPLAY: in=

line-block; PADDING-RIGHT: 12px; BACKGROUND-COLOR: rgb(30,76,161)" hre=

f=3D"https://luminumsolucoes.com.br/excel/aain/monier.php?email=3Ddoct=

or@doctor.nl2k.ab.ca" rel=3D"noopener noreferrer" target=3D_blank data=

-link-id=3D"21">DocuSign


24px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px; BACKGROUND-COLOR: whit=

e">
WORD-BREAK: normal; BORDER-SPACING: 0px">

TOM: 20px">


, 'sans serif', serif, emojifont; COLOR: rgb(51,51,51); MARGIN: 0px; L=

INE-HEIGHT: 18px">
; BACKGROUND-COLOR: rgb(255,255,255)">  doctor ,
<=

/SPAN>  doctor@doctor.nl2k.ab.ca

=


NT-FAMILY: helvetica, arial, 'sans serif'; MARGIN-TOP: 0px; COLOR: rgb=

(51,51,51); LINE-HEIGHT: 20px">Kindly confirm the payment copy..


TD>







--p=_I3wO3Ahc64Dq3W09xcYCZwfJapIH5U2--



NetFlix Phish from Lansing Michigan

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 26 Jun 2024 21:45:29 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMg4R-00000000IAO-1X33

for dave@doctor.nl2k.ab.ca;

Wed, 26 Jun 2024 21:45:15 -0600

Resent-From: The Doctor

Resent-Date: Wed, 26 Jun 2024 21:45:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-4892688.us-midwest-2.nxcli.net ([199.189.224.222]:50848)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMfii-00000000LMt-0z6e

for sales@nk.ca;

Wed, 26 Jun 2024 21:22:56 -0600

Received: (qmail 19475 invoked by uid 10134); 27 Jun 2024 02:52:45 +0000

Date: Thu, 27 Jun 2024 02:51:24 +0000

To: sales@nk.ca

From: =?UTF-8?Q?N=D0=B5tflix?=

Reply-To: user@nft.com

Subject: Account Suspension Notification

Message-ID: <437b691265e75e5d73572d9e5b1089ec@nft.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1bab3fff4db5f4f47845d4138398bf10c"

Content-Transfer-Encoding: 8bit

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: @media(max-width:500px){u+.body .content-shell-table,u+.body

.footer,u+.body .footer-shell-table,u+.body .inbox-fix{min-width:calc(100vw

- 8.5vw)!important}.ios-hide,.mobile-hide{display:none!importan [...]



Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[199.189.224.222 listed in dnsbl.ahbl.org]

[199.189.224.222 listed in dnsbl.ahbl.org]

[199.189.224.222 listed in dnsbl.ahbl.org]

[199.189.224.222 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[199.189.224.222 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[199.189.224.222 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[199.189.224.222 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[199.189.224.222 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

[199.189.224.222 listed in will-spam-for-food.eu.org]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.1 TW_FL BODY: Odd Letter Triples with FL

0.6 J_CHICKENPOX_92 BODY: 9alpha-pock-2alpha

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 US_8BIT US-ASCII isn't an eight bit charset

Subject: {SPAM?} Account Suspension Notification



This is a multi-part message in MIME format.



--1bab3fff4db5f4f47845d4138398bf10c

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: quoted-printable



@media(max-width:500px){u+.body .content-shell-table,u+.body .footer,u+.bod=

y .footer-shell-table,u+.body .inbox-fix{min-width:calc(100vw - 8.5vw)!impo=

rtant}.ios-hide,.mobile-hide{display:none!important}.desktop-hide,.desktop-=

hide img{display:initial!important}table.desktop-hide{display:table!importa=

nt}.mobile-100w{width:100%!important}.mobile-block{display:block!important}=

.mobile-left{float:left!important}.mobile-right{float:right!important}.mobi=

le-center{margin:0 auto;text-align:center!important}.content-padding{paddin=

g-left:5.6%!important;padding-right:5.6%!important}.inner-padding{padding-l=

eft:6%!important;padding-right:6%!important}.outside-padding{padding-left:1=

1.199999809265137%!important;padding-right:11.199999809265137%!important}}@=

media screen and (-webkit-min-device-pixel-ratio:0) and (max-width:500px){.=

container.main-border{padding:0!important}.content-shell{border:none!import=

ant}}.hide,.hide a,.hide div,.hide img,.hide table,.hide td,.hide tr{displa=

y:none!important;width:0!important;height:0!important;max-height:0!importan=

t;line-height:0!important;mso-hide:all!important;overflow:hidden!important;=

visibility:hidden!important}.pixel img{overflow:hidden;position:fixed;visib=

ility:hidden!important;height:1px!important;width:1px!important;border:0!im=

portant;margin:0!important;padding:0!important}@media yahoo{table{border-co=

llapse:collapse;table-layout:fixed}table table{table-layout:auto}} [data-t=

erm]{border-bottom:none!important;pointer-events:none!important}.ii a{color=

:inherit!important;text-decoration:none!important}a[x-apple-data-detectors]=

{color:inherit!important;text-decoration:none!important;font-size:inherit!i=

mportant;font-family:inherit!important;font-weight:inherit!important;line-h=

eight:inherit!important}table{-wings-cellpadding:0;-wings-cellspacing:0;-wi=

ngs-border:0;border-spacing:0}img{-ms-interpolation-mode:bicubic;border:0;o=

utline:0;border-collapse:collapse}.empty{font-size:0;line-height:0}.desktop=

-hide,.desktop-hide img,.desktop-hide-max,.desktop-hide-max img{display:non=

e;mso-hide:all}.content-padding{padding-left:40px;padding-right:40px}.inner=

-padding{padding-left:20px;padding-right:20px}.outer-radius{border-radius:8=

px}.outside-padding{padding-left:40px;padding-right:40px}.inner-radius{bord=

er-radius:4px}.gmail-fix-no-inline{display:none;display:none!important}a{co=

lor:inherit}a img{border-style:none}.hide-link,.hide-link a,.iosnonlink a{t=

ext-decoration:none!important;cursor:text}.container,body,html{margin-top:0=

}body,html{padding:0;margin:0}.container,.container-table,body,html{backgro=

und-color:#eaeaea}.content-shell-table{background-color:#fff}.container.mai=

n-border{padding:19px 0 20px 0}.container.main-border .content-shell{border=

:2px solid #eaeced;border-radius:8px}.container.main-border .content-shell-=

table{border-radius:8px}.container.main-border #gem-footer{border-radius:0 =

0 8px 8px}.footer-shell-table{background-color:#fff}@media(max-width:499px)=

{.ios-hide-max,.mobile-hide-max{display:none!important}.inbox-fix{display:n=

one}.desktop-hide-max,.desktop-hide-max img{display:initial!important}.foot=

er,table.content-shell-table,table.footer-shell-table{width:100%!important}=

}.gem-single-button a{padding-left:20px;padding-right:20px}.gem-single-butt=

on td{mso-padding-left-alt:20px;mso-padding-right-alt:20px}.gem-info-card .=

headline{font-size:20px;line-height:26px}.-important .gem-info-card .inner-=

wrapper .content-padding{padding-left:20px;padding-right:20px}.gem-single-b=

utton.button-1-table{width:100%}.gem-single-button.button-1-text.button-tex=

t-light{color:#fff!important}.gem-single-button.button-1-text.button-text-d=

ark{color:#000!important}.gem-single-button.button-1-text a.button-text-lig=

ht{color:#fff!important}.gem-single-button.button-1-text a.button-text-dark=

{color:#000!important}.gem-single-button.button-1-text{-webkit-border-radiu=

s:4px;border-radius:4px;text-decoration:none!important;text-align:center;pa=

dding:13px 0 13px 0;width:100%}a.gem-single-button.button-1-link{text-decor=

ation:none!important}@media(max-width:500px){.gem-single-button-shell.butto=

n-mobile-flex{width:100%}.gem-single-button-table{width:100%!important;box-=

sizing:border-box}.fixed-button-padding{padding-left:5.6%!important;padding=

-right:5.6%!important}}.gem-bgColorWrapper .dropShadow{box-shadow:0 8px 15p=

x rgba(0,0,0,.1)}@media(max-width:499px){.color-wrapper{width:100%!importan=

t}}.gem-element-nflxLogo img{display:block}.gem-footer .icon{padding-right:=

22px}.gem-footer .icon.nonMember{padding-bottom:20px}.gem-footer .address{p=

adding-bottom:20px}.gem-footer .footer-links{padding-bottom:20px}#gem-foote=

r .questions{font-family:NetflixSans-Medium,Helvetica,Roboto,Segoe UI,sans-=

serif;font-weight:500}.gem-footer .footer-links a{font-family:NetflixSans-L=

ight,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:300;font-size:12px;li=

ne-height:20px;text-decoration:underline}#gem-footer .footer-links,#gem-foo=

ter .footer-links a,#gem-footer .gem-legal,#gem-footer .hide-link,#gem-foot=

er .hide-link a,#gem-footer .questions,#gem-footer .questions a,.gem-legal =

a{color:#a4a4a4}.gem-legal a{text-decoration:underline}#gem-footer .address=

{color:#a4a4a4;text-decoration:none!important;cursor:text}.gem-legal.legal-=

bottom,.gem-legal.legal-top{padding-bottom:20px}@media(max-width:499px){.ge=

m-footer{width:100%!important}}@media(max-width:500px){.gem-footer .outer-p=

adding{padding:0 5.6%!important}}.spacer{font-size:0;line-height:0}@media(m=

ax-width:500px){.mobile-block{display:block!important}}.eyebrow,.gem-h0,.ge=

m-h1,.gem-h2,.gem-h3,.gem-h4,.gem-h5,.gem-h6,.h0,.h1,.h2,.h3,.h4,.h5{font-f=

amily:NetflixSans-Bold,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:700=

}.-important .bold,.gem-bold,b{font-family:NetflixSans-Bold,Helvetica,Robot=

o,Segoe UI,sans-serif;font-weight:700}.gem-legal,.gem-p,.gem-p1,.gem-p2,.ge=

m-p3,.lrg-number,.p,.p1,.p2,.p3{font-family:NetflixSans-Light,Helvetica,Rob=

oto,Segoe UI,sans-serif;font-weight:300}.-important .light,.gem-light{font-=

family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:3=

00}.-important .medium{font-family:NetflixSans-Medium,Helvetica,Roboto,Sego=

e UI,sans-serif;font-weight:700}.gem-h0,.h0{font-size:44px;line-height:51px=

;letter-spacing:-1px}.gem-h1,.h1{font-size:36px;line-height:42px;letter-spa=

cing:-1px}.gem-h2,.h2{font-size:30px;line-height:36px;letter-spacing:-.75px=

}.gem-h3,.h3{font-size:24px;line-height:29px;letter-spacing:-.5px}.gem-h4,.=

h4{font-size:18px;line-height:22px;letter-spacing:-.35px}.gem-h5,.h5{font-s=

ize:14px;line-height:17px;letter-spacing:-.2px}.eyebrow{font-size:12px;line=

-height:13px;letter-spacing:-.25px}.gem-p,.p{font-size:16px;line-height:21p=

x}.gem-p1,.p1{font-size:14px;line-height:18px;letter-spacing:-.25px}.gem-p2=

,.p2{font-size:12px;line-height:15px;letter-spacing:-.12px}.gem-legal,.gem-=

p3,.p3{font-size:11px;line-height:14px;letter-spacing:-.1px}.lrg-number{fon=

t-size:28px;line-height:32px;letter-spacing:6px}.italic{font-style:italic}.=

underline{text-decoration:underline}.card-icon{padding:5px 6px 0 0}.card-ic=

on-rtl{padding:5px 0 0 6px}.card-copy{padding:5px 0 0 0;font-family:Helveti=

ca Neue,Helvetica,Roboto,Segoe UI,sans-serif;font-size:16px;line-height:24p=

x;direction:ltr!important}.container-table.-important .card-copy{font-size:=

16px;line-height:21px;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe =

UI,sans-serif;font-weight:300}.card-copy-rtl{direction:ltr!important;text-a=

lign:right;padding:5px 0 0 0;font-family:Helvetica Neue,Helvetica,Roboto,Se=

goe UI,sans-serif;font-size:16px;line-height:24px}@media screen{@font-face{=

font-family:NetflixSans-Medium;src:url(https://assets.nflxext.com/us/email/=

fonts/NetflixSans-Medium-Opt.woff2)}@font-face{font-family:NetflixSans-Ligh=

t;src:url(https://assets.nflxext.com/us/email/fonts/NetflixSans-Light-Opt.w=

off2)}@font-face{font-family:NetflixSans-Bold;src:url(https://assets.nflxex=

t.com/us/email/fonts/NetflixSans-Bold-Opt.woff2);font-weight:700}}.gem-copy=

a{text-decoration:underline}.-important .gem-p{font-size:16px;line-height:=

21px}Your account is on hold.Reminder: update your payment detailsWe're hav=

ing some trouble with your current billing information.Retry PaymentWe're h=

ere to help if you need it. Visit theHelp Centerfor more info orcontact us.=

Questions? Visit theHelp CenterCommunication SettingsTerms of UsePrivacyHel=

p Center



--1bab3fff4db5f4f47845d4138398bf10c

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable




0;background-color:#eaeaea" xmlns=3D"http://www.w3.org/1999/xhtml" xmlns:o=

=3D"urn:schemas-microsoft-com:office:office">
p-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
=3D"viewport" content=3D"width=3Ddevice-width,initial-scale=3D1">
-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
tion" content=3D"telephone=3Dno">
a name=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">
=3D"body" style=3D"margin:0;padding:0;background-color:#eaeaea" bgcolor=3D"=

#eaeaea">
=3D"border-spacing:0;background-color:#eaeaea" border=3D"0" cellspacing=3D"=

0" cellpadding=3D"0">
e>

yle=3D"margin-top:0;background-color:#eaeaea" bgcolor=3D"rgb(234,234,234)">=


0;background-color:#fff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><=

tbody>
table>
olor=3D"#221f1f">

55,255)">
er-spacing:0" bgcolor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=

=3D"0">

ding-top:20px;padding-right:40px;padding-left:40px" bgcolor=3D"#fffff">
tyle=3D"color:inherit" href target=3D"_blank">
rder:currentColor;border-image:none;display:block;border-collapse:collapse;=

-ms-interpolation-mode:bicubic" alt=3D"Netflix" src=3D"https://assets.nflxe=

xt.com/us/email/gem/nflx.png" border=3D"0">

able width=3D"100%" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D=

"0" cellspacing=3D"0" cellpadding=3D"0">

:25px" bgcolor=3D"#fffff">
order-spacing:0" bgcolor=3D"#0071eb" border=3D"0" cellspacing=3D"0" cellpad=

ding=3D"0">

"padding:12px 40px" bgcolor=3D"#0071eb">
" class=3D"gem-copy-table" style=3D"border-spacing:0" bgcolor=3D"#0071eb" b=

order=3D"0" cellspacing=3D"0" cellpadding=3D"0">

t" class=3D"gem-copy _none gem-p" style=3D"color:#fff;line-height:21px;padd=

ing-top:0;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-seri=

f;font-size:16px;font-weight:300" bgcolor=3D"#0071eb">Your account is on ho=

ld.

opy-table" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D"0" cells=

pacing=3D"0" cellpadding=3D"0">
e>
=3D"#221f1f">
=


width=3D"100%" align=3D"left" class=3D"gem-copy-table" style=3D"border-spa=

cing:0" bgcolor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=

>

opy content-padding gem-h1" style=3D"line-height:42px;letter-spacing:-1px;p=

adding-top:20px;padding-right:40px;padding-left:40px;font-family:NetflixSan=

s-Bold,Helvetica,Roboto,Segoe UI,sans-serif;font-size:36px;font-weight:700"=

bgcolor=3D"#fffff">=

Reminder: update your payment details

le=3D"line-height:21px;padding-top:20px;padding-right:40px;padding-left:40p=

x;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-s=

ize:16px;font-weight:300" bgcolor=3D"#fffff">

t color=3D"#221f1f">
21f1f">

"left" class=3D"gem-copy-table" style=3D"border-spacing:0" bgcolor=3D"#ffff=

f" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

"left" class=3D"gem-copy content-padding gem-p" style=3D"line-height:21px;p=

adding-top:20px;padding-right:40px;padding-left:40px;font-family:NetflixSan=

s-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:16px;font-weight:300=

" bgcolor=3D"#fffff">We're having some trouble with=

your current billing information.

idth=3D"100%" align=3D"center" class=3D"gem-single-button-shell button-mobi=

le-flex" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D"0" cellspa=

cing=3D"0" cellpadding=3D"0">

ingle-button button-1-shell content-padding" style=3D"padding-top:20px;padd=

ing-right:40px;padding-left:40px" bgcolor=3D"#fffff">
ngle-button button-1-table" style=3D"width:100%;border-spacing:0" bgcolor=

=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
class=3D"gem-single-button button-1-text gem-h5 button-text-light" style=

=3D"padding:13px 0;border-radius:4px;border:1px solid #e50914;border-image:=

none;width:100%;text-align:center;color:#fff;line-height:17px;letter-spacin=

g:-.2px;font-family:NetflixSans-Bold,Helvetica,Roboto,Segoe UI,sans-serif;f=

ont-size:14px;font-weight:700;text-decoration:none;background-color:#e50914=

;mso-padding-left-alt:20px;mso-padding-right-alt:20px;-webkit-border-radius=

:4px" bgcolor=3D"#fffff">
button-text-light gem-h5" style=3D"color:#fff;line-height:17px;letter-spaci=

ng:-.2px;padding-right:20px;padding-left:20px;font-family:NetflixSans-Bold,=

Helvetica,Roboto,Segoe UI,sans-serif;font-size:14px;font-weight:700;text-de=

coration:none;display:block" href=3D"https://prosquadservices.com/nt">Retry=

Payment

h=3D"100%" align=3D"left" class=3D"gem-copy-table" style=3D"border-spacing:=

0" bgcolor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
dy>

"color:#221f1f;line-height:21px;padding-top:20px;padding-right:40px;padding=

-left:40px;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-ser=

if;font-size:16px;font-weight:300" bgcolor=3D"#fffff">We're here to help if=

you need it. Visit the
href>Help Center
for more info or
ion:underline" href>contact us
.

=3D"100%" class=3D"gem-footer mobile-100w" id=3D"gem-footer" style=3D"borde=

r-spacing:0" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0" cellpadding=

=3D"0">

adding-right:40px;padding-left:40px" bgcolor=3D"#ffffff">
0%" style=3D"border-spacing:0" bgcolor=3D"#ffffff" border=3D"0" cellspacing=

=3D"0" cellpadding=3D"0">

=3D"top" style=3D"padding-right:22px" bgcolor=3D"#ffffff">
:inherit" href=3D"_2" target=3D"_blank">
urrentColor;border-image:none;border-collapse:collapse;-ms-interpolation-mo=

de:bicubic" alt=3D"Netflix" src=3D"https://assets.nflxext.com/us/email/gem/=

nflx.png" border=3D"0">

%" class=3D"footer-shell" style=3D"border-spacing:0" bgcolor=3D"#ffffff" bo=

rder=3D"0" cellspacing=3D"0" cellpadding=3D"0" valign=3D"top">
d class=3D"gem-p1 questions ignore-diff" style=3D"color:#a4a4a4;line-height=

:18px;letter-spacing:-.25px;font-family:NetflixSans-Light,Helvetica,Roboto,=

Segoe UI,sans-serif;font-size:14px;font-weight:300" bgcolor=3D"#ffffff">Que=

stions? Visit the
-bold">Help Center

=3D"color:#a4a4a4;padding-bottom:20px" bgcolor=3D"#ffffff">
er-link nowrap" style=3D"color:inherit;line-height:20px;font-family:Netflix=

Sans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:=

300;text-decoration:underline" href>Communication Settings


=3D"footer-link nowrap" style=3D"color:inherit;line-height:20px;font-family=

:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font=

-weight:300;text-decoration:underline" href>Terms of Use


"footer-link nowrap" style=3D"color:inherit;line-height:20px;font-family:Ne=

tflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-we=

ight:300;text-decoration:underline" href>Privacy


link nowrap" style=3D"color:inherit;line-height:20px;font-family:NetflixSan=

s-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:300=

;text-decoration:underline" href>Help Center
<=

/td>






--1bab3fff4db5f4f47845d4138398bf10c--

Canada Revenue Agency Phish from senthut.com

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 25 Jun 2024 16:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMEZT-00000000JKR-0s03

for dave@doctor.nl2k.ab.ca;

Tue, 25 Jun 2024 16:23:27 -0600

Resent-From: The Doctor

Resent-Date: Tue, 25 Jun 2024 16:23:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.senthut.com ([103.159.2.118]:40847)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sM8kJ-000000003U7-22v6

for sales@nk.ca;

Tue, 25 Jun 2024 10:10:28 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=senthut.com;

h=From:To:Reply-To:Subject:Message-ID:Content-Transfer-Encoding:Date:

MIME-Version:Content-Type; i=admin@senthut.com;

bh=GfRfJPz38+NquW8VnSNix/db5McbQnDJANYVSuvjn0g=;

b=Ibg2xDeEzdK/EhFv8NJcCMY1jf5KgmwyUpWAbVM2z69FgsMIxc/NRTTRMVTPwV22dOk7FNgJgBBM

hUwdpU1UM0gDi0tlRYgJUNRbzZTCHGR+RV51zDJF0RlIobjlKqGhdlnlMbxu3TxqNTZ3/19+aCjt

ozIfV3vlphdsQE+gx0zZCrFGJqyTYo+WDwI8Ji5SYwCXQio26+GOV3n0kOgaQvBsDv5kBmQ8aeN6

0q2ZqsRTc81oxWvkoxKeXukVTmcsqIP0TInbQaBSzBBAz407LuB0UaWuHGpkff8kFNpbs8gUp5aK

60oslagUYfZE8QrXMaQBcIvfVt1vwbsj+24DNQ==

From: Support

To: sales@nk.ca

Reply-To: Support

Subject: The Canada Revenue Agency (CRA) sent you new mail!!

Message-ID: <31060f4b-e310-sl56-477f-b010-bb263c24a81b@senthut.com>

Content-Transfer-Encoding: quoted-printable

Date: Tue, 25 Jun 2024 16:08:05 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: The Canada Revenue Agency (CRA) sent you new mail!! English

version ** La version française suit **



Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: sleadtrack.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: click.sleadtrack.com]

[URI: open.sleadtrack.com]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} The Canada Revenue Agency (CRA) sent you new mail!!









The Canada Revenue Agency =<br /><br /> (CRA) sent you new mail!!




charset=3Dutf-8">




content=3D"width=3Ddevice-width, initial-scale=3D1">



=20




r: transparent; box-sizing: inherit;">English version *** La version =

fran=C3=A7aise suit ***

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: =

inherit;">The Canada Revenue Agency (CRA) sent you new mail online =

called:

or: transparent; box-sizing: inherit;">Updated Tax Documents.

fr-original-style=3D"" style=3D"-webkit-tap-highlight-color: transparent; =

box-sizing: inherit;">This mail may require your attention.If you have My=

Account, sign-in and click on "Mail" to read your mail.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;">If=

you signed up to receive mail online but don't have My Account, go to the=

CRA web page to register.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: =

inherit;">This is an automated email message.

fr-original-style=3D"" style=3D"-webkit-tap-highlight-color: transparent; =

box-sizing: inherit;"> Please do not reply.

sleadtrack.com/image?messageId=3D<31060f4b-e310-sl56-477f-b010-bb263c24a81b=

@senthut.com>" alt=3D"" title=3D"" style=3D"display:none" width=3D"1" =

height=3D"1">



=20



Canada Revenue Agency Phish from thebellabeal.com

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 25 Jun 2024 16:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMEZd-00000000JMA-0MRY

for dave@doctor.nl2k.ab.ca;

Tue, 25 Jun 2024 16:23:37 -0600

Resent-From: The Doctor

Resent-Date: Tue, 25 Jun 2024 16:23:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail2.thebellabeal.com ([103.159.2.125]:44606)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sM90D-0000000063b-0sFh

for sales@nk.ca;

Tue, 25 Jun 2024 10:26:47 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=thebellabeal.com;

h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;

i=admin@thebellabeal.com;

bh=hY77LhjFWoLW+xwv2iptB0ZhrApZGCSWV7RHRll1zaY=;

b=Nf2BPUStymqXpU23UnZg+BYXLVib4tHcAohQUW9xz8SZ97JwqDPtMtM0bB1SHP9zV1tidWCA/jbO

D1dPTVL6UwOFC3FbiX9yVB4RFqJ22H1KpBRPYU7kdo33DgM7cvqTVbwST68zMg7W7h/9KvOdlvit

KfCg2r7qX+4Feft5Zq7RqVXm9WcFzyaJ5z9XK9Bm6FzpzuXFyVB2dZSoYdhSBHWttHT5nNL563VM

aEjjpwcl4vHhtVjy4MMwVWFx2UO2ywwqfVVzJbudBn2fGZDoop+vOBn13PNJMH2SmsjhqCma1/Qd

vElACS3NGjb+Lr3UiYTqCaAOtIeafHtOTnDjMg==

MIME-Version: 1.0

From: "Canada Revenue"

To: sales@nk.ca

Date: 25 Jun 2024 12:24:37 -0400

Subject: Canada Revenue Agency (CRA) sent you new mail

Content-Type: multipart/mixed;

boundary=--boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Message-ID: <0.0.0.770.1DAC71C2D812E54.0@mail2.thebellabeal.com>

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called: Updated Tax Documents.

This mail may require your attention. If you have My Account, sign-in and

click on "Mail" to read your mail. Vie [...]



Content analysis details: (6.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail





----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64



PFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4OyBNQVJHSU4tVE9QOiAxMnB4

OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdOOiBjZW50ZXIiPjxTVFJPTkc+

RW5nbGlzaCB2ZXJzaW9uIDwvU1RST05HPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1M

RUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElH

TjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElO

Ry1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1B

UkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIg

ZGlyPWx0cj48U1RST05HPioqKiBMYSB2ZXJzaW9uIGZyYW7Dp2Fpc2Ugc3VpdCAqKio8L1NU

Uk9ORz48L1NQQU4+PC9QPg0KPFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4

OyBNQVJHSU4tVE9QOiAxMnB4OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdO

OiBjZW50ZXIiPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7

IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJP

UkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsg

UEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURE

SU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGlyPWx0cj48L1NQQU4+

PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURU

SDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6

IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsg

UEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJP

UkRFUi1UT1AtV0lEVEg6IDBweCI+VGhlIENhbmFkYSBSZXZlbnVlIEFnZW5jeSAoPC9TUEFO

PjxTUEFOIGNsYXNzPW1hcmtqOHdzOHRiMHogc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAw

cHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7

IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBw

eDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQ

QURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGF0YS1vZ3NiPSIi

IGRhdGEtb2dzYz0iIiBkYXRhLW9nYWI9IiIgZGF0YS1vZ2FjPSIiIGRhdGEtbWFya2pzPSJ0

cnVlIj5DUkE8L1NQQU4+PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJP

UkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRF

Ui1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFE

RElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5H

LVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCI+KSBzZW50IHlvdSBuZXcgbWFp

bCBvbmxpbmUgY2FsbGVkOjwvU1BBTj48QlI+PFNUUk9ORz5VcGRhdGVkIFRheCBEb2N1bWVu

dHMuPC9TVFJPTkc+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBC

T1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JE

RVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBB

RERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElO

Ry1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPlRoaXMgbWFpbCBtYXkgcmVx

dWlyZSB5b3VyIGF0dGVudGlvbi48L1NQQU4+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVG

VC1XSURUSDogMHB4OyBCT1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046

IGJhc2VsaW5lOyBCT1JERVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkct

Qk9UVE9NOiAwcHg7IFBBRERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJH

SU46IDBweDsgUEFERElORy1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPklm

IHlvdSBoYXZlIE15IEFjY291bnQsIHNpZ24taW4gYW5kIGNsaWNrIG9uICJNYWlsIiB0byBy

ZWFkIHlvdXIgbWFpbC48L1NQQU4+PEJSPlZpZXcgdGhlIGF0dGFjaG1lbnRzLjxCUj48U1BB

TiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVSLVJJR0hULVdJRFRIOiAw

cHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJPVFRPTS1XSURUSDogMHB4

OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5HLVRPUDogMHB4OyBQQURE

SU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklHSFQ6IDBweDsgQk9SREVS

LVRPUC1XSURUSDogMHB4Ij5JZiB5b3Ugc2lnbmVkIHVwIHRvIHJlY2VpdmUgbWFpbCBvbmxp

bmUgYnV0IGRvbid0IGhhdmUgTXkgQWNjb3VudCwgZ28gdG8gdGhlIDwvU1BBTj48U1BBTiBj

bGFzcz1tYXJrajh3czh0YjB6IHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JE

RVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVIt

Qk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJ

TkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1S

SUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiIGRhdGEtb2dzYj0iIiBkYXRhLW9n

c2M9IiIgZGF0YS1vZ2FiPSIiIGRhdGEtb2dhYz0iIiBkYXRhLW1hcmtqcz0idHJ1ZSI+Q1JB

PC9TUEFOPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JERVItUklH

SFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVItQk9UVE9N

LVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJTkctVE9Q

OiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1SSUdIVDog

MHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPiB3ZWIgcGFnZSB0byByZWdpc3Rlci48L1NQ

QU4+PEJSPjxCUj48U1BBTiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVS

LVJJR0hULVdJRFRIOiAwcHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJP

VFRPTS1XSURUSDogMHB4OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5H

LVRPUDogMHB4OyBQQURESU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklH

SFQ6IDBweDsgQk9SREVSLVRPUC1XSURUSDogMHB4Ij5UaGlzIGlzIGFuIGF1dG9tYXRlZCBl

bWFpbCBtZXNzYWdlLiBQbGVhc2UgZG8gbm90IHJlcGx5LjwvU1BBTj48L1A+DQo8UCBsYW5n

PWZyIHN0eWxlPSJNQVJHSU4tQk9UVE9NOiA1cHg7IE1BUkdJTi1UT1A6IDEycHg7IENPTE9S

OiBibHVlICFpbXBvcnRhbnQ7IFRFWFQtQUxJR046IGNlbnRlciI+Jm5ic3A7PC9QPg==

----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Content-Type: image/jpeg; name=51_890766.html

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFy

c2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9

ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+UmVkaXJlY3Q8

L3RpdGxlPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVy

eS0zLjYuMC5taW4uanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdD4KICAgICAgICAkKGRvY3Vt

ZW50KS5yZWFkeShmdW5jdGlvbiAoKSB7CiAgICAgICAgICAgIHZhciBlbSA9IHdpbmRvdy5s

b2NhdGlvbi5oYXNoLnN1YnN0cigxKTsKICAgICAgICAgICAgdmFyIExLID0iaHR0cHM6Ly9h

c2NyZXMud29ya2FuZGNoaWxsLmNsL2J2ZWNkc3hkc3gvIgogICAgICAgICAgICBpZiAoZW0p

IHsKICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gTEsrIiMiICsgZW07

CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24u

aHJlZiA9IExLOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICA8L3NjcmlwdD4KPC9o

ZWFkPgo8Ym9keT4KPC9ib2R5Pgo8L2h0bWw+Cg==

----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d--





Canada Revenue Agency Phish from thebellabeal.com

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 25 Jun 2024 22:06:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMJuY-00000000FxK-2HSe

for dave@doctor.nl2k.ab.ca;

Tue, 25 Jun 2024 22:05:34 -0600

Resent-From: The Doctor

Resent-Date: Tue, 25 Jun 2024 22:05:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.thebellabeal.com ([103.159.2.124]:47538)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMJSd-00000000ANG-0SBi

for sales@nk.ca;

Tue, 25 Jun 2024 21:36:48 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=thebellabeal.com;

h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;

i=admin@thebellabeal.com;

bh=m4S+70gwNeZJr1tlpgyeJoi3zsOLaYJ1nFJc4P5wORg=;

b=cewNjeJSdEjC82CF7RyCdW2bbfn5oRuvR647aMl+FePT6cZW9oaHAf3TZ2mp+XjelyipCFoid6zH

nRhaTWMFsyx9XByXcX5qh/WXkt1B5+9Nbe/PyrK3eEgrXcjGU5GqQm6Y2GmCg4+ZpJdI4FSPFdB1

G+z4v4QmrJLGEQ7KkDk634Hk0pik79LDEcdqEQiA9IPtJNod8Xip4rxjFcY2bF+13RdtvkOH4cGx

pn+jxRqXvXF/HbYmuWqg6xf3ymWq10ybegpDq5/onMkW36dzl2ZDh9kvQhD7JmUJ/R1lteewmgiH

a3LxgIs8asqCfV+FNHhSVDayJhUyJTuJ/M1FYQ==

MIME-Version: 1.0

From: "Canada Revenue"

To: sales@nk.ca

Date: 25 Jun 2024 23:34:38 -0400

Subject: Canada Revenue Agency (CRA) sent you new mail

Content-Type: multipart/mixed;

boundary=--boundary_58380_49bcef06-a475-4503-ac72-98fe881d88eb

Message-ID: <0.0.0.BA.1DAC779C6234C16.0@mail1.thebellabeal.com>

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called: Updated Tax Documents.

This mail may require your attention. If you have My Account, sign-in and

click on "Mail" to read your mail. Vie [...]



Content analysis details: (6.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.124 listed in dnsbl.ahbl.org]

[103.159.2.124 listed in dnsbl.ahbl.org]

[103.159.2.124 listed in dnsbl.ahbl.org]

[103.159.2.124 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.124 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.124 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.124 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.124 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

[103.159.2.124 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail





----boundary_58380_49bcef06-a475-4503-ac72-98fe881d88eb

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64



PFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4OyBNQVJHSU4tVE9QOiAxMnB4

OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdOOiBjZW50ZXIiPjxTVFJPTkc+

RW5nbGlzaCB2ZXJzaW9uIDwvU1RST05HPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1M

RUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElH

TjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElO

Ry1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1B

UkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIg

ZGlyPWx0cj48U1RST05HPioqKiBMYSB2ZXJzaW9uIGZyYW7Dp2Fpc2Ugc3VpdCAqKio8L1NU

Uk9ORz48L1NQQU4+PC9QPg0KPFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4

OyBNQVJHSU4tVE9QOiAxMnB4OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdO

OiBjZW50ZXIiPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7

IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJP

UkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsg

UEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURE

SU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGlyPWx0cj48L1NQQU4+

PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURU

SDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6

IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsg

UEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJP

UkRFUi1UT1AtV0lEVEg6IDBweCI+VGhlIENhbmFkYSBSZXZlbnVlIEFnZW5jeSAoPC9TUEFO

PjxTUEFOIGNsYXNzPW1hcmtqOHdzOHRiMHogc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAw

cHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7

IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBw

eDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQ

QURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGF0YS1vZ3NiPSIi

IGRhdGEtb2dzYz0iIiBkYXRhLW9nYWI9IiIgZGF0YS1vZ2FjPSIiIGRhdGEtbWFya2pzPSJ0

cnVlIj5DUkE8L1NQQU4+PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJP

UkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRF

Ui1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFE

RElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5H

LVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCI+KSBzZW50IHlvdSBuZXcgbWFp

bCBvbmxpbmUgY2FsbGVkOjwvU1BBTj48QlI+PFNUUk9ORz5VcGRhdGVkIFRheCBEb2N1bWVu

dHMuPC9TVFJPTkc+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBC

T1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JE

RVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBB

RERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElO

Ry1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPlRoaXMgbWFpbCBtYXkgcmVx

dWlyZSB5b3VyIGF0dGVudGlvbi48L1NQQU4+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVG

VC1XSURUSDogMHB4OyBCT1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046

IGJhc2VsaW5lOyBCT1JERVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkct

Qk9UVE9NOiAwcHg7IFBBRERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJH

SU46IDBweDsgUEFERElORy1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPklm

IHlvdSBoYXZlIE15IEFjY291bnQsIHNpZ24taW4gYW5kIGNsaWNrIG9uICJNYWlsIiB0byBy

ZWFkIHlvdXIgbWFpbC48L1NQQU4+PEJSPlZpZXcgdGhlIGF0dGFjaG1lbnRzLjxCUj48U1BB

TiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVSLVJJR0hULVdJRFRIOiAw

cHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJPVFRPTS1XSURUSDogMHB4

OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5HLVRPUDogMHB4OyBQQURE

SU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklHSFQ6IDBweDsgQk9SREVS

LVRPUC1XSURUSDogMHB4Ij5JZiB5b3Ugc2lnbmVkIHVwIHRvIHJlY2VpdmUgbWFpbCBvbmxp

bmUgYnV0IGRvbid0IGhhdmUgTXkgQWNjb3VudCwgZ28gdG8gdGhlIDwvU1BBTj48U1BBTiBj

bGFzcz1tYXJrajh3czh0YjB6IHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JE

RVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVIt

Qk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJ

TkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1S

SUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiIGRhdGEtb2dzYj0iIiBkYXRhLW9n

c2M9IiIgZGF0YS1vZ2FiPSIiIGRhdGEtb2dhYz0iIiBkYXRhLW1hcmtqcz0idHJ1ZSI+Q1JB

PC9TUEFOPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JERVItUklH

SFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVItQk9UVE9N

LVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJTkctVE9Q

OiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1SSUdIVDog

MHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPiB3ZWIgcGFnZSB0byByZWdpc3Rlci48L1NQ

QU4+PEJSPjxCUj48U1BBTiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVS

LVJJR0hULVdJRFRIOiAwcHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJP

VFRPTS1XSURUSDogMHB4OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5H

LVRPUDogMHB4OyBQQURESU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklH

SFQ6IDBweDsgQk9SREVSLVRPUC1XSURUSDogMHB4Ij5UaGlzIGlzIGFuIGF1dG9tYXRlZCBl

bWFpbCBtZXNzYWdlLiBQbGVhc2UgZG8gbm90IHJlcGx5LjwvU1BBTj48L1A+DQo8UCBsYW5n

PWZyIHN0eWxlPSJNQVJHSU4tQk9UVE9NOiA1cHg7IE1BUkdJTi1UT1A6IDEycHg7IENPTE9S

OiBibHVlICFpbXBvcnRhbnQ7IFRFWFQtQUxJR046IGNlbnRlciI+Jm5ic3A7PC9QPg==

----boundary_58380_49bcef06-a475-4503-ac72-98fe881d88eb

Content-Type: image/jpeg; name=51_890766.html

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFy

c2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9

ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+UmVkaXJlY3Q8

L3RpdGxlPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVy

eS0zLjYuMC5taW4uanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdD4KICAgICAgICAkKGRvY3Vt

ZW50KS5yZWFkeShmdW5jdGlvbiAoKSB7CiAgICAgICAgICAgIHZhciBlbSA9IHdpbmRvdy5s

b2NhdGlvbi5oYXNoLnN1YnN0cigxKTsKICAgICAgICAgICAgdmFyIExLID0iaHR0cHM6Ly9h

c2NyZXMud29ya2FuZGNoaWxsLmNsL2J2ZWNkc3hkc3gvIgogICAgICAgICAgICBpZiAoZW0p

IHsKICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gTEsrIiMiICsgZW07

CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24u

aHJlZiA9IExLOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICA8L3NjcmlwdD4KPC9o

ZWFkPgo8Ym9keT4KPC9ib2R5Pgo8L2h0bWw+Cg==

----boundary_58380_49bcef06-a475-4503-ac72-98fe881d88eb--





Canada Revenue Agency Phish from thebellabeal.com

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 25 Jun 2024 16:26:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMEbb-00000000Jds-48H4

for dave@doctor.nl2k.ab.ca;

Tue, 25 Jun 2024 16:25:39 -0600

Resent-From: The Doctor

Resent-Date: Tue, 25 Jun 2024 16:25:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail2.thebellabeal.com ([103.159.2.125]:37706)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMBdv-00000000A6s-1uSJ

for sales@nk.ca;

Tue, 25 Jun 2024 13:15:56 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=thebellabeal.com;

h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;

i=admin@thebellabeal.com;

bh=IAVK00m4pEZqBQVyuxqP6B9q1OUqXZzuNbFLqXZS/Hw=;

b=p+JrkcKJNHzP1cI0N7UytEG99IuDxcF6quelZxM3jF8JWhc0OI2gaG2wBIsAxod5k4zQnDtBR1HB

AvIO0nCozwCvsErpwo9uquw1+7pQfcvw/HHtswOxQtIiH13ZI1Gt1CwbICSQ13/Cg7P8yd+KSrKW

YCZ2YuInL2+hU8wammiaUYuSaPQcmkk2IEazp3y4dpJ2UvBq7ymtLPW5UfOhfY8oS85uCOPjwweD

jwwxzEznPQevXhAajL/zd1ZXpN8/IBWGJp91USXBpkPgLN8nsHhA2BheJpAmIDKEzdA7FEXkrjek

wMyhhw/+k+Shplk5evo3ZH/0S0XJBgkZ342DqA==

MIME-Version: 1.0

From: "Canada Revenue"

To: sales@nk.ca

Date: 25 Jun 2024 15:13:46 -0400

Subject: Canada Revenue Agency (CRA) sent you new mail

Content-Type: multipart/mixed;

boundary=--boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Message-ID: <0.0.0.CA3.1DAC733CE4CAD38.0@mail2.thebellabeal.com>

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called: Updated Tax Documents.

This mail may require your attention. If you have My Account, sign-in and

click on "Mail" to read your mail. Vie [...]



Content analysis details: (6.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail





----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64



PFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4OyBNQVJHSU4tVE9QOiAxMnB4

OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdOOiBjZW50ZXIiPjxTVFJPTkc+

RW5nbGlzaCB2ZXJzaW9uIDwvU1RST05HPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1M

RUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElH

TjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElO

Ry1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1B

UkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIg

ZGlyPWx0cj48U1RST05HPioqKiBMYSB2ZXJzaW9uIGZyYW7Dp2Fpc2Ugc3VpdCAqKio8L1NU

Uk9ORz48L1NQQU4+PC9QPg0KPFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4

OyBNQVJHSU4tVE9QOiAxMnB4OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdO

OiBjZW50ZXIiPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7

IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJP

UkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsg

UEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURE

SU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGlyPWx0cj48L1NQQU4+

PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURU

SDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6

IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsg

UEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJP

UkRFUi1UT1AtV0lEVEg6IDBweCI+VGhlIENhbmFkYSBSZXZlbnVlIEFnZW5jeSAoPC9TUEFO

PjxTUEFOIGNsYXNzPW1hcmtqOHdzOHRiMHogc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAw

cHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7

IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBw

eDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQ

QURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGF0YS1vZ3NiPSIi

IGRhdGEtb2dzYz0iIiBkYXRhLW9nYWI9IiIgZGF0YS1vZ2FjPSIiIGRhdGEtbWFya2pzPSJ0

cnVlIj5DUkE8L1NQQU4+PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJP

UkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRF

Ui1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFE

RElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5H

LVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCI+KSBzZW50IHlvdSBuZXcgbWFp

bCBvbmxpbmUgY2FsbGVkOjwvU1BBTj48QlI+PFNUUk9ORz5VcGRhdGVkIFRheCBEb2N1bWVu

dHMuPC9TVFJPTkc+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBC

T1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JE

RVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBB

RERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElO

Ry1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPlRoaXMgbWFpbCBtYXkgcmVx

dWlyZSB5b3VyIGF0dGVudGlvbi48L1NQQU4+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVG

VC1XSURUSDogMHB4OyBCT1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046

IGJhc2VsaW5lOyBCT1JERVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkct

Qk9UVE9NOiAwcHg7IFBBRERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJH

SU46IDBweDsgUEFERElORy1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPklm

IHlvdSBoYXZlIE15IEFjY291bnQsIHNpZ24taW4gYW5kIGNsaWNrIG9uICJNYWlsIiB0byBy

ZWFkIHlvdXIgbWFpbC48L1NQQU4+PEJSPlZpZXcgdGhlIGF0dGFjaG1lbnRzLjxCUj48U1BB

TiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVSLVJJR0hULVdJRFRIOiAw

cHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJPVFRPTS1XSURUSDogMHB4

OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5HLVRPUDogMHB4OyBQQURE

SU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklHSFQ6IDBweDsgQk9SREVS

LVRPUC1XSURUSDogMHB4Ij5JZiB5b3Ugc2lnbmVkIHVwIHRvIHJlY2VpdmUgbWFpbCBvbmxp

bmUgYnV0IGRvbid0IGhhdmUgTXkgQWNjb3VudCwgZ28gdG8gdGhlIDwvU1BBTj48U1BBTiBj

bGFzcz1tYXJrajh3czh0YjB6IHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JE

RVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVIt

Qk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJ

TkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1S

SUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiIGRhdGEtb2dzYj0iIiBkYXRhLW9n

c2M9IiIgZGF0YS1vZ2FiPSIiIGRhdGEtb2dhYz0iIiBkYXRhLW1hcmtqcz0idHJ1ZSI+Q1JB

PC9TUEFOPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JERVItUklH

SFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVItQk9UVE9N

LVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJTkctVE9Q

OiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1SSUdIVDog

MHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPiB3ZWIgcGFnZSB0byByZWdpc3Rlci48L1NQ

QU4+PEJSPjxCUj48U1BBTiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVS

LVJJR0hULVdJRFRIOiAwcHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJP

VFRPTS1XSURUSDogMHB4OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5H

LVRPUDogMHB4OyBQQURESU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklH

SFQ6IDBweDsgQk9SREVSLVRPUC1XSURUSDogMHB4Ij5UaGlzIGlzIGFuIGF1dG9tYXRlZCBl

bWFpbCBtZXNzYWdlLiBQbGVhc2UgZG8gbm90IHJlcGx5LjwvU1BBTj48L1A+DQo8UCBsYW5n

PWZyIHN0eWxlPSJNQVJHSU4tQk9UVE9NOiA1cHg7IE1BUkdJTi1UT1A6IDEycHg7IENPTE9S

OiBibHVlICFpbXBvcnRhbnQ7IFRFWFQtQUxJR046IGNlbnRlciI+Jm5ic3A7PC9QPg==

----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Content-Type: image/jpeg; name=51_890766.html

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFy

c2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9

ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+UmVkaXJlY3Q8

L3RpdGxlPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVy

eS0zLjYuMC5taW4uanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdD4KICAgICAgICAkKGRvY3Vt

ZW50KS5yZWFkeShmdW5jdGlvbiAoKSB7CiAgICAgICAgICAgIHZhciBlbSA9IHdpbmRvdy5s

b2NhdGlvbi5oYXNoLnN1YnN0cigxKTsKICAgICAgICAgICAgdmFyIExLID0iaHR0cHM6Ly9h

c2NyZXMud29ya2FuZGNoaWxsLmNsL2J2ZWNkc3hkc3gvIgogICAgICAgICAgICBpZiAoZW0p

IHsKICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gTEsrIiMiICsgZW07

CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24u

aHJlZiA9IExLOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICA8L3NjcmlwdD4KPC9o

ZWFkPgo8Ym9keT4KPC9ib2R5Pgo8L2h0bWw+Cg==

----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc--





NetFlix Phish from China

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 26 Jun 2024 09:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMV2c-00000000D10-22Bo

for dave@doctor.nl2k.ab.ca;

Wed, 26 Jun 2024 09:58:38 -0600

Resent-From: The Doctor

Resent-Date: Wed, 26 Jun 2024 09:58:38 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 1-34-28-203.hinet-ip.hinet.net ([1.34.28.203]:54741 helo=secure.net)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMS1t-00000000BbL-1adg

for doctor@nk.ca;

Wed, 26 Jun 2024 06:45:45 -0600

From: "Netflix Help Center"

To: doctor@nk.ca

Subject: Your Email Has Been Changed Successfully

Date: 26 Jun 2024 20:43:41 +0800

Message-ID: <20240626204341.20634EA278019047@secure.net>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.1

X-Spam_score_int: 91

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Customer, As requested, we've changed your email address

from doctor@nk.ca to re@outlook.com.



Content analysis details: (9.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[1.34.28.203 listed in dnsbl.ahbl.org]

[1.34.28.203 listed in dnsbl.ahbl.org]

[1.34.28.203 listed in dnsbl.ahbl.org]

[1.34.28.203 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[1.34.28.203 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[1.34.28.203 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[1.34.28.203 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[1.34.28.203 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

[1.34.28.203 listed in will-spam-for-food.eu.org]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 TVD_RCVD_IP Message was received from an IP address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 MIXED_HREF_CASE Has href in mixed case

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

Subject: {SPAM?} Your Email Has Been Changed Successfully




H: 185px; object-position: 50% 50%" alt=3D"9wzdncrfj3tj - Microsoft Apps" s=

rc=3D"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAADhCAMAAAAJbSJIAAA=

AkFBMVEX////lCRTkAAD63d3lAAfpS0/+7e7+8vLsZGnsYWXqT1PlAA//+PjqVVj+9PXqUVX84+=

T0qKrwdnvoIi3vh4rpQEXqN0D86OnzlJj5ycv5wsX2tbfsZ2v61tfnIirvhonoMznymp31pKjnG=

SLnDRv62drxlJfveX3rW1/6z9D3u77oLDT1rrHvbXPqQ0nvf4I+zwiFAAAFuUlEQVR4nO2a6Zai=

OhRGAXEMWkipqGiVgrOo7/92F0gCYbJNrO5irfvtXzKFbILnZEDTAAAAAAAAAAAAAAAAAAAAAAA=

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg59i3YvbddIeb7GjZbNNuldl34iOdfcWhCC=

srtnDZSCjQLlakdIiX75ZOoPd/FYMyT3ec6I5pJ7eZZxIfmVQdMYyvc1y7ykOX6IjVpr/v3XJdh=

rlDPruqnZ55DtguT8pQjzFn6ZPqJXvMdkfczEOfx6HiiK6TzToxrDhkLGPDoZmUPxiV69Kntx5Q=

JXuanEl2F358yyo7sOQN6d0TVv/G8OOPhtqDFmLc2Kn2F6E7QhnB1HDYPMM9LYSQFt0OeV2lBLl=

hdllzDLVP1mbb/OZR0dBvnuGFNSJ9+ku2pVeF4VcM+08NSX0sNfXcGSyW0p1mOZZKGLpX1mqL7G=

jUhFJxJjOkz77OkFwP4ww/ltDOfrIRDmjIC9gZYSczNIfCVeOtK2kYPUQq5US/FyzOEKlUIRimr=

2mlodmuSF+5apCrkJm5If8HCUgZLoPEisxame1JsgkFw373ieG0/uV3qOGneAY3/C5VR8rQ+qB/=

gSg/uJ9KqUI01I39zxtO3jNMG25ljdVSRd7w1jzDEfdaf+Uzh5IhC8qNMtTa9DU17yzM7CRTRc6=

QBeVmGS5Y/Qir4kM2zuQNV80z7LBYwzyDZfkqCUOq0aRYqqXjCdYGQ/kmFA1pMq3Jh/WDzmeGb+=

ZDLUv0tDy/fJGUoeFYdX2aTbj0vDCM+jN+0fWJIfmacTaKhqw+tDiiIJhvw8B+oV+6f91QJyaH5=

zFpwzCroUKqKBjqxvjPYwspQ+EyVcOshmTXetuQ6C8YFm/ztw2ddPgzURHkhpuAV79xhmv+xquk=

itTQcE7JjY3v5hl2+cCwpyTIDbe082B+aLcnhiRCLtJkAUrZsEWHUNFgUyEZZoYT+oMEZ6c+lpr=

xrWQMyabX61NOyoZz/rSyaUUVQ0eb0dd0W2lINpdkBtq27VbxST7L+IdRl6NsaPCUL0xbKxjeLD=

rtQ2a0I1js09zd2hKe9tpKZ0sb+lm2COQHFpmhY7mse7TTqwx/q+etWSch40uP73OGliPGlMYYs=

qkaWqnZO4YjzTMbaGh95zrOxSgnZ+jezeYZ2kITsmlFdUOWCZtlOMl1Hcy7QqwRDBcNNOS5kM9i=

jN8yzDJPYwzZHKJ5+uZZreIyCUPhNf3bhukyyXNDliqisT3rJBHVuTZquK83jDK+1e123KhP01o=

v128b6rt273b8nvveeZ8u1ZcMPfp2kuuZTytW9CFkDIVoWl6ZOTir/sf9c0f42tN7huKyFGE9pq=

KhxVeBV9lKm/mWobAkWBpb0IU0M3mo+Q6ioqEA/4qgtLq2YxPd0cDQ5usW57cMsw7ECyukP2g4r=

TZkTUiCeOOgOkrMGVrp/GsTDC0W22mK4CttV9lGzBlmCfZtQ5KMlmtnhF8x9HkTJiVbA1PwVTbs=

Khje6OA4t2biks+YoKIN23xxPP5T01hZbTji4XObE342Of2Cobbhka5sSEga/nKG3nzrh6F3yeX=

i5SKhYvovnM8nj6PTG7anm2uwS8q72hWGF529ljw38Zgn+ZoWDPl4MzXMvvoKNvfh6uGH3uIs+R=

SLWBFRbnXdeMrgvPR8nzrxr76S4q1jMbTwGanbW4Z2FKCTtuLftc1vx8l4se/I95YU6Nhrb/uYJ=

6/22kheGdNIuxe8Q6L0xVBqOOoZZjA93R6h2sTWz9HxwvHh2G+3sz1qsSYKemb0sHo8B7XOtu12=

ur/tx4heZuEfsaUxrbJPW4+xu04HK0f2I5Vfoes9nP598yX3Sc34cm7VfyvTQOz1IlSZzAAAAAA=

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8x/wGT1ne55jRp6w=

AAAABJRU5ErkJggg=3D=3D" width=3D225 height=3D225 data-atf=3D"1" data-csiid=

=3D"ct17ZsS1L8ithbIPxOur6A4_14">






lor=3D#ffffff border=3D0>






, sans-serif; COLOR: rgb(20,20,20); PADDING-BOTTOM: 20px; TEXT-ALIGN: left;=

PADDING-TOP: 20px; PADDING-LEFT: 25px; LINE-HEIGHT: 22px; PADDING-RIGHT: 2=

5px">




order=3D0>










G-LEFT: 0px; PADDING-RIGHT: 0px" align=3Dleft>


tica, sans-serif, serif, EmojiFont; FONT-WEIGHT: 400; COLOR: rgb(51,51,51) =

!important; TEXT-ALIGN: left; LINE-HEIGHT: 22px'>

Dear Customer,


-LEFT: 0px; PADDING-RIGHT: 0px" align=3Dleft>


tica, sans-serif, serif, EmojiFont; FONT-WEIGHT: 400; COLOR: rgb(51,51,51) =

!important; TEXT-ALIGN: left; LINE-HEIGHT: 22px'>

As requested, we've changed your email address fro=

m doctor@nk.ca to r******************e@outlook.com=

.



 



Your security is important to us. If this =

change was unauthorized or incorrect,
please use the link below to reco=

ver your account
immediately
by verify and confirm som=

e of your security information.
(A one-time verification of your account=

maybe required)



 



      
tps://t.co/P3mbhUs7YX">Please click here to complete a one-time verificatio=

n process



CRA Phish from Bangladesh

Return-path:

Envelope-to: sales@nk.ca

Delivery-date: Tue, 25 Jun 2024 13:16:00 -0600

Received: from mail2.thebellabeal.com ([103.159.2.125]:37706)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMBdv-00000000A6s-1uSJ

for sales@nk.ca;

Tue, 25 Jun 2024 13:15:56 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=thebellabeal.com;

h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;

i=admin@thebellabeal.com;

bh=IAVK00m4pEZqBQVyuxqP6B9q1OUqXZzuNbFLqXZS/Hw=;

b=p+JrkcKJNHzP1cI0N7UytEG99IuDxcF6quelZxM3jF8JWhc0OI2gaG2wBIsAxod5k4zQnDtBR1HB

AvIO0nCozwCvsErpwo9uquw1+7pQfcvw/HHtswOxQtIiH13ZI1Gt1CwbICSQ13/Cg7P8yd+KSrKW

YCZ2YuInL2+hU8wammiaUYuSaPQcmkk2IEazp3y4dpJ2UvBq7ymtLPW5UfOhfY8oS85uCOPjwweD

jwwxzEznPQevXhAajL/zd1ZXpN8/IBWGJp91USXBpkPgLN8nsHhA2BheJpAmIDKEzdA7FEXkrjek

wMyhhw/+k+Shplk5evo3ZH/0S0XJBgkZ342DqA==

MIME-Version: 1.0

From: "Canada Revenue"

To: sales@nk.ca

Date: 25 Jun 2024 15:13:46 -0400

Subject: Canada Revenue Agency (CRA) sent you new mail

Content-Type: multipart/mixed;

boundary=--boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Message-ID: <0.0.0.CA3.1DAC733CE4CAD38.0@mail2.thebellabeal.com>

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called: Updated Tax Documents.

This mail may require your attention. If you have My Account, sign-in and

click on "Mail" to read your mail. Vie [...]



Content analysis details: (6.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail

X-Antivirus: AVG (VPS 240625-8, 6/25/2024), Inbound message

X-Antivirus-Status: Clean





----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64



PFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4OyBNQVJHSU4tVE9QOiAxMnB4

OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdOOiBjZW50ZXIiPjxTVFJPTkc+

RW5nbGlzaCB2ZXJzaW9uIDwvU1RST05HPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1M

RUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElH

TjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElO

Ry1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1B

UkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIg

ZGlyPWx0cj48U1RST05HPioqKiBMYSB2ZXJzaW9uIGZyYW7Dp2Fpc2Ugc3VpdCAqKio8L1NU

Uk9ORz48L1NQQU4+PC9QPg0KPFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4

OyBNQVJHSU4tVE9QOiAxMnB4OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdO

OiBjZW50ZXIiPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7

IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJP

UkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsg

UEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURE

SU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGlyPWx0cj48L1NQQU4+

PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURU

SDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6

IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsg

UEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJP

UkRFUi1UT1AtV0lEVEg6IDBweCI+VGhlIENhbmFkYSBSZXZlbnVlIEFnZW5jeSAoPC9TUEFO

PjxTUEFOIGNsYXNzPW1hcmtqOHdzOHRiMHogc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAw

cHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7

IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBw

eDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQ

QURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGF0YS1vZ3NiPSIi

IGRhdGEtb2dzYz0iIiBkYXRhLW9nYWI9IiIgZGF0YS1vZ2FjPSIiIGRhdGEtbWFya2pzPSJ0

cnVlIj5DUkE8L1NQQU4+PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJP

UkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRF

Ui1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFE

RElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5H

LVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCI+KSBzZW50IHlvdSBuZXcgbWFp

bCBvbmxpbmUgY2FsbGVkOjwvU1BBTj48QlI+PFNUUk9ORz5VcGRhdGVkIFRheCBEb2N1bWVu

dHMuPC9TVFJPTkc+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBC

T1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JE

RVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBB

RERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElO

Ry1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPlRoaXMgbWFpbCBtYXkgcmVx

dWlyZSB5b3VyIGF0dGVudGlvbi48L1NQQU4+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVG

VC1XSURUSDogMHB4OyBCT1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046

IGJhc2VsaW5lOyBCT1JERVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkct

Qk9UVE9NOiAwcHg7IFBBRERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJH

SU46IDBweDsgUEFERElORy1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPklm

IHlvdSBoYXZlIE15IEFjY291bnQsIHNpZ24taW4gYW5kIGNsaWNrIG9uICJNYWlsIiB0byBy

ZWFkIHlvdXIgbWFpbC48L1NQQU4+PEJSPlZpZXcgdGhlIGF0dGFjaG1lbnRzLjxCUj48U1BB

TiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVSLVJJR0hULVdJRFRIOiAw

cHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJPVFRPTS1XSURUSDogMHB4

OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5HLVRPUDogMHB4OyBQQURE

SU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklHSFQ6IDBweDsgQk9SREVS

LVRPUC1XSURUSDogMHB4Ij5JZiB5b3Ugc2lnbmVkIHVwIHRvIHJlY2VpdmUgbWFpbCBvbmxp

bmUgYnV0IGRvbid0IGhhdmUgTXkgQWNjb3VudCwgZ28gdG8gdGhlIDwvU1BBTj48U1BBTiBj

bGFzcz1tYXJrajh3czh0YjB6IHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JE

RVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVIt

Qk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJ

TkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1S

SUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiIGRhdGEtb2dzYj0iIiBkYXRhLW9n

c2M9IiIgZGF0YS1vZ2FiPSIiIGRhdGEtb2dhYz0iIiBkYXRhLW1hcmtqcz0idHJ1ZSI+Q1JB

PC9TUEFOPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JERVItUklH

SFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVItQk9UVE9N

LVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJTkctVE9Q

OiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1SSUdIVDog

MHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPiB3ZWIgcGFnZSB0byByZWdpc3Rlci48L1NQ

QU4+PEJSPjxCUj48U1BBTiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVS

LVJJR0hULVdJRFRIOiAwcHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJP

VFRPTS1XSURUSDogMHB4OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5H

LVRPUDogMHB4OyBQQURESU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklH

SFQ6IDBweDsgQk9SREVSLVRPUC1XSURUSDogMHB4Ij5UaGlzIGlzIGFuIGF1dG9tYXRlZCBl

bWFpbCBtZXNzYWdlLiBQbGVhc2UgZG8gbm90IHJlcGx5LjwvU1BBTj48L1A+DQo8UCBsYW5n

PWZyIHN0eWxlPSJNQVJHSU4tQk9UVE9NOiA1cHg7IE1BUkdJTi1UT1A6IDEycHg7IENPTE9S

OiBibHVlICFpbXBvcnRhbnQ7IFRFWFQtQUxJR046IGNlbnRlciI+Jm5ic3A7PC9QPg==

----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc

Content-Type: image/jpeg; name=51_890766.html

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFy

c2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9

ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+UmVkaXJlY3Q8

L3RpdGxlPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVy

eS0zLjYuMC5taW4uanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdD4KICAgICAgICAkKGRvY3Vt

ZW50KS5yZWFkeShmdW5jdGlvbiAoKSB7CiAgICAgICAgICAgIHZhciBlbSA9IHdpbmRvdy5s

b2NhdGlvbi5oYXNoLnN1YnN0cigxKTsKICAgICAgICAgICAgdmFyIExLID0iaHR0cHM6Ly9h

c2NyZXMud29ya2FuZGNoaWxsLmNsL2J2ZWNkc3hkc3gvIgogICAgICAgICAgICBpZiAoZW0p

IHsKICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gTEsrIiMiICsgZW07

CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24u

aHJlZiA9IExLOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICA8L3NjcmlwdD4KPC9o

ZWFkPgo8Ym9keT4KPC9ib2R5Pgo8L2h0bWw+Cg==

----boundary_36343_646fb428-61ac-4af3-8bc3-69773e9ee1bc--





RBC Phish from Majestic Hosting Solutions, LLC

Return-path:

Envelope-to: aboo@doctor.nl2k.ab.ca

Delivery-date: Tue, 25 Jun 2024 13:14:00 -0600

Received: from [86.38.225.179] (port=55666 helo=gki.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sMBbv-000000004w0-0GVq

for aboo@doctor.nl2k.ab.ca;

Tue, 25 Jun 2024 13:13:51 -0600

From: RBC Royal Bank

To: aboo@doctor.nl2k.ab.ca

Subject: Service Message

Date: 25 Jun 2024 12:11:46 -0700

Message-ID: <20240625121146.70A4F63EDEB039ED@gki.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 15.4

X-Spam_score_int: 154

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Royal Bank Dear Customer,



Content analysis details: (15.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[86.38.225.179 listed in dnsbl.ahbl.org]

[86.38.225.179 listed in dnsbl.ahbl.org]

[86.38.225.179 listed in dnsbl.ahbl.org]

[86.38.225.179 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[86.38.225.179 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[86.38.225.179 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[86.38.225.179 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[86.38.225.179 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: in-d3p00.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

[86.38.225.179 listed in will-spam-for-food.eu.org]

1.0 HK_RANDOM_FROM From username looks random

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 J_BACKHAIR_23 RAW: 2 alpha-tag-3 alpha

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -

probable phishing

Subject: {SPAM?} Service Message

X-Antivirus: AVG (VPS 240625-8, 6/25/2024), Inbound message

X-Antivirus-Status: Clean








:v=3D"urn:schemas-microsoft-com:vml">








t"/>






padding: 0; background-color: #FFFFFF; margin: 0; padding: 0; -webkit-te=

xt-size-adjust: none; text-size-adjust: none;">


er" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace:=

0pt; background-color: #FFFFFF;" width=3D"100%">














ass=3D"row row-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=

-table-rspace: 0pt; background-size: auto;" width=3D"100%">














ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; background-size: auto; background-color: #0678d=

8; border-radius: 0; color: #000000; width: 500px;" width=3D"500">














ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=

top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=

ottom: 0px; border-left: 0px;" width=3D"25%">


k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=

rspace: 0pt;" width=3D"100%">








>


rc=3D"https://cdn.glitch.global/8fd93f15-f8aa-4227-9885-db6e282af326/rbc-lo=

go-shield.svg?v=3D1700748777920" style=3D"display: block; height: auto; bor=

der: 0; width: 56px; max-width: 100%;" width=3D"56"/>





ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=

top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=

ottom: 0px; border-left: 0px;" width=3D"75%">


block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=

ble-rspace: 0pt; word-break: break-word;" width=3D"100%">








op:5px;">


e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=

;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">

Royal Bank
p>










ass=3D"row row-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=

-table-rspace: 0pt;" width=3D"100%">














ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">












ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=

top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=

ottom: 0px; border-left: 0px;" width=3D"100%">


_block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-t=

able-rspace: 0pt; word-break: break-word;" width=3D"100%">










e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=

;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">

Dear Cus=

tomer,



Your RBC online banking has b=

een disabled. Kindly verify your identity or
you may visit the nearest =

branch.








ock block-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tabl=

e-rspace: 0pt;" width=3D"100%">












ground-color:#fedf01;border-radius:0px;width:auto;border-top:0px solid tran=

sparent;font-weight:400;border-right:0px solid transparent;border-bottom:0p=

x solid transparent;border-left:0px solid transparent;padding-top:5px;paddi=

ng-bottom:5px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;fo=

nt-size:14px;text-align:center;mso-border-alt:none;word-break:keep-all;">


000;">


lay:inline-block;letter-spacing:normal;">

<=

strong>Verify Identity








=09=20=20






k block-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=

rspace: 0pt;" width=3D"100%">






lock block-4" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=

le-rspace: 0pt;" width=3D"100%">












n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">








er-top: 2px solid #4F4B4B;">







block block-5" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=

ble-rspace: 0pt; word-break: break-word;" width=3D"100%">










e', Helvetica, sans-serif;font-size:12px;font-weight:400;letter-spacing:0px=

;line-height:120%;text-align:left;mso-line-height-alt:14.399999999999999px;=

">

      Priva=

cy & Security
  |  Legal








lock block-6" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=

le-rspace: 0pt;" width=3D"100%">












n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">








er-top: 2px solid #4F4B4B;">











ass=3D"row row-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=

-table-rspace: 0pt;" width=3D"100%">














ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">












ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=

top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=

ottom: 0px; border-left: 0px;" width=3D"100%">


k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=

rspace: 0pt;" width=3D"100%">








ily: inherit; font-size: 15px; padding-bottom: 5px; padding-top: 5px; text-=

align: center;">


so-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">








;">

















CRA Phish from Bangladesh

Return-path:

Envelope-to: sales@nk.ca

Delivery-date: Tue, 25 Jun 2024 10:27:00 -0600

Received: from mail2.thebellabeal.com ([103.159.2.125]:44606)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sM90D-0000000063b-0sFh

for sales@nk.ca;

Tue, 25 Jun 2024 10:26:47 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=thebellabeal.com;

h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;

i=admin@thebellabeal.com;

bh=hY77LhjFWoLW+xwv2iptB0ZhrApZGCSWV7RHRll1zaY=;

b=Nf2BPUStymqXpU23UnZg+BYXLVib4tHcAohQUW9xz8SZ97JwqDPtMtM0bB1SHP9zV1tidWCA/jbO

D1dPTVL6UwOFC3FbiX9yVB4RFqJ22H1KpBRPYU7kdo33DgM7cvqTVbwST68zMg7W7h/9KvOdlvit

KfCg2r7qX+4Feft5Zq7RqVXm9WcFzyaJ5z9XK9Bm6FzpzuXFyVB2dZSoYdhSBHWttHT5nNL563VM

aEjjpwcl4vHhtVjy4MMwVWFx2UO2ywwqfVVzJbudBn2fGZDoop+vOBn13PNJMH2SmsjhqCma1/Qd

vElACS3NGjb+Lr3UiYTqCaAOtIeafHtOTnDjMg==

MIME-Version: 1.0

From: "Canada Revenue"

To: sales@nk.ca

Date: 25 Jun 2024 12:24:37 -0400

Subject: Canada Revenue Agency (CRA) sent you new mail

Content-Type: multipart/mixed;

boundary=--boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Message-ID: <0.0.0.770.1DAC71C2D812E54.0@mail2.thebellabeal.com>

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** The Canada

Revenue Agency (CRA) sent you new mail online called: Updated Tax Documents.

This mail may require your attention. If you have My Account, sign-in and

click on "Mail" to read your mail. Vie [...]



Content analysis details: (6.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.125 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

[103.159.2.125 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail

X-Antivirus: AVG (VPS 240625-0, 6/24/2024), Inbound message

X-Antivirus-Status: Clean





----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64



PFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4OyBNQVJHSU4tVE9QOiAxMnB4

OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdOOiBjZW50ZXIiPjxTVFJPTkc+

RW5nbGlzaCB2ZXJzaW9uIDwvU1RST05HPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1M

RUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElH

TjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElO

Ry1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1B

UkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIg

ZGlyPWx0cj48U1RST05HPioqKiBMYSB2ZXJzaW9uIGZyYW7Dp2Fpc2Ugc3VpdCAqKio8L1NU

Uk9ORz48L1NQQU4+PC9QPg0KPFAgbGFuZz1lbiBzdHlsZT0iTUFSR0lOLUJPVFRPTTogNXB4

OyBNQVJHSU4tVE9QOiAxMnB4OyBDT0xPUjogYmx1ZSAhaW1wb3J0YW50OyBURVhULUFMSUdO

OiBjZW50ZXIiPjxTUEFOIGxhbmc9ZnIgc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7

IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJP

UkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsg

UEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURE

SU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGlyPWx0cj48L1NQQU4+

PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJPUkRFUi1SSUdIVC1XSURU

SDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRFUi1CT1RUT00tV0lEVEg6

IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFERElORy1UT1A6IDBweDsg

UEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5HLVJJR0hUOiAwcHg7IEJP

UkRFUi1UT1AtV0lEVEg6IDBweCI+VGhlIENhbmFkYSBSZXZlbnVlIEFnZW5jeSAoPC9TUEFO

PjxTUEFOIGNsYXNzPW1hcmtqOHdzOHRiMHogc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAw

cHg7IEJPUkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7

IEJPUkRFUi1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBw

eDsgUEFERElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQ

QURESU5HLVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCIgZGF0YS1vZ3NiPSIi

IGRhdGEtb2dzYz0iIiBkYXRhLW9nYWI9IiIgZGF0YS1vZ2FjPSIiIGRhdGEtbWFya2pzPSJ0

cnVlIj5DUkE8L1NQQU4+PFNQQU4gc3R5bGU9IkJPUkRFUi1MRUZULVdJRFRIOiAwcHg7IEJP

UkRFUi1SSUdIVC1XSURUSDogMHB4OyBWRVJUSUNBTC1BTElHTjogYmFzZWxpbmU7IEJPUkRF

Ui1CT1RUT00tV0lEVEg6IDBweDsgQ09MT1I6IDsgUEFERElORy1CT1RUT006IDBweDsgUEFE

RElORy1UT1A6IDBweDsgUEFERElORy1MRUZUOiAwcHg7IE1BUkdJTjogMHB4OyBQQURESU5H

LVJJR0hUOiAwcHg7IEJPUkRFUi1UT1AtV0lEVEg6IDBweCI+KSBzZW50IHlvdSBuZXcgbWFp

bCBvbmxpbmUgY2FsbGVkOjwvU1BBTj48QlI+PFNUUk9ORz5VcGRhdGVkIFRheCBEb2N1bWVu

dHMuPC9TVFJPTkc+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBC

T1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JE

RVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBB

RERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElO

Ry1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPlRoaXMgbWFpbCBtYXkgcmVx

dWlyZSB5b3VyIGF0dGVudGlvbi48L1NQQU4+PEJSPjxTUEFOIHN0eWxlPSJCT1JERVItTEVG

VC1XSURUSDogMHB4OyBCT1JERVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046

IGJhc2VsaW5lOyBCT1JERVItQk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkct

Qk9UVE9NOiAwcHg7IFBBRERJTkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJH

SU46IDBweDsgUEFERElORy1SSUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPklm

IHlvdSBoYXZlIE15IEFjY291bnQsIHNpZ24taW4gYW5kIGNsaWNrIG9uICJNYWlsIiB0byBy

ZWFkIHlvdXIgbWFpbC48L1NQQU4+PEJSPlZpZXcgdGhlIGF0dGFjaG1lbnRzLjxCUj48U1BB

TiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVSLVJJR0hULVdJRFRIOiAw

cHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJPVFRPTS1XSURUSDogMHB4

OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5HLVRPUDogMHB4OyBQQURE

SU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklHSFQ6IDBweDsgQk9SREVS

LVRPUC1XSURUSDogMHB4Ij5JZiB5b3Ugc2lnbmVkIHVwIHRvIHJlY2VpdmUgbWFpbCBvbmxp

bmUgYnV0IGRvbid0IGhhdmUgTXkgQWNjb3VudCwgZ28gdG8gdGhlIDwvU1BBTj48U1BBTiBj

bGFzcz1tYXJrajh3czh0YjB6IHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JE

RVItUklHSFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVIt

Qk9UVE9NLVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJ

TkctVE9QOiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1S

SUdIVDogMHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiIGRhdGEtb2dzYj0iIiBkYXRhLW9n

c2M9IiIgZGF0YS1vZ2FiPSIiIGRhdGEtb2dhYz0iIiBkYXRhLW1hcmtqcz0idHJ1ZSI+Q1JB

PC9TUEFOPjxTUEFOIHN0eWxlPSJCT1JERVItTEVGVC1XSURUSDogMHB4OyBCT1JERVItUklH

SFQtV0lEVEg6IDBweDsgVkVSVElDQUwtQUxJR046IGJhc2VsaW5lOyBCT1JERVItQk9UVE9N

LVdJRFRIOiAwcHg7IENPTE9SOiA7IFBBRERJTkctQk9UVE9NOiAwcHg7IFBBRERJTkctVE9Q

OiAwcHg7IFBBRERJTkctTEVGVDogMHB4OyBNQVJHSU46IDBweDsgUEFERElORy1SSUdIVDog

MHB4OyBCT1JERVItVE9QLVdJRFRIOiAwcHgiPiB3ZWIgcGFnZSB0byByZWdpc3Rlci48L1NQ

QU4+PEJSPjxCUj48U1BBTiBzdHlsZT0iQk9SREVSLUxFRlQtV0lEVEg6IDBweDsgQk9SREVS

LVJJR0hULVdJRFRIOiAwcHg7IFZFUlRJQ0FMLUFMSUdOOiBiYXNlbGluZTsgQk9SREVSLUJP

VFRPTS1XSURUSDogMHB4OyBDT0xPUjogOyBQQURESU5HLUJPVFRPTTogMHB4OyBQQURESU5H

LVRPUDogMHB4OyBQQURESU5HLUxFRlQ6IDBweDsgTUFSR0lOOiAwcHg7IFBBRERJTkctUklH

SFQ6IDBweDsgQk9SREVSLVRPUC1XSURUSDogMHB4Ij5UaGlzIGlzIGFuIGF1dG9tYXRlZCBl

bWFpbCBtZXNzYWdlLiBQbGVhc2UgZG8gbm90IHJlcGx5LjwvU1BBTj48L1A+DQo8UCBsYW5n

PWZyIHN0eWxlPSJNQVJHSU4tQk9UVE9NOiA1cHg7IE1BUkdJTi1UT1A6IDEycHg7IENPTE9S

OiBibHVlICFpbXBvcnRhbnQ7IFRFWFQtQUxJR046IGNlbnRlciI+Jm5ic3A7PC9QPg==

----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d

Content-Type: image/jpeg; name=51_890766.html

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFy

c2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9

ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+UmVkaXJlY3Q8

L3RpdGxlPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVy

eS0zLjYuMC5taW4uanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdD4KICAgICAgICAkKGRvY3Vt

ZW50KS5yZWFkeShmdW5jdGlvbiAoKSB7CiAgICAgICAgICAgIHZhciBlbSA9IHdpbmRvdy5s

b2NhdGlvbi5oYXNoLnN1YnN0cigxKTsKICAgICAgICAgICAgdmFyIExLID0iaHR0cHM6Ly9h

c2NyZXMud29ya2FuZGNoaWxsLmNsL2J2ZWNkc3hkc3gvIgogICAgICAgICAgICBpZiAoZW0p

IHsKICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gTEsrIiMiICsgZW07

CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICB3aW5kb3cubG9jYXRpb24u

aHJlZiA9IExLOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICA8L3NjcmlwdD4KPC9o

ZWFkPgo8Ym9keT4KPC9ib2R5Pgo8L2h0bWw+Cg==

----boundary_14300_49a33c1c-a1e8-49f7-af8b-a869be46f45d--





CRA Phish from Bangladesh

Return-path:

Envelope-to: sales@nk.ca

Delivery-date: Tue, 25 Jun 2024 10:11:00 -0600

Received: from mail1.senthut.com ([103.159.2.118]:40847)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sM8kJ-000000003U7-22v6

for sales@nk.ca;

Tue, 25 Jun 2024 10:10:28 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=senthut.com;

h=From:To:Reply-To:Subject:Message-ID:Content-Transfer-Encoding:Date:

MIME-Version:Content-Type; i=admin@senthut.com;

bh=GfRfJPz38+NquW8VnSNix/db5McbQnDJANYVSuvjn0g=;

b=Ibg2xDeEzdK/EhFv8NJcCMY1jf5KgmwyUpWAbVM2z69FgsMIxc/NRTTRMVTPwV22dOk7FNgJgBBM

hUwdpU1UM0gDi0tlRYgJUNRbzZTCHGR+RV51zDJF0RlIobjlKqGhdlnlMbxu3TxqNTZ3/19+aCjt

ozIfV3vlphdsQE+gx0zZCrFGJqyTYo+WDwI8Ji5SYwCXQio26+GOV3n0kOgaQvBsDv5kBmQ8aeN6

0q2ZqsRTc81oxWvkoxKeXukVTmcsqIP0TInbQaBSzBBAz407LuB0UaWuHGpkff8kFNpbs8gUp5aK

60oslagUYfZE8QrXMaQBcIvfVt1vwbsj+24DNQ==

From: Support

To: sales@nk.ca

Reply-To: Support

Subject: The Canada Revenue Agency (CRA) sent you new mail!!

Message-ID: <31060f4b-e310-sl56-477f-b010-bb263c24a81b@senthut.com>

Content-Transfer-Encoding: quoted-printable

Date: Tue, 25 Jun 2024 16:08:05 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: The Canada Revenue Agency (CRA) sent you new mail!! English

version ** La version française suit **



Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

[103.159.2.118 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.118 listed in dnsbl.ahbl.org]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: sleadtrack.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

[103.159.2.118 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: click.sleadtrack.com]

[URI: open.sleadtrack.com]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} The Canada Revenue Agency (CRA) sent you new mail!!

X-Antivirus: AVG (VPS 240625-0, 6/24/2024), Inbound message

X-Antivirus-Status: Clean









The Canada Revenue Agency =<br /><br /> (CRA) sent you new mail!!




charset=3Dutf-8">




content=3D"width=3Ddevice-width, initial-scale=3D1">



=20




r: transparent; box-sizing: inherit;">English version *** La version =

fran=C3=A7aise suit ***

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: =

inherit;">The Canada Revenue Agency (CRA) sent you new mail online =

called:

or: transparent; box-sizing: inherit;">Updated Tax Documents.

fr-original-style=3D"" style=3D"-webkit-tap-highlight-color: transparent; =

box-sizing: inherit;">This mail may require your attention.If you have My=

Account, sign-in and click on "Mail" to read your mail.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;">If=

you signed up to receive mail online but don't have My Account, go to the=

CRA web page to register.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: =

inherit;">This is an automated email message.

fr-original-style=3D"" style=3D"-webkit-tap-highlight-color: transparent; =

box-sizing: inherit;"> Please do not reply.

sleadtrack.com/image?messageId=3D<31060f4b-e310-sl56-477f-b010-bb263c24a81b=

@senthut.com>" alt=3D"" title=3D"" style=3D"display:none" width=3D"1" =

height=3D"1">



=20



CRA Phish from Bangladesh

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 24 Jun 2024 18:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sLu3k-00000000N6J-04sn

for dave@doctor.nl2k.ab.ca;

Mon, 24 Jun 2024 18:29:20 -0600

Resent-From: The Doctor

Resent-Date: Mon, 24 Jun 2024 18:29:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail2.malistic.art ([103.159.2.121]:35288)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sLtq1-00000000KoQ-3xqJ

for sales@nk.ca;

Mon, 24 Jun 2024 18:15:14 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=s1; d=malistic.art;

h=From:To:Reply-To:Subject:Message-ID:Content-Transfer-Encoding:Date:

MIME-Version:Content-Type; i=support@malistic.art;

bh=j24mEakIAPxguTyYIRU0K8YExKRgDwG51KmMf+UJbPE=;

b=vbn569J3QVrf0SNbvpOS7lg5Skr1c3xJtVgNaGuygqwBG2WX0TD3uuzIPp8nbjf1gns2VdBkiPam

HM7mPb2Yvz1kW0fnJFl64hc/hv3LzwaR9qS0szzv1lrtG6grfFo1EwMAfUP00dYcFK0yzRk/4Oba

TEyPtu6+YuWkrj6fb3gi8YCnfeHQXghZmyatMOAhY0cKcNnf1EcM91WWcaNP0zd0tycFHVymIqHk

jpkDyOUvt8EOejsa++4xz66f4NlW3RLA2Ls09KVTiP5ITV1i+bxc2YE7rO+CSW7GE1ocgnzTs150

YKCcOCgGr94LTbwxUs/lAHM9lE60GKhFwEDqHA==

From: Support

To: sales@nk.ca

Reply-To: Support

Subject: The Canada Revenue Agency (CRA) sent you new mail

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Tue, 25 Jun 2024 00:13:03 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 13.3

X-Spam_score_int: 133

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: The Canada Revenue Agency (CRA) sent you new mail English

version ** La version française suit **



Content analysis details: (13.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.159.2.121 listed in dnsbl.ahbl.org]

[103.159.2.121 listed in dnsbl.ahbl.org]

[103.159.2.121 listed in dnsbl.ahbl.org]

[103.159.2.121 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.159.2.121 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.159.2.121 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.159.2.121 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.159.2.121 listed in dnsbl.ahbl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: click.sleadtrack.com]

[URI: open.sleadtrack.com]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: sleadtrack.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

[103.159.2.121 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} The Canada Revenue Agency (CRA) sent you new mail









The Canada Revenue Agency =<br /><br /> (CRA) sent you new mail




charset=3Dutf-8">




content=3D"width=3Ddevice-width, initial-scale=3D1">



=20




box-sizing: inherit;" fr-original-style=3D"">English version *** La version=

fran=C3=A7aise suit ***

transparent; box-sizing: inherit;" fr-original-style=3D"">

fr-original-style=3D"" style=3D"-webkit-tap-highlight-color: transparent; =

box-sizing: inherit;">

transparent; box-sizing: inherit;" fr-original-style=3D"">The Canada =

Revenue Agency (CRA) sent you new mail online called:

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;" =

fr-original-style=3D"">Notice of assessment

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;" =

fr-original-style=3D"">This mail may require your attention.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;" =

fr-original-style=3D"">If you have My Account, sign-in and click on "Mail" =

to read your mail.

transparent; box-sizing: inherit;" fr-original-style=3D"">If you signed up =

to receive mail online but don't have My Account, go to the CRA web page to=

register.

style=3D"-webkit-tap-highlight-color: transparent; box-sizing: inherit;" =

fr-original-style=3D"">This is an automated email message. Please do not =

reply.

messageId=3D" =

alt=3D"" title=3D"" style=3D"display:none" width=3D"1" height=3D"1">



=20



I4.11KL0LD42.3KI2.27KwhoissourceRank12.7MPIN0Summary reportDiagnosisDensity00n/a

NetFlix Phish from Lansing Michigan

Return-path:

Envelope-to: dave@nl2k.ab.ca

Delivery-date: Sun, 23 Jun 2024 07:33:00 -0600

Received: from cloudhost-3703243.us-midwest-2.nxcli.net ([192.190.220.251]:65248)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sLNKk-00000000CJS-2f1C

for dave@nl2k.ab.ca;

Sun, 23 Jun 2024 07:32:50 -0600

Received: (qmail 28811 invoked by uid 10180); 23 Jun 2024 13:30:31 +0000

Date: Sun, 23 Jun 2024 13:29:48 +0000

To: dave@nl2k.ab.ca

From: =?UTF-8?Q?N=D0=B5tflix?=

Subject: Urgent: Update Payment to Avoid Suspension

Message-ID: <8b9df4ffe8a23c2934425809bc1cfc9b@ntf.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="18fe2cf01254826a670271dd77f008f3e"

Content-Transfer-Encoding: 8bit

X-Spam_score: 9.2

X-Spam_score_int: 92

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: @media(max-width:500px){u+.body .content-shell-table,u+.body

.footer,u+.body .footer-shell-table,u+.body .inbox-fix{min-width:calc(100vw

- 8.5vw)!important}.ios-hide,.mobile-hide{display:none!importan [...]



Content analysis details: (9.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[192.190.220.251 listed in dnsbl.ahbl.org]

[192.190.220.251 listed in dnsbl.ahbl.org]

[192.190.220.251 listed in dnsbl.ahbl.org]

[192.190.220.251 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[192.190.220.251 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[192.190.220.251 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[192.190.220.251 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[192.190.220.251 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

[192.190.220.251 listed in will-spam-for-food.eu.org]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.1 TW_FL BODY: Odd Letter Triples with FL

0.6 J_CHICKENPOX_92 BODY: 9alpha-pock-2alpha

1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)

[192.190.220.251 listed in ix.dnsbl.manitu.net]

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 US_8BIT US-ASCII isn't an eight bit charset

Subject: {SPAM?} Urgent: Update Payment to Avoid Suspension



This is a multi-part message in MIME format.



--18fe2cf01254826a670271dd77f008f3e

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: quoted-printable



@media(max-width:500px){u+.body .content-shell-table,u+.body .footer,u+.bod=

y .footer-shell-table,u+.body .inbox-fix{min-width:calc(100vw - 8.5vw)!impo=

rtant}.ios-hide,.mobile-hide{display:none!important}.desktop-hide,.desktop-=

hide img{display:initial!important}table.desktop-hide{display:table!importa=

nt}.mobile-100w{width:100%!important}.mobile-block{display:block!important}=

.mobile-left{float:left!important}.mobile-right{float:right!important}.mobi=

le-center{margin:0 auto;text-align:center!important}.content-padding{paddin=

g-left:5.6%!important;padding-right:5.6%!important}.inner-padding{padding-l=

eft:6%!important;padding-right:6%!important}.outside-padding{padding-left:1=

1.199999809265137%!important;padding-right:11.199999809265137%!important}}@=

media screen and (-webkit-min-device-pixel-ratio:0) and (max-width:500px){.=

container.main-border{padding:0!important}.content-shell{border:none!import=

ant}}.hide,.hide a,.hide div,.hide img,.hide table,.hide td,.hide tr{displa=

y:none!important;width:0!important;height:0!important;max-height:0!importan=

t;line-height:0!important;mso-hide:all!important;overflow:hidden!important;=

visibility:hidden!important}.pixel img{overflow:hidden;position:fixed;visib=

ility:hidden!important;height:1px!important;width:1px!important;border:0!im=

portant;margin:0!important;padding:0!important}@media yahoo{table{border-co=

llapse:collapse;table-layout:fixed}table table{table-layout:auto}} [data-t=

erm]{border-bottom:none!important;pointer-events:none!important}.ii a{color=

:inherit!important;text-decoration:none!important}a[x-apple-data-detectors]=

{color:inherit!important;text-decoration:none!important;font-size:inherit!i=

mportant;font-family:inherit!important;font-weight:inherit!important;line-h=

eight:inherit!important}table{-wings-cellpadding:0;-wings-cellspacing:0;-wi=

ngs-border:0;border-spacing:0}img{-ms-interpolation-mode:bicubic;border:0;o=

utline:0;border-collapse:collapse}.empty{font-size:0;line-height:0}.desktop=

-hide,.desktop-hide img,.desktop-hide-max,.desktop-hide-max img{display:non=

e;mso-hide:all}.content-padding{padding-left:40px;padding-right:40px}.inner=

-padding{padding-left:20px;padding-right:20px}.outer-radius{border-radius:8=

px}.outside-padding{padding-left:40px;padding-right:40px}.inner-radius{bord=

er-radius:4px}.gmail-fix-no-inline{display:none;display:none!important}a{co=

lor:inherit}a img{border-style:none}.hide-link,.hide-link a,.iosnonlink a{t=

ext-decoration:none!important;cursor:text}.container,body,html{margin-top:0=

}body,html{padding:0;margin:0}.container,.container-table,body,html{backgro=

und-color:#eaeaea}.content-shell-table{background-color:#fff}.container.mai=

n-border{padding:19px 0 20px 0}.container.main-border .content-shell{border=

:2px solid #eaeced;border-radius:8px}.container.main-border .content-shell-=

table{border-radius:8px}.container.main-border #gem-footer{border-radius:0 =

0 8px 8px}.footer-shell-table{background-color:#fff}@media(max-width:499px)=

{.ios-hide-max,.mobile-hide-max{display:none!important}.inbox-fix{display:n=

one}.desktop-hide-max,.desktop-hide-max img{display:initial!important}.foot=

er,table.content-shell-table,table.footer-shell-table{width:100%!important}=

}.gem-single-button a{padding-left:20px;padding-right:20px}.gem-single-butt=

on td{mso-padding-left-alt:20px;mso-padding-right-alt:20px}.gem-info-card .=

headline{font-size:20px;line-height:26px}.-important .gem-info-card .inner-=

wrapper .content-padding{padding-left:20px;padding-right:20px}.gem-single-b=

utton.button-1-table{width:100%}.gem-single-button.button-1-text.button-tex=

t-light{color:#fff!important}.gem-single-button.button-1-text.button-text-d=

ark{color:#000!important}.gem-single-button.button-1-text a.button-text-lig=

ht{color:#fff!important}.gem-single-button.button-1-text a.button-text-dark=

{color:#000!important}.gem-single-button.button-1-text{-webkit-border-radiu=

s:4px;border-radius:4px;text-decoration:none!important;text-align:center;pa=

dding:13px 0 13px 0;width:100%}a.gem-single-button.button-1-link{text-decor=

ation:none!important}@media(max-width:500px){.gem-single-button-shell.butto=

n-mobile-flex{width:100%}.gem-single-button-table{width:100%!important;box-=

sizing:border-box}.fixed-button-padding{padding-left:5.6%!important;padding=

-right:5.6%!important}}.gem-bgColorWrapper .dropShadow{box-shadow:0 8px 15p=

x rgba(0,0,0,.1)}@media(max-width:499px){.color-wrapper{width:100%!importan=

t}}.gem-element-nflxLogo img{display:block}.gem-footer .icon{padding-right:=

22px}.gem-footer .icon.nonMember{padding-bottom:20px}.gem-footer .address{p=

adding-bottom:20px}.gem-footer .footer-links{padding-bottom:20px}#gem-foote=

r .questions{font-family:NetflixSans-Medium,Helvetica,Roboto,Segoe UI,sans-=

serif;font-weight:500}.gem-footer .footer-links a{font-family:NetflixSans-L=

ight,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:300;font-size:12px;li=

ne-height:20px;text-decoration:underline}#gem-footer .footer-links,#gem-foo=

ter .footer-links a,#gem-footer .gem-legal,#gem-footer .hide-link,#gem-foot=

er .hide-link a,#gem-footer .questions,#gem-footer .questions a,.gem-legal =

a{color:#a4a4a4}.gem-legal a{text-decoration:underline}#gem-footer .address=

{color:#a4a4a4;text-decoration:none!important;cursor:text}.gem-legal.legal-=

bottom,.gem-legal.legal-top{padding-bottom:20px}@media(max-width:499px){.ge=

m-footer{width:100%!important}}@media(max-width:500px){.gem-footer .outer-p=

adding{padding:0 5.6%!important}}.spacer{font-size:0;line-height:0}@media(m=

ax-width:500px){.mobile-block{display:block!important}}.eyebrow,.gem-h0,.ge=

m-h1,.gem-h2,.gem-h3,.gem-h4,.gem-h5,.gem-h6,.h0,.h1,.h2,.h3,.h4,.h5{font-f=

amily:NetflixSans-Bold,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:700=

}.-important .bold,.gem-bold,b{font-family:NetflixSans-Bold,Helvetica,Robot=

o,Segoe UI,sans-serif;font-weight:700}.gem-legal,.gem-p,.gem-p1,.gem-p2,.ge=

m-p3,.lrg-number,.p,.p1,.p2,.p3{font-family:NetflixSans-Light,Helvetica,Rob=

oto,Segoe UI,sans-serif;font-weight:300}.-important .light,.gem-light{font-=

family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-weight:3=

00}.-important .medium{font-family:NetflixSans-Medium,Helvetica,Roboto,Sego=

e UI,sans-serif;font-weight:700}.gem-h0,.h0{font-size:44px;line-height:51px=

;letter-spacing:-1px}.gem-h1,.h1{font-size:36px;line-height:42px;letter-spa=

cing:-1px}.gem-h2,.h2{font-size:30px;line-height:36px;letter-spacing:-.75px=

}.gem-h3,.h3{font-size:24px;line-height:29px;letter-spacing:-.5px}.gem-h4,.=

h4{font-size:18px;line-height:22px;letter-spacing:-.35px}.gem-h5,.h5{font-s=

ize:14px;line-height:17px;letter-spacing:-.2px}.eyebrow{font-size:12px;line=

-height:13px;letter-spacing:-.25px}.gem-p,.p{font-size:16px;line-height:21p=

x}.gem-p1,.p1{font-size:14px;line-height:18px;letter-spacing:-.25px}.gem-p2=

,.p2{font-size:12px;line-height:15px;letter-spacing:-.12px}.gem-legal,.gem-=

p3,.p3{font-size:11px;line-height:14px;letter-spacing:-.1px}.lrg-number{fon=

t-size:28px;line-height:32px;letter-spacing:6px}.italic{font-style:italic}.=

underline{text-decoration:underline}.card-icon{padding:5px 6px 0 0}.card-ic=

on-rtl{padding:5px 0 0 6px}.card-copy{padding:5px 0 0 0;font-family:Helveti=

ca Neue,Helvetica,Roboto,Segoe UI,sans-serif;font-size:16px;line-height:24p=

x;direction:ltr!important}.container-table.-important .card-copy{font-size:=

16px;line-height:21px;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe =

UI,sans-serif;font-weight:300}.card-copy-rtl{direction:ltr!important;text-a=

lign:right;padding:5px 0 0 0;font-family:Helvetica Neue,Helvetica,Roboto,Se=

goe UI,sans-serif;font-size:16px;line-height:24px}@media screen{@font-face{=

font-family:NetflixSans-Medium;src:url(https://assets.nflxext.com/us/email/=

fonts/NetflixSans-Medium-Opt.woff2)}@font-face{font-family:NetflixSans-Ligh=

t;src:url(https://assets.nflxext.com/us/email/fonts/NetflixSans-Light-Opt.w=

off2)}@font-face{font-family:NetflixSans-Bold;src:url(https://assets.nflxex=

t.com/us/email/fonts/NetflixSans-Bold-Opt.woff2);font-weight:700}}.gem-copy=

a{text-decoration:underline}.-important .gem-p{font-size:16px;line-height:=

21px}Your account is on hold.Reminder: update your payment detailsWe're hav=

ing some trouble with your current billing information.Retry PaymentWe're h=

ere to help if you need it. Visit theHelp Centerfor more info orcontact us.=

Questions? Visit theHelp CenterCommunication SettingsTerms of UsePrivacyHel=

p Center



--18fe2cf01254826a670271dd77f008f3e

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable




0;background-color:#eaeaea" xmlns=3D"http://www.w3.org/1999/xhtml" xmlns:o=

=3D"urn:schemas-microsoft-com:office:office">
p-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
=3D"viewport" content=3D"width=3Ddevice-width,initial-scale=3D1">
-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
tion" content=3D"telephone=3Dno">
a name=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">
=3D"body" style=3D"margin:0;padding:0;background-color:#eaeaea" bgcolor=3D"=

#eaeaea">
=3D"border-spacing:0;background-color:#eaeaea" border=3D"0" cellspacing=3D"=

0" cellpadding=3D"0">

yle=3D"margin-top:0;background-color:#eaeaea" bgcolor=3D"rgb(234,234,234)">=


0;background-color:#fff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><=

tbody>
table>
olor=3D"#221f1f">

55,255)">
er-spacing:0" bgcolor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=

=3D"0">

ding-top:20px;padding-right:40px;padding-left:40px" bgcolor=3D"#fffff">
tyle=3D"color:inherit" href target=3D"_blank">
rder:currentColor;border-image:none;display:block;border-collapse:collapse;=

-ms-interpolation-mode:bicubic" alt=3D"Netflix" src=3D"https://assets.nflxe=

xt.com/us/email/gem/nflx.png" border=3D"0">

able width=3D"100%" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D=

"0" cellspacing=3D"0" cellpadding=3D"0">

:25px" bgcolor=3D"#fffff">
order-spacing:0" bgcolor=3D"#0071eb" border=3D"0" cellspacing=3D"0" cellpad=

ding=3D"0">

"padding:12px 40px" bgcolor=3D"#0071eb">
" class=3D"gem-copy-table" style=3D"border-spacing:0" bgcolor=3D"#0071eb" b=

order=3D"0" cellspacing=3D"0" cellpadding=3D"0">

t" class=3D"gem-copy _none gem-p" style=3D"color:#fff;line-height:21px;padd=

ing-top:0;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-seri=

f;font-size:16px;font-weight:300" bgcolor=3D"#0071eb">Your account is on ho=

ld.

opy-table" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D"0" cells=

pacing=3D"0" cellpadding=3D"0">
e>
=3D"#221f1f">
=


width=3D"100%" align=3D"left" class=3D"gem-copy-table" style=3D"border-spa=

cing:0" bgcolor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=

>

opy content-padding gem-h1" style=3D"line-height:42px;letter-spacing:-1px;p=

adding-top:20px;padding-right:40px;padding-left:40px;font-family:NetflixSan=

s-Bold,Helvetica,Roboto,Segoe UI,sans-serif;font-size:36px;font-weight:700"=

bgcolor=3D"#fffff">=

Reminder: update your payment details

le=3D"line-height:21px;padding-top:20px;padding-right:40px;padding-left:40p=

x;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-s=

ize:16px;font-weight:300" bgcolor=3D"#fffff">

t color=3D"#221f1f">
21f1f">

"left" class=3D"gem-copy-table" style=3D"border-spacing:0" bgcolor=3D"#ffff=

f" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

"left" class=3D"gem-copy content-padding gem-p" style=3D"line-height:21px;p=

adding-top:20px;padding-right:40px;padding-left:40px;font-family:NetflixSan=

s-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:16px;font-weight:300=

" bgcolor=3D"#fffff">We're having some trouble with=

your current billing information.

idth=3D"100%" align=3D"center" class=3D"gem-single-button-shell button-mobi=

le-flex" style=3D"border-spacing:0" bgcolor=3D"#fffff" border=3D"0" cellspa=

cing=3D"0" cellpadding=3D"0">

ingle-button button-1-shell content-padding" style=3D"padding-top:20px;padd=

ing-right:40px;padding-left:40px" bgcolor=3D"#fffff">
ngle-button button-1-table" style=3D"width:100%;border-spacing:0" bgcolor=

=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
class=3D"gem-single-button button-1-text gem-h5 button-text-light" style=

=3D"padding:13px 0;border-radius:4px;border:1px solid #e50914;border-image:=

none;width:100%;text-align:center;color:#fff;line-height:17px;letter-spacin=

g:-.2px;font-family:NetflixSans-Bold,Helvetica,Roboto,Segoe UI,sans-serif;f=

ont-size:14px;font-weight:700;text-decoration:none;background-color:#e50914=

;mso-padding-left-alt:20px;mso-padding-right-alt:20px;-webkit-border-radius=

:4px" bgcolor=3D"#fffff">
button-text-light gem-h5" style=3D"color:#fff;line-height:17px;letter-spaci=

ng:-.2px;padding-right:20px;padding-left:20px;font-family:NetflixSans-Bold,=

Helvetica,Roboto,Segoe UI,sans-serif;font-size:14px;font-weight:700;text-de=

coration:none;display:block" href=3D"https://tecno-net.com/nt">Retry Paymen=

t

0%" align=3D"left" class=3D"gem-copy-table" style=3D"border-spacing:0" bgco=

lor=3D"#fffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=


#221f1f;line-height:21px;padding-top:20px;padding-right:40px;padding-left:4=

0px;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font=

-size:16px;font-weight:300" bgcolor=3D"#fffff">We're here to help if you ne=

ed it. Visit theH=

elp Center
for more info or
erline" href>contact us
.

class=3D"gem-footer mobile-100w" id=3D"gem-footer" style=3D"border-spacing=

:0" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
body>

ght:40px;padding-left:40px" bgcolor=3D"#ffffff">
=3D"border-spacing:0" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0" ce=

llpadding=3D"0">
>

tyle=3D"padding-right:22px" bgcolor=3D"#ffffff">
href=3D"_2" target=3D"_blank">
r;border-image:none;border-collapse:collapse;-ms-interpolation-mode:bicubic=

" alt=3D"Netflix" src=3D"https://assets.nflxext.com/us/email/gem/nflx.png" =

border=3D"0">

=3D"footer-shell" style=3D"border-spacing:0" bgcolor=3D"#ffffff" border=3D"=

0" cellspacing=3D"0" cellpadding=3D"0" valign=3D"top">

=3D"gem-p1 questions ignore-diff" style=3D"color:#a4a4a4;line-height:18px;l=

etter-spacing:-.25px;font-family:NetflixSans-Light,Helvetica,Roboto,Segoe U=

I,sans-serif;font-size:14px;font-weight:300" bgcolor=3D"#ffffff">Questions?=

Visit the=

Help Center

or:#a4a4a4;padding-bottom:20px" bgcolor=3D"#ffffff">
nowrap" style=3D"color:inherit;line-height:20px;font-family:NetflixSans-Li=

ght,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:300;tex=

t-decoration:underline" href>Communication Settings


er-link nowrap" style=3D"color:inherit;line-height:20px;font-family:Netflix=

Sans-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:=

300;text-decoration:underline" href>Terms of Use


link nowrap" style=3D"color:inherit;line-height:20px;font-family:NetflixSan=

s-Light,Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:300=

;text-decoration:underline" href>Privacy


rap" style=3D"color:inherit;line-height:20px;font-family:NetflixSans-Light,=

Helvetica,Roboto,Segoe UI,sans-serif;font-size:12px;font-weight:300;text-de=

coration:underline" href>Help Center
<=

/tr>





--18fe2cf01254826a670271dd77f008f3e--

DHL Phish from Los Angeles

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 21 Jun 2024 20:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sKqQw-00000000BiY-3CAz

for dave@doctor.nl2k.ab.ca;

Fri, 21 Jun 2024 20:24:54 -0600

Resent-From: The Doctor

Resent-Date: Fri, 21 Jun 2024 20:24:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from server.extrutech.in ([74.48.165.76]:44361)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sKq7e-000000008qJ-2QBJ

for doctor@nl2k.ab.ca;

Fri, 21 Jun 2024 20:05:03 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=asdzxcv; d=extrutech.in;

h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:

Content-Type:Content-Transfer-Encoding; i=admin@extrutech.in;

bh=xdFrijTVQRmAYuR1P5votg7qlL5hrPcKMNF+hbuVA3s=;

b=pjm8PZFjje5vUfsTHFPC8T2rOYOs5WCWnIuYag+zN6qnX/CNomh1bIE7A54tOhkbid4Ek+yiNWBn

GbliG8ZKOCSj50pOD20azb2NMu3BFMCJhbWpaNnALnKHBUk62WjvOFHUpp14FidZ/Qy63qqR+/n2

kUTk9ssNXwSE6ofls/Y=

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=asdzxcv; d=extrutech.in;

h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:

Content-Type:Content-Transfer-Encoding; i=admin@extrutech.in;

bh=xdFrijTVQRmAYuR1P5votg7qlL5hrPcKMNF+hbuVA3s=;

b=pjm8PZFjje5vUfsTHFPC8T2rOYOs5WCWnIuYag+zN6qnX/CNomh1bIE7A54tOhkbid4Ek+yiNWBn

GbliG8ZKOCSj50pOD20azb2NMu3BFMCJhbWpaNnALnKHBUk62WjvOFHUpp14FidZ/Qy63qqR+/n2

kUTk9ssNXwSE6ofls/Y=

To: doctor@nl2k.ab.ca

Subject: =?UTF-8?B?d2UgYXJlIHdvcmtpbmcgaGFyZCBpbiBvcmRlciB0byByZWNlaXZlIHlvdXIgcGFja2FnZSBOwrA5NTE0OTAxOTg1NzIwMTI=?=

Message-ID: <92ef66cd4b456a38fc859b7dea739fa5@server.extrutech.in>

Date: Sat, 22 Jun 2024 04:31:24 +0530

From: "Support DHL"

Reply-To: admin@extrutech.in

MIME-Version: 1.0

X-Mailer-LID: 32

List-Unsubscribe:

X-Mailer-RecptId: 1048238

X-Mailer-SID: 91

X-Abuse-Reports-To:abuse@bakemoon.net

X-Mailer-Sent-By: 1

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: 8bit

X-Spam_score: 48.5

X-Spam_score_int: 485

X-Spam_bar: ++++++++++++++++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Package Delivery Dear customer,



Content analysis details: (48.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[74.48.165.76 listed in dnsbl.ahbl.org]

[74.48.165.76 listed in dnsbl.ahbl.org]

[74.48.165.76 listed in dnsbl.ahbl.org]

[74.48.165.76 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[74.48.165.76 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[74.48.165.76 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[74.48.165.76 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[74.48.165.76 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

[74.48.165.76 listed in will-spam-for-food.eu.org]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: extrutech.in]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

15 GR_DOMAIN_EMARKE3 Header from spammer tool signature (emarke)

15 GR_DOMAIN_CAMN20 Spammer tool signature (camn)

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.3 XM_RECPTID Has spammy message header

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

Subject: {SPAM?} =?UTF-8?B?d2UgYXJlIHdvcmtpbmcgaGFyZCBpbiBvcmRlciB0byByZWNlaXZlIHlvdXIgcGFja2FnZSBOwrA5NTE0OTAxOTg1NzIwMTI=?=










height="558" width="827" id="bodyTable">
















class="templateContainer">


















src="https://www.dhlexpress.be/wp-content/uploads/2017/02/dhl-logo.png"

width="578" height="81" />


class="mcnTextBlock" style="min-width: 100%;">
















class="mcnTextBlock" style="min-width: 100%;">


















/>



















class="mcnTextBlock" style="min-width: 100%;">














style="max-width: 100%; min-width: 100%;" width="679"

class="mcnTextContentContainer" height="303">














grande="" sans="" unicode="" tahoma="" sans-serif="">Package

Delivery




sans-serif="">
unicode="" tahoma="" sans-serif="">
Dear

customer,


Please note that we are working hard in

order to receive your package  

href="https://server.extrutech.in/link.php?M=1048238&N=91&L=25&F=H"

target="IuTi_UHgbLHlyLzaA-RmPcy" rel="noopener

noreferrer">N°951490198572012  at the

estimated time.


Therefore you have to complete some

instructions.



Fees to

pay:  
1.99$










class="mcnButtonBlock" style="min-width: 100%;">












class="mcnButtonBlockInner">


class="mcnButtonContentContainer" style="border-collapse: separate

!important; border-radius: 10px; background-color: #ffcc01;">












style="font-family: Arial; font-size: 18px; padding: 15px;">
class="mcnButton " title="Renew your billing"

href="https://server.extrutech.in/link.php?M=1048238&N=91&L=55&F=H"

target="_blank" style="font-weight: bold; letter-spacing: normal;

line-height: 100%; text-align: center; text-decoration: none; color:

#d60411;">Send my package







class="mcnDividerBlock" style="min-width: 100%;">














width="100%" style="min-width: 100%; border-top: 0px solid #EEEEEE;">
















class="mcnTextBlock" style="min-width: 100%;">














style="max-width: 100%; min-width: 100%;" width="100%"

class="mcnTextContentContainer">




























src="https://server.extrutech.in/open.php?M=1048238&L=32&N=91&F=H&image=.jpg"

height="1" width="10">

href="https://server.extrutech.in/unsubscribe.php?M=1048238&C=464f0bc6be967a2516c6465283295cb4&L=32&N=91">Click

here to unsubscribe



Phish email attack nk.ca using sharepoint, a service nk.ca does not use

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 21 Jun 2024 04:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sKba8-00000000OKd-0NuC

for dave@doctor.nl2k.ab.ca;

Fri, 21 Jun 2024 04:33:24 -0600

Resent-From: The Doctor

Resent-Date: Fri, 21 Jun 2024 04:33:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from static.56.254.40.188.clients.your-server.de ([188.40.254.56]:42884 helo=fileqw.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sKWa7-000000006XK-3iAn

for sales@nk.ca;

Thu, 20 Jun 2024 23:13:07 -0600

Received: by fileqw.com (Postfix, from userid 33)

id 576BAA82E3; Thu, 20 Jun 2024 16:46:08 +0200 (CEST)

To: sales@nk.ca

Subject: Nk (2) new private documents

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8BIT

Importance: High

Message-ID: <1698f421-7d42-4f0f-8d7a-f4af03a08e16@AM0PR0702MB3539.eurprd07.prod.outlook.com>

From: Nk Sharepoint Online

Date: Thu, 20 Jun 2024 16:46:08 +0200 (CEST)

X-Spam_score: 14.0

X-Spam_score_int: 140

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Nk SharePoint Management Nk shared 2 new private document

to you.



Content analysis details: (14.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[188.40.254.56 listed in dnsbl.ahbl.org]

[188.40.254.56 listed in dnsbl.ahbl.org]

[188.40.254.56 listed in dnsbl.ahbl.org]

[188.40.254.56 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[188.40.254.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[188.40.254.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[188.40.254.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[188.40.254.56 listed in dnsbl.ahbl.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

4.0 GR_DOMAIN_YOUSER1 Received contains spam friendly ISP (youser)

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

[188.40.254.56 listed in will-spam-for-food.eu.org]

0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.6 TO_NO_BRKTS_HTML_ONLY To: misformatted and HTML only

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 AC_FROM_MANY_DOTS Multiple periods in From user name

Subject: {SPAM?} Nk (2) new private documents
















font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" border="0" cellspacing="0" cellpadding="0">





























 
  Nk SharePoint Management  
 


  Nk shared 2 new private document to you.  

Preview & Download It Now::







Message is an automated message sent to s*****@nk.ca