virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxg-000000001OT-289m

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:40 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-srv.globalinnovationhub.cc ([78.135.110.37]:47641 helo=zxcvbnmlkjhgfdsaqwer.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4nNO-000000009PU-2CT7

for doctor@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 14:27:16 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 25.9

X-Spam_score_int: 259

X-Spam_bar: +++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (25.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.37 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: firebasestorage.googleapis.com/172.217.14.234]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

2.6 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)

[78.135.110.37 listed in bl.mailspike.net]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxg-000000001OT-289m

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:40 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-srv.globalinnovationhub.cc ([78.135.110.37]:47641 helo=zxcvbnmlkjhgfdsaqwer.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4nNO-000000009PU-2CT7

for doctor@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 14:27:16 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 25.9

X-Spam_score_int: 259

X-Spam_bar: +++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (25.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

[78.135.110.37 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.37 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

[78.135.110.37 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: firebasestorage.googleapis.com/172.217.14.234]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

2.6 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)

[78.135.110.37 listed in bl.mailspike.net]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxS-00000000PzO-2ojD

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:26 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:26 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [78.135.110.6] (port=44879 helo=1zkfxw54g8r9lt2pqbsv.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4n6O-000000007zM-3Tyk

for root@nk.ca;

Sat, 26 Oct 2024 14:09:41 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 27.7

X-Spam_score_int: 277

X-Spam_bar: +++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (27.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.6 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[78.135.110.6 listed in bl.mailspike.net]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxP-00000000PPf-0cHJ

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:23 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [78.135.110.6] (port=45013 helo=1zkfxw54g8r9lt2pqbsv.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4n4l-000000007nG-3ZyW

for doctor@nk.ca;

Sat, 26 Oct 2024 14:08:01 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 27.7

X-Spam_score_int: 277

X-Spam_bar: +++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (27.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.6 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[78.135.110.6 listed in bl.mailspike.net]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns3.google.com/216.239.36.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns2.google.com/216.239.34.10]

[URI: ns1.google.com/216.239.32.10]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxW-000000000GX-0136

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:30 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:29 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from innov-srv.globalinnovationhub.cc ([78.135.110.6]:34549 helo=1zkfxw54g8r9lt2pqbsv.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4nLx-000000009L2-1QMo

for doctor@nk.ca;

Sat, 26 Oct 2024 14:25:46 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 26.5

X-Spam_score_int: 265

X-Spam_bar: ++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (26.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.6 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[78.135.110.6 listed in bl.mailspike.net]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/172.217.14.234]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxd-000000000kj-04Tk

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:37 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:33 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from innov-srv.globalinnovationhub.cc ([78.135.110.6]:34549 helo=1zkfxw54g8r9lt2pqbsv.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4nLs-000000009L2-0ZtG

for root@nk.ca;

Sat, 26 Oct 2024 14:25:40 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 26.5

X-Spam_score_int: 265

X-Spam_bar: ++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (26.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

[78.135.110.6 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.6 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

[78.135.110.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[78.135.110.6 listed in bl.mailspike.net]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: firebasestorage.googleapis.com]

[URI: email.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: firebasestorage.googleapis.com/172.217.14.234]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: email.com/3.33.243.145]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









virtualshield phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nxs-0000000037Y-0weH

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:04:52 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:04:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from primary-srv.globalinnovationhub.cc ([78.135.110.254]:33084 helo=fghujiklpomnbvcxzsedu.edu)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t4noS-00000000CGr-35zD

for doctor@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 14:55:15 -0600

Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])

by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Sat, 26 Oct 2024 12:12:43 -0700 (PDT)

Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;

Authentication-Results: mx.google.com;

dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;

spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;

dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;

s=s1089575; t=1729969962; x=1730574762;

i=safeguardprotection@email.com;

bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+

q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5

+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98

f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P

gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy

ipkoMf4X7aeqerCe0w==

X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a

Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com

(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct

2024 21:12:41 +0200

MIME-Version: 1.0

Message-ID:

From: Virtual Shield Antivirus

Subject: Your Device is at High Risk! Immediate Action Needed

Content-Type: text/html; charset=UTF-8

Date: Sat, 26 Oct 2024 21:12:41 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ

i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN

RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF

IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI

oU=

X-Spam-Flag: YES

UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW

1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC

yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm

kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS

MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG

zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh

I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o

d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx

/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP

ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H

7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi

1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=

X-Spam_score: 23.4

X-Spam_score_int: 234

X-Spam_bar: +++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Security Alert: Protect Your Device from Hidden Threats



Content analysis details: (23.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[147.135.78.94 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[82.165.159.131 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

[78.135.110.254 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.135.78.94 listed in sbl-xbl.spamhaus.org]

[82.165.159.131 listed in sbl-xbl.spamhaus.org]

[78.135.110.254 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[147.135.78.94 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[82.165.159.131 listed in dnsbl.ahbl.org]

[78.135.110.254 listed in dnsbl.ahbl.org]

[78.135.110.254 listed in dnsbl.ahbl.org]

[78.135.110.254 listed in dnsbl.ahbl.org]

[78.135.110.254 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.135.78.94 listed in dnsbl.ahbl.org]

0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to

dbl.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[URI: email.com]

[URI: firebasestorage.googleapis.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.com/3.33.243.145]

[URI: firebasestorage.googleapis.com/172.217.14.234]

[URI: firebasestorage.googleapis.com/142.251.33.106]

[URI: firebasestorage.googleapis.com/142.251.215.234]

[URI: firebasestorage.googleapis.com/142.251.211.234]

[URI: firebasestorage.googleapis.com/142.250.217.74]

[URI: firebasestorage.googleapis.com/142.251.33.74]

[URI: firebasestorage.googleapis.com/142.250.217.106]

[URI: firebasestorage.googleapis.com/142.250.69.202]

[URI: pdns1.ultradns.net/204.74.108.1]

[URI: pdns2.ultradns.net/204.74.109.1]

[URI: firebasestorage.googleapis.com/172.217.14.202]

[URI: pdns3.ultradns.org/199.7.68.1]

[URI: pdns4.ultradns.org/199.7.69.1]

[URI: pdns5.ultradns.info/204.74.114.1]

[URI: pdns6.ultradns.co.uk/204.74.115.1]

[URI: ns2.google.com/216.239.34.10]

[URI: ns4.google.com/216.239.38.10]

[URI: ns3.google.com/216.239.36.10]

[URI: ns1.google.com/216.239.32.10]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[safeguardprotection(at)email.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed









Web / SEO / App spam from Microsoft Outlook

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 15:04:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4nwO-00000000Kd6-0DdJ

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 15:03:20 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 15:03:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sg2apc01olkn2075.outbound.protection.outlook.com ([40.92.53.75]:34635 helo=APC01-SG2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4n5U-000000007rQ-16Su

for sales@nk.ca;

Sat, 26 Oct 2024 14:08:48 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=r7GDaFn6lpnLIzxUxPFPKAcDLyq7CuDrLxTmXuzs3BB6oY/+5yRLLUF5j0hYxBGLORNPazN9F3mwC5Igzd2BdG4UolykFYleeCZNWyy76x/izFRJwhQ2iWvNmS8ycdNLdjZnC7N7a9fsI77TcfrQdqM30ThzftR8DJa/VepaFlrPqeh7I6zX4rBwqxYZiQfEb2EUOMP4Bh/zmZlsChNzYhLDohndFmRdB3Rt7P2T7RZl6aiQ2Bfie3KU5xFeRUN9H9SwbzoUgngBB54z+2PMdvTEO13s/E5OfDW4aACOzR8hB1O6BCfSY0Bkupo/33DyUyicSeGP4CvvbBP2kbWTpg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=4z9au9FNGDEeIC9HgmXawYA6TdS9HOkfQBGrVhOWLBI=;

b=wt0g6lc2VVi5xBVNxBkmKz2uRE5Bl5RUOlVH/ucUd2+eo689YZ8htgJAUOt6ubGUIzf1gKy1fFipeJWQJUnK/iy5yckbHoiMb4fLqRusLTBAuR4HxshKbHiPJk/jfPoaHd5wvgWe33lCAuZ2IDMRzpFhE9D4+BsGzlN+DCSRHI/vOm0wK9volI5MPxktRUsFsatyAzl7kETnZS90MX2hWrlrROl+r8t2N6ifendIynyb5RwtnWa3+M/BmkpKGueJK5zw4LMGVVSOc5rPC5demkzK5cPVqkbwgjKfsNvx28MTYYaGesK38egQV2Bd46pKBUc7WKqV2e1L+lgF8Anpug==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=4z9au9FNGDEeIC9HgmXawYA6TdS9HOkfQBGrVhOWLBI=;

b=saGWGW34pFADbyhYWx6yM00N5ICHZ9fEbnvgEgw1XOJDFJjLvw1VL5aMOTkKVUUOd6VNZY+Z1QvgcUzSavpoA5jrkHPtc7cR39tddsmw3V50LAbINDYBRqrCSJSIIXY6hx1l+H5vLbx0KzP5u7lg7AES6rWYRheLxZVRmvJE/TlwXL4qmuI2XE+jCa0irht4HSm5C2eUMcEVqp7hXmnml6x/i/4ezbhOHcbnPbBN3ceqTfsnaGTX/Q3A81tlz75YFsQjG6ru8rxpvu119Fwe8IJDQmPTBVbHUfsnihgXJOUkxyrWuiYgb3PD+kzpGkrKdpLPWqns1Fv28tDBDezKsA==

Received: from PUZPR01MB5263.apcprd01.prod.exchangelabs.com

(2603:1096:301:107::16) by SEZPR01MB4304.apcprd01.prod.exchangelabs.com

(2603:1096:101:4b::8) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.23; Sat, 26 Oct

2024 17:27:17 +0000

Received: from PUZPR01MB5263.apcprd01.prod.exchangelabs.com

([fe80::855:122f:1584:90c6]) by PUZPR01MB5263.apcprd01.prod.exchangelabs.com

([fe80::855:122f:1584:90c6%4]) with mapi id 15.20.8093.014; Sat, 26 Oct 2024

17:27:16 +0000

From: Paul Chamberlin

To: Paul Chamberlin

Subject: Cost?

Thread-Topic: Cost?

Thread-Index: AQHbJ8wrhD1SGEXe30KFPBmp9cdEwg==

Date: Sat, 26 Oct 2024 17:27:16 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: PUZPR01MB5263:EE_|SEZPR01MB4304:EE_

x-ms-office365-filtering-correlation-id: 4063c695-ae83-4228-9bee-08dcf5e36ff0

x-microsoft-antispam:

BCL:0;ARA:14566002|461199028|8062599003|15030799003|6115599003|8060799006|19110799003|7042599007|15080799006|3412199025|440099028|102099032|1710799026;

x-microsoft-antispam-message-info:

3egyqqG3HZ0VJxOdj9gnx16+6giTxj/Dy7OS/Ck8X3kW17LjqAjiA0LVbuccHifxBxpLWawla3AM3HtR+I28/cGu3/y/lhhYK6Goxq0VRpexXkFD1SMS1fwNA5NZc324wXTe91Zl81TZCXOdNOG1fUQ78Ov6M2oy31IP38ZWGqJIIdkBUfUjeHv3JSudHMJA/JH1fWJi+XLuAlHw/GzOGrayMLAKZLcQvHaX0y9AvI38LeY/KpIxyvKnxui6ysrt6QAxPOH+KeJ6E41GKQ9zrVUrVg8n0jOwmD18v/aTjQukjdqPL1UuKYj6WU38ufS8cxtsdPfbVNbAbxlj2ojNQ2/nYJm6uvwkCylriql9zGVQrrKzWyh+wKqZP9djLH1tcPchyBwMaLDoSzzUICNaEfREaZXn3z+Z80pgX/0wvnOzAnW+EFQHXF1wXRib9XB3mEDVbWbkJwUzTv7RIIgISjFwsqTpSDT1Rsp6iMBjnulkJSwOI7lO3d0PFdtwMdEwaKYpgtNdCLczkZyQB0gjYzcRZWCucvRCSU5pUyTXkjiwngz2CkB9AH5VY6kF4i2BOtLpbchjmZg0uHNEC9x9JJCokkGu45wHNEKWRIFIb64f+j2o0wJoZJa1cufTn6B6gwU4SOdY3r55jHfIEQWIqY3DREptcgMpx6tWKJtm15jbuoLJDEmcujXyrlAc490WUhOSCsdBNws5bJpeC8GMiSYTV7TqNEiOxhUqfTwn4vHLJ6HswrvWs6AEZ5lfo+1kSk/YXtsnhgoFE2fhaVrC32w/BDLxLvzzrmpB7FEWcm1NBikyjZWgT5j0LF2efh19

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?VGeH7lSXhsg0z9aMP6ziMnYMxPg19jGIxRzSoxPsFjPUMZc4aVXvWjawfr?=

=?iso-8859-1?Q?HROLu6mMpNXdvmUI0ZLQfOFSIntRXQQ2hBZN/QX4LdTha2NWXhvCrrK5J5?=

=?iso-8859-1?Q?R+s4B+/5ORlxLmEUqsSBfjNzxARk+0ZYxDoUlXImMH3QDL3pzZ+WmlUE7+?=

=?iso-8859-1?Q?9+93x2M1g/9Zy3KHTFPKvlv7V3ePp86Pj5kObPb/HwaT+XzstGz1N9rHVo?=

=?iso-8859-1?Q?bood4GZX1aDhg5tRlggRZkE5Z/oADVA7F6gq0GEw1kpEOdNA1cLT+j0SwY?=

=?iso-8859-1?Q?EXnCR+3czT1nG7m95RqX5ZebhfXiAIfMg8JtTFA9WuAAAwE8H1vAyE1pD1?=

=?iso-8859-1?Q?9pc+IOAJ4NaX8hpto5QXOkejlUvRLZ+2Ms+PmTZwTQ8Iaqtohb+hrAXUZ2?=

=?iso-8859-1?Q?xo1929EXysQ5nNpXQXyhvvMGx9iOaU6lA9vFMg9PC9PDKFBPicFiJ9nKHg?=

=?iso-8859-1?Q?9PM2iGWFn0itXIlnNsjL/6E78WhJZ85RtmbIM/Cy4qu1PS2h2QjbT8JstX?=

=?iso-8859-1?Q?lI24CgT1HVShHoeVOQzHHW2GYAhFegHZiFFj6zylNMBXj5E4n1rxWC3SPW?=

=?iso-8859-1?Q?4Q7Xo32kV9GzZ5MSK5638IcecuIx2SpFFC873g93BwunyBjHNhDqAD93Qs?=

=?iso-8859-1?Q?xXxmITAnzrxgUqLghYAhGk+VWEplGsCw5PT0F87I890OXAudFfM1Qks6yT?=

=?iso-8859-1?Q?SJWp54+TlF9TgLb/6+SbvbzAgA1QDjgdzCEk2ZEnqPFmlhqDW1SMDSsVUh?=

=?iso-8859-1?Q?DrzlMpeoUukXft3T0r49khJE4nxz64FyzgekkVL/vpRoz8BpvyTACq+UuO?=

=?iso-8859-1?Q?gtDWjIW5FAEqemNRMvbqmRUiVdnf2ZImEnahOiQjSTdMXUU/XN/cbN+YJ9?=

=?iso-8859-1?Q?TFq4LjVsRP1kDAENlme22bPoIqz/udP+/ruwll0mCIE2ddXv2vaLTolSsC?=

=?iso-8859-1?Q?eVd9v1ABZgK8JHsGfd50ANKpSl47JD/Xn/ShD3QMWA4L2sISopbSbh1tq9?=

=?iso-8859-1?Q?hkLQjideoA2a0bioNFBu9fLvmNsPkgplENeTT5GAUSkg3wNWFi6Cquzlw1?=

=?iso-8859-1?Q?Ye65ZKxCcbD3wBbiiE2WGa0TsKQEgI79ixd4KK0ZHpg9rNQFRIwD91kvhb?=

=?iso-8859-1?Q?Z9Hr+xBN7B5+7o+I7pN1dsJlUjk8q4O60+MVZt90d2Dny9HpdwDBAIq1DT?=

=?iso-8859-1?Q?Rmhx6LWM06VAZt5IJaSrUnmv+XL7lf5q/Q7hUNLZUly0yuodbN0XHJelP5?=

=?iso-8859-1?Q?H6viqPE9pHQBbhuqqTpUlZElK+2zvAARV66F3AxCpdIsiQYogrioLhCMY7?=

=?iso-8859-1?Q?I70tbw2yGaCoQ8BtvYdk/p+sfCymuGdzH6xlXY8AKeo2W0Gv/uwWxno6pI?=

=?iso-8859-1?Q?/9NNOCOSLS?=

Content-Type: multipart/alternative;

boundary="_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: PUZPR01MB5263.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 4063c695-ae83-4228-9bee-08dcf5e36ff0

X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2024 17:27:16.3772

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR01MB4304

X-Spam_score: 7.8

X-Spam_score_int: 78

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Greetings While browsing through your site, I came across

a few errors.



Content analysis details: (7.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:107:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

[40.92.53.75 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[2603:1096:301:107:0:0:0:16 listed in]

[sbl-xbl.spamhaus.org]

[40.92.53.75 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[40.92.53.75 listed in dnsbl.ahbl.org]

[40.92.53.75 listed in dnsbl.ahbl.org]

[40.92.53.75 listed in dnsbl.ahbl.org]

[40.92.53.75 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[2603:1096:301:107:0:0:0:16 listed in]

[dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.92.53.75 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[paulchamberlin504(at)outlook.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[paulchamberlin504(at)outlook.com]

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Cost?



--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hello



Greetings



While browsing through your site, I came across a few errors.



With your permissions: Would it be helpful if I share a Screenshot of these=

issues?



Can I show you the errors.?



Thank you..



--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Hello



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Greetings



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

While browsing through your site, I came across a few errors.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

With your permissions: Would it be helpful if I share a Screenshot of these=

issues?



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Can I show you the errors.?



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Thank you..








--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_--

Gold for sale spam from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 07:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4h4W-00000000BBe-0KKe

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 07:43:16 -0600

Resent-From: The Doctor

Resent-Date: Sat, 26 Oct 2024 07:43:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ej1-f66.google.com ([209.85.218.66]:53345)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4eLO-00000000LWM-33SJ

for doctor@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 04:48:46 -0600

Received: by mail-ej1-f66.google.com with SMTP id a640c23a62f3a-a99ea294480so195759666b.2

for ; Sat, 26 Oct 2024 03:48:30 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1729939703; x=1730544503; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=bmQ2bulur4LrDcmhP1yDhRqjNWBnOS6bh9uta+fBZSY=;

b=WubO6IxOow4l5i8pf8fdiW9Ed9nGmnpWmKUcBKnVrep1IO7nbvCUdUpFW65q7nWgAO

n9FT/tuoHHh7P9ytDmioqM/r3PSrtygrodHSllNmZYXe/vWzepqIBh0Cr1jKpl7wFLho

glcYA+Ez1+B0jIUdIc4cMacRY8nKeP34mec8ZItc/VF03WRaUp3yCPoZPXPb06bEaP7j

ijhDsHTBkkbdFDe4FuxYSb1LQpsnje2ihvQGWs/uN0yZsHR3v33/5niptyqkJWAp2EaF

A6kXsNYhmeTrmLzk1dzxR26pj3rAiX6G2yRzyRnv9tUuUnmX98P/dmaMWFxmRNSbGg9Z

2Phw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1729939703; x=1730544503;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=bmQ2bulur4LrDcmhP1yDhRqjNWBnOS6bh9uta+fBZSY=;

b=VLDibLMTuo1wwV4nlzKDF1Gv/o1dSFPu06FsK4wTVlNxF3LR99xrZwZC1FpTBUtFrC

F7omF2asC1yA5x8SZIWZ6C6dKQv5tGxInyTUkvW4XbDIGHqdHHJN+fKTPLsuWXgLqEc0

c1Y2l3e+lsPrOThIY7f+O9ez+65gz7gAtKBKOCEsCqPzViZ0Q4GhXRNC4CN1tybSkx48

/5fJYyYlzRF3p+jsd+yc6OzlJe5A7hbRDPJPv7+LROp5Jhcy27Ff/5LVRrlRN5aiR1s1

7FMZDpSClCbeaTBdaU2eBV4nkyErsiEGgckw52cK5PFPIbC3k7d8lH1QjMvLATQVB/Xo

k1Ww==

X-Forwarded-Encrypted: i=1; AJvYcCVRlWa12a7sn5NWKP5JyWWViKvJ+7T596eRrX905vjtgmk0oGVtvJHXfzgX7nvDeBHiFAzMOQM=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YxwBp53xmMZoJLY0Uo9iP+s63/93i+nI8gnfv4dphJ9+QWsAWYD

azCkbIFUxk1unjOr1/1/LsgmdS0wKi6XmOH2gjuR3XNoEYKga4sN469xmRigfJX5t+pDiup2Imk

tStp48QeeBCAjDmIxLKj8IV3eWDDVUR4QhHkkrhbZAvw=

X-Google-Smtp-Source: AGHT+IE0imGknAwi5DztyhloY2vP1HlEO8X/J7AyLvMT5+Mhtlg5hw85MWt9OTACPFf7URbPHHKY6UPgimwXDdRFKFw=

X-Received: by 2002:a05:6512:1282:b0:53b:1fd1:df34 with SMTP id

2adb3069b0e04-53b3491e0eamr1492019e87.45.1729937962064; Sat, 26 Oct 2024

03:19:22 -0700 (PDT)

MIME-Version: 1.0

From: Leslie Davila Zum

Date: Sat, 26 Oct 2024 03:19:11 -0700

Message-ID:

Subject: Gold for sales

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000b6659d06255e9152"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 9.3

X-Spam_score_int: 93

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, Just wondering if you would be interested in buying

and selling our gold. Kindly get to me for more details Regards Jeff



Content analysis details: (9.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[209.85.218.66 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.218.66 listed in dnsbl.ahbl.org]

[209.85.218.66 listed in dnsbl.ahbl.org]

[209.85.218.66 listed in dnsbl.ahbl.org]

[209.85.218.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.218.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.218.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.218.66 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.218.66 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

[209.85.218.66 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.218.66 listed in wl.mailspike.net]

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[davilazumleslie(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Gold for sales



--000000000000b6659d06255e9152

Content-Type: text/plain; charset="UTF-8"



Hello,



Just wondering if you would be interested in buying and selling our gold.

Kindly get to me for more details



Regards

Jeff



--000000000000b6659d06255e9152

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,

Just wondering if you would be interested in=

buying and selling our gold.
Kindly get to me for more details

R=

egards
=C2=A0 =C2=A0 =C2=A0Jeff




--000000000000b6659d06255e9152--

Gold for sale spam from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 26 Oct 2024 04:53:00 -0600

Received: from mail-wm1-f67.google.com ([209.85.128.67]:44428)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1t4eOy-00000000Lu8-0mw2

for dave@doctor.nl2k.ab.ca;

Sat, 26 Oct 2024 04:52:23 -0600

Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4314fa33a35so26955945e9.1

for ; Sat, 26 Oct 2024 03:52:11 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1729939925; x=1730544725; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=LLKVffQpTt6GZ+971mrM2S6lR4xLMwkrXYY7BDw0zNI=;

b=kdWrUpP4DkG2Qtmja71bnKmJvfkTr9wwARpEPvt6YKVcG9dP1gXDfSjG6bPvBrEJ+o

t240uLEFxGA5mcMVSk02ULtetGNYYT0SCMZHuWdyWtSUCA833gDznm9Hyza/XSdtAagJ

scKUZb/xFFtyjuOFEJd9GbGF1W06iUeBJasoBfSGM5GfCBh1h/Fsq4iuz7WUNuYlHCFf

7ZpaWAUTscLUbwhB8j95sRJJ0F2XFTGjD8EBFhKTW/75pq3I4RYDzINwywe/H2LObBzs

HCH2RWXn8Hthqh2i0TzPh40xSOj4wA+dzCEqEYLfiY+cJNDGWAKaEy4cuL0JzA5H3qWx

xNcw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1729939925; x=1730544725;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=LLKVffQpTt6GZ+971mrM2S6lR4xLMwkrXYY7BDw0zNI=;

b=noCq9NTvWAZjQm3gCdWntuESL6/Pce/HyMjTC6MZ07ISuB9zuSzaxxS1Ct7uF5RqCP

N+Q5ydz0/aXliQrzRz/QGk+OLztl5BBghHnNwvVi8hMoRzgVzdYKWW9QCBytnN7nblmm

FV6tRpIoBh/DwzfcyzK1x8nu6fyOeEG0cfpdwAQuzdi/xmhsGzKSdT5u87BDKybymkdw

3qOjduGjX9QR2l1+JJVs2Co+XOaja7Lbhl4dyAe1982zAcv27vR+STz7d92qmon6eAdg

2Kv6WlUUVL1stnHlSy0l2hGKBFQJRMQwKPyJQdnRFBV6Vq7H7zhWxe0FsX6UnQQfSHvN

LzlQ==

X-Forwarded-Encrypted: i=1; AJvYcCWuHSIUJrRBOopFOQ1dht98yY/iCCBUvk4B8Zn3hk9IP9kvtjg1BKRASYuM1fN8g/pz80/z@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YwPXuBsDShmuArgsg7oiUUmLxuEKaJm6DlNJRWwxG9BolYpYdoQ

SJOjivUTIedmWoHKc6eExPwe0InLuQdr16uFM7PgCUQXS4zYRS7NPxDz5JyFTEWw9tZ6E3VvzNM

k1ORL2QD0/1eDtPmaWfPemOo1J8UHmuDaRKuqQvxhvOs=

X-Google-Smtp-Source: AGHT+IHTjJS+WrJ9WD/alFppbSKnvu0KKiTjLOAeXhn3Zqj5XGGVMVdVgHY8GAUAWi9wN3s0XfSDg91N2+5ZS/sNMNA=

X-Received: by 2002:a05:6512:1190:b0:53b:15dc:f15d with SMTP id

2adb3069b0e04-53b34a31d30mr929901e87.50.1729937746017; Sat, 26 Oct 2024

03:15:46 -0700 (PDT)

MIME-Version: 1.0

From: Leslie Davila Zum

Date: Sat, 26 Oct 2024 03:15:34 -0700

Message-ID:

Subject: Gold for sales

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000d5c3b206255e84f3"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 9.1

X-Spam_score_int: 91

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, Just wondering if you would be interested in buying

and selling our gold. Kindly get to me for more details Regards Jeff



Content analysis details: (9.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[209.85.128.67 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.67 listed in dnsbl.ahbl.org]

[209.85.128.67 listed in dnsbl.ahbl.org]

[209.85.128.67 listed in dnsbl.ahbl.org]

[209.85.128.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.67 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.67 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.67 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

[209.85.128.67 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.67 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[davilazumleslie(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Gold for sales



--000000000000d5c3b206255e84f3

Content-Type: text/plain; charset="UTF-8"



Hello,



Just wondering if you would be interested in buying and selling our gold.

Kindly get to me for more details



Regards

Jeff



--000000000000d5c3b206255e84f3

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,

Just wondering if you would be interested in=

buying and selling our gold.
Kindly get to me for more details

R=

egards
=C2=A0 =C2=A0 =C2=A0Jeff




--000000000000d5c3b206255e84f3--