X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxg-000000001OT-289m
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:40 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:40 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-srv.globalinnovationhub.cc ([78.135.110.37]:47641 helo=zxcvbnmlkjhgfdsaqwer.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4nNO-000000009PU-2CT7
for doctor@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 14:27:16 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 25.9
X-Spam_score_int: 259
X-Spam_bar: +++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (25.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.37 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: firebasestorage.googleapis.com/172.217.14.234]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
2.6 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[78.135.110.37 listed in bl.mailspike.net]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
0.0 NO_RDNS2 Sending MTA has no reverse DNS
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
1.0 XPRIO Has X-Priority header
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxg-000000001OT-289m
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:40 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:40 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-srv.globalinnovationhub.cc ([78.135.110.37]:47641 helo=zxcvbnmlkjhgfdsaqwer.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4nNO-000000009PU-2CT7
for doctor@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 14:27:16 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 25.9
X-Spam_score_int: 259
X-Spam_bar: +++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (25.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
[78.135.110.37 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.37 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
[78.135.110.37 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: firebasestorage.googleapis.com/172.217.14.234]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
2.6 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[78.135.110.37 listed in bl.mailspike.net]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
0.0 NO_RDNS2 Sending MTA has no reverse DNS
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
1.0 XPRIO Has X-Priority header
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxS-00000000PzO-2ojD
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:26 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:26 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [78.135.110.6] (port=44879 helo=1zkfxw54g8r9lt2pqbsv.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4n6O-000000007zM-3Tyk
for root@nk.ca;
Sat, 26 Oct 2024 14:09:41 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 27.7
X-Spam_score_int: 277
X-Spam_bar: +++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (27.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.6 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[78.135.110.6 listed in bl.mailspike.net]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.0 NO_RDNS2 Sending MTA has no reverse DNS
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
1.0 XPRIO Has X-Priority header
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxP-00000000PPf-0cHJ
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:23 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [78.135.110.6] (port=45013 helo=1zkfxw54g8r9lt2pqbsv.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4n4l-000000007nG-3ZyW
for doctor@nk.ca;
Sat, 26 Oct 2024 14:08:01 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 27.7
X-Spam_score_int: 277
X-Spam_bar: +++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (27.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.6 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[78.135.110.6 listed in bl.mailspike.net]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns3.google.com/216.239.36.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns2.google.com/216.239.34.10]
[URI: ns1.google.com/216.239.32.10]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
0.0 NO_RDNS2 Sending MTA has no reverse DNS
1.0 XPRIO Has X-Priority header
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxW-000000000GX-0136
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:30 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:29 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from innov-srv.globalinnovationhub.cc ([78.135.110.6]:34549 helo=1zkfxw54g8r9lt2pqbsv.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4nLx-000000009L2-1QMo
for doctor@nk.ca;
Sat, 26 Oct 2024 14:25:46 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 26.5
X-Spam_score_int: 265
X-Spam_bar: ++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (26.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.6 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[78.135.110.6 listed in bl.mailspike.net]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/172.217.14.234]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
0.0 NO_RDNS2 Sending MTA has no reverse DNS
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 XPRIO Has X-Priority header
0.0 T_REMOTE_IMAGE Message contains an external image
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxd-000000000kj-04Tk
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:37 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:33 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from innov-srv.globalinnovationhub.cc ([78.135.110.6]:34549 helo=1zkfxw54g8r9lt2pqbsv.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4nLs-000000009L2-0ZtG
for root@nk.ca;
Sat, 26 Oct 2024 14:25:40 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 26.5
X-Spam_score_int: 265
X-Spam_bar: ++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (26.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
[78.135.110.6 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.6 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
[78.135.110.6 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[78.135.110.6 listed in bl.mailspike.net]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: firebasestorage.googleapis.com]
[URI: email.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: firebasestorage.googleapis.com/172.217.14.234]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: email.com/3.33.243.145]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 NO_RDNS2 Sending MTA has no reverse DNS
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
1.0 XPRIO Has X-Priority header
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nxs-0000000037Y-0weH
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:04:52 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:04:52 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from primary-srv.globalinnovationhub.cc ([78.135.110.254]:33084 helo=fghujiklpomnbvcxzsedu.edu)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t4noS-00000000CGr-35zD
for doctor@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 14:55:15 -0600
Received: from mout-xforward.gmx.com (mout-xforward.gmx.com. [82.165.159.131])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4dc725ea182si1750669173.2.2024.10.26.12.12.42
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Oct 2024 12:12:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) client-ip=82.165.159.131;
Authentication-Results: mx.google.com;
dkim=pass header.i=@email.com header.s=s1089575 header.b=eu2Bzbvh;
spf=pass (google.com: domain of safeguardprotection@email.com designates 82.165.159.131 as permitted sender) smtp.mailfrom=safeguardprotection@email.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=email.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.com;
s=s1089575; t=1729969962; x=1730574762;
i=safeguardprotection@email.com;
bh=3UJPybnV0Pkb+C4HzzEe/t6d8pv69dF6ie/EUN2fyxY=;
h=X-UI-Sender-Class:MIME-Version:Message-ID:From:Subject:
Content-Type:Date:cc:content-transfer-encoding:content-type:date:
from:message-id:mime-version:reply-to:subject:to;
b=eu2BzbvhjoxQzneC4ZZ2Z6i0S9EQ4EsYW3sUgjhFIpUp5HxcLHoSb/vPXuw3/je+
q9atKx/AfdxAHjpMbZ2yR6lxBqbP6EtbTw77rnmgWT21u9ubQXb9rFCqPElrmqZD5
+K2I1hMkf7Z9PcT8U7inBr/SYSQTUZs/AWAzONj9ieV+TshUh48ilEAgdzFZ0um98
f06Yfw6biN4PIauNRF9tKmAuVk+tCpv20XVKLhk+lw6Z8jJZngFVLHddlDrawTa3P
gN9tPk+Nqt5YRA7Dzq2AkQ99EJ/B96wDkieVrjQuVWEQYlWO/CCPRDW38LryxzJIy
ipkoMf4X7aeqerCe0w==
X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a
Received: from [147.135.78.94] ([147.135.78.94]) by web-mail.mail.com
(3c-app-mailcom-lxa10.server.lan [10.76.45.11]) (via HTTP); Sat, 26 Oct
2024 21:12:41 +0200
MIME-Version: 1.0
Message-ID:
From: Virtual Shield Antivirus
Subject: Your Device is at High Risk! Immediate Action Needed
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 21:12:41 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:HiW3Gyp8B4mY5qphFTyf80LwEYHjyBVsUx+BzY/w3u/z3i3cYThqJHssVoDQYcstpqmNQ
i7MzlJH5xQx6AXVBM7ZwxGCmiyUpW7ZGmgq1H6djLk5NA7aj8HASZe/ZiqmyXlDfz99BMmi0xWAN
RMt5D4O/NBAMHUWYyQWlB0cFNQ1WQkFyubmAsDaYRH6sVLssc5gWgCoSM4mztWbdBuVtGeeThOCF
IBwqmpDg184uxQ0veYf5Mp92L9eYHDeWhpCqYOMihU3kOkL3t3EbXGNwttHLi9vCY+W8irz1WJtI
oU=
X-Spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:4Po4I8gv/kE=;/fldIuk+ebbC3JyEhh029UlUfNRbW
1xqluEU6JvWjklVZ8UVES9giDFjWtzBfVvdkQF4W0n+OBgYrowtmcIDdDw+ZdIAfq0apkSQrC
yeHZY8AmndBFqJI8QtXL512KnJbh76niHyg+pklbADGQdb/KcTN2Wue/PtrmUP7ZO3fVrFEdm
kWMEdgJVcfXX0fDavuPdezwGhfkre2Ir8SWGPkJPgrGu39lol8bmk3csVyGpaYQ6AO4UDnbMS
MI/NSsqII+aH/CGvwhw+SDvU+kx4BlLsv66Ey1aDo/Qj4MuJYt+mPH0Qe8pedI5rcNW/cNfwG
zNzSQjafqnYzoNH45MUq6ecBkM0VmZxrAcdY/fh13ug70xUDMNw0skqOv2lLyqldnX/7xYGgh
I7rPnO93eMCF397mAn/ERzhp+BEXCgakVMcYPHNmAZ/kaYpbSdy72YRmk72MJB0oX82BiLR+o
d4DewBchHkV8l3sungzJ+YTW5zWefGsm55WQkGMjN+2AOCpbzInIbS6qdAnzqYautTbQZryNx
/4cx3rC8SUiSGxKxFigS6ewYndukuXnu3vkpeGk+Dkyf6hhYftJUMP9+vCZiNLnMCgYfzYbOP
ypxAK/55/Qpi7P64x/gDnrjScctnR0ebxjv5hxy1Ee4AA30ZgTJar77KRFYD+mRJAOUsAD80H
7g6tYqpeIEF5BXwIuqHASiAiuPgzDlMGH48PQbJShQanXrLjAUYI6rcd97NsKpj8FERXjzaFi
1HBwoTNaHhSNlvI4xbzjwstXZoQTgc3ywDxmunJPIHeU5sG2xuQs=
X-Spam_score: 23.4
X-Spam_score_int: 234
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Security Alert: Protect Your Device from Hidden Threats
Content analysis details: (23.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[147.135.78.94 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[82.165.159.131 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
[78.135.110.254 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[147.135.78.94 listed in sbl-xbl.spamhaus.org]
[82.165.159.131 listed in sbl-xbl.spamhaus.org]
[78.135.110.254 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[147.135.78.94 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[82.165.159.131 listed in dnsbl.ahbl.org]
[78.135.110.254 listed in dnsbl.ahbl.org]
[78.135.110.254 listed in dnsbl.ahbl.org]
[78.135.110.254 listed in dnsbl.ahbl.org]
[78.135.110.254 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[147.135.78.94 listed in dnsbl.ahbl.org]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: email.com]
[URI: firebasestorage.googleapis.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: email.com/3.33.243.145]
[URI: firebasestorage.googleapis.com/172.217.14.234]
[URI: firebasestorage.googleapis.com/142.251.33.106]
[URI: firebasestorage.googleapis.com/142.251.215.234]
[URI: firebasestorage.googleapis.com/142.251.211.234]
[URI: firebasestorage.googleapis.com/142.250.217.74]
[URI: firebasestorage.googleapis.com/142.251.33.74]
[URI: firebasestorage.googleapis.com/142.250.217.106]
[URI: firebasestorage.googleapis.com/142.250.69.202]
[URI: pdns1.ultradns.net/204.74.108.1]
[URI: pdns2.ultradns.net/204.74.109.1]
[URI: firebasestorage.googleapis.com/172.217.14.202]
[URI: pdns3.ultradns.org/199.7.68.1]
[URI: pdns4.ultradns.org/199.7.69.1]
[URI: pdns5.ultradns.info/204.74.114.1]
[URI: pdns6.ultradns.co.uk/204.74.115.1]
[URI: ns2.google.com/216.239.34.10]
[URI: ns4.google.com/216.239.38.10]
[URI: ns3.google.com/216.239.36.10]
[URI: ns1.google.com/216.239.32.10]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
3.5 VIRUS_WARNING62 'From' indicates unhelpful 'virus warning' (62)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[safeguardprotection(at)email.com]
1.2 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
0.0 NO_RDNS2 Sending MTA has no reverse DNS
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
1.0 XPRIO Has X-Priority header
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Your Device is at High Risk! Immediate Action Needed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 15:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4nwO-00000000Kd6-0DdJ
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 15:03:20 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 15:03:20 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sg2apc01olkn2075.outbound.protection.outlook.com ([40.92.53.75]:34635 helo=APC01-SG2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4n5U-000000007rQ-16Su
for sales@nk.ca;
Sat, 26 Oct 2024 14:08:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=r7GDaFn6lpnLIzxUxPFPKAcDLyq7CuDrLxTmXuzs3BB6oY/+5yRLLUF5j0hYxBGLORNPazN9F3mwC5Igzd2BdG4UolykFYleeCZNWyy76x/izFRJwhQ2iWvNmS8ycdNLdjZnC7N7a9fsI77TcfrQdqM30ThzftR8DJa/VepaFlrPqeh7I6zX4rBwqxYZiQfEb2EUOMP4Bh/zmZlsChNzYhLDohndFmRdB3Rt7P2T7RZl6aiQ2Bfie3KU5xFeRUN9H9SwbzoUgngBB54z+2PMdvTEO13s/E5OfDW4aACOzR8hB1O6BCfSY0Bkupo/33DyUyicSeGP4CvvbBP2kbWTpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=4z9au9FNGDEeIC9HgmXawYA6TdS9HOkfQBGrVhOWLBI=;
b=wt0g6lc2VVi5xBVNxBkmKz2uRE5Bl5RUOlVH/ucUd2+eo689YZ8htgJAUOt6ubGUIzf1gKy1fFipeJWQJUnK/iy5yckbHoiMb4fLqRusLTBAuR4HxshKbHiPJk/jfPoaHd5wvgWe33lCAuZ2IDMRzpFhE9D4+BsGzlN+DCSRHI/vOm0wK9volI5MPxktRUsFsatyAzl7kETnZS90MX2hWrlrROl+r8t2N6ifendIynyb5RwtnWa3+M/BmkpKGueJK5zw4LMGVVSOc5rPC5demkzK5cPVqkbwgjKfsNvx28MTYYaGesK38egQV2Bd46pKBUc7WKqV2e1L+lgF8Anpug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=4z9au9FNGDEeIC9HgmXawYA6TdS9HOkfQBGrVhOWLBI=;
b=saGWGW34pFADbyhYWx6yM00N5ICHZ9fEbnvgEgw1XOJDFJjLvw1VL5aMOTkKVUUOd6VNZY+Z1QvgcUzSavpoA5jrkHPtc7cR39tddsmw3V50LAbINDYBRqrCSJSIIXY6hx1l+H5vLbx0KzP5u7lg7AES6rWYRheLxZVRmvJE/TlwXL4qmuI2XE+jCa0irht4HSm5C2eUMcEVqp7hXmnml6x/i/4ezbhOHcbnPbBN3ceqTfsnaGTX/Q3A81tlz75YFsQjG6ru8rxpvu119Fwe8IJDQmPTBVbHUfsnihgXJOUkxyrWuiYgb3PD+kzpGkrKdpLPWqns1Fv28tDBDezKsA==
Received: from PUZPR01MB5263.apcprd01.prod.exchangelabs.com
(2603:1096:301:107::16) by SEZPR01MB4304.apcprd01.prod.exchangelabs.com
(2603:1096:101:4b::8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.23; Sat, 26 Oct
2024 17:27:17 +0000
Received: from PUZPR01MB5263.apcprd01.prod.exchangelabs.com
([fe80::855:122f:1584:90c6]) by PUZPR01MB5263.apcprd01.prod.exchangelabs.com
([fe80::855:122f:1584:90c6%4]) with mapi id 15.20.8093.014; Sat, 26 Oct 2024
17:27:16 +0000
From: Paul Chamberlin
To: Paul Chamberlin
Subject: Cost?
Thread-Topic: Cost?
Thread-Index: AQHbJ8wrhD1SGEXe30KFPBmp9cdEwg==
Date: Sat, 26 Oct 2024 17:27:16 +0000
Message-ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PUZPR01MB5263:EE_|SEZPR01MB4304:EE_
x-ms-office365-filtering-correlation-id: 4063c695-ae83-4228-9bee-08dcf5e36ff0
x-microsoft-antispam:
BCL:0;ARA:14566002|461199028|8062599003|15030799003|6115599003|8060799006|19110799003|7042599007|15080799006|3412199025|440099028|102099032|1710799026;
x-microsoft-antispam-message-info:
3egyqqG3HZ0VJxOdj9gnx16+6giTxj/Dy7OS/Ck8X3kW17LjqAjiA0LVbuccHifxBxpLWawla3AM3HtR+I28/cGu3/y/lhhYK6Goxq0VRpexXkFD1SMS1fwNA5NZc324wXTe91Zl81TZCXOdNOG1fUQ78Ov6M2oy31IP38ZWGqJIIdkBUfUjeHv3JSudHMJA/JH1fWJi+XLuAlHw/GzOGrayMLAKZLcQvHaX0y9AvI38LeY/KpIxyvKnxui6ysrt6QAxPOH+KeJ6E41GKQ9zrVUrVg8n0jOwmD18v/aTjQukjdqPL1UuKYj6WU38ufS8cxtsdPfbVNbAbxlj2ojNQ2/nYJm6uvwkCylriql9zGVQrrKzWyh+wKqZP9djLH1tcPchyBwMaLDoSzzUICNaEfREaZXn3z+Z80pgX/0wvnOzAnW+EFQHXF1wXRib9XB3mEDVbWbkJwUzTv7RIIgISjFwsqTpSDT1Rsp6iMBjnulkJSwOI7lO3d0PFdtwMdEwaKYpgtNdCLczkZyQB0gjYzcRZWCucvRCSU5pUyTXkjiwngz2CkB9AH5VY6kF4i2BOtLpbchjmZg0uHNEC9x9JJCokkGu45wHNEKWRIFIb64f+j2o0wJoZJa1cufTn6B6gwU4SOdY3r55jHfIEQWIqY3DREptcgMpx6tWKJtm15jbuoLJDEmcujXyrlAc490WUhOSCsdBNws5bJpeC8GMiSYTV7TqNEiOxhUqfTwn4vHLJ6HswrvWs6AEZ5lfo+1kSk/YXtsnhgoFE2fhaVrC32w/BDLxLvzzrmpB7FEWcm1NBikyjZWgT5j0LF2efh19
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
=?iso-8859-1?Q?VGeH7lSXhsg0z9aMP6ziMnYMxPg19jGIxRzSoxPsFjPUMZc4aVXvWjawfr?=
=?iso-8859-1?Q?HROLu6mMpNXdvmUI0ZLQfOFSIntRXQQ2hBZN/QX4LdTha2NWXhvCrrK5J5?=
=?iso-8859-1?Q?R+s4B+/5ORlxLmEUqsSBfjNzxARk+0ZYxDoUlXImMH3QDL3pzZ+WmlUE7+?=
=?iso-8859-1?Q?9+93x2M1g/9Zy3KHTFPKvlv7V3ePp86Pj5kObPb/HwaT+XzstGz1N9rHVo?=
=?iso-8859-1?Q?bood4GZX1aDhg5tRlggRZkE5Z/oADVA7F6gq0GEw1kpEOdNA1cLT+j0SwY?=
=?iso-8859-1?Q?EXnCR+3czT1nG7m95RqX5ZebhfXiAIfMg8JtTFA9WuAAAwE8H1vAyE1pD1?=
=?iso-8859-1?Q?9pc+IOAJ4NaX8hpto5QXOkejlUvRLZ+2Ms+PmTZwTQ8Iaqtohb+hrAXUZ2?=
=?iso-8859-1?Q?xo1929EXysQ5nNpXQXyhvvMGx9iOaU6lA9vFMg9PC9PDKFBPicFiJ9nKHg?=
=?iso-8859-1?Q?9PM2iGWFn0itXIlnNsjL/6E78WhJZ85RtmbIM/Cy4qu1PS2h2QjbT8JstX?=
=?iso-8859-1?Q?lI24CgT1HVShHoeVOQzHHW2GYAhFegHZiFFj6zylNMBXj5E4n1rxWC3SPW?=
=?iso-8859-1?Q?4Q7Xo32kV9GzZ5MSK5638IcecuIx2SpFFC873g93BwunyBjHNhDqAD93Qs?=
=?iso-8859-1?Q?xXxmITAnzrxgUqLghYAhGk+VWEplGsCw5PT0F87I890OXAudFfM1Qks6yT?=
=?iso-8859-1?Q?SJWp54+TlF9TgLb/6+SbvbzAgA1QDjgdzCEk2ZEnqPFmlhqDW1SMDSsVUh?=
=?iso-8859-1?Q?DrzlMpeoUukXft3T0r49khJE4nxz64FyzgekkVL/vpRoz8BpvyTACq+UuO?=
=?iso-8859-1?Q?gtDWjIW5FAEqemNRMvbqmRUiVdnf2ZImEnahOiQjSTdMXUU/XN/cbN+YJ9?=
=?iso-8859-1?Q?TFq4LjVsRP1kDAENlme22bPoIqz/udP+/ruwll0mCIE2ddXv2vaLTolSsC?=
=?iso-8859-1?Q?eVd9v1ABZgK8JHsGfd50ANKpSl47JD/Xn/ShD3QMWA4L2sISopbSbh1tq9?=
=?iso-8859-1?Q?hkLQjideoA2a0bioNFBu9fLvmNsPkgplENeTT5GAUSkg3wNWFi6Cquzlw1?=
=?iso-8859-1?Q?Ye65ZKxCcbD3wBbiiE2WGa0TsKQEgI79ixd4KK0ZHpg9rNQFRIwD91kvhb?=
=?iso-8859-1?Q?Z9Hr+xBN7B5+7o+I7pN1dsJlUjk8q4O60+MVZt90d2Dny9HpdwDBAIq1DT?=
=?iso-8859-1?Q?Rmhx6LWM06VAZt5IJaSrUnmv+XL7lf5q/Q7hUNLZUly0yuodbN0XHJelP5?=
=?iso-8859-1?Q?H6viqPE9pHQBbhuqqTpUlZElK+2zvAARV66F3AxCpdIsiQYogrioLhCMY7?=
=?iso-8859-1?Q?I70tbw2yGaCoQ8BtvYdk/p+sfCymuGdzH6xlXY8AKeo2W0Gv/uwWxno6pI?=
=?iso-8859-1?Q?/9NNOCOSLS?=
Content-Type: multipart/alternative;
boundary="_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PUZPR01MB5263.apcprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 4063c695-ae83-4228-9bee-08dcf5e36ff0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2024 17:27:16.3772
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR01MB4304
X-Spam_score: 7.8
X-Spam_score_int: 78
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello Greetings While browsing through your site, I came across
a few errors.
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:107:0:0:0:16 listed in]
[will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
[40.92.53.75 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[2603:1096:301:107:0:0:0:16 listed in]
[sbl-xbl.spamhaus.org]
[40.92.53.75 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
[40.92.53.75 listed in dnsbl.ahbl.org]
[40.92.53.75 listed in dnsbl.ahbl.org]
[40.92.53.75 listed in dnsbl.ahbl.org]
[40.92.53.75 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[2603:1096:301:107:0:0:0:16 listed in]
[dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.92.53.75 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 ARC_VALID Message has a valid ARC signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[paulchamberlin504(at)outlook.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[paulchamberlin504(at)outlook.com]
0.0 HTML_MESSAGE BODY: HTML included in message
Subject: {SPAM?} Cost?
--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello
Greetings
While browsing through your site, I came across a few errors.
With your permissions: Would it be helpful if I share a Screenshot of these=
issues?
Can I show you the errors.?
Thank you..
--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
Hello
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Greetings
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
While browsing through your site, I came across a few errors.
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
With your permissions: Would it be helpful if I share a Screenshot of these=
issues?
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Can I show you the errors.?
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
Thank you..
--_000_PUZPR01MB5263651E229271DAFF1AAEB8FC482PUZPR01MB5263apcp_--
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 07:44:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4h4W-00000000BBe-0KKe
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 07:43:16 -0600
Resent-From: The Doctor
Resent-Date: Sat, 26 Oct 2024 07:43:16 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f66.google.com ([209.85.218.66]:53345)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4eLO-00000000LWM-33SJ
for doctor@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 04:48:46 -0600
Received: by mail-ej1-f66.google.com with SMTP id a640c23a62f3a-a99ea294480so195759666b.2
for ; Sat, 26 Oct 2024 03:48:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1729939703; x=1730544503; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=bmQ2bulur4LrDcmhP1yDhRqjNWBnOS6bh9uta+fBZSY=;
b=WubO6IxOow4l5i8pf8fdiW9Ed9nGmnpWmKUcBKnVrep1IO7nbvCUdUpFW65q7nWgAO
n9FT/tuoHHh7P9ytDmioqM/r3PSrtygrodHSllNmZYXe/vWzepqIBh0Cr1jKpl7wFLho
glcYA+Ez1+B0jIUdIc4cMacRY8nKeP34mec8ZItc/VF03WRaUp3yCPoZPXPb06bEaP7j
ijhDsHTBkkbdFDe4FuxYSb1LQpsnje2ihvQGWs/uN0yZsHR3v33/5niptyqkJWAp2EaF
A6kXsNYhmeTrmLzk1dzxR26pj3rAiX6G2yRzyRnv9tUuUnmX98P/dmaMWFxmRNSbGg9Z
2Phw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1729939703; x=1730544503;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=bmQ2bulur4LrDcmhP1yDhRqjNWBnOS6bh9uta+fBZSY=;
b=VLDibLMTuo1wwV4nlzKDF1Gv/o1dSFPu06FsK4wTVlNxF3LR99xrZwZC1FpTBUtFrC
F7omF2asC1yA5x8SZIWZ6C6dKQv5tGxInyTUkvW4XbDIGHqdHHJN+fKTPLsuWXgLqEc0
c1Y2l3e+lsPrOThIY7f+O9ez+65gz7gAtKBKOCEsCqPzViZ0Q4GhXRNC4CN1tybSkx48
/5fJYyYlzRF3p+jsd+yc6OzlJe5A7hbRDPJPv7+LROp5Jhcy27Ff/5LVRrlRN5aiR1s1
7FMZDpSClCbeaTBdaU2eBV4nkyErsiEGgckw52cK5PFPIbC3k7d8lH1QjMvLATQVB/Xo
k1Ww==
X-Forwarded-Encrypted: i=1; AJvYcCVRlWa12a7sn5NWKP5JyWWViKvJ+7T596eRrX905vjtgmk0oGVtvJHXfzgX7nvDeBHiFAzMOQM=@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YxwBp53xmMZoJLY0Uo9iP+s63/93i+nI8gnfv4dphJ9+QWsAWYD
azCkbIFUxk1unjOr1/1/LsgmdS0wKi6XmOH2gjuR3XNoEYKga4sN469xmRigfJX5t+pDiup2Imk
tStp48QeeBCAjDmIxLKj8IV3eWDDVUR4QhHkkrhbZAvw=
X-Google-Smtp-Source: AGHT+IE0imGknAwi5DztyhloY2vP1HlEO8X/J7AyLvMT5+Mhtlg5hw85MWt9OTACPFf7URbPHHKY6UPgimwXDdRFKFw=
X-Received: by 2002:a05:6512:1282:b0:53b:1fd1:df34 with SMTP id
2adb3069b0e04-53b3491e0eamr1492019e87.45.1729937962064; Sat, 26 Oct 2024
03:19:22 -0700 (PDT)
MIME-Version: 1.0
From: Leslie Davila Zum
Date: Sat, 26 Oct 2024 03:19:11 -0700
Message-ID:
Subject: Gold for sales
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000b6659d06255e9152"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 9.3
X-Spam_score_int: 93
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, Just wondering if you would be interested in buying
and selling our gold. Kindly get to me for more details Regards Jeff
Content analysis details: (9.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[209.85.218.66 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.218.66 listed in dnsbl.ahbl.org]
[209.85.218.66 listed in dnsbl.ahbl.org]
[209.85.218.66 listed in dnsbl.ahbl.org]
[209.85.218.66 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.218.66 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.218.66 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.218.66 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.218.66 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
[209.85.218.66 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.66 listed in wl.mailspike.net]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[davilazumleslie(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
Subject: {SPAM?} Gold for sales
--000000000000b6659d06255e9152
Content-Type: text/plain; charset="UTF-8"
Hello,
Just wondering if you would be interested in buying and selling our gold.
Kindly get to me for more details
Regards
Jeff
--000000000000b6659d06255e9152
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hello,
Just wondering if you would be interested in=
buying and selling our gold.
Kindly get to me for more details
R=
egards
=C2=A0 =C2=A0 =C2=A0Jeff
--000000000000b6659d06255e9152--
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 26 Oct 2024 04:53:00 -0600
Received: from mail-wm1-f67.google.com ([209.85.128.67]:44428)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from )
id 1t4eOy-00000000Lu8-0mw2
for dave@doctor.nl2k.ab.ca;
Sat, 26 Oct 2024 04:52:23 -0600
Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4314fa33a35so26955945e9.1
for ; Sat, 26 Oct 2024 03:52:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1729939925; x=1730544725; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=LLKVffQpTt6GZ+971mrM2S6lR4xLMwkrXYY7BDw0zNI=;
b=kdWrUpP4DkG2Qtmja71bnKmJvfkTr9wwARpEPvt6YKVcG9dP1gXDfSjG6bPvBrEJ+o
t240uLEFxGA5mcMVSk02ULtetGNYYT0SCMZHuWdyWtSUCA833gDznm9Hyza/XSdtAagJ
scKUZb/xFFtyjuOFEJd9GbGF1W06iUeBJasoBfSGM5GfCBh1h/Fsq4iuz7WUNuYlHCFf
7ZpaWAUTscLUbwhB8j95sRJJ0F2XFTGjD8EBFhKTW/75pq3I4RYDzINwywe/H2LObBzs
HCH2RWXn8Hthqh2i0TzPh40xSOj4wA+dzCEqEYLfiY+cJNDGWAKaEy4cuL0JzA5H3qWx
xNcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1729939925; x=1730544725;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=LLKVffQpTt6GZ+971mrM2S6lR4xLMwkrXYY7BDw0zNI=;
b=noCq9NTvWAZjQm3gCdWntuESL6/Pce/HyMjTC6MZ07ISuB9zuSzaxxS1Ct7uF5RqCP
N+Q5ydz0/aXliQrzRz/QGk+OLztl5BBghHnNwvVi8hMoRzgVzdYKWW9QCBytnN7nblmm
FV6tRpIoBh/DwzfcyzK1x8nu6fyOeEG0cfpdwAQuzdi/xmhsGzKSdT5u87BDKybymkdw
3qOjduGjX9QR2l1+JJVs2Co+XOaja7Lbhl4dyAe1982zAcv27vR+STz7d92qmon6eAdg
2Kv6WlUUVL1stnHlSy0l2hGKBFQJRMQwKPyJQdnRFBV6Vq7H7zhWxe0FsX6UnQQfSHvN
LzlQ==
X-Forwarded-Encrypted: i=1; AJvYcCWuHSIUJrRBOopFOQ1dht98yY/iCCBUvk4B8Zn3hk9IP9kvtjg1BKRASYuM1fN8g/pz80/z@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YwPXuBsDShmuArgsg7oiUUmLxuEKaJm6DlNJRWwxG9BolYpYdoQ
SJOjivUTIedmWoHKc6eExPwe0InLuQdr16uFM7PgCUQXS4zYRS7NPxDz5JyFTEWw9tZ6E3VvzNM
k1ORL2QD0/1eDtPmaWfPemOo1J8UHmuDaRKuqQvxhvOs=
X-Google-Smtp-Source: AGHT+IHTjJS+WrJ9WD/alFppbSKnvu0KKiTjLOAeXhn3Zqj5XGGVMVdVgHY8GAUAWi9wN3s0XfSDg91N2+5ZS/sNMNA=
X-Received: by 2002:a05:6512:1190:b0:53b:15dc:f15d with SMTP id
2adb3069b0e04-53b34a31d30mr929901e87.50.1729937746017; Sat, 26 Oct 2024
03:15:46 -0700 (PDT)
MIME-Version: 1.0
From: Leslie Davila Zum
Date: Sat, 26 Oct 2024 03:15:34 -0700
Message-ID:
Subject: Gold for sales
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000d5c3b206255e84f3"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 9.1
X-Spam_score_int: 91
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, Just wondering if you would be interested in buying
and selling our gold. Kindly get to me for more details Regards Jeff
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[209.85.128.67 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.128.67 listed in dnsbl.ahbl.org]
[209.85.128.67 listed in dnsbl.ahbl.org]
[209.85.128.67 listed in dnsbl.ahbl.org]
[209.85.128.67 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.128.67 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.128.67 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.128.67 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.128.67 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
[209.85.128.67 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.67 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[davilazumleslie(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
Subject: {SPAM?} Gold for sales
--000000000000d5c3b206255e84f3
Content-Type: text/plain; charset="UTF-8"
Hello,
Just wondering if you would be interested in buying and selling our gold.
Kindly get to me for more details
Regards
Jeff
--000000000000d5c3b206255e84f3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hello,
Just wondering if you would be interested in=
buying and selling our gold.
Kindly get to me for more details
R=
egards
=C2=A0 =C2=A0 =C2=A0Jeff
--000000000000d5c3b206255e84f3--