McAfee Phish from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 12 Nov 2024 12:57:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAx07-00000000FCE-1qDJ

for dave@doctor.nl2k.ab.ca;

Tue, 12 Nov 2024 12:56:35 -0700

Resent-From: The Doctor

Resent-Date: Tue, 12 Nov 2024 12:56:35 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f50.google.com ([209.85.219.50]:44487)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAua1-000000002ab-3rdB

for doctor@nl2k.ab.ca;

Tue, 12 Nov 2024 10:21:33 -0700

Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6cbe53a68b5so43512306d6.1

for ; Tue, 12 Nov 2024 09:19:35 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1731431969; x=1732036769; darn=nl2k.ab.ca;

h=priority:importance:subject:from:to:mime-version:date:message-id

:from:to:cc:subject:date:message-id:reply-to;

bh=/7N2Q2sTLKj/p6Xt/lKumiCO63CM3+tg7LGZq4bjOwg=;

b=nf+/Q1XupzNox4zJYqg8G9W+zfOEX1X1uXS0u/zPTvQLorYgOne4zBorlvvMEjwcr2

BmwSjOaAqErsAW8fNOzqHXGPZhf6fp+LJXkXXTuboXLBOIuzYlt0ZsmDap8j7Z45jvWf

o8ynHmuwsK/TSQCbqhRBLMrQnzTPJL9OqX1dBIxb6HBFtvvlK48zEoJXurgDN2iEgobM

mnrLDA4Bj5twGglwMy9tU81AP8m5Uw4xO/Te3OReV1Nx6n8W2juoTbg7oBWLAvWE19Ks

kL6EuIILwyXhogm8zTBRlCVFS3qIb/KGxHQITQwGDWQY8ot6m7EZIxabSzFvR/U5Rx+c

RGZQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1731431969; x=1732036769;

h=priority:importance:subject:from:to:mime-version:date:message-id

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=/7N2Q2sTLKj/p6Xt/lKumiCO63CM3+tg7LGZq4bjOwg=;

b=IF2fvAy5Xl1dXJlur/k+RDpQj3mhoquiA28NcpJeIJqTNWIbFWfPhXq/vIH3h2iWMN

yNZ/iCL+a9DVJR6cickzq7iG50TQFrFMQEcgHN030Kym7Z8CbNDRvYaMMJ/SvAtT9lra

VqLpl/hDcM2qkRWCbvGMo26y6NIa+TnJfaS8EjLoRnJ9hSgAl6AGdrS5CfT4rJOSb34l

dlfv2yjBnee+ulS1x4ar+PQyZmRSe8RFKaFaeZU3Xxp0kQ9yJxsp+o+C7MC/6qDmTrck

17/akqVxNYnQ6fdXay7eM5+iai/itp/ONNpXaDpzIxR2pxuhQmPNV7JkvL/M2oX/EaRZ

U4og==

X-Gm-Message-State: AOJu0YxaatIozZgcFl/ZBTGhq32900D6K2GIszpxjbFbmkxWEvjN0O/E

63UbRSbsF4je4sV2KpYnzEpKSVUATHt0iRPT5pDGYh4nYczmm05B1ErW8fKrTEo=

X-Google-Smtp-Source: AGHT+IFqs/K83oDKokvfeX0813ZDW4jma4Y/67whSjgSKqw9akHfgU4wE8uYGEf1fGs+LXJZWueNJg==

X-Received: by 2002:a17:903:1d1:b0:211:18bf:e91d with SMTP id d9443c01a7336-211ab967356mr26729505ad.27.1731415488956;

Tue, 12 Nov 2024 04:44:48 -0800 (PST)

Received: from [10.203.16.28] ([43.133.194.185])

by smtp.gmail.com with ESMTPSA id d9443c01a7336-21177e418d6sm93520265ad.142.2024.11.12.04.44.48

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 12 Nov 2024 04:44:48 -0800 (PST)

Message-ID: <67334dc0.170a0220.355336.46f0@mx.google.com>

Date: Tue, 12 Nov 2024 04:44:48 -0800 (PST)

Content-Type: multipart/mixed; boundary="===============0643421196081679385=="

MIME-Version: 1.0

to: doctor

from: Candance Jones

subject: Your request No. 05932 is being processed for doctor

Importance: normal

Priority: normal

X-Mailer: CelestialSender X-Mailer [v1.5]

X-MimeOLE: NovaDispatch Express [v2.0]

X-Spam_score: 7.4

X-Spam_score_int: 74

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello doctor, Invoice Date: Tuesday, November 12, 2024 Your

Invoice Details Client: doctor Ordered Item: McAfee Threat Intelligence Exchange

Support Duration: 5 years Amount: USD 357.56 Payment Status: Confirmed Customer

ID: PXX-290-EN-5518



Content analysis details: (7.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[43.133.194.185 listed in dnsbl.ahbl.org]

[43.133.194.185 listed in dnsbl.ahbl.org]

[43.133.194.185 listed in dnsbl.ahbl.org]

[43.133.194.185 listed in dnsbl.ahbl.org]

[209.85.219.50 listed in dnsbl.ahbl.org]

[209.85.219.50 listed in dnsbl.ahbl.org]

[209.85.219.50 listed in dnsbl.ahbl.org]

[209.85.219.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[43.133.194.185 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[43.133.194.185 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[43.133.194.185 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[43.133.194.185 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[43.133.194.185 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

[209.85.219.50 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.50 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.50 listed in wl.mailspike.net]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[nnamdioleka900(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[nnamdioleka900(at)gmail.com]

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Your request No. 05932 is being processed for doctor



--===============0643421196081679385==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



SGVsbG8gZG9jdG9yLApJbnZvaWNlIERhdGU6IFR1ZXNkYXksIE5vdmVtYmVyIDEyLCAyMDI0CgpZ

b3VyIEludm9pY2UgRGV0YWlscwpDbGllbnQ6IGRvY3RvcgpPcmRlcmVkIEl0ZW06IE1jQWZlZSBU

aHJlYXQgSW50ZWxsaWdlbmNlIEV4Y2hhbmdlClN1cHBvcnQgRHVyYXRpb246IDUgeWVhcnMKQW1v

dW50OiBVU0QgMzU3LjU2ClBheW1lbnQgU3RhdHVzOiBDb25maXJtZWQKQ3VzdG9tZXIgSUQ6IFBY

WC0yOTAtRU4tNTUxOAoKR3JlZXRpbmdzISBXZSB3aWxsIGJlIHByb2Nlc3NpbmcgeW91ciBzdWJz

Y3JpcHRpb24gcmVuZXdhbCB0b2RheSwgYW5kIHRoZSBhc3NvY2lhdGVkIGNoYXJnZSB3aWxsIGJl

IGJpbGxlZCBhdXRvbWF0aWNhbGx5LiBEb27igJl0IGhlc2l0YXRlIHRvIGFzayBpZiB5b3UgbmVl

ZCBoZWxwLgoKSWYgY2FuY2VsYXRpb24gaXMgb24geW91ciBtaW5kLCBmZWVsIGZyZWUgdG8gY2Fs

bCArMTgxNTI5NjY2MDgsIGFuZCB3ZeKAmWxsIGFzc2lzdCB5b3UuIFRoYW5rIHlvdSBmb3IgeW91

ciBjb250aW51ZWQgbG95YWx0eSEKCldhcm1lc3QgUmVnYXJkcywsCk1jQWZlZSwgTExDLi4gQWxs

IHJpZ2h0cyByZXNlcnZlZC4KNzA3MSBPYWsgQXZlLCBDaGljYWdvLCBJTCA2MDYwNQpIZWxwIGFu

ZCBTdXBwb3J0ICsxKDgxNSkgMjk2LTY2MDgu



--===============0643421196081679385==--

Instagram followers spam from Google gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 12 Nov 2024 10:17:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAuVb-000000001cT-1L9S

for dave@doctor.nl2k.ab.ca;

Tue, 12 Nov 2024 10:16:55 -0700

Resent-From: The Doctor

Resent-Date: Tue, 12 Nov 2024 10:16:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pf1-f195.google.com ([209.85.210.195]:55413)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAtrO-00000000OwY-22B1

for sales@nk.ca;

Tue, 12 Nov 2024 09:35:27 -0700

Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-72061bfec2dso5381404b3a.2

for ; Tue, 12 Nov 2024 08:33:28 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=likepostnexusx-com.20230601.gappssmtp.com; s=20230601; t=1731429202; x=1732034002; darn=nk.ca;

h=mime-version:date:subject:to:from:list-unsubscribe-post

:list-unsubscribe:message-id:from:to:cc:subject:date:message-id

:reply-to;

bh=aegaKsAkvH8s+T91j2v9iJoPewarnuBscZRByykue4E=;

b=tw/nZrnZNHkYh9JM8eMpbbVaeWWbIN2yaJadUeTcog18e8q8UiOx8PCmQPbLECd0Bp

2O+n/Avf9rqGN9M6720xKXAXTfw3tJrdLC3UZAGM56x1/X3x6OQ6KEEQvdRHSog2lQh3

h7NPS8eYeX4CCZQLAbwAH1QcHLFjflDA9lPm98TTahJC+xPs6LsRSbgN0v3JaAqPm+9u

6M+NhBjCn1ho2QPQ45pFAlGZWc395OPh/rWFJZ6ROQUoMqct7/XLitfmG+MWlAm30dgE

x82PY0e7o696ShPD3A5/8PWF2yOeWWKOj10LhrC+F5L49INUoSgoxnszlpLoSTPNv8Cv

Ok6g==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1731429202; x=1732034002;

h=mime-version:date:subject:to:from:list-unsubscribe-post

:list-unsubscribe:message-id:x-gm-message-state:from:to:cc:subject

:date:message-id:reply-to;

bh=aegaKsAkvH8s+T91j2v9iJoPewarnuBscZRByykue4E=;

b=uj1gnusNaaJet9RNZbnj1/mWbo9OUQ9OC7RiI8sDp4XhnTI9UmOxgRbLoRjwsVnvNR

FOMQ1yKWpdxniVoEfRoOQoHlbuc9NlAnys+JUx6U7Jj83yoS7UAU8gZ5FY1pdLCXApII

mHQlDFYXS+caPxgmQ6rxwUNrRudQU/1MkWj5mXuL3IqeIziE9RgA/cs0g++YLYagnIs6

QJ5xJFTrXDbLlxAVSKFA/rQI3wrgUNPG/6x/3ywDKY3ssQZx0btVZTrX/91NLPLUSgTr

RMPA5D/NtoGMbnlIoy+tdhpeaczuRBWPDf4sTSrkUkr+ozkqz26htZ1n6GSARIb1eX0U

gE+w==

X-Gm-Message-State: AOJu0Ywqht+io+h/wTnzuLkLqNmSH2ykg88KbrjNwc0TDiK/5MGL8gN5

dTvp+QIZa3WixAYaCODJtMn+eh9zWS3GPiNdc5V6EWTuQOAeUW30OMDPbWMhGUASefJz7hFHOPO

1Rn8=

X-Google-Smtp-Source: AGHT+IExJjDLCjmr/hwSSCVBeiKPrfUYkVThf9w5epdAHk/Qzlk+0ZhN61klin0lgC+Ggg+qIqiPOw==

X-Received: by 2002:a05:620a:240f:b0:7b1:572a:cd24 with SMTP id af79cd13be357-7b331e71e0bmr2184255885a.10.1731419390735;

Tue, 12 Nov 2024 05:49:50 -0800 (PST)

Received: from d561f544-7e47-41fa-a554-c12a47ade962.local (ec2-3-238-192-134.compute-1.amazonaws.com. [3.238.192.134])

by smtp.gmail.com with ESMTPSA id af79cd13be357-7b32acae4d6sm590739585a.79.2024.11.12.05.49.50

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 12 Nov 2024 05:49:50 -0800 (PST)

Content-Type: multipart/alternative;

boundary="--_NmP-233d9df7669f6dc2-Part_1"

Message-ID:

List-Unsubscribe:



List-Unsubscribe-Post: List-Unsubscribe=One-Click

From: Jade Stanley

To: sales@nk.ca

Subject: @netknowyeg Fix Your Instagram

Date: Tue, 12 Nov 2024 13:49:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hey @netknowyeg, I recently came across your Instagram page

and I was really impressed by the way you provide different contact options

for your audience. It's great to see that you're making it easy for people

to rea [...]



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

[3.238.192.134 listed in dnsbl.ahbl.org]

[3.238.192.134 listed in dnsbl.ahbl.org]

[3.238.192.134 listed in dnsbl.ahbl.org]

[3.238.192.134 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[3.238.192.134 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: trendgram.io]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.195 listed in list.dnswl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.210.195 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

[209.85.210.195 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.195 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} @netknowyeg Fix Your Instagram



----_NmP-233d9df7669f6dc2-Part_1

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable



Hey @netknowyeg,



I recently came across your Instagram page and I was =

really impressed by the way you provide different contact options for your =

audience. It's great to see that you're making it easy for people to reach =

out to you and I appreciate the effort to make communication as convenient =

as possible. Keep up the great work!



That being said, I couldn't help but =

notice that your engagement on Instagram is not as high as it should be. We=

have worked with accounts similar to yours and made them grow and thrive =

on Instagram. With your quality content, you deserve much more recognition =

on your account.



At TrendGram, we specialize in organically growing =

Instagram accounts with real, engaging followers. We do not require your =

Instagram password and give a guarantee of no fake followers or bots. Our =

clients see an average growth anywhere from 3,000 to 10,000 followers per =

month. An increase in organic engaged followers will lead to more social =

credibility, sales and networking opportunities.



You can get started today=

in under 2 minutes!=C2=A0www.trendgram.com/netknowyeg http://www.trendgram=

.io



Please don't hesitate to reach out if you have any questions or =

enquiries.



Warm Regards,

Jade



--

----_NmP-233d9df7669f6dc2-Part_1

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable



Hey @netknowyeg,

I recently came across your =

Instagram page and I was really impressed by the way you provide different =

contact options for your audience. It's great to see that you're making it =

easy for people to reach out to you and I appreciate the effort to make =

communication as convenient as possible. Keep up the great work!=


That being said, I couldn't help but notice that =

your engagement on Instagram is not as high as it should be. We have worked=

with accounts similar to yours and made them grow and thrive on Instagram.=

With your quality content, you deserve much more recognition on your =

account.

At TrendGram, we specialize in =

organically growing Instagram accounts with real, engaging followers. We do=

not require your Instagram password and give a guarantee of no fake =

followers or bots. Our clients see an average growth anywhere from 3,000 to=

10,000 followers per month. An increase in organic engaged followers will =

lead to more social credibility, sales and networking opportunities.=


You can get started today in under 2 minutes!=

 
noreferrer">www.trendgram.com/netknowyeg

Plea=

se don't hesitate to reach out if you have any questions or enquiries.=


Warm Regards,
Jade



db6b.png' alt=3D'line'>

----_NmP-233d9df7669f6dc2-Part_1--

Spanish language demand letter ovh phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 11 Nov 2024 17:12:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAeUw-00000000LzB-3iM1

for dave@doctor.nl2k.ab.ca;

Mon, 11 Nov 2024 17:11:10 -0700

Resent-From: The Doctor

Resent-Date: Mon, 11 Nov 2024 17:11:10 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps-14727ee0.vps.ovh.net ([57.129.63.140]:48008)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tAdbg-000000003Uo-2gMe

for doctor@doctor.nl2k.ab.ca;

Mon, 11 Nov 2024 16:14:16 -0700

Received: by vps-14727ee0.vps.ovh.net (Postfix, from userid 33)

id 47CF484C92; Mon, 11 Nov 2024 22:01:09 +0000 (UTC)

To: doctor@doctor.nl2k.ab.ca

Subject: Suspension Electrica - Cliente

Date: Mon, 11 Nov 2024 22:01:09 +0000

From: CFE Contigo

Reply-To: cfecontigo@vps-e0fc7fe3.vps.ovh.net

Message-ID:

X-Priority: 1

X-Mailer: ✖️1߷1.3.3.7߷߷

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

X-Spam_score: 10.7

X-Spam_score_int: 107

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: correio Estimado cliente: doctor@doctor.nl2k.ab.ca



Content analysis details: (10.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[57.129.63.140 listed in dnsbl.ahbl.org]

[57.129.63.140 listed in dnsbl.ahbl.org]

[57.129.63.140 listed in dnsbl.ahbl.org]

[57.129.63.140 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[57.129.63.140 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[57.129.63.140 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[57.129.63.140 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[57.129.63.140 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

[57.129.63.140 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: 173.123.168.184.host.secureserver.net]

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 MR_STRANGE_QUESTION URI: No description available.

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Suspension Electrica - Cliente








http-equiv="content-type">

correio






style="color: rgb(33, 33, 33); font-family: Arial,Helvetica,sans-serif,serif,EmojiFont; font-size: 13px; font-style: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; background-color: rgb(255, 255, 255); width: 765px; height: 584px;"

border="0" cellpadding="0" cellspacing="0">




style="height: 90px; background-repeat: no-repeat; width: 864.444px; background-position: center; background-color: rgb(255, 213, 37);">


style="background-color: rgb(255, 255, 255); text-align: center;">


style="margin: 0px; padding: 20px 0px; font-size: 16px; line-height: 22px; color: rgb(0, 154, 102); text-align: left;">Estimado

cliente:  doctor@doctor.nl2k.ab.ca Â




style="margin: 0px; padding: 20px 0px; font-size: 16px; line-height: 22px; color: rgb(0, 154, 102); text-align: left;">Como

parte del servicio de CFEMail, al que estás suscrito, te

enviamos el acceso donde encontrarás el estado de cuenta en

formato PDF y XML.




style="margin: 0px; padding: 20px 0px; font-size: 16px; line-height: 22px; color: rgb(0, 154, 102); text-align: left;">Su

recibo de energia eléctrica cuenta con un adeudo ya vencido

por

$233.00 Â MXN. favor de realizar su pago inmediato.
















style="font-weight: bold;">La relación de los

archivos anexos es la siguiente:






style="font-weight: bold;">linea de

captura
: 9581215186567118650








style="border: 0px solid rgb(204, 204, 204); margin: 0pt auto; width: 630px; background-color: rgb(255, 255, 255);">










style="border: 0pt none ; margin: 1px 0pt; background-color: rgb(241, 242, 242);">






style="padding: 0pt; font-size: 14px; text-align: center; width: 184px; height: 40px; font-weight: bold; color: rgb(255, 255, 255);">Número

de Servicio


style="padding: 0pt; font-size: 14px; text-align: center; width: 184px; height: 40px; font-weight: bold; color: rgb(255, 255, 255);">Archivo

PDF


style="padding: 0pt; font-size: 14px; text-align: center; width: 184px; height: 40px; font-weight: bold; color: rgb(255, 255, 255);">Archivo

XML






style="padding: 0pt; font-size: 12px; text-align: center; width: 184px; height: 40px; font-weight: bold;">
style="color: rgb(0, 0, 0); font-family: "Times New Roman"; font-size: 12px; font-style: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; white-space: normal; background-color: rgb(241, 242, 242); display: inline ! important; float: none;">9581215186567118650


style="padding: 0pt; font-size: 12px; text-align: center; width: 184px; height: 40px; font-weight: bold;">
href="https://173.123.168.184.host.secureserver.net?DescargaFacturas.aspx?rpu=800220101041&serie=WF&folio=000011619963&hash=186730d692393fb939f986343589efe9&ta=1&idC=999972517&idA=103902931"

target="_blank" rel="noreferrer">Ver


style="padding: 0pt; font-size: 12px; text-align: center; width: 184px; height: 40px; font-weight: bold;">
href="https://173.123.168.184.host.secureserver.net?rpu=800220101041&serie=WF&folio=000011619963&hash=186730d692393fb939f986343589efe9&ta=1&idC=999972517&idA=103902931"

target="_blank" rel="noreferrer">Ver















































style="font-size: 14px; line-height: 120%; color: rgb(69, 82, 95); text-align: justify;">
style="color: rgb(0, 154, 102); text-decoration: none;">AVISO

DE PRIVACIDAD. Sus Datos Personales en

posesión de la empresa "CFE Suministrador de Servicios

Básicos" están protegidos. Para mayor

información puedes consultar el
href="https://173.123.168.184.host.secureserver.net/"

style="color: rgb(0, 154, 102); text-decoration: none;"

target="_blank" rel="noreferrer">Aviso de Privacidad


















Favor

de no contestar

éste correo, para cualquier duda o aclaración

llamar al

071 o acudir a uno de nuestros centros de atención donde uno

de

nuestros ejecutivos con gusto lo atenderá.



Â


Con fundamento a los artículos 18,20,21 y

22 de la Ley Federal

de Transparencia y Acceso a la Información

Pública

Gubernamental. Artículos 37 y 40 de su reglamento,

así

como los lineamientos de la Protección de Datos Personales

expedidos por el Instituto Federal de Acceso a la

Información y

Protección de Datos; los Datos personales contenidos en el

presente documento están protegidos, por tanto solo

podrán ser utilizados para los fines por los cuales fueron

entregados, cualquier uso deberá ser autorizado por el

titular

de los mismos.
















nk.ca credential phishing

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Oct 2024 23:57:00 -0600

Received: from drre.site ([192.210.150.25]:53109)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1t2lOw-00000000I6I-3Emd

for dave@doctor.nl2k.ab.ca;

Sun, 20 Oct 2024 23:56:48 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=drre.site;

s=dkim; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:

Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

List-Post:List-Owner:List-Archive;

bh=/L7JJbN76U7m1RLJ0C5HiuR00eML8p7NaQD9inKSBaE=; b=V7bgeSeymHUu/iFN5KGhJfYdlC

O6/2WVzhmDVmPWfnB8VV0VGbiX9gCF3jOhE/ThrLQP5PCou/Aufb7yc0OLBIK9SUMwbPueHKA+xOp

LNOkLrHZEx/r16qFV/vcE7DTYKtN32FbLKbRtRnORawim1tBlr6DqXDgAgvDQeTh86Yc=;

Received: from 195-154-36-201.rev.poneytelecom.eu ([195.154.36.201])

by drre.site with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.93)

(envelope-from )

id 1t1nFK-002smp-C2

for dave@doctor.nl2k.ab.ca; Fri, 18 Oct 2024 15:42:26 +0200

From: "doctor.nl2k.ab.ca"

To: dave@doctor.nl2k.ab.ca

Subject: Action Required: The Password Needs Updating!

Date: 18 Oct 2024 06:42:24 -0700

Message-ID: <20241018064224.170B38A23BAC9505@drre.site>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-SPF-Fail: YES

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Immediate Action Needed: Password Expiration Action Required:

Password Expired!



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[195.154.36.201 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

[192.210.150.25 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[195.154.36.201 listed in dnsbl.ahbl.org]

[195.154.36.201 listed in dnsbl.ahbl.org]

[195.154.36.201 listed in dnsbl.ahbl.org]

[195.154.36.201 listed in dnsbl.ahbl.org]

[192.210.150.25 listed in dnsbl.ahbl.org]

[192.210.150.25 listed in dnsbl.ahbl.org]

[192.210.150.25 listed in dnsbl.ahbl.org]

[192.210.150.25 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[195.154.36.201 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[195.154.36.201 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[195.154.36.201 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[195.154.36.201 listed in dnsbl.ahbl.org]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.0 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} Action Required: The Password Needs Updating!














=3D1.0">

Immediate Action Needed: Password Expiration






background-color: #f4f4f4;

margin: 0;

padding: 0;

color: #333333">


margin: 40px auto;

background-color: #ffffff;

padding: 40px;

border-radius: 8px;

box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1)" class=3D"email-conta=

iner">


color: #c0392b;

margin-bottom: 20px;

text-align: center">Action Required: Password Expired!




line-height: 1.6;

margin-bottom: 20px;

color: #34495e">Dear dave,




line-height: 1.6;

margin-bottom: 20px;

color: #34495e">This is a critical notice regarding your mailbo=

x dave@doctor.nl2k.ab.ca. Your password has expired, and i=

mmediate action is required to maintain access.




border-left: 5px solid #c0392b;

padding: 15px;

margin-bottom: 20px;

color: #721c24" class=3D"alert">


line-height: 1.6;

margin-bottom: 20px;

color: #34495e">WARNING: If you do not update =

your password within the next 24 hours, you will be locked out of your mail=

box. Please take action now!






line-height: 1.6;

margin-bottom: 20px;

color: #34495e">We strongly recommend you to continue using you=

r current password. To do so without interruption, click the button below:<=

/p>




line-height: 1.6;

margin-bottom: 20px;

color: #34495e">Thank you for your immediate attention to this =

urgent matter!




line-height: 1.6;

margin-bottom: 20px;

color: #34495e">Best regards,
The doctor.nl2k.ab.ca Team

=






color: #7f8c8d;

text-align: center;

margin-top: 40px;

padding-top: 20px;

border-top: 1px solid #ecf0f1" class=3D"footer">


line-height: 1.6;

margin-bottom: 20px;

color: #34495e; margin: 5px 0">© 2024 doctor.nl2k.ab.ca. A=

ll rights reserved.




line-height: 1.6;

margin-bottom: 20px;

color: #34495e; margin: 5px 0">Privacy Policy=

| Terms of Service | Contact Support
p>