sexual blackmail phish from comprimised account

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 10 May 2024 07:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1s5QQi-00000000GIc-3D1V

for dave@doctor.nl2k.ab.ca;

Fri, 10 May 2024 07:36:56 -0600

Resent-From: The Doctor

Resent-Date: Fri, 10 May 2024 07:36:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from se22-yh.route25.eu ([185.223.33.24]:54489)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1s5JrI-00000000Gd2-3Db8

for doctor@mail.nl2k.ab.ca;

Fri, 10 May 2024 00:36:02 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meetberlage.com;

s=default; t=1715322830;

bh=QufX0C/9gduyzZKbOuOA5iJ4b9MC8qOh5LMCwCoSMNI=; h=To:Subject:From;

b=XFpoZhfX59Gj1CWbHSO+ujcGxXmJad3e1hxKWKJR1Ey671P+eGrAncPVJX1OufrnH

syDcHo3RcNvIMiPzoHHawammvKq8AdXa8AK9qM6YopuAXASp2mQETOp2WJJ7Sgx4ZO

3ayhcqy4Uky00RGvIncQll6hlxF0ud3JTc10r1qI=

To: doctor@mail.nl2k.ab.ca

Subject: =?UTF-8?B??=

From: =?UTF-8?B??=

MIME-Version: 1.0;

Content-type: multipart/mixed; boundary="--DIOBtSqpew"

Message-Id: <20240510063350.2D29617A0797@pepper.alphamega.nl>

Date: Fri, 10 May 2024 08:33:50 +0200 (CEST)

X-Virus-Scanned: clamav-milter 0.103.2 at pepper.alphamega.nl

X-Virus-Status: Clean

X-Originating-IP: 93.187.220.132

X-SpamExperts-Domain: filter.alphamega.nl

X-SpamExperts-Username: 93.187.220.0/24

Authentication-Results: route25.eu; auth=pass smtp.auth=93.187.220.0/24@filter.alphamega.nl

X-SpamExperts-Outgoing-Class: unsure

X-SpamExperts-Outgoing-Evidence: Combined (0.81)

X-Recommended-Action: accept

X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+feEmjHegvC6FppwugTwz7PUtbdvnXkggZ

3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wx7eUF7OdJizNIgVt045RnYzhx0UHrYGQo089/w2bIM4JL

M0i5ZAms0EHrvcCaVINKbGFKqYNiIRjC/oLfZKZNzIXV52OyeiH3YVVX92r9x5FXL0pcTjjLQxyL

wSSSt1/S8M46JPC5hqZSnm0ynAr3oXUPiop0AaE3t37OfHKId9n2sJscIK6p6z6OS06O+5DaPiuw

5Sj8WUw0KYM2ZhB9B6mHSb/tl+iz4DGx+nERWM3SJIkHBpFEKn3A4fhH655pXKProzXLPzllmGlS

uFNFsBJVicGF0pScaYF0cbsFSfZ0rpS1IR3CffIW1+TN/aDiJzuyA0NcjJ2sY7mLb96pc0KKvpXE

pG4JdcpV3ggmp/EsqttoyBAkLKpA1siELFWdSCGABwb9D8aK2Qif5uut31/E3ahF5MMcDI7KdpjQ

Kb1bCFfmwYQ8hiiFbXfB5xfuHkJkwkDYvVVz/IT10fLLm7RVhDC6rGajPOQMsilQygZImPb9UZXs

+o5qEZeRpTi3BT/xcase7lCw0EQdzS0QEu103BqaiETY9x6IBBUZAfLW+nikTaKLuBO+NjTrBmc0

4udozIoh38DOQxa5Boxqdu5jb/M316+qYxhRsU5ezi9JERZSSeCAItRZRQkPdqYOLBNNbPztTU2S

eoKqmBQ0LfYShKcHQpDoHfG3xQ/0im+hb+yWQlkWTDb+ayYp2eWPCxhw3NfQJ78iQKZTz2VX53O+

hEFJd7oFpC7drtvNVg5Vxm/bnhrVKymAutkEJf+pfAaw2nPSttmeL2iejNU5OF4w/GCEWyMjAg02

qRtcL2PrmlOaiNxsfLtpryPjZb+ZoetD1mdmQ0OUGoz++V7q2gzmacgbvXCXq3QGTcKcADDEK214

KWKrrm/QLLYsqk9Q4NwQDkN/+sz/TcyRf/3NbZOf2+LGlaCvxdwYqYvjha0JBw/CY0h+7UH5irkQ

wko=

X-Report-Abuse-To: spam@semaster01.route25.eu

X-Spam_score: 10.2

X-Spam_score_int: 102

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello As you may have noticed, I sent you an email from your

email address.



Content analysis details: (10.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.223.33.24 listed in dnsbl.ahbl.org]

[185.223.33.24 listed in dnsbl.ahbl.org]

[185.223.33.24 listed in dnsbl.ahbl.org]

[185.223.33.24 listed in dnsbl.ahbl.org]

[93.187.220.132 listed in dnsbl.ahbl.org]

[93.187.220.132 listed in dnsbl.ahbl.org]

[93.187.220.132 listed in dnsbl.ahbl.org]

[93.187.220.132 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.223.33.24 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.223.33.24 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.223.33.24 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.223.33.24 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[93.187.220.132 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

[185.223.33.24 listed in will-spam-for-food.eu.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.1 TW_NX BODY: Odd Letter Triples with NX

0.3 LONGWORD BODY: Uses overlong words

0.0 T_TVD_MIME_NO_HEADERS BODY: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

3.5 BOGUS_MIME_VERSION Mime version header is bogus

0.1 TO_IN_SUBJ To address is in Subject

Subject: {SPAM?} =?UTF-8?B??=



----DIOBtSqpew

Content-type: text/html; charset="utf-8"

Content-Transfer-Encoding: base64



PGRpdiBzdHlsZT0iIj48ZGl2PkhlbGxvPC9kaXY+PGRpdj5BcyB5b3UgbWF5IGhhdmUgbm90aWNl

ZCwgSSBzZW50IHlvdSBhbiBlbWFpbCBmcm9tIHlvdXIgZW1haWwgYWRkcmVzcy48L2Rpdj48ZGl2

PlRoaXMgbWVhbnMgSSBoYXZlIGZ1bGwgYWNjZXNzIHRvIHlvdXIgYWNjb3VudC48L2Rpdj48ZGl2

PkkndmUgYmVlbiB3YXRjaGluZyB5b3UgZm9yIG1vbnRoczwvZGl2PjxkaXY+VGhlIGZhY3QgaXMg

dGhhdCB5b3UgYmVjYW1lIGluZmVjdGVkIHdpdGggaW9zLXJhdCB0aHJvdWdoIGFuIGFkdWx0IHNp

dGUgdGhhdCB5b3UgdmlzaXRlZC48L2Rpdj48ZGl2PklmIHlvdSBkb24ndCBrbm93IGFib3V0IHRo

aXMsIGxldCBtZSBleHBsYWluPC9kaXY+PGRpdj5pb3MtcmF0IGdpdmVzIG1lIGZ1bGwgYWNjZXNz

IGFuZCBjb250cm9sIG92ZXIgeW91ciBkZXZpY2UuPC9kaXY+PGRpdj5UaGlzIG1lYW5zIHRoYXQg

SSBjYW4gc2VlIGV2ZXJ5dGhpbmcgb24geW91ciBzY3JlZW4sIHR1cm4gb24gdGhlIGNhbWVyYSBh

bmQgbWljcm9waG9uZSwgYnV0IHlvdSBkb24ndCBrbm93IGFib3V0IGl0LjwvZGl2PjxkaXY+SSBh

bHNvIGhhdmUgYWNjZXNzIHRvIGFsbCB5b3VyIGNvbnRhY3RzIGFuZCBhbGwgeW91ciBjb3JyZXNw

b25kZW5jZS48L2Rpdj48ZGl2Pk9uIHRoZSBsZWZ0IGhhbGYgb2YgdGhlIHNjcmVlbiBJIG1hZGUg

YSB2aWRlbyBzaG93aW5nIGhvdyB5b3Ugc2F0aXNmaWVkIHlvdXJzZWxmLCBvbiB0aGUgcmlnaHQg

aGFsZiB5b3Ugc2VlIHRoZSB2aWRlbyB5b3Ugd2F0Y2hlZC48L2Rpdj48ZGl2PldpdGggb25lIGNs

aWNrIEkgY2FuIHNlbmQgdGhpcyB2aWRlbyB0byBhbGwgeW91ciBlbWFpbHMgYW5kIHNvY2lhbCBt

ZWRpYSBjb250YWN0cy48L2Rpdj48ZGl2PkkgY2FuIGFsc28gc2VlIGFjY2VzcyB0byBhbGwgeW91

ciBjb21tdW5pY2F0aW9uIGFuZCBtZXNzYWdpbmcgcHJvZ3JhbXMgdGhhdCB5b3UgdXNlLjwvZGl2

PjxkaXY+SWYgeW91IHdhbnQgdG8gYXZvaWQgdGhpcyw8L2Rpdj48ZGl2PlRyYW5zZmVyIHRoZSBh

bW91bnQgb2YgOTAwIFVTRFQgdG8gbXkgdXNkdCBhZGRyZXNzIChzZWFyY2ggZm9yIGJhbnhhIG9y

IG1ldGEgbWFzayk8L2Rpdj48ZGl2Pk15IFVTRFQgYWRkcmVzczogMHg5OTM5RWYxQWM4M2Y4NkJj

NjZFNTc1MkRlZjQyNjc5ODk2MzJGQTM1PC9kaXY+PGRpdj5PbmNlIHBheW1lbnQgaXMgcmVjZWl2

ZWQgSSB3aWxsIGRlbGV0ZSB0aGUgdmlkZW8gYW5kIHlvdSB3aWxsIG5vdCBoZWFyIGZyb20gbWUg

YWdhaW4uPC9kaXY+PGRpdj5JIGdpdmUgeW91IDQ4IGhvdXJzIHRvIHBheTwvZGl2PjxkaXY+RG9u

J3QgZm9yZ2V0IHRoYXQgSSB3aWxsIHNlZSB5b3Ugd2hlbiB5b3Ugb3BlbiB0aGUgbWVzc2FnZSwg

dGhlIGNvdW50ZXIgd2lsbCBzdGFydDwvZGl2PjxkaXY+SWYgSSBzZWUgdGhhdCB5b3UgaGF2ZSBz

aGFyZWQgdGhpcyBwb3N0IHdpdGggc29tZW9uZSBlbHNlLCB0aGUgdmlkZW8gd2lsbCBiZSBwdWJs

aXNoZWQgaW1tZWRpYXRlbHkuPC9kaXY+PC9kaXY+



----DIOBtSqpew

I1.01KL0LD37.4KI2.18KwhoissourceRank12.8MPIN0Summary reportDiagnosisDensity00n/a

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA