determined Home Depot phish

Return-path: <>

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 10:39:48 -0600

Received: from [95.217.66.194] (port=33244 helo=borderlandresearch.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1o5rlI-000Ic6-I0

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 10:39:02 -0600

MIME-Version: 1.0

Message-Id:

From:=?UTF-8?B?U2VsZWN0ZWQh?=

Subject:=?UTF-8?B?SHVycnksIExpbWl0ZWQgVGltZSBPbmx5?=

Reply-To: reply_MW950K5dVyJ8HZt7h.bounce9@inx1and1.de

To: dave@doctor.nl2k.ab.ca

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=UTF-8

Date: Mon, 27 Jun 2022 18:36:46 +0200























































urgency spam from Google

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 15:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5vrb-000NLZ-Cq

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 15:01:43 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 15:01:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f169.google.com ([209.85.208.169]:40727)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5rK1-000Fzj-8A

for root@nk.ca;

Mon, 27 Jun 2022 10:10:49 -0600

Received: by mail-lj1-f169.google.com with SMTP id b23so11564789ljh.7

for ; Mon, 27 Jun 2022 09:10:24 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:from:date:message-id:subject:to;

bh=uU1SXdw4hPvKNdhQDIZEAxVwhuTPrO4NVZJP+u7dgcE=;

b=gIdO+n8A40NQrbXzvpBva3gc52oTdlfDu3EtgIgG7crdgHwzR7dZqWfuE6s9Qi6nf4

WP4VVyUDnlXJ7xA5UGRZA9YSqMJS8T8ku9Y3QmIARqpmasfm6MQVoaHTV5O+S1SMEyxC

5HnFy0DV9wVeQF3cdL+WPLJrt7/CY+qmz0Raw35if/UdhulyM/cP9nc7/oqI3ILSDK4L

djYLTwiLkC6FHBiCVnzVYd4Zcvtn6+u21fBoU3gcvjD4dzVrrAFaWRj/BRmylhWwrY3t

LZ27pUEf87VPO5nXquapuOLlKdXTlkNnP3yqFul0IEsVMPNYvG+wv2W06LFeFz+LZeup

+uYw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:from:date:message-id:subject:to;

bh=uU1SXdw4hPvKNdhQDIZEAxVwhuTPrO4NVZJP+u7dgcE=;

b=jle7hwlGzqGOJqKNb9GT6Pf2XGLCIyfgtMEMYBPNhkClL0KK9VBCfZ5pApeAHBLefF

aACvH+lppiwo/DEftzGmjaGVnHEhCqeGo/HiMbIp8QH/CAWlK7YuiQC+LbRsM7yEvt37

IcD5wrSygP8DoauN1wiydq3lWFM62+Ut6HMe/wXpEutHpWREbq1HmTZ112iNEgPwKBfk

H+VkVy7PGxmz3P5T3Kcdx9wzZFtQ9UP97yArLUFH1lgYRRDbcfHtYqacJ45g23alGSSx

ZLWc7AfjypeRntJKMqij/SY9Iqv6Rz2ctnaobP/gpaKlbQa8aLZ2WLd0ZlBRCtxQYXO1

2obg==

X-Gm-Message-State: AJIora88mlmUBJASPmoK5k34yiNzI8+g6JWFlfJC4m9OmWRa7AEj0evO

s33BTMHhxaAkf6sghUiUL3IB1VvTvD/5716q0UY=

X-Google-Smtp-Source: AGRyM1us1yC+iJOhJGVawieQxO0U9OvgQEaMtIBcFnTz5dJ4Eg2+vWhwFIfxXy34n+ASChj9FUxFOKDv2vZBiocCrb0=

X-Received: by 2002:a2e:7805:0:b0:25b:ca27:ffac with SMTP id

t5-20020a2e7805000000b0025bca27ffacmr1248510ljc.415.1656346217299; Mon, 27

Jun 2022 09:10:17 -0700 (PDT)

MIME-Version: 1.0

From: Andrew Santos

Date: Tue, 28 Jun 2022 00:09:51 +0800

Message-ID:

Subject: Re: Finally, your payment is here.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000e8437005e27027f1"

Bcc: root@nk.ca

X-Spam_score: 7.4

X-Spam_score_int: 74

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello I am Andrew Santos, following up on your payment (Next

of Kin / Contract payments) already approved a year ago but I understand

you were not able to claim the same due to the charges that are in [...]



Content analysis details: (7.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.169 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[lindarich111[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[lindarich111[at]gmail.com]

2.5 HK_SCAM_N2 BODY: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 HK_SCAM No description available.

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)

2.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} Re: Finally, your payment is here.



--000000000000e8437005e27027f1

Content-Type: text/plain; charset="UTF-8"



Hello

I am Andrew Santos, following up on your payment (Next of Kin / Contract

payments) already approved a year ago but I understand you were not able to

claim the same due to the charges that are involved.

You were not able to make the payment hence the funds could not be released

to you.

However, I was contacted to review your case and recommend, if possible,

the outright cancellation of the payment since you were not able to pay the

fees before the release of funds to you either through an ATM card or wire

transfer.

If you are interested to receive your payment kindly confirm the following:



1. Your full names and address

2. Your telephone numbers

3. Any ID



Best Regards,

Andrew Santos



--000000000000e8437005e27027f1

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello
I am Andrew Santos, following up on your payment =

(Next of Kin / Contract payments) already approved a year ago but I underst=

and you were not able to claim the same due to the charges that are involve=

d.
You were not able to make the payment hence the funds could not be re=

leased to you.
However, I was contacted to review your case and recommen=

d, if possible, the outright cancellation of the payment since you were not=

able to pay the fees before the release of funds to you either through an =

ATM card or wire transfer.
If you are interested to receive your payment=

kindly confirm the following:

1. Your full names and address
2. =

Your telephone numbers
3. Any ID

Best Regards,
Andrew Santos
r>




--000000000000e8437005e27027f1--

QeWebby spam from sendgird

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 15:02:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5vrG-000NIw-D0

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 15:01:22 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 15:01:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from dhtrptvr.outbound-mail.sendgrid.net ([208.117.55.133]:26110)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5r8P-000EeY-La

for sales@nk.ca;

Mon, 27 Jun 2022 09:58:49 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me;

h=from:subject:references:in-reply-to:mime-version:to:content-type:

content-transfer-encoding;

s=smtpapi; bh=f8O0PFzOtCDPpB86xoPx+ngVmxEnxQqseM8i6TEV3nU=;

b=Gl59nnvUD6bRBiXjzG/WgYHgL+AelNUlTAhWLCj0OIY7h06nFyNZv8vCuGj4xrdwjLdQ

gEQQtOM5XIHG9HbJzv1Rvg4xV0VkA+7751ngwABKPBHwW1Y/kaIExS0Gznd3dfV/eIMcxW

eBxt/5SL27hldGtMtpJx2h9giYMtQGBq0=

Received: by filterdrecv-7b77c45746-6fvxl with SMTP id filterdrecv-7b77c45746-6fvxl-1-62B9D39E-2D

2022-06-27 15:58:22.657246507 +0000 UTC m=+1636527.740629392

Received: from 127.0.0.1 (unknown)

by geopod-ismtpd-4-1 (SG) with ESMTP

id 66Q_DNHnTbO1_DMlBtCT8Q

for ;

Mon, 27 Jun 2022 15:58:22.147 +0000 (UTC)

Date: Mon, 27 Jun 2022 15:58:22 +0000 (UTC)

From: Mike Kyle

Subject: NetKnow Internet Knowledge Co. & QeWebby

Message-ID: <83b219ed-ed7b-eb55-3fa5-bfc5d91ca94d@mail.gmail.com>

References:

X-Forwarded-Message-Id:

In-Reply-To:

MIME-Version: 1.0

X-SG-EID:

=?us-ascii?Q?gQkno2vIGpTbi=2FX3IyC+KiwMuSWPeAu6AAAUtb8PBFPmc5mmYUivfGi6Cymb6N?=

=?us-ascii?Q?vJ+u5m4qi+6RLNgXYhHr6ln5ZYg4Z9RjZI3Vxtm?=

=?us-ascii?Q?zZS1LUOgwux2IffBhEVGGGGDD4Rf=2FCU+9cXEG5+?=

=?us-ascii?Q?RG7SdmkpLmv9AjRJE3FxfCe68GKb=2FfTUunZ0JT2?=

=?us-ascii?Q?uEXo7N+6Tg0GSl7NVJ2ISGr49SMqozLEstdrXU0?=

=?us-ascii?Q?HO2K9etrpiLY4AsY4=3D?=

To: sales@nk.ca

X-Entity-ID: a2DzOxQgTHayZSyNfKdyJQ==

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: 7bit



Hello Aboo,





I hope you're having a wonderful day.





I just wanted to reach out and send over some information about what we do and see if there is room for us to work together.





QeWebby is a white-label agency that helps companies like yours in their WordPress and WooCommerce projects at just USD 18/hour.





Whether you need help with a couple of projects or support/maintenance tasks or dedicated developers that work directly in your systems, we have you covered.





Our Expertise:


- New website builds and redesign


- Design (PSD, Ai, Adobe XD, PDF, etc.) to WordPress conversion.


- WordPress custom development


- WooCommerce development





Why QeWebby?


- No minimum project size


- Free quotations are provided under no obligation


- Strict NDA


- Dedicated account manager





Does this sound like something you are interested in?





A reply would be greatly appreciated.





Best,


Mike Kyle // QeWebby





P.S. If you are not interested or not the right time, no problem at all. Just let me know either way.



Domain selling Spam from Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 15:01:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5vqj-000NDi-EX

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 15:00:49 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 15:00:49 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f169.google.com ([209.85.128.169]:43798)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5qai-000BED-TH

for sales@nk.ca;

Mon, 27 Jun 2022 09:24:01 -0600

Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-3137316bb69so88705687b3.10

for ; Mon, 27 Jun 2022 08:23:40 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:references:in-reply-to:from:date:message-id:subject:to;

bh=rITThpq+c6o4qv0OvvNP5JGWUGL2YMq8DJyiiVCSFhU=;

b=SYTZj4RXGezkVTJDA7ePeb33RFj9+56ar2LO9+wZHMdTPOCKnTZN790CDhOeqGZ6mz

fkP6zvnes9XQI1e8Wcdtte4OcAxkyYSoGr+jRIf3CC4JXjBuEcScEwsJnZQkuXnMvh91

C2h+b8/HV5+6Pc1e4XKUOsmZRpomQo4mtJ6jntMfG7ks23Gs6Y+gmcImuHo+nQRktHsk

RHr06BEuz/eSfcJVnIHfa1EPWF7gegWzD3NcsJ42NxfnsSXYeXxRMhqM+8DmsHma8MjV

vWX88OkbgpeaWUkfnh9TDAXu32kwBpFsTLlnPmHJmuxIi4yJGDpUZ4/8TyvLm+4kWNRd

zhKQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:references:in-reply-to:from:date

:message-id:subject:to;

bh=rITThpq+c6o4qv0OvvNP5JGWUGL2YMq8DJyiiVCSFhU=;

b=GP6KdROK4TlFFhQABwazrNiZmXFSia/7WGUm9jvTkAuVx5BImp3KQbHLoCvaInnjtf

WzShYBCV3AScT1PmWO7t9nuIIpGGJnL3MeH/n61Ie2G6E6C75jD78f1gIAzmgu6PHfgS

LvW/X4H1DTtA65Ue/35j8XdWVtURRMskCwRmcEuvoirQTNlzyEbX3dr6CkFMitgZH61S

nF2awjVbqoWfq8DkpmKwKcGkARICUIkzXxtIH5OF8s6nSEvfbfbPjgVRsvgvlsZTMRxe

yTpvl97YVXVat+7aowlaPXdzvdC1QcayQPTILij9FCKhOIIqMCPAMCS/xUbXoxCPPVQ6

BErQ==

X-Gm-Message-State: AJIora8qjOkPl3zzcIA109ACOJVx3O3xz3NbcY4tYqszoeKWLUxjccgE

UH4Pr4WjJ/OAYS6U1/e9Fvb8fAcjsngm0RSCLHdDWqYFBsI=

X-Google-Smtp-Source: AGRyM1tztb+/PkOc/IvgnnPB6236XdnDUtHfOmkYg1amupgtHCPZgDuoUvGyc5413+GJkwIDfGyE23HwIAWlY9T0UXc=

X-Received: by 2002:a81:9286:0:b0:317:d78b:fa41 with SMTP id

j128-20020a819286000000b00317d78bfa41mr15110383ywg.46.1656343413968; Mon, 27

Jun 2022 08:23:33 -0700 (PDT)

MIME-Version: 1.0

References:

In-Reply-To:

From: Michael Davis

Date: Mon, 27 Jun 2022 16:23:05 +0100

Message-ID:

Subject: Re: Edmonton Broadband

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="000000000000d0d60005e26f808e"



--000000000000d0d60005e26f808e

Content-Type: text/plain; charset="UTF-8"



Hello,



We have not heard from you regarding EdmontonBroadband.com



This massive domain can be forwarded to your website to capture clients

that need Broadband Services in Edmonton and nearby areas.



Price has been reduced to $399.



Go to www.EdmontonBroadband.com to get it now for $39 only.



Let me know if you have any questions.



Michael Davis.



On Mon, May 9, 2022, 6:49 PM Michael Davis wrote:



> Hello,

>

> EdmontonBroadband.com is listed for sale on Dan Domain Marketplace.

>

> The domain is often checked up on the internet in Edmonton. To capture

> more targeted customers for your business, redirect this massive domain to

> your primary website or build a new massive one on it.

>

> When you have 2 or more domains, it helps to throw a wider range and

> visibility than just 1.

>

> Go to www.EdmontonBroadband.com for immediate acquisition @ $499 only.

>

> Domain is also available @ GoDaddy.

>

> Best Regards,

> Michael Davis

> From Crown Domains.

>



--000000000000d0d60005e26f808e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,


>
We have not heard from you regarding EdmontonBroadband.c=

om

This massive domain c=

an be forwarded to your website to capture clients that need Broadband Serv=

ices in Edmonton and nearby areas.=C2=A0

<=

div dir=3D"auto">Price has been reduced to $399.=C2=A0

o">
Go to
d.com">www.EdmontonBroadband.com
to get it now for $39 only.=C2=A0
>

Let me know if you have any =

questions.

Michael Davis=

.=C2=A0


"gmail_attr">On Mon, May 9, 2022, 6:49 PM Michael Davis <
to:michaeldav2559@gmail.com">michaeldav2559@gmail.com
> wrote:

iv>

:1px #ccc solid;padding-left:1ex">
=C2=A0Hello,

"auto">
EdmontonBroadband.com is listed for sale=

on Dan Domain Marketplace.=C2=A0


=3D"auto">The domain is often checked up on the internet in Edmonton. To ca=

pture more targeted customers for your business, redirect this massive doma=

in to your primary website or build a new massive one on it.=C2=A0

v dir=3D"auto">
When you have 2 or more domains,=

it helps to throw a wider range and visibility than just 1.=C2=A0

v dir=3D"auto">

to">
Domain is also available @ GoDaddy.=C2=A0
div>

Best Regards,

ir=3D"auto">Michael Davis
From Crown Domains.
<=

/div>





--000000000000d0d60005e26f808e--

phish to obtain nk.ca user access

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 15:01:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5vps-000N68-L3

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 14:59:56 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 14:59:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wfbtbkkd.outbound-mail.sendgrid.net ([159.183.177.29]:19120)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5p5R-0003YY-4C

for root@nk.ca;

Mon, 27 Jun 2022 07:47:37 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newlaurakitchen22.com;

h=content-type:mime-version:from:subject:to;

s=s1; bh=+yii+NOD4s/yzXMRRcW5J74WJ29749cHN4Z4RZAM5NM=;

b=fG+2/y9Rjvg9qvI25IPCarNf0PRXaoSDtDkDlc0G95QxPN21m21yGkwi+SzFqXFYzTup

UY6iEX7M77XiFLclZyQPZXPbY05pRHDNkJjs4LlUWTyIb9JOpJKfsY3ouksiWwGdMLnSb1

1sh8oOrl2JCax/qIaBlp621c2EC3rglfOYRsG1NGDg4dpE43v9tJGo5FkK6El4+Vai+u9g

ruWr8VHU2PJVsO3+m5+FAE5R3y7HmaxwNniqK/d0a7sdwTRgWJ2IvzcPgZ3hFQEBOo5Wq3

o/610dZCJ5J8k8+gzdVrvW2EDF8SpWXThv+/crOZxUdLYd2tyGz2pvk66HYmV87A==

Received: by filterdrecv-846cc7cc7f-xf5dw with SMTP id filterdrecv-846cc7cc7f-xf5dw-1-62B9B4DA-7A

2022-06-27 13:47:06.40835424 +0000 UTC m=+1628286.956692011

Received: from [172.17.0.4] (unknown)

by geopod-ismtpd-6-5 (SG) with ESMTP

id Vc92YIaSRhOHbG64ULmN3Q

for ;

Mon, 27 Jun 2022 13:47:06.332 +0000 (UTC)

Content-Type: multipart/related; boundary="===============5976475191921004144=="

MIME-Version: 1.0

From: noreply-zOEivzkkAVNJ9iX@em7717.newlaurakitchen22.com

Subject: Nk Urgent Deactivation alert

X-Priority: 2

Message-ID:

Date: Mon, 27 Jun 2022 13:47:06 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?lT58ugLK=2FeEakYOTzexAmdEL6LQ4znUew5Jeij3FkK=2FWVEYkIk4udGQ3ZiM+mf?=

=?us-ascii?Q?Nd2RnSjQuMoOK2St4OPKq9PGoHWLB0Tdp74jMKm?=

=?us-ascii?Q?qQUFk7KmRGmRg3RlZGRaJx3V6bnUIpFuZqGJrFT?=

=?us-ascii?Q?xVXSS01RhQQ0=2Fya2VAotqZN9pro4ySI+EnEtxpS?=

=?us-ascii?Q?mcKGHnBBfLzYQcvRBB6D7x0Xqcs3aPEGvcXbro0?=

=?us-ascii?Q?Oi7Ulxl+zylC5rq7CVKwNfxQK801o1o2EMU4Hy?=

To: root@nk.ca

X-Entity-ID: dFS1WKN9/TYVa6CBz9GjHA==

X-Spam_score: 5.2

X-Spam_score_int: 52

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: We have identified data security issues concerning your account

root@nk.ca So, we advise that all accounts be authenticated. You are required

to verify your account immediately or we will be



Content analysis details: (5.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.183.177.29 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64

encoding

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

1.0 ACCT_PHISHING Possible phishing for account information

1.0 XPRIO Has X-Priority header

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} Nk Urgent Deactivation alert



--===============5976475191921004144==

Content-Type: text/html; charset=us-ascii

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRlbnQ9Ik1TSFRNTCAx

MS4wMC4xMDU3MC4xMDAxIj4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIg

Y29udGVudD0iSUU9ZWRnZSI+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgIDx0YWJsZSBzdHls

ZT0ibWFyZ2luOiBhdXRvOyB3aWR0aDogNTUwcHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IHRleHQt

dHJhbnNmb3JtOiBub25lOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBmb250LWZhbWlseTogQ2Fs

aWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNnB4OyBmb250

LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiA0MDA7IHdvcmQtc3BhY2luZzogMHB4OyB3aGl0

ZS1zcGFjZTogbm9ybWFsOyBib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlOyBvcnBoYW5zOiAyOyB3

aWRvd3M6IDI7IGZvbnQtc3RyZXRjaDogaW5oZXJpdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1

NSwgMjU1LCAyNTUpOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1jYXBzOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBpbmhlcml0OyBmb250LXZhcmlh

bnQtZWFzdC1hc2lhbjogaW5oZXJpdDsgCiAgICAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw

cHg7IHRleHQtZGVjb3JhdGlvbi10aGlja25lc3M6IGluaXRpYWw7IHRleHQtZGVjb3JhdGlvbi1z

dHlsZTogaW5pdGlhbDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyI+CiAgICA8dGJv

ZHk+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9IndpZHRoOiA1NDhweDsiPgogICAgPGRpdiBzdHls

ZT0iYmFja2dyb3VuZDogcmdiKDIzOSwgMjM5LCAyMzkpOyBtYXJnaW46IGF1dG87IHBhZGRpbmc6

IDIwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyI+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBw

eCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsiPgogICAgPHRhYmxlIHdp

ZHRoPSIxMDAlIiBzdHlsZT0iaGVpZ2h0OiAxOHB4OyI+CiAgICA8dGJvZHk+CiAgICA8dHIgc3R5

bGU9ImhlaWdodDogMThweDsiPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7Ij4mbmJzcDs8

L3RkPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7IHRleHQtYWxpZ246IHJpZ2h0OyI+Jm5i

c3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1hcmdp

bjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwt

YWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJiYWNrZ3JvdW5k

OiB3aGl0ZTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDEwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRD

b2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyI+CiAgICA8dGFibGUgc3R5bGU9IndpZHRo

OiA0ODhweDsgaGVpZ2h0OiAxMjdweDsgYm94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHRi

b2R5PgogICAgPHRyPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNDc2cHg7IGhlaWdodDogOTJweDsg

Ym94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBjb2xv

cjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1z

ZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDAp

OyBmb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5XZSBoYXZlIGlkZW50aWZpZWQgZGF0

YSBzZWN1cml0eSBpc3N1ZXMgY29uY2VybmluZyB5b3VyIGFjY291bnQmbmJzcDs8L3NwYW4+PHNw

YW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMjU1KTsiPgogICAgcm9vdEBuay5jYTxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBhcmlhbCwgc2Fucy1zZXJpZjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjwvcD4KICAgIDxw

IHN0eWxlPSJtYXJnaW46IDBweDsgZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMt

c2VyaWY7IGZvbnQtc2l6ZTogc21hbGw7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IGFyaWFs

LCBzYW5zLXNlcmlmOyI+U28sIHdlIGFkdmlzZSB0aGF0IGFsbCBhY2NvdW50cyBiZSBhdXRoZW50

aWNhdGVkLjwvc3Bhbj48L3A+CiAgICA8cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5

OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+Jm5ic3A7

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5Zb3UgYXJlIHJlcXVpcmVkIHRvIHZlcmlmeSB5b3Vy

IGFjY291bnQgaW1tZWRpYXRlbHkgb3Igd2Ugd2lsbCBiZSZuYnNwOzwvc3Bhbj48L3A+CiAgICA8

cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5z

LXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBhcmlh

bCwgc2Fucy1zZXJpZjsiPmZvcmNlZCB0byBEZWFjdGl2YXRlIHlvdXIgYWNjb3VudC48L3NwYW4+

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48L3NwYW4+Jm5ic3A7PC9wPgogICAgPHAgc3R5bGU9

Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsg

Zm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogYXJpYWwsIHNhbnMt

c2VyaWY7Ij48c3BhbiBzdHlsZT0ibWFyZ2luOiAwcHg7IHBhZGRpbmc6IDBweDsgYm9yZGVyOiAw

cHggY3VycmVudENvbG9yOyBjb2xvcjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogaW5o

ZXJpdDsgZm9udC1zaXplOiBzbWFsbDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyBkaXNwbGF5

OiBpbmxpbmUgIWltcG9ydGFudDsgZm9udC1zdHJldGNoOiBpbmhlcml0OyBiYWNrZ3JvdW5kLWNv

bG9yOiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij4KICAgIElmIHlvdSBmYWlsIHRvIFZlcmlmeSB5b3Vy

IGFjY291bnQsIHlvdSB3aWxsIGJlIGRlYWN0aXZhdGVkIGFuZCB5b3Ugd2lsbCBsb3NlIGFjY2Vz

cyB0byB5b3VyIE1haWxib3guPC9zcGFuPjxicj48L3NwYW4+PC9wPjxzcGFuIHN0eWxlPSJmb250

LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48YnI+PC9zcGFuPjwvdGQ+CiAgICA8dGQgc3R5

bGU9IndpZHRoOiA1cHg7IGhlaWdodDogOTJweDsgdGV4dC1hbGlnbjogcmlnaHQ7IGJveC1zaXpp

bmc6IGJvcmRlci1ib3g7Ij4mbmJzcDs8L3RkPjwvdHI+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9

InBhZGRpbmc6IDVweCAwcHg7IHdpZHRoOiA0NzZweDsgaGVpZ2h0OiAyOXB4OyBib3gtc2l6aW5n

OiBib3JkZXItYm94OyI+CiAgICA8YSBzdHlsZT0iYmFja2dyb3VuZDogcmdiKDAsIDEwMywgMTg0

KTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDdweDsgYm9yZGVyLXJhZGl1czogMnB4OyBib3JkZXI6

IDBweCBjdXJyZW50Q29sb3I7IHdpZHRoOiAxMDAlOyBjb2xvcjogd2hpdGU7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiIGhyZWY9Imh0dHA6Ly92TUh3N3hlWUYuY2l0eXBldC5jb20udHIvXzo6

c3J1MnVUWGF1cGtXSkQ0YmVpZGJDUnNPMF9yZWZfTURZdVluQnlhR0Z1WldSaExtTnZMbWxrTDE4

d05pOGdNRFlqWTIwNWRtUkZRblZoZVRWcVdWRTlQUT09Ij5DbGljayBoZXJlIHRvIHVwZGF0ZSB5

b3VyIGFjY291bnQmZ3Q7Jmd0OzwvYT48L3RkPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNXB4OyBo

ZWlnaHQ6IDI5cHg7IHRleHQtYWxpZ246IHJpZ2h0OyBib3gtc2l6aW5nOiBib3JkZXItYm94OyI+

Jm5ic3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1h

cmdpbjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGlj

YWwtYWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46

IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiPgogICAgPHA+PHNwYW4gc3R5bGU9Im1hcmdpbjogMHB4OyBwYWRkaW5n

OiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgZm9udC1mYW1pbHk6IGluaGVyaXQ7IGZv

bnQtc2l6ZTogMTRweDsgZm9udC13ZWlnaHQ6IDYwMDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij5Ob3RlOjwvc3Bhbj4KICAgICZuYnNwOzxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBpbmhlcml0OyBmb250LXNpemU6IDEycHg7IHZlcnRpY2FsLWFsaWduOiBi

YXNlbGluZTsgZm9udC1zdHJldGNoOiBpbmhlcml0OyI+CiAgICBUaGUgY29udGVudCBvZiB0aGlz

IGVtYWlsIGlzIGNvbmZpZGVudGlhbCBhbmQgaW50ZW5kZWQgZm9yIHRoZSByZWNpcGllbnQgc3Bl

Y2lmaWVkIGluIG1lc3NhZ2Ugb25seS4gSXQgaXMgc3RyaWN0bHkgZm9yYmlkZGVuIHRvIHNoYXJl

IGFueSBwYXJ0IG9mIHRoaXMgbWVzc2FnZSB3aXRoIGFueSB0aGlyZCBwYXJ0eSwgd2l0aG91dCBh

IHdyaXR0ZW4gY29uc2VudCBvZiB0aGUgc2VuZGVyLiBJZiB5b3UgcmVjZWl2ZWQgdGhpcyBtZXNz

YWdlIGJ5IG1pc3Rha2UsIHBsZWFzZSByZXBseSB0byB0aGlzIG1lc3NhZ2UgYW5kIGZvbGxvdyB3

aXRoIGl0cyBkZWxldGlvbiwgc28gdGhhdCB3ZSBjYW4gZW5zdXJlIHN1Y2ggYSBtaXN0YWtlIGRv

ZXMgbm90IG9jY3VyIGluIHRoZSBmdXR1cmUuPC9zcGFuPjwvcD48L2Rpdj48L2Rpdj48L3RkPjwv

dHI+PC90Ym9keT48L3RhYmxlPjwvYm9keT48L2h0bWw+



--===============5976475191921004144==--

Nigerian scam from Google

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 07:35:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5otF-0001bn-Ov

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 07:34:57 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 07:34:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yb1-f177.google.com ([209.85.219.177]:47017)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5oma-0000hI-B0

for root@mail.nl2k.ab.ca;

Mon, 27 Jun 2022 07:28:08 -0600

Received: by mail-yb1-f177.google.com with SMTP id l11so16683593ybu.13

for ; Mon, 27 Jun 2022 06:27:44 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to

:content-transfer-encoding;

bh=1n2Tbp2UoOeJaIEJWe8PzXOuqessPWxgs3TxofVd7zc=;

b=WRcA1g3BQl3+2379eY4P9pO5v7mijMeAI8gZnsiwBr98N4dDDy6ec9iV54m23VZoNx

NYyDsQ0TxNwBPs7hgiux+E1MnTIj7T0Gkxbt5cQ85W5lkhod5sQ3iJPutXRlfC266Awb

GgjWoUOXyaV+0Cnn9+zioLsIvHpEnTWpPTsVOm6bMvq3yzfjlCjOpzrOZLG2gGYKIxln

BxOIHCsaKnYuR7mhU3TcpC/xK2HCV7oNCWT8emyVxPnbAX7i46LqhuFjQc6eZfRnBCcT

izseK+psZnFxuztBAlkpXisbZvik2FNEGH632fuAF/9g2SayE5xaBYX+tE0n+qpA+pOR

Otsw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to:content-transfer-encoding;

bh=1n2Tbp2UoOeJaIEJWe8PzXOuqessPWxgs3TxofVd7zc=;

b=0xKJM0TvnyU7diwx5HuA80hVc7HjzE1AQ8eNUlwNWZ070GhWJYNWOnliMpN6fSiOFJ

EWCYgWqLO+EkWKe7UuEcHuBvLAYl2wxNjJ8ae/QcU98B+4jwt7N1kHRjGC911A6RnLZz

6LLegONJ+nVgEZ0RM38iU1O+qyc8u65NVAgPDkHmc/PyNfsxKxERILrBhbnAVtXmfNG3

mLo6p4SCtvkWotlG9dMk1KEyFwa9axl4mv4XqwHCevX6++uPiAHQeXv1CLUDNfNErIk1

RDsd5vOvGUfMCjUze6N3CcTlkYv+Qjynbb5d4/C1z4BqFYf1V++mfhVM5ZPOSPDm5EQo

7ohQ==

X-Gm-Message-State: AJIora9QzsDAyUnwouydOCY+82VDtQClSe/0CITS8LCaLEDxCfMP0IQk

npSCcyjsfkma1XjG5lod5EsfDyi37QbdvvU7eCQiQqwZqhZI8g==

X-Google-Smtp-Source: AGRyM1tevOSGmFdTJikQHUQUWnADsZjXROo8gIhRc2HSnIzib0ZxNsWhRLRgHNETv+5IOV8V+8HEz8SfSv/xr3inCRA=

X-Received: by 2002:a25:b94:0:b0:669:b56c:e7e6 with SMTP id

142-20020a250b94000000b00669b56ce7e6mr13994972ybl.194.1656336447698; Mon, 27

Jun 2022 06:27:27 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:7000:2c96:0:0:0:0 with HTTP; Mon, 27 Jun 2022 06:27:27

-0700 (PDT)

Reply-To: ubagroupbankingplc1@gmail.com

From: UNITED NATIONS

Date: Mon, 27 Jun 2022 06:27:27 -0700

Message-ID:

Subject: IMMEDIATE PAYMENT

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Bcc: root@mail.nl2k.ab.ca

X-Spam_score: 19.4

X-Spam_score_int: 194

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: WORLD BANK ASSISTED PROGRAM DIRECTORATE OF INTERNATIONAL PAYMENT

AND TRANSFER. DEBT RECONCILIATION/AUDIT UNIT UNITED NATIONS HEADQUARTERS,

NEW YORK, NY 10017, USA YOU’RE REF: WB/NF/UN/028 UNITED NAT [...]



Content analysis details: (19.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.177 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[ubagroupbankingplc1[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[siliyamponsah[at]gmail.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.5 XFER_LOTSA_MONEY Transfer a lot of money

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal

information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

2.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} IMMEDIATE PAYMENT



WORLD BANK ASSISTED PROGRAM

DIRECTORATE OF INTERNATIONAL

PAYMENT AND TRANSFER.

DEBT RECONCILIATION/AUDIT UNIT

UNITED NATIONS HEADQUARTERS,

NEW YORK, NY 10017, USA

YOU=E2=80=99RE REF: WB/NF/UN/028 UNITED NATIONS.





FASN: OSB/629578/NIG/GFS63G



Dear Sir/Ma,



We're delighted to inform you that through the LEGAL intervention of

United Nations and World Bank delegates we have successfully secured

the release of your funds which you abandoned because of those corrupt

Government officials. We=E2=80=99re obligated to comply with both Domestic =

and

International Financial Laws, which requires us to verify your

identity prior to sending or receiving wire transfer to or from

nations. Please understand that this procedure is crucial for

preventing financing terrorism and organized crime throughout the

world. Today the Global Financial Stability Report, a quarterly

publication launched to review a regular assessment of global Pending

Foreign Payments, reviewed that your contract/Inherence fund

US$15,500.000.00 which was seized and confiscated on Tuesday, July 10,

2012 by the Global Illicit Financial Team as it was tagged suspicious

fund transfer was proven to be a legal fund, free from any illegal

business and civil, criminal, or financial crime.



In view to the verification process and survey in the Joint Annual

Meetings of the Boards of Governors of the United Nations, the World

Bank and other key International Financial Intelligence Agencies, it

has been showed that you have fully complied with the International

statutory provision for payment of Huge Funds under Article 102,

section 36, SS 1a-2b of the 2012 International Financial and Allied

Matters Act. Prior to this effect, an irrevocable fund transfer

authorization letter has been forwarded to the remitting bank "United

Bank for Africa" to commence with the fund transfer as appropriate to

you as the beneficiaries with Fund Allocation Approval Serial Number:

OSB/629578/NIG/GFS63G.



With all due respect Sir/Ma, we apologize for the inconveniences and

pains this delay might have caused you and note that your fund

US$15,500,000.00 {Fifteen Million Five Hundred Thousand Dollars} shall

be release to you. Kindly contact; United Bank for Africa Plc, Email:

{ ubagroupbankingplc1@gmail.com } with your Fund Allocation Approval

Serial Number: OSB/629578/NIG/GFS63G, as your fund transfer order has

been forward to their bank and you are only required to re-confirm the

following;

(1) Full Name:.....

(2) Contact Address:....

(3) Tel:... for verification reasons only. Any hesitation or

procrastination in following up as advised here might endanger the

transfer of your fund US$15,500,000.00 into your designated Bank

account within three Bank working days.



Thanks and congratulations.



Faithfully;

ANT=C3=93NIO GUTERRES

Secretary-General United Nation

Cc: Bertrand Badr=C3=A9,

Managing Director and World Bank Group Chief Financial Officer.

Cc: Mahmoud Mohieldin

Corporate Secretary and President's Special Envoy.

Cc: UN Debt Reconciliation Committee.

cc: Mr. Kennedy Uzoka

Group Managing Director and Chief Executive Officer,

United Bank for Africa Plc

Phone Number: +2348102473294

E_MAIL:ubagroupbankingplc1@gmail.com

Nigerian phish from Microsoft

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 06:43:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5o4V-000ACY-A8

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 06:42:31 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 06:42:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from a8-81.smtp-out.amazonses.com ([54.240.8.81]:43871)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from <01000181a504dd6e-4a036fd3-bc49-40d2-acdc-7504122d6bf8-000000@amazonses.com>)

id 1o5nM2-000CIz-IQ

for doctor@nk.ca;

Mon, 27 Jun 2022 05:56:40 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1656330968;

h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;

bh=cW9jUGU03edE/Lbm1JGNS6wfZ6mli1DEfH+3p30jMoE=;

b=ctDUVMlxZq93P+vT8YMsznjRAuUFzo9mp9VF142ACXwAwCzPFRoVrlyNESKa7bjr

eFJwb4cT0/KI9nf90BvCEaM/QFt0oQMq2lyQxszn9sTWsIjchQdspxvy1UB3+mlC+xr

UwOZ+EKL9D1wde3O0wHroVtwEXf9YvtS6uyF/taY=

Subject: Session not expiring after password change via forgot link

From: Claire Samuel

To: "doctor@nk.ca"

Reply-To: Claire Samuel

List-Unsubscribe: ,


Subscriber-Uid:ey9677xbfhf21 - Unsubscribe request&body=Please unsubscribe

me!>

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Id: af726vv397a14

X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/mx001lfzwh6e2/report-abuse/af726vv397a14/ey9677xbfhf21

X-EBS: https://email.offensiveguards.io/latest/lists/block-address

Feedback-ID: 1.us-east-1.jUPIvFwI5WueMv7UjkxdV4UxLo/q5d3gibQe3k7gqaU=:AmazonSES

Message-ID: <01000181a504dd6e-4a036fd3-bc49-40d2-acdc-7504122d6bf8-000000@email.amazonses.com>

MIME-Version: 1.0

Date: Mon, 27 Jun 2022 11:56:08 +0000

Content-Type: multipart/alternative; boundary=PbL8ZI_d

X-SES-Outgoing: 2022.06.27-54.240.8.81



--PbL8ZI_d

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable



Hello doctor,

Hope you are fine. As an=C2=A0independent security research=

er I have found

some bugs/vulnerabilities in your website.

Vulnerabilit=

y: Failure to invalidate session on forget password

I have observed that =

when we=C2=A0request=C2=A0a forgot password link it

updates the session i=

nstead of=C2=A0expiration. If an account=C2=A0is

logged=C2=A0in some acco=

unt and the password reset link=C2=A0is used=C2=A0the

other account will =

get updated but not expired.

Steps to reproduce:

1. Request a forgot pa=

ssword link.

2. Now login in another browser and then use the password re=

set link

in another browser.

3. You will notice that the password=C2=

=A0will be changed=C2=A0successfully

and the other browser will still be =

active with the account you opened

in it.

Impact:

If some account=

=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will not

be=C2=A0log=

ged out from that browser and=C2=A0will be logged=C2=A0in and=C2=A0can

be=

=C2=A0used for malicious activities.

Recommendations:

It should expire =

immediately when the password=C2=A0is changed.

Regards.

--PbL8ZI_d

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable









=09Session not expiring after password change via forgot link</title=<br /><br /> ><br /><br /> </head><br /><br /> <body>Hello doctor,<br /><br /><br /> Hope you are fine. As an=C2=A0independent security researcher I have found =<br /><br /> some bugs/vulnerabilities in your website.<br /><br /><br /> <br /><br /><br /> Vulnerability: Failure to invalidate session on forget password<br /><br /><br /> <br /><br /><br /> I have observed that when we=C2=A0request=C2=A0a forgot password link it up=<br /><br /> dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=<br /><br /> =C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=<br /><br /> er account will get updated but not expired.<br /><br /><br /> <br /><br /><br /> Steps to reproduce:<br /><br /><br /> <br /><br /><br /> 1. Request a forgot password link.<br /><br /><br /> 2. Now login in another browser and then use the password reset link in ano=<br /><br /> ther browser.<br /><br /><br /> 3. You will notice that the password=C2=A0will be changed=C2=A0successfully=<br /><br /> and the other browser will still be active with the account you opened in =<br /><br /> it.<br /><br /><br /> <br /><br /><br /> Impact:<br /><br /><br /> <br /><br /><br /> If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=<br /><br /> t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=<br /><br /> =C2=A0can be=C2=A0used for malicious activities.<br /><br /><br /> <br /><br /><br /> Recommendations:<br /><br /><br /> <br /><br /><br /> It should expire immediately when the password=C2=A0is changed.<br /><br /><br /> <br /><br /><br /> Regards. <input type=3D"hidden" value=3D"Claire Samuel<br /><br /><br /> 1070 S Elmhu=<br /><br /> rst Rd <br /><br /><br /> Mt Prospect Delaware 60056<br /><br /><br /> United States<br /><br /><br /> , =<br /><br /> https://email.offensiveguards.io/latest/lists/af726vv397a14/unsubscribe/ey9=<br /><br /> 677xbfhf21/mx001lfzwh6e2" /></body><br /><br /> </html><br /><br /> --PbL8ZI_d--<br /><br /> </div> <footer class="post-info"> <ul class="meta"> <li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/13-Microsoft-Outlook-Hotmail-Spam">Microsoft Outlook Hotmail Spam</a></li> <li><a href="/blog/index.php?/archives/2888-Nigerian-phish-from-Microsoft.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li> </ul> </footer> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/" xmlns:dc="http://purl.org/dc/elements/1.1/"> <rdf:Description rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_2888.rdf" trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=2888" dc:title="Nigerian phish from Microsoft" dc:identifier="https://www.nk.ca/blog/index.php?/archives/2888-Nigerian-phish-from-Microsoft.html" /> </rdf:RDF> --> </article> <article class="post clearfix"> <header> <h2 class="post-title"><a href="/blog/index.php?/archives/2889-TD-commercial-from-sendgrid.net.html">TD commercial from sendgrid.net</a></h2> <span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2022-06-27T16:01:00+00:00">Monday, June 27. 2022</time></span> </header> <div class="clearfix"> Return-path: <doctor@doctor.nl2k.ab.ca><br /><br /> Envelope-to: dave@doctor.nl2k.ab.ca<br /><br /> Delivery-date: Mon, 27 Jun 2022 06:44:00 -0600<br /><br /> Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br /> id 1o5o5Q-000AIM-K2<br /><br /> for dave@doctor.nl2k.ab.ca;<br /><br /> Mon, 27 Jun 2022 06:43:28 -0600<br /><br /> Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br /> Resent-Date: Mon, 27 Jun 2022 06:43:28 -0600<br /><br /> Resent-Message-ID: <Yrml8Ph3qYfG9OLy@doctor.nl2k.ab.ca><br /><br /> Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br /> Received: from wrqvxbss.outbound-mail.sendgrid.net ([149.72.171.102]:18748)<br /><br /> by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256<br /><br /> (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <bounces+27047006-52b6-doctor=nl2k.ab.ca@sendgrid.net>)<br /><br /> id 1o5ngU-000Jfw-2o<br /><br /> for doctor@nl2k.ab.ca;<br /><br /> Mon, 27 Jun 2022 06:17:47 -0600<br /><br /> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;<br /><br /> h=content-type:from:mime-version:subject:reply-to:to:list-unsubscribe;<br /><br /> s=smtpapi; bh=g0WlowMpMFBsgBoG9fuD58aA9QPtzI4W+wLI3plBONk=;<br /><br /> b=FkEM8sRyEZL/ap6+juxdG8RER3Ov8+XSWeJpRqVkZZTizjKXTdsHIyFoJyMWxDRD7pCh<br /><br /> sDF6sSg/1J2SqyfRHqVNRTj8Lmk62xRc15miNHyUue9yhrgojwqb5U/5zfJMpvSLq6t+P5<br /><br /> 4Sr310qBlhOvkl4eCDi0Q0DI5O2VnIasc=<br /><br /> Received: by filterdrecv-7b77c45746-d972d with SMTP id filterdrecv-7b77c45746-d972d-1-62B99FCB-28<br /><br /> 2022-06-27 12:17:15.274465218 +0000 UTC m=+1623257.217864494<br /><br /> Received: from MjcwNDcwMDY (unknown)<br /><br /> by geopod-ismtpd-4-1 (SG) with HTTP<br /><br /> id mzPT7tDtT5el5-E8d6ywVA<br /><br /> Mon, 27 Jun 2022 12:17:15.145 +0000 (UTC)<br /><br /> Content-Type: multipart/alternative; boundary=df69c009a443ce55dc2da6bd199fbfc6914cd664b8122fb2516038860a70<br /><br /> Date: Mon, 27 Jun 2022 12:17:16 +0000 (UTC)<br /><br /> From: TD Business Banking <td.com@torontomail.com><br /><br /> Mime-Version: 1.0<br /><br /> Message-ID: <mzPT7tDtT5el5-E8d6ywVA@geopod-ismtpd-4-1><br /><br /> Subject: Password Policy Update<br /><br /> Reply-To: td.com@torontomail.com<br /><br /> X-SG-EID: <br /><br /> =?us-ascii?Q?yhZWgKvlK15pBWdPnhzXfXQeMKv42bE=2FsOJaXvY9znl=2FmuY8xCqWcHnpYjEUa8?=<br /><br /> =?us-ascii?Q?fgELVLuJmwN4SdsTHbZzC9HFh9CMGPBV2K8BVmw?=<br /><br /> =?us-ascii?Q?IAa3BA9CZXPTaKggIuWDdT+7Nw0aLlFBq7HRLOn?=<br /><br /> =?us-ascii?Q?TdMk+4rd3hxDNibSnXiCcr57xl6zPOHJp7fxojo?=<br /><br /> =?us-ascii?Q?1lAxXX2c28Of6e6c+p2F=2FU3TN=2FQNK=2FW79NUiINI?=<br /><br /> =?us-ascii?Q?vCx2tIpvxymXMi4U49lXpYXcFyZGPIeeCXdhxrD?=<br /><br /> =?us-ascii?Q?DsOqdHLTot3gXJyXwG8FQ=3D=3D?=<br /><br /> X-SG-ID: <br /><br /> =?us-ascii?Q?se=2F49CGmbS0sfR97ImeXvDoOrI1ra2UfBi=2FYp+tM4sZNnFcdeo8cVPRMz3vfJ1?=<br /><br /> =?us-ascii?Q?B4lB8ss1VLTXJ6ibLPDs95VBUlMzbRCfT5eXVrQ?=<br /><br /> =?us-ascii?Q?W0=2FHUF6MdagXFaBFayL3LnrJH7TJwHIuZHtzsNd?=<br /><br /> =?us-ascii?Q?0=2FEGlhS66qLjjIoFv4pBk+8lQStUafBKEFSpQdX?=<br /><br /> =?us-ascii?Q?Jfc+kobNWH1U2BVIYJoX37tUHLoSHcfborxTj1g?=<br /><br /> =?us-ascii?Q?ZloEC6yhq+qdAv4xt53hmvM=2FJQDKv=2FPEX3D2Jfm?=<br /><br /> =?us-ascii?Q?uVeFzaVMgmwvzB1RLsGfqySa2hineVLW4UQ9=2FFP?=<br /><br /> =?us-ascii?Q?Ra5FOFdNFE8=2Fxs7fPyTqzuZY8AaGIL7wfY4Gtfs?=<br /><br /> =?us-ascii?Q?9NmFDffhtQE1czNvTJi05RabqIYrDT5oHNetPzH?=<br /><br /> =?us-ascii?Q?exQO+JWZIOSfT2KnWO0P0aFDfM6tJvXINP8Y7YM?=<br /><br /> =?us-ascii?Q?vMKHSM31A2qeoNIIz1FjXUDxllPKRWYUFLARPZf?=<br /><br /> =?us-ascii?Q?4C1l5KeyXVQbzC7cUZswfY36CK0RZ8DHVsv1oVH?=<br /><br /> =?us-ascii?Q?M2P4O1P5i55Mn9IbjKPlvmRwv8WiQdHJ8r0WoWc?=<br /><br /> =?us-ascii?Q?1r338+AqyoMEZXFZwleQZ04YZa5NsXdDzuFHKWG?=<br /><br /> =?us-ascii?Q?NImx=2F+ZCBi8Dy8WdBISrk7JGZNrYQ8laOp5z1oI?=<br /><br /> =?us-ascii?Q?D31jCNJTJlExGvpkz6r=2F3EideVMLtdnnAggHY+O?=<br /><br /> =?us-ascii?Q?TZ5RDej+XSQ905Q=3D=3D?=<br /><br /> To: doctor@nl2k.ab.ca<br /><br /> X-Entity-ID: RRdFgQvbMlG3bLFCcTwTkA==<br /><br /> List-Unsubscribe: <br /><br /> =?us-ascii?Q?=3Cmailto=3Aunsubscribe=40sendgrid=2Enet=3Fsubject=3Dhttps=3A=2F=2Fu27047006=2Ect=2E?=<br /><br /> =?us-ascii?Q?sendgrid=2Enet=2Fwf=2Funsubscribe*q*upn=3DyhyZF?=<br /><br /> =?us-ascii?Q?x0VqEyf8mUp3GgHMPstewA3N-2B-2BgCWrOdRjN?=<br /><br /> =?us-ascii?Q?0FEmAVitFDe-2BViSO-2BTZU7jTBHwlTHJs6G1q?=<br /><br /> =?us-ascii?Q?WdE7pGi4asRNBzriJwQncSa3LVQ2aMxk9Ah3J-2?=<br /><br /> =?us-ascii?Q?BXBuH4Dtepgbj8W94fpeQ5WFMgsWMhBup6AV4Pi?=<br /><br /> =?us-ascii?Q?FBaUpddtzFaCSIRGSO9g5bFh0bwXrzQZKQu8ZiP?=<br /><br /> =?us-ascii?Q?rFXxYrZ7fMvE6ZUbAnCHIw29ayAYz6twuz6umaC?=<br /><br /> =?us-ascii?Q?VuIy-2Bu6tfLWP-2FA6HS8WHlsV8po0JVml-2B-?=<br /><br /> =?us-ascii?Q?2F6g5e-2F5HE3ZA-2BRc2yRQusDR40Ww8WCso07?=<br /><br /> =?us-ascii?Q?Q1lWokO99tcwmXBKsrSmoqUttEaK0zRGQJ1SFMn?=<br /><br /> =?us-ascii?Q?5CLK-2B7Hf0VnivjTc4OoVUGx68uy7vYck1-2FI?=<br /><br /> =?us-ascii?Q?-2FRRG8NaeS8b-2BwChsEenOUmTba66WZqGkgpk?=<br /><br /> =?us-ascii?Q?MIRCGXsi-2FEmbnZdsp6GkYgHjNKJ8rcgd33cBi?=<br /><br /> =?us-ascii?Q?X6vARoWdmFKu9p0IP2ImrNi-2BDAQMJLtejxqM6?=<br /><br /> =?us-ascii?Q?xZHc5dI-2F41scxWwy-2BPWHKKhl4pDMpJEGPSY?=<br /><br /> =?us-ascii?Q?fUyT6GNdEaCCdo01d9ZwPbHnLPn4g-2F-2FXztU?=<br /><br /> =?us-ascii?Q?oeuYuIdZIJ-2F-2F7-2F-2BGkKovaOZHJB9-2Fm?=<br /><br /> =?us-ascii?Q?NcwEfMVbOCc0i-2FR8RVpjSE0inXMTYz3GfUc3a?=<br /><br /> =?us-ascii?Q?7mPOIT-2FbiLvjyPR2yCRndkoRQZ6P32Z8q4f-2?=<br /><br /> =?us-ascii?Q?BgiwWacOKgPUBBpxS6e9DnJf1uBuAtXtrW6UZpa?=<br /><br /> =?us-ascii?Q?2C-2By25yTMT-2FjjylIT7WDQme0s-2FFuozcC8?=<br /><br /> =?us-ascii?Q?ND-2FDsLVgqt2GS7PALVKIXQPiZUA5TIXjVB3L5?=<br /><br /> =?us-ascii?Q?-2B5LG2-2BiEOAiEgB9YCRxMZS7RF9ur-2FF8Kk?=<br /><br /> =?us-ascii?Q?V1AhEzVtSYJcmE5uWZ3t3P-2FyrnylXVoKrzYQl?=<br /><br /> =?us-ascii?Q?jmeTd7QaqRUqHO6TaZ-2BzsxlLzw-3D-3D=3E?=<br /><br /> <br /><br /> --df69c009a443ce55dc2da6bd199fbfc6914cd664b8122fb2516038860a70<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> Content-Type: text/plain; charset=iso-8859-1<br /><br /> Mime-Version: 1.0<br /><br /> <br /><br /> Dear Valued Customer,<br /><br /> <br /><br /> The=A0password for your business=A0banking account=A0is set to expire soon.=<br /><br /> This is as a result of an update to our password policy rules.<br /><br /> <br /><br /> Passwords have to be a minimum of 8 characters long and last for 180 days, =<br /><br /> and users cannot change them for 5 days, counted from the day they set the =<br /><br /> password.<br /><br /> <br /><br /> Maintain current Password ( https://snip.ly/q2btad )<br /><br /> <br /><br /> Use the button above to=A0maintain the password for your account. See our u=<br /><br /> pdated Terms and Privacy Policy. ( https://snip.ly/q2btad )<br /><br /> <br /><br /> Do not ignore this email to avoid login interruption.<br /><br /> <br /><br /> This is an automatically generated email for <strong>doctor@nl2k.ab.ca</strong> and reply =<br /><br /> is not required.<br /><br /> <br /><br /> Thanks and Regards,<br /><br /> <br /><br /> The Customer Feedback,<br /><br /> Toronto-Dominion Centre,<br /><br /> P.O. Box 193,<br /><br /> Toronto, ON M5K 1H6.<br /><br /> --df69c009a443ce55dc2da6bd199fbfc6914cd664b8122fb2516038860a70<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> Content-Type: text/html; charset=us-ascii<br /><br /> Mime-Version: 1.0<br /><br /> <br /><br /> <P><BR style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif=<br /><br /> ; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT=<br /><br /> : 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LET=<br /><br /> TER-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font=<br /><br /> -variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thic=<br /><br /> kness: initial; text-decoration-style: initial; text-decoration-color: init=<br /><br /> ial"><IMG style=3D"HEIGHT: 66px; WIDTH: 316px" border=3D0 alt=3D"TD Commerc=<br /><br /> ial Banking" src=3D"http://cdn.mcauto-images-production.sendgrid.net/727a93=<br /><br /> 3e8880c8cd/59b6be4d-7f54-4357-b60a-0b7fc35bacc8/304x60.gif" width=3D305 hei=<br /><br /> ght=3D60></P><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><SPAN style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: rgb(0,0,=<br /><br /> 0); TEXT-ALIGN: justify"><BR></SPAN></DIV><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><SPAN style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: rgb(0,0,=<br /><br /> 0); TEXT-ALIGN: justify">Dear Valued Customer,</SPAN><BR></DIV><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><br /><br /> <P style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: rgb(0,0,0); TE=<br /><br /> XT-ALIGN: justify">The password for your business banking account=<br /><br />  is set to expire soon. This is as a result of an update to our passwo=<br /><br /> rd policy rules.</P><br /><br /> <P style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: rgb(0,0,0); TE=<br /><br /> XT-ALIGN: justify">Passwords have to be a minimum of 8 characters long and =<br /><br /> last for 180 days, and users cannot change them for 5 days, counted from th=<br /><br /> e day they set the password.</P></DIV><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><br /><br /> <DIV><br /><br /> <TABLE role=3Dpresentation aria-hidden=3Dtrue style=3D"FONT-SIZE: 15px; FON=<br /><br /> T-FAMILY: sans-serif; BORDER-COLLAPSE: collapse; TABLE-LAYOUT: auto; COLOR:=<br /><br /> rgb(0,0,0); TEXT-ALIGN: justify; BORDER-SPACING: 0px; MARGIN: 0px" cellSpa=<br /><br /> cing=3D0 cellPadding=3D0 align=3Dleft border=3D0><br /><br /> <TBODY><br /><br /> <TR><br /><br /> <TD style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=<br /><br /> ; BACKGROUND: rgb(34,34,34); TEXT-ALIGN: center; MARGIN: 0px; border-radius=<br /><br /> : 3px"><A href=3D"https://u27047006.ct.sendgrid.net/ls/click?upn=3DdBo5W9xA=<br /><br /> xubZkK0PyIVapR11GqDkG98ClQhIOvvJce0-3DTQs7_EjU-2BRb4-2FGPO3PNlJPYwJDFRIfDNk=<br /><br /> 3Pi2UPBowZvfZqhx6gNVUujL-2B5qkX6WlQsmm3YV5euJTSONxDBBOWEfUHi1hM10jbWsIK29dz=<br /><br /> n97BC1nHnuONuQ8FP5wA1B8HGjD-2BCGxdEL6HpsFM3xcIFXfwm02Gjr6ZSeNWEhIYrW2iTlDs7=<br /><br /> CAEHHVbWVKsXjKF3FU7Tih6-2BZVBVm5azAodBI-2FA6A0Uxg-2Btpjzo2WCUXOOQNh7tSUyz1I=<br /><br /> EqFj1oecoM8Tz5fgRYKJLmR-2FdKpRPXYJQzR8povUIS3nJKwOtA8apQP6-2B2RRirl8ZxJm17m=<br /><br /> NQQyzrB6pTHOXULXW0gnFAiEZHQUfI0wo5PaHPg26zNVkaSbSfs0RXtA5Ex-2FDQAdyvdG8h-2F=<br /><br /> 1Xnum9ATQopt4lxF8I8iPbFmFRiW-2BRoMqa9rZLKdrcdmnbuIG6OU2HFYWGkjoL10BuN7MXchC=<br /><br /> IT6ARyXfpsBLDts6mjeF5NBXgeRRnhDt6cpaVM0cAgQELuWi7Cv9GVT6MbVbeaUJOt6s6ZSD-2B=<br /><br /> b4QkfYrZbC3zdsoZCtbnlH2085f3Asw-2FCGV6m6GU-2FzUhMvM5-2BmAmIO2eO-2FHSTXKIrrn=<br /><br /> uMNnTf97TSoS1P8R4-2BAtA2MO-2Fqsi6AVgbtKpZOjcsITbCLT74opdN7Z02R8bfhCzYEvsVNK=<br /><br /> IGf5-2FYn6Zuk8zDeU6V-2FF1mbifoO8Iu5dCvmPj01PwMc6sYiI9R3iVp5HyTl8hgWrs6Q6w4-=<br /><br /> 2By5JRl0dTMN76t-2BQ2Ez4kvs9R-2F6pwARaVT43iiZ45QDwVtNfICW6H-2BLEJRsQNouSIsY5=<br /><br /> 7pNfML2FkUQZiGNBNtYtioNNlPVx3JkmaY2A8eiWpEMYIpQ-3D-3D" style=3D"text-decora=<br /><br /> tion:none; FONT-SIZE: 13px; BORDER-TOP: rgb(45,92,61) 15px solid; FONT-FAMI=<br /><br /> LY: sans-serif; BORDER-RIGHT: rgb(45,92,61) 15px solid; BACKGROUND: rgb(45,=<br /><br /> 92,61); BORDER-BOTTOM: rgb(45,92,61) 15px solid; FONT-WEIGHT: bold; BORDER-=<br /><br /> LEFT: rgb(45,92,61) 15px solid; DISPLAY: block; LINE-HEIGHT: 1.1; border-ra=<br /><br /> dius: 3px"><FONT color=3D#ffffff>Maintain current Password</FONT></A></TD><=<br /><br /> /TR></TBODY></TABLE><BR style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; =<br /><br /> COLOR: rgb(0,0,0); TEXT-ALIGN: justify"></DIV><br /><br /> <DIV><BR></DIV><br /><br /> <DIV> </DIV></DIV><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><BR></DIV><br /><br /> <DIV style=3D"FONT-SIZE: small; FONT-FAMILY: Arial, Helvetica, sans-serif; =<br /><br /> WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: =<br /><br /> 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTE=<br /><br /> R-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=<br /><br /> ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickn=<br /><br /> ess: initial; text-decoration-style: initial; text-decoration-color: initia=<br /><br /> l"><br /><br /> <DIV><br /><br /> <P style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: rgb(0,0,0); TE=<br /><br /> XT-ALIGN: justify">Use the button above to maintain the password for y=<br /><br /> our account. See our updated <A style=3D"COLOR: rgb(17,85,204)" href=<br /><br /> =3D"https://u27047006.ct.sendgrid.net/ls/click?upn=3DdBo5W9xAxubZkK0PyIVapR=<br /><br /> 11GqDkG98ClQhIOvvJce0-3DUxZu_EjU-2BRb4-2FGPO3PNlJPYwJDFRIfDNk3Pi2UPBowZvfZq=<br /><br /> hx6gNVUujL-2B5qkX6WlQsmm3YV5euJTSONxDBBOWEfUHi1hM10jbWsIK29dzn97BC1nHnuONuQ=<br /><br /> 8FP5wA1B8HGjD-2BCGxdEL6HpsFM3xcIFXfwm02Gjr6ZSeNWEhIYrW2iTlDs7CAEHHVbWVKsXjK=<br /><br /> F3FU7Tih6-2BZVBVm5azAodBI-2FA6A0Uxg-2Btpjzo2WCUXOOQNh7tSUyz1IEqFj1oecoM8Tz5=<br /><br /> fgRYKJLmR-2FdKpRPXYJQzR8povUIS3nJKwOtA8apQP6-2B2RRirl8ZxJm17mNQQyzrB6pTHOXU=<br /><br /> LXW0gnFAiEZHQUfI0wo5PaHPg26zNVkaSbSfs0RXtA5Ex-2FDQAdyvdG8h-2F1Xnum9ATQopt4l=<br /><br /> xF8I8iPbFmFRiW-2BRoMqa9rZLKdrcdmnbuIG6OU2HFYWGkjoL10BuN7MXchCIT6ARyXfpsBLDt=<br /><br /> s6mjeF5NBXgeRRnhDt6cpaVM0cAgQELuWi7Cv9GVT6MbVbeaUJOt6s6ZSD-2Bb4QkfYrZbC3zds=<br /><br /> oZCtbnlH2085f3Asw-2FCGV6m6GU-2FzUhMvM5-2BmAmIO2eO-2FHSTXKIrrnuMNnTf97TSoS1P=<br /><br /> 8R4-2BAtA2MO-2Fqsi6AVgbtKpZOjcsITbCLT74opdN7Z02R8bfhCzYEvsVNKIGf5-2FYn6Zuk8=<br /><br /> zB-2FgP9xmUeVmRZ-2Blj4IvhtitjB7s92nRM4wCYQjySqEhQ3hh9N-2FyG1-2FXQLfQCfE-2Bn=<br /><br /> 2AVNAvEDbMmeEROx7y-2FD1ASPAIAxMZz8bf-2FN2DeZ-2B5y5qn7riESIXmk2McporZSwN4nlr=<br /><br /> fIrcuL4rJo-2BsKNr3Je7lmLYBC3KGjM0K-2Boi0xOg-3D-3D">Terms and Privacy Policy=<br /><br /> .</A></P><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; =<br /><br /> TEXT-ALIGN: justify">Do not ignore this email to avoid login interruption.<=<br /><br /> /I><BR></DIV><br /><br /> <DIV><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; TEXT=<br /><br /> -ALIGN: justify"><BR></I></DIV><br /><br /> <DIV><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; TEXT=<br /><br /> -ALIGN: justify"><BR></I></DIV><br /><br /> <DIV><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; TEXT=<br /><br /> -ALIGN: justify"><SPAN style=3D"FONT-SIZE: 13px; COLOR: rgb(85,85,85); FONT=<br /><br /> -STYLE: normal">This is an automatically generated email for </SPAN><S=<br /><br /> TRONG style=3D"FONT-SIZE: 13px; COLOR: rgb(85,85,85); FONT-STYLE: normal">d=<br /><br /> octor@nl2k.ab.ca</STRONG><SPAN style=3D"FONT-SIZE: 13px; COLOR: rgb(85,85,8=<br /><br /> 5); FONT-STYLE: normal"> and reply is not required.</SPAN><BR></I></DI=<br /><br /> V><br /><br /> <DIV><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; TEXT=<br /><br /> -ALIGN: justify"><SPAN style=3D"FONT-SIZE: 13px; COLOR: rgb(85,85,85); FONT=<br /><br /> -STYLE: normal"><BR></SPAN></I></DIV><br /><br /> <DIV><I style=3D"FONT-SIZE: 15px; FONT-FAMILY: sans-serif; COLOR: red; TEXT=<br /><br /> -ALIGN: justify"><br /><br /> <P style=3D"COLOR: rgb(0,0,0); FONT-STYLE: normal">Thanks and Regards,</P><br /><br /> <P style=3D"COLOR: rgb(0,0,0); FONT-STYLE: normal">The Customer Feedback,<B=<br /><br /> R>Toronto-Dominion Centre, <BR>P.O. Box 193,<BR>Toronto, ON M5K 1H6.</P></I=<br /><br /> ></DIV></DIV><img src=3D"https://u27047006.ct.sendgrid.net/wf/open?upn=3Dyh=<br /><br /> yZFx0VqEyf8mUp3GgHMPstewA3N-2B-2BgCWrOdRjN0FEmAVitFDe-2BViSO-2BTZU7jTBHwlTH=<br /><br /> Js6G1qWdE7pGi4asRNBzriJwQncSa3LVQ2aMxk9Ah3J-2BXBuH4Dtepgbj8W94fpeQ5WFMgsWMh=<br /><br /> Bup6AV4PiFBaUpddtzFaCSIRGSO9g5bFh0bwXrzQZKQu8ZiPrFXxYrZ7fMvE6ZUbAnCHIw29ayA=<br /><br /> Yz6twuz6umaCVuIy-2Bu6tfLWP-2FA6HS8WHlsV8po0JVml-2B-2F6g5e-2F5HE3ZA-2BRc2yRQ=<br /><br /> usDR40Ww8WCso07Q1lWokO99tcwmXBKsrSmoqUttEaK0zRGQJ1SFMn5CLK-2B7Hf0VnivjTc4Oo=<br /><br /> VUGx68uy7vYck1-2FI-2FRRG8NaeS8b-2BwChsEenOUmTba66WZqGkgpkMIRCGXsi-2FEmbnZds=<br /><br /> p6GkYgHjNKJ8rcgd33cBiX6vARoWdmFKu9p0IP2ImrNi-2BDAQMJLtejxqM6xZHc5dI-2F41scx=<br /><br /> Wwy-2BPWHKKhl4pDMpJEGPSYfUyT6GNdEaCCdo01d9ZwPbHnLPn4g-2F-2FXztUoeuYuIdZIJ-2=<br /><br /> F-2F7-2F-2BGkKovaOZHJB9-2FmNcwEfMVbOCc0i-2FR8RVpjSE0inXMTYz3GfUc3a7mPOIT-2F=<br /><br /> biLvjyPR2yCRndkoRQZ6P32Z8q4f-2BgiwWacOKgPUBBpxS6e9DnJf1uBuAtXtrXLD4RJpZBVIx=<br /><br /> cLvtXbI0BnWtR3rfSiU5skEbOsTCcZyTCtfZQ2eJNHuOlI-2FzUieEQe3DuyXSh5oUqq7W8VTdv=<br /><br /> 1ptoOjlFcbM-2BLEKcYgCkpp0Awzf-2FAeEvIPbi6amBQjdvaw9g08XjYEbSQCuQ7gVgjscySIi=<br /><br /> 9FuhsMhZr5a7-2F0ig-3D-3D" alt=3D"" width=3D"1" height=3D"1" border=3D"0" st=<br /><br /> yle=3D"height:1px !important;width:1px !important;border-width:0 !important=<br /><br /> ;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !importa=<br /><br /> nt;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !impo=<br /><br /> rtant;padding-right:0 !important;padding-left:0 !important;"/><br /><br /> --df69c009a443ce55dc2da6bd199fbfc6914cd664b8122fb2516038860a70--<br /><br /> </div> <footer class="post-info"> <ul class="meta"> <li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/25-Phish">Phish</a></li> <li><a href="/blog/index.php?/archives/2889-TD-commercial-from-sendgrid.net.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li> </ul> </footer> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/" xmlns:dc="http://purl.org/dc/elements/1.1/"> <rdf:Description rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_2889.rdf" trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=2889" dc:title="TD commercial from sendgrid.net" dc:identifier="https://www.nk.ca/blog/index.php?/archives/2889-TD-commercial-from-sendgrid.net.html" /> </rdf:RDF> --> </article> <article class="post clearfix"> <header> <h2 class="post-title"><a href="/blog/index.php?/archives/2887-Secuirty-spam-from-Amazon.html">Secuirty spam from Amazon</a></h2> <span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2022-06-27T16:00:00+00:00">Monday, June 27. 2022</time></span> </header> <div class="clearfix"> Return-path: <doctor@doctor.nl2k.ab.ca><br /><br /> Envelope-to: dave@doctor.nl2k.ab.ca<br /><br /> Delivery-date: Mon, 27 Jun 2022 06:43:00 -0600<br /><br /> Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br /> id 1o5o4V-000ACY-A8<br /><br /> for dave@doctor.nl2k.ab.ca;<br /><br /> Mon, 27 Jun 2022 06:42:31 -0600<br /><br /> Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br /> Resent-Date: Mon, 27 Jun 2022 06:42:31 -0600<br /><br /> Resent-Message-ID: <YrmltxD6Nb5UrTL5@doctor.nl2k.ab.ca><br /><br /> Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br /> Received: from a8-81.smtp-out.amazonses.com ([54.240.8.81]:43871)<br /><br /> by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256<br /><br /> (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <01000181a504dd6e-4a036fd3-bc49-40d2-acdc-7504122d6bf8-000000@amazonses.com>)<br /><br /> id 1o5nM2-000CIz-IQ<br /><br /> for doctor@nk.ca;<br /><br /> Mon, 27 Jun 2022 05:56:40 -0600<br /><br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;<br /><br /> s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1656330968;<br /><br /> h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;<br /><br /> bh=cW9jUGU03edE/Lbm1JGNS6wfZ6mli1DEfH+3p30jMoE=;<br /><br /> b=ctDUVMlxZq93P+vT8YMsznjRAuUFzo9mp9VF142ACXwAwCzPFRoVrlyNESKa7bjr<br /><br /> eFJwb4cT0/KI9nf90BvCEaM/QFt0oQMq2lyQxszn9sTWsIjchQdspxvy1UB3+mlC+xr<br /><br /> UwOZ+EKL9D1wde3O0wHroVtwEXf9YvtS6uyF/taY=<br /><br /> Subject: Session not expiring after password change via forgot link<br /><br /> From: Claire Samuel <claire@offensiveguards.io><br /><br /> To: "doctor@nk.ca" <doctor@nk.ca><br /><br /> Reply-To: Claire Samuel <claire@offensiveguards.io><br /><br /> List-Unsubscribe: <https://email.offensiveguards.io/latest/lists/af726vv397a14/unsubscribe/ey9677xbfhf21/mx001lfzwh6e2?source=email-client-unsubscribe-button>,<br /><br /> <mailto:claire@offensiveguards.io?subject=Campaign-Uid:mx001lfzwh6e2 /<br /><br /> Subscriber-Uid:ey9677xbfhf21 - Unsubscribe request&body=Please unsubscribe<br /><br /> me!><br /><br /> List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br /> List-Id: af726vv397a14 <Security Bug Report><br /><br /> X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/mx001lfzwh6e2/report-abuse/af726vv397a14/ey9677xbfhf21<br /><br /> X-EBS: https://email.offensiveguards.io/latest/lists/block-address<br /><br /> Feedback-ID: 1.us-east-1.jUPIvFwI5WueMv7UjkxdV4UxLo/q5d3gibQe3k7gqaU=:AmazonSES<br /><br /> Message-ID: <01000181a504dd6e-4a036fd3-bc49-40d2-acdc-7504122d6bf8-000000@email.amazonses.com><br /><br /> MIME-Version: 1.0<br /><br /> Date: Mon, 27 Jun 2022 11:56:08 +0000<br /><br /> Content-Type: multipart/alternative; boundary=PbL8ZI_d<br /><br /> X-SES-Outgoing: 2022.06.27-54.240.8.81<br /><br /> <br /><br /> --PbL8ZI_d<br /><br /> Content-Type: text/plain; charset=utf-8<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> <br /><br /> Hello doctor,<br /><br /> Hope you are fine. As an=C2=A0independent security research=<br /><br /> er I have found<br /><br /> some bugs/vulnerabilities in your website.<br /><br /> Vulnerabilit=<br /><br /> y: Failure to invalidate session on forget password<br /><br /> I have observed that =<br /><br /> when we=C2=A0request=C2=A0a forgot password link it<br /><br /> updates the session i=<br /><br /> nstead of=C2=A0expiration. If an account=C2=A0is<br /><br /> logged=C2=A0in some acco=<br /><br /> unt and the password reset link=C2=A0is used=C2=A0the<br /><br /> other account will =<br /><br /> get updated but not expired.<br /><br /> Steps to reproduce:<br /><br /> 1. Request a forgot pa=<br /><br /> ssword link.<br /><br /> 2. Now login in another browser and then use the password re=<br /><br /> set link<br /><br /> in another browser.<br /><br /> 3. You will notice that the password=C2=<br /><br /> =A0will be changed=C2=A0successfully<br /><br /> and the other browser will still be =<br /><br /> active with the account you opened<br /><br /> in it.<br /><br /> Impact:<br /><br /> If some account=<br /><br /> =C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will not<br /><br /> be=C2=A0log=<br /><br /> ged out from that browser and=C2=A0will be logged=C2=A0in and=C2=A0can<br /><br /> be=<br /><br /> =C2=A0used for malicious activities.<br /><br /> Recommendations:<br /><br /> It should expire =<br /><br /> immediately when the password=C2=A0is changed.<br /><br /> Regards.<br /><br /> --PbL8ZI_d<br /><br /> Content-Type: text/html; charset=utf-8<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> <br /><br /> <!DOCTYPE html><br /><br /> <html><br /><br /> <head><meta charset=3D"utf-8"/><br /><br /> =09<title>Session not expiring after password change via forgot link</title=<br /><br /> ><br /><br /> </head><br /><br /> <body>Hello doctor,<br /><br /><br /> Hope you are fine. As an=C2=A0independent security researcher I have found =<br /><br /> some bugs/vulnerabilities in your website.<br /><br /><br /> <br /><br /><br /> Vulnerability: Failure to invalidate session on forget password<br /><br /><br /> <br /><br /><br /> I have observed that when we=C2=A0request=C2=A0a forgot password link it up=<br /><br /> dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=<br /><br /> =C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=<br /><br /> er account will get updated but not expired.<br /><br /><br /> <br /><br /><br /> Steps to reproduce:<br /><br /><br /> <br /><br /><br /> 1. Request a forgot password link.<br /><br /><br /> 2. Now login in another browser and then use the password reset link in ano=<br /><br /> ther browser.<br /><br /><br /> 3. You will notice that the password=C2=A0will be changed=C2=A0successfully=<br /><br /> and the other browser will still be active with the account you opened in =<br /><br /> it.<br /><br /><br /> <br /><br /><br /> Impact:<br /><br /><br /> <br /><br /><br /> If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=<br /><br /> t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=<br /><br /> =C2=A0can be=C2=A0used for malicious activities.<br /><br /><br /> <br /><br /><br /> Recommendations:<br /><br /><br /> <br /><br /><br /> It should expire immediately when the password=C2=A0is changed.<br /><br /><br /> <br /><br /><br /> Regards. <input type=3D"hidden" value=3D"Claire Samuel<br /><br /><br /> 1070 S Elmhu=<br /><br /> rst Rd <br /><br /><br /> Mt Prospect Delaware 60056<br /><br /><br /> United States<br /><br /><br /> , =<br /><br /> https://email.offensiveguards.io/latest/lists/af726vv397a14/unsubscribe/ey9=<br /><br /> 677xbfhf21/mx001lfzwh6e2" /></body><br /><br /> </html><br /><br /> --PbL8ZI_d--<br /><br /> </div> <footer class="post-info"> <ul class="meta"> <li><span class="info-label">Categories: </span><a href="https://www.nk.ca/blog/index.php?/categories/65-Amazon-Spam">Amazon Spam</a></li> <li><a href="/blog/index.php?/archives/2887-Secuirty-spam-from-Amazon.html#comments" title="0 Comments, 0 Trackbacks">0 Comments</a></li> </ul> </footer> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/" xmlns:dc="http://purl.org/dc/elements/1.1/"> <rdf:Description rdf:about="https://www.nk.ca/blog/index.php?/feeds/ei_2887.rdf" trackback:ping="https://www.nk.ca/blog/comment.php?type=trackback&entry_id=2887" dc:title="Secuirty spam from Amazon" dc:identifier="https://www.nk.ca/blog/index.php?/archives/2887-Secuirty-spam-from-Amazon.html" /> </rdf:RDF> --> </article> <article class="post clearfix"> <header> <h2 class="post-title"><a href="/blog/index.php?/archives/2886-Security-spam-from-Amazon.html">Security spam from Amazon</a></h2> <span class="post-info">Posted by <a href="https://www.nk.ca/blog/index.php?/authors/1-Dave-Yadallee">Dave Yadallee</a> on <time datetime="2022-06-27T15:59:00+00:00">Monday, June 27. 2022</time></span> </header> <div class="clearfix"> Return-path: <doctor@doctor.nl2k.ab.ca><br /><br /> Envelope-to: dave@doctor.nl2k.ab.ca<br /><br /> Delivery-date: Mon, 27 Jun 2022 06:43:01 -0600<br /><br /> Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <doctor@doctor.nl2k.ab.ca>)<br /><br /> id 1o5o4N-000ABr-0f<br /><br /> for dave@doctor.nl2k.ab.ca;<br /><br /> Mon, 27 Jun 2022 06:42:23 -0600<br /><br /> Resent-From: The Doctor <doctor@doctor.nl2k.ab.ca><br /><br /> Resent-Date: Mon, 27 Jun 2022 06:42:22 -0600<br /><br /> Resent-Message-ID: <YrmlrpmO6u9zIkGm@doctor.nl2k.ab.ca><br /><br /> Resent-To: Dave Yadallee <dave@doctor.nl2k.ab.ca><br /><br /> Received: from a8-97.smtp-out.amazonses.com ([54.240.8.97]:51827)<br /><br /> by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256<br /><br /> (Exim 4.95 (FreeBSD))<br /><br /> (envelope-from <01000181a504c74d-88bdf770-e679-48f6-b08a-9020da8e1786-000000@amazonses.com>)<br /><br /> id 1o5nLw-000CGs-Pi<br /><br /> for root@nk.ca;<br /><br /> Mon, 27 Jun 2022 05:56:33 -0600<br /><br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;<br /><br /> s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1656330962;<br /><br /> h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;<br /><br /> bh=sJMaHM0gOhug46EjZsCveztYT9jxYpwc/9e9nMnkX4g=;<br /><br /> b=TLv83h3t+66wZmrZTDdV/Fg/YR89m3YZ2GSDeet41duJ55UWMF4C3pBsFWXLjBiR<br /><br /> Es3Nj3TTgQ5lOWCnzvCpAoFt66vXMabZfAQLCVGk4ENlUfR0l4nlQnG1FtfgVOKYbM8<br /><br /> YdHUWCvbuol3bmD77zLdnKO1+jy/b2i8J5hVbQOA=<br /><br /> Subject: Vulnerability - Failure to invalidate session on forget password<br /><br /> link<br /><br /> From: Claire Samuel <claire@offensiveguards.io><br /><br /> To: "root@nk.ca" <root@nk.ca><br /><br /> Reply-To: Claire Samuel <claire@offensiveguards.io><br /><br /> List-Unsubscribe: <https://email.offensiveguards.io/latest/lists/af726vv397a14/unsubscribe/hv0557rmh80d6/mx001lfzwh6e2?source=email-client-unsubscribe-button>,<br /><br /> <mailto:claire@offensiveguards.io?subject=Campaign-Uid:mx001lfzwh6e2 /<br /><br /> Subscriber-Uid:hv0557rmh80d6 - Unsubscribe request&body=Please unsubscribe<br /><br /> me!><br /><br /> List-Unsubscribe-Post: List-Unsubscribe=One-Click<br /><br /> List-Id: af726vv397a14 <Security Bug Report><br /><br /> X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/mx001lfzwh6e2/report-abuse/af726vv397a14/hv0557rmh80d6<br /><br /> X-EBS: https://email.offensiveguards.io/latest/lists/block-address<br /><br /> Feedback-ID: 1.us-east-1.jUPIvFwI5WueMv7UjkxdV4UxLo/q5d3gibQe3k7gqaU=:AmazonSES<br /><br /> Message-ID: <01000181a504c74d-88bdf770-e679-48f6-b08a-9020da8e1786-000000@email.amazonses.com><br /><br /> MIME-Version: 1.0<br /><br /> Date: Mon, 27 Jun 2022 11:56:02 +0000<br /><br /> Content-Type: multipart/alternative; boundary=2nIPpntA<br /><br /> X-SES-Outgoing: 2022.06.27-54.240.8.97<br /><br /> <br /><br /> --2nIPpntA<br /><br /> Content-Type: text/plain; charset=utf-8<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> <br /><br /> Hello root,<br /><br /> Hope you are fine. As an=C2=A0independent security researcher=<br /><br /> I have found<br /><br /> some bugs/vulnerabilities in your website.<br /><br /> Vulnerability:=<br /><br /> Failure to invalidate session on forget password<br /><br /> I have observed that wh=<br /><br /> en we=C2=A0request=C2=A0a forgot password link it<br /><br /> updates the session ins=<br /><br /> tead of=C2=A0expiration. If an account=C2=A0is<br /><br /> logged=C2=A0in some accoun=<br /><br /> t and the password reset link=C2=A0is used=C2=A0the<br /><br /> other account will ge=<br /><br /> t updated but not expired.<br /><br /> Steps to reproduce:<br /><br /> 1. Request a forgot pass=<br /><br /> word link.<br /><br /> 2. Now login in another browser and then use the password rese=<br /><br /> t link<br /><br /> in another browser.<br /><br /> 3. You will notice that the password=C2=<br /><br /> =A0will be changed=C2=A0successfully<br /><br /> and the other browser will still be =<br /><br /> active with the account you opened<br /><br /> in it.<br /><br /> Impact:<br /><br /> If some account=<br /><br /> =C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will not<br /><br /> be=C2=A0log=<br /><br /> ged out from that browser and=C2=A0will be logged=C2=A0in and=C2=A0can<br /><br /> be=<br /><br /> =C2=A0used for malicious activities.<br /><br /> Recommendations:<br /><br /> It should expire =<br /><br /> immediately when the password=C2=A0is changed.<br /><br /> Regards.<br /><br /> --2nIPpntA<br /><br /> Content-Type: text/html; charset=utf-8<br /><br /> Content-Transfer-Encoding: quoted-printable<br /><br /> <br /><br /> <!DOCTYPE html><br /><br /> <html><br /><br /> <head><meta charset=3D"utf-8"/><br /><br /> =09<title> Vulnerability - Failure to invalidate session on forget password=<br /><br /> link



Hello root,


Hope you are fine. As an=C2=A0independent security researcher I have found =

some bugs/vulnerabilities in your website.





Vulnerability: Failure to invalidate session on forget password





I have observed that when we=C2=A0request=C2=A0a forgot password link it up=

dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=

=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=

er account will get updated but not expired.





Steps to reproduce:





1. Request a forgot password link.


2. Now login in another browser and then use the password reset link in ano=

ther browser.


3. You will notice that the password=C2=A0will be changed=C2=A0successfully=

and the other browser will still be active with the account you opened in =

it.





Impact:





If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=

t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=

=C2=A0can be=C2=A0used for malicious activities.





Recommendations:





It should expire immediately when the password=C2=A0is changed.





Regards.

1070 S Elmhu=

rst Rd


Mt Prospect Delaware 60056


United States


, =

https://email.offensiveguards.io/latest/lists/af726vv397a14/unsubscribe/hv0=

557rmh80d6/mx001lfzwh6e2" />



--2nIPpntA--

Phish attempt to get users credenitals

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 06:42:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5o3d-000A7l-8J

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 06:41:37 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 06:41:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wfbtbkkd.outbound-mail.sendgrid.net ([159.183.177.29]:28752)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5mYe-0008Kb-Ia

for root@nk.ca;

Mon, 27 Jun 2022 05:05:39 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newlaurakitchen22.com;

h=content-type:mime-version:from:subject:to;

s=s1; bh=ywG3+ve/g8FCg3hJiQx9Mgs9xYHSnulWeVyWIrFMHL8=;

b=kQn+glXErovR6Kujaisd9lmyfnaMccSoTJS44/EWQUe0u5vwjcm+iH0lgHc0ruxL/kIv

zS/XxARewVxVT8fK3Ii9BI95TkqhTWrcEenYJSRRZfm1GzwcC5nsEeuIGHT7rWq8VgCHte

sJHmlG/fulkJrYfYQ6wgjdEqFXaSsdckPuhXyuqS9VjvYt3rTHrStwQaF+4ApbE/esp4oj

fznOhvuTO2PISpg0persnEKahOQpVTvdSM3RyB4KRFaOhKRbkroo0nIZ3Sc6n85IlsDE3a

kSIqboyLaZ9tyy8zqSShEf/wwPcYAERdbrfp4zWK5jgc52QwDJsq4D3M8xA7FYOA==

Received: by filterdrecv-667c84fc7-vh4kj with SMTP id filterdrecv-667c84fc7-vh4kj-1-62B98EE6-6

2022-06-27 11:05:10.022086255 +0000 UTC m=+1618477.811879739

Received: from [172.17.0.4] (unknown)

by geopod-ismtpd-4-6 (SG) with ESMTP

id CaosyXcDTEKEzsFkC0p5eA

for ;

Mon, 27 Jun 2022 11:05:09.976 +0000 (UTC)

Content-Type: multipart/related; boundary="===============7451406344786898446=="

MIME-Version: 1.0

From: noreply-N55uZFG6PQU1VpC@em7717.newlaurakitchen22.com

Subject: Nk Urgent Deactivation alert

X-Priority: 2

Message-ID:

Date: Mon, 27 Jun 2022 11:05:10 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?lT58ugLK=2FeEakYOTzexAmRxiSeMkB2+NEEE4vPNX=2FF8rxMidqMHGWRRkgunDxw?=

=?us-ascii?Q?IToFwfhgm7C+8pMwWKylPPYeolYSv2OvgVpDPxH?=

=?us-ascii?Q?knZHB5RmNNoTpoNT1SwcQqXxU1A9aF2qNvxMlwP?=

=?us-ascii?Q?TWQrGhbyvs+qaCEP8555Y9HiijKG8Va0fUbG7fr?=

=?us-ascii?Q?Wzckq1RguN1jk=2FHnpU1MhCkBxLtqX7oAkI5LSky?=

=?us-ascii?Q?NmTWB2jFUXiBaB7xmn4NJJElB1ItOmMOoY3wB4?=

To: root@nk.ca

X-Entity-ID: dFS1WKN9/TYVa6CBz9GjHA==

X-Spam_score: 5.2

X-Spam_score_int: 52

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: We have identified data security issues concerning your account

root@nk.ca So, we advise that all accounts be authenticated. You are required

to verify your account immediately or we will be



Content analysis details: (5.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.183.177.29 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64

encoding

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

1.0 ACCT_PHISHING Possible phishing for account information

1.0 XPRIO Has X-Priority header

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} Nk Urgent Deactivation alert



--===============7451406344786898446==

Content-Type: text/html; charset=us-ascii

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRlbnQ9Ik1TSFRNTCAx

MS4wMC4xMDU3MC4xMDAxIj4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIg

Y29udGVudD0iSUU9ZWRnZSI+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgIDx0YWJsZSBzdHls

ZT0ibWFyZ2luOiBhdXRvOyB3aWR0aDogNTUwcHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IHRleHQt

dHJhbnNmb3JtOiBub25lOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBmb250LWZhbWlseTogQ2Fs

aWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNnB4OyBmb250

LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiA0MDA7IHdvcmQtc3BhY2luZzogMHB4OyB3aGl0

ZS1zcGFjZTogbm9ybWFsOyBib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlOyBvcnBoYW5zOiAyOyB3

aWRvd3M6IDI7IGZvbnQtc3RyZXRjaDogaW5oZXJpdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1

NSwgMjU1LCAyNTUpOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1jYXBzOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBpbmhlcml0OyBmb250LXZhcmlh

bnQtZWFzdC1hc2lhbjogaW5oZXJpdDsgCiAgICAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw

cHg7IHRleHQtZGVjb3JhdGlvbi10aGlja25lc3M6IGluaXRpYWw7IHRleHQtZGVjb3JhdGlvbi1z

dHlsZTogaW5pdGlhbDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyI+CiAgICA8dGJv

ZHk+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9IndpZHRoOiA1NDhweDsiPgogICAgPGRpdiBzdHls

ZT0iYmFja2dyb3VuZDogcmdiKDIzOSwgMjM5LCAyMzkpOyBtYXJnaW46IGF1dG87IHBhZGRpbmc6

IDIwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyI+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBw

eCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsiPgogICAgPHRhYmxlIHdp

ZHRoPSIxMDAlIiBzdHlsZT0iaGVpZ2h0OiAxOHB4OyI+CiAgICA8dGJvZHk+CiAgICA8dHIgc3R5

bGU9ImhlaWdodDogMThweDsiPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7Ij4mbmJzcDs8

L3RkPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7IHRleHQtYWxpZ246IHJpZ2h0OyI+Jm5i

c3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1hcmdp

bjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwt

YWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJiYWNrZ3JvdW5k

OiB3aGl0ZTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDEwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRD

b2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyI+CiAgICA8dGFibGUgc3R5bGU9IndpZHRo

OiA0ODhweDsgaGVpZ2h0OiAxMjdweDsgYm94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHRi

b2R5PgogICAgPHRyPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNDc2cHg7IGhlaWdodDogOTJweDsg

Ym94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBjb2xv

cjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1z

ZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDAp

OyBmb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5XZSBoYXZlIGlkZW50aWZpZWQgZGF0

YSBzZWN1cml0eSBpc3N1ZXMgY29uY2VybmluZyB5b3VyIGFjY291bnQmbmJzcDs8L3NwYW4+PHNw

YW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMjU1KTsiPgogICAgcm9vdEBuay5jYTxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBhcmlhbCwgc2Fucy1zZXJpZjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjwvcD4KICAgIDxw

IHN0eWxlPSJtYXJnaW46IDBweDsgZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMt

c2VyaWY7IGZvbnQtc2l6ZTogc21hbGw7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IGFyaWFs

LCBzYW5zLXNlcmlmOyI+U28sIHdlIGFkdmlzZSB0aGF0IGFsbCBhY2NvdW50cyBiZSBhdXRoZW50

aWNhdGVkLjwvc3Bhbj48L3A+CiAgICA8cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5

OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+Jm5ic3A7

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5Zb3UgYXJlIHJlcXVpcmVkIHRvIHZlcmlmeSB5b3Vy

IGFjY291bnQgaW1tZWRpYXRlbHkgb3Igd2Ugd2lsbCBiZSZuYnNwOzwvc3Bhbj48L3A+CiAgICA8

cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5z

LXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBhcmlh

bCwgc2Fucy1zZXJpZjsiPmZvcmNlZCB0byBEZWFjdGl2YXRlIHlvdXIgYWNjb3VudC48L3NwYW4+

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48L3NwYW4+Jm5ic3A7PC9wPgogICAgPHAgc3R5bGU9

Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsg

Zm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogYXJpYWwsIHNhbnMt

c2VyaWY7Ij48c3BhbiBzdHlsZT0ibWFyZ2luOiAwcHg7IHBhZGRpbmc6IDBweDsgYm9yZGVyOiAw

cHggY3VycmVudENvbG9yOyBjb2xvcjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogaW5o

ZXJpdDsgZm9udC1zaXplOiBzbWFsbDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyBkaXNwbGF5

OiBpbmxpbmUgIWltcG9ydGFudDsgZm9udC1zdHJldGNoOiBpbmhlcml0OyBiYWNrZ3JvdW5kLWNv

bG9yOiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij4KICAgIElmIHlvdSBmYWlsIHRvIFZlcmlmeSB5b3Vy

IGFjY291bnQsIHlvdSB3aWxsIGJlIGRlYWN0aXZhdGVkIGFuZCB5b3Ugd2lsbCBsb3NlIGFjY2Vz

cyB0byB5b3VyIE1haWxib3guPC9zcGFuPjxicj48L3NwYW4+PC9wPjxzcGFuIHN0eWxlPSJmb250

LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48YnI+PC9zcGFuPjwvdGQ+CiAgICA8dGQgc3R5

bGU9IndpZHRoOiA1cHg7IGhlaWdodDogOTJweDsgdGV4dC1hbGlnbjogcmlnaHQ7IGJveC1zaXpp

bmc6IGJvcmRlci1ib3g7Ij4mbmJzcDs8L3RkPjwvdHI+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9

InBhZGRpbmc6IDVweCAwcHg7IHdpZHRoOiA0NzZweDsgaGVpZ2h0OiAyOXB4OyBib3gtc2l6aW5n

OiBib3JkZXItYm94OyI+CiAgICA8YSBzdHlsZT0iYmFja2dyb3VuZDogcmdiKDAsIDEwMywgMTg0

KTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDdweDsgYm9yZGVyLXJhZGl1czogMnB4OyBib3JkZXI6

IDBweCBjdXJyZW50Q29sb3I7IHdpZHRoOiAxMDAlOyBjb2xvcjogd2hpdGU7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiIGhyZWY9Imh0dHA6Ly96UUQwVEZtT2wuY2l0eXBldC5jb20udHIvXzo6

NlIzRFNDbFFKYWVWSXN2NklyQldaTjdraF9yZWZfTURrdVluQnlhR0Z1WldSaExtTnZMbWxrTDE4

d09TOGdNRGtqWTIwNWRtUkZRblZoZVRWcVdWRTlQUT09Ij5DbGljayBoZXJlIHRvIHVwZGF0ZSB5

b3VyIGFjY291bnQmZ3Q7Jmd0OzwvYT48L3RkPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNXB4OyBo

ZWlnaHQ6IDI5cHg7IHRleHQtYWxpZ246IHJpZ2h0OyBib3gtc2l6aW5nOiBib3JkZXItYm94OyI+

Jm5ic3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1h

cmdpbjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGlj

YWwtYWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46

IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiPgogICAgPHA+PHNwYW4gc3R5bGU9Im1hcmdpbjogMHB4OyBwYWRkaW5n

OiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgZm9udC1mYW1pbHk6IGluaGVyaXQ7IGZv

bnQtc2l6ZTogMTRweDsgZm9udC13ZWlnaHQ6IDYwMDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij5Ob3RlOjwvc3Bhbj4KICAgICZuYnNwOzxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBpbmhlcml0OyBmb250LXNpemU6IDEycHg7IHZlcnRpY2FsLWFsaWduOiBi

YXNlbGluZTsgZm9udC1zdHJldGNoOiBpbmhlcml0OyI+CiAgICBUaGUgY29udGVudCBvZiB0aGlz

IGVtYWlsIGlzIGNvbmZpZGVudGlhbCBhbmQgaW50ZW5kZWQgZm9yIHRoZSByZWNpcGllbnQgc3Bl

Y2lmaWVkIGluIG1lc3NhZ2Ugb25seS4gSXQgaXMgc3RyaWN0bHkgZm9yYmlkZGVuIHRvIHNoYXJl

IGFueSBwYXJ0IG9mIHRoaXMgbWVzc2FnZSB3aXRoIGFueSB0aGlyZCBwYXJ0eSwgd2l0aG91dCBh

IHdyaXR0ZW4gY29uc2VudCBvZiB0aGUgc2VuZGVyLiBJZiB5b3UgcmVjZWl2ZWQgdGhpcyBtZXNz

YWdlIGJ5IG1pc3Rha2UsIHBsZWFzZSByZXBseSB0byB0aGlzIG1lc3NhZ2UgYW5kIGZvbGxvdyB3

aXRoIGl0cyBkZWxldGlvbiwgc28gdGhhdCB3ZSBjYW4gZW5zdXJlIHN1Y2ggYSBtaXN0YWtlIGRv

ZXMgbm90IG9jY3VyIGluIHRoZSBmdXR1cmUuPC9zcGFuPjwvcD48L2Rpdj48L2Rpdj48L3RkPjwv

dHI+PC90Ym9keT48L3RhYmxlPjwvYm9keT48L2h0bWw+



--===============7451406344786898446==--

Phishing attempt to get a user account

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Jun 2022 06:38:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5nzg-0009lI-4g

for dave@doctor.nl2k.ab.ca;

Mon, 27 Jun 2022 06:37:32 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Jun 2022 06:37:32 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wfbtbkkd.outbound-mail.sendgrid.net ([159.183.177.29]:9876)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5fuz-000LLR-IM

for root@nk.ca;

Sun, 26 Jun 2022 22:00:14 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newlaurakitchen22.com;

h=content-type:mime-version:from:subject:to;

s=s1; bh=tMPVERIPzws3NDm6R+yskP8daU98RKpvZdjPPEWOWKM=;

b=T1OzP0R5+PuSUFhfNNCToM9Jqe7nQEsL4NH2ktgGYEAGgXBBXtCaJyrj/VkOlSL+B+2+

G0eocxdpMLX1IAFGDlZoxcuiHptiExm4OYKtUYqLWD4ShWf6mPq0a5gWsK13Hl+Q7uEA1/

OuuLibudb9M66FLUDlJ5d+mQqaSqaFuXEbaajn6Qd02ea7xrKMPMxg+FiD+3Q+bDTaVBo7

lnXYL7XSlGv4B0uXqAEpiNU2LupaHUQ03h2qaxdpNYGCoJ9VbMNZPYPbOBjvZoygDN7bWZ

fGGadAv4we1He6qrbqmguBGfwj/IFFiBPnS/yD11HZIWeO4jGoy4EtSQDb3p7bew==

Received: by filterdrecv-86b997f97f-qxm8w with SMTP id filterdrecv-86b997f97f-qxm8w-1-62B92B32-14

2022-06-27 03:59:46.356165286 +0000 UTC m=+1593177.733234271

Received: from [172.17.0.4] (unknown)

by geopod-ismtpd-2-0 (SG) with ESMTP

id A16D2lrWQKG1-DGxf9inMA

for ;

Mon, 27 Jun 2022 03:59:46.250 +0000 (UTC)

Content-Type: multipart/related; boundary="===============5416698146770629680=="

MIME-Version: 1.0

From: noreply-ZMlUxtJXBnQovxC@em7717.newlaurakitchen22.com

Subject: Nk Urgent Deactivation alert

X-Priority: 2

Message-ID:

Date: Mon, 27 Jun 2022 03:59:46 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?lT58ugLK=2FeEakYOTzexAmWkzdxqiXt68DYs7ftlBSVWFNvlqtzRGvi5Qv+7Txk?=

=?us-ascii?Q?esgmGVb1cVADg5iX8IzxwCz3Ss0v6ymvJWCVEc5?=

=?us-ascii?Q?3WHPKv=2F9+i2iAdDux9SIoKY5Vm+YkIDj2NSbWLq?=

=?us-ascii?Q?B90wFt2TY3mPS+rr31x0V5Lnj13rGq8pX9KxG6S?=

=?us-ascii?Q?+9ot1zSmHYFZXAvfol8sddvVySwTy9FbheRb2K+?=

=?us-ascii?Q?4RpW0nZy9Bag00BriQYBr9eEW2GjJNK3d+POUp?=

To: root@nk.ca

X-Entity-ID: dFS1WKN9/TYVa6CBz9GjHA==

X-Spam_score: 6.9

X-Spam_score_int: 69

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: We have identified data security issues concerning your account

root@nk.ca So, we advise that all accounts be authenticated. You are required

to verify your account immediately or we will be



Content analysis details: (6.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 HK_RANDOM_FROM From username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel

letters

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64

encoding

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days

1.0 ACCT_PHISHING Possible phishing for account information

1.0 XPRIO Has X-Priority header

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} Nk Urgent Deactivation alert



--===============5416698146770629680==

Content-Type: text/html; charset=us-ascii

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRlbnQ9Ik1TSFRNTCAx

MS4wMC4xMDU3MC4xMDAxIj4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIg

Y29udGVudD0iSUU9ZWRnZSI+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgIDx0YWJsZSBzdHls

ZT0ibWFyZ2luOiBhdXRvOyB3aWR0aDogNTUwcHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IHRleHQt

dHJhbnNmb3JtOiBub25lOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBmb250LWZhbWlseTogQ2Fs

aWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNnB4OyBmb250

LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiA0MDA7IHdvcmQtc3BhY2luZzogMHB4OyB3aGl0

ZS1zcGFjZTogbm9ybWFsOyBib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlOyBvcnBoYW5zOiAyOyB3

aWRvd3M6IDI7IGZvbnQtc3RyZXRjaDogaW5oZXJpdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1

NSwgMjU1LCAyNTUpOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1jYXBzOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBpbmhlcml0OyBmb250LXZhcmlh

bnQtZWFzdC1hc2lhbjogaW5oZXJpdDsgCiAgICAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw

cHg7IHRleHQtZGVjb3JhdGlvbi10aGlja25lc3M6IGluaXRpYWw7IHRleHQtZGVjb3JhdGlvbi1z

dHlsZTogaW5pdGlhbDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyI+CiAgICA8dGJv

ZHk+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9IndpZHRoOiA1NDhweDsiPgogICAgPGRpdiBzdHls

ZT0iYmFja2dyb3VuZDogcmdiKDIzOSwgMjM5LCAyMzkpOyBtYXJnaW46IGF1dG87IHBhZGRpbmc6

IDIwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyI+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBw

eCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsiPgogICAgPHRhYmxlIHdp

ZHRoPSIxMDAlIiBzdHlsZT0iaGVpZ2h0OiAxOHB4OyI+CiAgICA8dGJvZHk+CiAgICA8dHIgc3R5

bGU9ImhlaWdodDogMThweDsiPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7Ij4mbmJzcDs8

L3RkPgogICAgPHRkIHN0eWxlPSJoZWlnaHQ6IDE4cHg7IHRleHQtYWxpZ246IHJpZ2h0OyI+Jm5i

c3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1hcmdp

bjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGljYWwt

YWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJiYWNrZ3JvdW5k

OiB3aGl0ZTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDEwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRD

b2xvcjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyI+CiAgICA8dGFibGUgc3R5bGU9IndpZHRo

OiA0ODhweDsgaGVpZ2h0OiAxMjdweDsgYm94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHRi

b2R5PgogICAgPHRyPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNDc2cHg7IGhlaWdodDogOTJweDsg

Ym94LXNpemluZzogYm9yZGVyLWJveDsiPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBjb2xv

cjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1z

ZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDAp

OyBmb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5XZSBoYXZlIGlkZW50aWZpZWQgZGF0

YSBzZWN1cml0eSBpc3N1ZXMgY29uY2VybmluZyB5b3VyIGFjY291bnQmbmJzcDs8L3NwYW4+PHNw

YW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMjU1KTsiPgogICAgcm9vdEBuay5jYTxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBhcmlhbCwgc2Fucy1zZXJpZjsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjwvcD4KICAgIDxw

IHN0eWxlPSJtYXJnaW46IDBweDsgZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMt

c2VyaWY7IGZvbnQtc2l6ZTogc21hbGw7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IGFyaWFs

LCBzYW5zLXNlcmlmOyI+U28sIHdlIGFkdmlzZSB0aGF0IGFsbCBhY2NvdW50cyBiZSBhdXRoZW50

aWNhdGVkLjwvc3Bhbj48L3A+CiAgICA8cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5

OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+Jm5ic3A7

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij5Zb3UgYXJlIHJlcXVpcmVkIHRvIHZlcmlmeSB5b3Vy

IGFjY291bnQgaW1tZWRpYXRlbHkgb3Igd2Ugd2lsbCBiZSZuYnNwOzwvc3Bhbj48L3A+CiAgICA8

cCBzdHlsZT0ibWFyZ2luOiAwcHg7IGZvbnQtZmFtaWx5OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5z

LXNlcmlmOyBmb250LXNpemU6IHNtYWxsOyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBhcmlh

bCwgc2Fucy1zZXJpZjsiPmZvcmNlZCB0byBEZWFjdGl2YXRlIHlvdXIgYWNjb3VudC48L3NwYW4+

PC9wPgogICAgPHAgc3R5bGU9Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZl

dGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZh

bWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48L3NwYW4+Jm5ic3A7PC9wPgogICAgPHAgc3R5bGU9

Im1hcmdpbjogMHB4OyBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsg

Zm9udC1zaXplOiBzbWFsbDsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogYXJpYWwsIHNhbnMt

c2VyaWY7Ij48c3BhbiBzdHlsZT0ibWFyZ2luOiAwcHg7IHBhZGRpbmc6IDBweDsgYm9yZGVyOiAw

cHggY3VycmVudENvbG9yOyBjb2xvcjogcmdiKDM0LCAzNCwgMzQpOyBmb250LWZhbWlseTogaW5o

ZXJpdDsgZm9udC1zaXplOiBzbWFsbDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyBkaXNwbGF5

OiBpbmxpbmUgIWltcG9ydGFudDsgZm9udC1zdHJldGNoOiBpbmhlcml0OyBiYWNrZ3JvdW5kLWNv

bG9yOiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij4KICAgIElmIHlvdSBmYWlsIHRvIFZlcmlmeSB5b3Vy

IGFjY291bnQsIHlvdSB3aWxsIGJlIGRlYWN0aXZhdGVkIGFuZCB5b3Ugd2lsbCBsb3NlIGFjY2Vz

cyB0byB5b3VyIE1haWxib3guPC9zcGFuPjxicj48L3NwYW4+PC9wPjxzcGFuIHN0eWxlPSJmb250

LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7Ij48YnI+PC9zcGFuPjwvdGQ+CiAgICA8dGQgc3R5

bGU9IndpZHRoOiA1cHg7IGhlaWdodDogOTJweDsgdGV4dC1hbGlnbjogcmlnaHQ7IGJveC1zaXpp

bmc6IGJvcmRlci1ib3g7Ij4mbmJzcDs8L3RkPjwvdHI+CiAgICA8dHI+CiAgICA8dGQgc3R5bGU9

InBhZGRpbmc6IDVweCAwcHg7IHdpZHRoOiA0NzZweDsgaGVpZ2h0OiAyOXB4OyBib3gtc2l6aW5n

OiBib3JkZXItYm94OyI+CiAgICA8YSBzdHlsZT0iYmFja2dyb3VuZDogcmdiKDAsIDEwMywgMTg0

KTsgbWFyZ2luOiAwcHg7IHBhZGRpbmc6IDdweDsgYm9yZGVyLXJhZGl1czogMnB4OyBib3JkZXI6

IDBweCBjdXJyZW50Q29sb3I7IHdpZHRoOiAxMDAlOyBjb2xvcjogd2hpdGU7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiIGhyZWY9Imh0dHA6Ly9Ga0l1VXpWMTEuY2l0eXBldC5jb20udHIvXzo6

ajQ3Ym53dHJrVG8xUUtMUmxSaU5QVHhVVF9yZWZfTkRZdVluQnlhR0Z1WldSaExtTnZMbWxrTDE4

ME5pOGdORFlqWTIwNWRtUkZRblZoZVRWcVdWRTlQUT09Ij5DbGljayBoZXJlIHRvIHVwZGF0ZSB5

b3VyIGFjY291bnQmZ3Q7Jmd0OzwvYT48L3RkPgogICAgPHRkIHN0eWxlPSJ3aWR0aDogNXB4OyBo

ZWlnaHQ6IDI5cHg7IHRleHQtYWxpZ246IHJpZ2h0OyBib3gtc2l6aW5nOiBib3JkZXItYm94OyI+

Jm5ic3A7PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT48L2Rpdj4KICAgIDxkaXYgc3R5bGU9Im1h

cmdpbjogMHB4OyBwYWRkaW5nOiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgdmVydGlj

YWwtYWxpZ246IGJhc2VsaW5lOyI+Jm5ic3A7PC9kaXY+CiAgICA8ZGl2IHN0eWxlPSJtYXJnaW46

IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7IHZlcnRpY2FsLWFs

aWduOiBiYXNlbGluZTsiPgogICAgPHA+PHNwYW4gc3R5bGU9Im1hcmdpbjogMHB4OyBwYWRkaW5n

OiAwcHg7IGJvcmRlcjogMHB4IGN1cnJlbnRDb2xvcjsgZm9udC1mYW1pbHk6IGluaGVyaXQ7IGZv

bnQtc2l6ZTogMTRweDsgZm9udC13ZWlnaHQ6IDYwMDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l

OyBmb250LXN0cmV0Y2g6IGluaGVyaXQ7Ij5Ob3RlOjwvc3Bhbj4KICAgICZuYnNwOzxzcGFuIHN0

eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBib3JkZXI6IDBweCBjdXJyZW50Q29sb3I7

IGZvbnQtZmFtaWx5OiBpbmhlcml0OyBmb250LXNpemU6IDEycHg7IHZlcnRpY2FsLWFsaWduOiBi

YXNlbGluZTsgZm9udC1zdHJldGNoOiBpbmhlcml0OyI+CiAgICBUaGUgY29udGVudCBvZiB0aGlz

IGVtYWlsIGlzIGNvbmZpZGVudGlhbCBhbmQgaW50ZW5kZWQgZm9yIHRoZSByZWNpcGllbnQgc3Bl

Y2lmaWVkIGluIG1lc3NhZ2Ugb25seS4gSXQgaXMgc3RyaWN0bHkgZm9yYmlkZGVuIHRvIHNoYXJl

IGFueSBwYXJ0IG9mIHRoaXMgbWVzc2FnZSB3aXRoIGFueSB0aGlyZCBwYXJ0eSwgd2l0aG91dCBh

IHdyaXR0ZW4gY29uc2VudCBvZiB0aGUgc2VuZGVyLiBJZiB5b3UgcmVjZWl2ZWQgdGhpcyBtZXNz

YWdlIGJ5IG1pc3Rha2UsIHBsZWFzZSByZXBseSB0byB0aGlzIG1lc3NhZ2UgYW5kIGZvbGxvdyB3

aXRoIGl0cyBkZWxldGlvbiwgc28gdGhhdCB3ZSBjYW4gZW5zdXJlIHN1Y2ggYSBtaXN0YWtlIGRv

ZXMgbm90IG9jY3VyIGluIHRoZSBmdXR1cmUuPC9zcGFuPjwvcD48L2Rpdj48L2Rpdj48L3RkPjwv

dHI+PC90Ym9keT48L3RhYmxlPjwvYm9keT48L2h0bWw+



--===============5416698146770629680==--

More Sexual Blackmail phishing scam coming from Australia

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Sun, 26 Jun 2022 12:50:01 -0600

Received: from 125-63-25-204.ip4.superloop.com ([125.63.25.204]:20474)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5XJH-000NyJ-Mt

for dave@nk.ca;

Sun, 26 Jun 2022 12:48:46 -0600

Message-ID: <38AC82878616A98317393C3DAD1238AC@Q916N5Y>

From:

To:

Subject: There is an overdue payment under your name. Please, settle your debts ASAP!

Date: 27 Jun 2022 09:17:14 +0700

MIME-Version: 1.0

Content-Type: text/plain;

charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.5931

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931

X-Spam_score: 13.3

X-Spam_score_int: 133

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi! Sadly, there are some bad news that you are about to hear.

About few months ago I have gained a full access to all devices used by you

for internet browsing. Shortly after, I started recording all int [...]



Content analysis details: (13.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.4 NO_DNS_FOR_FROM RBL: Envelope sender has no MX or A DNS records

[listed in striker.ottawa.on.ca. IN]

[A]

1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname

(Split IP)

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date

-0.0 T_SCC_BODY_TEXT_LINE No description available.

3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP

addr 2)

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

3.6 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

0.0 BITCOIN_XPRIO Bitcoin + priority

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address

Subject: {SPAM?} There is an overdue payment under your name. Please, settle your debts ASAP!



Hi!



Sadly, there are some bad news that you are about to hear.

About few months ago I have gained a full access to all devices used by you for internet browsing.

Shortly after, I started recording all internet activities done by you.



Below is the sequence of events of how that happened:

Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).

As you can see, I managed to log in to your email account without breaking a sweat: (dave@nk.ca).



Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.

To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).

I know, you may be thinking now that I'm a genius.



With help of that useful software, I am now able to gain access to all the controllers located in your devices (e.g., video camera, keyboard, microphone and others).

As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.

Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.

My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),

hence it remains undetected by any antivirus software installed in your PC or device.



So, I guess now you finally understand the reason why I could never be caught until this very letter...



During the process of your personal info compilation, I could not help but notice that you are a huge admirer and regular guest of websites with adult content.

You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.

Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role and compiling them in special videos

that expose your masturbation sessions, which end with you cumming.



In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends, colleagues, and relatives of yours.

Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.

I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,

(you certainly know what I mean) it will completely ruin your reputation.



However, don't worry, there is still a way to resolve this:

You need to carry out a $1290 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),

hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.

Afterwards, we can forget about this unpleasant accident. Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts.

Mark my words, I never lie.



That is a great bargain with a low price, I assure you, because I have spent a lot of effort while recording

and tracking down all your activities and dirty deeds during a long period of time.

In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.



Here is my bitcoin wallet for your reference: 1Mjt2xobFExdZBGfjTVDcgzJWQxRxoHBdA



>From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).



The following list contains things you should definitely abstain from doing or even attempting:

> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).

> Abstain from trying to call or report to police or any other security services. In addition, it's a bad idea if you want to share it with your friends,

hoping they would help. If I happen to find out (knowing my awesome skills, it can be done effortlessly,

because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.

> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.

> Abstain from reinstalling your OS on devices or throwing them away. That would not solve the problem as well,

since all your personal videos are already uploaded and stored at remote servers.



Things you may be confused about:

> That your funds transfer won't be delivered to me.

Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,

since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).

> That I am going to share your dirty videos after receiving money transfer from you.

Here you need to trust me, because there is absolutely no point to still bother you after receiving money.

Moreover, if I really wanted all those videos would be available to public long time ago!



I believe we can still handle this situation on fair terms!



Here is my last advice to you... in future you better ensure you stay away from this kind of situations!

My advice - don't forget to regularly update your passwords to feel completely secure.



More home depot survey phish

Return-path: <>

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 26 Jun 2022 20:17:00 -0600

Received: from [167.172.45.58] (port=39950 helo=vignobles-jolivet.fr)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1o5eIf-000AW8-HC

for dave@doctor.nl2k.ab.ca;

Sun, 26 Jun 2022 20:16:35 -0600

MIME-Version: 1.0

Message-Id:

From:=?UTF-8?B?WW91J3JlIFNlbGVjdGVk?=

Subject:=?UTF-8?B?Q29uZ3JhdHVsYXRpb25zISBDb21wbGV0ZSBUaGUgU2hvcnQgU3VydmV5Lg==?=

Reply-To: reply_oeqn1O46KYcvHZUgB.bounce9@inx1and1.de

To: dave@doctor.nl2k.ab.ca

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=UTF-8

Date: Mon, 27 Jun 2022 04:15:59 +0200























































Nigerian Spam from Gmail in German

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 26 Jun 2022 19:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5dqD-0007zS-HF

for dave@doctor.nl2k.ab.ca;

Sun, 26 Jun 2022 19:47:05 -0600

Resent-From: The Doctor

Resent-Date: Sun, 26 Jun 2022 19:47:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-io1-f46.google.com ([209.85.166.46]:33569)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o5cYY-0001AV-Tb

for doctor@doctor.nl2k.ab.ca;

Sun, 26 Jun 2022 18:24:51 -0600

Received: by mail-io1-f46.google.com with SMTP id m13so8117370ioj.0

for ; Sun, 26 Jun 2022 17:24:25 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:from:date:message-id:subject:to;

bh=RDQ7E5VZ59L3KbjS73t+9Ymd+9lsWBM26OhY2mqeW70=;

b=YdiyqIy2aOKjQqwydd+b48IlZnFNVc/+aDOQ1tKDwZmXB7MyA9ewFYm7qYAXjEmEs8

cqR1wKprtwSCy5zV9CAhn10kfznryWjB+RjBiaXpn5iREJ6Y+nOOfQkDmtpaY1YIagMJ

1IV4O41gYGbxPX+mwwUu+s2rCfW1qJhpLrNo//QWqnA0TlAV6E+YobItmFtFJu/WWZ08

R1HxuLeulQeYxXQEI5cUPuNASTi/qISkj0nW66Cam1ZxAHfjOcBkcgE3yYODNsftIshW

LxMcuQAbvGGdOx/GJCH7tBX/grlhpFEA1mmjl4++jmzR/8ceTy2ipfF99KVwiBmcT6xZ

Gluw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:from:date:message-id:subject:to;

bh=RDQ7E5VZ59L3KbjS73t+9Ymd+9lsWBM26OhY2mqeW70=;

b=YgM+x/DK0EW38FWR5QdYnrHmwztk5dSsCLRVEG/h8ePckq1pgpRGveCIsZvkADn1Ks

qKCNPbKKDDLtdOsO+ndj7ROrmzYHpzEjOZwyYx5JEMpfV+70bil/zwjtyZOu7lHhOYf9

7yN+xUo+wf30rLqZC+7fMfx25pEYq/VvMd9KFrMYEAJ7fcPSC7L9QX88UmtvOm6lpIky

WWu3ToCaz4UHT+V5CfjFuZUXRVYgY04Myvqa+yGgH8JbdfAo9EUaah9i4XFjYzqjJmkc

6CXhOwviTWWICXEKyG+GABy0S3Z1ujuNjxMQHu4dtUS3mXx2GxGjtKF1PdiARTMOsgpt

G3Dw==

X-Gm-Message-State: AJIora/OJArVcHanOUpIyvsI959CX52CvaLssMWAcRrez6E0evqGa5QZ

QiqfTGEUuwvzprMOYByMUvnyKBrr2WyNPSHtA/8=

X-Google-Smtp-Source: AGRyM1tka1ESWMYRdoZgHptyqpGvYrxKUPnLfWL5v34I3ENFbjm3ACtGrGqawvanq0qubdv6Q9Di+SAvfCSniTlb1c4=

X-Received: by 2002:a05:6602:258e:b0:675:4648:ad5f with SMTP id

p14-20020a056602258e00b006754648ad5fmr489496ioo.14.1656289460162; Sun, 26 Jun

2022 17:24:20 -0700 (PDT)

MIME-Version: 1.0

From: Sonia kouassi

Date: Mon, 27 Jun 2022 00:24:09 +0000

Message-ID:

Subject: =?UTF-8?B?R3LDvMOfZQ==?=

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000eb12de05e262f09c"

Bcc: doctor@doctor.nl2k.ab.ca



--000000000000eb12de05e262f09c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Gr=C3=BC=C3=9Fe



Ich bin Frau Sonia Kouassi aus Abidjan Elfenbeink=C3=BCste (C=C3=B4te d'Ivo=

ire). Ich

bin ein 22-j=C3=A4hriges M=C3=A4dchen, ein Waisenkind, weil ich keine Elter=

n habe.

Meine Onkel drohen, mich wegen des Erbes zu t=C3=B6ten, das mein Vater f=C3=

=BCr mich

hinterlassen hat US-Dollar) zehn Millionen f=C3=BCnfhunderttausend US-Dolla=

r,

die ich von meinem verstorbenen Vater geerbt habe, aber er hat das Geld auf

ein Fest-/Streukonto bei einer der besten Banken hier in Abidjan eingezahlt=

,

In =C3=9Cbereinstimmung mit der Bank, den Fonds auf ein ausl=C3=A4ndisches =

Bankkonto

f=C3=BCr Investitionen im Ausland zu =C3=BCberweisen, aber er starb, ohne d=

en Fonds

zu =C3=BCberweisen, verwendete mein Vater meinen Namen als ihre einzige Toc=

hter

f=C3=BCr die n=C3=A4chsten Angeh=C3=B6rigen, als er den Fonds einzahlte, un=

d der Fonds

kann nur auf ein ausl=C3=A4ndisches Bankkonto =C3=BCberwiesen werden, alles=

, was ich

brauche, ist Ihre Ehrlichkeit als meine ausl=C3=A4ndische Anleitung, und um=

mir

zu helfen, den Fonds zu investieren, und mir auch zu helfen, meine

Ausbildung in Ihrem Land fortzusetzen

Bitte, wenn Sie voll und ganz damit einverstanden sind, mir zu diesem Zweck

zu helfen, geben Sie bitte Ihr Interesse an, indem Sie mir zur=C3=BCckschre=

iben,

dann werde ich Ihnen die notwendigen Informationen zum weiteren Vorgehen

geben, ich werde Ihnen danach 20 % des Gesamtbetrags f=C3=BCr Ihre Hilfe ge=

ben

die =C3=9Cbertragung, danke f=C3=BCr Ihre Sorge

Deine

Sonja Kuassi



--000000000000eb12de05e262f09c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Gr=C3=BC=C3=9Fe

Ich bin Frau Sonia Kouassi aus Abid=

jan Elfenbeink=C3=BCste (C=C3=B4te d'Ivoire). Ich bin ein 22-j=C3=A4hri=

ges M=C3=A4dchen, ein Waisenkind, weil ich keine Eltern habe. Meine Onkel d=

rohen, mich wegen des Erbes zu t=C3=B6ten, das mein Vater f=C3=BCr mich hin=

terlassen hat US-Dollar) zehn Millionen f=C3=BCnfhunderttausend US-Dollar, =

die ich von meinem verstorbenen Vater geerbt habe, aber er hat das Geld auf=

ein Fest-/Streukonto bei einer der besten Banken hier in Abidjan eingezahl=

t,
In =C3=9Cbereinstimmung mit der Bank, den Fonds auf ein ausl=C3=A4ndi=

sches Bankkonto f=C3=BCr Investitionen im Ausland zu =C3=BCberweisen, aber =

er starb, ohne den Fonds zu =C3=BCberweisen, verwendete mein Vater meinen N=

amen als ihre einzige Tochter f=C3=BCr die n=C3=A4chsten Angeh=C3=B6rigen, =

als er den Fonds einzahlte, und der Fonds kann nur auf ein ausl=C3=A4ndisch=

es Bankkonto =C3=BCberwiesen werden, alles, was ich brauche, ist Ihre Ehrli=

chkeit als meine ausl=C3=A4ndische Anleitung, und um mir zu helfen, den Fon=

ds zu investieren, und mir auch zu helfen, meine Ausbildung in Ihrem Land f=

ortzusetzen
Bitte, wenn Sie voll und ganz damit einverstanden sind, mir =

zu diesem Zweck zu helfen, geben Sie bitte Ihr Interesse an, indem Sie mir =

zur=C3=BCckschreiben, dann werde ich Ihnen die notwendigen Informationen zu=

m weiteren Vorgehen geben, ich werde Ihnen danach 20 % des Gesamtbetrags f=

=C3=BCr Ihre Hilfe geben die =C3=9Cbertragung, danke f=C3=BCr Ihre Sorge
>Deine
Sonja Kuassi




--000000000000eb12de05e262f09c--