NetKnow Corporate Blog

National Bank Phish from sendgrid.net Part 2

Posted by Dave Yadallee on Thursday, May 7. 2026

der=3D0>

align=3Dcenter>
gn=3Dcenter=20

border=3D0>

style=3D"FONT-SIZE: 14px; FONT-FAMILY: Arial,sans-serif,'Open San=

s'; COLOR: #333333; LINE-HEIGHT: 19px"=20

vAlign=3Dtop width=3D600 align=3Dleft>

align=3Dleft> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/mod=

ele-courriel/icon-confirm-84x44.gif"=20

width=3D42 height=3D22>

style=3D"FONT-SIZE: 14px; FONT-FAMILY: Arial,sans-serif; =

FONT-WEIGHT: bold; COLOR: #ffffff; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; P=

ADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 19px; PADDING-RIGHT: 0px">MESSA=

GE=20

CONFIRMATION=20

Y>

der=3D0>

der=3D0>

style=3D"FONT-SIZE: 14px; FONT-FAMILY: Arial,sans-serif,'Open San=

s'; COLOR: #333333; LINE-HEIGHT: 19px"=20

vAlign=3Dtop align=3Dleft>

style=3D"FONT-SIZE: 20px; FONT-FAMILY: Arial,sans-serif; FONT-W=

EIGHT: normal; COLOR: #00334d; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDI=

NG-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 24px; PADDING-RIGHT: 0px">Complianc=

e=20

Verification Update

style=3D"FONT-SIZE: 10px; HEIGHT: 10px; LINE-HEIGHT: 10px">
V>Dear=20

Client,

To support account security, regulatory complian=

ce,=20

and anti-money laundering controls, we are updating our investo=

r=20

identity verification procedures. These measures are intended t=

o=20

help protect financial accounts, reduce the risk of unauthorize=

d=20

activity, and ensure that investor information remains accurate=

and=20

current.

As part of this process, investors may be asked=

to=20

review identification details, confirm contact information, ver=

ify=20

account ownership, or update required documents. Completing the=

se=20

steps helps maintain a safer investment environment and support=

s our=20

compliance obligations under applicable securities and anti-mon=

ey=20

laundering rules.

Please proceed using the link below to=

=20

complete your verification:

href=3D"https://mjjwci7p5dtqvs0y4yk730e.live">Complete=20

verification

Thank you for your cooperation as we=20

continue working to protect investor accounts and maintain a se=

cure,=20

compliant investment platform.=20

der=3D0>

align=3Dcenter>
der=3D0>

der=3D0>

style=3D"BORDER-TOP: #a6a6a6 1px solid; BORDER-BOTTOM: #a6a6a6 1px soli=

d; PADDING-BOTTOM: 12px; PADDING-TOP: 12px"=20

vAlign=3Dtop align=3Dcenter>

er=20

border=3D0>

>
style=3D"WIDTH: 630px; MIN-WIDTH: 630px; MIN-HEIGHT: 1px;=

DISPLAY: block; MAX-HEIGHT: 1px"=20

alt=3D""=20

src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/mod=

ele-courriel/spacer-social-media-1x1.gif"=20

width=3D630 height=3D1>

er=20

border=3D0>

ABLE>

=3Dcenter=20

border=3D0>

height=3D1>
style=3D"WIDTH: 600px; MIN-WIDTH: 600px; MIN-HEIGHT=

: 1px; DISPLAY: block; MAX-HEIGHT: 1px"=20

alt=3D""=20

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/spacer-social-media-1x1.gif"=20

width=3D600 height=3D1>

TD>

er=3D0>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-ser=

if,'Open Sans'; COLOR: #000000; LINE-HEIGHT: 15px; PADDING-RIGHT: 4px"=20

vAlign=3Dmiddle align=3Dright>Stay connected

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-ser=

if,'Open Sans'; COLOR: #000000; PADDING-LEFT: 6px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D25 align=3Dleft>
href=3D"https://www.facebook.com/nationalbanknetwor=

ks"=20

target=3D_blank> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-facebook-25x25.gif"=20

width=3D25 height=3D25>

National Bank Phish from sendgrid.net Part 3

Posted by Dave Yadallee on Thursday, May 7. 2026

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-ser=

if,'Open Sans'; COLOR: #000000; PADDING-LEFT: 6px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D25 align=3Dleft>
href=3D"https://twitter.com/nationalbank/"=20

target=3D_blank> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-twitter-25x25.gif"=20

width=3D25 height=3D25>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-ser=

if,'Open Sans'; COLOR: #000000; PADDING-LEFT: 6px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D25 align=3Dleft>
href=3D"https://www.youtube.com/user/nationalbankne=

tworks"=20

target=3D_blank> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-youtube-25x25.gif"=20

width=3D25 height=3D25>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-ser=

if,'Open Sans'; COLOR: #000000; PADDING-LEFT: 6px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D25 align=3Dleft>
href=3D"https://www.linkedin.com/company/national-b=

ank-of-canada/"=20

target=3D_blank> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-linkedin-25x25.gif"=20

width=3D25=20

height=3D25>

der=3D0>

der=3D0>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Open San=

s'; COLOR: #686868; PADDING-BOTTOM: 30px; PADDING-TOP: 30px; LINE-HEIGHT: 1=

5px"=20

vAlign=3Dtop align=3Dleft>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Op=

en Sans'; COLOR: #686868; PADDING-BOTTOM: 15px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle align=3Dleft>
style=3D"TEXT-DECORATION: underline; COLOR: #686868"=20

href=3D"https://www.nbc.ca/terms-of-use.html?utm_campaign=

=3Dacq_credit-card_aem-forms-email_en&utm_medium=3Demail&utm_source=

=3Depush-bnc&utm_content=3Dinterrompu&utm_term=3D"=20

target=3D_blank>Terms of=20

use

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Op=

en Sans'; COLOR: #686868; PADDING-BOTTOM: 15px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D20 align=3Dcenter>|

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Op=

en Sans'; COLOR: #686868; PADDING-BOTTOM: 15px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle align=3Dleft>
style=3D"TEXT-DECORATION: underline; COLOR: #686868"=20

href=3D"https://www.nbc.ca/privacy-policy.html?utm_campai=

gn=3Dacq_credit-card_aem-forms-email_en&utm_medium=3Demail&utm_sour=

ce=3Depush-bnc&utm_content=3Dinterrompu&utm_term=3D"=20

target=3D_blank>Privacy=20

policy

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Op=

en Sans'; COLOR: #686868; PADDING-BOTTOM: 15px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle width=3D20 align=3Dcenter>|

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Op=

en Sans'; COLOR: #686868; PADDING-BOTTOM: 15px; LINE-HEIGHT: 15px"=20

vAlign=3Dmiddle align=3Dleft>
style=3D"TEXT-DECORATION: underline; COLOR: #686868"=20

href=3D"https://www.nbc.ca/abcs-of-security.html?utm_camp=

aign=3Dacq_credit-card_aem-forms-email_en&utm_medium=3Demail&utm_so=

urce=3Depush-bnc&utm_content=3Dinterrompu&utm_term=3D"=20

target=3D_blank>ABC's of=20

security

style=3D"FONT-SIZE: 15px; HEIGHT: 15px; LINE-HEIGHT: 15px">
V>
style=3D"FONT-SIZE: 8px; VERTICAL-ALIGN: 5px; LINE-HEIGHT: 0">=

=A9=20

National Ba=

nk of=20

Canada. All rights reserved. Any reproduction, in whole or in p=

art,=20

is strictly prohibited without the prior written consent of
AN=20

style=3D"WHITE-SPACE: nowrap">National Bank of Cana=

da.=20

National Bank of Canada, 800 St-Jacques Street,=20

Montreal (Quebec)
style=3D"WHITE-SPACE: nowrap">H3C 1A3

>
style=3D"TEXT-DECORATION: underline; COLOR: #686868"=20

href=3D"https://www.nbc.ca?utm_campaign=3Dacq_credit-card_aem-f=

orms-email_en&utm_medium=3Demail&utm_source=3Depush-bnc&utm_con=

tent=3Dconfirmation&utm_term=3D"=20

target=3D_blank>
style=3D"COLOR: #686868">nbc.ca

For options t=

o=20

unsubscribe,
6868"=20

href=3D"https://www.nbc.ca/forms/communications/withdraw-consen=

t.html"=20

target=3D_blank>click here
>.=20

DY>

style=3D"FONT-SIZE: 8pt; FONT-FAMILY: 'Cambria','times roman',serif; LINE-H=

EIGHT: 10pt">
CONFIDENTIALIT=C9=20

: Ce document est destin=E9 uniquement =E0 la personne ou =E0 l'entit=E9 =

=E0 qui il est=20

adress=E9. L'information apparaissant dans ce document est de nature l=E9ga=

lement=20

privil=E9gi=E9e et confidentielle. Si vous n'=EAtes pas le destinataire vis=

=E9 ou la=20

personne charg=E9e de le remettre =E0 son destinataire, vous =EAtes, par la=

pr=E9sente,=20

avis=E9 que toute lecture, usage, copie ou communication du contenu de ce d=

ocument=20

est strictement interdit. De plus, vous =EAtes pri=E9 de communiquer avec=20

l'exp=E9diteur sans d=E9lai et de d=E9truire ce document imm=E9diatement.=20

CONFIDENTIALITY: This document is intended solely for the individual or=

=20

entity to whom it is addressed. The information contained in this document =

is=20

legally privileged and confidential. If you are not the intended recipient =

or=20

the person responsible for delivering it to the intended recipient, you are=

=20

hereby advised that you are strictly prohibited from reading, using, copyin=

g or=20

disseminating the contents of this document. Please inform the sender=20

immediately and delete this document immediately.

National Bank Phish from sendgrid.net Part 1

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 13:47:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL4fg-00000000Epr-1S0Y

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 13:46:08 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 13:46:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.wrqvtvvn.outbound-mail.sendgrid.net ([149.72.120.130]:45132)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKxu8-00000000EOi-2n0w

for doctor@doctor.nl2k.ab.ca;

Thu, 07 May 2026 06:32:45 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zh-info-mktiyu.com;

h=list-unsubscribe:list-unsubscribe-post:from:subject:date:to:

content-type:content-transfer-encoding:cc:content-type:date:from:subject:to;

s=s1; t=1778157103;

bh=hZCz4eO6e5MX7s0IQ7O3qrmKVcxeKQuCrNuB9DfUH0k=;

b=nVjqoZSODjDR70L7ALMeb44O96WI9evUYUNDTwDLMt2dDYg8LWwDai9OB/RdGdsZxBBU

VTfgw0rl1PDiPS1bWrd4YdbLYZgv2lDi6iDmPVgLKdP32Xu2Oht9xRejf6NlW5wrDYJOgB

ReL2CLrWtKtcBCW0pVbigJcPY8SlLfuaV+GMLthfcKjNHnYWR1hr3kfWB/KahK9kNOXE3G

Y3JNlv/TSO5ZEQR2VbHFGuvUhX4HgZvEvhlFUehiiddh2NOJljCDnRAAm57pgMs1iVFdBN

zWe2caBeX4CVIwhOANltBzhqZqjyb4oE/AlS/ITOSYATP2CZncMEfCkPM3op1msw==

Received: by recvd-58d6d9468b-ck8hv with SMTP id recvd-58d6d9468b-ck8hv-1-69FC862F-42

2026-05-07 12:31:43.582787952 +0000 UTC m=+745073.319380968

Received: from zhengyitool.com (unknown)

by geopod-ismtpd-canary-0 (SG)

with ESMTP id mM3MT0uRQ_u9WLnJRo_n4w

for ;

Thu, 07 May 2026 12:31:43.423 +0000 (UTC)

X-Priority: 5

X-Mailer: Apple Mail (2.3445.9.1)

List-Unsubscribe:

=?us-ascii?Q?=3Chttps=3A=2F=2Fqiruebceh64ewc=40zh-info-mktiyu=2Ecom=2Funsubscribe=3Femail=3Dd?=

=?us-ascii?Q?octor=40doctor=2Enl2k=2Eab=2Eca=3E?=

List-Unsubscribe-Post: List-Unsubscribe=One-Click

From: National Bank Direct Brokerage

Subject: Compliance Verification Update

Message-ID: <618d1d27ee81e95b341cdc7d35698bba@zh-info-mktiyu.com>

Date: Thu, 07 May 2026 12:31:43 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2EqSrTYuf+buIuYTIRkkJ60PaCuK8FLEKUxWjcziMBe29vlItGCdu71=2FBuH?=

=?us-ascii?Q?7huuoZ30RHYwu7PUKJVBnZ5gZk1IRWIstkOYdvo?=

=?us-ascii?Q?IDLMTBhGQgMhzfad9RiWxBffaqyEk3L49ArvSdb?=

=?us-ascii?Q?OqNpyRbtdAGilSzTv6fjbfIKz=2FCTHtOFpdKSJ6C?=

=?us-ascii?Q?ZGxROtPWgqVEQQ1AlK+966W7XBQFTy68OR9y+l6?=

=?us-ascii?Q?FQY+jGuSGTfEbxwfQ8+GRYBhXbhlGIfZ3rsmETN?=

=?us-ascii?Q?jdYEsqhDY0KpJp2g3rddnQKedk4JPhwawhs6h1O?=

=?us-ascii?Q?gEbAWu18=3D?=

To: doctor@doctor.nl2k.ab.ca

X-Entity-ID: u001.EgAWfq/KHWaYWE8dhB1RNg==

Content-Type: text/html; charset=iso-8859-1

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 23.2

X-Spam_score_int: 232

X-Spam_bar: +++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Compliance Verification Update MESSAGE CONFIRMATION Compliance

Verification Update

Content analysis details: (23.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[149.72.120.130 listed in dnsbl.ahbl.org]

[149.72.120.130 listed in dnsbl.ahbl.org]

[149.72.120.130 listed in dnsbl.ahbl.org]

[149.72.120.130 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[149.72.120.130 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[149.72.120.130 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[149.72.120.130 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[149.72.120.130 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

[149.72.120.130 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[149.72.120.130 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[149.72.120.130 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Compliance Verification Update

Compliance Verification Update

0>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Open Sans'; CO=

LOR: #666666; PADDING-BOTTOM: 45px; LINE-HEIGHT: 12px"=20

vAlign=3Dtop width=3D600 align=3Dleft>
style=3D"TEXT-DECORATION: underline; COLOR: #666666"=20

href=3D"https://mjjwci7p5dtqvs0y4yk730e.live" target=3D_blank>
style=3D"DISPLAY: block" border=3D0 alt=3D"Button to the BNC website"=

=20

src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/picto/NB_2D_RGB=

.jpg"=20

width=3D217>

der=3D0>

DY>

Web/SEo/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Thursday, May 7. 2026

boundary="_000_PUZPR01MB5228EB6B66E6DB05C0BA6FC6CF3C2PUZPR01MB5228apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: PUZPR01MB5228.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 029a9635-a550-49cb-70b6-08deac32f917

X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2026 12:20:06.0196

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEL0PF68DC17F71

--_000_PUZPR01MB5228EB6B66E6DB05C0BA6FC6CF3C2PUZPR01MB5228apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

Hi,

I hope you're doing well.

We specialize in SEO services that help businesses improve their Google ran=

kings, increase website traffic, and generate more leads online.

If you're interested, I=92d be happy to share our SEO packages and price li=

st with you.

Best regards,

Abhinav Sharma

--_000_PUZPR01MB5228EB6B66E6DB05C0BA6FC6CF3C2PUZPR01MB5228apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

252">

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

Hi,

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

I hope you're doing well.

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

We specialize in SEO services that help businesses improve their Google ran=

kings, increase website traffic, and generate more leads online.

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

If you're interested, I=

=92d be happy to share our SEO packages and price list with you.
v>

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: rgb(0,=

0, 0);">

Best regards,

t;, "Helvetica Light", sans-serif; font-size: 11pt; color: black;=

">

Abhinav Sharma=

nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

--_000_PUZPR01MB5228EB6B66E6DB05C0BA6FC6CF3C2PUZPR01MB5228apcp_--

Web/SEo/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 13:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL4eY-00000000AVX-48at

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 13:44:58 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 13:44:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19012055.outbound.protection.outlook.com ([52.103.43.55]:28574 helo=TYPPR03CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKxjE-00000000FXX-0c7j

for root@nk.ca;

Thu, 07 May 2026 06:21:30 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=YNwhgsxx9nYaqwCaocrZaes17UXwHrgAaf2HmDG9uDpAEJH5nz4TPzMFAGNfbpwsJElzb0CE3OKNpCv/xmm/EVOfLAaEIeTRFPeZdRc/WWmqNdjFNRFCaVwny9kAB02qf22ifgSuUKWHiqukH26e2K092hUbtYTo4jS9MtRBY/XRUviEx1KA+TYITz/Ljmba1Ep9aYnhhSMJZVHSNujFjPvv4EqaV6ln8aYy40FrokY1zKRI3Zwk6pX7gwZh3TFKZt4wdLxI38D+r4YuSb1cVKGZzuQ+mKAcsVahFfdAibvAUhL8HrfOEFYuvkYLN7qbQuIYiQ8omrsg4/h+ITX9nA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=fZz06zfNduNCDheEdIpsdcBQw5FB91pVvYeDzFTHv6w=;

b=aanHjmX+XJIhaLCH4Uu0bjH8zqALlR3waGcqAr/YAtpHovGzrA42tbk8mDdPDTWjUA2g+k2P++7TS3f0cOSCRtJXP/7E8OM0Znk8CjA+K2ODAvHxFNqNPnq07sPxS5TpPwm3qPtyj/Kk4QXX5DFEVL2+jGBqCltjqTGGaLkce2at1CjDnMQ+XkDIc8NVaNoq2/hy7/algqOaW6AAdej4YYRC2g606/CAi587QVstSlCwcLhm+ux8LvEOqSXHshMAbJOUETOeTE6hz9r/LRxb7DLU/74sM4TpsIN6NWvvqoDVD1aHfirpm4JXWkZGP+p84ncdPtBNipMVLLiMv2U8HA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=fZz06zfNduNCDheEdIpsdcBQw5FB91pVvYeDzFTHv6w=;

b=sgIsnDGhZkwqQzfvl6/0kuBa/zTv+8BN0Zp04L0HQxRcclOdDZT/CLfPi3JnBQJyNjTd0Yr67c7oFcFh52L07z/N7z82OPtN12OmVbGhlFdIEE/kPaDGTnn0oqD5dk7qRY+MHPA+zxfuMzqIqiR5/RODQJ0qeqDzN15HAoMhm1whxlH5xm0FXg5tM9zifF+4meN7pn22JEWy4jEiiE/TBcx4mCJVGUyr5GrxIhrqNGaowP15FfqAnJRsdHdm9h5P+1lsYjzG42/alwHIhNZL/REvPbPEsITL31GiUt74iZnvj1tQP20QZOlGdjWlhwKbkR+P08+PB+YXVtuYrbNwzg==

Received: from PUZPR01MB5228.apcprd01.prod.exchangelabs.com

(2603:1096:301:11d::14) by SEL0PF68DC17F71.apcprd01.prod.exchangelabs.com

(2603:1096:108:1::5a6) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.17; Thu, 7 May

2026 12:20:06 +0000

Received: from PUZPR01MB5228.apcprd01.prod.exchangelabs.com

([fe80::8967:d35e:4c65:fd7c]) by PUZPR01MB5228.apcprd01.prod.exchangelabs.com

([fe80::8967:d35e:4c65:fd7c%7]) with mapi id 15.20.9891.008; Thu, 7 May 2026

12:20:06 +0000

From: Abhinav sharma

Subject: Hire SEO Experts

Thread-Topic: Hire SEO Experts

Thread-Index: AQHc3hoi2RdUDwZ4CkadF1xupSp8XQ==

Date: Thu, 7 May 2026 12:20:06 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: PUZPR01MB5228:EE_|SEL0PF68DC17F71:EE_

x-ms-office365-filtering-correlation-id: 029a9635-a550-49cb-70b6-08deac32f917

x-microsoft-antispam:

BCL:0;ARA:14566002|55001999006|2604032031799003|20101099007|15001099006|704163111799003|461199028|8060799015|8062599012|19101099003|16051099003|31061999003|15030799006|19110799012|24121999003|37011999003|22091999003|15080799012|39105399006|26104999009|51015399003|40105399003|18071099003|440099028|3412199025|26121999007|102099032;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?JSFjqb02k57sJ9YKlj6c7RFTKmFQ/EFUtZ9Js+zrjMYdxEAPZHF2yUNW?=

=?Windows-1252?Q?ozEYg5rZ7mLVa5qiIFHkChroxCRAC84/vDYiCBCIoVwEzeioczdFKgDM?=

=?Windows-1252?Q?1jguY3qPHLff8DXYdveWrUAdDW+ZcFitDpPURlWZneju4rvf4ki/9iy8?=

=?Windows-1252?Q?nVUcIO+EtcCe33TLcz1aIEfT0mIwE0+xYLErDtOuQIIZYr2oQh5rZquF?=

=?Windows-1252?Q?fRCm0bXX7FvapUg1jikMQSHNT91X0IwL4LXEi77LZaLUnWDY3WlfURqp?=

=?Windows-1252?Q?8HcbngT1TcQcbiFazxWRUzlXnAmwmETiImVUPp4Xf/XpCiew+Ln4dyEo?=

=?Windows-1252?Q?sILvOxqM2r1yFBGLLO4xEAaG3tYow7u94K6FzcSnLRuo31prhYmQ4Hap?=

=?Windows-1252?Q?djOm77ciYzbczcTnnETcxtiXkq0sIHB+ayoDDJqRI4ibgfHLglaPzEtS?=

=?Windows-1252?Q?MAaTYTatGbFqtfkxdR+bNMc2mbn7ZbbThHkFgbHxxl0IUJB+SAbyzN7f?=

=?Windows-1252?Q?ZhM/6KkKVRjHc76LJo1cnueHB2SdI2vjTlqgCV0oDwqfAyyJ4P8pBiy4?=

=?Windows-1252?Q?by0HfhOxPO1P7ldgQlY/1UbKT5KPRCzjnw6HamZIHycNkctG5UO5K2V2?=

=?Windows-1252?Q?LFxWYOUxhEdYyBLvyVz7+F6AaOVKTgjI+n2Qh1xexfQuXvijnRG85qXH?=

=?Windows-1252?Q?qfoLNndBBmRJeZN44qTctu8E3P55CLynYrLI66K7Esa78Xa4royf5moQ?=

=?Windows-1252?Q?u70OxpC+yTLcYceISFllcY0pFA7Atjre99MUAYeyUsIWeLcymtlhv7Ws?=

=?Windows-1252?Q?WC12IMP30CqxTQGVxKeEhw8+obvMRZDdLgFusW9n7jnJZkgwlnBmCVmV?=

=?Windows-1252?Q?xAZFLaanS3IIPhoQW8KXEAbwwX58jQHJH76g3e/jigRPePomoMLpqFH7?=

=?Windows-1252?Q?zyMyryR78A0uD2KF3xAF2st7/yhjHqyhFLPy7eiRL2xezmnAS/YN+JQ4?=

=?Windows-1252?Q?EyKa8NakiXJ0UPsD6tgIR0K2Eski1/eMHSM6AbJvv/HuYafnNveeZPQ+?=

=?Windows-1252?Q?OL5trPOYRgw0pwFfobrP7Fs+OPfGMzreBcO8SjPXDrKF+L6ALes+QYUn?=

=?Windows-1252?Q?K2sJEpyIBh3nYCtXFSNV2Q0jjCCm+GjD7WKtevwnsCuS0kj8JNQu14Ay?=

=?Windows-1252?Q?WgbeKT1OFT1YVTjRs8jHgJpbqYtV0g9+sV55fpQuHOvX1AGglle6qFBm?=

=?Windows-1252?Q?zdpn6zjJftxaFf7xMQ/1xgwNq3pwzq//hVgDUc6s+WFu7HD9wRVmoiJV?=

=?Windows-1252?Q?2igWitpU/TQsAm2aRojJEbhf7CxBN/CPCuMAjzl6zuVEVVrfETjoVQV4?=

=?Windows-1252?Q?fmlxAqDpdr/lwT4DQPUnUBDRHyXlOlSRa0xkeU47wSyHs4Etvnj3EkB3?=

=?Windows-1252?Q?Bina/abDA7uytugdOBqBJ7TPQCiZFWTfXALqii5rhNA=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?AIXtlDTdgKBXJhX8++84iGGG50e4Yh1+e8A2SHq7RSPMaD8bFfni8gEA?=

=?Windows-1252?Q?uUoSChW6nVRP/eb22/P9j88G3PP6sywY7fX6OHVkutpiwIDgVMFQicdo?=

=?Windows-1252?Q?UXOsJGPBbbLT2tmQ2qv2G9UVXHeCMTQjL1xKwxTrDfIrMvQSzZEWSfSN?=

=?Windows-1252?Q?Nuv2dGCdGvR0WDdzUdVa8sm3p3PW386LqtZRM2oLU2VuXO6U0p0sXrP0?=

=?Windows-1252?Q?nxlgLBXnVTklXVkoh8hjxL8UfoByuiw3V+2t74VYl4sbQIDDXMyM3IrR?=

=?Windows-1252?Q?r929K/dEwINSPA1d+IW0PxfmvgrzDPh7GLAtpXy16C1CEVpA3Uym+GZg?=

=?Windows-1252?Q?cCOSi+sGRapRKcoST6859tQA3w567zalc0fPLSMiAKQodqTFDjr7UrhJ?=

=?Windows-1252?Q?oYhIzacGfsHcpoutMJ0gurWzxg2dQx+eDXvzc5L+10DtQ6xeJmKmt8na?=

=?Windows-1252?Q?isPTecCgjE6G72TCV1pcsndz6JCXHGx6nY10ZcgKr2jMdOvn1zBH175s?=

=?Windows-1252?Q?gUjx0gKDqmYAFYB9MRhMwHI8C0VOkjVFeFUjTfxt/qDodbbybNxHLXQk?=

=?Windows-1252?Q?G7CAX2P7SRWuBrIVBm6QZhNFcDaHVFHDVePkutB9VCtzeS4O7cVa6aK+?=

=?Windows-1252?Q?zD1YJ0l7WoMpX6oJh1w59BFAQyHVczGm9Vhqm5ZhUDsBg1Bi+weHDTJf?=

=?Windows-1252?Q?Xt6TEHhNpB0X/TiGN7rTegpOj6y0nn78xmy3ZN5GSLKAt5FMoFSdT7V6?=

=?Windows-1252?Q?/cmUQzOLD9z7y+2B38nTN/icfCUgjs650bILf1ja79/reFTeotZInVrr?=

=?Windows-1252?Q?e9GkzaolECwroSrnYpa4+EVcI5Ks+NBplS6pvi55MTvvhUc8oC9epAvq?=

=?Windows-1252?Q?QmU9km/KyIp7C6Xxz7tBIix7DawVCCLle4vX23q66AwbevvoA/ld/1b7?=

=?Windows-1252?Q?niGaqTzcgLdQXtPpJPXxVYb/7BAM/lTs7kYOt18s834P4RszT6rrzUex?=

=?Windows-1252?Q?ug4PqUaxjljSR9BD/yMsihCnozXUmqcnSGjsfY8KWlxqURh+q47o8j1D?=

=?Windows-1252?Q?CeqrakiWlB3MBgt+26ZKWVGmLQ99a0PfTV+uCyRMkZzjArrUtxOIVvKq?=

=?Windows-1252?Q?qlRBtWT38V7tw1+RUeejybuUrm7SOMK7H5yf4gvgYQswo1J5IiZUM5HI?=

=?Windows-1252?Q?nRhhcFoNgzcFTAw2f3YKSAq/X+IXFUFaomCybOUgDX4prWTTxAW+nyKm?=

=?Windows-1252?Q?YKm1v5h7HTOgWgStuumeYpTyIR+S9955v7e+v61yRw9MpUGIN4fgXY6S?=

=?Windows-1252?Q?sDmVhKd1XAMLo09d2ky3aUh5jFvAXa9hctN/Rm6A5AP5qKJO2QFXqqSs?=

=?Windows-1252?Q?afb2ZpYni6PKJlA0A4D5CKwEEM7nlPHY8TJ6bd1TUtSDopMh0cSNpd/9?=

=?Windows-1252?Q?aKXF8zZp92foLBw4LGYDgixNJkvL7otdxSgE+pZX0ZQLSPauTQw+gsaw?=

=?Windows-1252?Q?ErvHeTeuufaJ+WD9Y3zwz2IXkEe6EyQen91k7NG0CVohf5e04LaKZYkZ?=

=?Windows-1252?Q?JH6BlT6r7JzMCZB1?=

Content-Type: multipart/alternative;

National Bank Phish from Sendgrid PArt 3

Posted by Dave Yadallee on Thursday, May 7. 2026

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-linkedin-25x25.gif"=20

width=3D25=20

height=3D25>
ABLE>

der=3D0>

der=3D0>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Open San=

s'; COLOR: #686868; PADDING-BOTTOM: 30px; PADDING-TOP: 30px; LINE-HEIGHT: 1=

5px"=20

vAlign=3Dtop align=3Dleft>

National Bank Phish from Sendgrid PArt 2

Posted by Dave Yadallee on Thursday, May 7. 2026

der=3D0>

align=3Dcenter>
gn=3Dcenter=20

border=3D0>

style=3D"FONT-SIZE: 14px; FONT-FAMILY: Arial,sans-serif,'Open San=

s'; COLOR: #333333; LINE-HEIGHT: 19px"=20

vAlign=3Dtop width=3D600 align=3Dleft>

align=3Dleft> 3D""=20<br

src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/mod=

ele-courriel/icon-confirm-84x44.gif"=20

width=3D42 height=3D22>

Y>

der=3D0>

der=3D0>

align=3Dcenter>
der=3D0>

der=3D0>

style=3D"BORDER-TOP: #a6a6a6 1px solid; BORDER-BOTTOM: #a6a6a6 1px soli=

d; PADDING-BOTTOM: 12px; PADDING-TOP: 12px"=20

vAlign=3Dtop align=3Dcenter>

R>

E>

Thai Language Canva Phish from Amazon Part 2

Posted by Dave Yadallee on Thursday, May 7. 2026

------=_Part_1405281_319353436.1778170629532

Content-Type: multipart/alternative;

boundary="----=_Part_1405280_1907887602.1778170629532"

------=_Part_1405280_1907887602.1778170629532

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

=E0=B8=A1=E0=B8=B5=E0=B8=94=E0=B8=B5=E0=B9=84=E0=B8=8B=E0=B8=99=E0=B9=8C=E0=

=B8=96=E0=B8=B9=E0=B8=81=E0=B9=81=E0=B8=8A=E0=B8=A3=E0=B9=8C=E0=B8=81=E0=B8=

=B1=E0=B8=9A=E0=B8=84=E0=B8=B8=E0=B8=93=E0=B9=82=E0=B8=94=E0=B8=A2 swp30000=

@swp.=EF=BB=BFac.=EF=BB=BFth=20

=C2=A0

=E0=B8=84=E0=B8=B8=E0=B8=93=E0=B8=A3=E0=B8=B9=E0=B9=89=E0=B8=88=E0=B8=B1=

=E0=B8=81=E0=B8=84=E0=B8=99=E0=B8=99=E0=B8=B5=E0=B9=89=E0=B8=A1=E0=B8=B1=E0=

=B9=89=E0=B8=A2?
=E0=B8=84=E0=B8=B3=E0=B9=80=E0=B8=8A=E0=B8=B4=E0=B8=

=8D Canva =E0=B8=99=E0=B8=B5=E0=B9=89=E0=B8=A1=E0=B8=B2=E0=B8=88=E0=B8=B2=

=E0=B8=81=E0=B8=84=E0=B8=99=E0=B8=97=E0=B8=B5=E0=B9=88=E0=B8=84=E0=B8=B8=E0=

=B8=93=E0=B8=AD=E0=B8=B2=E0=B8=88=E0=B9=84=E0=B8=A1=E0=B9=88=E0=B8=A3=E0=B8=

=B9=E0=B9=89=E0=B8=88=E0=B8=B1=E0=B8=81 =E0=B8=A3=E0=B8=B0=E0=B8=A7=E0=B8=

=B1=E0=B8=87=E0=B8=88=E0=B8=B0=E0=B8=96=E0=B8=B9=E0=B8=81=E0=B8=AB=E0=B8=A5=

=E0=B8=AD=E0=B8=81=E0=B8=99=E0=B8=B0
report-content/?disable_dsa=3Dtrue&category=3DJ&app=3Ddesign_share_email&so=

urce=3Ddesign&content_id=3DDAHJAKUnPbc">=E0=B8=A3=E0=B8=B2=E0=B8=A2=E0=B8=

=87=E0=B8=B2=E0=B8=99=E0=B9=84=E0=B8=94=E0=B9=89=E0=B9=80=E0=B8=A5=E0=B8=A2=

=E0=B8=96=E0=B9=89=E0=B8=B2=E0=B8=A3=E0=B8=B9=E0=B9=89=E0=B8=AA=E0=B8=B6=E0=

=B8=81=E0=B8=A7=E0=B9=88=E0=B8=B2=E0=B8=99=E0=B9=88=E0=B8=B2=E0=B8=AA=E0=B8=

=87=E0=B8=AA=E0=B8=B1=E0=B8=A2=C2=A0 =20

=C2=A0

User Paid 950.=EF=BB=BF99 USD for iPhone and Canva Premium via PayPal If=

not, Immediately call +1 816 544 2270.=EF=BB=BF #

=C2=A0=20

=C2=A0=E0=B9=80=E0=B8=9B=E0=B8=B4=E0=B8=94=E0=B9=83=E0=B8=99 Canva https://=

www.canva.com/design/DAHJAKUnPbc/share?invite=3DwB2dpOLL6nkXw_QuJZHMMA&acce=

ssToken=3DH3DFPfdAWVf_rWAZYzGuRQ&utm_campaign=3Ddesignshare&utm_medium=3Dem=

ail&utm_source=3DshareButton=C2=A0=20

=C2=A0

=C2=A0

=C2=A0

=E0=B8=84=E0=B8=B8=E0=B8=93=E0=B9=84=E0=B8=94=E0=B9=89=E0=B8=A3=E0=B8=B1=

=E0=B8=9A=E0=B8=AD=E0=B8=B5=E0=B9=80=E0=B8=A1=E0=B8=A5=E0=B8=89=E0=B8=9A=E0=

=B8=B1=E0=B8=9A=E0=B8=99=E0=B8=B5=E0=B9=89=E0=B9=80=E0=B8=99=E0=B8=B7=E0=B9=

=88=E0=B8=AD=E0=B8=87=E0=B8=88=E0=B8=B2=E0=B8=81=E0=B8=84=E0=B8=B8=E0=B8=93=

=E0=B8=A1=E0=B8=B5=E0=B8=9A=E0=B8=B1=E0=B8=8D=E0=B8=8A=E0=B8=B5 Canva =E0=

=B8=AD=E0=B8=B5=E0=B9=80=E0=B8=A1=E0=B8=A5=E0=B8=99=E0=B8=B5=E0=B9=89=E0=B9=

=84=E0=B8=A1=E0=B9=88=E0=B9=83=E0=B8=8A=E0=B9=88=E0=B8=AD=E0=B8=B5=E0=B9=80=

=E0=B8=A1=E0=B8=A5=E0=B8=81=E0=B8=B2=E0=B8=A3=E0=B8=95=E0=B8=A5=E0=B8=B2=E0=

=B8=94=E0=B8=AB=E0=B8=A3=E0=B8=B7=E0=B8=AD=E0=B8=AD=E0=B8=B5=E0=B9=80=E0=B8=

=A1=E0=B8=A5=E0=B8=AA=E0=B9=88=E0=B8=87=E0=B9=80=E0=B8=AA=E0=B8=A3=E0=B8=B4=

=E0=B8=A1=E0=B8=81=E0=B8=B2=E0=B8=A3=E0=B8=82=E0=B8=B2=E0=B8=A2 =E0=B8=99=

=E0=B8=B5=E0=B9=88=E0=B8=84=E0=B8=B7=E0=B8=AD=E0=B8=AA=E0=B8=B2=E0=B9=80=E0=

=B8=AB=E0=B8=95=E0=B8=B8=E0=B8=97=E0=B8=B5=E0=B9=88=E0=B8=AD=E0=B8=B5=E0=B9=

=80=E0=B8=A1=E0=B8=A5=E0=B8=99=E0=B8=B5=E0=B9=89=E0=B9=84=E0=B8=A1=E0=B9=88=

=E0=B8=A1=E0=B8=B5=E0=B8=A5=E0=B8=B4=E0=B8=87=E0=B8=81=E0=B9=8C=E0=B8=A2=E0=

=B8=81=E0=B9=80=E0=B8=A5=E0=B8=B4=E0=B8=81=E0=B8=81=E0=B8=B2=E0=B8=A3=E0=B8=

=AA=E0=B8=A1=E0=B8=B1=E0=B8=84=E0=B8=A3 =E0=B8=84=E0=B8=B8=E0=B8=93=E0=B8=

=88=E0=B8=B0=E0=B9=84=E0=B8=94=E0=B9=89=E0=B8=A3=E0=B8=B1=E0=B8=9A=E0=B8=AD=

=E0=B8=B5=E0=B9=80=E0=B8=A1=E0=B8=A5=E0=B8=99=E0=B8=B5=E0=B9=89=E0=B9=81=E0=

=B8=A1=E0=B9=89=E0=B8=A7=E0=B9=88=E0=B8=B2=E0=B8=84=E0=B8=B8=E0=B8=93=E0=B8=

=88=E0=B8=B0=E0=B8=A2=E0=B8=81=E0=B9=80=E0=B8=A5=E0=B8=B4=E0=B8=81=E0=B8=81=

=E0=B8=B2=E0=B8=A3=E0=B8=AA=E0=B8=A1=E0=B8=B1=E0=B8=84=E0=B8=A3=E0=B8=A3=E0=

=B8=B1=E0=B8=9A=E0=B8=AD=E0=B8=B5=E0=B9=80=E0=B8=A1=E0=B8=A5=E0=B8=81=E0=B8=

=B2=E0=B8=A3=E0=B8=95=E0=B8=A5=E0=B8=B2=E0=B8=94=E0=B8=82=E0=B8=AD=E0=B8=87=

Canva =E0=B9=81=E0=B8=A5=E0=B9=89=E0=B8=A7=E0=B8=81=E0=B9=87=E0=B8=95=E0=

=B8=B2=E0=B8=A1 =20

=C2=A0

=C2=A0

=E0=B8=AA=E0=B8=A3=E0=B9=89=E0=B8=B2=E0=B8=87=E0=B8=82=E0=B8=B6=E0=B9=89=E0=

=B8=99=E0=B9=80=E0=B8=9E=E0=B8=B7=E0=B9=88=E0=B8=AD=E0=B8=84=E0=B8=B8=E0=B8=

=93=E0=B8=94=E0=B9=89=E0=B8=A7=E0=B8=A2=E0=B8=88=E0=B8=B2=E0=B8=81 Canva

Canva Pty Ltd, 110 Kippax St, NSW 2010, Australia

ABN 80 158 929 938 | Privacy Policy https://www.canva.com/policies/privacy-=

policy/

Thai Language Canva Phish from Amaczon Part 1

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 13:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL4mY-00000000Ifx-0NRw

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 13:53:14 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 13:53:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from a76-100.smtp-out.amazonses.com ([54.240.76.100]:49859)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <0100019e033a8daa-890f8f2b-cacc-4d9f-a88e-4e28d3fa613b-000000@mail.canva.com>)

id 1wL1QJ-000000005zs-05gN

for doctor@doctor.nl2k.ab.ca;

Thu, 07 May 2026 10:18:11 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=ypmurnb6l4uw7ik4ed3bnk2reh4kqpqm; d=canva.com; t=1778170629;

h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe-Post:List-Unsubscribe;

bh=2P4NMzfmrLHbtN90ErxV4NbJehd7CHHe/nniDzSXTKw=;

b=o4Wk1oB8hrj6jUNq5waLrGoQtrGrApsanmkIANoEyciNvcJZ84QcnX4yhszxSMHz

mbwA2ws0BPafz/OvBk5B7/iHmndnNIyzNjt4BBMqLN5DLtPbJCAVE2Y0kwtWeDde821

nRWiR85JOpEvCgw5SiCq3wWE3S3kJiUH2CfwtgUY=

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1778170629;

h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe-Post:List-Unsubscribe:Feedback-ID;

bh=2P4NMzfmrLHbtN90ErxV4NbJehd7CHHe/nniDzSXTKw=;

b=Zr0WIeOK6zPRGaN7WAmaQtgEUPaf0iusCCdilrbqqo6ZX1ogZti9Pmd3Kz4NAOFW

g2Z0sT84nfOE+32mSRin+rqwwhQQrs48gdTEXyKniPHrFDmm2W0jqCEdIa5zfyK48nQ

DwQQVLQ1W6fEXUH8IODL8HcpzZX62H1CZ6HvsMAY=

Date: Thu, 7 May 2026 16:17:09 +0000

From: =?UTF-8?B?4Lic4Li54LmJ4LmD4LiK4LmJIENhbnZh?=

To: doctor@doctor.nl2k.ab.ca

Message-ID: <0100019e033a8daa-890f8f2b-cacc-4d9f-a88e-4e28d3fa613b-000000@email.amazonses.com>

Subject: =?UTF-8?B?4LiU4Li14LmE4LiL4LiZ4LmM4LiX4Li14LmI?=

=?UTF-8?B?4LmB4LiK4Lij4LmM4LiB4Lix4Lia4LiE4Li44LiT?=

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_Part_1405281_319353436.1778170629532"

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Unsubscribe:

Feedback-ID: tem_01e0br4wrepyfn6getyc5tz3h6::1.us-east-1.DcdLQsUfV4bQ5Js81yJ5zbYh1g1N/Fje4R2eTpK5fRw=:AmazonSES

X-SES-Outgoing: 2026.05.07-54.240.76.100

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: à¸¡à¸µà¸”à¸µà¹„à¸‹à¸™à¹Œà¸–à¸¹à¸à¹à¸Šà¸£à¹Œà¸à¸±à¸šà¸„à¸¸à¸“à¹‚à¸”à¸¢

swp30000@swp.ï»¿ac.ï»¿th à¸„à¸¸à¸“à¸£à¸¹à¹‰à¸ˆà¸±à¸à¸„à¸™à¸™à¸µà¹‰à¸¡à¸±à¹‰à¸¢?
à¸„à¸³à¹€à¸Šà¸´à¸

Canva à¸™à¸µà¹‰à¸¡à¸²à¸ˆà¸²à¸à¸„à¸™à¸—à¸µà¹ˆà¸„à¸¸à¸“à¸à¸²à¸ˆà¹„à¸¡à¹ˆà¸£à¸¹à¹‰à¸ˆà¸±à¸

à¸£à¸°à¸§à¸±à¸‡à¸ˆà¸°à¸– [...]

Content analysis details: (5.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[54.240.76.100 listed in dnsbl.ahbl.org]

[54.240.76.100 listed in dnsbl.ahbl.org]

[54.240.76.100 listed in dnsbl.ahbl.org]

[54.240.76.100 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[54.240.76.100 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[54.240.76.100 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[54.240.76.100 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[54.240.76.100 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

[54.240.76.100 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[54.240.76.100 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[54.240.76.100 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

2.0 GR_DOMAIN_AMAZON1 Received contains spam friendly host (amazon)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?UTF-8?B?4LiU4Li14LmE4LiL4LiZ4LmM4LiX4Li14LmI?=

=?UTF-8?B?4LmB4LiK4Lij4LmM4LiB4Lix4Lia4LiE4Li44LiT?=

Geek Squad Phish from Microsoft Outlook Part 3

Posted by Dave Yadallee on Thursday, May 7. 2026

Content analysis details: (11.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.12.8 listed in dnsbl.ahbl.org]

[40.93.12.8 listed in dnsbl.ahbl.org]

[40.93.12.8 listed in dnsbl.ahbl.org]

[40.93.12.8 listed in dnsbl.ahbl.org]

[209.85.221.74 listed in dnsbl.ahbl.org]

[209.85.221.74 listed in dnsbl.ahbl.org]

[209.85.221.74 listed in dnsbl.ahbl.org]

[209.85.221.74 listed in dnsbl.ahbl.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.12.8 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.12.8 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.12.8 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.12.8 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[209.85.221.74 listed in will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:292:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

[40.93.12.8 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.12.8 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

1.0 HK_RANDOM_FROM From username looks random

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.12.8 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.12.8 listed in wl.mailspike.net]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.3 LONGWORD BODY: Uses overlong words

0.1 TW_RW BODY: Odd Letter Triples with RW

0.1 TW_GW BODY: Odd Letter Triples with GW

0.6 MEGALONGWORD BODY: Uses really overlong words

0.1 TW_VG BODY: Odd Letter Triples with VG

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.1 TO_IN_SUBJ To address is in Subject

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Subscription_Renewal_Confirmation_=2D_Geek_?=

=?UTF-8?Q?Squad_Protection_=40_=C5=A1t_7=2E_m=C3=A1j_2026_=28cynthiaperez389903=40grou?=

=?UTF-8?Q?ps=2Eoutlook=2Ecom=29?=

Geek Squad Phish from Microsoft Outlook Part 4

Posted by Dave Yadallee on Thursday, May 7. 2026

Haresasz Nxysarwsa has invited you to Subscription Renewal Confirmation – Geek Squad Protection

Title: Subscription Renewal Confirmation – Geek Squad Protection

Location: https://meet.google.com/fys-vgwn-yza

When: May 7, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,

We appreciate your continued trust in Geek Squad Protection Services. Your membership for the 365 Premium Security Plan has been renewed successfully for the next 3 years.

The renewal amount of $249.99 will be deducted from your registered billing method shortly, and it may take up to 24 hours for the transaction to appear on your statement.

Subscription Information:

Service Plan: 365 Premium Security Plan

Coverage Duration: 3 Years

Renewal Charge: $249.99

If you believe this renewal was made in error or would like to cancel the subscription before processing is completed, please contact our billing department immediately at +1 802 252 5593.

Thank you for choosing Geek Squad Protection Services.

Best Regards,

Geek Squad Billing Team

-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Pripojiť sa cez Google Meet: https://meet.google.com/fys-vgwn-yza

Viac o službe Meet sa dozviete na https://support.google.com/a/users/answer/9282720

Túto sekciu neupravujte.

-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Attendees:

cynthiaperez389903@groups.outlook.com

Subscription Renewal Confirmation – Geek Squad Protection

Pripojiť sa cez Google Meet – Dear Customer, We appreciate your continued trust in Geek Squad Protection Services. Your membership for the 365 Premium Security Plan has been renewed successfully for the next 3 years. The renewal

Pripojiť sa cez Google Meet

Odkaz na stretnutie

meet.google.com/fys-vgwn-yza

Dear Customer,

We appreciate your continued trust in Geek Squad Protection Services. Your membership for the 365 Premium Security Plan has been renewed successfully for the next 3 years.

The renewal amount of $249.99 will be deducted from your registered billing method shortly, and it may take up to 24 hours for the transaction to appear on your statement.

Subscription Information:

Service Plan: 365 Premium Security Plan

Coverage Duration: 3 Years

Renewal Charge: $249.99

If you believe this renewal was made in error or would like to cancel the subscription before processing is completed, please contact our billing department immediately at +1 802 252 5593.

Thank you for choosing Geek Squad Protection Services.

Best Regards,

Geek Squad Billing Team

Kedy

štvrtok 7. máj 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno

Nie

Možno

Ďalšie možnosti

Pozvánka z Kalendára Google

Túto správu ste dostali, pretože ste účastníkom danej udalosti.

Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Geek Squad Phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?THQrRkZaY0RrUlRRSHRqd0xPVHFuRnM4NUtjWHlFL2Y0Rk83ZjFMdUpvdVYr?=

=?utf-8?B?MHpCTm53WFFsclk2cFMwUXpkRXg5czZEdzZBK3ZPQzBndU9QanNWc2o1MWpj?=

=?utf-8?B?WFczZHBLWnFuTStLanpEWWUwT3k1QjROMjBtWnNscTF5OWhlSFB0OEd2ZHlm?=

=?utf-8?B?ZEZDbkgrbERvOWUrbFJTUHE1akJvNjBZYi9MZUdiUFo4a1Z4UkpieG5xWllG?=

=?utf-8?B?cS9TUHkyOUc4aHN0RkpRVzZraWxLVkdrcnNzeC9MNWJCdHU4L3VDMlNXMlVr?=

=?utf-8?B?dXlTaCtmYmcyZDdwNVlXZnVlbGc1dzFlNTI2M04vWGc4dy9PQkR1TTZ5Zm5p?=

=?utf-8?B?R0NJaHpUdzBrVnhuS1FSaytLb0Y3dkNIYW9hemVuZUtpT0ZDWnQyam52Skt2?=

=?utf-8?B?TnZTMEhONURDV1EwUnU5QlExY3NLT05kaFIvVzhRQ0o1M2dvelU0VTRFVzNS?=

=?utf-8?B?Y0tjMWtUYnp2dk9BYm5XSStOQzdLK0RNenpjM3lqajIwbHhEY2J1dDkzaW1M?=

=?utf-8?B?QTBiNDlKRFdMRGEvdzJySndnQnBRaXNFQzlGN0Vtd2owMFhrTWt2OXhGYVNU?=

=?utf-8?B?QW1JdHQwaU12MEpzb0lmN2FKaE9GZUdUQktnUnVLSWx2MkVsWVh5TTMyaWV6?=

=?utf-8?B?dVNkemJ4Q1djR2FxZTByM05NK2ZXK1RSaCt1TitGV0xockpmTWFYT3g5VEF6?=

=?utf-8?B?NnFuZUNJMEVtbTFqSnJ5T05uYkwyZzlNdy83dkYyc1I0UVIvYU90SWllWHF1?=

=?utf-8?B?RmxZUVNTZjZGVU8zWTJoMlJEcUEvaDZtZFE3SmZhSTVCUXRaRXNkc1RMd0VT?=

=?utf-8?B?YkYzWEtSL1RDSDlLQUdYQ2ZQTWhzbnhrQjZ4Q09KQ0ZlT3Z1aUhRbWxOdVMr?=

=?utf-8?B?RmlJamVTeXc0OXVtNkdFMTdjRnBrY1JhcHNmMDBRb2xvbTFvbTlYKy9FdnV4?=

=?utf-8?B?U0I5YWp3V1A2ZzBRTUxmM1g2MVdEQmQ5ZDRJaE1xODVKcHhyaGVtSHh4Y3pp?=

=?utf-8?B?cWgrcmpHc3RwOWMveDBZdGk1THo1N2JaODVWbE5DZUJvZmxHZS9uUUloRjd0?=

=?utf-8?B?VUxtcHlaeWN6NUtZY3VXRjM4QmNOSWd2ZGd2eHpCTTZjTWxBdTlEeEZhWTY3?=

=?utf-8?B?SzJzWW9EaXhjQTFRY1lwVkZub1dXeHNOS0x5bFBmVnNCVklyN2llRnhkZnN4?=

=?utf-8?B?azd5OWQxTUNEK2gxVENKYjQrTTRPYjRkMjVkR08xZkc1S25zUS85NVloSlpN?=

=?utf-8?B?R1dlaGxJTkNLN3p4NDhBZ1pvWlBRTURFMkxjNnNQek91SjAwdmNrWk1CalNZ?=

=?utf-8?B?c01uRWx4dzZOMEhJVThQenVkQmFLekJNMHB3YnFGSFpsTFJSdFpCWG5mSGN1?=

=?utf-8?B?UHRDMzh2bnY0d3ppMkEyZ2c2Mk5CSWd3TGF0aXlaL2VwdmhtejQvNDJCZklo?=

=?utf-8?B?YkNEQStyZVozNzQ4blRJb2t5WEpOL1ZzdWo2MnVlOVJsNFZySlZvY1RSOEdv?=

=?utf-8?B?U0JNSFlydnl2TlBNUDNLZ0N4R3RJYXUwcVVKZnFqVW5jQlJUYjJaRjUrK3Yr?=

=?utf-8?B?dFNVUTVlZm9WaDJWa2JFWnB4Rlp6K3VUR3hBQ3dXME5KeEs4Ujh2MERMN2sy?=

=?utf-8?B?d1dKV3FJSEs0d0hIdkVTOEdzUklyeDdKeEU0bjlhU096YUxSN3Zrb0RmaUhI?=

=?utf-8?B?UFhVZUV5L00zY3MyOG92eDRzVFBwU0VwU2QydlRiazF6RFViQkdDd1pZWmpk?=

=?utf-8?B?d0V1b0x5R1BvaXZlTjl6TWVLSEppaFlvbUZLZDhGcDYvS2U0SWs4NkVSMEpa?=

=?utf-8?B?V2gxSFh1bEhqSGFzbFhvSFNuMWVhSWw1cHpaMTVrKzByZnVkMlg1TzJDS0tW?=

=?utf-8?B?K1dCdzNJOUxDMGxVL0dZYXlIU21FdDdBTm9ITGpid2RSeVdYSVJBaUE5SmE5?=

=?utf-8?B?SzhsRk9yNmdFTEUrRkIzMnNCUUsxd1pxWHF5aWhqMW9qTEhic1pSL0NiNGdG?=

=?utf-8?B?ZnAzY3ZnN3NpRit5UHZoY0NKOFZHbTRTRUJtbVlhbFpyUWxEVG5VK1pXbFRp?=

=?utf-8?B?akVnZGUyOWdTbTFVbWhxOHNyRE9VOGpBN29tRlRTNEdUcFgybnYrdjEzelJS?=

=?utf-8?B?Q2tzRFo0V2EyY0FXdEpvcDRLZ2VIbEdEaFFieUxwRExWOXA3NnlMdlF3MTQ2?=

=?utf-8?B?NjZKK0habVRrRnh3b2tmNHZ4R0lrMFUraU1MWmZmNlZTbmtoSmlnZmVHNGQ5?=

=?utf-8?B?N0lVNlpSaVRvYzJUMGRPTU1ETDRlUUVnb2x6bVQvZW5YUm1aenhkZ1ZHLzdt?=

=?utf-8?B?Qk8vTTYzcEtBbXJEOWg0Ym41MzVjSVpmZTFDcjBsZEVsQlg3MUs3N3QvOHBp?=

=?utf-8?B?VnZGenZRZnlKMHNDWVdscFZ4WFdMeU16aTg2TjlXM3FSZzR4TlJnb252dnY4?=

=?utf-8?B?bmZlS2dIMXIvL1ZtbEx4OE4xSEdpOG9ZSEZLQmZUU2Z1eHV5YndYT1JNWXNB?=

=?utf-8?B?enJrb0FiaDU1MGNFNFZvUzlmWkljbkxMWXJmT1VQQWtNKzhvQ0kzQ3oxMWs5?=

=?utf-8?B?bGFVcldDdmpYTGp3OVZvWnNUNWpEM1VvWnVKcitHNFRjbG0yNXJPdnpSM0d2?=

=?utf-8?B?QVhWcU4yeUJ5a3NCYmc5bG1TZ3crdlh4RDNSZWt2enRWN0JOT3EzRW9sNzV1?=

=?utf-8?B?OThGWlk0VGNwSDNJMjlXSmNVbExILzZINkNjRmQ2U1VKMjdicXYxU1J2eFM1?=

=?utf-8?B?YnFubUlzU2tSK0NCN0hMSGtZeGlUWmQ1c1crc2JBenNCZ1dTZkJEYlpqM05K?=

=?utf-8?B?YU1XWjdWMFZJa2dlN2NDU1dSS0JpT0ZHLzVwb0J4VkVEdXNKcmU0Sy9hQ0J6?=

=?utf-8?B?VHlXcDZhalVETEx3dlJIOGZIQUg0MWZFTHgwcHlpZ1FSWDVlTDdQdWZUck5l?=

=?utf-8?B?c2k0L2ZtaXRKbzgyT2lmS2Z0emZEeVRNak9aV3Q2N1c3UjIyc1BmcEFyeWQx?=

=?utf-8?B?c3ZaOW41WlErMW5MakRSSUNoeC9SblhlK0VYeG8ycUR2VDczbkFsUjJHR3hh?=

=?utf-8?B?V1JlK0ZZTit4TXVnPT0=?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 May 2026 16:39:09.8914

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 9d457af0-0897-4458-b0ba-08deac5729f0

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: AM3PEPF0000A794.eurprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR18MB5033

X-Spam_score: 11.5

X-Spam_score_int: 115

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Subscription Renewal Confirmation â€“ Geek Squad Protection

Å¡tvrtok 7. mÃ¡j 2026 PripojiÅ¥ sa cez Google Meet https://meet.google.com/fys-vgwn-yza?hs=224

Dear Customer,

Geek Squad Phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 13:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL4mo-00000000Ihb-19uE

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 13:53:30 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 13:53:30 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastus2azlp17011008.outbound.protection.outlook.com ([40.93.12.8]:11997 helo=BN8PR05CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL1ln-000000007ix-0jSj

for doctor@doctor.nl2k.ab.ca;

Thu, 07 May 2026 10:40:27 -0600

Received: from CW1P123CA0022.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:292::13)

by MW4PR18MB5033.namprd18.prod.outlook.com (2603:10b6:303:1b8::17) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.18; Thu, 7 May

2026 16:39:10 +0000

Received: from AM3PEPF0000A794.eurprd04.prod.outlook.com

(2603:10a6:400:292:cafe::a5) by CW1P123CA0022.outlook.office365.com

(2603:10a6:400:292::13) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.20.9891.17 via Frontend Transport; Thu,

7 May 2026 16:39:09 +0000

Authentication-Results: spf=pass (sender IP is 209.85.221.74)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.221.74 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.221.74; helo=mail-wr1-f74.google.com; pr=C

Received: from mail-wr1-f74.google.com (209.85.221.74) by

AM3PEPF0000A794.mail.protection.outlook.com (10.167.16.123) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9891.9

via Frontend Transport; Thu, 7 May 2026 16:39:09 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:5099C10017152062934CF62A3378BD971DC856670924E2350AFC5857060B853F;UpperCasedChecksum:BB5C06D8FE324B27EF356B36297845BC08356305F15A69C699C1EF29801F43FF;SizeAsReceived:3421;Count:15

Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-44a122a5128so845535f8f.0

for ; Thu, 07 May 2026 09:39:09 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1778171949; x=1778776749; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=Fdqip5EXI7TLINs0Gk5fJVwECba3V6CjBMm8ETqUIM0=;

b=OiUlwRl/CM8sPdbhZVwiAjO5PTOHtjN+ynRioeM6Csi8mPP1KoKRu1eHkZygkYZkPs

8PSASFL0sBKMNsraDBzbBKuOOYzA7MA3CXCrtK5aMBIF2Up+NDl+UybR8+GBJK8Ybzd5

1jtInVnodtRlxOmiRyIkm7VIu30SFu9mZnIOCG61B6hQnbsfqsaRlYEZeeSOuxORWUuw

Mm332pOxoMahJk+Mn/aUUqoRR/gKgRG4EotptIFxzZhOgJolnowuTl+M81UrM1anXD/w

lR6noU6OKf4LmqcybSh88RVWROYPAKSHDOnYxoti1xpUIrpVmIxcrUPUK4Q/E0WUjtvx

XCsg==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1778171949; x=1778776749; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=Fdqip5EXI7TLINs0Gk5fJVwECba3V6CjBMm8ETqUIM0=;

b=s4kGdidbY7p0XaB/ZPFYvD9wtnRvxHBDJr4zjUCUUUwtWJkyFUCnqnmlPdfi8QhcfT

HTxg+4/wmtlUHeSLNTBXJWW869G+fCtiZwSpp/fvfSpcgyuiO411pcIPgAYG1eLH35j3

bOjRElroK35cbCx0pVBgd4ZoG+84gOrF1VTERk4hFZEMNRw45NRv4VIsfd6cR+x8W7ur

oQIWY1sDrA/yPomacrFlVW8GuUXYDd/GXkVKlL1RA7ROsJ3/vZoPtZIlnu9mm2Ivjwmd

UcOQuDcT57++zSPP5FDmsRBuww9aQko2ZOEzqv149A108AwM8SGYjlz/LQdT0ygCnZgb

8BwQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1778171949; x=1778776749;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Fdqip5EXI7TLINs0Gk5fJVwECba3V6CjBMm8ETqUIM0=;

b=oujuhr55a8EI89mVtJq20jvmeT3tgPW0l18aKstTLWunhOkZmHpapHlQNpEBbzQSKQ

pZxL8Hy5H6zChokamrVA/cvYaNHyTi2iRtOXQcB1Gj/zpSCk9NO28FDUkZ7lWUlxCLOo

y1MoE61MA5Vh6nwEBeXyxTOJPrSFTFOa9q1lDtsactC2nrDNoSIksDZHjQ8CKHtbIgiX

Aao2HdzuEvbLevC8oPwymmGP7Pj3I7TZ0XvYU9yjdx4YU5jr2/rq/pJo/Km5Bh269n0E

NjGDx1dad1g0dAnt/mV+Vq99XHNmqQYYVpGoyurqutNQJNIBNwZtut05Yc5yGeYImOSf

8wEw==

X-Gm-Message-State: AOJu0YyFa8QiN3JAPMGog2zLEc3Ze2zf8YflzjuLMfjoCovzsXn/146m

sDHLKcNcttmrKBNnOU1hmA+V5+aowaNtYFY/jL3qFS6dlrH+wO0wAyfQ9aHje298ELLvekBfub0

GbB9nWOr8ptiSeHYPbFyxCk33L8fUewt2f5s=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:6095:b0:485:39b2:a47c with SMTP id

5b1f17b1804b1-48e51f48352mr142397145e9.25.1778171949500; Thu, 07 May 2026

09:39:09 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Thu, 07 May 2026 16:39:09 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Subscription_Renewal_Confirmation_=2D_Geek_?=

=?UTF-8?Q?Squad_Protection_=40_=C5=A1t_7=2E_m=C3=A1j_2026_=28cynthiaperez389903=40grou?=

=?UTF-8?Q?ps=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="0000000000006652c106513ceb0a"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AM3PEPF0000A794:EE_|MW4PR18MB5033:EE_

X-MS-Office365-Filtering-Correlation-Id: 9d457af0-0897-4458-b0ba-08deac5729f0

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.221.74

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|9020799019|26130799012|26000799027|29080799009|9400799043|6019299003|5139299004|51080799003|100100799003|4040799016|1680799066|6092099016|16200799027|3069299007|9000799056|461199028|1370799030|1380799030|1360799030|1602099012|440099028|3412199025|4302099013|2145499017|30041999003|26104999009;

CBS / Paramount Phish from Google Gmail

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 13:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL4n3-00000000Iia-3pm4

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 13:53:45 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 13:53:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from notify.vobie.mobi ([34.168.17.114]:63746)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wL2JV-00000000AhY-3QM4

for root@doctor.nl2k.ab.ca;

Thu, 07 May 2026 11:15:15 -0600

Received: from ec2-52-40-185-211.us-west-2.compute.amazonaws.com ([52.40.185.211] helo=[127.0.0.1])

by notify.vobie.mobi with esmtpa (Exim 4.92)

(envelope-from )

id 1wL2Ij-0004CM-Bu

for root@doctor.nl2k.ab.ca; Fri, 08 May 2026 01:14:17 +0800

Content-Type: multipart/mixed; boundary="===============7483429206826906490=="

MIME-Version: 1.0

From: Vobile Compliance

To: root@doctor.nl2k.ab.ca

Subject: Notice of Claimed Infringement - Case ID 42a4300cb130e7cd642f

Reply-To: p2p@copyright-notice.com

X-Originator: p2p@copyright-notice.com

Message-Id: d6720824-eddb-4e2b-8fe9-5540ae4a22fc@copyright-notice.com>

X-Mail-From: p2p@copyright-notice.com

X-Message-ID: d6720824-eddb-4e2b-8fe9-5540ae4a22fc@copyright-notice.com>

X-Notice-ID: 42a4300cb130e7cd642f

Auto-Submitted: auto-generated

Date: Fri, 08 May 2026 01:14:17 +0800

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Notice ID: 42a4300cb130e7cd642f

Notice Date: 2026-05-07T17:14:17Z WorldGate

Content analysis details: (6.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.168.17.114 listed in dnsbl.ahbl.org]

[34.168.17.114 listed in dnsbl.ahbl.org]

[34.168.17.114 listed in dnsbl.ahbl.org]

[34.168.17.114 listed in dnsbl.ahbl.org]

[52.40.185.211 listed in dnsbl.ahbl.org]

[52.40.185.211 listed in dnsbl.ahbl.org]

[52.40.185.211 listed in dnsbl.ahbl.org]

[52.40.185.211 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.168.17.114 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.168.17.114 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.168.17.114 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.168.17.114 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[52.40.185.211 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

[34.168.17.114 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.168.17.114 listed in bl.score.senderscore.com]

0.3 LONGWORD BODY: Uses overlong words

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

1.2 INVALID_MSGID Message-Id is not valid, according to RFC 2822

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

0.1 PDS_BTC_ID FP reduced Bitcoin ID

Subject: {SPAM?} Notice of Claimed Infringement - Case ID 42a4300cb130e7cd642f

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Notice ID: 42a4300cb130e7cd642f

Notice Date: 2026-05-07T17:14:17Z

WorldGate

Dear Sir or Madam:

I certify under penalty of perjury that I am authorized to act on behalf of the Paramount Global companies CBS Broadcasting Inc., CBS Studios Inc., Paramount Pictures Corporation, Showtime Networks Inc., Viacom International, Inc., Black Entertainment Television LLC, and other Paramount Global subsidiaries and affiliates (collectively, the “Rights Owners”), the owners of certain exclusive intellectual property rights in the copyrighted work(s) identified in this notice. I have a good faith belief that the information in this notice is accurate.

We have become aware that the below IP addresses have been using your service for distributing video files, which contain infringing video content that is exclusively owned by the Rights Owners.

We have a good faith belief that the Rights Owners’ video content that is described in the below report has not been authorized for sharing or distribution by the copyright owner, its agent, or the law. Such copying and use of this material constitutes clear infringement of the Rights Owners' rights under the Copyright Act and its counterpart laws around the world.

We are requesting your immediate assistance in removing and disabling access to the infringing material from your network. We also ask that you ensure the user and/or IP address owner refrains from future use and sharing of the Rights Owners’ materials and property.

In complying with this notice, you should not destroy any evidence that may be relevant in a lawsuit relating to the infringement alleged; including all associated electronic documents and data relating to the presence of the infringing items on your site, which shall be preserved while disabling public access, irrespective of any document retention or corporate policy to the contrary.

Nothing in this letter shall be construed as a waiver or relinquishment of any right, remedy, or claims possessed by the Rights Owners, or any affiliated party, all of which are expressly reserved.

Should you have any questions, please contact me at the information below.

Ben Sodos

Vobile, Inc.

Address: 2880 Lakeside Drive, Suite 200

Santa Clara, CA 95054, United States

Email: p2p@copyright-notice.com

408.217.5026

42a4300cb130e7cd642f

Open

Normal

Paramount Global

Vobile - Compliance

2880 Lakeside Drive, Suite 200

Santa Clara, CA 95054

+1 (408) 492 1100

p2p@copyright-notice.com

WorldGate

root@doctor.nl2k.ab.ca

2026-05-07T17:14:10Z

204.209.81.1

51378

BitTorrent

1

2026-05-07T17:14:10Z

The Neighborhood

The.Neighborhood.S02.1080p.WEBRip.x265-RARBG

7829052900

ba77ead3142d266b9eb0f7586ca58d81fa19b09b

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJp/MhpAAoJEN5LM3Etqs/WD4cH/RYy9bzTnyB3lKCZZatpMKlC

OqgIT9ktDSetDU/rimhPffOn1IO9AflbG6Cyv5ai76RtBVtUxj/sHijWCczq567z

EWKIH2wThaY3Hmmf5NKnwj7Q2z8mI+3peVoc8PG4iFmu1pSPJXvBLnv1qFJHq/nk

6qno4IzCfn52f2iek61UtyJ5ewv8Yas2S5YDMJ/kHCBWD4HVagWAMld4J7KNPO7d

083gipfEt4GKSG5dGJGe3Jt3N1yFAfSScqqy8WmBQdPh6AHVAnlTdNVG+h1tTlV+

528eb3Ai9VUTnWPfPykpWM046bOtCYrCxWV23zOcO9Dbyujj6TBNb0Dedpd537g=

=oGlm

-----END PGP SIGNATURE-----

er=20

border=3D0>

=3Dcenter=20

border=3D0>

TD>

src=3D"https://www.bnc.ca/content/dam/bnc/formulair=

es/modele-courriel/icon-facebook-25x25.gif"=20

width=3D25 height=3D25>

National Bank Phish from Sendgrid PArt 1

Posted by Dave Yadallee on Thursday, May 7. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 May 2026 06:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKxf1-000000008SK-1R5f

for dave@doctor.nl2k.ab.ca;

Thu, 07 May 2026 06:16:59 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 May 2026 06:16:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.wfbtzhsw.outbound-mail.sendgrid.net ([159.183.224.105]:17950)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKxKB-00000000EzT-3EPn

for doctor@netknow.ca;

Thu, 07 May 2026 05:55:31 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zh-info-mktiyu.com;

h=list-unsubscribe:list-unsubscribe-post:from:subject:date:to:

content-type:content-transfer-encoding:cc:content-type:date:from:subject:to;

s=s1; t=1778154872;

bh=hZCz4eO6e5MX7s0IQ7O3qrmKVcxeKQuCrNuB9DfUH0k=;

b=SVl+Np4Sa5NE8/zGR/yjTytsWhRAN2X7BIDt3d/XgaRGq3WdONPw/cRuJJqbzeQtyb9e

yihTSh2xTeHzsaWJOiE01bfrWXOPeiW0cPBZTlwz5BmvMfg7DkhBT4s3fXNHOhMcyepL5Y

SklHhLPXDksUavkJB/X+cTRPnwza1WPwKxh2HtdqyAXlCxpODxTby4TvGf3DvxBfLp7s3/

LWXC0wV/0u3LzGCdZ8BUmvbl86g6bw6CSVQumZJdUzF1ETTR0VGpnEiOwzFYPgt+I6VQ/z

GGNSqzdqdxudlOU8AjofjdhkAD54631F0vnsgEQiawn0hM9fc7oo+Hh7T3SYGBhw==

Received: by recvd-canary-8df78fc55-887j2 with SMTP id recvd-canary-8df78fc55-887j2-1-69FC7D78-17

2026-05-07 11:54:32.496912256 +0000 UTC m=+742872.801977485

Received: from chuangmeng.net (unknown)

by geopod-ismtpd-20 (SG) with ESMTP

id di2KQhtjSfC49LyXCoqcLQ

for ;

Thu, 07 May 2026 11:54:32.354 +0000 (UTC)

X-Priority: 5

X-Mailer: Apple Mail (2.3445.9.1)

List-Unsubscribe:

List-Unsubscribe-Post: List-Unsubscribe=One-Click

From: National Bank Direct Brokerage

Subject: Compliance Verification Update

Message-ID: <542b386385e883de790c3ec605351e09@zh-info-mktiyu.com>

Date: Thu, 07 May 2026 11:54:32 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2EqSrTYuf+buIuYTIRkkJ60PaCuK8FLEKUxWjcziMBe29vlItGCdu71=2FBuH?=

=?us-ascii?Q?7huuoZ3F6oE7l56gCfGkHNzwD+8zO+9NH0g4fdE?=

=?us-ascii?Q?U9JZzRSkPVbKCLdP+pZXEGN9QexGqJUpsjQfhBe?=

=?us-ascii?Q?TDlMq9LEUKiSvAK9dK5RIwV+azYZNvn0xDV11Nw?=

=?us-ascii?Q?=2FGDFSd+Mp9EX53hi4SWoT+rCBmiSRpCOPvVcwz3?=

=?us-ascii?Q?RXcavuLFqiQ7fp4obV3OKVz83Y3JwpwsI6JgXnx?=

=?us-ascii?Q?xnFdANl2TCidLa+CfLZTJGRImA=3D=3D?=

To: doctor@netknow.ca

X-Entity-ID: u001.EgAWfq/KHWaYWE8dhB1RNg==

Content-Type: text/html; charset=iso-8859-1

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 23.9

X-Spam_score_int: 239

X-Spam_bar: +++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Compliance Verification Update MESSAGE CONFIRMATION Compliance

Verification Update

Content analysis details: (23.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Compliance Verification Update

Compliance Verification Update

0>

style=3D"FONT-SIZE: 11px; FONT-FAMILY: Arial,sans-serif,'Open Sans'; CO=

LOR: #666666; PADDING-BOTTOM: 45px; LINE-HEIGHT: 12px"=20

vAlign=3Dtop width=3D600 align=3Dleft>
style=3D"TEXT-DECORATION: underline; COLOR: #666666"=20

href=3D"https://mjjwci7p5dtqvs0y4yk730e.live" target=3D_blank>
style=3D"DISPLAY: block" border=3D0 alt=3D"Button to the BNC website"=

=20

src=3D"https://www.bnc.ca/content/dam/bnc/formulaires/picto/NB_2D_RGB=

.jpg"=20

width=3D217>

der=3D0>

DY>

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	May '26					Forward →
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Archives

Categories

Syndicate This Blog

Blog Administration

Powered by

NetKnow Navigation

Remote RSS/OPML-Blogroll Feed

Error

addthis

Empire Avenue

Error

Error

Error

Syndicate This Blog

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error