chinese products spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 16 Jun 2026 06:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZTNU-00000000FvE-16jx

for dave@doctor.nl2k.ab.ca;

Tue, 16 Jun 2026 06:58:52 -0600

Resent-From: The Doctor

Resent-Date: Tue, 16 Jun 2026 06:58:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out208-123.dm.aliyun.com ([140.205.208.123]:55868)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZQdg-00000000NN1-281J

for root@nk.ca;

Tue, 16 Jun 2026 04:03:33 -0600

X-AliDM-RcptTo: cm9vdEBuay5jYQ==

Feedback-ID: default:vip@vip.ikinginsulation.ltd:vip_edm_WebBatch:410132

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=vip.ikinginsulation.ltd; s=aliyun-cn-hangzhou;

t=1781604148; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;

bh=h1KTnsVehmofLzNl3cKpzRpmtLli0iro9EaOYcblZQo=;

b=I/gu0qfDkaIbQDTEdi+nMftysJtOD1cYIKrjki7XvAwcZMxIlirVmQl6MitIgfqtL1HxhbloPWDoxonAkwPz7rKie8vesGrXLgJfnl3LTm/1fJtZWj4uNJQbf2Fx2jJ6XaPaeiCVtmawu6KRfYkdF7S1MsiRofTwk243B2UHHz4=

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=dm-fbl.aliyuncs.com; s=feedback;

t=1781604148; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;

bh=h1KTnsVehmofLzNl3cKpzRpmtLli0iro9EaOYcblZQo=;

b=1idqRio039ghLDjXMaVNwlN+ljFy6gM+sQaKBQFLLF+vlXN2eInHV0hDh6h3YLwG8zAF8CxZXP3zoVjlxAENjGL3hDNTEAwem8uVZzkkodh0IQ3Py/ZDr2GxSegmuWHJWLdDkVPQSFQYk3AaaeFDVHRKdVdA7YOpO0DT+Kflojk=

Received: from chitu-hsf(mailfrom:vip@vip.ikinginsulation.ltd fp:ma_600000319028314422 cluster:AY35D)

by smtp.aliyun-inc.com(127.0.0.1);

Tue, 16 Jun 2026 17:58:35 +0800

Date: Tue, 16 Jun 2026 17:58:35 +0800

From: "Nancy Yang"

To:

Reply-To:

Message-ID:

Subject: =?UTF-8?B?Q3VzdG9tIFJvY2sgV29vbCBQYW5lbHMgJiBBbGwgQWNjZXNzb3JpZXM=?=

X-Priority: 3

MIME-Version: 1.0

X-EnvId: 600000319028314425

X-AliDM-Settings: eyJPdXRib3VuZElwIjp7IklwTGlzdCI6W10sIklwUG9vbElkIjoiIn0sIlVuc3Vic2NyaWJlIjp7IkZpbHRlckxldmVsIjoiZGVmYXVsdCIsIkxpbmtUeXBlIjoiZGVmYXVsdCJ9LCJWZXJzaW9uIjoiMS4wIn0=

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 6.2

X-Spam_score_int: 62

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi dear, Buying rock wool panels and matching accessories

from different sources often causes installation delays or mismatched sizes.





Content analysis details: (6.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

[140.205.208.123 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[140.205.208.123 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[140.205.208.123 listed in dnsbl.ahbl.org]

[140.205.208.123 listed in dnsbl.ahbl.org]

[140.205.208.123 listed in dnsbl.ahbl.org]

[140.205.208.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[140.205.208.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[140.205.208.123 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[140.205.208.123 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[140.205.208.123 listed in dnsbl.ahbl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[140.205.208.123 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.4 SALES_REPLY Your parents named you sales?

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines

Subject: {SPAM?} =?UTF-8?B?Q3VzdG9tIFJvY2sgV29vbCBQYW5lbHMgJiBBbGwgQWNjZXNzb3JpZXM=?=



Hi dear,

=



"font-size:12px">Buying rock wool panels and matching accessories from differe=

nt sources often causes installation delays or mismatched sizes.


data-path-to-node=3D"11">


a-path-to-node=3D"12">We, IKING GROUP =E2=80=94=

=E2=80=94 provide the custom sandwich panel=

s
ex-in-node=3D"66">and pack all required flashings and =

screws into the exact same container according to your project drawings=

.



span>

Your team =

can start installation immediately upon arrival=E2=80=94no local sourcing, no =

downtime.


>

If=

you have an upcoming steel structure project, simply share your drawings with=

us. We will verify the matching specs and send the complete details back to y=

ou within 1 day.



TSky2/Sandwich-panel-and-Accessaries.jpg" _src=3D"https://i.postimg.cc/QChTSky=

2/Sandwich-panel-and-Accessaries.jpg" referrerpolicy=3D"no-referrer"/>

<=

br/>


nv=3D600000319028314425&mac=3D410132&mf=3Dvip%40vip.ikinginsulation.ltd&msgid=3D=

d11b1bac-1c78-4ab8-953b-625b3afde3da%40alibaba.com&sac=3D0&tag=3DRockwoolSandw=

ichpanel&tid=3D2527540&to=3Droot%40nk.ca&tpl=3D&ts=3D1781603915&type=3D1&url=3D=

&v=3D1.0&sign=3D3ce4c5cffcb05941000032fdcef19b33&urlts=3D1781604148" alt=3D"" =

style=3D"display: none; width: 1px; height: 1px;" />

Chinese products spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 16 Jun 2026 06:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZTMx-00000000Fsc-2CBn

for dave@doctor.nl2k.ab.ca;

Tue, 16 Jun 2026 06:58:19 -0600

Resent-From: The Doctor

Resent-Date: Tue, 16 Jun 2026 06:58:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-m8246.xmail.ntesmail.com ([156.224.82.46]:19422)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZPUY-00000000KOg-3akx

for sales@nk.ca;

Tue, 16 Jun 2026 02:50:05 -0600

Content-Type: multipart/alternative; BOUNDARY="=_Part_269597_2103876792.1781599735618"

To: sales

Subject: =?UTF-8?B?SG9tZSBUZXh0aWxlIEZhY3RvcnkgZnJvbSBDaGluYTogU2luY2VyZWx5IEludml0ZSBZb3UgdG8gVmlzaXQgVXMg?=

X-Priority: 3

MIME-Version: 1.0

Received: from nidonghui@aimaylai.com( [10.139.0.42] ) by ajax-webmail ( [127.0.0.1] ) ; Tue, 16 Jun 2026 16:48:55 +0800 (GMT+08:00)

From: nidonghui

Date: Tue, 16 Jun 2026 16:48:55 +0800 (GMT+08:00)

X-WM-Tid: 0a9ecf9e8f350693kunm45b415805739a

DKIM-Signature: a=rsa-sha256;

b=aSKSOX84Oh382wXkNXiN2a01RwgTRpkSSgacpvBMYB6joj9Y30y7/sO++8hmfDPVHsOby3ZOB1q92wZCKRid0Wa0N0ca47Kg0LjeFjJnYcVC9nSIxoPn/QxImBlSPYQ+cl5OkbjnSjzPowu4uYvbLgnMymSbp8jvi7oezrUWvtG/Q6h0+N4Ip9obQnluUJVmTv384gov++bYlTU5XOEKw292xuKAECNis9f7+8t2E3BXWkcU16k+SSFqIlIpwl4SS/FPRY5FSUR9xWumk58BjKDfxNn8OOg5CHD+trNETD13TOBLVqI28RSax3W0X3pAnr4aOvyr8YDxQ3LTUvVgZQ==; c=relaxed/relaxed; s=default; d=aimaylai.com; v=1;

bh=KR3AUW3LL+ssALyl/LNq1O7OX98ZIlBMWDkK05MjPiM=;

h=date:mime-version:subject:message-id:from;

Message-ID:





We are a bedding manufacturer with 20 years of experience, offering high-quality silk, Tencel, and cotton products, customizable options, and competitive prices. Contact us for samples or inquiries.

Home Textile Factory from China: We cordially invite you to visit our facilities. We are a professional manufacturer with over 20 years of experience specializing in high-quality bedding, serving clients globally. Our primary offerings encompass silk, Tencel, and 100% cotton bedding sets, specialized hotel bedding, as well as silk comforters. We maintain stringent quality control standards and utilize high-quality raw materials to guarantee the softness, breathability, and durability of our products, making them suitable for hotels, home textile brands, and distributors. We offer flexible customization services, including size, color, logo printing, and packaging, to meet your specific business needs. With competitive factory prices and reliable delivery, we aim to build long-term cooperative partnerships. Enclosed is our product catalog for your reference. We would appreciate the opportunity to discuss how we can support your business. Please feel free to contact us for samples or further inquiries. Best regards,







Ni DH

International Trade Executive

Zhejiang Aimilai Silk Home Textiles Co., Ltd.

nidonghui@maylai.group

13123876583

NetKnow Now in Netcraft's Top 19250 part 2

Posted by Dave Yadallee on

Wild Rose Internet





Wild Rose Internet

ranks >2000000 from >2000000 and I wonder if this is another wireless branch of Tera-Byte and bought out by Xplornet





TIC Internet





TIC Internet

ranks >2000000 from >2000000 ( I do remember you).



Nisa Custom Internet Solutions





Nisa Custom Internet Solutions

ranks >2000000 from >2000000 by Netcraft



MediaShaker





Media Shakers of Edmonton

ranks >2000000 from >2000000





Koi Media





Koi Media

rank >2000000 from >2000000



WebFire





Webfire.ca

ranks >2000000 from >2000000 and seems to be connected with Shaw.



Core Network Solutions Inc.





Core Network Solutions Inc.

ranks at >2000000 from >2000000 .



The Network Centre





The Network Centre

ranks >2000000 from >2000000 and are linked with Telus high Speed.





Open Concept Internet, Inc.





Open Concept Internet, Inc.

rank > 2000000 from > 2000000





Techalta





Interspots of Edmonton

acquired by Techalta ;



Yegtel





Yegtel rank > 2000000 .



Internet Crossroads





Internet Crossroads Ltd of North Edmonton

rank nothing from nothing by Netcraft and seems to merged with Tera-Byte/ecn.ab.ca .



If I remember anymore, I will add to this entry, before Netcraft changes our ranking. Please watch this space and please feel free to peruse

our services.

NetKnow Now in Netcraft's Top 19250 part 1

Posted by Dave Yadallee on
All data is from Netcraft Toolbar .

Looks as if there are major changes to the Netcraft algorithm after some years! Why did Avast clasify the extension as URL:Phishing?

This is not the Alexa Tool Bar!



NetKnow







Netknow now at 19205 from 17328 at Netcraft and pfs compliant



A significant decrease! We must do
  1. security audits regularly
  2. check on illegitimate traffic hitting the web server


    3. and
  3. keep design current!




How do we compare with other providers in

Edmonton, Alberta, Canada?



Telus and reviews



Next we have Telus.com

ranked by Netcraft at 3480 from 3477 .

Sometimes their Web Hosting is done by
title="Internet Names for Business">Internet Names for Business

is ranked by Netcraft at >2000000 from >2000000 .



Is Telus's ADSL network susceptible to Code Red Attacks and Attackers?

Reviews of Telus are available :





Rogers





Rogers Business Solutions

which rank 6167 from 5961 and are hosted in Europe.



Government of Alberta



The Government of Alberta Website

ranks 14786 from 14740 by Netcraft and seems to hosted on Cloudfare.



Netknow again





We at Netknow are at 19205 from 18857 since the start of 2026.



City of Edmonton







The City of Edmonton ranks 35758 from 36255 by Netcraft and hosted by Google.



University of Alberta







The University of Alberta ranks 49932 from 49071 hosted by Amazon Techonologies.



Juno and NetZero





We have Juno Internet ranked on top

at 319800 from 320343 who are the owners of

US Based Netzero at Netcraft Rank 83899 from 81648 .





NAIT / Northern Alberta Institute of Technology





NAIT ranks 123436 from 122518 hosted by Microsoft .





Grant MacEwen University





MacEwan ranks 142431 from 142431 .



TekSavvy



TekSavvy ranks 194322 from 206913 and are hosted by Microsoft



Shaw Cable





Next,

members.shaw.ca

ranks >2000000 from >2000000 and retired and

Shaw Cable

is next at Netcraft rank >20000000 from >20000000 . Hosted now by Akamei .

Their Network Hosting Arm,

Big Pipe is at

Netcraft rank 305249 from 305878 and hosted by Akamai in Europe .



Reviews of Shaw are available :





Internet Centre / CCINet



Internet Centre

rank 348711 from 349367 . Their partner Rack Nine ranks > 2000000.



Xplornet



xplornet

ranks >2000000 from >2000000 and are listed with

Cirrus9 and are joining up with Shaw.

Their new domain xplore.ca ranks 480959 from 482206 .

According to an article in the Sherwood Park Independent, they are also getting an Alberta Government subsidy.



Distributel / 3Web / CIA



Cybersurf

is ranked 940078 from 943163 and seems to be hosted in USA by DigitalOcean.



Primus



Primus

ranks >2000000 from >2000000 and now points to BLACKIRON_DataCentres ranked >2000000 from >2000000.



Northern lights Fiber







Northern lights Fiber are ranked by Netcraft >2000000 and uses AWS.



OkayVPN





OkayVPN

are ranked by Netcraft >2000000 and uses Cloudfare.



Radiant Communications / goco.ca





Radiant Communications

are ranked by Netcraft >2000000 and part of goco.ca

which ranks >2000000 .



Tera Byte Edmonton and reviews





Next is Tera-Byte

at Netcraft Rank >2000000 with

Tera-Byte.ca

ranking >2000000 from >2000000 and their wireless arm Tera-Byte Wireless

sold to Xplornet.

One of Tera-Byte's acquisitions

Edmonton Community Networks

ranks at >2000000 from >2000000 and

Go Edmonton ranks >2000000 from >2000000.

Alberta political blogger Daveberta ranks >2000000 from >2000000; interesting!!!

Reviews of Tera-byte is available at

here

and another here

and check Google for more reviews; just search tera byte.



MCSnet





MCSNET ranks >2000000 from >2000000 and are hosted by Microsoft .



Nucleus Internet Services





After that we have

Nucleus Information Services which can be found at Netcraft Rank >2000000 from >2000000 .





4Web





4web ranks >2000000 from >2000000 .



Alentus / Wolfpaw





Alentus

rank by Netcraft >2000000 from >2000000 and I note they are hosted in the USA .

wolfpaw.net

which ranks at >2000000 from >2000000



Yellowpencil





Yellowpencil Ranks >2000000 from >2000000



WSI Corporation





Next is WSI - We Simply The Internet of Toronto

at Netcraft Position >2000000 from >2000000 and are being hosted on Amazon.



Uniserve / Interbaun





Next, Uniserve

ranks on Netcraft >2000000 from >2000000

One of their acquisitions

interbaun

ranks with Netcraft ?????? from ?????? due to merging of sites.

One customer just came over from this organization in Nov 2006.



Clearwave Broadband





Clearwave Broadband ranks

at >2000000 from >2000000



Platinum Communications





Platinum Communications Corp.

bought out by Xplornet .

invoice phish from Godaddy Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 18:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZI14-000000001M0-1X89

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 18:50:58 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 18:50:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from sxb1nlsmtp02-02.prod.sxb1.secureserver.net ([92.204.71.165]:50789)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZHjw-00000000P97-3ui5

for sales@nk.ca;

Mon, 15 Jun 2026 18:33:28 -0600

Received: from 137.234.205.92.host.secureserver.net ([92.205.234.137])

by : HOSTING RELAY : with ESMTPS

id ZHi5w7IOThneyZHi5wLSAy; Tue, 16 Jun 2026 00:31:22 +0000

X-SECURESERVER-ACCT: 92.205.234.137

x-originating-ip: 92.205.234.137

X-CMAE-Analysis: v=2.4 cv=ZrtH7d7G c=1 sm=1 tr=0 ts=6a30995a

a=VBm27xasOtl1gAzrVLFkWA==:117 a=VBm27xasOtl1gAzrVLFkWA==:17

a=FelO9ux0wxsA:10 a=jseCez7vAAAA:8 a=bKwsm-_m6Sv_gZNB7q4A:9 a=CjuIK1q_8ugA:10

a=6La71ksEAAAA:8 a=WI1oPIdb8qdMH19wSkwA:9 a=_W_S_7VecoQA:10

a=KGnS7LbA55y5AxEHsPEA:9 a=n3BslyFRqc0A:10 a=TVSDGDhtDLUA:10

a=Cuw82jQfYdcA:10 a=ALcC6MeIz8quGovx1V-V:22 a=ypTHgtvWjkVDeDvyh4Hh:22

Received: from ec2-18-216-200-48.us-east-2.compute.amazonaws.com ([18.216.200.48]:57031 helo=EC2AMAZ-ERKHFID.us-east-2.compute.internal)

by 137.234.205.92.host.secureserver.net with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.2)

(envelope-from )

id 1wZHi4-000000003fw-1bzs

for sales@nk.ca;

Tue, 16 Jun 2026 00:31:21 +0000

Content-Type: multipart/mixed; boundary="===============3286535678535461225=="

MIME-Version: 1.0

From: Manny

To: sales@nk.ca

Subject: New Order & Statement - Attached Nk

Date: Tue, 16 Jun 2026 00:31:19 +0000

Message-ID: <178156987907.2840.8566574863270536816@EC2AMAZ-ERKHFID.us-east-2.compute.internal>

Precedence: bulk

X-Mailer: =?utf-8?b?VmlraW5nIE1haWxlciDimpTvuI8=?=

X-CMAE-Envelope: MS4xfIWB6c9wGTJmljA5OiGInJs70/pN9FBRjkvQmkcL88d8mGW30IxbiMaU/cXJbW/xbTm3VNzQ/0PAcFQjn/E9OoAi2UaIAQpf+L8RxqSTsOot4ieCNDWq

HYSP9R2ILe3PTmwMrYbZHTxeOcBwC9ksEYaUH/SVYDYHBTopmeN0mqCPwrTSHZTD4FsjfpxOQvPWJ3U4GeY2uXuVMUlS+FtYazw=

X-Spam_score: 13.2

X-Spam_score_int: 132

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good Morning,

Pl­ease f­ind att­ached the new ord­er and sta­te­ment

for your ref­er­ence. The [...]



Content analysis details: (13.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[18.216.200.48 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.205.234.137 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

[92.204.71.165 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[92.204.71.165 listed in dnsbl.ahbl.org]

[92.204.71.165 listed in dnsbl.ahbl.org]

[92.204.71.165 listed in dnsbl.ahbl.org]

[92.204.71.165 listed in dnsbl.ahbl.org]

[92.205.234.137 listed in dnsbl.ahbl.org]

[92.205.234.137 listed in dnsbl.ahbl.org]

[92.205.234.137 listed in dnsbl.ahbl.org]

[92.205.234.137 listed in dnsbl.ahbl.org]

[18.216.200.48 listed in dnsbl.ahbl.org]

[18.216.200.48 listed in dnsbl.ahbl.org]

[18.216.200.48 listed in dnsbl.ahbl.org]

[18.216.200.48 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[92.204.71.165 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[92.204.71.165 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[92.204.71.165 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[92.204.71.165 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[92.204.71.165 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

2.3 MANGLED_BEST BODY: mangled best

2.3 MANGLED_PLEASE BODY: mangled please

2.3 MANGLED_ACTION BODY: mangled action

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[92.204.71.165 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation

1.0 J_BACKHAIR_32 RAW: 3 alpha-tag-2 alpha

1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]

1.0 J_WEEDS_I FULL: Dec/Hex char Enc [Ii]

1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} New Order & Statement - Attached Nk

Invoice phish from Godaddy PArt 2

Posted by Dave Yadallee on
--===============3286535678535461225==

Content-Type: multipart/alternative; boundary="===============4551356073169753329=="

MIME-Version: 1.0



--===============4551356073169753329==

Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit



Good Morning, Pl­ease f­ind att­ached the new ord­er and sta­te­ment for your ref­er­ence. The doc­ument inc­lud­es the upd­ated ord­er det­ails alo­ng with the cur­rent sta­te­ment. Kin­dly rev­iew and let m­e kno­w if you hav­e any qu­estions or req­uire any cla­ri­fi­ca­tion. If ev­ery­thing look­s cor­rect, no fur­ther act­ion is nee­ded. Th­ank you for your con­tin­ued busi­ness. Bes­t reg­ards, Manny Accounts Department Twe Technology Inc. man@twe jam ca.org

--===============4551356073169753329==

Content-Type: text/html; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit













Good Morning,





Pl­ease f­ind att­ached the new ord­er and sta­te­ment for your ref­er­ence.





The doc­ument inc­lud­es the upd­ated ord­er det­ails alo­ng with the cur­rent sta­te­ment. Kin­dly rev­iew and let m­e kno­w if you hav­e any qu­estions or req­uire any cla­ri­fi­ca­tion.





If ev­ery­thing look­s cor­rect, no fur­ther act­ion is nee­ded.





Th­ank you for your con­tin­ued busi­ness.





Bes­t reg­ards,





Manny


Accounts Department


Twe Technology Inc.


man@twejamca.org







--===============4551356073169753329==--



--===============3286535678535461225==

Content-Type: application/octet-stream

MIME-Version: 1.0

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="P0-081526-statement.pdf"



--===============3286535678535461225==--

Proposal spam from google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 17:41:00 -0600

Received: from mail-qt1-f174.google.com ([209.85.160.174]:56752)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZGvA-00000000K3n-2nUa

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 17:40:57 -0600

Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-51778077b28so44069861cf.1

for ; Mon, 15 Jun 2026 16:40:00 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781566794; cv=none;

d=google.com; s=arc-20240605;

b=VR351NQsW2PMSPO2fkB+XnYtZUHYcGyD3VBLC53O/vhfvGRPSjTrYCjVjUJ2ItpOQW

kOKnIDBnG8fUmXwEz6qGmQ2Ex8RGksthNgNQzY2ll3xvQmpxB/ztHnVtZsXTkR4AOFRX

o4jq9pk87JvBk3vpHc91DTtoVDfJ/oE/SR3nXE2COPElgcmP33hi93tEKMs4julK7SkX

rUXS0o7G63WHdE9Z00q4Jpq7etOHE4o+rFy/D1WL9DvyJmvzh2xdzBCRULYMSBVMmzgr

Tx+7O7TGMfMjx4u9+sedjD1BCZjk/ERkinOGU91WnvgtMnfTFPHUunBeU8BXAAvRwgRY

gPHw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=C/1kIW9ns3B17ta46jlESGdj6edwnpeQszzbXG3GB9w=;

fh=lqvQpHO4rvGCv/s+0rUIeAJK43i+pwpfjNq4yZVvCXQ=;

b=YUUA/h1HNMUFaHWy5jb8m6PhzSjDIFP1+qALZmpejKvj3n0/Gj+Qv0mMs3csbcEWEd

wGuoDTzge0hhK/4a8duv8B5cZeyUB8m6bcpBiPwSrxVS0l3cVqck0g3pw2a9KJsTx0kh

tYkRQNpfF5tDgy0M/3k/wy5ODh4Z+N3olIqDWbEisU/aVhCT+EFD3Mr45DPaAYvnDMK6

CwCtaWSAMf/1N5vIcKSbtJWdAEwpvXhH6WL4jX2rIwbo3HTOBUyx2KD9JTREB+cuig4i

Gl9JMCcsjY8c+RLyQE1U4kmglg9VQJ2QZts3YmDY8Ed1I9IGxsWvTTGtHDS85zIURpA6

KGTA==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781566794; x=1782171594; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=C/1kIW9ns3B17ta46jlESGdj6edwnpeQszzbXG3GB9w=;

b=hfzmcn3nFDRcvq4bfDFixbxX8WqehvbM6M9eXPB2vZfPkl5XGULKwtUdiydFRvlmUh

Da1Js7wv01sVrEU4StUKMO1W3XnnV6lmYG2dNasmyTrGas7m2vJM00bDEf+G2Qgmn5r7

quREMS0HELATFlNeESlvBPVgHph6+ttvCr40D8+f0kg24SlwkqFLXUo/mB6nQJt4yXNW

Wo1OiSFXzNJCe07Cxsq8o50cw3z2tcJaX1gFklJjZMf4nLvwwIIH8zwp7ssGjSi44Xfc

VdNVaO2ESCllQUKlm8pqTR0g8lC86KhSzIuzAtSglH9iWky3SmR5gzTRGfYTqboRiHjU

waHg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781566794; x=1782171594;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=C/1kIW9ns3B17ta46jlESGdj6edwnpeQszzbXG3GB9w=;

b=C5/9Xi6aChtrmQd9Ty2fqNQBdM4xVBMQBvARuW1Wt2oh7zCS+c6ggzeK6ViqaQUMNM

QFmCbqeY2JoU/rNbQAgDds1QKULBPRtUxVjyvW56OnV+8EX7yVrUJtj0mDWoq/QH+H/S

rXtEyZF09NCQZzIQdmXS1e1X7U/5v7Z3n7jRo3ySnprCCG+bDAJDBSe244a1DbwYnI+L

TkSBW3X04Y/+eyMOhE2+jUald/ErLDpqq8jSU5kzQNkEulYElf2hhMNVI3xv3Dsx87Nz

UPz+Ljd++NYMkVANB4iGzknwwZYx1NxgPnA5IekSb+tio5wr8ngV6lXhA8S0gjzFDyjO

BKnA==

X-Gm-Message-State: AOJu0YwyCjGlIwvTahAhghI0Ir9ze6QHONjIQ61PsxOajpq5Yh+MfExi

YPBakr4MynU3LmUOlc4gVfmHWh7JKFqQ77GifuQ034+4LIxw2z35Lax92ylqa5Qsv586JVGTPfv

MolDhGUwd2Gicm/WtOfebSmERbAVItFAG1ZNzVqM=

X-Gm-Gg: Acq92OFrc5YD/x+xlkX48xYNgFOmLuV0xohNUFbcc3sSSTIU4mRPXtU1ABfAkZ8d/eS

oyyllheI0AcGQKS56OCW075xD1clZ7YEGhVhTPFDmET4a+d6jxiDZV9o7ae20mGAhc2geRlSj8W

lDJq1e4oA2dl3cvFevZOD2qQCe4VBfGW1whH7atUlRusat8BznQAjrilduOEp/n75Ypmsj/O7l6

wXViP9EKzXoDQmKDBgOp60bmWmOF82w9s29nHrnojqfYPXylGy5ImEbjXo6mTH6fKC0EAZIv7hW

v/gEm8Tfng==

X-Received: by 2002:ac8:6542:0:b0:517:8069:8b06 with SMTP id

d75a77b69052e-51991a8e1fdmr18416591cf.35.1781566794044; Mon, 15 Jun 2026

16:39:54 -0700 (PDT)

MIME-Version: 1.0

From: Farhan Faruqui

Date: Tue, 16 Jun 2026 01:39:42 +0200

X-Gm-Features: AVVi8CdQJNPzq6eWPmbd40bGQbx14y0EcSYYe4RYPxTXC-2zzOW30YUmZCyTMBY

Message-ID:

Subject:

To: dave@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="000000000000e717650654535796"



--000000000000e717650654535796

Content-Type: text/plain; charset="UTF-8"



Good day



Please let me know if you had a chance to review my previous email about

the proposal.



Best regards.

Farhan



--000000000000e717650654535796

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





=3D"gmail_signature" data-smartmail=3D"gmail_signature">

style=3D"margin:0px 0px 1em;color:rgb(0,0,0)">
">Good day

Please let me know if you had a chance to review my prev=

ious email about the proposal.

Best regards.
Farhan


iv>




--000000000000e717650654535796--

CRA Phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 18:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZI0V-00000000PCr-0xm6

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 18:50:23 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 18:50:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.voicemailvoip.online ([92.113.145.149]:57982)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZDrK-00000000DVO-2NH4

for root@nk.ca;

Mon, 15 Jun 2026 14:24:46 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=voicemailvoip.online;

s=default; t=1781555023;

bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;

h=List-Unsubscribe:From:To:Subject:Date;

b=Uj5Nb6yBKDOctdQ9uMOqC9UH47iXJP9UV1rQbVnPCqxRqjIGLXL/jbihgsukS02n2

OCMkGCGs4yr92wI417osJ0SnNm2Xx2xGcEuwKifPmtib58RJjfCzd/70Eloe3PyC3g

kV/sjUTLVplm1UzFgxyOALuukpeVt3maJdqgzxyPtj5jLPth1fFWPQoOKXNbxCJlTH

N8FCPA3ww1MHlS1gc1WOTPDoqNElSv3ViFBdkNPDyUAfsIntjfq34D7ojfyFlqVtth

fhwPwoEgD2zwf6UhIr2b9nFLqBKLp5QQcmOjoK+OKI4a9SgVn81tmJPVlnwUPRWaDY

7/ZqbHesszgdw==

Received: from [127.0.0.1] (vmi3373381.contaboserver.net [212.47.79.9])

by mail.voicemailvoip.online (Postfix) with ESMTPSA id 45135426EA

for ; Mon, 15 Jun 2026 20:23:43 +0000 (UTC)

Message-ID:

List-Unsubscribe:

From: Canada Revenue Agency

To: root@nk.ca

Subject: Canada Revenue Agency (CRA) shared a

Date: Mon, 15 Jun 2026 20:23:43 +0000

MIME-Version: 1.0

Content-Type: text/plain

X-Spam_score: 14.7

X-Spam_score_int: 147

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:



Content analysis details: (14.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.3 EMPTY_MESSAGE Message appears to have no textual parts and no

Subject: text

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[212.47.79.9 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[212.47.79.9 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[212.47.79.9 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[212.47.79.9 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 T_PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: voicemailvoip.online (online)]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[212.47.79.9 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[212.47.79.9 listed in zen.spamhaus.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

1.3 BODY_EMPTY Empty message body !

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[92.113.145.149 listed in bl.score.senderscore.com]

Subject: {SPAM?} Canada Revenue Agency (CRA) shared a



Canada Revenue agency phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 18:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZI0O-00000000Ogs-3UHt

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 18:50:16 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 18:50:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [92.113.145.149] (port=35502 helo=mail.voicemailvoip.online)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZDfm-00000000D7g-43U9

for sales@nk.ca;

Mon, 15 Jun 2026 14:12:51 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=voicemailvoip.online;

s=default; t=1781554308;

bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;

h=List-Unsubscribe:From:To:Subject:Date;

b=KhpTTKZFStBwP3yyODI+2/eRoV/kgkLTS2E5mBa7m/5DKS4Nx6MDntFP3scJtAZ2r

/SMpCJ0eGy9t9M5ZI+1SA3kUrS4Mu5AF/o7BKrLr+KF+C6VFchmEZei9+H+JFd/puL

W/b3DqKPo6ZgfRgqissNd8z5C+k+5cKyeE+C39Bjc+wWaKjWSlX+Wc3orQLds2NMRf

5CxL47PxaBAYRWuEVNWe+xa+MljZ0EFPMQthqP+6zu1Jwua7Rfaw8Jbf5GrxVft2/c

OyLWNqVnYdcVkH5TZ/AT9utDXR3cAJlDVjGQ454pplTQ40poMZJbK7AGxmIZ+7+fiW

JaQcYML9Qummw==

Received: from [127.0.0.1] (vmi3373381.contaboserver.net [212.47.79.9])

by mail.voicemailvoip.online (Postfix) with ESMTPSA id 9B56C4223C

for ; Mon, 15 Jun 2026 20:11:48 +0000 (UTC)

Message-ID: <13c03ca1-4d67-452b-8309-27cac4ac581d@voicemailvoip.online>

List-Unsubscribe:

From: Canada Revenue Agency

To: sales@nk.ca

Subject: Canada Revenue Agency (CRA) shared a file

Date: Mon, 15 Jun 2026 20:11:48 +0000

MIME-Version: 1.0

Content-Type: text/plain

X-Spam_score: 16.0

X-Spam_score_int: 160

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:



Content analysis details: (16.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.3 EMPTY_MESSAGE Message appears to have no textual parts and no

Subject: text

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[212.47.79.9 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[212.47.79.9 listed in zen.spamhaus.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 T_PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: voicemailvoip.online (online)]

1.3 BODY_EMPTY Empty message body !

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[92.113.145.149 listed in bl.score.senderscore.com]

Subject: {SPAM?} Canada Revenue Agency (CRA) shared a file



Canada Revenue agency phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 18:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZI0O-00000000Ogs-3UHt

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 18:50:16 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 18:50:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [92.113.145.149] (port=35502 helo=mail.voicemailvoip.online)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZDfm-00000000D7g-43U9

for sales@nk.ca;

Mon, 15 Jun 2026 14:12:51 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=voicemailvoip.online;

s=default; t=1781554308;

bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;

h=List-Unsubscribe:From:To:Subject:Date;

b=KhpTTKZFStBwP3yyODI+2/eRoV/kgkLTS2E5mBa7m/5DKS4Nx6MDntFP3scJtAZ2r

/SMpCJ0eGy9t9M5ZI+1SA3kUrS4Mu5AF/o7BKrLr+KF+C6VFchmEZei9+H+JFd/puL

W/b3DqKPo6ZgfRgqissNd8z5C+k+5cKyeE+C39Bjc+wWaKjWSlX+Wc3orQLds2NMRf

5CxL47PxaBAYRWuEVNWe+xa+MljZ0EFPMQthqP+6zu1Jwua7Rfaw8Jbf5GrxVft2/c

OyLWNqVnYdcVkH5TZ/AT9utDXR3cAJlDVjGQ454pplTQ40poMZJbK7AGxmIZ+7+fiW

JaQcYML9Qummw==

Received: from [127.0.0.1] (vmi3373381.contaboserver.net [212.47.79.9])

by mail.voicemailvoip.online (Postfix) with ESMTPSA id 9B56C4223C

for ; Mon, 15 Jun 2026 20:11:48 +0000 (UTC)

Message-ID: <13c03ca1-4d67-452b-8309-27cac4ac581d@voicemailvoip.online>

List-Unsubscribe:

From: Canada Revenue Agency

To: sales@nk.ca

Subject: Canada Revenue Agency (CRA) shared a file

Date: Mon, 15 Jun 2026 20:11:48 +0000

MIME-Version: 1.0

Content-Type: text/plain

X-Spam_score: 16.0

X-Spam_score_int: 160

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:



Content analysis details: (16.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

2.3 EMPTY_MESSAGE Message appears to have no textual parts and no

Subject: text

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[212.47.79.9 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

[92.113.145.149 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[92.113.145.149 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

[212.47.79.9 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[92.113.145.149 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[212.47.79.9 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[212.47.79.9 listed in zen.spamhaus.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 T_PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: voicemailvoip.online (online)]

1.3 BODY_EMPTY Empty message body !

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[92.113.145.149 listed in bl.score.senderscore.com]

Subject: {SPAM?} Canada Revenue Agency (CRA) shared a file



Bitcon PAypal phish from Microsoft Outlook PArt 3

Posted by Dave Yadallee on
Content analysis details: (16.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[209.85.128.72 listed in will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

[40.93.23.99 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.23.99 listed in dnsbl.ahbl.org]

[40.93.23.99 listed in dnsbl.ahbl.org]

[40.93.23.99 listed in dnsbl.ahbl.org]

[40.93.23.99 listed in dnsbl.ahbl.org]

[209.85.128.72 listed in dnsbl.ahbl.org]

[209.85.128.72 listed in dnsbl.ahbl.org]

[209.85.128.72 listed in dnsbl.ahbl.org]

[209.85.128.72 listed in dnsbl.ahbl.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:cafe:0:0:a5 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[dnsbl.ahbl.org]

[2603:10b6:930:89:0:0:0:25 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.23.99 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.23.99 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.23.99 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.23.99 listed in dnsbl.ahbl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.23.99 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.23.99 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

Bitcon PAypal phish from Microsoft Outlook PArt 4

Posted by Dave Yadallee on






3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_FROM From username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.23.99 listed in wl.mailspike.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.3 LONGWORD BODY: Uses overlong words

2.6 HK_SCAM_N13 BODY: No description available.

0.6 MEGALONGWORD BODY: Uses really overlong words

0.1 TW_RW BODY: Odd Letter Triples with RW

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Important_Transaction_Alert_=2D_BTC_Order_S?=

=?UTF-8?Q?ubmitted_=40_po_15=2E_j=C3=BAn_2026_=28cynthiaperez389903=40groups=2Eoutlo?=

=?UTF-8?Q?ok=2Ecom=29?=





Haresasz Nxysarwsa has invited you to Important Transaction Alert – BTC Order Submitted

Title: Important Transaction Alert – BTC Order Submitted

When: June 15, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,



This email confirms that your PayPal payment for Bitcoin has been received and your order is now under review.



Transaction Overview:



Payment Method: PayPal

Asset Purchased: Bitcoin (BTC)

Amount Paid: $500.00

Current Status: Under Review



Our security team is currently validating the transaction. Once approved, your order will be completed automatically.



If you did not authorize this activity, please call +1 832 631 9067 immediately to prevent further processing.



Thank you for your prompt attention.



Sincerely,

Customer Support Team

Attendees:



cynthiaperez389903@groups.outlook.com





Dear Customer,



This email confirms that your PayPal payment for Bitcoin has been received and your order is now under review.



Transaction Overview:



Payment Method: PayPal

Asset Purchased: Bitcoin (BTC)

Amount Paid: $500.00

Current Status: Under Review



Our security team is currently validating the transaction. Once approved, your order will be completed automatically.



If you did not authorize this activity, please call +1 832 631 9067 immediately to prevent further processing.



Thank you for your prompt attention.



Sincerely,

Customer Support Team

Kedy

pondelok 15. jún 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie



Bitcon PAypal phish from Microsoft Outlook PArt 2

Posted by Dave Yadallee on
X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC0:EE_|DM3PPFA15A4F67D:EE_

X-MS-Office365-Filtering-Correlation-Id: a86d4f73-f7f5-4f80-481c-08decb058942

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.128.72

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|32020799003|26000799027|4040799016|9400799043|34130799006|9020799019|26130799012|9000799056|16001999021|1680799066|24102599021|6092099016|22000799015|5139299004|3151999006|6149299003|3069299007|6019299003|16200799027|29080799009|970799063|3412199025|4302099013|440099028|18021999003|30041999003|2145499017|1370799030|1360799030|1380799030|26104999009|21002599022;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?ZXlYaG9kQXJ3NjJza2Uvb1RLc3ArWXE2ZWp6V1BMRmQ3ZzBrVERxN0U3SzNi?=

=?utf-8?B?N0hYZmJMc1VuZTVseGkxV1BLbDRZMElxZ2pwVVNKek5OQXNibVJBdTZ6bmRL?=

=?utf-8?B?MEJhMENvYXBaVU1zaHpoY08vQ1p2Q3NWcDJFcU1WZmI5VEFISTdnYzk0REV0?=

=?utf-8?B?by9sNnF2d2l5UERxZHlvSFo5dzVPT2FseUhNYytuUTg1Wm9USlBMQzk1T21P?=

=?utf-8?B?b0VqenRWN1NkTWhLaWFGS1pCc1R0OVVuRy8xQkxGdTZCOS8rZmxkRng0V0xW?=

=?utf-8?B?NE5oaVZLbGxKWThaUzVMSkRFeDZVNGw0K2dUbG9EV1hiR0FyZnBzNW9XTHov?=

=?utf-8?B?eHZNd0JKT2JSdlo1U2Q3UG9LcFZyUjgzMTExUDRUOG1zYlNBejZSczArR1A2?=

=?utf-8?B?QVJoTkE1eGJHc1ZMeDRWQkJPQ3ZDUVJrc2R1YzBaTE5IeXEwUHpBWStuQlJw?=

=?utf-8?B?Zy84Z2p3QzE2VlByeWZSV2hnVUJ3Q2tibFJXWS9QMzZuUmFwV2Nwd2lsbVNC?=

=?utf-8?B?S3IzSzlIbktJTzBwZ0NhUHVlcld4MWtGbE01OXM2Q0FoZHFVc3ZzZjdnekxa?=

=?utf-8?B?S25RTjBHVVB2K1M1WjJYRGdFL0E1aGdkeDd1Y3k0SjgweU12cFhGS0QyalRn?=

=?utf-8?B?M200VnhlL3JlaWNxWG1wcTZ3VDFmdE04bXBwSXZIcGlIaityeFB4SGsvaGxN?=

=?utf-8?B?VXI4ZUF2VFk0ZEcvVkt1VXkrODFDeEV3VTRmUnJrMTFxRTZBcXBaRTh1aXhQ?=

=?utf-8?B?ZGtjcjBpN0M0T3c2aTdWaFBVR05rTWgrMTNBQk9YNXVEdGdnSGlEQW5xV3Qw?=

=?utf-8?B?c2pUUTZkajJ4S1c3djNzS0g1bHhxbDlCYURrMmNsTEJPMTZzZzYwMy9Jc2JY?=

=?utf-8?B?ZTdMSEx1YUp6VFpNeWJmODdIbjI3cXJUcVdndVlaSVVHTjdNMVorSGl2dGZv?=

=?utf-8?B?bnYrQTE5QkVaa2FFRi9rZStaOGZGTEE3ZWdJS2Rkc0Q5WUlacVNKVWQrZlk2?=

=?utf-8?B?UFBrbSthZkhQL3YzWWNWWGZNRTNqbDBNT1htZEp4bk04OThScS9KVnUwdmc4?=

=?utf-8?B?bXgxOUFuS281ZHVReCtuTU5PRm02ZUlWTkhzM1hObENwaXJvZlkzL2J0dlJl?=

=?utf-8?B?c3gxMEZWOHVFV3pTc25PS0hKY3NtNytJRmN6NmNzT2pXVjlNZHNmcFl3K0g3?=

=?utf-8?B?QTV4dHRpWms5cW1objNtbTNsa203VWZrZVpFK1NFeUc1WXh4WUI2MlphdXRS?=

=?utf-8?B?MWU5TGd1LzROVFNUZ1RJdmhqWTgxNHJ4OTBHcjB1dlN6NXE1bVdXZzIrYXNW?=

=?utf-8?B?OGx2VW9NNlpKYmNKMnRlRFV3eE1wQys5RUp6QkwxV243SkcxMzk0SXlLWUpY?=

=?utf-8?B?VGtpTmxIZ2xQU2ljZ3ZWOHIvdTFWeDcyWVY1MXlyckdRYjBUZWJUbmFXRXhD?=

=?utf-8?B?TFRCZy9CMGZ0UG8rWE12dWNzZ2hQQkJKVUJrRVNueTBzY3psUG1aalZVUFdQ?=

=?utf-8?B?TUNRN0pWdDIwTXhSd3plMlh6YmhTaFA0Z3lXOG5sYzY3VVl1TjcwSDVWWTVP?=

=?utf-8?B?aGFVcnhDRDdlaGdpckRLckZ1Skxucld2ek44NHhiREo1eGxBQ0FVQkxidG9M?=

=?utf-8?B?Q1FhYkE1Q2tvVmlvMDhTUnBPUTFqSEVWMUg0UmpSeTd2TWtrZDQyZWhVdEdY?=

=?utf-8?B?NFNockNyNFBCVEZ3RVozY3BxSEdWQmhCdCs3Z3NOU3RNSjFvV0pMelJRL0xi?=

=?utf-8?B?SUxVUkU5RWl0SmZ2ZXQyRzViQ2J0Z3loSWVpb0tPNFNQVEZrT2NuMmFkVWJS?=

=?utf-8?B?cXRoOGtLTWVnKzUybDZlVEtlMFF3L2U5Skk4ZnR1WFc5WFNXZHpYdUpQYS91?=

=?utf-8?B?TW5SVmRjc3dvUHpsVVY0U3c5RTBLRU9LMUd0aUg0djhxckRHWncxem9HNU1p?=

=?utf-8?B?Z294UFE2VzU5WnhiMUpOVzAvWCtmMjJhSEMvUy91dW03MDgrTURsaEtHTmho?=

=?utf-8?B?M2tNRUFGaUdiT2VzWHFFdTU3aEp1bzQ1ZUwrSDltNVlTdzFVdGJSTmtYdU9u?=

=?utf-8?B?bE9ubTA1RE5Gdyt6Z0YzeHJnUFhUa0RjRkNxVS9DUWM3RjdBaCt6V1hFZ2xu?=

=?utf-8?B?eXg0aFc5bjA4b3ZDSmtRdTRNSlBYbWlZY3phWEtnMWMxRkoza3ByQnY5Zklr?=

=?utf-8?B?WkFvb1gvM2QrTndTWUpRLzVsT1BHMTRZL1AxU2xrSGFGOU45SWVBMlBkeGFV?=

=?utf-8?B?dGYxZ1JiSVZQS25UcW5HTHhVVm9Hd2NkcklEYnUvdElVYStuUnZKYWNzM2VM?=

=?utf-8?B?NzVmVVRDZnE2ZndNUlRuNzBGVzhGYkxyT2NqeVlLODBJaUxhSnE2aTBlcmUx?=

=?utf-8?B?TWVnVlRJV2dsQ2hqQnpxNmNhTVlVNlZWbGtQTGhJbFBxSVIzbktiT3ZSOXJ5?=

=?utf-8?B?aTNLK3ZPa0tiSWJZUlJxQkhHTzJrQ3pZTVBrakk1cTgvRlNBa01yR28rVG1Y?=

=?utf-8?B?eWNLNGVHZVZsZ0dvUjdVb3BpLzBXa0hHNU1GdndRZjV0QWsvcDFTWjIwYmQz?=

=?utf-8?B?TXhweWh5SHhwQ2lVMU5LeHp3bWowd2Ezbm9YY1AxTitOd09nUWtacDEzYThL?=

=?utf-8?B?MmI2Z3VOaFFiU3NHL3BxMll4TFMrLythMHR2dWFTM3BJanVYYWZpVGxqSzkr?=

=?utf-8?B?T29peXEwVjNVZFhLaDB6UDNCQjh6UVpxWU1uT0w0RDRlN1dBd2gxblRiUFc0?=

=?utf-8?B?akdvdEgyUDVocE5OVnIraGpyTFViN3gvYUNTQkNaSFducU5FZkUxV0h6SFdK?=

=?utf-8?B?b21NNGs4OElJQWZYZTFtdjdxYnczQVUvbCt4b2ZJdGNPdWZxd1BuWDlDZ1VG?=

=?utf-8?B?K3o5SDJwMktXYmxieWJaRUc5UEI1NFRoRDNEelU5NktRWFhKNUZKYXJHcnpV?=

=?utf-8?B?K0dVcFJLR0J4ZW5pbFZaZXBERGh3RVNWMW8xcFQ4OXdXOW9abmFNQTZ6enhE?=

=?utf-8?B?L2J2cG83TGJOdERRZC9RMmNWN0tRUTUzOGExeXQ0cGNtM2xCbm41SGlsR3hu?=

=?utf-8?B?ZkxTVGhLS2dWcXYyZTZORytrbzBQeGlWSnFOTks2TTFYMzFqSkwxWVFBM2ov?=

=?utf-8?B?bk11RzkxZVpPeFJERGFkeVdoRlFOTmJYbDZXTktKWnljeDlaR3laRE50WXlD?=

=?utf-8?B?M3ZiNloyeGxjS25QSU5mZzRDTFZWU3RTN0lQamdxZDJPbU1qSHJteHFuYWl1?=

=?utf-8?B?QkFqWnN1ZHFMbTNZVzNZZlhsRDJCaVdpd1RMRTVLVEtiWWd4L3ZyV2dySEh5?=

=?utf-8?B?NXlZUEwydTkzYzJEWnlKd1gveWZvQkd6aGl5ZVpKejNaYnUvdDU1VU1iVlVI?=

=?utf-8?B?dW1ZaDFWVXNROENNdENnUGVDSWN1bGgxQmVLb2k5VStwa1VYTUl1V1RwN1V3?=

=?utf-8?B?M0VCYnFUR3dvNTU3dkdIL2hQeE5LbzlrMzBnUkVyTzc1OWNDYXFNTjBxRVRs?=

=?utf-8?B?YjJpdmxqL0hQbUxKRGhya2p5TU1LdERwanNOKzd5Zk84WWxxbjBLT1gzNmY1?=

=?utf-8?B?K0VJRm00Nm1PVmp1NytTNzlweXZzc1JoNlZma3hsWVMydFhTQmNxVmlCU0to?=

=?utf-8?B?Q1gyeGM4Yk0vUGdsM2JtWHl0VzBFakhXbkZBVW12TVJOTngxUk94QjFRQ0xH?=

=?utf-8?B?SU9zaW9tTlM3cTMwRmRndkNGcVZPcUVUMXhaTEhJZDNZUmdCVm1zUjJHeGRk?=

=?utf-8?B?L3o1U3o0QVhQdUE2V0V3OHVGVnVpTjdYK0F1UTJGNWRZVDZVSnpXYVlwUEJq?=

=?utf-8?B?Vnl0SkRqeHBkbkkxaWRjNGladHA0K25rVTRGKzdoeTVzUXNVQTVPeGFyWnBu?=

=?utf-8?B?b05xUHNZdHRxbThRL0RacHZwcUNXRGt2UVRxM2IzR3BpUkhaSTVtZS9RdXE5?=

=?utf-8?B?bHNoRnJKRndSQjdTOXBvb2R4K2xmcmpFbEF1U0x6dmlERWQ1TUV4TEp0TzBE?=

=?utf-8?B?MzZySWJsR3YwNjB2YlRGelZUSGFjT3IwS3JwZWRuNmNJeThkRDAxcHc9PQ==?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 17:42:57.1049

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: a86d4f73-f7f5-4f80-481c-08decb058942

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC0.namprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PPFA15A4F67D

X-Spam_score: 16.3

X-Spam_score_int: 163

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Important Transaction Alert – BTC Order Submitted pondelok

15. jún 2026 Dear Customer, This email confirms that your PayPal payment

for Bitcoin has been received and your order is now under review.

Bitcoin paypal phish from Microsoft Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 18:50:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZHzd-00000000M50-0BXs

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 18:49:29 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 18:49:28 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-westus3azlp17010099.outbound.protection.outlook.com ([40.93.23.99]:30224 helo=PH7PR06CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZBLm-00000000BTF-1pPh

for doctor@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 11:44:06 -0600

Received: from CYZPR05CA0004.namprd05.prod.outlook.com (2603:10b6:930:89::25)

by DM3PPFA15A4F67D.namprd18.prod.outlook.com (2603:10b6:f:fc00::6bb) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.16; Mon, 15 Jun

2026 17:42:57 +0000

Received: from CY4PEPF0000FCC0.namprd03.prod.outlook.com

(2603:10b6:930:89:cafe::a5) by CYZPR05CA0004.outlook.office365.com

(2603:10b6:930:89::25) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.139.11 via Frontend Transport; Mon,

15 Jun 2026 17:42:57 +0000

Authentication-Results: spf=pass (sender IP is 209.85.128.72)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.128.72 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.128.72; helo=mail-wm1-f72.google.com; pr=C

Received: from mail-wm1-f72.google.com (209.85.128.72) by

CY4PEPF0000FCC0.mail.protection.outlook.com (10.167.242.102) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.139.8

via Frontend Transport; Mon, 15 Jun 2026 17:42:57 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:ED5E595A5DC91789FCF5FFCDB3BD051C84EBDE0C105434EDCD7D71604EF4FE1C;UpperCasedChecksum:DC3A0034ED7646F3EECF717E6410C2048B579D7A40180C27775EFEF9B7D89BC4;SizeAsReceived:3409;Count:15

Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-490b0682d2fso32743765e9.0

for ; Mon, 15 Jun 2026 10:42:57 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1781545375; x=1782150175; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=LFDqi1X73Dl3P9kxl5V30roktBb+Yg1jwONMqwuE0fs=;

b=MZLJ16nMCBM5JFOLPnGkKVp6O1lNhTJpA3gDIboqiv6R/irxnPtq8ZuVmUZZS1h4Zj

n6Ac8dW4TvG+ytW+2MLYVC3fO0doOL4vBxYdmKCz1XWgPF/jLCZwMY4lEgO+rcbI9CRF

SpDhEAtkRzD28ecRjf+msnbQLAuXuIHCWmcT3r+olPzrIPEw0l0gkRvHtXialzxxwF+f

r+4BWDI+eIjpQcUzk47foX46aE25WEuBaK0XxH2jsPLckt3qrxDqvOvc5L6frGnvmmf0

ovpBB5LjwHpMM4sBoevqRImhLuwwFa7dEbdsRVzTXa0HzSgYNHmATqz12b/ipBMcMK7p

fLmQ==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781545375; x=1782150175; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=LFDqi1X73Dl3P9kxl5V30roktBb+Yg1jwONMqwuE0fs=;

b=H/jE2kED28avlpsdLGPgThXd28GEZO1dIo99l4sMaajMG+xB+kufrcLmdYOedfVPub

wwlKGNuy71K5rgi0d+xWj7u1Ljab5IuR7alennbtlFEdsoMDvSl3gdNZww6enIbyVtRM

dt0/ITjqBhrGnC9Tua71ZO3VI//XU6aP1TbfnF1HtWQsX8f2pfj7E0nFk6JIUgyjYibs

1aIKomuBuX8gWKW2phHpyi+Ru2cjMgJv9kRfSiTioQT1KMfDNiFH4nMzuJwPhyo8uQEU

zgCK/hZ6q0Tb8O4RscQ/43KF0W1+JPM60ZWz72KpemNY0duvHj4XpKPIFgzJpB9jRV1k

cM4A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781545375; x=1782150175;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=LFDqi1X73Dl3P9kxl5V30roktBb+Yg1jwONMqwuE0fs=;

b=OarY8EeboeA8ILh/q1HxitaoF//S2hyH9asa7kmT8Z5UAVAv2dZKimcs0vWCf+xZCw

tljBmzN+8hhLwDH40c7PHM8Xnsm8ODYyJ7dmpobspO8v/GYn2jzV3Fjn2mlNzyfeAsCA

VRCkiia+pcYORmlCUIytgPvF55D5TyBfQrWuJC+BHIWX2suxc6Eal7m8o0uCr9TkBKCV

v1vm62KGKwy8dyUu+c/tagYo1ciAWzvE6lfMJ5JlNtR0l/GSrlN20HawF50uejCAX6OW

dg6rD6tuCBVpxa6XNAUOqTP+6PbqqTf9LjZECJqLg6h7lj80STDIg2qgkCHXBn9KH7Bl

navw==

X-Gm-Message-State: AOJu0YytWacb9rpbKQ0+xlPFHnFQoP4YKOJw8jkKT3RLF2VS1A5etZF+

6cmTgSyVfrdj8+eIWaeOXNTuCaNy+02WOu73wH5CtHvtVbuxc+8WAdoF/CuJcbh1asN4Tv/hyWT

HGFAGiFRNZnSOin7t54h/qn62jSiRMsKN/AE=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:4e48:b0:490:e60b:6860 with SMTP id

5b1f17b1804b1-4922005e235mr143868745e9.7.1781545375111; Mon, 15 Jun 2026

10:42:55 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Mon, 15 Jun 2026 17:42:55 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Important_Transaction_Alert_=2D_BTC_Order_S?=

=?UTF-8?Q?ubmitted_=40_po_15=2E_j=C3=BAn_2026_=28cynthiaperez389903=40groups=2Eoutlo?=

=?UTF-8?Q?ok=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="0000000000003c1e6606544e5ba8"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

chinese productus psam Part 2

Posted by Dave Yadallee on
hi 亲们

我们这边是深圳市云松跨境物流有限公司,专注于降低物流成本,

目前我们帮单一客户节省了30万美元的成本。我们擅长DDU,DDP,LDP等贸易条款,可以合理的帮您优化物流成本,减少支出。



下面是我们的DDP到门的价格,惊喜的是,不到RMB7.5/KG就可以发一箱货到加拿大,

下面是我们的海运散货价格,有需要多多联系哦。

烦请您动动发财小手扫下二维码,添加微信,方便联系沟通哦。

祝您万事如意,生意兴隆,货如轮转,财源滚滚。



整柜价格到门价格,DDP到门

起运港 目的港 价格(40HQ) 备注

深圳/广州/宁波/上海/义乌/青岛/天津/长沙/郑州/佛山/中山/泉州 温哥华 10220 整柜包含海运费,清关,关税,派送

埃德蒙顿 6814

卡尔加里 6814

多伦多 9880

蒙特利尔 9880

温尼泊 9993



散货价格

起运港 目的港 价格(40HQ) 备注

深圳/广州/宁波/上海/义乌/青岛/天津/长沙/郑州/佛山/中山/泉州 温哥华 8.3 散货包含海运费,清关,关税,派送

埃德蒙顿 7.5

卡尔加里 7.5

多伦多 8.1

蒙特利尔 8.1

温尼泊 8.2



举例,如果您的货物是散货,下面是一些价格参考,具体可以问我们,DDP到门。

起运港 目的港 价格 体积CBM 重量KG 总价RMB 备注

深圳/广州/宁波/上海/义乌/青岛/天津/长沙/郑州/佛山/中山/泉州 多伦多 8.1 1 150 1352.7 散货包含海运费,清关,关税,到仓库

8.1 3 450 4058.1

8.1 5 750 6763.5

8.1 8 1200 10821.6

8.1 10 1500 13527

8.1 15 2250 20290.5

8.1 20 3000 27054



















Stay ahead with timely announcements by tapping . Enable Future Notices



If you want to reduce emails, hit Control Frequency.





Miss Julin



深耕美加专线13年



DDU/DDP双清专线,让您省心省力省钱



Shenzhen Yunsong Cross-border Logistics Co.,Ltd



Room 2806, 28th Floor, Building 1, Evergrande Metropolis Plaza, Bantian Street, Longgang District,



Shenzhen City, Guangdong, China



深圳市龙岗区坂田街道马安堂社区环城南路15号



恒大都会广场1栋2806



Phone : 13798412845



Email: julin@yunsongfreight.com











在2026-06-13,Julin 写道:



-----原始邮件-----

发件人: Julin

发件时间: 2026年06月13日 周六

收件人: [sales ]

主题: 加拿大FOB/DDP/LDP ,一箱也能发



Hi 亲们



我是深圳市云松跨境物流有限公司的Julin,



我们专注于美加欧澳墨西哥国际物流13年,能做CIF,FOB ,DDU,DDP,LDP等条款.

下面是不同的重量发加拿大的价格,一箱也能发,几百元就到加拿大,双清包税到门。

欢迎扫码加微信,随时详聊!DDU/DDP双清专线让您省心省力省钱。

祝您万事如意,生意兴隆,货如轮转,财源滚滚。





散货价格

起运港 目的港 价格(40HQ) 备注

深圳/广州/宁波/上海/义乌/青岛/天津/长沙/郑州/佛山/中山/泉州 温哥华 8.3 散货包含海运费,清关,关税,派送

埃德蒙顿 7.5

卡尔加里 7.5

多伦多 8.1

蒙特利尔 8.1

温尼泊 8.2







Maintain your product-savvy edge with . Stay Updated on News



If you prefer to exit, choose Review Communication Options.





Miss Julin



深耕美加专线13年



DDU/DDP双清专线,让您省心省力省钱



Shenzhen Yunsong Cross-border Logistics Co.,Ltd



Room 2806, 28th Floor, Building 1, Evergrande Metropolis Plaza, Bantian Street, Longgang District,



Shenzhen City, Guangdong, China



深圳市龙岗区坂田街道马安堂社区环城南路15号



恒大都会广场1栋2806



Phone : 13798412845



Email: julin@yunsongfreight.com