TD Webbroker phish
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 18 Sep 2025 10:03:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1uzH5W-00000000AHj-2gVi
for dave@doctor.nl2k.ab.ca;
Thu, 18 Sep 2025 10:02:26 -0600
Resent-From: The Doctor
Resent-Date: Thu, 18 Sep 2025 10:02:26 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [85.142.92.44] (port=36212 helo=mail.lbufz.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1uzE1e-00000000FIq-25Lf
for doctor@doctor.nl2k.ab.ca;
Thu, 18 Sep 2025 06:46:23 -0600
DKIM-Signature: v=1; a=rsa-sha256; d=lbufz.com; s=dkim; c=relaxed/relaxed;
bh=WC1xcZd30/OiJtwFEi3VGIl8bX+I+mJNAnxeZtFNqks=;
h=from:to:subject:date:message-id:sender; t=1758199525;
b=KnP/FSTwyDhZUhTX6+T+kHQUv2lKjNlLco7r8cAfmOL36A0/7jKLEDwbuhmFH427P1Tyd0H2C
pPLuhbS2IAbzwpd3UT6n23Oo8kBQOF08jK6MbYf7fOxRVPSGVir8vfiE3h3sOYQevJebeEdIYMe
E+cq8+iKf2faID4lqu3qzhtJAFC7enwJjdXIHw/HmTSRejxVw+mHg19rgXwCHkMy8qS/M875e3g
IxcRvwM2AEmHJxGkoYJ3mKbMhVwQGzUWOTKZ11Qd99rJ5JT2sQC4SU+2TMA3y5LHu3HtI5yA3SQ
PvCn823fbWdmX9+uiiJ3w1Z9PmpBkRoJmtoAaVpKZEEQ==;
From: TD WebBroker
To: doctor@doctor.nl2k.ab.ca
Subject: Verification Request: Maintain Full Account Access
Date: Thu, 18 Sep 2025 12:45:25 +0000
List-Unsubscribe:
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Mailer: Apple Mail (2.3445.9.1)
Message-ID: <175819952504.10631.9999863271734446455@127.0.0.1>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="===============6212458025780768096=="
X-Spam_score: 18.0
X-Spam_score_int: 180
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: This email requires an HTML-compatible viewer. Verification
Request: Maintain Full Account Access Verification Request: Maintain Full
Account Access
Content analysis details: (18.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
[85.142.92.44 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[85.142.92.44 listed in dnsbl.ahbl.org]
[85.142.92.44 listed in dnsbl.ahbl.org]
[85.142.92.44 listed in dnsbl.ahbl.org]
[85.142.92.44 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[85.142.92.44 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[85.142.92.44 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[85.142.92.44 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[85.142.92.44 listed in dnsbl.ahbl.org]
2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist
[URI: authentication-td-phhrip.com]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: lbufz.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: lbufz.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: lbufz.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.5 MR_STRANGE_QUESTION URI: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_NONELEMENT_30_40 BODY: 30% to 40% of HTML elements are
non-standard
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Subject: {SPAM?} Verification Request: Maintain Full Account Access
--===============6212458025780768096==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
This email requires an HTML-compatible viewer.
--===============6212458025780768096==
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
class=3D"js flexbox flexboxlegacy no-touch rgba hsla multiplebgs backgrou=
ndsize borderimage borderradius boxshadow textshadow opacity cssanimations cs=
scolumns cssgradients cssreflections csstransforms csstransforms3d csstransit=
ions fontface generatedcontent">
r-scalable =3D no">
href=3Ddata:image/x-icon;base64,AAABAAEAEBAQAAEABAAoAQAAFgAAACgAAAAQAAAAI=
AAAAAEABAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgA=
AAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AIiIiIiIiIiIiIiIiIiIiIiIiIiI=
iIiIiIiKIKIiIgiIiIv8v+Ij/giIi/y/yIo/yIiL/L/IiL/IiIv8v8iIv8iIi/y/yIi/yIiL/L/Ii=
L/IiIv8v8iKP8iiI/4iIiP+CKIiIiIiIgiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
er=3Dwebbroker&locale=3Den_CA#/uap/reset">
content=3D"default-src 'none'; font-src 'self' data:; img-src 'self' data=
:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inli=
ne' data:; object-src 'self' data:; frame-src 'self' data:;">
-c165 _nghost-dsl-c99>
=3Dmargin-top:15px>
src=3D"data:image/png;base64,iVBORw0K=
GgoAAAANSUhEUgAAAFkAAABOCAYAAABL2LqMAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlY=
WR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/Ii=
BpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU=
6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAx=
Mi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3L=
nczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YW=
JvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXB=
NTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9u=
cy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQ=
WRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6ME=
IzQTRGOUUyRDdDMTFFNjg5RTVDMzJCNDNDMjVBN0UiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ=
6MEIzQTRGOUYyRDdDMTFFNjg5RTVDMzJCNDNDMjVBN0UiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RS=
ZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDowQjNBNEY5QzJEN0MxMUU2ODlFNUMzMkI0M0MyNUE3RSIgc=
3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDowQjNBNEY5RDJEN0MxMUU2ODlFNUMzMkI0M0MyNUE3RS=
IvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGV=
uZD0iciI/PirEpoQAAAjbSURBVHja7J1raBzXFcf/89y39qnXSpYdx7H8wCR+pHaaJg0mJW0wgT4C=
aZPGpR9Cv4R+DKTELYRSAi30Q0tp3HwIhbRQipu0JHXBrQk2uNiN6saOa8uSV7Ktt7QP7a52d149d=
1YyDYk1dyWtYkv3iFlJaGZn7m/OPfd/7py7UrvePvQhgA7aTAhbadNoy6j0spG2iODRNLNleikKDk=
21IoMsCQ5NNUkWDJpvArKALCALE5AFZAFZmIAsIAv7pKleOzj0pUrKGkwMJUiS5LbQbafjwHas+d9=
WGbIma7hZGoVZza8pwFgALBECamPYF0VUD0OTNAJuwaRtVSCzu1o2K9iT2IFuf3It+TBqdg3ZWh4F=
o4TxWgGTlWkUy2PuX4OBFFpZex0bBsGWmgnZJswzdPKj+17CU92PwXJsN3ysAT8mT7VRsqqoWBWUj=
DKuFUdwZvoC3h8/S98vYih7GZFQB1r1uHtDltNu1etiXNhO/Wd1Dc0nsXHGT2ECWhjwA1sjPXii8w=
AKvd/CwOwwftn/B7w5+A6Gq1l0hHvARiVriSFE5tmlYJbWjRJo0YLYndiG3+x/BScfP4pd0ftwI3u=
JvH7OHZ+aJuGkdTrl/HDrA/jH42/gm/d9A9O5AeSrhSWB5oBsI6T6163GZYrjrYd+jO9uP4xsYQBF=
swxFUhsLTV7qgvmwQveiRgOFZVvcA4A9/w5+in2q7H1RDhuIbNM9Rr4lsTxF/C2d672jRF4ok0RTl=
wT7dQofmdkh/P3m+9gQ3+ZqbKatuSJB19uHRlF/Wv2piYhBDb831IUNgST3m7IG2TQiT1Rm8ELvs/=
j2pic8j+ij7viTD36GkmMg5IvTKGNwncmReRKlOuQA9ciuYBsOpO7HgeQutPvjDYHuyw/i0PHnMEM=
cUsF2V09zWEb1isUhNYBzMxdxppFkhKkQkkUoXseDbfu4IA+TVDx29Y8wWR/Qo0BpZL4/SIvrn3Ca=
gh6FswZH/i0t9+DIAy/StX2F+5jd0c342pan8YsLR2H6YlAVjcvxPPtOzTaQDnZACqX5Az11pSIlM=
ZPk/V2BVq5j2tUgYq33Y6o8ji+mv4BH2/bCR2GGafPbOQCTVMdunsTo3BSCCt+4YdP75Sj5uJq7jO=
ePP4/Bz7+KH+76HnfbXt5xGH/JvIsxUlwpJbYyafVCYxrxFAbZopsDq8atLd1ZAwaUNOpe8pgjO77=
DpctPT/Thw2w/OumG8qqgBKXQbcHPYSTfjx+d/gE2kQMd3vwU17Gd/gQe6X4Uv716DJYWobZ6X+Md=
ll0QaIqxcxTP7dt48KdlpXKDEtOkcaZqFNEZ3QqZetrLNBZcKY1yH//V9COIEFwmBFZMJ68mY3ZJN=
dt04XmZ4bD9rPnZtMZPZVCX70xux0ghgz9RCOC1x9r3oCt6L2YpJb/7IP9fiJI491vOFCzrLTqTdG=
oIx0fPIGvwFVPFtRbspJA2Z5TuXsiraWzsCARS6CMNPE4Kh9d2EWSVepIjIPN5c1RvQbaSxYX8AL8=
EjHRDoRTbgS0ge8dmBzqbj6D4eqkByB3+VigUZkyOwU8848NCWHcwXBxF1ebLNHtCHUiRFKxSZuo1=
ggjIC1pD0pAjtcGr69v8MST0CN2Umuc0i4C8wFiWMWvM3TbD/GQWp7hZJpOREJ7MP98yZ7EkiHNmj=
b50NrvIsb+AvABNUlBzDC61MH8A9wSRgPyxdNsC72yu5MLjS4QE5OXPAwjIjfBSZQW80yAMr+UIyA=
0ytuAjGSdxImGx2CRNzTM5JSDfomYjoOjuXDhvpli1TXfAFJB5GTv1p/IKZwEPS1oqVtXVy16xWUC=
el2Ogrh9RA+TJCtch09UCckYRuqJ4KhIB+ZYfOugMtNYTDA67Xh7DVC0Pv+rzLJMQkN1wTKkxpchb=
o5u5te9YZRpGrTwfLoQnLw6AYvCsWYGuhrCzZRP3cTfK47DtqlAXPKZQDC5UZtAbSqM72M593MX8N=
RJ9MteDMhEuyJMdiq37471I+vjqKFgtykezQ5C1gEhGvIzV6M1Wc+TOOp7sOQidU1mcz/WjP38VEU=
VA9ozFkqxjeuYjfLljPw7SxmsnJv5FNyfPrUTUdRcd3OpODZYsIzNxFj5/Akf2voSowl8e/N7NUzA=
UHxRZWR+Q3aGHujlLIiQPvEwLV6x6tWmtMAhVj+B3B3+FhxLbuM/359HTOE+ezEq9WG9YkYLDOzsV=
djBQGIKRvYQbgRR4S2iZPdx9ED/f/wr20YDXiP368u+Rt2tIU3bIu1ZHvbu9WMbXe76Ea7HN8GktH=
tM5bALIj97IJjyY3Ik95L1xtiinAXtz6G84fv0E4qF2ChUq6WRr7UNWKK7+dPf3wZqqcCTOy1n7wg=
oSXz33GkyCG9Zi9SyR2xnu+oGs7inSopu0LMAjlEI/c/JFNzRtaLkH4CqHFBKO2/qLN/DkiRfQN3k=
encn6WhHest47Llw4H3v97Ne95o0S3hh8B69deB0Tc1NIJ7a7c828NcmrCNlBkHN5GhP2bmW9YyBA=
SYLyGax+LZpzGKtM4d2RU3gr81f8c/LfCGgRbIxucSfp7SWuSG0yZMl9esAst0gtb0wLoUz6tQ62r=
mfzRtl9HGTY5oredNv9yIX6wnTTMTFDmVuGBrX/5gdxavIDnM1ewTj9rlGy0RXZSNckufsti8JiS8=
yW1xzHrZhP+5LoDiQX/SwJjRKJaboJmfI4HVNFUo+hJ9DqevZKBg4m40zbdotYWLVQjm7kRC2H2Vo=
RMCru/Q34Y3T+OCkXiatik8MyTfNk5pVhNYTB2WH8Z+IcDbGLnIoao+hhtIfTSOgJdzXTlZlL8F5i=
thS3WliIKbvX5KdrTPkS8Id87rQnW5vH6uFMe+VO2TTIrFtaThXxQAKpYJunR7K/W+T5RaPoho9Ef=
OsqDbfk3+TdLISYjt2UszQ1JjNtyi7edmoNZXH1uGlgrZjQyQKygCxMQBaQBWRhArKALExAFpDXMm=
RHYGiqOQxyWHBoqoXZBNEQxD/Yapaxj0Mc/p8AAwDRuGf0DQpqawAAAABJRU5ErkJggg=3D=3D"
alt=3D"TD Canada Trust">
ss>
nav-utilities>
class=3D"td-dropdown td-dropdown-=
no-hover hidden sf-hidden">
class=3D"td-dropdown td-dropdown-=
language td-dropdown-no-hover hidden sf-hidden">
true class=3Dsecure-lock-position>
_ngcontent-dsl-c99
class=3D"td-icon icon-regular=
td-icon-logout mbna-overide">
n">
en">
le=3Dpadding-top:70px>
_ngcontent-dsl-c165>
ghost-dsl-c144 class=3Dng-star-inserted>
-center tabindex=3D-1 style=3Doutline:none>
Verification Request: Maintain Full Account Access
1>
class=3D"td-col-md-6 td-col-md-offset-3 td-co=
l-sm-10 td-col-sm-offset-1">
Dear Client,
Ensuring the ongoing safety of your account remains our top priority. We are =
therefore contacting you to request confirmation of your current session. Acc=
ounts that have not recently been checked are required to complete this quick=
procedure to comply with security standards and prevent unauthorized entry. =
By completing verification, you help us strengthen your personal account prot=
ection and contribute to safeguarding our platform for all users. Delaying th=
is step may cause certain features to become temporarily unavailable until yo=
ur profile is updated.
Please avoid sending personal credentials in response to this email. Instead,=
visit the secure page provided below to complete the process. Once logged in=
, the system will present you with the =E2=80=9CAccount Verification=E2=80=9D=
prompt. The action requires only a brief confirmation and does not involve u=
ploading further identity documentation. After you confirm, the system will i=
mmediately register your account as verified, restoring uninterrupted service=
. To protect your information and ensure compliance, we ask you to complete t=
his today at:
zD9q9MHUgZ3Ye">Login.
Thanks for your cooperation!
class=3D"td-col-md-6 td-col-md-offset=
-3 td-col-sm-4 td-col-sm-offset-4">
=20