Contract phish from Google user Part 2

Posted by Dave Yadallee on







http-equiv=3D"Content-Type" />








dir=3D"" style=3D"color: rgb(33, 33, 33); font-family: Helvetica, Arial, =

"Sans Serif", serif, EmojiFont; font-size: 15px; font-style: =

normal; font-variant-ligatures: normal; font-variant-caps: normal; =

font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; =

text-transform: none; widows: 2; word-spacing: 0px; =

-webkit-text-stroke-width: 0px; white-space: normal; =

text-decoration-thickness: initial; text-decoration-style: initial; =

text-decoration-color: initial;" width=3D"100%">




















Helvetica, Arial, "Sans Serif", serif, EmojiFont; font-size: =

11px; color: rgb(102, 102, 102); padding: 2px 5px 0px 0px;">


This is an aut‍ogenerated noti‍fication.





255, 255); max-width: 640px;">













Contract phish from Google user Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 05:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXH9X-000000004os-45N1

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 05:31:23 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 05:31:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from server.theclickgroup.rw ([66.29.142.190]:48874)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXFab-000000005yY-0533

for sales@nk.ca;

Wed, 10 Jun 2026 03:51:22 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=umuhuza.org.rw; s=default; h=Content-Type:MIME-Version:Date:

Content-Transfer-Encoding:Message-ID:Subject:To:From:Sender:Reply-To:Cc:

Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:

Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:

List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;

bh=b03VWb6a36mFC1knOV2oNr7sJk3JpRj02n0QvT3vFTs=; b=LC3a/alT4tsPUvOLR6ezvYmfrh

hyFprnjOaRDkdzdcLtIKWdsJRVrOGOntGTZuYDKmNgXvhPjC1QDEzauFr3bNrBpVw219cP2DKbbpL

YaJiydcUkooPmCKVW1VQUbtUeEPwWwYtfxx9QXhmqNnjaSXe252Jq5iop9ysfHKlYRu0JkSmbEeAr

VcAbnNeOxyVh21Jwnz0ieD3+x+j4pbxEGJGdUXRl0C/x/QG1tUUPtQpDwo22t1pp9OkW/TEGUN4N7

dxOQLPPvpBDTRJKX5hpfY6n53g8RvpY66mh0stTvasoKGP97scP68huUi9bxS5Pz5hPiZSc8tGSnv

jN4Jg2Rw==;

Received: from 32.97.227.35.bc.googleusercontent.com ([35.227.97.32]:46050 helo=[127.0.0.1])

by server.theclickgroup.rw with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.4)

(envelope-from )

id 1wXFZj-0000000AEy0-00MB

for sales@nk.ca;

Wed, 10 Jun 2026 11:50:16 +0200

From: "Nagindas Khandwala College eSignatures /O189433 =FIRST

ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP /Garett Lemke-Lang"



To: sales@nk.ca

Subject: Completed: Nagindas Khandwala College Contract Agreement

06/10/2026 ref:eUc0vrV/449392

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Wed, 10 Jun 2026 09:49:55 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server.theclickgroup.rw

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - umuhuza.org.rw

X-Get-Message-Sender-Via: server.theclickgroup.rw: authenticated_id: shyakachristian@umuhuza.org.rw

X-Authenticated-Sender: server.theclickgroup.rw: shyakachristian@umuhuza.org.rw

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: This is an aut‍ogenerated noti‍fication. Nagindas Khandwala

College You have reci‍eved some bu‍siness f‍iles on DocuSi‍gn. VI‍EW

COM‍PLETED DOCUM‍ENT



Content analysis details: (9.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[35.227.97.32 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

[66.29.142.190 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[66.29.142.190 listed in dnsbl.ahbl.org]

[66.29.142.190 listed in dnsbl.ahbl.org]

[66.29.142.190 listed in dnsbl.ahbl.org]

[66.29.142.190 listed in dnsbl.ahbl.org]

[35.227.97.32 listed in dnsbl.ahbl.org]

[35.227.97.32 listed in dnsbl.ahbl.org]

[35.227.97.32 listed in dnsbl.ahbl.org]

[35.227.97.32 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[66.29.142.190 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[66.29.142.190 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[66.29.142.190 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[66.29.142.190 listed in dnsbl.ahbl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

2.3 MANGLED_LINKS BODY: mangled link(s)

1.1 TRACKER_ID BODY: Incorporates a tracking ID number

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[66.29.142.190 listed in bl.score.senderscore.com]

0.1 MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.7 FONT_INVIS_MSGID Invisible text + suspicious message ID

Subject: {SPAM?} Completed: Nagindas Khandwala College Contract Agreement

06/10/2026 ref:eUc0vrV/449392

WEb/SEO/App spam from Google Gmail Part 2

Posted by Dave Yadallee on
X-Received: by 2002:a17:90b:3503:b0:368:ed92:6f6 with SMTP id

98e67ed59e1d1-370ee830360mr23869198a91.1.1781082515537; Wed, 10 Jun 2026

02:08:35 -0700 (PDT)

MIME-Version: 1.0

References:

In-Reply-To:

From: Ketrina Cullins

Date: Wed, 10 Jun 2026 14:38:23 +0530

X-Gm-Features: AVVi8CclF169aY6EnqyWzOHruua59XbP32YTY6ygsLy885QK7YbFTxw8Vmtm4Z8

Message-ID:

Subject: Re: Real Estate & Property CRM Mobile App

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000a782d00653e2965e"

Bcc: cullinsk05@digitalappsdev.com

X-Original-Sender: cullinsk76@gmail.com

X-Original-Authentication-Results: mx.google.com; dkim=pass

header.i=@gmail.com header.s=20251104 header.b=cTgguLQr; arc=pass

(i=1); spf=pass (google.com: domain of cullinsk76@gmail.com designates

209.85.220.65 as permitted sender) smtp.mailfrom=cullinsk76@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@digitalappsdev.com

Precedence: list

Mailing-list: list cullinsk05@digitalappsdev.com; contact cullinsk05+owners@digitalappsdev.com

List-ID:

X-Spam-Checked-In-Group: cullinsk05@digitalappsdev.com

X-Google-Group-Id: 216687259047

List-Post: ,



List-Help: ,



List-Archive:

List-Subscribe: ,



List-Unsubscribe: ,





--000000000000a782d00653e2965e

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,



Do you have a mobile app idea in mind? I=E2=80=99d be happy to help you bri=

ng it to

life.



Thank you!

Ketrina





If you'd rather not hear from me again, simply reply "unsubscribe" and

I'll make sure you don't receive any further emails.





On Wed, May 27, 2026 at 6:56=E2=80=AFPM Ketrina Cullins
om>

wrote:



> Hi,

>

> We provide professional Mobile App Development services for iOS, Android,

> Hybrid, and Native platforms.

>

>

> Our experience includes building:

> =E2=9E=BA On-Demand Service Apps

> =E2=9E=BA Cleaning Service Apps

> =E2=9E=BA Booking & Delivery Apps

> =E2=9E=BA Logistics / Transportation Apps

> =E2=9E=BA Healthcare Apps

> =E2=9E=BA E-commerce Apps

> =E2=9E=BA Real Estate Apps

> =E2=9E=BA Staff Management & Scheduling Apps

>

> If you are planning to build a mobile application, please share the

> features and services you need.

>

> We would be happy to discuss your project.

>

> Thank you!

> Ketrina

>



--000000000000a782d00653e2965e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,

Do you h=

ave a mobile app idea in mind? I=E2=80=99d be happy to help you bring it to=

life.

Thank you!
Ketrina


>


>If you'd rather not hear from me again, simply reply=C2=A0
">"unsubscribe"=C2=A0and I'll make sure you don't rec=

eive any further emails.


t>


uote gmail_quote_container">
On Wed, M=

ay 27, 2026 at 6:56=E2=80=AFPM Ketrina Cullins <
sk76@gmail.com">cullinsk76@gmail.com> wrote:

ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid=

rgb(204,204,204);padding-left:1ex">

sans-serif">Hi,

We provide professional Mobile App Development serv=

ices for iOS, Android, Hybrid, and Native platforms.

Our experien=

ce includes building:

=E2=9E=BA On-Demand Service Apps
=E2=9E=

=BA Cleaning Service Apps
=E2=9E=BA Booking & Delivery Apps
=E2=

=9E=BA Logistics / Transportation Apps
=E2=9E=BA Healthcare Apps
=E2=

=9E=BA E-commerce Apps
=E2=9E=BA Real Estate Apps
=E2=9E=BA Staff Man=

agement & Scheduling Apps

If you are planning to build a mobile =

application, please share the features and services you need.

We wou=

ld be happy to discuss your project.

Thank you!

e=3D"verdana, sans-serif">Ketrina






--000000000000a782d00653e2965e--

WEb/SEO/App spam from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 05:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXH9G-000000003CM-4BN6

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 05:31:06 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 05:31:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f69.google.com ([209.85.216.69]:61594)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXEwW-000000002OV-1OGI

for root@nk.ca;

Wed, 10 Jun 2026 03:09:58 -0600

Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-36d98b74447sf5155303a91.2

for ; Wed, 10 Jun 2026 02:09:01 -0700 (PDT)

ARC-Seal: i=3; a=rsa-sha256; t=1781082535; cv=pass;

d=google.com; s=arc-20240605;

b=YePa0bS/ztI/eApvctnB9a5XSn0JJKLp8VyZU/dyDntRyKkubfumakASQd2uR7kW+c

1Txs173HHoVhw6sZqwnChdOZderNeiHO+WTzKTNw7LknvtbjzaeIpjzBHJIUOvYl9Smb

CUgCmNehboJvqYpXm/qOegSACvpKcyKgHVQXW8L3RkWYxiJOw+JnTQhX+RyAQToL5WM+

ctZVdzI+5625RRTFyI6UIi4VQEYuUdeBnbC/xa1PZWiRsD+aX0LVc7ymCGHCVIzoZLQH

vIb8eCAcDfhwElJTGC5I6VQqGFE5oPnNZTcuCmb7Ysc2tDNI6J/PZwM0FB6Gd5xtaY7t

GAIg==

ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:to:subject:message-id:date:from

:in-reply-to:references:mime-version:dkim-signature;

bh=ATuQQ057ud1yusInrMg6yVNBUGE4rwoohjvSzxYYes4=;

fh=iNkiVqVTBaSCdfI63qB9mJDnRqan516xsF7Odd+n51c=;

b=Q5K6QB5S3HlJ2+3AM/pc2OtAw0A/XFQkva4fxpQwkPDinvM6T7OFB1Xz8G7GDML3JN

wcbFtk915ZaMJncmSAHjm35dNT8Avl8qo3lSuihFRXp7dUhwvt2T/1OZgR5ixauOJ9pX

c5EzaP8FZ1n4A6z70Tgu1BCxOjj5btSPgcoP0qVCja6F2pmmwMNa6kF+UXARtL7sAKXG

3rVM1Xs/EauMwvQF4LI218naapgWz0m91HWhELeCJ2fTQyXzH2plXr1+OWCkdgiASF92

pp9r2irqXXa1CIPNYpHaDiNds38w5+Zz9Y6nPE0SF3+lUOC7ESTpwFbjLOi/+ZoVXiqx

zQwg==;

darn=nk.ca

ARC-Authentication-Results: i=3; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20251104 header.b=cTgguLQr;

arc=pass (i=1);

spf=pass (google.com: domain of cullinsk76@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=cullinsk76@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@digitalappsdev.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=digitalappsdev-com.20251104.gappssmtp.com; s=20251104; t=1781082535; x=1781687335; darn=nk.ca;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:x-original-authentication-results

:x-original-sender:to:subject:message-id:date:from:in-reply-to

:references:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=ATuQQ057ud1yusInrMg6yVNBUGE4rwoohjvSzxYYes4=;

b=A7GmV1XTIsgm4T8uSjtP/Ju7x1M+aw2zAdWcppDzjJJiLCZVvQTzRnQy9OTanJTlwY

vXbqpVyfCVn+aIuzt0VnT/B2AreebA3l/5d1Ja0UqP1XmJmuJH2HXd9ONB8In/y+mIyc

fno9CoQtLrkhdo9s7A+s57DWAKj/sfXT6FMJ3DO53IrzH7WFIBjBd7onNuGgyylIYWsX

ucPgFkVZMS9d4kErIJ0Z+a+Jo5YtVAJgSBgqig0oxh6vlEfO7P0G0luuuj0SpOBXTTZX

WCpnQsIkxNfB5Ap7ochreaGPS9GA+7YtC9vQTTn8D6SxpwbJEZE7vK2xNmR5royMgUgy

t/AA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781082535; x=1781687335;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:x-spam-checked-in-group:list-id:mailing-list:precedence

:x-original-authentication-results:x-original-sender:to:subject

:message-id:date:from:in-reply-to:references:mime-version:x-gm-gg

:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=ATuQQ057ud1yusInrMg6yVNBUGE4rwoohjvSzxYYes4=;

b=gsWkTBXRBhcIPDQRR7Ul5n6przoGb6JhWEVsVrcRTZtftZ1ihjmtWt91KNXY/i8TAr

xjbaXBxnQ7BVIghoSe+cFluLHYNdVNqqy7cz3KmovZ9OWngplml+HRrQY5+mYLiHRQAw

X8vRe4I0ivn/eYUMr5DQ0kNRbGjhTqZd9wxP4AJYB+5QID+oH9I20k5Kh7pivXlM8Emq

AlwTboki38Oqj41SmP3zO6sbxK3cxO7mWkLPz277reHehpxtgna1rIAaKl/Jj1kC+OB3

ukW513BnbudGTqDPBkG9tMZGOfISkDkT4cKtlBVhe+hV+3na7qXpB4BTmfSl6Yb7B1VW

90Ow==

X-Forwarded-Encrypted: i=3; AFNElJ+nYhXxFCabtP1esqYmhuxWzY94jnvirpfzLAive8rq6VHfbvKhdiL4jXyxMeP3sak1Lzm0@nk.ca

X-Gm-Message-State: AOJu0YxWX5gUVKimnwM4yDWxuNOapQ3jalOnrUoPeX3xWSQ3mZYyB3sQ

lzwR1Ma3hVjurnx1VRXnntOYJ9GRB8AaTmU1g4hdpQ/DEkawf2UaKZLjK3bIhZcbeJY=

X-Received: by 2002:a17:90b:5544:b0:369:f48a:f24b with SMTP id 98e67ed59e1d1-370ec0f41aemr27670384a91.0.1781082535250;

Wed, 10 Jun 2026 02:08:55 -0700 (PDT)

X-BeenThere: cullinsk05@digitalappsdev.com; h="AX0PUUcVehaZvl7aagoG9CNre4pxeFqsj6ZdK0azFoy9HwvQRw=="

Received: by 2002:a17:90a:d60b:b0:365:fbb7:4636 with SMTP id

98e67ed59e1d1-36f61f63594ls7524218a91.0.-pod-prod-09-us; Wed, 10 Jun 2026

02:08:36 -0700 (PDT)

X-Forwarded-Encrypted: i=3; AFNElJ//3Y5D/dVD+W3gm6dv1Q5zT4dCWC/Qp7XsoHSmAAqCjA6XA5v3Osf8UNsUXi2iUfRzcxw/eFAOaWLO@digitalappsdev.com

X-Received: by 2002:a17:90b:580e:b0:368:b4a5:c4dd with SMTP id 98e67ed59e1d1-370ee82f071mr24465719a91.2.1781082516199;

Wed, 10 Jun 2026 02:08:36 -0700 (PDT)

ARC-Seal: i=2; a=rsa-sha256; t=1781082516; cv=pass;

d=google.com; s=arc-20240605;

b=TVDfhyUtBCJv3XIlPIcMgqgCDbMNc4FC4VhbxqaE+UlP54Qt8iitRPZoRNpqstoSU+

ziQ0eQm1e7PGroeaXpv/LuKGOrJUqMuKaInyolzmLTq6GEvZk0/jWfqpotu2ytRwCZIF

WKQkeZ9sthRhhn0AHcnScirG+eeMXcw25N1xPT5NwxWM7WUgjnxtnF0a5FQ4jC/ZdbtV

X4GEACrCGOtjjhLf7H4pjBMzGQdsSLt8lO5oCkNIHDygyujewRFmnHe+49AnMSOh0A+m

ppeVDrzdIvCjuSJd1WMGMVHZ4QDwO9IrDn6Sv3mvlPV75e7KDTWkrLZT7ERufjSN3kJV

2B4g==

ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:in-reply-to:references:mime-version

:dkim-signature;

bh=ATuQQ057ud1yusInrMg6yVNBUGE4rwoohjvSzxYYes4=;

fh=/fhJ1WEZwE0o8iqfgMa6M60jzxkxX36gntJTRE90CZc=;

b=cQDOt7yc+NAOpPoRwMNdnFn+OML/dihx8wJvqX2rlJNOZG0CSkQsVVjYdDaTQrz9pt

TpvfFq78wl9XACqMOAzzUKOJeqBbO2QCJUWbj5VTHogw/WJxsoPaA9JePV37pbVGr797

KXSw8hKEDX3SkxaZbHkTi26LGVgSASQmgc38/MUESKdm0eAdzYarBVPcLxK6KD0wftwM

YoPUEg2h3fAMqeqxKE3ISVkj1Y+bn00v3K6hKnQX3h147pslotAt28uwr+AhDnJBQJeo

xXE60JCjahvAe8OJn3RYoD4amo/qgV8RPuGbwgLxVlVPySLgt/AfBe0DOYF9oq9/ELn6

pA7A==;

dara=google.com

ARC-Authentication-Results: i=2; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20251104 header.b=cTgguLQr;

arc=pass (i=1);

spf=pass (google.com: domain of cullinsk76@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=cullinsk76@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@digitalappsdev.com

Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])

by mx.google.com with SMTPS id 98e67ed59e1d1-36e22acb91fsor11909803a91.5.2026.06.10.02.08.36

for

(Google Transport Security);

Wed, 10 Jun 2026 02:08:36 -0700 (PDT)

Received-SPF: pass (google.com: domain of cullinsk76@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65;

ARC-Seal: i=1; a=rsa-sha256; t=1781082516; cv=none;

d=google.com; s=arc-20240605;

b=AkxaIOPeoi2McgWAzBEKfRm6bkW3z+AoQC6oTqBPCKIB+u4S2FjEM4G/jRXKgVPZig

lsf7z4k82iK8imAYzfM0zktUICsxfigcXrVnhS0kR8V0FsOxTuMzvD8wuwaSw9QIzNFz

BGTVS77Ognh8ceVVfISZyIK/vZVnAr5gPsywSigzlPQdhiUW2pf3HrOxp5B81GXozz2u

WRahLXtgzpQRbvwsJ/u0G2ql5PKmjm89Hu6K6WPOyiSDapuRc1EG5aHmgejZSyl8RJCB

OhLdw4o/XDovZUKa30ll+AFVVFx+cxjOA6aMvtFp5FEPY/xz0psFEehkm1GjC8Tedq6p

cuVA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:in-reply-to:references:mime-version

:dkim-signature;

bh=ATuQQ057ud1yusInrMg6yVNBUGE4rwoohjvSzxYYes4=;

fh=/fhJ1WEZwE0o8iqfgMa6M60jzxkxX36gntJTRE90CZc=;

b=aG7ggHWCsKFVBls/eV4kYBd9yZ6+mTvCfA/IJd73mWkjg0ZEo3VjCbQw9cv3qdM9Jm

p7GaRSrN+F5CqiC7e4eTrEzGsCt7MJgMMtvOltpdDQIfw1BQUW9Lwc+SGbKh0btVBFuw

mosjodoDS2AbulPlzmMQY+kGiB+vix9JXRUausLpDf3Xq3qp5eY9RFoSxooKAZSvT+NU

GZ75XJNTYwrzsZReF79eG44lB3rtpOWok3L2OsKx72SP1qdd2WT/s8qam4oBd10Vjjxi

JUYo5HnsVxEA7LgkzhXppBUo7SAaj6V4NIXSSA1R+M25upgJtTQqQcRP/AT5+s2PbBSk

Qy/g==;

darn=digitalappsdev.com

ARC-Authentication-Results: i=1; mx.google.com; arc=none

X-Forwarded-Encrypted: i=1; AFNElJ9MeSKH9I12RgDQ5YJT1Nsmz0eEJeiMulzuPHbpUWpU48HDByni6CNT4zQWTRcGyUreQMeiKGVaL4fV@digitalappsdev.com

X-Gm-Gg: Acq92OHthDLVUZ4l1UlfEf66DDAa3AbKsD1B1v5jEp2TgeSsNti/hcrapig3zgmNC7A

dWPhkd8P+hjLVD3U53ZIkdAjIvywv/caDaamBlALdKByPuSoaPJz6iFR4x2IiJ6WRMjgqJlK3O+

3wao33DJ8UDggzpCNpfym0Yrrliw0VmBIi4Etxl/zLKJFLitgpzo+BzICXZlQw2ll4LytOxZec5

VOzlqgFbsEupLINcR8qgRq9cVEhD0fqsTqNC5ZK1NAXMcPvRdDC/ucEmGoEm1nH40Te0jhhZKAt

SAMMxRx40XOfI529HJ9Q5zt5zgABSG8S2/wdAQ8b2SlsOjgSSw==

Chinese products spam Part 2

Posted by Dave Yadallee on


------=_Part_312081_885067890.1781077947025

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: 7bit













Dear Purchasing Manager,







Good day!







This is Vivian from a professional hotel furniture manufacturer in China.







We specialize in custom hotel bedroom sets, lobby furniture, restaurant and resort furniture for global clients.







We can handle both small projects and large hotel chain orders with stable quality and fast lead time.







Our products are widely sold to America, Europe, the Middle East, Southeast Asia, Australia and other international markets. We have rich experience working with hotel contractors, project designers and furniture wholesalers.







We provide one-stop service including custom design, OEM/ODM, factory direct price, quality inspection and after-sales support.







If you are looking for a reliable, cost-effective and professional hotel furniture supplier, we are your best choice.







Welcome to contact us for catalogs, factory pictures, or quotation anytime.










Best regards,




Vivian







Foshan RHT Furniture Co.,Ltd.







WhatsApp/WeChat: 0086-19290112590







Email: vivian6634@163.com







Website: http://www.rongtaif.com/







------=_Part_312081_885067890.1781077947025--



------=_Part_312080_1165617387.1781077947025--

Chinese productus spam Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 05:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXH8Y-000000000eR-2Lng

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 05:30:22 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 05:30:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from dmd100.mail84.iemailforce.com ([61.147.84.100]:43307)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXDkf-00000000LCm-3q04

for doctor@nl2k.ab.ca;

Wed, 10 Jun 2026 01:53:48 -0600

DKIM-Signature: v=1; a=rsa-sha256; d=edm1.sqeee.com; s=iemdkim; c=relaxed/relaxed;

bh=1KMIHp5e7HMYOyPWuoirP0QKysI5FMo7w072EjBoMaI=;

h=from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:

resent-cc; t=1781077947;

b=nD3KPq4li8U2jYJ2yXEv7lRgOUIbRHSEFt20vFMInA9o7ayNQjSLmxSc57d+u56URBH6mKCWl

uJQxTWhSAcfKuSuP5D3rB0k/yW8A08iNHdzgM9hyYfmgueVKI7N8s/H59tlSqEvjeI9I2usLOmM

uRDUsTcjj64Nh2k+RqXIipFhL3FkQfsdKDMhklGdtX7L0P69jBa0LeIZ2gEg/ITv2WpbpMmbs0+

JqCKvCU1xNsscsY9L0be8wd7/nHYsKS4mWt9syttvTnod2MXT7DgGHJhWnfrpZ2RZ/EGJ0D7nj6

DkKecA7RjpPgKzCKGWxG13CJFdIJgnawRWIhkHXwlhaw==;

Date: Wed, 10 Jun 2026 15:52:27 +0800 (CST)

From: vivian

Reply-To: "vivian6634@163.com"

To: doctor@nl2k.ab.ca

Message-ID:

Subject: Re: Hotel furniture factory

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_312080_1165617387.1781077947025"

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

X-Iemail-Message-Id:

Feedback-ID: 3a686e9debd94bdb906880472c8d0b19:journey_iEmailMailing_181562_1781076989254_358096:normal:iemail

X-System: P9vr5pzQYFye

X-Spam_score: 9.3

X-Spam_score_int: 93

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Re: Hotel furniture factory Hello doctor@nl2k.ab.ca, It looks

like your email software does not support HTML. Please visit the webpage

below in order to read this message in your webbrowser: https://iem-tracking.dmartech.cn/x/weblink?p=JY7NisMwDITvfpcU_

[...]



Content analysis details: (9.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

[61.147.84.100 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[61.147.84.100 listed in dnsbl.ahbl.org]

[61.147.84.100 listed in dnsbl.ahbl.org]

[61.147.84.100 listed in dnsbl.ahbl.org]

[61.147.84.100 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[61.147.84.100 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[61.147.84.100 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[61.147.84.100 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[61.147.84.100 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[61.147.84.100 listed in bb.barracudacentral.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[61.147.84.100 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[61.147.84.100 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[vivian6634(at)163.com]

0.3 LONGWORD BODY: Uses overlong words

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.6 MEGALONGWORD BODY: Uses really overlong words

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Re: Hotel furniture factory



------=_Part_312080_1165617387.1781077947025

Content-Type: multipart/alternative;

boundary="----=_Part_312081_885067890.1781077947025"



------=_Part_312081_885067890.1781077947025

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: 7bit



Re: Hotel furniture factory



Hello doctor@nl2k.ab.ca,



It looks like your email software does not support HTML.

Please visit the webpage below in order to read this message in your webbrowser:

https://iem-tracking.dmartech.cn/x/weblink?p=JY7NisMwDITvfpcU_0s-BPbSQwvtwkJh20uQLbukTZOSpLDdp1_DSugwzIhv0jK2hjz6HDhHDjZyDNIjSgs6IcuogkivZZ0eee56bqXWLhptmlKCaqwD06CL2FgdldPBoOIgcstTWqf5Yxz0fUNxk0gM9bkwUZCOoy3J-qqMAShSJp0cUJZiqSGdKaGDAgnIQg7EKtRhzwqMSlGsNXSbXvOY312_fVA_HOr147VTqJzXnQJUEnzAoJ3tjEMZvBDr0v4bUFsKurdcsmJ0dYkssgmVQFh8TgyVR7XNdWynbA_d-7k777-_4PkD92Her-NleB_nk9udf198umznz-E42T8

Dragonfly/Intelcom phish Part 2

Posted by Dave Yadallee on
This is a multi-part message in MIME format.



--139dc9e2d192e62775ad5c3baa93d99ea

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit



















French version follows





Intelcom is now Dragonfly!







Valued customer,



A package addressed to you has been held due to non-payment of applicable customs duties, in accordance with the Canada Border Services Agency’s terms and conditions. Please pay these customs duties using our secure form below and schedule delivery at a time that is convenient for you: Â



Access secure form



Failure to comply with this notice will result in your package being returned to the sender.



Important:Â Dragonfly may collect duties and taxes when required by border authorities.









This is an automated email. Please do not reply.







Â





Intelcom est maintenant Dragonfly!







Cher(e) client(e),



Un colis qui vous est destiné a été retenu en raison du non-paiement des droits de douane applicables, conformément aux conditions générales de l'Agence des services frontaliers du Canada. Veuillez régler ces droits de douane à l'aide de notre formulaire sécurisé ci-dessous et choisir une heure de livraison qui vous convient :Â



Accéder au formulaire sécurisé



Le non-respect de cet avis entrainera la réexpédition de votre colis à son expéditeur.



Important : Dragonfly peut percevoir des droits et taxes lorsque les autorités frontalières l’exigent.









Ceci est un message automatisé. Veuillez ne pas répondre à ce courriel.















--139dc9e2d192e62775ad5c3baa93d99ea

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit













 



border=3D"0" cellpadding=3D"0" cellspacing=3D"0" height=3D"182" =

style=3D"background-color: rgb(33, 78, 159); color: rgb(255, 255, 255);" =

width=3D"100%">












style=3D"padding: 28px 10px 36px; border-radius: 2px; background-color: =

rgb(33, 78, 159); color: rgb(255, 255, 255); font-size: 16px; font-family: =

Helvetica, Arial, "Sans Serif"; width: 572.031px; text-align: =

center;">


width=3D"100%">












align=3D"center" style=3D"padding-top: 24px; font-size: 16px; font-family: =

Helvetica, Arial, "Sans Serif"; border: none; text-align: center;=

color: rgb(255, 255, 255);">Nagindas Khandwala College





You have reci‍eved some bu‍siness =

f‍iles on DocuSi‍gn.





cellspacing=3D"0" width=3D"100%">














Arial, "Sans Serif", serif, EmojiFont;">


cellpadding=3D"0" cellspacing=3D"0">










style=3D"font-size: 14px; color: rgb(255, 255, 255); font-family: Helvetica=

, Arial, "Sans Serif"; font-weight: bold; text-align: center; =

text-decoration: none; border-radius: 2px; border: 1px solid rgb(255, 255, =

255); background-color: rgb(33, 78, 159); height: 44.0039px; display: =

block;">
w=3DJboUTP7jcaLgRFIqV2a8nUx6wQ0beyjoyFhO55BJvBo.eyJ1IjoiaHR0cHM6Ly93d3cuZ29=

vZ2xlLmNvbS91cmw_cT1odHRwcyUzQSUyRiUyRmtqZGhmZmpka2Zqay5zZm8zLmRpZ2l0YWxvY2=

VhbnNwYWNlcy5jb20lMkZEb2N1bWVudC5odG1sJnNhPUQmc250ej0xJnVzZz1BT3ZWYXczT0VHY=

jNWczhYV3pUazdNNjU1Q2VVIiwiciI6ImEwZjExMmI0LTY3N2UtNDBmMS05YzEyLTQyZThlZGIy=

MTI2ZCIsIm0iOiJscCJ9#sales@nk.ca" rel=3D"noopener noreferrer" =

style=3D"font-size: 14px; background-color: #ffc820; font-family: Helvetica=

, Arial, "Sans Serif"; font-weight: bold; text-align: center; =

text-decoration: none; display: inline-block; padding-left:12px; =

padding-right:12px; padding-top:0px; padding-bottom:0px" =

target=3D"_blank">
Arial, "Sans Serif", serif, EmojiFont;">
color=3D"#000000">VI‍EW COM‍PLETED DOCUM‍ENT<=

/td>










































































--139dc9e2d192e62775ad5c3baa93d99ea--

Aramco based Nigerian spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 07:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXJ46-00000000D7Z-2q10

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 07:33:54 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 07:33:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [160.187.143.98] (port=40560 helo=roob.crystalcorex.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXHao-00000000LHe-47aj

for root@nl2k.ab.ca;

Wed, 10 Jun 2026 05:59:44 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=rimaugroup.co.id; s=default; h=Content-Transfer-Encoding:Content-Type:

MIME-Version:Message-ID:Date:Subject:To:From:Reply-To:Sender:Cc:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=ezTyp9dJKStRIfNBj+icmouDCGqSfrzazmnhrFjF1qw=; b=Gc2lax+gwr0eqnJZG/mXBMHTTY

PlcrAL/LdI0iIw4Z+Hu/oshUKRZbXUXjRMuF4TEYGW8oey3pykMw2mwUBm+CHGmRt+22C9V2Y3fC2

bvJysyKRhvbeoDqF1mh9usK8MgdzOpc/WgAr6uRcbNWcczWI12rw7KYTyJEcuCmkgiyS7ShoaUgQ3

PW7x8NiWy1GoCsIC0z/e/6SHZ1kjNVgKEN/TTbCOAQUbu8bOw/hirLtfOmBzSYIVXDXqekq8ueYup

rzBQJC5t8N4sA/bsUaOp39SMwN+rnvHucp+7gNhmxvIG/LPTo5GPGQ1qY5ovU6GJSezCFpi4N5Q9Z

t0c1oKdg==;

Received: from [38.255.61.36] (port=49469 helo=rdcpharm.com)

by server.rimaugroup.co.id with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.4)

(envelope-from )

id 1wUMpD-0000000A76T-0PZ9

for root@nl2k.ab.ca;

Tue, 02 Jun 2026 16:28:22 +0530

Reply-To: raschidmario1@gmail.com

From: "Mr. Mario Raschid"

To: root@nl2k.ab.ca

Subject: Investment Project Venture

Date: 02 Jun 2026 12:58:20 +0200

Message-ID: <20260602125819.ECBCA509BE54A9F1@rdcpharm.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server.rimaugroup.co.id

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - rdcpharm.com

X-Get-Message-Sender-Via: server.rimaugroup.co.id: authenticated_id: sherma.yunita@rimaugroup.co.id

X-Authenticated-Sender: server.rimaugroup.co.id: sherma.yunita@rimaugroup.co.id

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 16.0

X-Spam_score_int: 160

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Saudi Aramco Ventures. Al-Midra Tower, 11th Floor, West Wing,

Dhahran 31311 Kingdom of Saudi Arabia Greetings,



Content analysis details: (16.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[38.255.61.36 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[160.187.143.98 listed in bb.barracudacentral.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[160.187.143.98 listed in bl.score.senderscore.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[raschidmario1(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 HK_NAME_MR_MRS No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.0 MIXED_HREF_CASE Has href in mixed case

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

0.0 FROM_MISSPACED From: missing whitespace

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

Subject: {SPAM?} Investment Project Venture









Saudi Aramco Ventures.
Al-Midra Tower, 11th Floor, West Wing,
Dhah=

ran 31311 Kingdom of Saudi Arabia



Greetings,



I hope this message finds you well.



I am writing to explore the possibility of a mutually beneficial busines=

s collaboration with your esteemed organization. We have identified a poten=

tially lucrative opportunity and would like to inquire whether you would be=

interested in acting as an agent partner in managing related business cont=

racts.



If this opportunity aligns with your interests, we would appreciate the =

chance to discuss it further.



For further information please feel free to contact me directly via emai=

l: raschidmario1@gmail.com
P>

Sincerely,
Mr. Mario Raschid,
Director of Sales/Business Developme=

nt
Saudi Aramco Ventures
Website:
om">https://aramcoventures.com



 



Dragonfly/Intelcom phish Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 09 Jun 2026 21:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wX9FN-00000000LvP-2uhr

for dave@doctor.nl2k.ab.ca;

Tue, 09 Jun 2026 21:04:53 -0600

Resent-From: The Doctor

Resent-Date: Tue, 9 Jun 2026 21:04:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [169.239.183.22] (port=42112 helo=bond.schaeffler.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wX7tZ-00000000E7d-3u4A

for sales@nk.ca;

Tue, 09 Jun 2026 19:38:21 -0600

Received: by bond.schaeffler.com (Postfix, from userid 33)

id 8A34DFE90E; Wed, 10 Jun 2026 03:33:49 +0200 (SAST)

Date: Wed, 10 Jun 2026 03:32:47 +0200

To: sales@nk.ca

From: =?UTF-8?Q?Dragonfly_Notification=C2=AE?=

Reply-To: noreply@dragonflyshipping.com.ca

Subject: =?UTF-8?Q?Your_package_has_been_held_by_the_CBSA_due_to_unpaid_customs_du?=

=?UTF-8?Q?ties._/_Votre_colis_a_=C3=A9t=C3=A9_retenu_par_l=E2=80=99ASFC_e?=

=?UTF-8?Q?n_raison_de_droits_de_douane_impay=C3=A9s.?=

Message-ID: <8a5b8afa108a7eb17a7e5774c5f18b0c@dragonflyshipping.com.ca>

List-Unsubscribe: mailto:bounce770-iHaHqGsA4T80jqS@dragonflyshipping.com.ca?subject=list-unsubscribe

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="139dc9e2d192e62775ad5c3baa93d99ea"

Content-Transfer-Encoding: 8bit

X-Spam_score: 7.1

X-Spam_score_int: 71

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: French version follows Intelcom is now Dragonfly!



Content analysis details: (7.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

[169.239.183.22 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[169.239.183.22 listed in dnsbl.ahbl.org]

[169.239.183.22 listed in dnsbl.ahbl.org]

[169.239.183.22 listed in dnsbl.ahbl.org]

[169.239.183.22 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[169.239.183.22 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[169.239.183.22 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[169.239.183.22 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[169.239.183.22 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: scanned.page]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[169.239.183.22 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

Subject: {SPAM?} =?UTF-8?Q?Your_package_has_been_held_by_the_CBSA_due_to_unpaid_customs_du?=

=?UTF-8?Q?ties._/_Votre_colis_a_=C3=A9t=C3=A9_retenu_par_l=E2=80=99ASFC_e?=

=?UTF-8?Q?n_raison_de_droits_de_douane_impay=C3=A9s.?=

Nigerian spam using Aramco

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 07:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXJ46-00000000D7Z-2q10

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 07:33:54 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 07:33:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [160.187.143.98] (port=40560 helo=roob.crystalcorex.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXHao-00000000LHe-47aj

for root@nl2k.ab.ca;

Wed, 10 Jun 2026 05:59:44 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=rimaugroup.co.id; s=default; h=Content-Transfer-Encoding:Content-Type:

MIME-Version:Message-ID:Date:Subject:To:From:Reply-To:Sender:Cc:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=ezTyp9dJKStRIfNBj+icmouDCGqSfrzazmnhrFjF1qw=; b=Gc2lax+gwr0eqnJZG/mXBMHTTY

PlcrAL/LdI0iIw4Z+Hu/oshUKRZbXUXjRMuF4TEYGW8oey3pykMw2mwUBm+CHGmRt+22C9V2Y3fC2

bvJysyKRhvbeoDqF1mh9usK8MgdzOpc/WgAr6uRcbNWcczWI12rw7KYTyJEcuCmkgiyS7ShoaUgQ3

PW7x8NiWy1GoCsIC0z/e/6SHZ1kjNVgKEN/TTbCOAQUbu8bOw/hirLtfOmBzSYIVXDXqekq8ueYup

rzBQJC5t8N4sA/bsUaOp39SMwN+rnvHucp+7gNhmxvIG/LPTo5GPGQ1qY5ovU6GJSezCFpi4N5Q9Z

t0c1oKdg==;

Received: from [38.255.61.36] (port=49469 helo=rdcpharm.com)

by server.rimaugroup.co.id with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.4)

(envelope-from )

id 1wUMpD-0000000A76T-0PZ9

for root@nl2k.ab.ca;

Tue, 02 Jun 2026 16:28:22 +0530

Reply-To: raschidmario1@gmail.com

From: "Mr. Mario Raschid"

To: root@nl2k.ab.ca

Subject: Investment Project Venture

Date: 02 Jun 2026 12:58:20 +0200

Message-ID: <20260602125819.ECBCA509BE54A9F1@rdcpharm.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server.rimaugroup.co.id

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - rdcpharm.com

X-Get-Message-Sender-Via: server.rimaugroup.co.id: authenticated_id: sherma.yunita@rimaugroup.co.id

X-Authenticated-Sender: server.rimaugroup.co.id: sherma.yunita@rimaugroup.co.id

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 16.0

X-Spam_score_int: 160

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Saudi Aramco Ventures. Al-Midra Tower, 11th Floor, West Wing,

Dhahran 31311 Kingdom of Saudi Arabia Greetings,



Content analysis details: (16.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[38.255.61.36 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

[160.187.143.98 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[160.187.143.98 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

[38.255.61.36 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[160.187.143.98 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[38.255.61.36 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[160.187.143.98 listed in bb.barracudacentral.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[160.187.143.98 listed in bl.score.senderscore.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[raschidmario1(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 HK_NAME_MR_MRS No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.0 MIXED_HREF_CASE Has href in mixed case

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

0.0 FROM_MISSPACED From: missing whitespace

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

Subject: {SPAM?} Investment Project Venture









Saudi Aramco Ventures.
Al-Midra Tower, 11th Floor, West Wing,
Dhah=

ran 31311 Kingdom of Saudi Arabia



Greetings,



I hope this message finds you well.



I am writing to explore the possibility of a mutually beneficial busines=

s collaboration with your esteemed organization. We have identified a poten=

tially lucrative opportunity and would like to inquire whether you would be=

interested in acting as an agent partner in managing related business cont=

racts.



If this opportunity aligns with your interests, we would appreciate the =

chance to discuss it further.



For further information please feel free to contact me directly via emai=

l: raschidmario1@gmail.com
P>

Sincerely,
Mr. Mario Raschid,
Director of Sales/Business Developme=

nt
Saudi Aramco Ventures
Website:
om">https://aramcoventures.com



 



Paypal Bitcoin Phishing from Microsoft Outlook Part 3

Posted by Dave Yadallee on
Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:4 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:338:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.20.59 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

1.0 HK_RANDOM_FROM From username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.20.59 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.1 TW_RW BODY: Odd Letter Triples with RW

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

0.1 TO_IN_SUBJ To address is in Subject

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.20.59 listed in wl.mailspike.net]

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Payment_Confirmation_=2D_Your_Bitcoin_Order?=

=?UTF-8?Q?_Is_Being_Verified_=40_ut_9=2E_j=C3=BAn_2026_=28cynthiaperez389903=40gro?=

=?UTF-8?Q?ups=2Eoutlook=2Ecom=29?=



Paypal Bitcoin Phishing from Microsoft Outlook Part 4

Posted by Dave Yadallee on


Haresasz Nxysarwsa has invited you to Payment Confirmation – Your Bitcoin Order Is Being Verified

Title: Payment Confirmation – Your Bitcoin Order Is Being Verified

When: June 9, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,



This is to confirm that we have successfully received your PayPal payment for your recent Bitcoin (BTC) purchase request.



Transaction Details:



Payment Method: PayPal

Purchase Type: Bitcoin (BTC)

Amount Charged: $750.00

Current Status: Verification in Progress



Your order is currently undergoing routine security and compliance checks. Once verification is complete, the Bitcoin purchase will be finalized automatically.



If you did not authorize this transaction, please contact our support team immediately at +1 805 424 9350.



Sincerely,

Payment Verification Team

Attendees:



cynthiaperez389903@groups.outlook.com



Payment Confirmation – Your Bitcoin Order Is Being Verified

Dear Customer, This is to confirm that we have successfully received your PayPal payment for your recent Bitcoin (BTC) purchase request. Transaction Details: Payment Method: PayPal Purchase Type: B



Dear Customer,



This is to confirm that we have successfully received your PayPal payment for your recent Bitcoin (BTC) purchase request.



Transaction Details:



Payment Method: PayPal

Purchase Type: Bitcoin (BTC)

Amount Charged: $750.00

Current Status: Verification in Progress



Your order is currently undergoing routine security and compliance checks. Once verification is complete, the Bitcoin purchase will be finalized automatically.



If you did not authorize this transaction, please contact our support team immediately at +1 805 424 9350.



Sincerely,

Payment Verification Team

Kedy

utorok 9. jún 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Paypal Bitcoin Phishing from Microsoft Outlook Part 2

Posted by Dave Yadallee on
X-Microsoft-Antispam-Message-Info:

=?utf-8?B?Y0FhUEFKR040VG1LUVA2U2loS3ZIVllZTkN4RUhUNGtaVkJsVWRIQzk2RW14?=

=?utf-8?B?Z1ZpenJBYjR5enVyV2JENWtNUEVSdlVJUExJNGFGU3ROcUZkazZ4bWRQNmc5?=

=?utf-8?B?cFJ2dkcvSlpuZXBzam8yOW9WajZnbnpsdU5FVG1nN0RXMVk3dEgwd2hlcEpu?=

=?utf-8?B?NnNJZmtDRDBRalhRbXkvSnRPMlFrdUpTM2xqbTQwdU96WWE3R0tnNDlzRGd4?=

=?utf-8?B?WkN6NHRqSU4vWnUzbHhGVXc2WFluSmpRZlkzOGdEckRPRHB1SzludU5FeG1D?=

=?utf-8?B?cURWbFF3QUZpMG9BZzVidDU1K2xRa1lvaEZTcWttSmR0WDNjSmhGY1l0cmRF?=

=?utf-8?B?elhzQzJBWDgyZDFiMmd2Q3JBSXM4RHR4ZmdaeTczQ2N5eG1zOVdPbUJBMXlW?=

=?utf-8?B?YmYvSnVuNmxranBOVGtid3pXUFZYR1ZKRDFzZ3cvRmZHVTE4NTVFdHUyY2Vm?=

=?utf-8?B?UGEwalM4NUpJdGptTjQ4aGI1VThKblM2cGFTSk5FV2hFUWN0aGtqZnhjSlBh?=

=?utf-8?B?TzNQM0RCcXNOSEl3ZlFjZWhOVm5rOG9zdVpaS010d1BTOVlQYWE5Rnd3ajVC?=

=?utf-8?B?N1VWdTFQQThnMWFMZEpMVFEyUWhNN2lSWmtuVDNEcm9ZZnRCd2ppZFVtcGpV?=

=?utf-8?B?cVd1REswMUZ6MXZFcUJReEFHQThpdmNNOVNaQ0V3a2FUZmw1VW1sVFRReGY5?=

=?utf-8?B?SlN5a25qTWZsNm5VT1J2YzNlbHZNV3lScVNPVGdZZ21uUVFBeG8yVGZqa25s?=

=?utf-8?B?T0c3L1NDUCtnZXlZTDJFUm05MGdwaCtGUDhRNG9XM09NR3A0L3UwWU9QZmhk?=

=?utf-8?B?bFpjUUIyYlVUWk9VUG51Yyt1ZGlNNXhUd3V1OEtXazZxVW04QXA1dUVTYkJo?=

=?utf-8?B?RFdGeW1kcW83U3F6U0FpbkhVbmN2MXdSZzFKUEN6QWNROGZhdVRoMTJMaTYw?=

=?utf-8?B?Mys5RUVjbDNNTEh3dHF5dUlDbkFvTmFiTk44Qld0S3RpZjRIWDVVME5nNkI3?=

=?utf-8?B?V3JxMGUxSWduSlhuZm5HVENHSjBna05GVzRBY2tBK0NOL2N2TmdjYndUVWxy?=

=?utf-8?B?Q1haUm1WcXNnMUQ4VEpEdjlMY1pvVkNIMERLa3UxYlk2RUJ3Nkx5ZmVsdUVI?=

=?utf-8?B?ak50S0svTHVVZjFDM2Z1RU94YU0yMVVUaW5DWVNMUGpVTjNHSzFCekkvRURm?=

=?utf-8?B?K3grOG1TcCtQdjkvWWtzak81cnhQZVVaQlQwSTdlL21raGpSTFVnS2lEWllr?=

=?utf-8?B?dzRSNzVIZGNRUzNaR3RjWHVGUHhkLysyQ3lBOTVJWjgrd1RDTS9RWEZQN2dm?=

=?utf-8?B?WXBVcGNySnhFVThROGNIS1BYQjlJVm5rb3JCeHV1Q1NpQXBOTW80Slg1S2pV?=

=?utf-8?B?UnpBcHZZa3gzcEtnRCsrVmllamRJSU55QmZLRlZ4QSswUHNlUzhoQkptcWtH?=

=?utf-8?B?TjN6UlNvK0RGYlgyYXdESFVLMmlWbXpYMFVFUFdlaGxsRDhuaVlYRlgxU3VW?=

=?utf-8?B?c25DZkk5cVRVYjhaU0FJb3U5Vlp0ck1EYlh5WU5EVldzMForTnEvVVJZMWxL?=

=?utf-8?B?UjVZdnBjbkFaaElIeEdsS3pqaGp6WjEwT0pUNmhvUDJpSGMya0IyOGpPd3Vj?=

=?utf-8?B?M2VMZFRHVVhPenNlRG0zME5FcXp6b3ZnQWJEVFNLcEFYZHVVV3RGRk52d0gy?=

=?utf-8?B?UVVaaEhmWmdKK005NzJMTytWeWlKL0lnTS93ZHlYd0szVUNhSEUyYWdEQW04?=

=?utf-8?B?TzNvOCtzUEFrdGh4eGFYNjM3ZGtpRzBLRVZtaEpyYndIaFRMb2RwQkhjYUFW?=

=?utf-8?B?RDltUnNmTEhlVTJSMS8vVDYxMHB3Q0pkZndvYm8wTjRxQmcvRmpLTWxUbkhZ?=

=?utf-8?B?WXRzVTJ2NGMwQnBobDVPRlhKTVZlYk1qOTNLNVV3SXEyT2E4UndQd21vUWk1?=

=?utf-8?B?SHo3ak5TTzFEd0cydWhldGZuTXdYczdvYWlNbXFRSGdYT016WXZWQ08xWml5?=

=?utf-8?B?aTUrczF0b0N5cit1RDFWY0xxc3pjK3U0TG1MV1hXOHBjNmlYU3FoMWgwaWJX?=

=?utf-8?B?K08vTkpXZlNZZ3BmTUtqQUEyanloQ3ExdC95QmtsZ29NNHl1VkVKU2dhRnlz?=

=?utf-8?B?dEc1MmRGL1BGcnNhcWZkbm1BZnpzMTZud09tK002Uzl4WSt4VXZNa0lVN0ZG?=

=?utf-8?B?djMrK1cyYTdLN29XNEZ0dmh5bUxhSTNEbWFxb3orZ2lKK0RTTHMwcmZwQ1NV?=

=?utf-8?B?MHQyc1RQWVQ4UWNsaFBWTURncFUxb2k2dU1scHdtZ2Y4MTdLN0lZTy9wMDh4?=

=?utf-8?B?bm8vOTc1K3ZTaFVxZFFlTmY0OHBTUVRMOWcyMk5sRTNQYUQ2eEZFVWY3T3hr?=

=?utf-8?B?bEp1NXBEei9yTkI3Q3dTNzZWTm1STzhLV3QxeG1Ydnhtd3BuNG5WMG5BMnhw?=

=?utf-8?B?VGFFZHRZYU02K3pWSFpUZWZPdGV1VFJCQ3F5T2poTVdOYkNnQjFhUEJ5MjYx?=

=?utf-8?B?VW5mRVQwaDVSYk1sT3hPZTV3eHppQUVoQ3FUcjN6S3IrVG1kNFNlQU1tRkdt?=

=?utf-8?B?MFNtOFpseEkvZ0ZCTUFSQU02THpLclNhMUtERmlzdjUxNysrbUovOHFkNTh2?=

=?utf-8?B?MWoyQkxBWjBYRGFjTldsK0pXVmJPck5BUXF4cW1oK29hY2Y0bk1RWlBtM0Iv?=

=?utf-8?B?clVleXBvdWE4UmZySXhzekdCbGZFdFpFK1pRQlRiKzM4L2l3MGQvUzdnVCt3?=

=?utf-8?B?Ulh6SDJLNStZdUNWU1dGb2ZYc3Z4VjRPa3lXU2duTWZQdW9OSWRSWEFHeTJs?=

=?utf-8?B?YlppVDNmc1ViZEl4WmpwY1R3ZjhiUWZQZTIwWkNXVm9tdkd3QlU0S1FodGY5?=

=?utf-8?B?czRiZ0pISEtJNDJFZXlVL3pRTGRuRTdiVHdCMWVCZDJZNEl4TktRQzJLZDNa?=

=?utf-8?B?ZDBDLzNLSkxIQXZWL0lYMWFGRWIzQ2JNYnJSWDA1d2V2YkFqUUZhcmVWRHpm?=

=?utf-8?B?UGZlMWxaMjVaOW5SNzQ4NThsV2RHNjY0YktLWDlvMzByK2RramhZUkhZdzBL?=

=?utf-8?B?S09GeGkvK2EyVmhKMlNqT2ZsaVNZVTNFb3BXTFJmY0wxdjdJZVZ6SkdEQ3I1?=

=?utf-8?B?UlRzQzJabURydGxQZ3FTcGZ3R2tpSTZlQlZibzBURzlGbGRLTnAyWW96VEpK?=

=?utf-8?B?blRtVnVUUmVGNUxIZlZPaTNkM3dxSXIzdGFZM2E4dmdPYlZNd1haODFFaGh0?=

=?utf-8?B?bmlXd2c9PQ==?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 16:09:43.5726

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f5632051-3a3f-486b-14ef-08dec64184c9

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF00000205.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV9PR18MB927589

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Payment Confirmation – Your Bitcoin Order Is Being Verified

utorok 9. jún 2026 Dear Customer, This is to confirm that we have successfully

received your PayPal payment for your recent Bitcoin (BTC) purchase request.



Paypal Bitcoin Phishing from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 09 Jun 2026 14:14:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wX2pM-000000008Jz-3ZZB

for dave@doctor.nl2k.ab.ca;

Tue, 09 Jun 2026 14:13:36 -0600

Resent-From: The Doctor

Resent-Date: Tue, 9 Jun 2026 14:13:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-northcentralusazlp17013059.outbound.protection.outlook.com ([40.93.20.59]:36351 helo=CH4PR04CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wWz2L-00000000Mzm-1z9q

for doctor@doctor.nl2k.ab.ca;

Tue, 09 Jun 2026 10:10:57 -0600

Received: from SJ0PR03CA0161.namprd03.prod.outlook.com (2603:10b6:a03:338::16)

by LV9PR18MB927589.namprd18.prod.outlook.com (2603:10b6:408:376::24) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.10; Tue, 9 Jun 2026

16:09:43 +0000

Received: from SJ5PEPF00000205.namprd05.prod.outlook.com

(2603:10b6:a03:338::4) by SJ0PR03CA0161.outlook.office365.com

(2603:10b6:a03:338::16) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.92.13 via Frontend Transport; Tue, 9

Jun 2026 16:09:43 +0000

Authentication-Results: spf=pass (sender IP is 209.85.128.69)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.128.69 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.128.69; helo=mail-wm1-f69.google.com; pr=C

Received: from mail-wm1-f69.google.com (209.85.128.69) by

SJ5PEPF00000205.mail.protection.outlook.com (10.167.244.38) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.113.7

via Frontend Transport; Tue, 9 Jun 2026 16:09:43 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:25E206E7EFFC06789889CF8D86B6964DFEE09EA908D2C89631F8CA767E6F9F15;UpperCasedChecksum:BD9ADE5EE704C0427FE424ECDF6BE331E32665AF02722F5BC1C8778369E2571B;SizeAsReceived:3419;Count:15

Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-490c4f61a34so26033535e9.2

for ; Tue, 09 Jun 2026 09:09:43 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1781021382; x=1781626182; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=3gsPOXFxVkVry+97oF/DtoS3xmb1+/434RuDnz6KWwU=;

b=qHKWfW6ZXpSimhCwbftv4xr/rqGg098TGoNW3GNKhTY6qLkiGn8Uqk9cepSh8ZMLX0

52KVgfLKwHMTk+Tv5lK3xlFN1DtqieGG2sX7g7ASOQ2z97wyy4h2keI8j8hbWKWr4CtH

40BLeYHFQy5fwWzLVmttgnRua7FmDbTK275U5J9oo6MVXujlQy4hcWsPkAajgGk9rMPD

vi696C4q6fQ/b5kjR5VQvoWBlj4OV13c1aAIokCEdNvZtvutW3R47uhTYNh5XQQmVfef

61VkXqQL3zn1WsNiUzZX8Q3Fw1laGTYNQD33rFP6gWx6nRg+9+0VJruFBnB+E9bIYi+3

5LmA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781021382; x=1781626182; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=3gsPOXFxVkVry+97oF/DtoS3xmb1+/434RuDnz6KWwU=;

b=dItvbUxLcD9s9giosS0mgrmC50efZ164QIyIAOVSn99uoHu8oFpaaUwXDUkD1egJ6K

kFxsTfA/FfrxVi0/48vm2Un1Ba2RaYxWWPGY2e6Gxh2+9jKQtJWJTyCemWM26ekcJ6KF

iZFxQGy031BdO1NsK9pw6UgqxzQVHUirYH4f9lgDD6BcyQn9Ccqivmxxb5uKcfSQbgX/

COIL6FfzAPjcaKJl4Vkvg3aqgy7WOsIBdADPgZgCr2SBd1/M+Mf+bKmLUq+zxUf1h4ZJ

909KyIKJFQirXeLYImL4MjKbEJN7SX6HZpKKNvggkEWOTHk0cO5/JUhEGkYpin/25Stz

2AZg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781021382; x=1781626182;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=3gsPOXFxVkVry+97oF/DtoS3xmb1+/434RuDnz6KWwU=;

b=rhNR/7SMCSo9kH+hhSRcNqZaXKSM0PFaJ0HckxNGRDAG5ycBo0Rxf9IQZ0qzisj96w

F8PFJQwTkmuBMv1E3BpNS4R6a2sk1N3LMCaFIxuDND+/IqFI4h6w5rAD5+q7SKTctzDo

OhA3ifMViHavXDpbMZD3ikepRk1+fShPRLz2PLQ/MK/1irjM1KVj8zVorLo5sdLTB27H

e/pZBJ4q77Vr2vtcnfqwY/uLay+aRid3iAyGMeunFrErcvE2nOfTmvkTCPcX612J4FUw

bBjYdJqJD+JLNbBRKIIUsizOCy9fJvGuFx7JP7KwSD6aKcupzhovSAIgwA60o8DG8xIe

a78w==

X-Gm-Message-State: AOJu0YzrTVfivXnWWlGg+DGIWB2nHkj/rHLwbyR1HnrW0sEqKxmHMR+q

WfKNZpOiWbvtell7zswSZbifzD/5vym2vRbDJGMkci1CjsI9mHHGR+9PQ+ooK9Qs52U4qlUKKjY

w1Ps37DUV4rPwvLOtQPAUhSTabQZqyJf7mU8=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:c491:b0:490:bb44:3f8b with SMTP id

5b1f17b1804b1-490c2605385mr349204085e9.17.1781021381628; Tue, 09 Jun 2026

09:09:41 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Tue, 09 Jun 2026 16:09:41 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Payment_Confirmation_=2D_Your_Bitcoin_Order?=

=?UTF-8?Q?_Is_Being_Verified_=40_ut_9=2E_j=C3=BAn_2026_=28cynthiaperez389903=40gro?=

=?UTF-8?Q?ups=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="000000000000ca1c610653d45a01"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: SJ5PEPF00000205:EE_|LV9PR18MB927589:EE_

X-MS-Office365-Filtering-Correlation-Id: f5632051-3a3f-486b-14ef-08dec64184c9

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.128.69

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|9020799019|9000799056|29080799009|16200799027|9400799043|4040799016|970799063|34130799006|32020799003|3151999006|26000799027|6149299003|26130799012|22000799015|24102599021|5139299004|1680799066|6092099016|26104999009|21002599022;

Microsoft Teams phish Part 2

Posted by Dave Yadallee on



: rgb(50, 49, 48); line-height: 1.5; font-size: 14px;">A client has shared =

a business plan with you via Microsoft SharePoint.




adius: 8px; border: 1px solid rgb(237, 235, 233); border-image: none; width=

: 100%;" cellspacing=3D"0" cellpadding=3D"0">












adding: 14px;">


ellspacing=3D"0" cellpadding=3D"0">
















=3D"middle" style=3D"margin: 0px; width: 44px;">
=3D"margin: 0px; padding-left: 12px;">




yle=3D"color: rgb(96, 94, 92); font-size: 12px; margin-top: 4px;">Business =

document • Shared via Microsoft SharePoint



yle=3D"color: rgb(138, 136, 134); margin-top: 6px;">A client has shared thi=

s file with you
=3D"right" style=3D"margin: 0px; color: rgb(96, 94, 92);">Shared





: rgb(50, 49, 48); font-size: 14px;">This file is attached to this email.
p>


r: rgb(50, 49, 48); font-size: 14px;">Please open the attachment to view th=

e document. If access is required, contact your administrator.




one; border-color: rgb(237, 235, 233) currentColor currentColor; margin: 24=

px 0px; border-right-width: medium; border-bottom-width: medium; border-lef=

t-width: medium;">


94, 92); font-size: 12px;">You are receiving this notification as a member=

of the nk.ca Teams workspace.

; margin: 0px; padding: 16px 24px; text-align: center; color: rgb(96, 94, 9=

2); font-size: 12px;">© Microsoft Corporation
This is an automated =

message. Please do not reply.