NetKnow Corporate Blog

TD Direct Investing Phishing

Posted by Dave Yadallee on Saturday, December 6. 2025

Too huge to post at this time. Detail at spamcop

Credential phishing from Google Content

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXoP-0000000064f-3UBR

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:37 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:37 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:26133)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV2G-00000000G8g-0q5Y

for root@nk.ca;

Fri, 05 Dec 2025 05:35:53 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:23 -0500

From: IT REPORT

To:

Subject: root@nk.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:22 +0000

Message-ID: <20251205123422.833152265F4C597D@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E1-VA-3.exch092.serverpod.net (10.217.23.132) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: root@nk.ca Your Password Has Expired ACCOUNT SECURITY NOTICE

Your account password has expired and must be updated to restore full access

to your services. Please change /Keep your password as soon as possible to

maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} root@nk.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

root@nk.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

mily: Tahoma, Geneva, Verdana, sans-serif; font-size: 0.9em;">

Your account password has expired and must be updated to restore full acces=

s to your services.=20=20

Please change /Keep your password as soon as possible to maintain unin=

terrupted access and ensure your account’s security.

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

28, 28); border-image: none;" bgcolor=3D"#1c1c1c">

, sans-serif; font-size: 14px; text-decoration: underline;" href=3D"https:/=

/accounts.google.com/o/oauth2/v2/auth?client_id=3D717638730886-a8j6u6r4f6sp=

ga6k1mdpd6fl8n7aodds.apps.googleusercontent.com&redirect_uri=3Dhttps%3A=

%2F%2Falexandrefontouraimoveis.com.br%2Fred2%2F&response_type=3Dcode&am=

p;scope=3Demail%20profile%20openid&access_type=3Doffline&prompt=3Dn=

one#root@nk.ca">

Change / keep Password

Credential phishing from Google Gmail

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXoI-000000005fF-0fTV

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:30 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:30 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23888)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1k-00000000G6w-3TEG

for bin@nl2k.ab.ca;

Fri, 05 Dec 2025 05:35:26 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:20 -0500

From: IT REPORT

To:

Subject: bin@nl2k.ab.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:20 +0000

Message-ID: <20251205123420.C950D4B72697981D@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E1-VA-9.exch092.serverpod.net (10.217.23.182) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: bin@nl2k.ab.ca Your Password Has Expired ACCOUNT SECURITY

NOTICE Your account password has expired and must be updated to restore full

access to your services. Please change /Keep your password as soon as possible

to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} bin@nl2k.ab.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

bin@nl2k.ab.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing from Google Gmail

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXoB-000000005K5-0p9v

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:23 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:23 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23752)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1w-00000000G6p-0Djj

for root@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 05:35:27 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:19 -0500

From: IT REPORT

To:

Subject: root@doctor.nl2k.ab.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:19 +0000

Message-ID: <20251205123419.EFAA31A232A8B07D@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E1-VA-8.exch092.serverpod.net (10.217.23.180) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: root@doctor.nl2k.ab.ca Your Password Has Expired ACCOUNT

SECURITY NOTICE Your account password has expired and must be updated to restore

full access to your services. Please change /Keep your password as soon as

possible to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} root@doctor.nl2k.ab.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

root@doctor.nl2k.ab.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing from Google Gmail

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXnz-000000004kG-2ivt

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:11 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:11 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23791)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1k-00000000G6r-3S1s

for sales@nk.ca;

Fri, 05 Dec 2025 05:35:26 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:19 -0500

From: IT REPORT

To:

Subject: sales@nk.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:18 +0000

Message-ID: <20251205123418.2902F90C96FF3DEE@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E6-VA-5.exch092.serverpod.net (10.217.23.196) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: sales@nk.ca Your Password Has Expired ACCOUNT SECURITY NOTICE

Your account password has expired and must be updated to restore full access

to your services. Please change /Keep your password as soon as possible to

maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} sales@nk.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

sales@nk.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing from Google Gmail

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXo3-000000004yL-3tEA

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:15 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:15 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23787)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1k-00000000G6q-3TCH

for doctor@netknow.ca;

Fri, 05 Dec 2025 05:35:23 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:18 -0500

From: IT REPORT

To:

Subject: doctor@netknow.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:18 +0000

Message-ID: <20251205123418.AC53F1C696BA3FCC@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E6-VA-1.exch092.serverpod.net (10.217.23.188) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: doctor@netknow.ca Your Password Has Expired ACCOUNT SECURITY

NOTICE Your account password has expired and must be updated to restore full

access to your services. Please change /Keep your password as soon as possible

to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} doctor@netknow.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

doctor@netknow.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing from Google Gmail

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXo3-000000004yL-3tEA

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:15 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:15 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23787)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1k-00000000G6q-3TCH

for doctor@netknow.ca;

Fri, 05 Dec 2025 05:35:23 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:18 -0500

From: IT REPORT

To:

Subject: doctor@netknow.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:18 +0000

Message-ID: <20251205123418.AC53F1C696BA3FCC@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E6-VA-1.exch092.serverpod.net (10.217.23.188) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: doctor@netknow.ca Your Password Has Expired ACCOUNT SECURITY

NOTICE Your account password has expired and must be updated to restore full

access to your services. Please change /Keep your password as soon as possible

to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} doctor@netknow.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

doctor@netknow.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXnv-000000004Wd-0Lkm

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:33:07 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:33:06 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out.exch092.serverdata.net ([64.78.27.158]:23752)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV1k-00000000G6p-3Rut

for doctor@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 05:35:23 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:17 -0500

From: IT REPORT

To:

Subject: doctor@doctor.nl2k.ab.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:17 +0000

Message-ID: <20251205123417.54C7A9D78743694D@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E1-VA-10.exch092.serverpod.net (10.217.23.184) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: doctor@doctor.nl2k.ab.ca Your Password Has Expired ACCOUNT

SECURITY NOTICE Your account password has expired and must be updated to

restore full access to your services. Please change /Keep your password as

soon as possible to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[64.78.27.158 listed in dnsbl.ahbl.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} doctor@doctor.nl2k.ab.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

doctor@doctor.nl2k.ab.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Credential phishing

Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 05:36:00 -0700

Received: from out.exch092.serverdata.net ([64.78.27.158]:25835)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRV2G-00000000G8X-1DuP

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 05:35:53 -0700

Received: from 238.216.106.34.bc.googleusercontent.com (34.106.216.238) by

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.2562.29; Fri, 5 Dec 2025 07:34:18 -0500

From: IT REPORT

To:

Subject: dave@doctor.nl2k.ab.ca You have Received New Document

Date: Fri, 5 Dec 2025 12:34:17 +0000

Message-ID: <20251205123417.98FBB131FDE8DA60@hfu239.hostpilot.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Originating-IP: [34.106.216.238]

X-ClientProxiedBy: MBX092-E6-VA-5.exch092.serverpod.net (10.217.23.196) To

MBX092-E1-VA-7.exch092.serverpod.net (10.217.23.178)

X-Spam_score: 11.7

X-Spam_score_int: 117

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: dave@doctor.nl2k.ab.ca Your Password Has Expired ACCOUNT

SECURITY NOTICE Your account password has expired and must be updated to restore

full access to your services. Please change /Keep your password as soon as

possible to maintain uninterrupted access and ensure your ac [...]

Content analysis details: (11.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[34.106.216.238 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

[64.78.27.158 listed in will-spam-for-food.eu.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[64.78.27.158 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[34.106.216.238 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

[64.78.27.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.106.216.238 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.0 RECEIVED_MULTICAST A multicast IP adress appears in Received header

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

Subject: {SPAM?} dave@doctor.nl2k.ab.ca You have Received New Document

ne; text-align: left; font-family: Calibri, Helvetica, sans-serif; font-siz=

e: 16px; background-color: rgb(255, 255, 255);" border=3D"0" cellspacing=3D=

"0" cellpadding=3D"0">

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

28, 28, 28); border-top-width: 4px; border-top-style: solid;">

dave@doctor.nl2k.ab.ca

Your Password Has Expired

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

a" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">

spacing=3D"0" cellpadding=3D"0">

Chinese products spam Part 3

Posted by Dave Yadallee on Saturday, December 6. 2025

border-left-width: 1px;border-left-color: windowtext;border-right-width: 1px;b=

order-right-color: windowtext;border-top: none;border-bottom-width: 1px;border=

-bottom-color: windowtext" valign=3D"top" width=3D"391">

-family:arial, helvetica, sans-serif">1. Our team possesses e=

xtensive experience in
6, 240);">molding simulation analysis, enabling us to =

anticipate potential questions in injection molding and shorten the mold mass =

production cycle.

ns-serif">2. We provide mold material and
">FAI reports to ensure mold quality.

=3D"font-family:arial, helvetica, sans-serif">3. We offer assistance in the de=

velopment of plastic products, rationally setting the number of mold cavities =

to save costs=

.

-width: 1px;border-left-color: windowtext;border-right-width: 1px;border-right=

-color: windowtext;border-top: none;border-bottom-width: 1px;border-bottom-col=

or: windowtext" valign=3D"top" width=3D"177">

an style=3D"font-size: 15px;font-family:arial, helvetica, sans-serif">Certific=

ates

: 1px;border-left-color: windowtext;border-right-width: 1px;border-right-color=

: windowtext;border-top: none;border-bottom-width: 1px;border-bottom-color: wi=

ndowtext" valign=3D"top" width=3D"391">

0); font-size: 15px;">
s-serif">IATF16949,ISO13485,ISO9001

d style=3D"width: 177px;padding: 0 7px;border-left-width: 1px;border-left-colo=

r: windowtext;border-right-width: 1px;border-right-color: windowtext;border-to=

p: none;border-bottom-width: 1px;border-bottom-color: windowtext" valign=3D"to=

p" width=3D"177">

font-family:arial, helvetica, sans-serif">Fast delivery of molds

d>
color: windowtext;border-right-width: 1px;border-right-color: windowtext;borde=

r-top: none;border-bottom-width: 1px;border-bottom-color: windowtext" valign=3D=

"top" width=3D"391">

">The shortest mold development cycle is
an>15
g> days.

tr>
left-color: windowtext;border-right-width: 1px;border-right-color: windowtext;=

border-top: none;border-bottom-width: 1px;border-bottom-color: windowtext" val=

ign=3D"top" width=3D"177">

helvetica, sans-serif">

-family:arial, helvetica, sans-serif">

ize: 15px;font-family:arial, helvetica, sans-serif">Over 30 years of rich expe=

rience in mold making

border-left-width: 1px;border-left-color: windowtext;border-right-width: 1px;b=

order-right-color: windowtext;border-top: none;border-bottom-width: 1px;border=

-bottom-color: windowtext" valign=3D"top" width=3D"391">

-family:arial, helvetica, sans-serif">
0000;">1.&nbs=

p;ins=

ert molds.=

"font-size: 15px;color:#000000">2.
); font-size: 15px;">
-size: 15px;">Over&nb=

sp;molds.

s-serif">3.
"color: rgb(0, 176, 240); font-size: 15px;">
rgb(0, 176, 240); font-size: 15px;">2K
font-size: 15px;"> molds.

arial, helvetica, sans-serif">4.=

=

Deep<=

span style=3D"color: rgb(0, 176, 240); font-size: 15px;">-
"color: rgb(0, 176, 240); font-size: 15px;">cavity
"font-size: 15px;"> molds.=

tyle=3D"font-size: 15px;">5. &nbs=

p;M
span>ulti-cavity
an> molds
font-size: 15px;">.

etica, sans-serif">6.
le=3D"">
b(0, 176, 240); font-size: 15px;">T
0); font-size: 15px;">hin-walled
;"> product molds
>.

=AE=8B=E4=BD=93;font-size:15pxfont-family:Arial">
load.cc/i1/2025/11/06/o8Bvis.jpg"/>

nt-size:15px">We offer
6,240);font-size:15px">high-quality molds as alternatives to European =

and American=

-family:Arial">standard
">.

n>
Do you have any ong=

oing projects that need free technical support recently?

tyle=3D";font-family:Arial;font-size:15px">We=E2=80=99re ready to show you our=

factory strength via video anytime.

Arial;font-size:15px">

nt-size:15px">Looking forward to your reply!

-family:Arial;font-size:15px">Best regards
=AE=8B=E4=BD=93;font-size:15pxfont-family:Arial">.

";font-family:=E5=AE=8B=E4=BD=93;font-size:15pxfont-family:Arial">
=

y:Arial">Loogle

nt-size:15pxfont-family:Arial">

Arial;font-size:15px">Tianjin Xuansheng Technology Co., Ltd
";font-family:=E5=AE=8B=E4=BD=93;font-size:15pxfont-family:Arial">.
=

style=3D";font-family:Arial;font-size:15px">

;font-family:Arial;font-size:15px">

Categories: Chinese Phish Spam

0 Comments

Chinese products spam Part 2
Posted by Dave Yadallee on Saturday, December 6. 2025

t-size: 15px;">Hello My Friend,
span>

"font-family:arial, helvetica, sans-serif">
r/>

etica, sans-serif">Have a nice day !

ze: 15px;font-family:arial, helvetica, sans-serif">

yle=3D"font-family:arial, helvetica, sans-serif">
x;">I=E2=80=99m sales manager Loogle
span> from Taiwan-funded TXS. Our compan=

y has accumulated experience in making

"font-family:arial, helvetica, sans-serif">ov=

er 3,000 sets of injecti=

on molds. Our molds are exported to Germany, the United States,
span>

le=3D"font-size: 15px;">Canada and many other countries.
<=

span style=3D"font-family:arial, helvetica, sans-serif">
ze: 15px;">

ca, sans-serif">

yle=3D"font-family:arial, helvetica, sans-serif">
x;">TXS specialize in precision p=

roduct collaborative development, and mold R&D & manufacturing. Additi=

onally.

e=3D"font-family:arial, helvetica, sans-serif">
">

t-size:15pxfont-family:Arial">

cing=3D"0" border=3D"1">
r>

rder-width: 1px;border-color: windowtext" valign=3D"top" width=3D"177">

e=3D"text-indent:59px">
">Area

px;border-color: windowtext" valign=3D"top" width=3D"391">

nt-family:arial, helvetica, sans-serif">
;">Own factory
nt-size: 15px;"> 25000
5px;">=E3=8E=A1

e=3D"width: 177px;padding: 0 7px;border-left-width: 1px;border-left-color: win=

dowtext;border-right-width: 1px;border-right-color: windowtext;border-top: non=

e;border-bottom-width: 1px;border-bottom-color: windowtext" valign=3D"top" wid=

th=3D"177">

ly:arial, helvetica, sans-serif">

(42, 43, 46); font-size: 15px;font-family:arial, helvetica, sans-serif"> =

tyle=3D"color: rgb(42, 43, 46);">Precision machining and
"color: rgb(42, 43, 46);">inspection
6); font-size: 15px;"> equipment

: 391px;padding: 0 7px;border-left-width: 1px;border-left-color: windowtext;bo=

rder-right-width: 1px;border-right-color: windowtext;border-top: none;border-b=

ottom-width: 1px;border-bottom-color: windowtext" valign=3D"top" width=3D"391"=

>

x">1. World-class
n style=3D"font-size: 15px;"> equipment
5px;"> guaranteed machining accur=

acy 0=

.005
e=3D"font-size: 15px;">mm.

ttom:2px;line-height:21px">
erif">Roders=

, Makino,Agie Charmilles, Mitsubishi....30
size: 15px;"> units in total.

9px">2. Famous b=

rand of mold inspection equipment.

ottom:2px;line-height:21px">
serif">Hexagon
> CMM,
0, 176, 240);">ATOS&n=

bsp;scanner......5 units in total.

argin-bottom:2px;line-height:21px">
, sans-serif">3. More=

than 20=

sets of =

injection molding machines
ize: 15px;"> from
>50-600T
: 15px;">and =

100K
15px;"> grade clean room molding workshop.

le=3D"font-family:=E5=AE=8B=E4=BD=93;font-size:15px">

eft-color: windowtext;border-right-width: 1px;border-right-color: windowtext;b=

order-top: none;border-bottom-width: 1px;border-bottom-color: windowtext" vali=

gn=3D"top" width=3D"177">

-size:15px">

ial, helvetica, sans-serif">Intelligent Management System

tyle=3D"width: 391px;padding: 0 7px;border-left-width: 1px;border-left-color: =

windowtext;border-right-width: 1px;border-right-color: windowtext;border-top: =

none;border-bottom-width: 1px;border-bottom-color: windowtext" valign=3D"top" =

width=3D"391">

n style=3D"font-size: 15px;">1. P=

rofessional <=

strong>on-site
le=3D"">management software to visualize the processing.<=

/p>

font-size: 15px;color:#000000">2.
color:#00b0f0">Semi-automatic electrode processing and inspection syst=

em

0 7px;border-left-width: 1px;border-left-color: windowtext;border-right-width:=

1px;border-right-color: windowtext;border-top: none;border-bottom-width: 1px;=

border-bottom-color: windowtext" valign=3D"top" width=3D"177">

-indent:29px">&n=

bsp;

=8B=E4=BD=93;font-size:15px">

pan style=3D"font-family:=E5=AE=8B=E4=BD=93;font-size:15px">
<=

p style=3D"text-indent:29px">
-serif">Why choose us

Categories: Chinese Phish Spam

0 Comments

Chinese products spam Part 1
Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:33:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXnd-000000003Zu-06C6

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:32:49 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:32:47 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out196-18.us.a.dm.aliyun.com ([47.90.196.18]:23599)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRUt4-00000000FOa-15B3

for doctor@nl2k.ab.ca;

Fri, 05 Dec 2025 05:26:22 -0700

X-AliDM-RcptTo: ZG9jdG9yQG5sMmsuYWIuY2E=

Feedback-ID: default:vip@vip.txs-plastmold.ltd:alibabak_WebBatch:228454

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=dm-fbl.aliyuncs.com; s=feedback;

t=1764937467; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;

bh=DVffF/wLbX7ZWd11gvaMxX8NXjVj5qnS/cQbCWOuU2s=;

b=06pgUHpNdSPgSd1hr5mnUUUPCEQhAaQlECzuo2Gsk68dmJI3U9cxuCCX8I4/CAdKyeNncw1woU0yAA+Eajs/PYfqvX8+lvGyDsBaI6yAYrFxAQthjU/hY95yp2G5iUqCpPPF8mTTXHOui20vx4hepMmI3ZqXSXyt1BWgkPYctSw=

Received: from chitu-hsf(mailfrom:vip@vip.txs-plastmold.ltd fp:ma_600000253107326861 cluster:AY35D)

by smtp.aliyun-inc.com(127.0.0.1);

Fri, 05 Dec 2025 20:23:33 +0800

Date: Fri, 05 Dec 2025 20:23:33 +0800

From: "TXS"

To:

Reply-To:

Message-ID: <76fa9c67-e85a-478c-b181-2b8acbbd38b7@alibaba.com>

Subject: =?UTF-8?B?UHJlY2lzaW9uIGluamVjdGlvbiBtb2xkIHN1cHBsaWVy?=

X-Priority: 3

MIME-Version: 1.0

X-EnvId: 600000253107326862

X-AliDM-Settings: eyJPdXRib3VuZElwIjp7IklwTGlzdCI6W10sIklwUG9vbElkIjoiIn0sIlVuc3Vic2NyaWJlIjp7IkZpbHRlckxldmVsIjoiZGVmYXVsdCIsIkxpbmtUeXBlIjoiZGVmYXVsdCJ9LCJWZXJzaW9uIjoiMS4wIn0=

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 6.7

X-Spam_score_int: 67

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello My Friend, Have a nice day !

Content analysis details: (6.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

[47.90.196.18 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[47.90.196.18 listed in dnsbl.ahbl.org]

[47.90.196.18 listed in dnsbl.ahbl.org]

[47.90.196.18 listed in dnsbl.ahbl.org]

[47.90.196.18 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[47.90.196.18 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[47.90.196.18 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[47.90.196.18 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[47.90.196.18 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[47.90.196.18 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.18 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.18 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[47.90.196.18 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.18 listed in bl.score.senderscore.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.6 J_CHICKENPOX_64 BODY: 6alpha-pock-4alpha

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?UTF-8?B?UHJlY2lzaW9uIGluamVjdGlvbiBtb2xkIHN1cHBsaWVy?=

Categories: Chinese Phish Spam

0 Comments

Web/SEO/App Spam from Microsoft Outlook
Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 08:32:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRXmm-000000001d6-0bDp

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 08:31:56 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 08:31:56 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-francecentralazolkn19013079.outbound.protection.outlook.com ([52.103.46.79]:13755 helo=PA4PR04CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRSZH-0000000040j-28Aa

for sales@nk.ca;

Fri, 05 Dec 2025 02:57:50 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=YX/AHwbE1+z5gSgvWeRQp2mUiDrxhr6yqrEtmsDAdmBsDwLlZFrRlotbhF3HezUSXs1UWWfBk9i4LQ9vB4SS9HcSupX7uYJk8wxjNaH2CzXWZlgLLQA5MVOuHMRvnjWg4/7wH6/kE+FGBcIrVyWx1CKNz4RTQCbKFQRJuUgvBuJXBtfMRTH17UBDxsJGKbtfJJXvIreiGDFmv2P8sRiKYDhbrZJ5cZGsucA+TkAYJ48KWRFIIPPq/HebIisIoQteBEOfoL4sPPDI8dIijtrZNOnguVr6JLH76hRU6WHaShXcn8zXQiWg53BZvXuzwUved+aW3DV2ZhE6QKYG1VZ55Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=xKpIGaN+n4pwq+RkWkCifdKiTVx/5tdfk+noP6A0Vf0=;

b=tItRzBtIKksCUqUt3JWBwu5cNmFtYMLvAugnUSvxdWgiH6nbk1N/HBblYOy3vyyFbGFbWlzYish6+OyGJAhsTwS+8SlBx73pQjzrOam26th7BCrbWXVFvXYyWqyuGG/v7+7KxVOyMAj/ZaDZRzQsSEceqFClTJoQR62SJYz4XOUHZ2+lYVEZnbbzxgAcQQn0uNbn75oVtwD65KEd8m79VS9fmNNr3EMAvHCezIuxc9kpsNc0x1mYqdpqz5bLM6JDy5uWq3dzU8+AupEPL6zzM9J/8DtWtSqcsgD3GlapXpOpPClNiM+uZmt63RDqHjBmyh6w07AaYLqrlNS8cLo1tA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=xKpIGaN+n4pwq+RkWkCifdKiTVx/5tdfk+noP6A0Vf0=;

b=mVxxM1OnquheqamYEtnV+4cJQ6QNq/u9busZ2ojLJQCjG3fb7Hr507vxQe7wmTAi2+odjdgrrUaeZh9gpjSA2HygGFVV4gBmvZgHW3aC6l4jWsPUwZF9vxnV8ogJMQDMNy83zJbPXD+X2xROQbE4/Vh9Eroyr/kwIhCkMZgGclG4bozB1xBwBMCV5RwdUN6/cCgGqlKaP4SfQgpakZ7pawbD6BNJwhKoWklRoPuMPmQFiOa1SwOUn2I+JJJ0JQLbQS9XUS/SksF75snSpsvcUXp6JUZwNkuiOUgEentt9sLeL8gX0g4jqs2J3f+jY+ixFLJ0qA2nKqVtMlANX/THXg==

Received: from DU0P191MB2993.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:5a7::19)

by DB9P191MB2122.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:33c::6) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9388.9; Fri, 5 Dec

2025 09:56:40 +0000

Received: from DU0P191MB2993.EURP191.PROD.OUTLOOK.COM

([fe80::ec:b83:4418:ba80]) by DU0P191MB2993.EURP191.PROD.OUTLOOK.COM

([fe80::ec:b83:4418:ba80%4]) with mapi id 15.20.9388.009; Fri, 5 Dec 2025

09:56:39 +0000

From: Babita Smith

To: "sales@nk.ca"

Subject: Great Results to Your Clients?

Thread-Topic: Great Results to Your Clients?

Thread-Index: AQHcZc1zw7R2y43c9kyoKhehw6p7Yg==

Date: Fri, 5 Dec 2025 09:56:39 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: DU0P191MB2993:EE_|DB9P191MB2122:EE_

x-ms-office365-filtering-correlation-id: 449e4a8b-6746-4b15-1231-08de33e49641

x-ms-exchange-slblob-mailprops:

bHQ38DpbEWAayy1Fxvh9DBw+Uf3/YmUcBeGVd/BSpbssTqd9ek0eReiGAvdeJrfOQb0MYHp1iPdYoC1tt15oX8RQJsDvtCbqv415ThsidAk9JFHY7uyj0OJxAWg0JwGpWJh8daxzyQWK7FfyXDTKo4MSOgiq2Wgl3WqLSHrrfES+nRR5CM1lOANaazSTCXP9QDGH8SDWsWAuI4zlxnoF+tdY/YofL7YnqwGHTxlGN9NKzbA0Nm4/QREWYSfSSTqXZbcJg/nrD/YlqRI9UCDqPacHVY14aSV9eVLjVHqC4dbdsgxRKc/iFBMyLLsQ9SJ8XPo+PprxLwriY5gqjNizmQhw24WyJ2R/I/E4MssBnzn7ACmLFBzfhixxo0OkxYjRfRiDkAZOG+Qp44TVyJUkpYQ22ZNl1w0A99TfSYONQslugjL3XoYVgBlsJwMw+Ms/sDxp8DJz6myOSo/oZHDG8+kjMSILT0wmBIE5kAtIE6mCKShVJPQJe3gWXRHSvLDu+WVlRq7bJZmfYF+ExCEyO+8izFSGR5yXhwxX0WhF+PEFr9tH2pHu3bzBbmMOIvb+Gsd6gfxpcI6MUL7m7n7jHDZaelbHATrd4PFMUAhIJ6wv/VOLvvNkV8m6vfMMDfJsx+gpfyX9RvtQotRpnlsMiCUg66yi6VdVTKQhXUhif8j4Ju//aVASdg==

x-microsoft-antispam:

BCL:0;ARA:14566002|39105399006|38102599003|31061999003|461199028|15080799012|8062599012|8060799015|19110799012|440099028|3412199025|40105399003|102099032;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?AkKk9FZbOh54lSHB4VcW+Q/J/uBrVgqbE4ENyAUFvZwU7D1JD9JE+OoF?=

=?Windows-1252?Q?yGisTbkTOFemxNk0UrG23J9r7+By3etQfmK58DYqDGm3hX3g65cswTxs?=

=?Windows-1252?Q?dOTPSQGrH+UDARoe7KhcevXajAA2SMu08GYOsfjws31pVcNxVHezrn2G?=

=?Windows-1252?Q?0g+AOtFF3U6wRG+yVxtlgcdC1umJOy64gj3qPh/ia7iMMIOtmKelBbw2?=

=?Windows-1252?Q?Fu/9LZV6u01oJ9X/SsJTJKwFKlt2OowS7F9pyLp2ye5fhoZoPSExF+kw?=

=?Windows-1252?Q?rJvsdgOMiTWP0yefXEJlSHZyiiRGXqICmP6uvqE1Kamjb2O4AQD5xIf3?=

=?Windows-1252?Q?DTBAmssG/+gOpwfkiLKjbTt91/O9Wj/YBNmLfeowbGmlNrBvF12B958O?=

=?Windows-1252?Q?pUYS4W1ju/J1j1nkxf6eOx/LsSi1UDOupPRJdOX8w0VZq8iylBTjb/ux?=

=?Windows-1252?Q?/5TRJqep42B35kehW9Q8TQJubd4xU7AGt+BdrVSbtlza4j+IWu7o3/Ey?=

=?Windows-1252?Q?9oFSRouMjFBJcNGlCo8VIH/hfDRUDls9Hj5RmDUAllyuvj9Bh1J/0md3?=

=?Windows-1252?Q?szmbXYyRBOGRmM3X9WxJ+3RjKUQ94/sRq5ntzXTo+90xnulDGcHxiJZb?=

=?Windows-1252?Q?Cva1pTI/dLqITTY4DsCAgK4+T8AkpxUdz6fGFd81AX8tH74km5bfFwKN?=

=?Windows-1252?Q?hRzv8v0qtTktJaI4GTjwoXjYI9JgC6wXhKcfs8z9ZLE8AzZ8xX0u+i00?=

=?Windows-1252?Q?dq86/mmAL+3cGyxllbO7G1Yh5xim/hvJzfkFM1F83nYQipZdKh4Wb5mB?=

=?Windows-1252?Q?uTLPucHr+q727zKEJGZtEG5a9+tjMfpgE2DPsFVJ7Tb48Nc6X+YM3fKu?=

=?Windows-1252?Q?2OFVgjbTZZ3dIEJ/VMEIHAP7n7rkIn2DsbxFs/yHvY8dlY/lBPp+kihk?=

=?Windows-1252?Q?xUthWqA+Tv5onXGuznZjNfh6SpIES6bqZLrK9WJScD5YAZfaYmqwjLzX?=

=?Windows-1252?Q?8/mpEc9yitFWPeoi9HxEr52d3DzAxOrQJJQ5TvPeN6ZWu+eSwl5j4N+e?=

=?Windows-1252?Q?McweQipEQrg+lkTLiyU8HNz20oe47ihVW+l7pmEH7egDenSUVLd0t2mJ?=

=?Windows-1252?Q?ItBvHhaUW1sWYmOmlN3bkJoxwVpR8waw4VZsGh2Zy54mMg1245RG/555?=

=?Windows-1252?Q?3aZAN95DV9KPHhsCZrGWDFofBZib+4KqhOpEpsP0JZV6tOOzDdvb4vgB?=

=?Windows-1252?Q?g2GwdVmWBLySRJFTeI3nZGWsiPfwBxmHTtQyiynF1QDtJIYuuQ+ZCYGM?=

=?Windows-1252?Q?qLzjlQ=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?2O4+shbSZMkh/4k4A5cSy8X1evaho0C7DCcthSKy6HCcECfxd3sWbZo9?=

=?Windows-1252?Q?ndyH4Rfb4sTzWIkLVxqzzrlHnNHAP9hJrN1NdFr6JbPLit4b/efisSVu?=

=?Windows-1252?Q?0kBRcr9ceBQE6IPGd0sHxAmHIWZXkyTo4e3LCBQr+028Oco7kzfxRIST?=

=?Windows-1252?Q?/RFOIO9FDaHMwGCGCwF48y/YJgpv7wT7Sb3CfIpOwDfG2TdZ1SpmNJjB?=

=?Windows-1252?Q?DdyP3ZzopRQVdm/EkBzzKQXgGyHzrFj/vchPR3LG6pfnUmJzv6MsXXBt?=

=?Windows-1252?Q?u2xcjDyecVRLq4WWoW5CychM9ys29b3p2Dg1yC13LPAw19J0Wjxb8pR1?=

=?Windows-1252?Q?JM4/THe1RyE8f0/RQu3Ld7wbMGLcgGNHQX/KAuYCtZDyPoDBcYryd2AL?=

=?Windows-1252?Q?4SigRmoLhd4O6FdpFpdwIG0mX6D3bkEN0ttm6u6z1SaIDQI35MT5EbKf?=

=?Windows-1252?Q?1+vF9Z1YlYbU3L49RDxu2GL/Lgx5yWOjfR93yiyW10No5rM9ek0vVflc?=

=?Windows-1252?Q?HiAFSd0K8Dy8IqArJFklDr/hobsK6ZD1ccTxOQlK5/6DDsiARjj9fEoT?=

=?Windows-1252?Q?CjTewpHPE6ESV0BKuLuiMSwiMZwpev0sNfknlrEKC95UV51VH7mmrhcF?=

=?Windows-1252?Q?CTzRQHyAqDNedZPZ6zrhTcgkcBWfz43fxBECgHmt2qLmKfo5kA4bVAXY?=

=?Windows-1252?Q?m+tRDJ9ABA+FsDjGzWWLzpgvqzU3yUuNXAv/uA6tm9pD+FrHi6nq5I7v?=

=?Windows-1252?Q?2TBhLS0+HwFeIyuHHyLPN7hl02bGQ/hlGPYVF7/KZxRBNXTg7O/MEEcL?=

=?Windows-1252?Q?WhgkozCkznv+qcicQESJBeYB/TIdToA8yt/xshSjje4mNTRMvGyzniTp?=

=?Windows-1252?Q?NfXoFjy+DbiGab7HNy07wIlQRoY+GWljB1G9c33FRy/hQhuMuCgBBJNe?=

=?Windows-1252?Q?DrOQtKL11E+gIaIgDxlyj95ifbQLQtR6ijkGnbeEY/s/OZQchUMAiUc8?=

=?Windows-1252?Q?afKwFulZ5MALC9Y+j0lGRb8pKCI7d9GxdyGuGMZ+9D8LdbcneH41pM86?=

=?Windows-1252?Q?o9Oqdv5K/SbZRiRhWt5KV8Ma2l6e86CH/dpYqlOiZ8OnGDkuBG9oVp8v?=

=?Windows-1252?Q?oDInrEW0kp/CfyvHGmYJ3pgBluGx64t81RuT/AJaBwg0Ai8QV3AA8zpa?=

=?Windows-1252?Q?6VRXuCbYBCyYsqJ12gauxWriqpvquI6/HJDmt2YKMi93UocQlp9B+IfN?=

=?Windows-1252?Q?GSO8Gs65FaLhOQzWD/GLm9scWudLt2W61RGrvTSmf9ZPwTvkH6kS6UAl?=

=?Windows-1252?Q?9Pq9yKZZsTcnSbcv+4UvYIH6HVSzdFSc97s1uTu4tO+JbPyX?=

Content-Type: multipart/alternative;

boundary="_000_DU0P191MB29936D7658D1A95C01110555ADA7ADU0P191MB2993EURP_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-8534-20-msonline-outlook-f08eb.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: DU0P191MB2993.EURP191.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 449e4a8b-6746-4b15-1231-08de33e49641

X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2025 09:56:39.8507

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P191MB2122

--_000_DU0P191MB29936D7658D1A95C01110555ADA7ADU0P191MB2993EURP_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

Hello,

We specialise in helping businesses appear on Google=92s first page for the=

ir niche keywords. This can significantly increase traffic, leads, and enqu=

iries.

If you=92re interested, I can send over our affordable SEO packages.

Best,

Babita

--_000_DU0P191MB29936D7658D1A95C01110555ADA7ADU0P191MB2993EURP_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

252">

Hello,

We specialise in helping businesses appear on Google=92s first p=

age for their niche keywords. This can significantly increase traf=

fic, leads, and enquiries.

If you=92re interested, I can send over our affordable SEO packa=

ges.

Best,

Babita

--_000_DU0P191MB29936D7658D1A95C01110555ADA7ADU0P191MB2993EURP_--

Categories: Microsoft Outlook Hotmail Spam

0 Comments

Web/SEO/App Spam from Google Gmail
Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 00:44:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRQTe-00000000LSu-3Trh

for dave@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 00:43:42 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 00:43:42 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f69.google.com ([209.85.160.69]:61927)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRQEL-00000000KeB-0R2E

for doctor@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 00:28:03 -0700

Received: by mail-oa1-f69.google.com with SMTP id 586e51a60fabf-3ece92bc1b5so2360502fac.3

for ; Thu, 04 Dec 2025 23:27:07 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1764919621; x=1765524421; darn=doctor.nl2k.ab.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=LXbCVO2NxBniNcNpaMKMvcfHw21zv9Y9saGCNN5t77M=;

b=S0niNOEm9VDmGoDLYGSKazeWJijutEHhvfeVa5QdR4pB1HFZbnJKjGnZ8zaosq4GjS

yBT/RSy3ZTlOYsdODpTMya+gm40RMWIf3B/C8yrZ2ZMiwRrZ6cdZoS8BSG4eV2cXx93W

JI73zmPSLodZhhU3P7ipfkoTIBsDPwy1MIv+dX5ZP6Yr/H90oqTlLKevRai/jxQRrUD+

sc4SUcTleLtYPzFDootvrXX0zTPkv4R6iGiNic/kXxZ1TqMOcsU7CkOj/9n04tJwqM4e

ngZmu18Txaz0RNNyMFnx+uWAmd9eFslMWIVxrw3N5CrIO4CiBFP3TYYutrmQ1y1WVyM5

HZig==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1764919621; x=1765524421;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=LXbCVO2NxBniNcNpaMKMvcfHw21zv9Y9saGCNN5t77M=;

b=cg+UFlLuhjy1dPwrQog1igCSW3UugidjPbejGk+DsHxRAgtQwZQ4yTH733fntsglEc

jeaEp/8fePpUND3Vw5J/HqdoFNMNXHQKKb185nw/cr4O1gqDbCOyRiELxCKyEda4y116

rUQyc4aLygfUJLAmPWXXwnu3bVv1l9yczM7mfyLa5CflBmKc1Y7I9cyxNhDdeX9CpP/5

3dxYIIbOjkeEEbUMiunMu9iHBoK3hQefhb8WQB5Mt0gi0oGeFOczhOG5l2DogJx3ceGw

THwnqPR9Rnf6vOAamgpDoxpi7K/8vKVunh00q3k6E2QN4uJuQ7LvSKiQpiXqhsdHSgui

c6cg==

X-Gm-Message-State: AOJu0YwMlMbwV3k3qhANxY5O6/f70a+vYK2YlUorC6ybVOjIQbSobLoG

OT3hIeIaKaagfs/4s9PlT8rgda3MkdSNnuGWiFovu3CjnZYTatZ41INGur5JNjbzuLQ7j1AnHbW

SWC4=

X-Google-Smtp-Source: AGHT+IGY/Gn1xvAdqNdB79iMwi4JOzuZf4dmJF258GeTpzvwL1SnGPEA/d40zDmAkDtDL6V1Y+G/EZhvlg==

MIME-Version: 1.0

X-Received: by 2002:a05:6870:8198:b0:3ec:a020:4c70 with SMTP id

586e51a60fabf-3f506388122mr3169201fac.14.1764919620687; Thu, 04 Dec 2025

23:27:00 -0800 (PST)

Message-ID:

Date: Fri, 05 Dec 2025 07:27:00 +0000

Subject: Checking in: Reviewing your redesign steps

From: vikas.zorioninfotech@gmail.com

To: doctor@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="0000000000000c5dbb06452f5f71"

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, â€œdoctor@doctor.nl2k.ab.caâ€ Hope you're doing well.

I wanted to check back in case you're exploring options to improve your website.

Content analysis details: (7.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

[209.85.160.69 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.69 listed in dnsbl.ahbl.org]

[209.85.160.69 listed in dnsbl.ahbl.org]

[209.85.160.69 listed in dnsbl.ahbl.org]

[209.85.160.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.69 listed in dnsbl.ahbl.org]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[209.85.160.69 listed in psbl.surriel.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.69 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.69 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[vikas.zorioninfotech(at)gmail.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.69 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.69 listed in wl.mailspike.net]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.160.69 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.69 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} Checking in: Reviewing your redesign steps

--0000000000000c5dbb06452f5f71

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

SGVsbG8sIOKAnGRvY3RvckBkb2N0b3Iubmwyay5hYi5jYeKAnQ0KDQpIb3BlIHlvdSdyZSBkb2lu

ZyB3ZWxsLg0KDQpJIHdhbnRlZCB0byBjaGVjayBiYWNrIGluIGNhc2UgeW91J3JlIGV4cGxvcmlu

ZyBvcHRpb25zIHRvIGltcHJvdmUgeW91ciAgDQp3ZWJzaXRlLg0KDQpCZXN0LA0KDQpNYXJrZXRp

bmcgTWFuYWdlcg0KDQpGcm9tOiBWaWthcw0KRGF0ZTogVGh1LCA0IERlYyAyMDI1IGF0IDExOjA5

DQpTdWJqZWN0OiBRdW90ZSBmb3IgSW1wcm92aW5nIFlvdXIgV2Vic2l0ZSBFeHBlcmllbmNlDQpU

bzogZG9jdG9yQGRvY3Rvci5ubDJrLmFiLmNhDQoNCkhlbGxvLCDigJxkb2N0b3JAZG9jdG9yLm5s

MmsuYWIuY2HigJ0NCg0KSG9wZSB5b3UncmUgZG9pbmcgZ3JlYXQuDQoNCkkgc3BlY2lhbGl6ZSBp

biBjbGVhbiwgYXR0cmFjdGl2ZSB3ZWJzaXRlIGRlc2lnbnMgYXQgbWluaW1hbCBjb3N0Lg0KDQpN

YXkgSSBzZW5kIHlvdSBhIHByb3Bvc2FsPw0KDQpUaGFuayB5b3UsDQoNCk1hcmtldGluZyBNYW5h

Z2VyDQo=

--0000000000000c5dbb06452f5f71

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello, =E2=80=9Cdoctor@doctor.nl2k.ab.ca=E2=80=9D

Hope you=E2=80=99r=

e doing well.

I wanted to check back in case you=E2=80=99re explorin=

g options to improve your website.

Best,

Marketing Manager
>
From: Vikas
Date: Thu, 4 Dec 2025 at 11:09
Subject: Quote for I=

mproving Your Website Experience
To: doctor@doctor.nl2k.ab.ca

Hel=

lo, =E2=80=9Cdoctor@doctor.nl2k.ab.ca=E2=80=9D

Hope you=E2=80=99re d=

oing great.

I specialize in clean, attractive website designs at min=

imal cost.

May I send you a proposal?

Thank you,

Marke=

ting Manager

--0000000000000c5dbb06452f5f71--

Categories: Google Gmail Spam

0 Comments

Investment spam
Posted by Dave Yadallee on Saturday, December 6. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dve@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 Dec 2025 00:42:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRQRs-00000000LNH-1dOS

for dve@doctor.nl2k.ab.ca;

Fri, 05 Dec 2025 00:41:52 -0700

Resent-From: The Doctor

Resent-Date: Fri, 5 Dec 2025 00:41:52 -0700

Resent-Message-ID:

Resent-To: dve@doctor.nl2k.ab.ca

Received: from uk.efa.01.vooservers.com ([194.0.252.135]:48060)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vRN2P-000000006wC-1nXe

for doctor@doctor.nl2k.ab.ca;

Thu, 04 Dec 2025 21:03:31 -0700

X-Spam-Status: No

X-vooservers-MailScanner-EFA-Watermark: 1765495596.35463@gLPoNMXKWDe8d1jyBArQBg

X-vooservers-MailScanner-EFA-From: tamora@gamesclinic.com

X-vooservers-MailScanner-EFA: Found to be clean

X-vooservers-MailScanner-EFA-ID: B9AA638A8DA.AA772

X-vooservers-MailScanner-EFA-Information: Please contact serverlogs@vooclients.com for more information

Received: from neptune.vooservers.com (neptune.vooservers.com [194.0.252.180])

(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))

(No client certificate requested)

by uk.efa.01.vooservers.com (Postfix) with ESMTPS id B9AA638A8DA;

Thu, 4 Dec 2025 23:26:34 +0000 (GMT)

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=gamesclinic.com; s=default; h=Content-Transfer-Encoding:Content-Type:

Message-ID:Reply-To:Subject:To:From:Date:MIME-Version:Sender:Cc:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=Hg0D1+Ojp5Ynw4hmO55O6Q5buMYMajhxSXAlEpbFtbs=; b=BE95OuyY6PG71n1pEF+FLNTrn6

q2ktYnSv24A24wgDBNCGp2RrpLQoaaxAKSvnva8IK+Sably+GESVqWxYrf/yBkvM9Ih7bgtG5Cnrq

yJr9V9YG5aQLCghtR70MdUSfXAyFX+VkR5yktKubdJ678jJXhVthGL5HECo+v+6zX480=;

Received: from [::1] (port=58012 helo=neptune.vooservers.com)

by neptune.vooservers.com with esmtpa (Exim 4.93)

(envelope-from )

id 1vRIiY-0009Lx-SH; Thu, 04 Dec 2025 23:26:34 +0000

MIME-Version: 1.0

Date: Thu, 04 Dec 2025 23:26:34 +0000

From: Albridi Investment

To: undisclosed-recipients:;

Subject: Exceptional Loan Offers

Reply-To: adam.saad@albridinvestmentae.loan

Mail-Reply-To: adam.saad@albridinvestmentae.loan

Message-ID:

X-Sender: tamora@gamesclinic.com

User-Agent: Roundcube Webmail/1.3.15

Content-Type: text/plain; charset=UTF-8;

format=flowed

Content-Transfer-Encoding: 8bit

Salam,

I hope this message finds you well. I wanted to inquire if you have any

ongoing or upcoming projects in need of funding. At Albridi Investment,

we specialize in sourcing capital for unique business development

opportunities and work closely with established companies globally to

bring these opportunities to life. We are currently offering investment

loans with a competitive 2.5% annual interest rate, designed for

long-term projects that can generate up to 10% ROI over the investment

period.

If our financing terms align with your organizationâ€™s needs, we would be

delighted to explore potential collaboration. Regardless of project type

or location, we consider proposals from all sectors, provided they meet

our board's approval after review.

Donâ€™t let financial constraints hold you back! Reach out today to

discover how we can help you achieve your goals.

Your future awaits.

Best wishes,

Mr.Adam Saad

Senior Consultant

Albridi Investment

Categories: Spam and Phish

0 Comments

Page 930 of 930, totaling 13941 entries

previous page

No entries to print

Calendar

Mon Tue Wed Thu Fri Sat Sun

← Back December '25 Forward →

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

Archives

December 2025

November 2025

October 2025

Recent...

Older...

Categories

Announcements

General

Involved in the Community

Canadian Club of Edmonton

Chamber Toastmasters

Chamber of Commerce Networking

The Edmonton Social Media Web 2.0 Meetup

Spam and Phish

AOL Spam

Adelphia Spam

AliceDSL.de Spam

Amazon Spam

Arcor-IP.net spam

Barracuda Network Spam

Bell Canada Spam

BellSouth Spam

Bezeqint Spam

British Telecom Spam

Charter Communications Spam

Chinese Phish Spam

Cogeco Cable Spam

Comcast Spam

Cox spam

Earthlink Spam

Eastlink Spam

Epix.net Spam

ExcelAds spam

GoDaddy Spam

Google Gmail Spam

Happeninstuff Spam

Hinet.net Spam

MailGun Spam and Phish

Mega Mail Servers Spam

Message Labs spam

Messagelabs spam

Microsoft Outlook Hotmail Spam

MSN Israeli Spam

Mindspring Spam

NEtia Spam from Poland

Network Solutions Spam

OVH Spam and Phish

Phish

Primus Spam

Proxad Spam

Roadrunner Spam

Roger's Spam

Shawmail Spam

Sophos spam

SourceCable Spam

StellarEstate Spam

T-online Germany Spam

TelecomItalia Spam

Telefonica Spain Spam

Telus Spam

Tera-Byte Spam

Tiscali Spam

Tucows Spam

UCLA Spam

Verizon Spam

Virgin Media Spam

Wanadoo Orange Spam

Who's Who Spam

Xplorenet spam

Yahoo! Spam

digital ocean spam

eToll spam

pppool.de spam

sendgrid.net spam and phish

Technical Issues

Windows Problems

Web Ranking

NetKnow and Edmonton Internet Service Providers (ISP) ranking

Web Ranking Articles

Syndicate This Blog

Blog Administration
Open login screen

Powered by

Serendipity PHP Weblog

NetKnow Navigation
Home

VPNs

Dialup Service

Web Design

Web Hosting

E-Commerce

Server Colocation

Domain Registration

Web Mail

Support

Testimonials

Client List

FAQs

Interested in NetKnow Services?

Links

Disclaimer

Acceptable Use

Security

Technorati Profile

Remote RSS/OPML-Blogroll Feed
No RSS/OPML feed selected

Error
serendipity error: could not include serendipity_plugin_statistics:9cbc0e29a86fd9359ac6748399d6ba5b - exiting.

addthis

Empire Avenue

Error
serendipity error: could not include serendipity_plugin_freetag:6c39baf097de002d8b1c2e33b9661474 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:f520e0fa688ba61bd1ed85c0fd80d550 - exiting.

Error
serendipity error: could not include serendipity_plugin_twitter:b18e142d4998b6b0092d068ad858683d - exiting.

Syndicate This Blog

Comments

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:7aefbb7ca9b764849be35e938b6fc9b2 - exiting.

Error
serendipity error: could not include serendipity_plugin_twitter:c7a92f670894afa9e3097574359fe38d - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:8b72cc4261ddc7ff15df253b17c29c23 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:a0bd1a65cd9ff1c3e289829cc26557c4 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:dcd26c048e45c234c054530ef1492953 - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:6d4c66aeb83aeb9524a7cc609051cf0f - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:acc1042e790905e499445a6890081492 - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:158fb50035b12269ec43107b29253af3 - exiting.

Error
serendipity error: could not include serendipity_plugin_topreferers:6b7e3336713d0a60294c7e310ca5cf1a - exiting.

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:d3f047ee6f925c138fae56dcd7a99400 - exiting.

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:5544ace5c8b19bb8592464810b48df10 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_quicksearch:5624ac0b69cdbe32d0cdc40814d7eb41 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_quicksearch:b8387d3a378247c1c9ede46fffb084e1 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_last_query:bacdc0652131449ebc68ebde2bcb9ce2 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_last_query:8c84ca587b64b627d986e9d5ce98ead1 - exiting.

Powered by Serendipity & the next theme.

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;"> ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE

va, Verdana, sans-serif; font-size: 1.25em; font-weight: 700;">

ACCOUNT SECURITY NOTICE