NetKnow Corporate Blog

Cloud credentialis phishing from Google gmail PArt 1

Posted by Dave Yadallee on Tuesday, March 17. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 Mar 2026 23:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MuP-000000009g6-192N

for dave@doctor.nl2k.ab.ca;

Mon, 16 Mar 2026 23:24:01 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 Mar 2026 23:24:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f70.google.com ([209.85.161.70]:52672)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MPE-000000004xM-4C4I

for doctor@netknow.ca;

Mon, 16 Mar 2026 22:51:56 -0600

Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-67bd1b317dfso96215976eaf.1

for ; Mon, 16 Mar 2026 21:50:42 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=oosakaya.info; s=firebase1; t=1773723036; x=1774327836; darn=netknow.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=dxFSfWZrOxGkdgBaR6oJT0fLJ+Nyhn+gSa/r0pof7aM=;

b=PF8IqPjXcmH8ehRANLTtw7Wdcg81h8AldTAsZ62fjyYeOQwOTw/efA6i6Eusy8CS9d

RJYJC9948rAMwH4rawFoPmCGGAIjfQJXl4avPgQ93xht+zLc27Tw6zWYAcII3nsoeC8K

AxB7l+sU7SwB2lvKpCa+ms0zG9Z7LuFanijYX/tlyNyIuUYeg2bTxPxiZE2pkF1rep1h

kTTlw7wzuKPtEqJ8A671G3rjCQk8F6i3iBwdbYflLIPxg3/Silk5HLCLusMbyxV6f0ef

tsMj8Umla2woyEzJbV43zyhG1JPirq1TGjFqZ94ApbdciaFD5DbwL8/5YznxGzwexKNs

lcKQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773723036; x=1774327836;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=dxFSfWZrOxGkdgBaR6oJT0fLJ+Nyhn+gSa/r0pof7aM=;

b=dD72q1TQgH/YjVRPoLfRBGSHuzfBswE3MLus6A1Swv/NZFsQgjNGp9fKP7WrC/w987

GBse77ti6SycaQl4C6UQO9NHC+WIHOXLzYwMRnVsCNeGx56wCR10+E/piuOViID8pSdo

j99coyKCB8pFcgmOZZ4leQWuCiQg6dBPpFzN7KquuVGMTRDI6xY4NQIlcJs6rQtScNdZ

L1cickDFcG9CVcKsPic1s+GFlTPg/Dn2UA2hHQrCijK3v6NaoIfVRhXPqGw4Knb2V5Sc

uRMSyd55x9mS+z/LlJkVxhk3pOgmhxHrkQy5zN+E2n+QOEZWzrcaxC+bEg1yuKoi21CW

rnXQ==

X-Gm-Message-State: AOJu0Yxjz8v3n/QGgxJuHJIRsj56SQwDQjJXi/sCJ6OFg7WmxHP9Wy8H

2QR1g3Why8wuSnwrkEcjm7c4NnBzE6/3TGFB1JOfd7UGWxREoVZI8NTnRReBElcCaRd1dmfbPql

7EE2VrRw2BfsHDg==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:4d05:b0:67b:b4f4:2731 with SMTP id

006d021491bc7-67bdaa38726mr9724744eaf.44.1773723036495; Mon, 16 Mar 2026

21:50:36 -0700 (PDT)

Reply-To: cloudsystemalert@yopmail.com

Message-ID: <0000000000008533ba064d31132a@google.com>

Date: Tue, 17 Mar 2026 04:50:36 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Uploads_Paused=3A_Storage_Full_=26_Capacity_excee?=

=?UTF-8?Q?ded?=

From: Cloud System Alert

To: doctor@netknow.ca

Content-Type: multipart/alternative; boundary="0000000000008533ad064d311327"

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your mailbox has reached 96% of its storage capacity. Manage

storage or confirm your account. Brand Logo Your Cloud Storage Is 96% Full

Content analysis details: (9.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in sa-accredit.habeas.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.70 listed in wl.mailspike.net]

1.0 OFFER_URI URI: Offer in link address

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.0 ACCT_PHISHING Possible phishing for account information

0.9 URI_PHISH Phishing using web form

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.70 listed in bl.score.senderscore.com]

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Uploads_Paused=3A_Storage_Full_=26_Capacity_excee?=

=?UTF-8?Q?ded?=

--0000000000008533ad064d311327

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Your mailbox has reached 96% of its storage capacity. Manage storage or

confirm your account.

Brand Logo

Your Cloud Storage Is 96% Full

Hello,

Your mailbox has reached 96% of its total storage capacity. This may affect

your ability to send or receive new messages and could result in important

communications being delayed or lost.

To avoid interruption of service, please take immediate action to free up

space or upgrade your storage plan.

Click below to confirm your account status and manage your account

prefernces.

96% Used

Get More Storage

Thank You,

Cloud Storage Support Team

To unsubscribe, click here.

Customs Phish Part 3

Posted by Dave Yadallee on Tuesday, March 17. 2026

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

ize:12pt;color:#000000">

' , sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

nd:white">
s-serif;color:#222222">Greetings,
:'arial' , sans-serif;color:black">

onormal" style=3D"margin:0px;background:white">
arial' , sans-serif;color:#222222">
'arial' , sans-serif;color:black">

-v1msonormal" style=3D"margin:0px;background:white">
e:18pt;font-family:'arial' , sans-serif;color:#222222">This message is from=

the Border protection Agency. We have an Urgent message for you.
an>

=

white"> =

;
>

e=3D"font-family:'arial' , sans-serif;color:#222222">Regards,
g>

rong>Customer Care Departm=

ent

rif">Clearance and Delivery Assistant
=3D"font-family:'arial' , sans-serif;color:black">

rgin:0px;background:white">
color:black">

div>

>

div>

>

div>

>

div>
>
div>
>
div>
>
div>
>
div>
>
div>
<=

/body>

--=_a3446aab-9fa3-4f14-8247-67635ce4eb83--

Customs Phish Part 2

Posted by Dave Yadallee on Tuesday, March 17. 2026

--=_a3446aab-9fa3-4f14-8247-67635ce4eb83

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

ize: 12pt; color: #000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

ize:12pt;color:#000000">

' , sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

ize:12pt;color:#000000">

' , sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

ize:12pt;color:#000000">

' , sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

Customs phish Part 1

Posted by Dave Yadallee on Tuesday, March 17. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 17 Mar 2026 06:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2ThW-000000005Kv-0T1I

for dave@doctor.nl2k.ab.ca;

Tue, 17 Mar 2026 06:39:10 -0600

Resent-From: The Doctor

Resent-Date: Tue, 17 Mar 2026 06:39:10 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [181.129.50.202] (port=52348 helo=mxcentralzm.centraldereferencia.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2OF7-00000000Ep6-0CDg

for root@nk.ca;

Tue, 17 Mar 2026 00:49:37 -0600

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id B953D586367;

Mon, 16 Mar 2026 23:41:41 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10032)

with ESMTP id wC_zoBmCnzAl; Mon, 16 Mar 2026 23:41:40 -0500 (-05)

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id D9307587396;

Mon, 16 Mar 2026 23:41:38 -0500 (-05)

DKIM-Filter: OpenDKIM Filter v2.10.3 mxcentralzm.centraldereferencia.com D9307587396

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=centraldereferencia.com; s=3AD0EA78-DAE5-11ED-90D0-7932BB6BC240;

t=1773722499; bh=EUHjvI6W6qELMmtGWRpsHVBDZSi2XHXONIAkHOyBSQM=;

h=Date:From:Message-ID:MIME-Version;

b=FMST0Tyua5G1v4gK1475QkSLnHh7Fzc9pNLZBO455Uq398dujNmaFNXyq5ZZdbezX

m6TdSxaUQtfxSdCodm3E3F2M7IDjA4/0Pd83es+Uj9jDIHvUx4SG5ToiWsRsLJ3OfH

3VZqvd/p/64tOcdt4iy/2UUzjUPsdhScJL4PyyM4sovtf79v3chwsweZUGNXMDZU70

jxqjlu9+QoSMU9WE9am4y+6+KHGQzjj+eFz2Z7QHxeTBbG2nrfdv6wWYpJnEA+G4NE

32qHc+6UBYrFqCAY318U4S72cbtKFMu9ihF2i4mNVC96sJjh2mdh4nnOZctN/A1G2t

13UALS/prLgiw==

X-Virus-Scanned: amavis at mxcentralzm.centraldereferencia.com

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10026)

with ESMTP id pQ8Zim1US4F1; Mon, 16 Mar 2026 23:41:38 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com (mxcentralzm.centraldereferencia.com [192.168.0.105])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 14EBD585DDB;

Mon, 16 Mar 2026 23:41:33 -0500 (-05)

Date: Mon, 16 Mar 2026 23:41:32 -0500 (COT)

From: CUSTOMS AND BORDERS PROTECTION

Reply-To: CUSTOMS AND BORDERS PROTECTION

Message-ID: <184820349.144646.1773722492824.JavaMail.zimbra@centraldereferencia.com>

In-Reply-To: <1874399433.144529.1773722403132.JavaMail.zimbra@centraldereferencia.com>

References: <1370306114.39301.1773625913473.JavaMail.zimbra@centraldereferencia.com> <318250241.144307.1773722102099.JavaMail.zimbra@centraldereferencia.com> <206252692.144406.1773722222156.JavaMail.zimbra@centraldereferencia.com> <1724877005.144432.1773722259417.JavaMail.zimbra@centraldereferencia.com> <718152171.144448.1773722289172.JavaMail.zimbra@centraldereferencia.com> <953858191.144456.1773722319558.JavaMail.zimbra@centraldereferencia.com> <1345966264.144466.1773722361681.JavaMail.zimbra@centraldereferencia.com> <1874399433.144529.1773722403132.JavaMail.zimbra@centraldereferencia.com>

Subject: Reply Back

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_a3446aab-9fa3-4f14-8247-67635ce4eb83"

X-Originating-IP: [192.168.0.105]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC145 (Win)/8.8.15_GA_4717)

Thread-Topic: Reply Back

Thread-Index: xdz5gjGfimanirmFB2TMg+VS8j7l4TLHaV1VBtrMWKB98jct+N1/TY9a2+P1fO4tURFY3v5SLmmrHRYiaW7P8PYR65Lxd9bcAseGDTkmLZcnN7S5U41aJK63WzJatexE2l+bEVGzFhc2M7PRz7Jef8akIBd0USDDkBIYdqWE+xEocngw/oRqwZkAVNS9++qaNv2969k3Gt7LQze+VqlJvY4N3Az7ckU5XP9/jVDliuYqm7jVCCbpJGiO1KtVekGSh9EsBekVOC2+nb//qog2zS5Cd2e5ZcGeeUsOkDVgOSSY2u+L0u7lRJ5bp6PM2I0jWm+baDopAyxSKhDsNzdtqHqj4g3pwSEapZ/WxXHX4y5x1l99AEaOGaNi0lLKp8qAxWPXzUYqiEvHArsphUBfLXarmGgwOUrBnoY8eeSJUA6waFMvWU+z3J1SMaFIZMLuIr0gALxUFrfSaCLoll50M9CHvn1HWyHwfgIhUkNdkPPYAwgeZXPDA7DD9hTHK99J5JTzLHoaqaXUg3RnivHL4hBEZ1ix0KibuzPNqfHW++C0w4e5lKjX4KCcAXyJk8ptXtRgGTo8eSKTCsnCgNzxG/4CPw/Dswmu4EvIBM+o5O4kK/urzD52FctbPj2MwhjLnPX5hEySCdC3uIuvnnO3zjWJSSzpflQQIeSSCZIgmI2NuHMSmZynsWmu6CiFebO9ozz84MzHpR5UEMrghXKw2KGTRsoRAdtQpeKZ5jsyzpqY5pPJTUGxAPCOx/EoGY6J7xhz93KpZMpVfPw+n+YmXZWavAUVk4177N0FI4mitADKLs4/MVYUTqHnGphD27t+omhFBFypKzcuGTeWxBe6HnWSfKUWAxlqOed9odcrwhhCQIXO6kYvNMaq1DOEfUCFBURC8ozDA7yWtOg/h7tDesYTznMWXYn4QACaZwQicZ5ssv6Vp0O1e1uaO+KHQ5I5iop79GahePE9UPDGvFaWgROI

sVc4o8ll9TK0R6BYOwRP3kvmZe2dzt/O8FDEWPSIBNoL8ykSJwU14RJU9vgbQ7EJNqiLVVu7lR7NHMFmCuUTUpm+Vck6U/dHNsWuRbHoLHIieWE0iMrtIrW+Rvqy9GgQKDyP7kAHqcUVUvMW4X7uIEr/zpSGGonObqFar1UVDNy6Y0Duepxr+6pDXcRte2HearbOtKW0dS+mwZIeG78pqBdfaPZXBXp0UcQY46/NOOME6wlxKr+7cIFAcWfKEeEGGJ6eiK4M4SpftO4okDIOq5F0rre42jaKLp1cOxVmObBz7J1HdAXEpeHPnrp41B6mnS07eBTN9HUCkBHopRLAsz8JrdSZnxo0kEAPrI45gKozfzShthDuFl9/yrq72HyxiNX7SdgPdRT1zGbHS8LkaeQSo/HlhRb8JDFqIDfqvF4vRWHOgsVhgo82DjRMqyuLjjMOVzZtw02H5rtw+ET84GK64vuRcr8rBwY3yxGkPU+8eBV5A84N+B/Btu6RurB5TGzrpfCMjAp+tJPLgyqDq4+OR5pdWoczOoQIu85v6oqSDSfGXBrEFHLy2B90dOk39dkyr9T3lyk948uKZOhgJ/tUWPssQJBZbEE5hRlzDlxntoStetskyOL9jdLU6mh5HDkKHdVxsXYxNhhXFBigc5cIZ/3tviU0o8Rzb3PSHRd73cpgqmEUEc6zeEhyWwVCulCWNS1M5X0+Kv4gY04KlK+x11wr+oWWi+bpYA3ShuEnjElbTtvoGnBIJRFWxGPnQ9HEjfm4m8J/irtb8tipiyzkdszXTl7ryPJxVhsoODGFdPx0An7W3h6gmUf374uOEJr6+XkHKeh9wcUeJk9cICBhibUINO8Tk4fxCpEmJEH18lZQr3YTeGtadWNzfvO8JNL9ia8cHEfsED8RtnmAYZ/NoDErzjtu46XyyHmS61i0I3OjcO1Gv/BS5NqIJisAZOyolzlAdoeiJ+ydGwO8wbfAGN5HSFCVXcXJL

Cgb9PmLD+tV1TP6ypm/xFjwiH44rEZS4fjNhoT0klyxacKzcN/PYMUWdnlXN8inax2qfpGTKV8oGXtPRxiq9lVCrDbMEmeJfDnGhbl9hFVSB16BVnDarI2PpUkYFn3E1s9XAU3H3UjMnNnwyfF2UhiK0aRf+95F8lYn4kfSG9wEG/PnQUcyJdJvIUj1t9NHN+m6ESAAcgjcP9tTyM21xDLmRwBKLSd1B9TG/LdPt61Lk+LBapkiEGToGkarp9SEAaluoCdDyF3p6zAH4gCwAc0JIN3/ZCAkUgMP2CTYuDUvvWO9FCcJdD5scEut5M4FdipNfAl+PWMTvoYN3gsaRbVH/e8WaW8cH6X4OW0K6wkLOc4PPcapMHygrop0PUIJT1QTKQ7r0fcGXExULtQAW9QZkq8q4aXmze9qvFdpsYrVmCvCMmhRrSQMRAJqR4zGptR4AyHdDk3DJE4=

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings, This message is from the Border protection Agency.

We have an Urgent message for you.

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 MISSING_HEADERS Missing To: header

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.9 REPLYTO_WITHOUT_TO_CC No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[181.129.50.202 listed in bl.score.senderscore.com]

Subject: {SPAM?} Reply Back

--=_a3446aab-9fa3-4f14-8247-67635ce4eb83

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

Greetings,

This message is from the Border protection Agency. We have an Urgent message for you.

Regards,

Customer Care Department

Clearance and Delivery Assistant

Customs phish Part 2

Posted by Dave Yadallee on Tuesday, March 17. 2026

--=_052f2a7e-306b-4502-82f5-65a325259fec

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

ize: 12pt; color: #000000">

rker=3D"__QUOTED_TEXT__">

sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

nd:white">
s-serif;color:#222222">Greetings,
:'arial' , sans-serif;color:black">

onormal" style=3D"margin:0px;background:white">
arial' , sans-serif;color:#222222">
'arial' , sans-serif;color:black">

-v1msonormal" style=3D"margin:0px;background:white">
e:18pt;font-family:'arial' , sans-serif;color:#222222">This message is from=

the Border protection Agency. We have an Urgent message for you.
an>

=

white"> =

;
>

e=3D"font-family:'arial' , sans-serif;color:#222222">Regards,
g>

rong>Customer Care Departm=

ent

rif">Clearance and Delivery Assistant
=3D"font-family:'arial' , sans-serif;color:black">

rgin:0px;background:white">
color:black">

div>

>

div>

>

--=_052f2a7e-306b-4502-82f5-65a325259fec--

Customs phish Part 1

Posted by Dave Yadallee on Tuesday, March 17. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 Mar 2026 23:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MuC-000000009fA-35Tj

for dave@doctor.nl2k.ab.ca;

Mon, 16 Mar 2026 23:23:48 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 Mar 2026 23:23:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [181.129.50.202] (port=58336 helo=mxcentralzm.centraldereferencia.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MVW-000000006VB-2jBq

for sales@nk.ca;

Mon, 16 Mar 2026 22:58:26 -0600

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 37F525C1092;

Mon, 16 Mar 2026 22:36:07 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10032)

with ESMTP id zGzxQA64f81K; Mon, 16 Mar 2026 22:36:04 -0500 (-05)

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 5C2BA5C109A;

Mon, 16 Mar 2026 22:36:02 -0500 (-05)

DKIM-Filter: OpenDKIM Filter v2.10.3 mxcentralzm.centraldereferencia.com 5C2BA5C109A

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=centraldereferencia.com; s=3AD0EA78-DAE5-11ED-90D0-7932BB6BC240;

t=1773718562; bh=X84P/x6DqjtoyQm+p3mWVOQuupqFdCyLBOxiGwI/hR0=;

h=Date:From:Message-ID:MIME-Version;

b=rkXpH5C6PPkZp4Gu7SY/4WLq/fc1kKQ+Rj+72FwOetMP9KPqKch3UjMbBdmVJF+6w

5ez+AQ3zUg4TGUepsy+VRQTGTJgrHoCwEPVaGwIbNgzXmkNBotMllWtmkVbheVHXeA

y/J94UnBnKz13aJ37e8SMWqa1tSwBNb6HyVNsNVDSP5ZZPlpS86/x+YWg3Me0ariLo

6bP+XwiYAlc8BBm8NcvGvL+gEV9u3oAd9ngAYinHZnnoPngABsTWwnNZiqrYZV+wxQ

+UCpQqAU0rHH5orXqy0JoS6ADgfJbvjtHQm7yEOcX4XVpRueTsfmw94gRtfyspv/gA

FpVwJI8Z5Emyw==

X-Virus-Scanned: amavis at mxcentralzm.centraldereferencia.com

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10026)

with ESMTP id QBHXwAKuxVEk; Mon, 16 Mar 2026 22:36:01 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com (mxcentralzm.centraldereferencia.com [192.168.0.105])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 006A75C1095;

Mon, 16 Mar 2026 22:35:54 -0500 (-05)

Date: Mon, 16 Mar 2026 22:35:54 -0500 (COT)

From: CUSTOMS AND BORDERS PROTECTION

Reply-To: CUSTOMS AND BORDERS PROTECTION

Message-ID: <1588894709.140049.1773718554711.JavaMail.zimbra@centraldereferencia.com>

In-Reply-To: <2043703711.140036.1773718532823.JavaMail.zimbra@centraldereferencia.com>

References: <1370306114.39301.1773625913473.JavaMail.zimbra@centraldereferencia.com> <549323290.139752.1773718337867.JavaMail.zimbra@centraldereferencia.com> <381640250.139841.1773718367415.JavaMail.zimbra@centraldereferencia.com> <1248863787.139866.1773718389564.JavaMail.zimbra@centraldereferencia.com> <535740096.139912.1773718412696.JavaMail.zimbra@centraldereferencia.com> <769293932.139931.1773718430904.JavaMail.zimbra@centraldereferencia.com> <406078832.140004.1773718452756.JavaMail.zimbra@centraldereferencia.com> <2043703711.140036.1773718532823.JavaMail.zimbra@centraldereferencia.com>

Subject: Fwd: Reply Back

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_052f2a7e-306b-4502-82f5-65a325259fec"

X-Originating-IP: [192.168.0.105]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC145 (Win)/8.8.15_GA_4717)

Thread-Topic: Reply Back

Thread-Index: xdz5gjGfimanirmFB2TMg+VS8j7l4TLHaV1VBtrMWKB98jct+N1/TY9a2+P1fO4tURFY3v5SLmmrHRYiaW7P8PYR65Lxd9bcAseGDTkmLZcnN7S5U41aJK63WzJatexE2l+bEVGzFhc2M7PRz7Jef8akIBd0USDDkBIYdqWE+xEocngw/oRqwZkAVNS9++qaNv2969k3Gt7LQze+VqlJvY4N3Az7ckU5XP9/jVDliuYqm7jVCCbpJGiO1KtVekGSh9EsBekVOC2+nb//qog2zS5Cd2e5ZcGeeUsOkDVgOSSY2u+L0u7lRJ5bp6PM2I0jWm+baDopAyxSKhDsNzdtqHqj4g3pwSEapZ/WxXHX4y5x1l99AEaOGaNi0lLKp8qAxWPXzUYqiEvHArsphUBfLXarmGgwOUrBnoY8eeSJUA6waFMvWU+z3J1SMaFIZMLuIr0gALxUFrfSaCLoll50M9CHvn1HWyHwfgIhUkNdkPPYAwgeZXPDA7DD9hTHK99J5JTzLHoaqaXUg3RnivHL4hBEZ1ix0KibuzPNqfHW++C0w4e5lKjX4KCcAXyJk8ptXtRgGTo8eSKTCsnCgNzxG/4CPw/Dswmu4EvIBM+o5O4kK/urzD52FctbPj2MwhjLnPX5hEySCdC3uIuvnnO3zjWJSSzpflQQIeSSCZIgmI2NuHMSmZynsWmu6CiFebO9ozz84MzHpR5UEMrghXKw2KGTRsoRAdtQpeKZ5jsyzpqY5pPJTUGxAPCOx/EoGY6J7xhz93KpZMpVfPw+n+YmXZWavAUVk4177N0FI4mitADKLs4/MVYUTqHnGphD27t+omhFBFypKzcuGTeWxBe6HnWSfKUWAxlqOed9odcrwhhCQIXO6kYvNMaq1DOEfUCFBURC8ozDA7yWtOg/h7tDesYTznMWXYn4QACaZwQicZ5ssv6Vp0O1e1uaO+KHQ5I5iop79GahePE9UPDGvFaWgROI

sVc4o8ll9TK0R6BYOwRP3kvmZe2dzt/O8FDEWPSIBNoL8ykSJwU14RJU9vgbQ7EJNqiLVVu7lR7NHMFmCuUTUpm+Vck6U/dHNsWuRbHoLHIieWE0iMrtIrW+Rvqy9GgQKDyP7kAHqcUVUvMW4X7uIEr/zpSGGonObqFar1UVDNy6Y0Duepxr+6pDXcRte2HearbOtKW0dS+mwZIeG78pqBdfaPZXBXp0UcQY46/NOOME6wlxKr+7cIFAcWfKEeEGGJ6eiK4M4SpftO4okDIOq5F0rre42jaKLp1cOxVmObBz7J1HdAXEpeHPnrp41B6mnS07eBTN9HUCkBHopRLAsz8JrdSZnxo0kEAPrI45gKozfzShthDuFl9/yrq72HyxiNX7SdgPdRT1zGbHS8LkaeQSo/HlhRb8JDFqIDfqvF4vRWHOgsVhgo82DjRMqyuLjjMOVzZtw02H5rtw+ET84GK64vuRcr8rBwY3yxGkPU+8eBV5A84N+B/Btu6RurB5TGzrpfCMjAp+tJPLgyqDq4+OR5pdWoczOoQIu85v6oqSDSfGXBrEFHLy2B90dOk39dkyr9T3lyk948uKZOhgJ/tUWPssQJBZbEE5hRlzDlxntoStetskyOL9jdLU6mh5HDkKHdVxsXYxNhhXFBigc5cIZ/3tviU0o8Rzb3PSHRd73cpgqmEUEc6zeEhyWwVCulCWNS1M5X0+Kv4gY04KlK+x11wr+oWWi+bpYA3ShuEnjElbTtvoGnBIJRFWxGPnQ9HEjfm4m8J/irtb8tipiyzkdszXTl7ryPJxVhsoODGFdPx0An7W3h6gmUf374uOEJr6+XkHKeh9wcUeJk9cICBhibUINO8Tk4fxCpEmJEH18lZQr3YTeGtadWNzfvO8JNI=

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings, This message is from the Border protection Agency.

We have an Urgent message for you.

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[181.129.50.202 listed in bl.score.senderscore.com]

Subject: {SPAM?} Fwd: Reply Back

--=_052f2a7e-306b-4502-82f5-65a325259fec

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

Greetings,

This message is from the Border protection Agency. We have an Urgent message for you.

Regards,

Customer Care Department

Clearance and Delivery Assistant

customs phish Part 2

Posted by Dave Yadallee on Tuesday, March 17. 2026

--=_052f2a7e-306b-4502-82f5-65a325259fec

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

ize: 12pt; color: #000000">

rker=3D"__QUOTED_TEXT__">

sans-serif;font-size:12pt;color:#000000">

:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;col=

or:#000000">

if;font-size:12pt;color:#000000">

helvetica' , sans-serif;font-size:12pt;color:#000000">

nt-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">=

:12pt;color:#000000">

sans-serif;font-size:12pt;color:#000000">

rial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

yle=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:=

#000000">

font-size:12pt;color:#000000">

vetica' , sans-serif;font-size:12pt;color:#000000">

family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">
v>

pt;color:#000000">

ns-serif;font-size:12pt;color:#000000">

l' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00=

0000">

t-size:12pt;color:#000000">

ica' , sans-serif;font-size:12pt;color:#000000">

ily:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#000000">

<=

div style=3D"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;=

color:#000000">

serif;font-size:12pt;color:#000000">

, 'helvetica' , sans-serif;font-size:12pt;color:#000000">

"font-family:'arial' , 'helvetica' , sans-serif;font-size:12pt;color:#00000=

0">

nd:white">
s-serif;color:#222222">Greetings,
:'arial' , sans-serif;color:black">

onormal" style=3D"margin:0px;background:white">
arial' , sans-serif;color:#222222">
'arial' , sans-serif;color:black">

-v1msonormal" style=3D"margin:0px;background:white">
e:18pt;font-family:'arial' , sans-serif;color:#222222">This message is from=

the Border protection Agency. We have an Urgent message for you.
an>

=

white"> =

;
>

e=3D"font-family:'arial' , sans-serif;color:#222222">Regards,
g>

rong>Customer Care Departm=

ent

rif">Clearance and Delivery Assistant
=3D"font-family:'arial' , sans-serif;color:black">

rgin:0px;background:white">
color:black">

div>

>

div>

>

--=_052f2a7e-306b-4502-82f5-65a325259fec--

customs phish Part 1

Posted by Dave Yadallee on Tuesday, March 17. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 Mar 2026 23:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MuC-000000009fA-35Tj

for dave@doctor.nl2k.ab.ca;

Mon, 16 Mar 2026 23:23:48 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 Mar 2026 23:23:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [181.129.50.202] (port=58336 helo=mxcentralzm.centraldereferencia.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2MVW-000000006VB-2jBq

for sales@nk.ca;

Mon, 16 Mar 2026 22:58:26 -0600

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 37F525C1092;

Mon, 16 Mar 2026 22:36:07 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10032)

with ESMTP id zGzxQA64f81K; Mon, 16 Mar 2026 22:36:04 -0500 (-05)

Received: from localhost (localhost [127.0.0.1])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 5C2BA5C109A;

Mon, 16 Mar 2026 22:36:02 -0500 (-05)

DKIM-Filter: OpenDKIM Filter v2.10.3 mxcentralzm.centraldereferencia.com 5C2BA5C109A

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=centraldereferencia.com; s=3AD0EA78-DAE5-11ED-90D0-7932BB6BC240;

t=1773718562; bh=X84P/x6DqjtoyQm+p3mWVOQuupqFdCyLBOxiGwI/hR0=;

h=Date:From:Message-ID:MIME-Version;

b=rkXpH5C6PPkZp4Gu7SY/4WLq/fc1kKQ+Rj+72FwOetMP9KPqKch3UjMbBdmVJF+6w

5ez+AQ3zUg4TGUepsy+VRQTGTJgrHoCwEPVaGwIbNgzXmkNBotMllWtmkVbheVHXeA

y/J94UnBnKz13aJ37e8SMWqa1tSwBNb6HyVNsNVDSP5ZZPlpS86/x+YWg3Me0ariLo

6bP+XwiYAlc8BBm8NcvGvL+gEV9u3oAd9ngAYinHZnnoPngABsTWwnNZiqrYZV+wxQ

+UCpQqAU0rHH5orXqy0JoS6ADgfJbvjtHQm7yEOcX4XVpRueTsfmw94gRtfyspv/gA

FpVwJI8Z5Emyw==

X-Virus-Scanned: amavis at mxcentralzm.centraldereferencia.com

Received: from mxcentralzm.centraldereferencia.com ([127.0.0.1])

by localhost (mxcentralzm.centraldereferencia.com [127.0.0.1]) (amavis, port 10026)

with ESMTP id QBHXwAKuxVEk; Mon, 16 Mar 2026 22:36:01 -0500 (-05)

Received: from mxcentralzm.centraldereferencia.com (mxcentralzm.centraldereferencia.com [192.168.0.105])

by mxcentralzm.centraldereferencia.com (Postfix) with ESMTP id 006A75C1095;

Mon, 16 Mar 2026 22:35:54 -0500 (-05)

Date: Mon, 16 Mar 2026 22:35:54 -0500 (COT)

From: CUSTOMS AND BORDERS PROTECTION

Reply-To: CUSTOMS AND BORDERS PROTECTION

Message-ID: <1588894709.140049.1773718554711.JavaMail.zimbra@centraldereferencia.com>

In-Reply-To: <2043703711.140036.1773718532823.JavaMail.zimbra@centraldereferencia.com>

References: <1370306114.39301.1773625913473.JavaMail.zimbra@centraldereferencia.com> <549323290.139752.1773718337867.JavaMail.zimbra@centraldereferencia.com> <381640250.139841.1773718367415.JavaMail.zimbra@centraldereferencia.com> <1248863787.139866.1773718389564.JavaMail.zimbra@centraldereferencia.com> <535740096.139912.1773718412696.JavaMail.zimbra@centraldereferencia.com> <769293932.139931.1773718430904.JavaMail.zimbra@centraldereferencia.com> <406078832.140004.1773718452756.JavaMail.zimbra@centraldereferencia.com> <2043703711.140036.1773718532823.JavaMail.zimbra@centraldereferencia.com>

Subject: Fwd: Reply Back

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_052f2a7e-306b-4502-82f5-65a325259fec"

X-Originating-IP: [192.168.0.105]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC145 (Win)/8.8.15_GA_4717)

Thread-Topic: Reply Back

Thread-Index: xdz5gjGfimanirmFB2TMg+VS8j7l4TLHaV1VBtrMWKB98jct+N1/TY9a2+P1fO4tURFY3v5SLmmrHRYiaW7P8PYR65Lxd9bcAseGDTkmLZcnN7S5U41aJK63WzJatexE2l+bEVGzFhc2M7PRz7Jef8akIBd0USDDkBIYdqWE+xEocngw/oRqwZkAVNS9++qaNv2969k3Gt7LQze+VqlJvY4N3Az7ckU5XP9/jVDliuYqm7jVCCbpJGiO1KtVekGSh9EsBekVOC2+nb//qog2zS5Cd2e5ZcGeeUsOkDVgOSSY2u+L0u7lRJ5bp6PM2I0jWm+baDopAyxSKhDsNzdtqHqj4g3pwSEapZ/WxXHX4y5x1l99AEaOGaNi0lLKp8qAxWPXzUYqiEvHArsphUBfLXarmGgwOUrBnoY8eeSJUA6waFMvWU+z3J1SMaFIZMLuIr0gALxUFrfSaCLoll50M9CHvn1HWyHwfgIhUkNdkPPYAwgeZXPDA7DD9hTHK99J5JTzLHoaqaXUg3RnivHL4hBEZ1ix0KibuzPNqfHW++C0w4e5lKjX4KCcAXyJk8ptXtRgGTo8eSKTCsnCgNzxG/4CPw/Dswmu4EvIBM+o5O4kK/urzD52FctbPj2MwhjLnPX5hEySCdC3uIuvnnO3zjWJSSzpflQQIeSSCZIgmI2NuHMSmZynsWmu6CiFebO9ozz84MzHpR5UEMrghXKw2KGTRsoRAdtQpeKZ5jsyzpqY5pPJTUGxAPCOx/EoGY6J7xhz93KpZMpVfPw+n+YmXZWavAUVk4177N0FI4mitADKLs4/MVYUTqHnGphD27t+omhFBFypKzcuGTeWxBe6HnWSfKUWAxlqOed9odcrwhhCQIXO6kYvNMaq1DOEfUCFBURC8ozDA7yWtOg/h7tDesYTznMWXYn4QACaZwQicZ5ssv6Vp0O1e1uaO+KHQ5I5iop79GahePE9UPDGvFaWgROI

sVc4o8ll9TK0R6BYOwRP3kvmZe2dzt/O8FDEWPSIBNoL8ykSJwU14RJU9vgbQ7EJNqiLVVu7lR7NHMFmCuUTUpm+Vck6U/dHNsWuRbHoLHIieWE0iMrtIrW+Rvqy9GgQKDyP7kAHqcUVUvMW4X7uIEr/zpSGGonObqFar1UVDNy6Y0Duepxr+6pDXcRte2HearbOtKW0dS+mwZIeG78pqBdfaPZXBXp0UcQY46/NOOME6wlxKr+7cIFAcWfKEeEGGJ6eiK4M4SpftO4okDIOq5F0rre42jaKLp1cOxVmObBz7J1HdAXEpeHPnrp41B6mnS07eBTN9HUCkBHopRLAsz8JrdSZnxo0kEAPrI45gKozfzShthDuFl9/yrq72HyxiNX7SdgPdRT1zGbHS8LkaeQSo/HlhRb8JDFqIDfqvF4vRWHOgsVhgo82DjRMqyuLjjMOVzZtw02H5rtw+ET84GK64vuRcr8rBwY3yxGkPU+8eBV5A84N+B/Btu6RurB5TGzrpfCMjAp+tJPLgyqDq4+OR5pdWoczOoQIu85v6oqSDSfGXBrEFHLy2B90dOk39dkyr9T3lyk948uKZOhgJ/tUWPssQJBZbEE5hRlzDlxntoStetskyOL9jdLU6mh5HDkKHdVxsXYxNhhXFBigc5cIZ/3tviU0o8Rzb3PSHRd73cpgqmEUEc6zeEhyWwVCulCWNS1M5X0+Kv4gY04KlK+x11wr+oWWi+bpYA3ShuEnjElbTtvoGnBIJRFWxGPnQ9HEjfm4m8J/irtb8tipiyzkdszXTl7ryPJxVhsoODGFdPx0An7W3h6gmUf374uOEJr6+XkHKeh9wcUeJk9cICBhibUINO8Tk4fxCpEmJEH18lZQr3YTeGtadWNzfvO8JNI=

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings, This message is from the Border protection Agency.

We have an Urgent message for you.

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

[181.129.50.202 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[181.129.50.202 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[181.129.50.202 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[181.129.50.202 listed in bl.score.senderscore.com]

Subject: {SPAM?} Fwd: Reply Back

--=_052f2a7e-306b-4502-82f5-65a325259fec

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

Greetings,

This message is from the Border protection Agency. We have an Urgent message for you.

Regards,

Customer Care Department

Clearance and Delivery Assistant

Cloud credential phishing from Google Gmail Part 2

Posted by Dave Yadallee on Tuesday, March 17. 2026

--0000000000001a0314064d2fffae

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Your Cloud Storage Is 96% Full

=3D1">

=3D"0" class=3D"wrapper" width=3D"100%">

border=3D"0" class=3D"container" width=3D"100%">

=20

/logo.png" alt=3D"Brand Logo" class=3D"logo">

0" cellspacing=3D"0" border=3D"0">

Your Cloud Storage Is 96=

% Full

>

Hello,

Your mailbox has reached
;">96% of its total storage capacity. This may affect your ability=

to send or receive new messages and could result in important communicatio=

ns being delayed or lost.

To avoid interruption of service, please take immediate a=

ction to free up space or upgrade your storage plan.

Click below to =

confirm your account status and manage your account prefernces.

0" cellspacing=3D"0" border=3D"0" class=3D"progress-wrap">

ng=3D"0" cellspacing=3D"0" border=3D"0" class=3D"progress-track">

cellspacing=3D"0" border=3D"0" width=3D"96%" style=3D"background:#ef4444; b=

order-radius:999px; height:14px;">

e=3D"height:14px;">

96% Used
span>

k?upn=3Du001.i-2BRQJxtL1ha3gF-2BzqiGw3CIXpbHrtYHfLDtAIsYdtG4g9hue17UWvLxDlh=

B9MvwdyvvF_A3nRQoop3xGTTNLdbAlLJcD2sfZwkYwAzGLsVwWWgkysJsC7wSRYpipBhGB05ZVy=

tHg8U4lxnVQgLrb1mKX9FHel3RYzkuQ7bb8o4coPfiWKjZDGo6Z0DBH1SeyI2OiHiqR3fSrdjsp=

wxa3iA2RqQj2jfq8L0ZOtCDc5dkDHj-2FwXnoF-2BUUa0PE-2Booxrda4CNAx2EiuPMQTHrtj-2=

FZm6SW272kk0wBNv9k6cAFyt8uANgVW8qSQ9XKsAWirdUzxtxEG0KUI-2B97SyfFGF51msV9kWf=

eL2GTkiaeExWuwpOewY-2F6pBK-2Fz4pJCQGdykynS2zW8rTBgEWV7g83klyBDJJ57MOMMeuRXe=

NIz74IiUzHVTOYrZJtRmzG0-2Bw-2F1ES0iuz8KY2yQjhcIDGWfPwswtOop5A3CSCplrqBUuxiG=

DUWwUqHuXPeU-2FS9hFJdcE1XuV3c" target=3D"_blank">Get More Storage

=20

Thank You,
Cloud Storage Support Team

To unsubscribe, click
/#" target=3D"_blank">here.

--0000000000001a0314064d2fffae--

Cloud credential phishing from Google Gmail Part 1

Posted by Dave Yadallee on Tuesday, March 17. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 16 Mar 2026 23:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2Mu7-000000009f0-02PS

for dave@doctor.nl2k.ab.ca;

Mon, 16 Mar 2026 23:23:43 -0600

Resent-From: The Doctor

Resent-Date: Mon, 16 Mar 2026 23:23:42 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f72.google.com ([209.85.161.72]:58688)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w2LC9-00000000JFw-1bru

for support@nk.ca;

Mon, 16 Mar 2026 21:34:20 -0600

Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-679c5ed0942so62691668eaf.1

for ; Mon, 16 Mar 2026 20:33:25 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=oosakaya.info; s=firebase1; t=1773718399; x=1774323199; darn=nk.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=fefTo4QPLbS/bdibK2/6iRzzzp+JTOqmOPLliw0Wgrc=;

b=i3KEZgo5MeK52Y9oT3aCGMJPEi+olYnoca/+taeL2AhYIglH9Rc1Q74UP0AgwuJg2u

8FC6ufueo/L4FIL95Vc656ByCKNK2wGt9f3CXfeh7r7KYWxKproGANmr6wPnGDpthg/Y

hzbPagk9GvRPr4N00LQFwJaqAONwu2WdvGiXE0x+qxAnAZXPeO2+WlRt+8s//OYh3lpu

OjaiNB0HlfF/AKj8/V5Es+cBo11tVVNLT6w154aPQuh93b4g6AjVGQG/koR8tsK3zhiV

5HutB9oQso6mFnm+H+XPEX9BHrm9AgzmhCg6khXW9FPa0G5HeODxrNFDkraCT1Bv7jFV

GScQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773718399; x=1774323199;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=fefTo4QPLbS/bdibK2/6iRzzzp+JTOqmOPLliw0Wgrc=;

b=X91+f2niXyOl9CR7r0GFa/EAe1XwpPJswdyHWvVpVxy23xdBS1nRGwoVtjPnk6J/2x

QjYZozugAVdxnnTYiVDQ5Zil35jwM8tR3FXWuJsqr0chf1POPy4D2x4H4wSOOL7Es3eS

0PTA+CEuSDIxQCaD5tnKNtUyTYFLg/L2yJjfRQit1SSL8T1NbyVy4l/19OZCuOVg6usa

jnq22vH5nvqkzIK+GcMzNB2BmXz6wWZ+mQZmpkpY2FWzzXtoPKmzrQ96LWx9wUwHWoCi

P3VCaETYrpdaqCrGCqwrQ+21O7YGC21g2h2XkP7Y6wp+IGYCrhfKhkEVzcGXWcYLmwh9

NfDg==

X-Gm-Message-State: AOJu0YwkDT5zpVP4aCrF+lnr3x3SKn8k9PxJOHVEOZC1gKsj398HlCIM

iooOnssJRWddzMbR/SFy5GkDf6E6IIb6CuzJbIy7TmpWvYTu++E7Yww5kv6WllCrmVxAnX4vOKU

LohSM6DVei3+7NA==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:f02f:b0:67b:b554:3931 with SMTP id

006d021491bc7-67bda98e279mr10671031eaf.10.1773718398959; Mon, 16 Mar 2026

20:33:18 -0700 (PDT)

Reply-To: cloudsystemalert@yopmail.com

Message-ID: <0000000000001a0323064d2fffb1@google.com>

Date: Tue, 17 Mar 2026 03:33:18 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Uploads_Paused=3A_Storage_Full_=26_Capacity_excee?=

=?UTF-8?Q?ded?=

From: Cloud System Alert

To: support@nk.ca

Content-Type: multipart/alternative; boundary="0000000000001a0314064d2fffae"

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your mailbox has reached 96% of its storage capacity. Manage

storage or confirm your account. Brand Logo Your Cloud Storage Is 96% Full

Content analysis details: (9.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in sa-accredit.habeas.com]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.72 listed in wl.mailspike.net]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.72 listed in bl.score.senderscore.com]

1.0 OFFER_URI URI: Offer in link address

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.0 ACCT_PHISHING Possible phishing for account information

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Uploads_Paused=3A_Storage_Full_=26_Capacity_excee?=

=?UTF-8?Q?ded?=

--0000000000001a0314064d2fffae

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Your mailbox has reached 96% of its storage capacity. Manage storage or

confirm your account.

Brand Logo

Your Cloud Storage Is 96% Full

Hello,

Your mailbox has reached 96% of its total storage capacity. This may affect

your ability to send or receive new messages and could result in important

communications being delayed or lost.

To avoid interruption of service, please take immediate action to free up

space or upgrade your storage plan.

Click below to confirm your account status and manage your account

prefernces.

96% Used

Get More Storage

Thank You,

Cloud Storage Support Team

To unsubscribe, click here.

Medical Products phish from Google Gmail Part 3

Posted by Dave Yadallee on Tuesday, March 17. 2026

/ FOOTER /

.footer {

background-color: #f7f7f7;

padding: 20px;

text-align: center;

font-size: 11px;

color: #666;

border-top: 1px solid #ddd;

}

.footer a {

color: #444;

text-decoration: none;

}

oadcast-logo-white.png" alt=3D"ABC" class=3D"abc-logo">

Technology & Health

Developing Story

|

Medical Tech

Bill Gates Invests $500 Million in Natu=

ral "Memory Restoration" Protocol

The tech mogul calls this "the biggest b=

reakthrough since the MRI," claiming it could

end the Alzheimer's crisis.

By Medical Unit Staff
>

| January 22, 2026, 10:45 AM =

ET

display:block;">

h/conditions_treatments/2018/07/1140-bill-gates-alzheimers.jpg" alt=3D"Bill=

Gates Interview" class=3D"hero-image">

Watch Full Report

(ABC News) =E2=80=94 A =

controversial new medical report has just been leaked,

revealing a massive investment that is shaking the pharmace=

utical industry to its core.

This natural protocol, now backed by tec=

h billionaires including Bill Gates, reportedly

restores memory function and reve=

rses cognitive decline in a matter of

weeks.

While Big Pharma is reportedly fighting =

to keep this information off the air, over

15,000 Americans are already using this simple method to re=

gain their mental clarity.

Doctors are calling it a historic turnin=

g point. Watch the exclusive report below to

see the proof before the video is taken down.

btn">Watch The Video Report

--000000000000a1213a064d2f36a1--

Medical Products phish from Google Gmail Part 2

Posted by Dave Yadallee on Tuesday, March 17. 2026

=3D1.0">

Health & Tech Alert

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	March '26					Forward →
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31