NetKnow Corporate Blog

Computer parts phish from Google Gmail Part 2

Computer parts phish from Google Gmail Part 1

Mr.Beast games phish Part 2

What’s included:

Posted by Dave Yadallee on Saturday, January 24. 2026

--000000000000315991064916a927

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

l editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body=

" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"directio=

n:ltr;min-height:224px" aria-controls=3D":73i" aria-expanded=3D"false">
id=3D"gmail-:534" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-a=

vf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" ar=

ia-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224p=

x" aria-controls=3D":70r" aria-expanded=3D"false">

ass=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-=

tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multiline=3D"true"=

tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-controls=3D":=

6yd" aria-expanded=3D"false">

-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"=

Message Body" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=

=3D"direction:ltr;min-height:224px" aria-controls=3D":6vm" aria-expanded=3D=

"false">

e gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D=

"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min=

-height:224px" aria-controls=3D":6t8" aria-expanded=3D"false">

ail-:5de" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-=

tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multil=

ine=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-c=

ontrols=3D":6qh" aria-expanded=3D"false">

ail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" ar=

ia-label=3D"Message Body" role=3D"textbox" aria-multiline=3D"true" tabindex=

=3D"1" style=3D"direction:ltr;min-height:224px" aria-controls=3D":6nd" aria=

-expanded=3D"false">

l-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message B=

ody" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direc=

tion:ltr;min-height:224px" aria-controls=3D":6kz" aria-expanded=3D"false"><=

div id=3D"gmail-:5fw" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-L=

W-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox"=

aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:2=

24px" aria-controls=3D":6i8" aria-expanded=3D"false">

class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gma=

il-tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multiline=3D"tr=

ue" tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-controls=

=3D":6fu" aria-expanded=3D"false">

gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-labe=

l=3D"Message Body" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" =

style=3D"direction:ltr;min-height:224px" aria-controls=3D":6d3" aria-expand=

ed=3D"false">

itable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" ro=

le=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:lt=

r;min-height:224px" aria-controls=3D":6ac" aria-expanded=3D"false">

=3D"gmail-:4pt" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf =

gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-=

multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224px" =

aria-controls=3D":67l" aria-expanded=3D"false">

=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-=

tY" aria-label=3D"Message Body" role=3D"textbox" aria-multiline=3D"true" ta=

bindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-controls=3D":64u=

" aria-expanded=3D"false">

L gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Mes=

sage Body" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D=

"direction:ltr;min-height:224px" aria-controls=3D":62g" aria-expanded=3D"fa=

lse">

mail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"te=

xtbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-he=

ight:224px" aria-controls=3D":5zp" aria-expanded=3D"false">

-:5np" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-=

tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multiline=

=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-cont=

rols=3D":5ww" aria-expanded=3D"false">

-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-=

label=3D"Message Body" role=3D"textbox" aria-multiline=3D"true" tabindex=3D=

"1" style=3D"direction:ltr;min-height:224px" aria-controls=3D":5u5" aria-ex=

panded=3D"false">

editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body"=

role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direction=

:ltr;min-height:224px" aria-controls=3D":5rg" aria-expanded=3D"false">

id=3D"gmail-:4hc" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-av=

f gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" ari=

a-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224px=

" aria-controls=3D":5p2" aria-expanded=3D"false">

ss=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-t=

S-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multiline=3D"true" =

tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-controls=3D":5=

ll" aria-expanded=3D"false">

aiL gmail-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"M=

essage Body" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=

=3D"direction:ltr;min-height:224px" aria-controls=3D":5iu" aria-expanded=3D=

"false">

ail-:4bd" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-LW-avf gmail-=

tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox" aria-multil=

ine=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:224px" aria-c=

ontrols=3D":5dp" aria-expanded=3D"false">

l-Al editable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message B=

ody" role=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direc=

tion:ltr;min-height:224px" aria-controls=3D":587" aria-expanded=3D"false"><=

div id=3D"gmail-:4wx" class=3D"gmail-Am gmail-aiL gmail-Al editable gmail-L=

W-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox"=

aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:ltr;min-height:2=

24px" aria-controls=3D":55t" aria-expanded=3D"false">

itable gmail-LW-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" ro=

le=3D"textbox" aria-multiline=3D"true" tabindex=3D"1" style=3D"direction:lt=

Posted by Dave Yadallee on Saturday, January 24. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 21:20:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjV7k-0000000046f-0WCL

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 21:19:48 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 21:19:48 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dl1-f52.google.com ([74.125.82.52]:58519)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjQki-00000000GqF-2rsp

for sales@nk.ca;

Fri, 23 Jan 2026 16:39:53 -0700

Received: by mail-dl1-f52.google.com with SMTP id a92af1059eb24-121a0bcd376so8739273c88.0

for ; Fri, 23 Jan 2026 15:39:03 -0800 (PST)

ARC-Seal: i=1; a=rsa-sha256; t=1769211537; cv=none;

d=google.com; s=arc-20240605;

b=ckSWyzykyD2ALE2ct2SJcldUqYvR/Zs5va5qBE0KiguLY6Nqon3IvXBPU2NfsG6S0D

DQFYJYv+H4C1/rDo0d7kvJGSx4Ad931MX/T+AP5bKIK/S7QfeZGOUonUUIm82ZLyZYzn

NQGcm/gVw0tHfDzvtgW997f/sVoMTetOFdJjm4pwkJ6fKr/sPnFkoSNlwvU6d3JRwafO

/ZImFiW8aeTWybQ7BoxJmV/gUH8LaO7axrq3rChO5JMd7fJSoRMZd4Ac1A7yFYeSfRB5

dRcCYh5TtgjliBPPWlPrZWwLxS6PFyq/doTx2ABIBddCbLAoNt8TeZvRwTlrz1y0ugsG

dyag==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=FX0p9v6ZNDAUj8e3BAMUWaWzVetnFL/b4w/7yxLxcJQ=;

fh=iLxZwJKvXy/8kJM+k1WC7dws1jRP8ojI37K3hj+/MZE=;

b=J16dD1XQXhTiIBCdniKylQ5OfWJsG7cR93sNUB2wTh8tslY8x49J2SgaCuVjX4xJZB

bHIENI8sA4wjZppP4i2JxPKgkUN83D18gyla9MDshcsMJNC1Qv94PMMWK3zgaGwoUdeL

VArEvI234rk1pFWHeSt4NYJYD4tL5wpx6/Zt+WgtCd0dYrCsdl2jlZkrQqHX5DnFVgYq

+HQXDyh1cfMLQsaQLFoWjW6Yrri7cbHNMP0Vmv/qwEVjJ0fC2d1QamkkWEe/rIy9eoqP

+1fecu+5S0RaUFPeeZeT5QkZjMNxMGuXNEjMxbtOSlmKYCp3wDfrY7k/TW/iOD1v1PIg

/yoA==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1769211537; x=1769816337; darn=nk.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=FX0p9v6ZNDAUj8e3BAMUWaWzVetnFL/b4w/7yxLxcJQ=;

b=TokXoJgsB/EsiMR8qZGao94pSY4Q/dwx1YI1CB/8SRRth3R/usHU9oFWA8R4qgf82X

5O6jBFGoC5wfweavJMn/YCsx85+q/dDE9PNjLZqaePfBUjfKBi2coD9D4bPWKEfEhL9Q

tj5fgLEY5Z7pFtBpAG95ES+cKsAdYTm5OskZ4vKpT0DGh2Xp/sGIaulVq7S+/aib/pzF

CrQV7RP94JDQqBQOny5kN9qo3caxcBjz8ia/GhPfc4f3ircu/zduHUXhe2JSzvyQQrTl

fszQqo88Cw12EJ2tZvXgzk6z4bAY6OmnKxNmtV6VWQb7sC2o1JPJEHWrhVdaetcowKn/

JNLA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1769211537; x=1769816337;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=FX0p9v6ZNDAUj8e3BAMUWaWzVetnFL/b4w/7yxLxcJQ=;

b=hXZxMZa3TagKnmEhnSOBCE9IW0WbPUnYby7fBMzDwlBYiQF9D+lSM0IPpLMWyZSCZ2

pzcJ1BG30UriNDegVLTjZrPm4RXBL9a7wPZ2JjF0OjR0zQ1/2bmSZdH2Vk5n723NOjwZ

IXGIC7SlPwmrZEFDSun7WABplcnAYN4pZfdwYworg0Ebh5FBm1NuQzBswbsktReQFZSg

WQduRf8XjKXi0nOBoD03iGb07E0mp0joNkYkb0flSFkuI4i/SRnvAE3YDLjj+ZX1H8Lt

irtLvWb2QojcyPawrcjc3feevX5TrP+dh9aT7ZMB51fVRXkWZJ5L0Bua0O3Y76wcjESS

RCxA==

X-Forwarded-Encrypted: i=1; AJvYcCUDIJORfkhs2XWTC8fXjOQ3gg8ZgtXWZAj7bKz5QUvGP86JY6d6Eo8vq4UoN8KWQvlyge2PRw==@nk.ca

X-Gm-Message-State: AOJu0YyGPfCsWWO9rlqTBbM3SeWPzNhcR6QQhYFa5ThWpx6HR+Ay6n3S

RL2ifzuWeGPt5qrGsV1wSBPDYrDjMPe0CinKbnhb/2Ew8/5dkBcQX1B04wJ6zNDllfXe3QkakVa

NtXkvNLSfwvQlcz63nQ9h5pTre83GeD4=

X-Gm-Gg: AZuq6aIpOWpa/ixE4hbtN3pBoEIcDzueRkFwFgdKgXn2gYTRTzan2rw6XR7Wc8O/fvt

vAtQpF5TTPKpD81M0fMzxzKfWLOjsM/fwIPAQv8ph5cvg9jge/QGlbv0K/e0FSx3fHgXJZzro8v

mxw6ykXWhU6q6uEKnFGA2tClUp6jMXJ/aDbmIyNXjTnivTMaASDMV/KWTIDpC/i22/tHVA+unb0

zidnzip2rxOgniEG+gkxcbrKTERBsmc9PuC6DKqOHgwdA+Bo06wrOp7XfE2zVSUi/44bvVNtbHu

jJzM/itiOwIYA04CP5gfWtxjDHLSxaGCug3T4bGjrcsF94uyh+FsxR+ePpLDDQgU

X-Received: by 2002:a05:7022:660c:b0:11d:f462:78ac with SMTP id

a92af1059eb24-1247dbf8d22mr2188032c88.28.1769211536954; Fri, 23 Jan 2026

15:38:56 -0800 (PST)

MIME-Version: 1.0

Reply-To: sales@computerwarehose.com

From: Kelly Combs

Date: Fri, 23 Jan 2026 20:38:45 -0300

X-Gm-Features: AZwV_QjaWmf4kTj6nm0Wa6YFkh9OtKG_TgVYUAD0m5FdvJT3HNYWtSUOsRo2F_4

Message-ID:

Subject: WTS

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000315991064916a927"

Bcc: sales@nk.ca

--000000000000315991064916a927

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hi,

For sell

All units are clean pull tested, confirmed to be in good working condition,

and come with a 3-month warranty.

SK Hynix 128GB 2S4RX4 PC4-2666V=3DLB1-11

QTY: 2400

=E2=80=8EPRICE: $85 each

Samsung 64GB DDR4 ECC RDIMM =E2=80=93 3200MHz

P/N: M393A8G40AB2-CWE

QTY 1760 =E2=80=8EPRICE:80 each

Samsung Enterprise-grade Solid State Drives (SSDs) Condition:

New

PM893 2.5" 3.84TB(SATA6.0Gbps)

QTY 1.300 =E2=80=8EPRICE:300 each

PM893 2.5"7.68TB SSD(SATA6.0Gbps)

QTY 2000 =E2=80=8EPRICE 500 EACH

PM983a 2.5"7.68TB SSD(PCle Gen3)

QTY 945 PRICE 500 EACH

Condition:Used SK hynix 64 4DRX4 PC4-2933Y-LD2-12

HMAA8GL7CPR4N-WM TG AC 2005

QTY1000 =E2=80=8EPRICE: 120

Condition:Used SK hynix 64GB 2RX4 PC5-4800E-RAD-09

HMCG94MEBRA109N AA

QTY2350 =E2=80=8EPRICE:120 each

Condition:Used SAMSUNG

DDR5 EC8 RDIMM

32GB 2RX8 PC5-5600B-RE0-1010-XT

M321R4GA3PBO-CWMQH NA1TD200,

QTY.1690 =E2=80=8EPRICE: 60

Regards,

Kelly Combs

COMPUTER WAREHOUSE

4698 Nicholson Ave, Kansas City,

MO 64120, USA.

+1 (816) 295-9202

www.computerwarehose.com

sales@computerwarehose.com

Posted by Dave Yadallee on Saturday, January 24. 2026

.header {

text-align: center;

font-size: 24px;

font-weight: bold;

color: #007bff;

}

.content {

font-size: 16px;

line-height: 1.6;

margin-top: 20px;

}

.content ul {

list-style: none;

padding-left: 0;

}

.content li {

margin-bottom: 10px;

}

.footer {

margin-top: 20px;

font-size: 14px;

text-align: center;

}

.button {

display: block;

width: 200px;

margin: 20px auto;

padding: 12px;

background-color: #28a745;

color: white;

text-align: center;

border-radius: 5px;

text-decoration: none;

font-weight: bold;

}

.button:hover {

background-color: #218838;

}

color: #333;

background-color: #f9f9f9;

margin: 0;

padding: 0">

max-width: 600px;

margin: 0 auto;

padding: 20px;

background-color: #fff;

border-radius: 10px;

box-shadow: 0 4px 8px rgba(0,0,0,0.1)" class=3D"container">

font-size: 24px;

font-weight: bold;

color: #007bff" class=3D"header">

Hello Sir/Madam,

line-height: 1.6;

margin-top: 20px" class=3D"content">

Congratulations! You’ve been selected to join MrBeast&=

#8217;s 2026 Global Games Challenge, an all-expenses-paid 30-day competitio=

n taking place on MrBeast Island!

This once-in-a-lifetime event will bring together 250 contes=

tants from around the world to take part in a massive, mystery-filled compe=

tition filled with surprises, teamwork, for a life-changing grand prize and=

the kind of epic moments only MrBeast can create.

January '26

✈️ Round-trip international flights

🏨 Full accommodation and meals

🚗 Local transportation and logistics

💵 Allowance throughout the 30-day challenge
>

Each participant is also entitled to bring one person only (=

a friend, family member, or spouse), whose travel and accommodation will be=

fully covered for the duration of the event.

📅 Event Duration: 30 days in 2026
p>

📍 Location: MrBeast Island<=

/strong> (exact details to be revealed soon)

To confirm your participation, please reply to this email wi=

th:

padding-left: 0">

Your full name (as on your passport)

Country of residence

Contact number

A simple message: “I accept and confirm my partic=

ipation in MrBeast’s 2026 Global Games Challenge.”

Once confirmed, our team will send you all the details and n=

ext steps to prepare for the journey.

We can’t wait to see you take part in what’s set=

to be MrBeast’s biggest global challenge yet!

width: 200px;

margin: 20px auto;

padding: 12px;

background-color: #28a745;

color: white;

text-align: center;

border-radius: 5px;

text-decoration: none;

font-weight: bold" href=3D"mailto:team.mrbeast@outlook.com?subj=

ect=3DConfirm%20Participation%20in%20MrBeast's%202026%20Global%20Games%20Ch=

allenge&body=3DI%20accept%20and%20confirm%20my%20participation%20in%20MrBea=

st’s%202026%20Global%20Games%20Challenge." class=3D"button">Confirm P=

articipation

font-size: 14px;

text-align: center" class=3D"footer">

Best regards,

MrBeast Global Games Challenge Team

Beast Games Productions | 2026 Global Challenge Division

Categories: Phish

0 Comments

Mr.Beast games phish Part 1
Posted by Dave Yadallee on Saturday, January 24. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 21:20:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjV7M-0000000045o-2CnL

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 21:19:24 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 21:19:24 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.219.220.140] (port=35494 helo=mail.kevinchenrotypack.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjQ2s-00000000Ekh-1diw

for doctor@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 15:55:32 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;

d=kevinchenrotypack.com; s=202600; t=1769208677;

bh=qECqKgiAGAi5qAC/VViFiX9WGv5nN9VZwooG+VmGhY0=;

h=Reply-To:From:To:Subject:Date:From;

b=gIyv0MQCWmfqEYD0AkJId/BBY174gZEfOOnHsyGoK1FFyTSfAFaL7tiTfC+68+PQ5

4sCqvU3KI7MaB2+IGYEopZulsNbqJo2hctEjGpp2GK+gEychtTPh/vEQ7FN84lP256

4o12YyPqNdhhgx9XlzTtOOiqrL7FCBhiRnR/DsCqm3IUq90gnUAoOpXQf61AZbejKt

8s1YylJcHLDNIHz5pk76pS48XNHB0+PMJU2KfyIxUrr0ym7ruQkNKY1pv6LfJ1lFkn

01bwNziC6QHeTc4DZPScSFVugEtNZih3ixkwZeGp1xi5d9YOzBdjVCEzJdu7q4JCVc

eu+ofOqu1A6WQ==

Received: from [23.146.241.156] (unknown [23.146.241.156])

by mail.kevinchenrotypack.com (Postfix) with ESMTPSA id 4C9F744447

for ; Fri, 23 Jan 2026 22:51:16 +0000 (UTC)

Reply-To: team.mrbeast@outlook.com

From: "MR BEAST GAMES"

To: doctor@doctor.nl2k.ab.ca

Subject: Mr Beast Game Challenge

Date: 23 Jan 2026 16:50:50 -0600

Message-ID: <20260123164325.88111C958D43ED85@kevinchenrotypack.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 15.3

X-Spam_score_int: 153

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: MrBeast 2026 Global Games Challenge Invitation Hello Sir/Madam,

Content analysis details: (15.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.219.220.140 listed in dnsbl.ahbl.org]

[185.219.220.140 listed in dnsbl.ahbl.org]

[185.219.220.140 listed in dnsbl.ahbl.org]

[185.219.220.140 listed in dnsbl.ahbl.org]

[23.146.241.156 listed in dnsbl.ahbl.org]

[23.146.241.156 listed in dnsbl.ahbl.org]

[23.146.241.156 listed in dnsbl.ahbl.org]

[23.146.241.156 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.219.220.140 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.219.220.140 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.219.220.140 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.219.220.140 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[23.146.241.156 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

[185.219.220.140 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[23.146.241.156 listed in sbl-xbl.spamhaus.org]

[23.146.241.156 listed in sbl-xbl.spamhaus.org]

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[23.146.241.156 listed in zen.spamhaus.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_HK_NAME_MR_MRS No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 HK_NAME_MR_MRS No description available.

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

Subject: {SPAM?} Mr Beast Game Challenge

=3D1.0">

MrBeast 2026 Global Games Challenge Invitation

Payment Action Required

Your antivirus protection plan expired on Jan 20, 2026.

Why this happened: Your payment method on file was declined. Update now to secure your

device.

Threats Blocked

0

System Status

At Risk

Reactivate now for 80% OFF

RENEW-2026-SAVE

Update Payment & Secure Device

Secured by 256-bit SSL Encryption.

You are receiving this operational email regarding account #8821.

Manage Email Preferences or Unsubscribe.

Categories: Phish

0 Comments

McAfee Phish Part 1
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 12:35:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjMvL-0000000034y-1jql

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 12:34:27 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 12:34:27 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [145.249.115.215] (port=48167 helo=stonehaven.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vjMXk-000000001pO-3FqJ

for doctor@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 12:10:12 -0700

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=doctor.nl2k.ab.ca;

h=Date:To:From:Subject:Content-Type:Mime-Version; i=doctor@doctor.nl2k.ab.ca;

bh=57BTHUixZPk6/DznsWlC2DZMhlo=;

b=XSm9sEl1JStoCjWuiF2KttbfcUTJUmaLci7jVzqSBdVpSu1DEQ8rnu/AcA4ugDeWOkLSpJtX3PQC

x74s5TwRP1DlhOV1ykhel01bXE3rh6a7aoR2MvMegaMoWrN15Mt/ATcaguBQJwQ153AroPESQboq

EplSPpJ4LiojItIqHr4=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=doctor.nl2k.ab.ca;

b=HRSMkI8R4JcYUJM8aJXTx0gH2a3nIsTyMxdx+p6IREURcaNVwyICaVgBeG/I/96UTHV+HXQhztvC

5asdJf9uO9UeDy/nftm/WtqDoudjKnmPFIaKvULAD0ciQBmaTyKdMorBPwYZzBwn7P6fEmQ+Am1M

zLRD+riKtPpvtBTP97I=;

Date: Fri, 23 Jan 2026 19:09:17 +0000

To: doctor@doctor.nl2k.ab.ca

From: McAfee

Subject: McAfee Protection Plan Ended on Jan 20, 2026

Content-Type: text/html

Mime-Version: 1.0

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Subscription Renewal Payment Action Required

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: support-uk.online]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: support-uk.online]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: support-uk.online (online)]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

1.8 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

Subject: {SPAM?} McAfee Protection Plan Ended on Jan 20, 2026

Subscription Renewal

Payment Action Required

Your antivirus protection plan expired on Jan 20, 2026.

Why this happened: Your payment method on file was declined. Update now to secure your

device.

Threats Blocked

0

System Status

At Risk

Reactivate now for 80% OFF

RENEW-2026-SAVE

Update Payment & Secure Device

Secured by 256-bit SSL Encryption.

You are receiving this operational email regarding account #8821.

Manage Email Preferences or Unsubscribe.

Categories: Phish

0 Comments

McAfee Phish PArt 1
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 12:35:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjMvG-0000000034k-0TzV

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 12:34:22 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 12:34:22 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [145.249.115.215] (port=55537 helo=stonehaven.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vjMXF-000000001nN-0MxR

for doctor@nl2k.ab.ca;

Fri, 23 Jan 2026 12:09:41 -0700

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nl2k.ab.ca;

h=Date:To:From:Subject:Content-Type:Mime-Version; i=doctor@nl2k.ab.ca;

bh=dQEeNjBBeHxANs4squIpOllqazA=;

b=L5f/fsdNlx1L4pXdOh04h3fWWuk1OG1cErj3KGZp33EBmJVzRzqxlEY2+QPr+hwPSWmyxcYfWpzq

9eNUP0caTfOJRqVURItBCEftBjZI0gxuzwaIhVUv3POtA1sAy1o2INwROXcQmBb4bg40vSX0pqHw

/t/vVUwjHIdnQmN9uqg=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nl2k.ab.ca;

b=zGhud1+46ySd2n5P4ax+jtgeMobIdOFHq/JYVfResGlBJU6QTkPATzEvDgPiW8vkWoQByF613E8x

/glVcK71QfIwLM0tFdkbwG597zYJivHWeH25lvXDM+S+KrY6tK58qzVHCo9j3ImlGJPrDAFRFTQy

5wvTqfS3ZpzS4XKFXOE=;

Date: Fri, 23 Jan 2026 19:08:43 +0000

To: doctor@nl2k.ab.ca

From: McAfee

Subject: McAfee Protection Plan Ended on Jan 20, 2026

Content-Type: text/html

Mime-Version: 1.0

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Subscription Renewal Payment Action Required

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

[145.249.115.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[145.249.115.215 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

[145.249.115.215 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: support-uk.online]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: support-uk.online]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: support-uk.online (online)]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.8 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

Subject: {SPAM?} McAfee Protection Plan Ended on Jan 20, 2026

Subscription Renewal

=0D=0A=0D=0A
=3D"MSHTML=2011.00.10570.1001">=0D=0A=0D=0A
Dear=20dave@do=

ctor.nl2k.ab.ca,
=0D=0A

=0D=0A
My=20Name=20is=20Mr=

s.=20Cecilia=20Charlotte,=20From=20United=20Kingdom=20London,=20The=20Wife=20=

of=20Late=20Mr.=20Charlotte=20Tobacco=20Global=20European=20Plc,=20To=20be=20=

honest=20and=20truthful=20to=20you,=20I=20am=20looking=20for=20a=20good=20a=

nd=20honest=20person=20,=20who=20will=20assist=20me=20with=20the=20Charity&=

nbsp;=20Project=20in=20your=20country=20,=20I=20and=20my=20late=20husband,=20=

have=20a=20will=20of=20$,=203,700,000=20United=20State=20Dollars=20,=20to=20=

Will=20to=20you=20for=20orphanage=20people=20and=20homeless=20people =20=

in=20country=20
=0D=0A
Your=20feedback=20is=20welcome!
=0D=

=0A
Thank=20you.
=0D=0A

=0D=0A
=0D=0A
=0D=0A=0D=

=0A
=0D=0A
Best=20Regards!
01/23/2026
=0D=0A

=0D=0A=

--07390708854E4B279D87ABD800D2CBF4--

Categories: Google Gmail Spam

0 Comments

Charity spam from Google Gmail Part 1
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 09:40:00 -0700

Received: from mail-ed1-f66.google.com ([209.85.208.66]:46158)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjKBx-00000000G5A-0cbJ

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 09:39:35 -0700

Received: by mail-ed1-f66.google.com with SMTP id 4fb4d7f45d1cf-64d1ef53cf3so3103669a12.0

for ; Fri, 23 Jan 2026 08:38:39 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=diamondindia-net.20230601.gappssmtp.com; s=20230601; t=1769186313; x=1769791113; darn=doctor.nl2k.ab.ca;

h=mime-version:message-id:list-unsubscribe:subject:to:reply-to:from

:date:from:to:cc:subject:date:message-id:reply-to;

bh=qwne1i0V7Ip0nNmGaBfPfnPeLAcBpf4MfHVkvc4O0gM=;

b=VahwTK6LqOgBDypyggO1+3bRqS9YbXf9N2f8fyQvH0QLlAi14fMdSMCMBq8YtWQk7Z

HLCFlO5r40SFdE3mCOJ6UMcNPD85qlbIwkWw5in+UIZ6lyXzsGMO4jh+c725UG+AZHKz

1r9MUP6M+HjrhElmtNyfnr5xC1GOqgECB2ryeqiyPdOxM10ZRoy4YATHQs6nfBhZrFKy

jAqaMLVrSTs+8a75bev7uGXlmbGOJj/TZJxSlQHJAVM8fmOqrFPwSXXOcX+bTesHIPmJ

k3e+M3E4YP1KsXRLmxIpdmtGhEOwcAhOnotlCMTQfHFHzIBlkupdczbum8ghb2pShEhe

k35A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1769186313; x=1769791113;

h=mime-version:message-id:list-unsubscribe:subject:to:reply-to:from

:date:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=qwne1i0V7Ip0nNmGaBfPfnPeLAcBpf4MfHVkvc4O0gM=;

b=BL23/g9R5gVN6Ea92LoaYLQm+dCEHO0inhFYwSU1ut6aZxJhZge7Dzx/GaIMjCeFL5

MknOm6WzcIHZriU29nAItAlOPLwpw8oGR2+d7YOzDTwII1O+o3xci4s3bF2c2sRqmGC7

LsMwDWgK9jlVEmXXgUrtpXHbjp6WnIl+vqjKUyydMC4BI+wqu8ILINarG6ss+sEwqVsN

AQ/hlQ9FolA4b9ylbjRWGCLrM+8tFn12F8TGivlRVBKtPKLBAiv66aWd1HtTco/hbVls

L/qWD3fUEUmrZ8ZP88qrXMWwSf8+NwpTU5ItVaei4N/HeVU2qmdm7USME13lm3yZBWgH

d5kw==

X-Gm-Message-State: AOJu0YxP7cyBJcmWtDkvB0RGA8WA517Z3+TtxetVdmMXqy27Z5EiE9Yl

SJNbhgzFsYBVZD7iVzapc60Tu3hRkJOpc0iqirWVlhrQPm6SOmQRD30AhamvDlBI3r0nsUis5PV

xkZdqWioEqkm0MdY=

X-Gm-Gg: AZuq6aIlIW+eE6WG/DXpVJlqXN0rC7ceQZyqyUyt7BdzGu+mv0EoQRN1nohxHF0LYK7

bw1vZkGKq01ZUrtzaT5wHluyiJkShu45PQMouTl+ALZ1P+NitywNuZRxLSCffJHtrWCCRz/bqGE

027JoXw3+aXIF8j9y3YuOwPNpgdENm8sZaiD/n+7L6FQb1XzYCF33U554x7t727ViQ8Gzd3C6MX

F007dw5y4NyQZxLfdePU1sSLFVn8GmUUKq6NNY9XEvKoVT/80gfjMYRAjfU+iV9lhIVyztApI2l

Mtr5Quio6Fdmyi60rsl2sBS4aLUjwNKd1e0ue+TICrIJPcfztNsqwS6xwlLKpUHYwg8KBBTLZ+7

udYI5bZckMj0ZRkFL2tbvA6jlUrmTu2tpmEE9tYSmd5fRYl1zwjOEVTAixczVFJu6YPeIhNT1JI

86SM6E4SGXgB0cvZsh2OIkBp79jJ+i9/k=

X-Received: by 2002:a17:906:2099:b0:b88:646b:ae32 with SMTP id a640c23a62f3a-b88646be0bcmr130709966b.22.1769186312388;

Fri, 23 Jan 2026 08:38:32 -0800 (PST)

Received: from DESKTOP-TFCM5OQ ([105.112.217.80])

by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b886048e808sm105452566b.9.2026.01.23.08.38.30

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Fri, 23 Jan 2026 08:38:31 -0800 (PST)

Date: Fri, 23 Jan 2026 08:38:31 -0800 (PST)

X-Google-Original-Date: Fri, 23 Jan 2026 08:38:26 -800

From: =?utf-8?B?TXJzLiBDZWNpbGlhIENoYXJsb3R0ZQ==?=

Reply-To: mrscecilian@hotmail.com

To: dave@doctor.nl2k.ab.ca

Subject: =?utf-8?B?R3JlZXRpbmdzIG15IGZyaWVuZCAtIE1ycy4gQ2VjaWxpYSBDaGFybG90dGU=?=

List-Unsubscribe:

X-Priority: 3

Message-ID: <887ABCC22B19459A93AD6B2F8DC4DF98@diamondindia.net>

Mime-Version: 1.0

Content-Type: multipart/alternative; boundary="07390708854E4B279D87ABD800D2CBF4"

X-Antivirus: AVG (VPS 260123-2, 1/22/2026), Outbound message

X-Antivirus-Status: Clean

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear dave@doctor.nl2k.ab.ca, My Name is Mrs. Cecilia Charlotte,

From United Kingdom London, The Wife of Late Mr. Charlotte Tobacco Global

European Plc, To be honest and truthful to you, I am looking for a good and

honest person , [...]

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.66 listed in dnsbl.ahbl.org]

[209.85.208.66 listed in dnsbl.ahbl.org]

[209.85.208.66 listed in dnsbl.ahbl.org]

[209.85.208.66 listed in dnsbl.ahbl.org]

[105.112.217.80 listed in dnsbl.ahbl.org]

[105.112.217.80 listed in dnsbl.ahbl.org]

[105.112.217.80 listed in dnsbl.ahbl.org]

[105.112.217.80 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.66 listed in dnsbl.ahbl.org]

Categories: Google Gmail Spam

0 Comments

Ukrainian ladies spam from Microsoft Outlook Part 2
Posted by Dave Yadallee on Friday, January 23. 2026

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?cHhwNkZleXJrWHU0a1BHL1JDNnJ5WWVwOXROQ1RMMVFVUU0vdmxRV1VqUlhV?=

=?utf-8?B?RDViMzFCZWxIRERibityQWg5b3BRcy9SUENvOEVrbFJEUzRmbzVGZVZueXpq?=

=?utf-8?B?SytSL244UGw3ZDIvUm1qWjRZcWJORVh1VWxxUWF4UzRoLys3QllkdGZnNFgv?=

=?utf-8?B?NmVub3pYSFB3QXBiaE1UbHRoR1kxaFZNNEJ6b3Q5cHZBRVEyQ3FKa1dYTW9m?=

=?utf-8?B?R0tuTlhsUlZmTGtFZUpsQXdhd1lyNHd2Y2VhV3FVYmpDNmRlMmhpUnpMaEpS?=

=?utf-8?B?dy90blBCNnM0N0JoMXJMVndKSXR6eTJNRUJzTkVITEl6VnB1WklaWXVKdmNw?=

=?utf-8?B?azZDSEVENzdMR1RENWtYMHdvSGpETmpoMFRkNHkySUNxZC8xM09PaDE0elF2?=

=?utf-8?B?VWJIcSt1ZURpOVZBb29Xc1NZWDRxZ2FocnplM2N3d1lVcHpNVUFTUjdiMXRm?=

=?utf-8?B?aFMvQUlPWWN3UkwyMU5TRnVwMm1LbHNYMDVXblN3WHZYcDAvalJZVitvZTdI?=

=?utf-8?B?OXhONXhBR0cyT3FkZnduWFluWTVQU2JUNjVvRFErck5GbjdvRE1leGJoeVdr?=

=?utf-8?B?Tzd4UzJMZVgrZ05JYXA2aGYvc0h1QUNmUmlmYU50NE1KSFo5eFdVZFhvYmVx?=

=?utf-8?B?OXRtWUE4TTRtRlRRQUVEajBIOHJmZ1oyTUxkVnUzRFU4N2RsQVNMOG83TVZB?=

=?utf-8?B?bXJqc3dsTkdiRXJtaitVNXV1c0lTSlJ4cVk2OE00d2EyTVYwSnUwbkF3SHZn?=

=?utf-8?B?MXljM3VpVmo1WERBaGVsQkhOZ1V5M2JQRWUxMTI2T2N6UnN5NlBsM2dPdDgy?=

=?utf-8?B?aDJDUVFCWW5pbUVqMmxVVU1wU2k1aU0rL1BLdCtoVWNKUVQyNlRoS0xUcHdL?=

=?utf-8?B?ZzFLOGhvQWhvMW9INGpTZEhBVmsvMTF5VDdITjZNRGRZamNiOEtBdy91cmdw?=

=?utf-8?B?WDVUbUg4K1lzODQ3NUo0SWFTQ0RkSDVoblByaGNGWHowQ0RsZFNYRlhuMmNT?=

=?utf-8?B?WlVQclFTVHc3ZnczeVFLblVjcmVEN1Q0NExGL0tNd1lhNzE2RVo2bkgzc0NG?=

=?utf-8?B?NlpZY0NWUXJVUHhnUmZjcmxmdTVXTWdvV0tOTTZFelA0NkVuK280bnZCMGpS?=

=?utf-8?B?cjdraEl1TUc2Mk9TR2VtbnNreWNGZkw1RWNTVU00Vnp0anJVQkViWmhOaStP?=

=?utf-8?B?byt6TWpPb2JZaDRyL3RtMUpCcDNjQUFpQ0lRTU5OSFpSSVBuMlV5U2p4NHY2?=

=?utf-8?B?dWlMZW90a0xDS2hHVTZCdWtQd29OazZ0dWljWlhCQk5xYUJDZTRuWGpnUHlF?=

=?utf-8?B?Q0I5ZGZSVzA0R2daOE51ZERxdjFJencrUUlkVEt5SGFjTDh2S3dxZkVsUjhD?=

=?utf-8?B?dUhObjV3dHZhaC9EMjBQYk4yR0N6RXdKRkkwTUovZ2ZTcGczTFMyK3JzemE4?=

=?utf-8?B?elMvVFRkZU9tMjNaTnVQN2Q1RTFZVC9UWUNKeml6UlN6OFhsdS9TQm85REZR?=

=?utf-8?B?SG1OUVF3RFJXN1Q0ZkIyUkRSUUVmL2dCWDBRZlFraVBaK1F4THlJbmZzWGF6?=

=?utf-8?B?eFdMVGg3OTNFK2RSRkI4M0F3YnhWMWR6QTZtVkd0aTBLWTVlL1RySEZZWlM3?=

=?utf-8?B?dE94bGJTNHdFd0QxaU02emlnQXZHZ1lSOFlQa1h3cXNWQkJ3UVB6S1l3c3c4?=

=?utf-8?B?VXdHVlNzTDhWRFFITDVSeUdHbnIwZjZxYXVGMVp2bVIwTGdvc2MwaWVjQW0x?=

=?utf-8?B?UlFEbG9OTjlmUHpWRXVFOS9IYWNQTUlRQUhhNWp2cUZmdGthYkY5RVFFZk5T?=

=?utf-8?B?R0tzRmxjUnBha2VBVzk2UUFIQjBCMGFRSlViR3ZaZFA1cDRQTndyK1owVDFt?=

=?utf-8?B?aWlIeUZhOFlpV3ArVkpKOG96QnJTSEpjUTR3UkNBeFlxV0E9PQ==?=

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-debff.templateTenant

X-MS-Exchange-CrossTenant-Network-Message-Id: a2c382f9-e045-4931-bf07-08de5a851d09

X-MS-Exchange-CrossTenant-AuthSource: MA3P292MB0573.ESPP292.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2026 13:41:30.0201

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:

00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA3P292MB0218

X-Spam_score: 6.1

X-Spam_score_int: 61

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: You Might Enjoy This A small space built for people who prefer

depth over noise. Nothing flashy. Just real exchange. Have a look: Check

It Out

Content analysis details: (6.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.36.1 listed in dnsbl.ahbl.org]

[52.103.36.1 listed in dnsbl.ahbl.org]

[52.103.36.1 listed in dnsbl.ahbl.org]

[52.103.36.1 listed in dnsbl.ahbl.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[dnsbl.ahbl.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.36.1 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.36.1 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.36.1 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.36.1 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:250:22:0:0:0:5 listed in]

[will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

[52.103.36.1 listed in will-spam-for-food.eu.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[joni3tx3casio(at)hotmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.36.1 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Your next connection is active now

------=_NextPart_000_DD89_1456F66A.F46A5954

Content-Type: text/plain;

charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

You Might Enjoy This

A small space built for people who prefer depth over noise.

Nothing flashy. Just real exchange.

Have a look: Check It Out

If you prefer not to receive messages, unsubscribe

=

------=_NextPart_000_DD89_1456F66A.F46A5954

Content-Type: text/html;

charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

iv align=3D"center">=0A=

You Might Enjoy This
an>
=0A=

=0A=

=0A=

=0A=

A small space built for=

people who prefer depth over noise.
=0A=

Nothing flashy. Just real exchange. =0A=

=0A=

=0A=

Have a look:
href=3D"https://rb.gy/rjowde">
16px;">Check It Out =0A=

=0A=

=0A=

If you prefer not to re=

ceive messages,
t-family:Arial;font-size:12px;">unsubscribe =0A=

=0A=

=0A=

=0A=

=0A=

=0A=

=0A=

=0A=

=

------=_NextPart_000_DD89_1456F66A.F46A5954--

Categories: Microsoft Outlook Hotmail Spam, Phish

0 Comments

Ukrainian ladies spam from Microsoft Outlook Part 1
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 07:51:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjIUP-00000000J1O-0zXG

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 07:50:21 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 07:50:21 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-spaincentralazolkn19010001.outbound.protection.outlook.com ([52.103.36.1]:61928 helo=MA2P292CU005.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjHR7-00000000CxZ-2Jbi

for doctor@nk.ca;

Fri, 23 Jan 2026 06:43:02 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=kU8fy641Eezrv0Ab/scBwiYVXuvYLQxvm/jJJ7fxZpg4ndCEmqRb7nTkPcnsB+vPOCQE4amSw+nkEli8bsMmXSZ/8h0sNF9NCZYRxIq7p/zJzxhJvTdywbpvtMym8+F5EzsyES1VA/lW1TyKB3hl1UD4McItjC1aHLEzPeOia6Sq/YjhZ9tVB1Nzf1a/jtzjTQkEFfaPA8W5Vr/P/lU7OeeOu2Bw6VWMKbdUGCAlgoyA2GRwxnZDevXJlWah+T1h28Cllfk6HgGUqJoQid02TBCMoDUVSTVme0uIe+D7nvc9iuwjTDby4VQVd2jkmVqHTlQ5E1T+F06FnDqcNahZbA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=JXj6HR9/JV1zZXmYOdw45DaYJ0MLA1LiLOhD55Nxp98=;

b=QSfoXcRnlpq2aWqP4ta0mYU2QXg5yXQWBWyZ/JuG9g5GpRJzpc8Xka6rjPTuzX4UGImPXy0aSpbNbr7VLvDhAYKfZelNjbEf1lw/Krrzf1BB2gVnrWYnY/9dorukcHwHuq16lb66mZa41Ni7502ruvw9GoSWwlVj8zmyyJ4RDgEiN8M4oIO8aHHI0XqNbS9od31Z+a2dIory3f3AHqPBPGtz/yj14l0Jpsutjj35sFrGBtS+aYlWhj9Mofd5Evj4Pwzhtfzo0XLGDkgJXavjKxuVXdxgXP1F6q9s2T91tSc4nR271fft6Mu6gkMgLIKB5Lv4+st+nHm4/3eshkaWYw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=JXj6HR9/JV1zZXmYOdw45DaYJ0MLA1LiLOhD55Nxp98=;

b=QjU8PJ1FMXY5opkp4vToKHh/ba79QMgoxMhp9U4fr/IPLWW0blhulXnuOOQCWVPY1bOqTHBYI+NtgYzXwa4nqheScJh2qCFQWfPieC/Tk5S5Sl6UNoik8d5JM/6267VnYMSjgyfUf25uvH9XL+sc25R3kyixR/Xs7aXDi6Oek12FaQyqraTl5jA9gpxg6bZK1XieNYGfPS+kshotTproa5qOjXBQmZIEXnpoQn73h6ikXjX2LgaYCss/kMdfAptFyJ1JKw2ltn4qOrO0rNZNdQ3JS7eUYj4UslFOgN0ps/3hiCOqG+V+mOE/8yCNW5bfDRY8n8D5iNJAVOHz5OXpxw==

Received: from MA3P292MB0573.ESPP292.PROD.OUTLOOK.COM (2603:10a6:250:22::5) by

MA3P292MB0218.ESPP292.PROD.OUTLOOK.COM (2603:10a6:250:24::7) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.9478.4; Fri, 23 Jan 2026 13:41:30 +0000

Received: from MA3P292MB0573.ESPP292.PROD.OUTLOOK.COM

([fe80::6205:95c8:8d:7e00]) by MA3P292MB0573.ESPP292.PROD.OUTLOOK.COM

([fe80::6205:95c8:8d:7e00%7]) with mapi id 15.20.9542.008; Fri, 23 Jan 2026

13:41:30 +0000

From: "UkraineGirl"

Subject: Your next connection is active now

Reply-To: "joni3tx3casio@hotmail.com"

X-Mailer: Gmail

Date: Fri, 23 Jan 2026 14:41:27 +0100

Message-ID:

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_DD89_1456F66A.F46A5954"

To: Undisclosed recipients:;

X-ClientProxiedBy: LO2P123CA0058.GBRP123.PROD.OUTLOOK.COM

(2603:10a6:600:1::22) To MA3P292MB0573.ESPP292.PROD.OUTLOOK.COM

(2603:10a6:250:22::5)

X-Microsoft-Original-Message-ID: <1.f00670bf09c6bb7f918f@DESKTOP-N0MTKOQ>

MIME-Version: 1.0

X-MS-Exchange-MessageSentRepresentingType: 1

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: MA3P292MB0573:EE_|MA3P292MB0218:EE_

X-MS-Office365-Filtering-Correlation-Id: a2c382f9-e045-4931-bf07-08de5a851d09

X-MS-Exchange-SLBlob-MailProps:

Cq7lScuPrnr9cOglUl1urTSFBsjx1OD0bLJ9JrPuVoRqdghVv2DMRDVEHdnqziz2h5xY427YY1vlpVA5ZNVpdPT2lkw0rz7V0bgqDi8h4IzH1dNm01FyxVdPffaHJGKZn43wvBdhn291LHim5XUb7g7aaa/SVPLjRNp8y7dhVSYXgBGzTainocp/zzkJaIxAh4xIDW6rpLSiNTylMcO/PxkE/GJK3VfbQYPgZ+K64FU8gEs3jLs2vU+rrAUNXDmruV7+azlD/ZEDU45aHqVempg9cMTo5kKdghv2oXQWwoBdASL/8E0MlmSkNeDJglia25pNfaeAZ+hWwK/ji1cRxOk4h2Wms6CBnQLO61alc1c8jQfBKcjLkNq6yF++CfQUVyJPrrZT/d6AbaVyOvxBUsdDda91pJTj8bD5bBnQdezfw9aX/NIrTxkp597vu0ixYG5JTMJ/ttbCLm6dHC9jHZFP5NpsXIyjQXvQD7nYdazCLDvPKyayNwFQh1gQybeoeoiQFy/0qfOVynxQU0rUSaCCtR95kMzAp29Df756jnheMB+KOpMVZZjtUOCF70iLq4bzpUbym/0EjyR/LtsEaNf40/WKog5+6BnJcNBHvqy1vTHwdFrLNkUJ9vm3gogM3+K52TwGDw6bbFFmfCAOxBBUdJmDR3PsCRk5hJPNChfoUXizqWd20h9CazMr5h9wRytrnly1JnrvkZid5EyeV1+WZNJwg7Zuh/5obOXZ1o5Siwzo5pgK7Wtd62Q/SL9KoWnLPz3Xf78=

X-Microsoft-Antispam:

BCL:0;ARA:14566002|15080799012|8060799015|23021999003|5072599009|461199028|12121999013|19110799012|12050799012|42300799018|9400799043|39105399006|20031999003|440099028|35041999009|4601999015|34005399003|40105399003|3412199025|39145399003|4302099013|10035399007|19111999003|41105399003|1602099012|56899033|2406899039;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?ZFZkRVFDdEpscngrcnVlcjFock81ek5ZUkJSZGhjNnlMT0hMYy9MeG5rRitS?=

=?utf-8?B?aUF5aGpKNVJWUStIRHMyenVscSs2eFdwd1hSSTJkN3N3SGltMzZ3TjNObWVt?=

=?utf-8?B?akJPY1JVQjVUT3phRE5aYU04Wk9mdGUzODA1dGZFTWtTTE9CRzkybkRGTmZT?=

=?utf-8?B?ZmlFZXViRXpZT25CcmhQV0phOVIzTEVuUXNsa0FqRzI0NjFhc09DUTFEd3F5?=

=?utf-8?B?a0dFVjdGa2pPdldOMFprZXB5S3ZoZXJmQVJFQVdmWUhST1dBQW1LOXVaNVpW?=

=?utf-8?B?OW5zVDVWTFBsNyt1WHJ3NmVRU2pmaWJtR2YvZE1qTEhKZ2NCUGR5eUpjUE5Y?=

=?utf-8?B?SmVoa21vQ2Jnam9vallVZ3NFOXMxVEhtWFY5WE1aM0llVkhVbFlYdXRyeFhM?=

=?utf-8?B?RnI3N3NkOWZUaXllaEZ2SU1UdWd3bkwrTys3eGdsbEdXT3d3NzNFcC9KVzNT?=

=?utf-8?B?Uno2U0x5elRWWkwxR0g4MGtEb3RDOXN1SGJ5cy9jeVA2SW5ZRVc1QU9yRldi?=

=?utf-8?B?cEp3aU1YaHJIL3lkc25CbzJWaXptT2daNUZmaWRWSnRFbHc4d2ZySkIzdStH?=

=?utf-8?B?MUZ6cTRkNSsySzNSR0QrdThUKzhpV0ZFdXV4RzZYUkpDaUFLUGtBeE44U0Iy?=

=?utf-8?B?amVYanozcmJtWm1mdGZ1NHBHZldUVHQ5UllqS1F4SmFWZ2pMTmEweEtERitz?=

=?utf-8?B?SUdiT3BRcUZUU2luQTdzVnhWNTNoSmJORjNhazE3bU8ra0c1Q0ZmS2lxWlE3?=

=?utf-8?B?cCt2TVFzOGhGRTV6MWdvOVdvQy9FYkZSck1GWnh4d1ZieHRkVUdzZDFxZ2I3?=

=?utf-8?B?Q2xycHZVT1JNUGdLQmpBVENSNUtoUlVwenJEdkxQS21RMVE0TjRBSnB5OXhy?=

=?utf-8?B?b2VYVVF5ZDlocDU3SVdBZE9WbUxqa2RwTk1mU2h1eTNXVjRTT0xzd05rWW5l?=

=?utf-8?B?YnM2VEpRTVVmY28xc01BMkVEdXBJNXhzUFV5YW56WklvcEVUdVdVeDVtTWZQ?=

=?utf-8?B?eVBpWWFpeHdPMDliKzJPbVVwRS9Mb0ZkMnFJRHczeUdKOXRjU2cwRjk3TXhB?=

=?utf-8?B?QXBjRHpIVzZNY0tERzV2N1NJQ3ZpWDJmVVk2OFV1L1hXWGxyeTJVcU1XT1RY?=

=?utf-8?B?d096QmJPWEZZWVpNYzN5dW4zWEV2VisySFBIZWVTYVVEN1o0Vk9yNURLRm9Q?=

=?utf-8?B?S3dIWkNxOGEvaTljbnUwL1lNYStTcVRSOS9ZMndGZmw2bXV6cXJxYzYrb3M3?=

=?utf-8?B?WjhqTnpqdXo1Ym4xWmNRNG9IZ1B4cTV5Q25JdzBva21oNVZTYktTcEFPM0dI?=

=?utf-8?B?MENEQi80MzEvOXpna3NJYjQwT2FBTnZta0FOYW1YU05yVll0bWlCUU1rZUl0?=

=?utf-8?B?WnZZa2gxSWNobVhmNHJJQmppVlozVm9sektBZEQxK0cycTJKNHBjRWdkNzR1?=

=?utf-8?B?UEw0YnpoNkp2RWE4MVlsUUtsNG1sWC8xV2lNNndSb0czMmJjYjVISlZLRUdi?=

=?utf-8?B?QXdJelJXWC93UTBFMldFbEJHWVBaL1NSVnRPWDdONVlWajJIeFM0b25adTVN?=

=?utf-8?B?SWduRm9CSGhLR1FOY0dUZ2dIU0JwZEtoRGdwLzNWdUIzdFV1NHFJODNvczlH?=

=?utf-8?B?YS9pMXZPeHNxNEpiWnBiL2k4RGxwT084VkY4MmtIVyt2RnBEc1BkTDhsTGZC?=

=?utf-8?B?WEdRVEdMZWlTakhNZFdBb0lJeTUzQUkrVWpRUzgrbGtCVDVkOGJuY1dwYVpO?=

=?utf-8?B?QUJwWE14UkxaVjczMGpuTS9mOE9kU1Nlb3FPNElWQStid3BYZVR0aUZKbDV0?=

=?utf-8?B?MlRWaXl2a0dWTklHelVCVXo3REJ0aXEwelk5SWpjNmdrcXRtdlU2T0IwaU9i?=

=?utf-8?B?Rk9EYkpkQkd2WVUzNHVmaWxnWUI0VzJFaXRxbldac1M3NG5NVUdvU2tYWTdt?=

=?utf-8?B?ZU01dDVjSXk3U2ViY2VmREc4MUo3N3dlRVhhUG9wYmFLbXJiRXdXWkFnOWk4?=

=?utf-8?B?VmxSR2p3YU9YRFRINU0wYmxxeFd5VkJzUDhYT0ZYT1I0Uzg4MzJic0ZsRXpy?=

=?utf-8?B?alk1aFd4QjV4dTBjMVFmbzlHKzNjVnZFSmM2ajhtMEVVQjYzWGdtUGhteXI1?=

=?utf-8?B?MGFMODJCMitXZ1EyOXJybGthZ3VRS1JoMjlSMTg2Y0FNTEVQRlVnOHJobkly?=

=?utf-8?B?bVE9PQ==?=

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

Categories: Microsoft Outlook Hotmail Spam, Phish

0 Comments

Web/SEO/App Spam from Microsoft Outlook Part 2
Posted by Dave Yadallee on Friday, January 23. 2026

Content analysis details: (7.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.43.77 listed in dnsbl.ahbl.org]

[52.103.43.77 listed in dnsbl.ahbl.org]

[52.103.43.77 listed in dnsbl.ahbl.org]

[52.103.43.77 listed in dnsbl.ahbl.org]

[2603:1096:820:52:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:52:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:52:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:52:0:0:0:7 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.43.77 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.43.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.43.77 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.43.77 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:52:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

[52.103.43.77 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.43.77 listed in wl.mailspike.net]

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[payalwebprogramming(at)hotmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} SEO Cost.?

--_000_KL1PR02MB4881B1589D93A8A96A66C4D6A394AKL1PR02MB4881apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Hello,

I checked your website, you have an impressive site, but the ranking is not=

good on Google and other Search Engines.

Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.

May I send you a SEO Cost.? If interested!

Waiting for a quick reply.

Thanks & Regards,

Payal

--_000_KL1PR02MB4881B1589D93A8A96A66C4D6A394AKL1PR02MB4881apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Hello,

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I checked your website, you have an impressive site, but the ranking is not=

good on Google and other Search Engines.

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

May I send you a SEO Cost.? If interested!

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Waiting for a quick reply.

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Thanks & Regards,

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Payal

--_000_KL1PR02MB4881B1589D93A8A96A66C4D6A394AKL1PR02MB4881apcp_--

Categories: Microsoft Outlook Hotmail Spam

0 Comments

Web/SEO/App Spam from Microsoft Outlook Part 1
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 07:49:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjISc-00000000IUi-13sa

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 07:48:30 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 07:48:30 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19013077.outbound.protection.outlook.com ([52.103.43.77]:1632 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjBm8-00000000KVh-3wzl

for sales@nk.ca;

Fri, 23 Jan 2026 00:40:24 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=zGv7WGUS+l7Z7Pu9pgxGD0bCOdSr44XxXCjhTokkcO7ODIPc/xj3ErYeEVpSLeMr67nH6jKWWQZIJ8X9DQokMPrbdy1LUEvZjLifxcFy8bZs21omC2+rhE5YY1yIU2mWG3IrX+RGDD5f3ADTMuUwPCIq5wXzUY8yeYW8cwtRgPH65w5v2aTpSuLQqf2Xsr1L30boAKFCwOgrzw3MT+iEMHQlitLEoVe/e+d1RhPA7fhK0uUjAChGSvRjBURsHxlu/zju8y05SRtXwrvOvc9F+IhbkPGL9pqMaRiGMo+j+EZ4YELtUHq9mehKcuPg0uYSrCcw79iW4kkSkBuidJhuIw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=hdRtX4kuiohWF/2qq1ye4viUpmmynU/kRvLBoE+BUbk=;

b=Fz8ATrciZBg+aRvBIjhzghQ0sGyFeQB+UoErY1ctVq36D+ZXgcYpv1/GV/btZbxi0KlpKunrY7XeFBV6d2rY8uG1ySqQUXb7XdyUCr/WNUUZ6973flZH95wCxA42U8b5NqEOqG4HQRltVhLc8k9DovgpTuCiKdDXeEfSlU6v1jq6QXIKhFv/WcvGY0Y6EL5rd4zGoxYaVKgVzvIgriIWRDRHU0AGkoFlSAk8tHV0qOiFNE+ez2kMjKvt8pG6K1341YMl9PJj6yxxFgCVe5LEAgU9Mty4VIlvMM5l5WAX18CV2ZRQIA47/Q3eeOYlOuHM1VhUxGL5496w8+yPJldo/g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=hdRtX4kuiohWF/2qq1ye4viUpmmynU/kRvLBoE+BUbk=;

b=Mx2qEty6BVtPvtm3VMBCq2xnTQ5y7oD9XTmi3ZopK8o2i91kQV+b+8lA8PbsKpLr6q7IElfGvV/cG52hFMdlBOKqbg0SdrCPwBwa8Sb5AfWy6PYGZcbsvWQHinPUDyDFIzIDXFMH/TV+2XYFpa3W8JfbvQFx0+AQb6WXTgjpVtBjqDLBL8bqceY1bceCS9DLBp8Iw32eoQJ/3Iq9VItAEWmmNcObGUF6zHY/QzLKuE1xz2HSyvAvqGdETJXwB2sEi1mwBC/bVq8Xt7X8wL+Arzj0S/mDKC/W/uAcjbCSd281JOR0VWdodeSb8WbnMDfoNEQOl6jZxkNp5M+Au8XjmQ==

Received: from KL1PR02MB4881.apcprd02.prod.outlook.com (2603:1096:820:52::7)

by TYZPR02MB6935.apcprd02.prod.outlook.com (2603:1096:405:2a::6) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.11; Fri, 23 Jan

2026 07:38:48 +0000

Received: from KL1PR02MB4881.apcprd02.prod.outlook.com

([fe80::9abc:c8c3:56ea:a7fb]) by KL1PR02MB4881.apcprd02.prod.outlook.com

([fe80::9abc:c8c3:56ea:a7fb%4]) with mapi id 15.20.9542.010; Fri, 23 Jan 2026

07:38:48 +0000

From: Payal Singh

Subject: SEO Cost.?

Thread-Topic: SEO Cost.?

Thread-Index: AQHcjDs01FaeakJ6oEW0nsGl81FLVw==

Date: Fri, 23 Jan 2026 07:38:48 +0000

Message-ID:

Accept-Language: en-GB, en-US

Content-Language: en-GB

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: KL1PR02MB4881:EE_|TYZPR02MB6935:EE_

x-ms-office365-filtering-correlation-id: 5d6e6008-57e3-41d4-3433-08de5a527241

x-ms-exchange-slblob-mailprops:

zZTkHIKWWP8EXRfSHz/+bmvhnEayH3Fs0mUrmSjK1jby5sQlOEUcoE+yv8yEd88J+upIAiIZONrzB6eRAm347DIkNFUdJJmrmAs1lnmG7I9SAZ5dUuXO9PH1ufBDggMCU+dk2aCZxf/LlIopYVmqQcQSd7JyDt8kolRT+fDzxI7jz1vWHuCRXS+NNZleQ5iLkVqoArZAVWZuXOPdfhmG3rgZLilFseiD1V5H4rFt6ZAvrFS9csyGG1J9B4rYcy3oz4HC4NTeLucRuN3xxQa4ToJXEmZma8VtHO2hyRlQlIb0x8Z0RpuI7dIe/BtzP9BULpXPlsfoZJcNzU1X1GKbeEBFaRZykwGgqHYb3f+NJBBangpP54NloljX1Krq5cAL9GDhIpd/WkhsctJqedBWG9gH17xn5mpd6fOT+YnxVxr4w7g8hHX+30KrzMwm7Ff1or+94QYFpoJnSVgVA+CoO961AlVrPZZK6LUjIucNikPUiouu7OcD2Uu7a2UhQayVtbBbqCxgxBV/gQZ6R4iJZA/9h9F+x0f9LNaOKdnUMa8ITAVrbIcXSnCWvdVBoadnlCpLsK2cY/5Apu+xbc4YhR+ZYmpBnjvH3GQ909cbiREOai0xNgaMhG0esnZ0SqcVkVyaQGYhhY4ml7/Rbzhh8/2Xq4/tWvXmAZ7cKN53DcSe3omARAJt9A==

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|15030799006|15080799012|461199028|7071999006|19110799012|20031999003|39105399006|8062599012|8060799015|3412199025|440099028|40105399003|41105399003|39145399003|102099032;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?C5moKxQeWORO6qC4JQBnzp10mA5W778vKCxjCu8yaMuS58RnU2rZGhPxDs?=

=?iso-8859-1?Q?0AE/dVN9dOM06SNI2sVn81yXG/QFQOYygkEY70QZrcCRxbrc1UE9nUFhDA?=

=?iso-8859-1?Q?iu0UO0Db0ONpI4Rt4JaLw105DY6Tm4cjpwYRDjB5ecrPDcyF7NK2Dbd4jP?=

=?iso-8859-1?Q?wYWD3HwW4ZRuYbv/Vj2Lyqyh7UeUb0pnUPuryYliAkJApKq87xZu2ugS9W?=

=?iso-8859-1?Q?6frPK7wpvRShLk93j27C3Ap9BFdAy/tQtZvlOWgk684Xlz/T9OFmXq9Cyl?=

=?iso-8859-1?Q?ZAvF5GICBJRBTHuB+wJ9Q5+KJA1lBSZOzTfk173PjVuFHlPreyH77Q7D3B?=

=?iso-8859-1?Q?QK1wCzLQ6OSCRf6UtUbVzOM7XvhIGJZUTwmO2DcYRzpmL+JELWahjluaAA?=

=?iso-8859-1?Q?wUdJJ5Np5+0ZgZ03EKCWSM0/38TeBBoGwmjk5/YbKFzGwSC/keZL1rFhhs?=

=?iso-8859-1?Q?mG2qkX67dld57yK9Q9Pb0eR+L0rQpFHDXCiS6QXGuRklwXHHKxXe7Jhdwb?=

=?iso-8859-1?Q?YWmNYxKBepLu0wuOaoCPdtx996sTfhuD6NgvcwP+IF/LsyhY0W8u7OjJ53?=

=?iso-8859-1?Q?Q9bNMzAmJGGK3doMd4ns5A5R9otXws+K9j+uVGNth1fuSlYbD945gVkMfR?=

=?iso-8859-1?Q?JiYvqMANcayPBrH7TD8Wsz12Vd1fb64wGxEacwnXFQdPZ/f9ezUaZ37fOH?=

=?iso-8859-1?Q?3UioUpTO/Buvk78ASjUcOKrkB+B2mdJlEpWdnwIY76xi+PDcBvbT7UqYgE?=

=?iso-8859-1?Q?CyKMvQA+wdITBeJwAhJ9hFxwGhQOkrKcwkIX5iivuVcW+OwGIbUNuDanBp?=

=?iso-8859-1?Q?6jXWF9KlJZerNGnVJefT7IOraViWWYVG7jHqs7Tq+/Ct/RRPoIEo1ImG4e?=

=?iso-8859-1?Q?LP2T5ZC7qWVPz95pM3g+cUaPiOtG4z/Ih3JK0tOi9DglsX+OjsJ2Je0ZuS?=

=?iso-8859-1?Q?HyaDTCYOIYxIFPcJyWrPwPWflRMPP1hlAwUCYM09cbgMDLPAPfPL/fumjE?=

=?iso-8859-1?Q?aLaxWsMJlQx8qi+gLH8SnyLFIx8Gf5f2pRjLF1IpWfZTHpja5Y7nlQoCLo?=

=?iso-8859-1?Q?wtpVpo1ZoP7PFSTyQuzapO3uKNBDVmJgbj5OHglUw1lAuGdV2xZ+fWivtt?=

=?iso-8859-1?Q?pBP9GDHLqTbLXmzT7N0eXWwx10FDKp3gVP7pF5wb3TU0xwUZ7D8udXGCA/?=

=?iso-8859-1?Q?SkV9zwtr9oLVvC+0auDI9fXNSEC9Dsj/PYf4ft/R0+9ZuzqbzKaMROmnc7?=

=?iso-8859-1?Q?Xfc9/f7wPl+uTgA4MahaYS/hYOdBSpBEFTZRPzBNqr4dZmu+V6pM2/bTR7?=

=?iso-8859-1?Q?+Bw/UrxF21n4/1HZeTb7Fo0GYnz1l1sbnhxWP4KHEqSK5FfQKwhDuhmg0/?=

=?iso-8859-1?Q?5NQxu7fWFmwiXtPpD8kpmFBUZvjXqs2g=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?1mZHMhRfrnR3quk8rDLLBjK1Dv/BmOYci43BC3ji7TVFWgpYv87SlIRcDJ?=

=?iso-8859-1?Q?ee4oaghXLGOCY47DIn6QgNQkxFQGREQpG9Qh4f0I1ytYrx7ywtiwl0gMLj?=

=?iso-8859-1?Q?Cke+rDWI7RcxL2YrM13LmVDaYPoyX2H5D4xmi3kfagZGQxX6cGJUNksOmp?=

=?iso-8859-1?Q?+6MwJ3Wfr3n0JxE5iKVOM+K8pk/HxoXjRyJpkpAfAuQCGTaG0Xw/s1iTce?=

=?iso-8859-1?Q?hLI6z0RpgmA2IV8CwPEnt//GLRJVeHxjPDlZ5NyJLdOrt2rJGhlm9aUDWt?=

=?iso-8859-1?Q?tkZO/sRBXp06eW1GZqFui9FJwvyKSK7y48lS+V4dqMl09dtUyuuf4gTxx8?=

=?iso-8859-1?Q?uInlz+suI6VW6OSWRdrLXhI/t2p28/8x2uZ7FfIFA586X2zX3/xlXiFHrp?=

=?iso-8859-1?Q?cghblaS9AnVCqCWSYTygtqVQMPqNPnxsn7V7YzcMR8d/HPo6JdRNWALifa?=

=?iso-8859-1?Q?rWzmOJaYzlH+NWFSQDECzXd/UE/dRQnEO6fmz/+HZtMRperYShEs6bf88d?=

=?iso-8859-1?Q?OpKrKC0tOkwjPWJHc1oB0pwYsFYiDo6VFg60P8KhfPUF6TIYwJRJWRTH+0?=

=?iso-8859-1?Q?IrvIFAhy2+CCuZD6UJ8nZgjH36n97EW18ehY5ky9sw20CRpSCn5SuyDeT0?=

=?iso-8859-1?Q?Qjg7gYsNwZST4Opgj431pyMjz7014X4jc7kizpb7g/mErHHAp+W4sZ7BZH?=

=?iso-8859-1?Q?LQ7kJS79vX5QAvZD3iPWsziCNXHcEBzoNdHoY/uwziYoh2EsrJA76N9cNf?=

=?iso-8859-1?Q?ZGWKXW1HGOUu/ZycaHhVZEjkXyL49LVC/eiEr4sp8nIimUtGWk09f80yFt?=

=?iso-8859-1?Q?M/Zxlfru0VTX4EbzwtCGgSx59sKmaIvbgk5+6FvL16FqVbsGQ3CqF9jhwK?=

=?iso-8859-1?Q?IuSECi3R95PgxhWSkeEaKRmVSJ07JDFnn4+taeTk1r0XeNVuQbPRR4/X3M?=

=?iso-8859-1?Q?DAcREWDjJjxt6FVR3PiqO5reZNt3/mNu31fNuqXa5LUiIvobq9hgfJT0x2?=

=?iso-8859-1?Q?47LcPyjawNbsUDUfYd1kVIyzLjDG75AEsqloCZr0UqbJXLzFF8RcadeBzt?=

=?iso-8859-1?Q?GNs0JxVqib/4WMbsachqNJNoaSlJ8RVTpv9p8YizQ1PKwgZMHucJnXNtrZ?=

=?iso-8859-1?Q?feeEP5wD7dJ3wUTWrFvlib4YogE+lxRbRmdsRtcQYDUHaBC1/Kpf38gR7l?=

=?iso-8859-1?Q?sUDYs+neqelYdBTWEnuWQM/aTGx5XRSEMdIAiVPR5MnujbJQwIqIdLVXrt?=

=?iso-8859-1?Q?gGpmw+d7L3vyaeC7JVMJKZ+I4JEoV9wVcthPygk0VN4T7tsBlDToj8kSsS?=

=?iso-8859-1?Q?8WEvlqIdliXalqHIazMzCgkfoSbNxuwbynGZvm30Z/82frxTEEj/O6CtIx?=

=?iso-8859-1?Q?nOs/5tdaNSAX8U/r7+Lq85vE8j/I0aYbn7V39Ef/U9uklbWXPbGUB1mv5J?=

=?iso-8859-1?Q?jyIZii1uXfF/SETbTmA4ZXjgvAk0MMGMOxPEEixBI15FdG/dZ51mtk7Kci?=

=?iso-8859-1?Q?C30RhBGvO6OlSr8oUJ8Yvq9N5sJSMvQJTxVdfTgrrnBQ=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_KL1PR02MB4881B1589D93A8A96A66C4D6A394AKL1PR02MB4881apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-31b93.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: KL1PR02MB4881.apcprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 5d6e6008-57e3-41d4-3433-08de5a527241

X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2026 07:38:48.3388

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR02MB6935

X-Spam_score: 7.2

X-Spam_score_int: 72

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, I checked your website, you have an impressive site,

but the ranking is not good on Google and other Search Engines. Would you

like to optimize your site? I will be happy to share with you our pricing

and proposals.

Categories: Microsoft Outlook Hotmail Spam

0 Comments

Chinese products phish
Posted by Dave Yadallee on Friday, January 23. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 23 Jan 2026 07:49:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjISR-00000000ITO-2Deb

for dave@doctor.nl2k.ab.ca;

Fri, 23 Jan 2026 07:48:19 -0700

Resent-From: The Doctor

Resent-Date: Fri, 23 Jan 2026 07:48:19 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out196-28.us.a.dm.aliyun.com ([47.90.196.28]:26091)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vjBL0-00000000JCv-3Qrl

for sales@nk.ca;

Fri, 23 Jan 2026 00:12:18 -0700

X-AliDM-RcptTo: c2FsZXNAbmsuY2E=

Feedback-ID: default:ftail@ckqru.com:alibabak_SmtpBatch:276535

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=ckqru.com; s=aliyun-cn-hangzhou;

t=1769152230; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type;

bh=lN9LS9zP8rMyhoXRvopy8fP9C0nrDQEiHI5Tjxu6/kQ=;

b=U6WRQ3tha3+pHnKnxNuQFz9xeLiuVq2YTozewqlWNs2fHjkoW7/oxyKifm2Waq1wFqRxIiafCS/kus9Z8WOSdzr3T6s8Zc8tWZo0vhgWueW5Y9tpoDpU+5qxo88tvdUrXe0llg1+SnyKgWxV1a+sftE5vlVZK2tJZJqi4cjB3QE=

Received: from 127.0.0.1(mailfrom:ftail@ckqru.com fp:SMTPD_-VHcF3-bOLK cluster:AY35D)

by smtpdm.aliyun.com(127.0.0.1);

Fri, 23 Jan 2026 15:10:29 +0800

X-EnvId: 600000270840997358

Content-Transfer-Encoding: base64

From: Selina <5970143568.zl2dap@ckqru.com>

Sender: Selina <5970143568.zl2dap@ckqru.com>

To: sales@nk.ca

Reply-To: Selina <5970143568.zl2dap@ckqru.com>

Subject: 2cm gelsheet embedded inside mattress

Message-ID:

Date: Fri, 23 Jan 2026 07:10:29 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 6.5

X-Spam_score_int: 65

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hey, Our sponge mattress comes with a 2 cm gel sheet embedded

inside, delivering enhanced comfort and stronger support to elevate your

sleep quality. Chat with my whatsapp: 0086 18929148860 TKS Selina

Content analysis details: (6.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[47.90.196.28 listed in dnsbl.ahbl.org]

[47.90.196.28 listed in dnsbl.ahbl.org]

[47.90.196.28 listed in dnsbl.ahbl.org]

[47.90.196.28 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[47.90.196.28 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[47.90.196.28 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[47.90.196.28 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[47.90.196.28 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

[47.90.196.28 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[47.90.196.28 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.28 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.28 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[47.90.196.28 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[47.90.196.28 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area

1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} 2cm gelsheet embedded inside mattress

PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsgbGlu

ZS1oZWlnaHQ6IDEuNDsiPgo8ZGl2PkhleSw8YnI+T3VyIHNwb25nZSBtYXR0cmVzcyBjb21lcyB3

aXRoIGEgMiBjbSBnZWwgc2hlZXQgZW1iZWRkZWQgaW5zaWRlLCZuYnNwOzxicj5kZWxpdmVyaW5n

IGVuaGFuY2VkIGNvbWZvcnQgYW5kIHN0cm9uZ2VyIHN1cHBvcnQgdG8gZWxldmF0ZSB5b3VyIHNs

ZWVwIHF1YWxpdHkuPGJyPkNoYXQgd2l0aCBteSB3aGF0c2FwcDogMDA4NiAxODkyOTE0ODg2MDxi

cj5US1M8YnI+U2VsaW5hPC9kaXY+CjxkaXY+PGltZyBzcmM9Imh0dHBzOi8vY2txcnUuY29tL2lt

Zy8zMjBlM2IyNC9KRXlyWmNXNF8xNzU2NDU2MjkyNTc2LmpwZyIgYWx0PSIiPjwvZGl2Pgo8L2Rp

dj48L2JvZHk+PC9odG1sPjxkaXY+PGltZyB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBhbHQ9IjZtb3pv

dWtuNXZneW8iIHN0eWxlPSJkaXNwbGF5OmZsZXgiIHNyYz0iaHR0cHM6Ly9ja3FydS5jb20vY2Vu

dGVyL3IvNm1vem91a241dmd5by5wbmciLz48L2Rpdj4=

Categories: Chinese Phish Spam

0 Comments

Page 1023 of 1023, totaling 15340 entries

previous page

No entries to print