NetKnow Corporate Blog

--_000_ddc91afdd7464cdd8ed4f262833eff27techlinkznet_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



ATTN BENEFICIARY

We are reaching out to inform you that you have been selected as a potentia=

l recipient FROM Finance and Remittance Department (IMF)My name is Ms.Krist=

alina Georgieva, and I currently serve as Director of the Finance and Remit=

tance Department within the International Wire Transfer/Telex Division at t=

he International Monetary Fund (IMF). I am reaching out in relation to a pe=

nding transaction in which you were listed as the beneficiary Of $8.7 Milli=

on USD.



Email: linagkrista@gmail.com



Please confirm your willingness to proceed under these terms, and I will sh=

are further instructions.



Faithfully Yours in Him.



Ms.Kristalina Georgieva.

Finance/Remittance Department Director,

International Monetary Funds, (IMF







--_000_ddc91afdd7464cdd8ed4f262833eff27techlinkznet_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">















--_000_ddc91afdd7464cdd8ed4f262833eff27techlinkznet_--

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Apr 2026 17:10:00 -0600

Received: from mail.techlinkz.net ([103.38.184.12]:59778 helo=SVRSG002.techlinkz.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9t4G-00000000IHr-37f0

for dave@doctor.nl2k.ab.ca;

Mon, 06 Apr 2026 17:09:26 -0600

DKIM-Signature: v=1; a=rsa-sha256; d=techlinkz.net; s=server1;

c=simple/simple; t=1775516898; h=from:subject:to:date:message-id;

bh=YRjWntfVbFb36rz+kAoecuKVN8cZrD4noo6N/1E9dec=;

b=XFbXdc66Iptqc/7xQss6KMhw7V10tE+4QJ8AVj01MRcRWlHYwTPsZyzxjkPZxBgCcRvRmi2mq5o

N+elSOGiM6NgQphvgJg68CRfbZPvss5mGf3IhPOT//R61j7rc6b+VbNrEH/bo9QiRm0LTovPLFUDE

icvSKrVPWzHegq6lCtodBko3HgrEFnDcOgcHtWROgJhhRfX8ZRXwHXYk8/lCcEu7YSWWu2APYjT14

lHaqElI+l9HlLDG+AE+FmKGpxbJOCoHNvuP4Onq5LVd/I+YXfCe20WQtvDrbZgMzVs3kcvbj4Qhv5

P5cojqTfdWHeHxc7PUrRsp/Aaj6JsXvNjLWw==

Received: from SVRSG002.techlinkz.net (172.16.101.102) by

SVRSG002.techlinkz.net (172.16.101.102) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.2.1544.36; Tue, 7 Apr 2026 07:08:17 +0800

Received: from SVRSG002.techlinkz.net ([::1]) by SVRSG002.techlinkz.net

([::1]) with mapi id 15.02.1544.036; Tue, 7 Apr 2026 07:08:17 +0800

From: Goh Yenping

Subject: ATTN BENEFICIARY

Thread-Topic: ATTN BENEFICIARY

Thread-Index: AQHcxhowY98wCalbxUC1HdZoDTUsMA==

Date: Mon, 6 Apr 2026 23:08:17 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-originating-ip: [98.97.79.82]

Content-Type: multipart/alternative;

boundary="_000_ddc91afdd7464cdd8ed4f262833eff27techlinkznet_"

MIME-Version: 1.0

X-Spam_score: 15.0

X-Spam_score_int: 150

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: ATTN BENEFICIARY We are reaching out to inform you that you

have been selected as a potential recipient FROM Finance and Remittance Department

(IMF)My name is Ms.Kristalina Georgieva, and I currently [...]



Content analysis details: (15.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.38.184.12 listed in dnsbl.ahbl.org]

[103.38.184.12 listed in dnsbl.ahbl.org]

[103.38.184.12 listed in dnsbl.ahbl.org]

[103.38.184.12 listed in dnsbl.ahbl.org]

[98.97.79.82 listed in dnsbl.ahbl.org]

[98.97.79.82 listed in dnsbl.ahbl.org]

[98.97.79.82 listed in dnsbl.ahbl.org]

[98.97.79.82 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.38.184.12 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.38.184.12 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.38.184.12 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.38.184.12 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[98.97.79.82 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

[103.38.184.12 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.6 SUBJ_ALL_CAPS Subject is all capitals

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

2.5 MILLION_USD BODY: Talks about millions of dollars

3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 XFER_LOTSA_MONEY Transfer a lot of money

Subject: {SPAM?} ATTN BENEFICIARY

MCSnet

MCSNET ranks >2000000 from >2000000 and are hosted by Microsoft .

Nucleus Internet Services

After that we have

Nucleus Information Services which can be found at Netcraft Rank >2000000 from >2000000 .

4Web

4web ranks >2000000 from >2000000 .

Alentus / Wolfpaw

Alentus

rank by Netcraft >2000000 from >2000000 and I note they are hosted in the USA .

wolfpaw.net

which ranks at >2000000 from >2000000

Yellowpencil

Yellowpencil Ranks >2000000 from >2000000

WSI Corporation

Next is WSI - We Simply The Internet of Toronto

at Netcraft Position >2000000 from >2000000 and are being hosted on Amazon.

Uniserve / Interbaun

Next, Uniserve

ranks on Netcraft >2000000 from >2000000

One of their acquisitions

interbaun

ranks with Netcraft ?????? from ?????? due to merging of sites.

One customer just came over from this organization in Nov 2006.

Clearwave Broadband

Clearwave Broadband ranks

at >2000000 from >2000000

Platinum Communications

Platinum Communications Corp.

bought out by Xplornet .

Wild Rose Internet

Wild Rose Internet

ranks >2000000 from >2000000 and I wonder if this is another wireless branch of Tera-Byte and bought out by Xplornet

TIC Internet

TIC Internet

ranks >2000000 from >2000000 ( I do remember you).

Nisa Custom Internet Solutions

Nisa Custom Internet Solutions

ranks >2000000 from >2000000 by Netcraft

MediaShaker

Media Shakers of Edmonton

ranks >2000000 from >2000000

Koi Media

Koi Media

rank >2000000 from >2000000

WebFire

Webfire.ca

ranks >2000000 from >2000000 and seems to be connected with Shaw.

Core Network Solutions Inc.

Core Network Solutions Inc.

ranks at >2000000 from >2000000 .

The Network Centre

The Network Centre

ranks >2000000 from >2000000 and are linked with Telus high Speed.

Open Concept Internet, Inc.

Open Concept Internet, Inc.

rank > 2000000 from > 2000000

Techalta

Interspots of Edmonton

acquired by Techalta ;

Yegtel

Yegtel rank > 2000000 .

Internet Crossroads

Internet Crossroads Ltd of North Edmonton

rank nothing from nothing by Netcraft and seems to merged with Tera-Byte/ecn.ab.ca .



If I remember anymore, I will add to this entry, before Netcraft changes our ranking. Please watch this space and please feel free to peruse

our services.

--_000_GVZP280MB0838D2E6469A818E9620D346E65DAGVZP280MB0838SWEP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Greetings,



I am Mr. Ammar Hussain Finance and Account, Qatar Petroleum. I have one hun=

dred million dollars for Investment.



Contact me if you are interested, I have all what it will take to move the =

fund to you as a contract fund to avoid every query. I will give you more d=

etails upon the receipt of your response on :mr.ammarhussain0@gmail.com
lto:mr.ammarhussain0@gmail.com>



Regards,



Ammar Hussain

Finance and Account.

Qatar Petroleum

Email: mr.ammarhussain0@gmail.com





--_000_GVZP280MB0838D2E6469A818E9620D346E65DAGVZP280MB0838SWEP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Greetings,





I am Mr. Ammar Hussain Finance and Account, Qatar Petroleum. I have one hun=

dred million dollars for Investment.

d-color: rgb(255, 255, 255); margin: 0px; font-family: Aptos, Aptos_Embedde=

dFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt=

;">




Contact me if you are interested, I have all what it will take to move the =

fund to you as a contract fund to avoid every query. I will give you more d=

etails upon the receipt of your response on :
gb(17, 85, 204);">
d43d02-7e17-2194-9b20-1252d9423dcb" class=3D"x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_=

x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x=

_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_=

x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_gmail-x_OWAAutoLink" ti=

tle=3D"mailto:mr.ammarhussain0@gmail.com" style=3D"color: rgb(17, 85, 204);=

margin: 0px;">mr.ammarhussain0@gmail.com
olor: rgb(0, 0, 0);">





Regards,





Ammar Hussain


Finance and Account.


Qatar Petroleum


Email:
.ammarhussain0@gmail.com" id=3D"OWA1182e189-ba8e-1206-3f54-df9ac0696684" cl=

ass=3D"x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_=

x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x=

_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_x_=

x_x_x_x_x_x_x_gmail-x_OWAAutoLink" title=3D"mailto:mr.ammarhussain0@gmail.c=

om" style=3D"color: rgb(17, 85, 204); margin: 0px;">mr.ammarhussain0@gma=

il.com

--_000_GVZP280MB0838D2E6469A818E9620D346E65DAGVZP280MB0838SWEP_--

All data is from Netcraft Toolbar .

Looks as if there are major changes to the Netcraft algorithm after some years! Why did Avast clasify the extension as URL:Phishing?

This is not the Alexa Tool Bar!

NetKnow

Netknow now at 11824 from 11532 at Netcraft and pfs compliant



A significant decrease! We must do

1. security audits regularly
2. check on illegitimate traffic hitting the web server


and
3. keep design current!

How do we compare with other providers in

Edmonton, Alberta, Canada?

Telus and reviews

Next we have Telus.com

ranked by Netcraft at 3216 from 3382 .

Sometimes their Web Hosting is done by
title="Internet Names for Business">Internet Names for Business

is ranked by Netcraft at >2000000 from >2000000 .



Is Telus's ADSL network susceptible to Code Red Attacks and Attackers?

Reviews of Telus are available :

• NCIX FORUMS



• DSL Reports

Rogers

Rogers Business Solutions

which rank 5179 from 5164 and are hosted in Europe.

Netknow again

We at Netknow are at 11824 from 18857 since the start of 2026.

Government of Alberta

The Government of Alberta Website

ranks 14842 from 14649 by Netcraft and seems to hosted on Cloudfare.

City of Edmonton

The City of Edmonton ranks 32003 from 31898 by Netcraft and hosted by Google.

University of Alberta

The University of Alberta ranks 46347 from 46268 hosted by Amazon Techonologies.

Juno and NetZero

We have Juno Internet ranked on top

at 356614 from 348008 who are the owners of

US Based Netzero at Netcraft Rank 79412 from 80054 .

NAIT / Northern Alberta Institute of Technology

NAIT ranks 109560 from 106692 hosted by Microsoft .

Grant MacEwen University

MacEwan ranks 110595 from 111059 .

TekSavvy

TekSavvy ranks 289278 from 313700 and are hosted by Microsoft

Shaw Cable

Next,

members.shaw.ca

ranks >2000000 from >2000000 and retired and

Shaw Cable

is next at Netcraft rank >20000000 from >20000000 . Hosted now by Akamei .

Their Network Hosting Arm,

Big Pipe is at

Netcraft rank 313379 from 315428 and hosted by Akamai in Europe .



Reviews of Shaw are available :

• Rate It All



• Review Stream



• Review Stream Number 2





• DSL reports

Internet Centre / CCINet

Internet Centre

rank 402966 from 419053 . Their partner Rack Nine ranks > 2000000.

Xplornet

xplornet

ranks >2000000 from >2000000 and are listed with

Cirrus9 and are joining up with Shaw.

Their new domain xplore.ca ranks 473346 from 456245 .

According to an article in the Sherwood Park Independent, they are also getting an Alberta Government subsidy.

Distributel / 3Web / CIA

Cybersurf

is ranked 808973 from 897162 and seems to be hosted in USA by DigitalOcean.

Primus

Primus

ranks >2000000 from >2000000 and now points to BLACKIRON_DataCentres ranked >2000000 from >2000000.

Northern lights Fiber

Northern lights Fiber are ranked by Netcraft >2000000 and uses AWS.

OkayVPN

OkayVPN

are ranked by Netcraft >2000000 and uses Cloudfare.

Radiant Communications / goco.ca

Radiant Communications

are ranked by Netcraft >2000000 and part of goco.ca

which ranks >2000000 .

Tera Byte Edmonton and reviews

Next is Tera-Byte

at Netcraft Rank >2000000 with

Tera-Byte.ca

ranking >2000000 from >2000000 and their wireless arm Tera-Byte Wireless

sold to Xplornet.

One of Tera-Byte's acquisitions

Edmonton Community Networks

ranks at >2000000 from >2000000 and

Go Edmonton ranks >2000000 from >2000000.

Alberta political blogger Daveberta ranks >2000000 from >2000000; interesting!!!

Reviews of Tera-byte is available at

here

and another here

and check Google for more reviews; just search tera byte.

In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: GVZP280MB0838:EE_|GVYP280MB0463:EE_

x-ms-office365-filtering-correlation-id: 18ce7a4c-3ace-4c9b-0f52-08de94132680

x-ms-exchange-slblob-mailprops:

feAVlmA1hHXkvOKpPMms8sW6kVQq8ZJN1maa1iz49ZvC9TWMx0/90NDbi9gsHAqqiLqufy78hbZLd7Cb8bss2K1gLp8yY2QBvKl+W3F6w8C4RX7ruNAtx2Wn7cPp5ZIJn4MQ4NwA3WD0H2C7/GYEKGw8E49mPMLq8sQiFNIWajCGquj73lB/ipIpDT95zXdtCVNewBXSIknndNbwfVE6Dm9xopS8j+QsiquqOOFyzIht5uRQ7YjCPH3azn8Uc545LwMUDOO2/X1NBi3QWsn4KqINrfYefhi6U17S3M46VusHqQOMfsI4M7TR392jzM7v+CG6L5D4X5FZntYhNXYZVLhscp1Js/q4lx3Ip7Hyl+KzpoyKupnJPb6A1KjRMs+jC/1fn+dQYXaw1Rw6y7sHCweZzONprnVvC1qEt83fS3+JMrSgS3cEZfrkYHkrusR1whNqBnk9vS2ptPV6lm5h04pj/KZAwZXx5QaLtJU8K+0MKLOx4rPcRvfnsYNCxpNototXSc5KswSrSSQ4kVscNUBLZoj2FaPR15s5XBNA1yngYy7YheaDp9f8uwI0SwxhK2G7gu3vtCy9iBExY6lXy2JhBcmdgWmW+rXuLiR9MzqIAAFwRzaYkqvnZS0cC75vLJ+4B16InxjhqNxjtkgR+LiJlQAjVXFdHX1CJVScOTIj7d8PoBOTf2moFEvq3FCcLbpI4Dx3AVvgwUg1QJs8rA==

x-microsoft-antispam:

BCL:0;ARA:14566002|20110799003|8062599012|12050799012|18010799003|24071999003|461199028|15080799012|15030799006|25031999004|24121999003|22091999003|7071999006|20031999003|39105399006|31061999003|8060799015|19110799012|12121999013|3412199025|440099028|26131999015|102099032|25131999003|35041999009|40105399003|41105399003|39145399003;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?gm7aIylBadZ0omPD2wxm35n05yuJhnjX9RhTb5G0Dq1PRuz3YFmot2bo9N?=

=?iso-8859-1?Q?IMJD3/ZLY77DA38suYkfAMmETrqNoP2f5My3MqURaQ1iPq+J7671tAuHnJ?=

=?iso-8859-1?Q?zlxxpppHMZwPOhst8UNhBl7QdS4XXwR/LDL0Nwk63Y2aQEcIIzKFXJJpJK?=

=?iso-8859-1?Q?50431eWfv2vP6sTa1b017ztdsbVZD54+ZBFm8QOdM6QvUD9yOkxLrySLkM?=

=?iso-8859-1?Q?SLErV0diqnMY8UE1aaRax5BiHXQ9bWBdC0RwWz8o5yEUWOqucECYEiqgHC?=

=?iso-8859-1?Q?FXEXQm6Hax3xvPvL5Qv3PERqwaOBAdtum+Ld9EYybzzOauMq/Anp66Mxhj?=

=?iso-8859-1?Q?IA2RSz1qzufzs9gn4aDSVYkm8BFuCknbifsvbj7xebCeZspXxcqb6qySMa?=

=?iso-8859-1?Q?M+hjY9ShxGUgHWK3uPiFNu2+4y/jo0k6n+G4sl0PTODZ42PUNEf8us/wfs?=

=?iso-8859-1?Q?mWBem4WBe3K9b6Y4nXIw+ssglosfbDjeA1JYCzJLWR58l3SgS0c5cKPA6N?=

=?iso-8859-1?Q?0xZ8cMJFcwGPbilrC3rubLmHyookr/tOD27SBWEtRkaaRvZZ8pKmKfxVp6?=

=?iso-8859-1?Q?AXrP8hkPK5JNpcEDbIpZAUtaJZqlsUD21TRMznI1g6pH/XFCtVR2Ft49Rv?=

=?iso-8859-1?Q?6ILCqpboxzDhTG9FpDJcQoxzFGu6BXxPaUwNxeZchtMAUcFEz/19lzfUJr?=

=?iso-8859-1?Q?a+7YEEOKf55dBVT7zDvvHeYAaN0MWmS7AmSTkU3YbC1HbGWUoPHXMLJmjT?=

=?iso-8859-1?Q?3vL1L+nWVyC+PjoMvh5Vu29wv3pJe/p8XeN/ZJchNbsmGlI5QHY3yRpJyn?=

=?iso-8859-1?Q?ydHbnEpqZIlK4NUlYWyqC2M05aIajfchQa4TfEV5TDPI9ypcnSl6NRFZVV?=

=?iso-8859-1?Q?iHW5wHSy0u7cQHys5j8hcct21IwSXmERkj6Rg0ab4SB1AviWHpJjJEkM4y?=

=?iso-8859-1?Q?OmK1MJt4wTVXJUoYqggWGRhZhkyy1C3kuFaLNGW5aJnW4cOVrDqJRdm4Q5?=

=?iso-8859-1?Q?UULXZiXGrCdvxQyt+i9lVOpvH33MjSzIcNKhDFaanEI/O0N5lYT2rEyrpW?=

=?iso-8859-1?Q?q7VWqZmQi34lK3DTtm2l1ezMItlpB/xrSLCkRmhwteNr+9D5cqkgqakZGC?=

=?iso-8859-1?Q?QZ4/2aIpiP5Y8bH/FNB5vQgiQZg73DQjFvTNRPTaLNGdu5deXlWlzze4FU?=

=?iso-8859-1?Q?n8rWZ6tpU+0XkpZRvw3SQze3kKyUBFUHPLbPqgRvkUXUc+kVHQFKI8zchg?=

=?iso-8859-1?Q?dRR+UOqd6XUDNTxtjfoDMlZoTyejVc24Hva/30NF4K3qpf0BwwOZTa8F3o?=

=?iso-8859-1?Q?wWKwU0NRymx6UqL670gRFi2dFxvq8i5aDVatBNMLYXCsJ47kYeK30ed4nL?=

=?iso-8859-1?Q?6LJw9b1Z3Hzj8mVSKjoek2J+ga8ekZTvamFGT+fdaUpxgwC21XvAJuwgaR?=

=?iso-8859-1?Q?QQGzSiZ4JquRvkysQ+bV9Qt22y8REuiUm8JS8g=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?aN82pI17fPcvsqwLYOKNOSVq8amTHYNTei9XdNd6eSbuoM6ZjlZXqv/Oh3?=

=?iso-8859-1?Q?ki+xhjOczh4hKcbGGr1p72HK1MNly2VIaq9NGOseen1Ghddibb12gX70hu?=

=?iso-8859-1?Q?b/H7tXqhc5K2F/IiOtjq03witkmUD3Z2EKUZDHfAjDosHBBJ9FjKj6GYjO?=

=?iso-8859-1?Q?sFkEXVUyjLvMYa/CHRMvIH8tBE447MKPGTnTyIZp9e9kma3xE9CP2PCQC8?=

=?iso-8859-1?Q?zl0u9GYPESMjpbako3Jtk0FTNH1Iqnbapm5Z95feTP0uLGiqBa7xo/dD6R?=

=?iso-8859-1?Q?NnvI+LMfyrODc7BGXI1UVE6J1ALmj0I0UpXly/BEXQ6lRY1UT0eIJeNk8R?=

=?iso-8859-1?Q?hF4NcnAEnTJ6KYQafjBH4OXOi4TseE+6FgOyX3oOCzFY2DLml0fRme3/l/?=

=?iso-8859-1?Q?ixbqRSZx+O9Pe/STxmmacBBCz26/irO6KXvJTCsWpWCLexc7+3F2jlcrml?=

=?iso-8859-1?Q?H9/XKbfGa4Tvv69jSSk0cGd19znqRxbhgJuCWHjk9QEHyZnTcYUDbrTBXo?=

=?iso-8859-1?Q?oJT97i/A3Fhs7OS+Aevmm9L0RUjXzAMlIUh+t2djed02+NNBoLEarA0C9J?=

=?iso-8859-1?Q?yCVn2t1rzW55W5KLY8CfCajFkoE2zePZpfQeWEy/n0oiLD1APOu4TepGlw?=

=?iso-8859-1?Q?ayk47JlHqiWuows0B7zSzqaW9X7g5N8n652zd3kWDgzo9n1DEZEw67x0Tu?=

=?iso-8859-1?Q?RdN67MSZ5nWFex2f+ENtEhIQrUnBVBt/Qnzrbc2dh8U9AFjPomNPyBgzhD?=

=?iso-8859-1?Q?YAEBQSA3hXmdSdNFye4vbYcl6dRLO8Hi7Lv+jbsbpkKvonF0XNjiHUbOdn?=

=?iso-8859-1?Q?1jK73ctAQ4+utSWra/QQk0/1GdReOetkqvRqc8k8ye5tfe0nEvdgEqxcDJ?=

=?iso-8859-1?Q?VHRlUWXsUR0N3Qcy/mLz+PzXZ3QA2mCqN8J2p9OPCakfPBI5S1sLFDQQAV?=

=?iso-8859-1?Q?rWekQtLKAhmti4c2Kp+JvzyP6VfZpXVhRGzGMeyzBCBzkLhCQgeF2QUzvB?=

=?iso-8859-1?Q?v5GQiQZw08dA3LLZUpDvVzd0YFXJCtHYaXovzQietlvyeWFn/Br7gj0E/O?=

=?iso-8859-1?Q?o+iJT/g8pifUYnZHp4HioQJT1KVxewRMVe5Uez6eNf853qKby5asSzz2zh?=

=?iso-8859-1?Q?q/8VkgYCqMdmge3A7tjxawzRDJoMH7IxlcHkDhhcO54x5yvfbnyWpjuT0T?=

=?iso-8859-1?Q?/hlYpHVF+D6AfBcdCBbaBnoGrzPTSA+76gZ9VgZMFFKsDRXJ+wIuQWsGUg?=

=?iso-8859-1?Q?r3nHGrj0S8PX+xFpH51CA2kJLgoiS8WW7J7dU6sT9DDOdRzSLwX3JCv2Rd?=

=?iso-8859-1?Q?pvnBKUUAQ9TLqYD/R0wjL54LBE3Mc+e7eI/1CtqWY5ltQqhKP2Kcvag25T?=

=?iso-8859-1?Q?Rsb7M8Vhv9yUlP8LtGDZ9Gw+JWD2eIQIznesfWtsv5tWttVm7KGgs=3D?=

Content-Type: multipart/alternative;

boundary="_000_GVZP280MB0838D2E6469A818E9620D346E65DAGVZP280MB0838SWEP_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: GVZP280MB0838.SWEP280.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 18ce7a4c-3ace-4c9b-0f52-08de94132680

X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2026 19:31:50.4080

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVYP280MB0463

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings, I am Mr. Ammar Hussain Finance and Account, Qatar

Petroleum. I have one hundred million dollars for Investment. Contact me

if you are interested, I have all what it will take to move the fund to you

as a contract fund to avoid every query. I will give you more details upon

the receipt of your response on :mr.am [...]



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.35.36 listed in dnsbl.ahbl.org]

[52.103.35.36 listed in dnsbl.ahbl.org]

[52.103.35.36 listed in dnsbl.ahbl.org]

[52.103.35.36 listed in dnsbl.ahbl.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.35.36 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.35.36 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.35.36 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.35.36 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:150:f5:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

[52.103.35.36 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.35.36 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.35.36 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.35.36 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[cxcxcxcx028(at)outlook.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[cxcxcxcx028(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.35.36 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.35.36 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[52.103.35.36 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 MR_DIFF_MID No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

1.5 HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLY From and body contain different freemails

Subject: {SPAM?} MY TRUST

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Apr 2026 13:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9pv3-00000000JQQ-3w7P

for dave@doctor.nl2k.ab.ca;

Mon, 06 Apr 2026 13:47:33 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Apr 2026 13:47:33 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-swedencentralazolkn19010036.outbound.protection.outlook.com ([52.103.35.36]:44631 helo=GV3P280CU013.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9phL-00000000Ihv-36X9

for root@nk.ca;

Mon, 06 Apr 2026 13:33:34 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=W6PdewGrv6EjssQkP/25PFpRD74ua6zqH+/AhZ3EVcuuf/YWhLRFjfvEs5MRc3VVlSxYdS9vgYdLmnVEoWS/rQxRRAS+zfpbTm9jq/Xq7UbO+/p8Lmv0A84/cHno6eQb/al8o79WXmU/lOv+IES+jaVoLaG85TZjOEte3A3DjcKF0K8pESww79+nlkOBCHAtn6WV0BhWIhBWXSjzcnIe91uDO59FH1fsvEj2YnkFyOuGwdh2SHMhRPTXt0ZOg/qaUeX87PWHz55/m9oJ+Tf3Smrfvja2bNJdASKDRl9W8UPLprf7jVihM5Ma7aE7Dfr+l9w7UqcKsumMZhRjgNvowg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Ao2h2v0yophPG/1/QP2z48gqgTiY9ZKwqFvFxYjgSKE=;

b=tJzNjQ/z4C2/dcW/7hItdRn8TvKtjtkCzWzHskc+cqbCGVYgtC7g5UGNF16DoUxeoYpJdi81fiq6DpmCycId7urymN2t7xcUom0e+nTr1u3uEg2e4botLIkYVAmUjj4jZXMgkGG+r6hE6su42Z/qmOp6wvGKNVW/R0meVlhha3XxI1LLe6QnDRr8kdKZWmneie90VRJJAKM7LYFgMpdX1AofQdRj752Jc3KlghTqjZSHEGJZ/oNa8yNAeyne+A1cS2g1+c94iBvL18DeCGGgH+7Cv+YLzd+Cznnt/akP4/lZEtAXn75MCpJElE6SPfeOHMG9K7N2G9UpIb7KsJMx1g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=Ao2h2v0yophPG/1/QP2z48gqgTiY9ZKwqFvFxYjgSKE=;

b=Wf3neFQivsqW44s8m/Nam1YZd7ZCzigk5v70bGPKh2+Xuejt4tfEB78z6vHBBh6f7BTRa2elvaFgrXFIA0GZhO5c42gKJuY1QG13V6UtFzR1sKgEEUqCjtwE4xhZCP7oBRZX2YHZDyXinrM3q4tjkCSQZowhO8eSQvrIk+tgXsR/lmf1YDQWVjN4Tn0s3GK8rB0yoT6t0iYXCkRDPStFLdcw8vv0Co51wEUYXR0j2Clzw0J6fm4NC31Pw9ssF21IIIm8v/7yAGmUhvjwcwVr4C6Cd+1PkSF9tS3WWw3c1CIY9PoGB22tCfbtUgSHTviGJ1z8pg/OCNSAsyrLTFApAw==

Received: from GVZP280MB0838.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f5::16)

by GVYP280MB0463.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:36::17) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.20; Mon, 6 Apr

2026 19:31:50 +0000

Received: from GVZP280MB0838.SWEP280.PROD.OUTLOOK.COM

([fe80::8651:891d:631c:491d]) by GVZP280MB0838.SWEP280.PROD.OUTLOOK.COM

([fe80::8651:891d:631c:491d%2]) with mapi id 15.20.9769.020; Mon, 6 Apr 2026

19:31:50 +0000

From: "Mr. Ammar Hussain"

Subject: MY TRUST

Thread-Topic: MY TRUST

Thread-Index: AQHcwffeDEwaBnsINUKY5BNgl8PhWLXMTg5cgAFqm16ABLWBHw==

Date: Mon, 6 Apr 2026 19:31:50 +0000

Message-ID:



References:

Payment Failure for Cloud Storage Renewal Your Payment Method Has Expired We're unable to renew your Cloud Storage. Please update your payment information to avoid disruption to your service. If your storage is full, you can upgrade your plan to ensure you have enough space for your files and backups. Account Details: Subscription ID: Product: Cloud Storage Space Expiration Date: Without enough storage space, you may lose access to store and sync your data across devices. Cloud provides secure storage for your photos, videos, documents, and more — all accessible from any device. Update Payment Information Thank you for using Cloud Storage service! Best regards, Cloud Customer Support To stop messages regarding this offer, unsubscribe here.

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Apr 2026 13:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9pun-00000000JQD-2KwL

for dave@doctor.nl2k.ab.ca;

Mon, 06 Apr 2026 13:47:17 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Apr 2026 13:47:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from veovideoconverter.com ([45.124.64.68]:39997)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1w9oZk-00000000FRj-1USR

for root@nk.ca;

Mon, 06 Apr 2026 12:21:37 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;

h=Date:To:From:Subject:Content-Type:Mime-Version; i=root@nk.ca;

bh=An+4X3XSek3iA9XPrU7nXIRfP4c=;

b=HtJTpKR3KIpH+Ngau7cCoSoaZnSlmO0K4oiUWf/q3pfdcBzANn67cVG+CfeXKCPsrqtWbz8cmgFN

eRzjgRfCYA7FZBJ359npuouiceiX0X7PKLhUeRKWNQt5QHzTjIWJldnlHyuroyRgLOgwXo6D1N4V

8QR0sIuYoMDYwsvQfTxFEqrBvLeVxWNA3LYJZw54ZufSJk4N9mCinaLFgDBjsxz3mtVhaJylTig9

mJ7w+QX6OLo7wXl0d3o8VXChoulMph0hYYQ4C+qHYrlMidec7lom5t/l/ppK1yYB/agoPdjYDWEO

5V7319vadSBHHfAnWE4FGgfQdDeHcSq1sUVHOg==

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;

b=S2YPwvWyt9iKcmek+LMsOydY9WsOO9dmKH8kVf36UC6lq3zUek4HBDLDlRAJDFnNrSKFSu4spULD

inMn5bge/LhXd6oJVlMVF5cwMnKAJWMxCIUHgP90nHcmIjami7UCmim7G2WF6JiRde+rqERy8OR2

skLLNwPGqxQwyqSlPELLtZe5r+eG4fDeCW958cPqvqWLST6CrJMr4i0ypL9RvSMhl2aFl7Z+IDJ6

JNFE3ol5omxlk2Qh2dIeSNQ9BpYcuG8/Wf29hVsiyvg4prieg7Hh97HzTLe0s58rMo1tWcN8Es+7

SyhgJFq1/o5DDfHXMxJAUmZX1yNRSyom6hmo0w==;

Date: Mon, 06 Apr 2026 18:19:57 +0000

To: root@nk.ca

From: System Alert

Subject: root: Uploads Paused: Storage Full.

Content-Type: text/html

Mime-Version: 1.0

X-Spam_score: 9.3

X-Spam_score_int: 93

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Payment Failure for Cloud Storage Renewal Payment Failure

for Cloud Storage Renewal



Content analysis details: (9.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[45.124.64.68 listed in dnsbl.ahbl.org]

[45.124.64.68 listed in dnsbl.ahbl.org]

[45.124.64.68 listed in dnsbl.ahbl.org]

[45.124.64.68 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[45.124.64.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[45.124.64.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[45.124.64.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[45.124.64.68 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

[45.124.64.68 listed in will-spam-for-food.eu.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[45.124.64.68 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[45.124.64.68 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: ni03hfph.com]

0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[45.124.64.68 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[45.124.64.68 listed in bl.score.senderscore.com]

1.0 OFFER_URI URI: Offer in link address

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.1 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

Subject: {SPAM?} root: Uploads Paused: Storage Full.

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Apr 2026 10:13:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9mZN-0000000009a-49BB

for dave@doctor.nl2k.ab.ca;

Mon, 06 Apr 2026 10:12:57 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Apr 2026 10:12:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ot1-f73.google.com ([209.85.210.73]:61740)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9luf-00000000NfW-4A8U

for root@nl2k.ab.ca;

Mon, 06 Apr 2026 09:31:04 -0600

Received: by mail-ot1-f73.google.com with SMTP id 46e09a7af769-7dbb4f8b314so8486552a34.3

for ; Mon, 06 Apr 2026 08:30:07 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1775489401; x=1776094201; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=hRDo+JqK19JNBk6pMXb/7QYwK5fEnhzu0Bed+Jk3AOM=;

b=p+Gno7OFzEDZzaHyZFfsCFw4oASg9lP8INt/VjfJNcrNSindAu1akkt0jim3xqihI6

NkQsZE9EJtH7aU2dt1SUUZa0hdjaTcM6CJiZdLq1Ik27ADifE106LBhXaU7t0dumJkt5

XhzQO+QHWMsi68ofmcdsXU6WMO63L6/rcmCvzX89RnSqcV2QcAAa7Tw+E9bMkPGleoKH

slgO236TYTD0GPmwUKRY95MY9cu8oXngwaj/DJE/0Cv477S6qE/VoRHljdbmZQM72+aP

FA4pc5MfVjEj0vQtgl+G7pKgLCr/8nkdTJaMLsvUAUkg3sB5zqZ/EuRGMwVaiq/DTLOs

s62A==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=meutiim-com.20251104.gappssmtp.com; s=20251104; t=1775489401; x=1776094201; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=hRDo+JqK19JNBk6pMXb/7QYwK5fEnhzu0Bed+Jk3AOM=;

b=aV7Ys5emtm6Vwvtiq2GDcyji25zZ2Uo6K8CaE+451INXD+aD0lKxkisq8kpiXoF2T7

LDXJD6Hh1vPJ61kpQeaI0Bd/jK00uZnAwSixb8IBKqoQHblJlIzWctKa0yCLp9PzjuXI

atcbqBqYm9gS+TZ0uTAZ0J19egQtfQ9rvCvdyjRNjIzGHaDQwoHhHl5tjMKcWAw66HNf

becHXf29KGfcVqRe0WgbHWvobw7LRUPHzrXFeizjRPfqTFT1kwFlumbiNrKZ/dElrp4M

YrfemTeEL6eSVGhoiG3x1eBkgxcijIa77uxRKIXy1vwIJkg91wQrgkoti6QogBnT3UDx

evAg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775489401; x=1776094201;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=hRDo+JqK19JNBk6pMXb/7QYwK5fEnhzu0Bed+Jk3AOM=;

b=aqSHkNkNHf72pjRBni4GbVv0lYU5IrO09VW+QPKp8pwJ/nwZ8R1kuArZIlfExja+2L

60d8vMM3cGzWziXPSlqtEX2O4H/PP/IGE7Hof3qaQaHfUktSURHbjQOtxlu8Hkb+nZ7C

ngFZG88EIcpiLyVQDsg6bpo3tJDkfzL7nv/46N7uJLU6eTksVqD5M06jozwWQu4+JfXQ

Cluh25vWri0C/kOa5JB5/LO3rTjtOtb4VZ1/27o1mPa2zXpisvnZt0KwKhOB6fjnVfiJ

/NffA4RM6YwuL4npveUNMT8boCphBguk7uatLzxg7m9W5k4ORii1P45LL2CQEXAWtwa9

4B7g==

X-Gm-Message-State: AOJu0YzqRX8evZM2cx4ovTkewy+R8udQrGtxewDpumaM4Yqtew1+PIHQ

J9DDsbJXdD6uV7To2zXa5ubLl8qTN8ZSlgYyPzAptlFzh6bNTF2rqjSXn21PDyTGDCLQmHYrNFo

uM1LERYa6QPwCKRaJo1u54gKH00XdYT66gCLIhOCnDbYYXgfqiuSvu1LP

MIME-Version: 1.0

X-Received: by 2002:a05:6830:700f:b0:7d7:e792:b98e with SMTP id

46e09a7af769-7dbb738ac2emr9341949a34.8.1775489401029; Mon, 06 Apr 2026

08:30:01 -0700 (PDT)

Reply-To: Allstates Yaunke

Sender: Google Calendar

Message-ID:

Date: Mon, 06 Apr 2026 15:30:01 +0000

Subject: Invitation: Notice: Your Plan is Due for Renewal Soon @ Mon Apr 6,

2026 9:29pm (GMT-7) (root@nl2k.ab.ca)

From: Allstates Yaunke

To: root@nl2k.ab.ca

Content-Type: multipart/mixed; boundary="0000000000000d105e064ecc5797"

X-Spam_score: 10.0

X-Spam_score_int: 100

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Notice: Your Plan is Due for Renewal Soon Monday Apr 6, 2026

â‹… 9:29pm Pacific Time - Los Angeles Good morning, This is a reminder that

your Microsoft Office 365 subscription will renew on Monday, 06 April 2026.

A charge of $495.47 will be applied automatically as per your agreement.



Content analysis details: (10.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.73 listed in dnsbl.ahbl.org]

[209.85.210.73 listed in dnsbl.ahbl.org]

[209.85.210.73 listed in dnsbl.ahbl.org]

[209.85.210.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.73 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

[209.85.210.73 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.73 listed in list.dnswl.org]

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.73 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Invitation: Notice: Your Plan is Due for Renewal Soon @ Mon Apr 6,

2026 9:29pm (GMT-7) (root@nl2k.ab.ca)





Allstates Yaunke has invited you to Notice: Your Plan is Due for Renewal Soon

Title: Notice: Your Plan is Due for Renewal Soon

When: Monday, April 6, 2026 at 22:29

Organizer:

Allstates Yaunke

Description: Good morning,



This is a reminder that your Microsoft Office 365 subscription will renew on Monday, 06 April 2026. A charge of $495.47 will be applied automatically as per your agreement.



**Invoice Data Dashboard:**



Quantity: 3x Device

Product: Secure Core

Service Term: 5-Years

Payment Option: Auto Debit

Total Amount: $495.47



Client ID: XGWKPFIJ61

Activation Key: 2d4a6166-29ef-486c-b79b-ed0fb8b98a4f



To avoid renewal or make changes, please contact us at least 24 hours before the scheduled date.



For assistance, reach us at 1 810 219-4231.



With ongoing thanks,,

Microsoft Defender Plan

Accounts head: Cynthia Byrd

Assistance Phone Line: 1 810 219-4231

Finance Team: 252 9Th St - San Francisco Orlando Fl 32801-3728 Usa

Helpdesk Hours: 6 AM – 6 PM

Attendees:



root@nl2k.ab.ca





Good morning,



This is a reminder that your Microsoft Office 365 subscription will renew on Monday, 06 April 2026. A charge of $495.47 will be applied automatically as per your agreement.



**Invoice Data Dashboard:**



Quantity: 3x Device

Product: Secure Core

Service Term: 5-Years

Payment Option: Auto Debit

Total Amount: $495.47



Client ID: XGWKPFIJ61

Activation Key: 2d4a6166-29ef-486c-b79b-ed0fb8b98a4f



To avoid renewal or make changes, please contact us at least 24 hours before the scheduled date.



For assistance, reach us at 1 810 219-4231.



With ongoing thanks,,

Microsoft Defender Plan

Accounts head: Cynthia Byrd

Assistance Phone Line: 1 810 219-4231

Finance Team: 252 9Th St - San Francisco Orlando Fl 32801-3728 Usa

Helpdesk Hours: 6 AM – 6 PM

When

Monday Apr 6, 2026 ⋅ 9:29pm (Pacific Time - Los Angeles)

Organizer

Allstates Yaunke

allstatesyaunke@meutiim.com

Guests

(Guest list has been hidden at organizer's request)

Reply for root@nl2k.ab.ca

Yes



No



Maybe

More options



Invitation from Google Calendar



You are receiving this email because you are an attendee on the event.



Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 05 Apr 2026 20:52:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9a3N-00000000Mvk-24V9

for dave@doctor.nl2k.ab.ca;

Sun, 05 Apr 2026 20:51:05 -0600

Resent-From: The Doctor

Resent-Date: Sun, 5 Apr 2026 20:51:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mta-sp-e02.jcom.zaq.ne.jp ([222.227.81.162]:58592)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9WK2-000000003ZW-2TvH

for doctor@doctor.nl2k.ab.ca;

Sun, 05 Apr 2026 16:52:11 -0600

Received: from mta-or-e02.jcom.zaq.ne.jp by osmta0002-jc.im.kddi.ne.jp

with ESMTP

id <20260405225110327.QNTR.35798.mta-or-e02.jcom.zaq.ne.jp@mta-sp-e02.jcom.zaq.ne.jp>;

Mon, 6 Apr 2026 07:51:10 +0900

Received: from yurgv by omta0002-jc.im.kddi.ne.jp with SMTP

id <20260405225109892.ECZV.35830.yurgv@mta-or-e02.jcom.zaq.ne.jp>;

Mon, 6 Apr 2026 07:51:09 +0900

Message-ID: <86864e9460a48e85a60900ab5ab4beb4ad3322e6@ioctv.zaq.ne.jp>

From: "You've been HACKED"

To: you

Subject: Information about your online security

Date: Sun, 5 Apr 2026 15:50:53 -0700

MIME-Version: 1.0

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: 8bit

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ioctv.zaq.ne.jp; s=default-1th84yt82rvi; t=1775429470;

bh=5kR36n33qc3wfHVKBYN5pBjlKDYsUjoKOy3cKvxK+gs=;

h=From:To:Subject:Date;

b=SQs0hR7exEWTLPdFOilQvFAV/D/gdo3bhaFMZWnGMa6Bgey9SFB1p31gEbMstUEaiV7dWG74

yJpjLo9q8xRZNgfphuYklNujH5agbi6rzZoBMInK/1Ea1BV+rVpQpuehembPoI6YHiJ06mu+7+

xGMSk6mmERlJVviPrOlb7IjfdXOs7R3anwAW47dJSHKwjIpcViBA3dIK8JwVC1TiToe0mJV3sp

tBDWI8PFzLyhcRiMhVTxr5tynwFI1E90+w8xD/tjHgy936emP/sIlPPjTTTrLANU9+fx/5V681

YlWxgQOLrO3+qCF58e2C0Lif3bnL32BMOKH23bgPSNxo+Lgg==

X-Spam_score: 11.9

X-Spam_score_int: 119

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, We are ShinyHunters hacking group. We've known each

other for a while, at least we know you. A few months ago, we gained access

to your devices and started monitoring your online activities. What happened:

We got access to the database CarGurus.com where you had an account with

and easily accessed your e-mail. You weren't very careful about the links

you opened. A week later, we installed [...]



Content analysis details: (11.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[222.227.81.162 listed in dnsbl.ahbl.org]

[222.227.81.162 listed in dnsbl.ahbl.org]

[222.227.81.162 listed in dnsbl.ahbl.org]

[222.227.81.162 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[222.227.81.162 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[222.227.81.162 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[222.227.81.162 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[222.227.81.162 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

[222.227.81.162 listed in will-spam-for-food.eu.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[222.227.81.162 listed in bb.barracudacentral.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 TO_MALFORMED To: has a malformed address

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.2 PDS_BTC_ID FP reduced Bitcoin ID

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

1.0 BITCOIN_DEADLINE BitCoin with a deadline

1.0 BITCOIN_ONAN BitCoin + [censored]

Subject: {SPAM?} Information about your online security



Hello,



We are ShinyHunters hacking group.

We've known each other for a while, at least we know you.

A few months ago, we gained access to your devices and started monitoring your online activities.



What happened:

We got access to the database CarGurus.com where you had an account with and easily accessed your e-mail.

You weren't very careful about the links you opened.

A week later, we installed an exploit on your devices including your phone, giving us access to your microphone,

camera, keyboard, and all your data.

We have your photos,browsing history, conversations, and contact list.



Besides other things, we discovered that you frequently visit adult websites and watch explicit videos.

We managed to record you and created videos of you pleasuring yourself.

With a few clicks, we can share these videos with your friends,

colleagues, and family or even make them public.



Proposal:

Send us $2000 in Bitcoin to the following wallet:

bc1qwd4rfmy39pfs58kgs95knx3v0xw47g3rtkud5j



We'll delete everything immediately.

You have 48 hours from the moment you opened this e-mail.

Once the payment is received, we'll remove the malware from your devices.



What you should NOT do:

Do not reply (email is sent from a hacked account).

Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.

Do not try to reset your devices—everything is stored on remote servers.



What you don’t need to worry about:

Will see your payment immediately—The wallet is generated specially for you.

Will not share your videos or other things after payment—There is no reason to keep causing problems.

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 05 Apr 2026 13:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9SoJ-00000000FJ9-3OMY

for dave@doctor.nl2k.ab.ca;

Sun, 05 Apr 2026 13:07:03 -0600

Resent-From: The Doctor

Resent-Date: Sun, 5 Apr 2026 13:07:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yx1-f53.google.com ([74.125.224.53]:48610)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9Pvb-000000006Q7-2fiJ

for doctor@doctor.nl2k.ab.ca;

Sun, 05 Apr 2026 10:02:33 -0600

Received: by mail-yx1-f53.google.com with SMTP id 956f58d0204a3-64ef161129bso2562583d50.1

for ; Sun, 05 Apr 2026 09:01:36 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1775404890; cv=none;

d=google.com; s=arc-20240605;

b=jRTk1sVe0rabkPTcwcCsJOXywTOG6f1TM4/yUiM3c1uN7uuuy2xxtzZusAfpgg6DiP

H5XJpxsi4FiMeNq6XGi+ysLFw9FZgTfd7hBKXjMzuPgQdVHwhwwoVPJuA2R/q9xcgQlu

leYuSHPTiUGwFg9uueDi/fwGMAwwkZhZ2cNMpBqENLML8nsOTi4aV1J50cTkmt0YhLfX

CTxjh3xNd9OQilN77o6x0F+4KNgV4riJjSKEb2V/2rPoRVzsQSbqnGQEeVi+MvArX9/N

mMzBOPZ7WrWItSbDcMeFiVYKTYtvoSqYGBhP1hUhET2kvOKYxc9IoBkHvwpnIcRkf4cw

CyuQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=OzAuvCXaR8VtgAo2YlN3HOaSVK/FgiFFi3Ga2aGkE8s=;

fh=b+UGVVQofpdbvjMvi60mvv7ySk/qKKWEme/8ac+byQg=;

b=DuSUbpu6iGeagWIH1mCWkSlVCVo6xXEdWv10xdRnd6Oy/khskzLkCpoA2GrU/dFZpq

LvR5a6uaVZEtqNFO0bKpVNkQk2ebPDYMxYUgY/65BaMu4YUl/3clw8K37ahWdBv/CrqA

UiCGNxI4FrssD0QewDzU+ITfQEkhSQ9vAcJR6bgtjDTZxc9xeL85d9JpwRoIjy3+jzH7

Szq5Lk3PCMeDdKPuq+3wV2rWTtvzP3ftRzrXuKxH4YfXAEfbC74MUnx87ZcGdQ0kbhfj

LyKcESjzV9EPFkE+hfO6w7ktFvW/AgFtUnABwh7mLqepSLW9CgZirKTCYX+UQeS0sbbv

/Rmw==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1775404890; x=1776009690; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=OzAuvCXaR8VtgAo2YlN3HOaSVK/FgiFFi3Ga2aGkE8s=;

b=miqh0l65tv25XjmN4hMJSyjpEqm50hOhiSJ67a44SCGZsArNFqyvwtZN0/WUhjSzz5

CzEizZ2qUSB5f+xpb4Sz8WTab02pOlCL/tcT8LlOtsEvDs7WGp0CDrTrSLdrr5rX9X2Y

ES5EgSeKWlgquAL5haOHQTWJn5JtLA5Wo5YzRHYwX5JWdAkDBYdmKUjPLs3y0cyptcU7

5vsYjcAQtz43E6Noeb3qYNqjsfCzib+HspHbrIu9VGeeeEzj3eHVrO3MJSxKPtARd1Kt

6K2nmqHFHt4y/XHxjFMaMMkzHKnr5nEpdgrnOKOqvGNqoT0oQHDSJa3i3WzKFzkbN9r0

vCVA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775404890; x=1776009690;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=OzAuvCXaR8VtgAo2YlN3HOaSVK/FgiFFi3Ga2aGkE8s=;

b=cnmsrF2V9PEfVx+7g05E+Q/xqtwp1Vvjcod7zVdCRQa1EoyQh+7lXxePk7V7i0PHpj

qYKMZv5/uiUuvyj7hPDN+jqj0XPjcfsOHww4nqAQQ1RH5Q5SCmxJ7BcAQD1n9WC4dFzE

QzeKG/EoD/BunFcsqm/IalFamEfO1W++oLghHGtBKCY5mt6H9x1B5AiRy2AlgQs1uy8Z

c97ILNHHKGWdGEW3Ye2f9TF/WrDfZb6LhqjYv60UU9EcO95bZ/uLfZmcVndqZndW48/c

4ZnDWO9HcbnwWm41VMok3SbnR7Re1hUsRYCuHtCIu5QacZoKlJdt/BhFvvJnletQDObc

DGeg==

X-Forwarded-Encrypted: i=1; AJvYcCVPtHmE7T6/iq+E6Hjv3sfJIzkvcM5K0Bv3688hSf5+1mFMVslGMV4+9w3SPzOsg682AMFuXxM=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YwpYEp/TkgaYPErajvj+I4JZzxjawdTH6wK8s/PA+/nnbwFB+JA

aQjyiu8f4onZre0ZD3IQzHhrHMix2SOyy6lqPWbmCRFTz/82uh+Cwjyczea5fHtFMj0kGBHSQVd

n5L347Hyh+YUzR1er9NIRCNA/vKNe6GQ=

X-Gm-Gg: AeBDiesVHbufCN97qFpQbaa9bpY9+IjqT34gnst3uHy5JTywZx9foy+4IsToXVaLyfk

H7U7oqUbXZyNVHcUyT2E1rEnzsBtvCdJnQ7qonwUEANF6h3lHf0WBte+6swycTmc9OLSSH60QPn

kInaQhoINAhrzZXSVtpXtLILW9vWu3XN2qxxTXFS9ml8ZDvhWHGQ8gejq5VQMZQk2/mo2OSxUka

DsKoPhMuczVNFekJKhC9YUkcgoB59MyTqbHOwwDSg/6RJoJYLkOC7bBWr7ML/W8GKu9ulpo0Xda

s9DCTADrSB56iipN+9ZYCU77a4xsH5P/A31hA3NBcgCbBUAV7cF5gI7Ph/RmvW3+JQypkB+hfVz

5+47GWTiXIuw=

X-Received: by 2002:a05:690e:1591:10b0:64e:a853:624d with SMTP id

956f58d0204a3-650486e4273mr7260236d50.19.1775404889694; Sun, 05 Apr 2026

09:01:29 -0700 (PDT)

MIME-Version: 1.0

Reply-To: selassie.abebe@yandex.com

From: MR OLIVER

Date: Sun, 5 Apr 2026 09:01:24 -0700

X-Gm-Features: AQROBzBbGnmvpOAdEex1enL2PHZPdMcghXFbIPylt-OCgIOmoAPVAHF-wXZSRx0

Message-ID:

Subject: RELIEF TRUST

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000c86648064eb8a908"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 24.3

X-Spam_score_int: 243

X-Spam_bar: ++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir/Madam, I am Mr. Edward Stave, a representative from

the British High Commission, focusing on Compensation Matters for fraud-affected

victims.British Government has allocated $2.8 million each to those affect

[...]



Content analysis details: (24.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[74.125.224.53 listed in dnsbl.ahbl.org]

[74.125.224.53 listed in dnsbl.ahbl.org]

[74.125.224.53 listed in dnsbl.ahbl.org]

[74.125.224.53 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[74.125.224.53 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[74.125.224.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[74.125.224.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[74.125.224.53 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

[74.125.224.53 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[74.125.224.53 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[lynnkate071(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[lynnkate071(at)gmail.com]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[74.125.224.53 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

1.5 HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

2.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} RELIEF TRUST



--000000000000c86648064eb8a908

Content-Type: text/plain; charset="UTF-8"



Dear Sir/Madam,



I am Mr. Edward Stave, a representative from the British High Commission,

focusing on Compensation Matters for fraud-affected victims.British

Government has allocated $2.8 million each to those affected victims to be

compensated



1. Your full name

2. A form of identification

3. Your contact address

4. Your phone number or Whatsapp number



I await to receive these details to enable us to do the needful.

Yours Sincerely,



Mr. Edward Stave



--000000000000c86648064eb8a908

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

=C2=A0
>Dear Sir/Madam,

gnature">

I

am Mr. Edward Stave, a representative from the British High Commission,

focusing on Compensation Matters for fraud-affected victims.British=20

Government has allocated $2.8 million each to those affected victims to=20

be compensated

1. Your full name
2. A form of identification
=

3. Your contact address
4. Your phone number or Whatsapp number

I=

await to receive these details to enable us to do the needful.
Yours Si=

ncerely,

Mr. Edward Stave

--000000000000c86648064eb8a908--

--000000000000824158064eb6c53e

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello, I am Mr.Michael Adama, and I work with UNITED BANK For AFRICA.

Please Can you use an ATM Visa card to withdraw money at ATM cash machines

in your country?



I want to transfer money to you from my country; it=E2=80=99s part of money=

taken

by some old politician that was forced out of power.I will change the

account details to yours, and apply for a visa card with your details in

our bank,



they will send the visa card to you and you will be withdrawing money with

it and always send my own percentage of the money,



and the money we are talking about is $9.5Million us dollars. Whatever

amount you withdraw daily, you will send 50% to me and you will take 50%,

the visa card and the bank account will be on your name,

you can contact me with your private email I.D (

mr.adamamichael2005@yahoo.com)



I will be waiting for your information as soon as possible.



Your name.........................

Age..........................

Sex...........................

Country.....................

Occupation....................

Whatsapp number....................



Best Regards.

Mr.Michael Adama



--000000000000824158064eb6c53e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable







--000000000000824158064eb6c53e--

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 05 Apr 2026 09:12:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9P8D-0000000041c-3jjm

for dave@doctor.nl2k.ab.ca;

Sun, 05 Apr 2026 09:11:21 -0600

Resent-From: The Doctor

Resent-Date: Sun, 5 Apr 2026 09:11:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pf1-f195.google.com ([209.85.210.195]:43378)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w9NoX-00000000PBD-3II9

for root@nl2k.ab.ca;

Sun, 05 Apr 2026 07:47:07 -0600

Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-82748257f5fso2442864b3a.1

for ; Sun, 05 Apr 2026 06:46:11 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1775396765; cv=none;

d=google.com; s=arc-20240605;

b=FCduBtW6ht/t4PlGupIM1PtpzafuxQojBnPW32Gv9ULX9TkMqYYRmttpL+zkgZqpwn

5FbMvjTBRpDztc6XeFRwa578rJdGfxIRcnR2UeG6fLZAlh6Us0Kc+blL8MgAPJCUkuFm

xQEgVDI49p6TVxohemzZwgJDGIALyUz/Y6Kj7XnRBG+xjPLpxDcoBZptjWs/jwtlXVMI

yeh0rBrDIH8q5KnGE/L9Q0YpRIdXAIZHI46q90rkGWkMqekQmF+E5W7LUqMOkEzgshkD

d+zEdVHztIqnad3MjwxLjpu6oBsGueTR2ItBMBfo1gMxE5vFU7A6e2Quhr4mePHl4nS4

jE2Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=EmkD46zGjAj5ZIR/R2aK2hL+2pdXR32zXBGzb/y/hg0=;

fh=/B80ccZkeOcSPva4GFuEGZFIHK0pvPVy0qSpZr61LuA=;

b=Us+W/gJDRnEQ66MszMaymNrm8Ae4f1Gv6I4UkxMOGsnHIPafB8A0QGh5tlhD2dJAWo

Nk6kNwfLZimRPAsgK+OiU77hs3q/dMMQL2g5uOU3pfdsekUpuB81p/ENMYGXLsY+Vwre

RKwZj4oCQst8QR056pt2K7DkGreSaoQbiuB4zVWN6tu93R79f+Q2q6Fjl9oLiekT0ypO

jqo7MxCU59BTDVd/em7v5ZBniuQCmZZRHXHimxGw5RF9KIt37EwHVYEZraCmmi8gaydO

lIbQ8BlnG4pmjM49/CRgyt9OLiYvUTNx8/PZTZkdqm3sNQBZ30Wj+2ZQ5SVM2FWTt81D

AdNg==;

darn=nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1775396765; x=1776001565; darn=nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=EmkD46zGjAj5ZIR/R2aK2hL+2pdXR32zXBGzb/y/hg0=;

b=e+o67QVq9nJzcrY5dlcH2R7bQrZvMlYMCXEb7jBWjVoIEUcu04gI32wABWwhCNKKsh

4tEbRp9FDt2+bk+u0vAPfB12qZgGQZEBV2p15NWPdhpYK79b+Avj9dMirkhl9tbYQtiY

msb8cMHFdzmpXvCfxt3Ad0KeLvGi+VNzRpG+/mg9sDbSKsG1axtvE3eK+7yQfWsk98aN

YsW49EaZyUGj8DySSFmU0WiPchGJq9CiL7ulERgedNZ+PwdNcyTTbcXJqWN666Tg75iD

jXF282mok5XBj2nnbW47TFWFp58UURvcVxtAEhIsP9k0gy3xjAznBvHlHEJFiixwyUK9

UYew==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775396765; x=1776001565;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=EmkD46zGjAj5ZIR/R2aK2hL+2pdXR32zXBGzb/y/hg0=;

b=qwpef3iJR6lPC7QIJusxSa39/ULJKx/lj3C0EupJ1Ef1R4xfwhXX52ObYp0IgrqSI/

fiCxIYG+SVc9uIr82o0z8mj6okobnjrtjIlcUJ2MZUQim8ze/7CblKXPNTc9FArbe7a1

jEd424x8DRJB1SpGQxtxkPcvBmBC0VN1+KyD4RlSktUZx4B5UCPpvkg/CKSbMSFlEvhz

NP3NjDFQerWlFRBJLvuywrI/fMljsg7SgPv1xappT3HoUiqDGk1Vkn8LITJ5sP+u8hjN

0nUJoEZ/Buvndt+8W8Zeq5jh1+bI3zVO3T4GgoiUNm1B8yab/FxVEmMI8rYJaLZ6CUbk

q2kg==

X-Forwarded-Encrypted: i=1; AJvYcCXA/0PJnqs/MAB4N0bewvPTPhSkXi3CDD7NyLPYz3JELK+oIuCnHx7t3b84PAn6uuhaShCR@nl2k.ab.ca

X-Gm-Message-State: AOJu0YxuusQNncvl8PE7kbrtLyoBR9oAiUSzG3VCrrNdj7pbwxs90Luf

Q+T7WBfPkhqNhGmYN7CfXtWapIXV1UMZc2cdyS2YUdWVwFJijRebYzgS0d7h5AkZ++DczhPSMDT

4ZffeIb0GLu64VU8IOKlm//Qpu9iHTM0=

X-Gm-Gg: AeBDievYSPPdkUckTlXhGatLT4rX+m1mvsXl1QAr2Uml3MyvfjUEvqL/rVrIf9OX0vD

7rTgFDA8AKz1Afj1Xy2R4hee7rJo0blso1KSegLLrRz5TxiR7tGAKWRs5z7ybMQs6TrB4i9Qn2Q

9zrj1qV7BxD7Gebc0/E9hn7XnSUrc5+Yu8MgT4IePjgoyovuAx6i1c8uI2TFwxAECMg1AwsoS6z

kJRYAikDeTZPB6jJeLqVcEJTEmx2fYqznjfiTHdNDYEGwyKXPGUC3ccaVsPJyW458tLRW1Qbt58

T7YRiAtgqUySobADXsqxXhOCOprDJHZvNkc2/FRU

X-Received: by 2002:a05:6a00:c90:b0:82c:2104:ccb3 with SMTP id

d2e1a72fcca58-82d0031f927mr11402748b3a.17.1775396764925; Sun, 05 Apr 2026

06:46:04 -0700 (PDT)

MIME-Version: 1.0

From: "Mr.Michael Adama"

Date: Sun, 5 Apr 2026 06:45:51 -0700

X-Gm-Features: AQROBzBjQ0K61LUFX7OwMiJ_dK5dobkXpzJjI2Ka5tWlvarPVogaRvFKM1v7xUg

Message-ID:

Subject: Hello, v

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000824158064eb6c53e"

Bcc: root@nl2k.ab.ca

X-Spam_score: 22.8

X-Spam_score_int: 228

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, I am Mr.Michael Adama, and I work with UNITED BANK

For AFRICA. Please Can you use an ATM Visa card to withdraw money at ATM cash

machines in your country? I want to transfer money to you from my country;

it’s part of money taken by some old politician that was forced out of

power.I will change the account details to yours, and apply for a visa card

wi [...]



Content analysis details: (22.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

[209.85.210.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

[209.85.210.195 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.195 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[leom81561(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[leom81561(at)gmail.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.195 listed in wl.mailspike.net]

1.0 MONOTONE_WORDS_15_2 BODY: Many lowercase words (15+ words, 2+

letters)

3.6 NA_DOLLARS BODY: Talks about a million North American dollars

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

1.0 FREEMAIL_REPLY From and body contain different freemails

0.0 T_MONEY_PERCENT X% of a lot of money for you

0.0 FILL_THIS_FORM Fill in a form with personal information

2.3 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

2.2 FILL_THIS_FORM_LOAN Answer loan question(s)

0.0 MONEY_FORM Lots of money if you fill out a form

0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s)

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

2.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Hello, v