NetKnow Corporate Blog

Cloud Credential phishing from Google Gmail

Posted by Dave Yadallee on Friday, March 20. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 05:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YCD-00000000Lxy-1eoo

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 05:39:17 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 05:39:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f71.google.com ([209.85.161.71]:56453)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3R8k-00000000ND8-3s4A

for doctor@nk.ca;

Thu, 19 Mar 2026 22:07:28 -0600

Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-67bb2273d42so24174348eaf.0

for ; Thu, 19 Mar 2026 21:06:29 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1773979583; x=1774584383; darn=nk.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=DMwdCgbtcnKD1H+oGTFQRPoC4VzlbGKFHNv7aS0uQ2U=;

b=dIa1OjEfNfzSbyV8zHSaOBG8KLxifT8ML7z7B3pl5neH05hLEUC8gO/DiAciV3Adyp

RrAkJPxXXIxZtAUkMmJOaXbpLetNdKKbDA4Qyb5qoNjYASj+xbRcbZOcoUK50ODmazC4

gMtEL/rUWy4DrEbD6RjEWh6rg0Z3YBGKXSxLs91xyzQhqff34YKFtsRnJWs87l0jPHRR

nREWM+nZvXqr94zuvzU69jI1wTF0DPWiM6J+AEXHoyySVDGqqrhV8t7JvjtSlF8el9nE

ZenYGU7nhl41lz1ackbY1BvUSEQNlUfR6x44fzkgJjyhGezU6ljVLOOcQdj61tclLmbW

rK9A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773979583; x=1774584383;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=DMwdCgbtcnKD1H+oGTFQRPoC4VzlbGKFHNv7aS0uQ2U=;

b=d6+2Fjs9xliLQjBeraUB7RJY84pkQ1tmmoiEMO7wNg1Eht5xvK7bgm4qnTMwUWMNvL

xKENSyMn/TBoMwqs2+PK/I/8Qyqb6uzAapIfWoeAZyvvmG2RTa1in30+R8UILoI4R9T6

PJnfxi+Zu6e23PZWKkajs4+/R+UMBU3UWF34ejrpItLJj6Y6744I+D7dEvRrCin22oR6

fAhgsmEEMtoWuqS/fMS+zfXFAqcDqZ4XNC2sfEiiJj2MDRpKhB5NQE4TNRqwHh7vuu2L

UdLTA9V02fwi3zAxEQUhY6ZVE956UEU7Qdks+bF6YHRp8kY8LJh6zeu1bhj8YWJaUsb3

mVDA==

X-Gm-Message-State: AOJu0YznawYYtwjLlPqezHqYWaHNDThOKkQTvdmoPeBkIFrJtI0KibzR

EYU0v387Laa7cvlpcM910w1f1onh7+5RGIpDqqgNVAkhl4QGqD5L8Ll/4fgcsHkKq1nCm9rtdWI

FsYXwRTEW7w==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:4dfc:b0:679:e9c1:a91b with SMTP id

006d021491bc7-67c22ee1456mr1330735eaf.22.1773979583228; Thu, 19 Mar 2026

21:06:23 -0700 (PDT)

Reply-To: cloudsystemnotification@yopmail.com

Message-ID: <000000000000e5add8064d6cceb0@google.com>

Date: Fri, 20 Mar 2026 04:06:23 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

From: Cloud System Notification

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="000000000000e5adcb064d6ccead"

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your mailbox has reached 96% of its storage capacity. Manage

storage or confirm your account. ABCDEFGHIJKLMNOPQRSTUVWXZY0123456789ABCDEFGHIJKLMNOPQRSTUVWXZY0123456789ABCDEFGHIJKLMNOPQRSTUVWXZY01234567

[...]

Content analysis details: (12.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.71 listed in dnsbl.ahbl.org]

[209.85.161.71 listed in dnsbl.ahbl.org]

[209.85.161.71 listed in dnsbl.ahbl.org]

[209.85.161.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.71 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.71 listed in list.dnswl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: ni03hfph.com]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.71 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.71 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URI: ni03hfph.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

[209.85.161.71 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.71 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.71 listed in bl.score.senderscore.com]

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.71 listed in wl.mailspike.net]

1.0 OFFER_URI URI: Offer in link address

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.9 URI_PHISH Phishing using web form

1.0 ACCT_PHISHING Possible phishing for account information

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

Your Cloud Storage Is 96% Full

Hello,

Your mailbox has reached 96% of its total storage capacity. This may affect your ability to send or receive new messages and could result in important communications being delayed or lost.

To avoid interruption of service, please take immediate action to free up space or upgrade your storage plan.

Click below to confirm your account status and manage your account prefernces.

96% Used

Get More Storage

Thank You,

Cloud Storage Support Team

To unsubscribe, click here.

Cloud Credential Phishing from Google Gmail

Posted by Dave Yadallee on Friday, March 20. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Mar 2026 21:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3Qhh-00000000LXo-2SZr

for dave@doctor.nl2k.ab.ca;

Thu, 19 Mar 2026 21:39:17 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Mar 2026 21:39:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f70.google.com ([209.85.222.70]:50243)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3QWl-00000000KzP-05Fs

for doctor@nl2k.ab.ca;

Thu, 19 Mar 2026 21:28:12 -0600

Received: by mail-ua1-f70.google.com with SMTP id a1e0cc1a2514c-94e9d49f7c7so2864746241.0

for ; Thu, 19 Mar 2026 20:27:12 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1773977225; x=1774582025; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=7PPaEVuDBUGgO+IMhMYGV1IXBFYubXVp08rGvft4s/4=;

b=EYuhgslLacoyMLycRQjPwFV2v+HL009PujiGecYOvvFRmzcy4Nwl02z1Ai2jPbrGsc

0P/dpgdW9eOWjcbI7fZj64UcWip93IAznvwBxLtMFgJf3OzVaqOomNW47fTQp9NQfBO3

MZ8iAVUnkKnPSKolLcLSyFrlM5Uq3tlWqaM9qTTArk8ax2W2mm0jAKtIxAJBOqccNDUY

zOp9sfRJDzkwO1upvNKczORasMgZJgSplea0Jf2nkcmsFnYbF1ucBYekTOQo7WN2yMgF

6FGTs+f1Wr0Crq0ZSGVf4O3fTDWKb10HDKdjvP12jiwuVQaS0lbBJjcGGoQ36O7Eo2qS

E+bA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773977225; x=1774582025;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=7PPaEVuDBUGgO+IMhMYGV1IXBFYubXVp08rGvft4s/4=;

b=kJRh08S8HYcfjXg20+A1WSeiJNd0BoEewVWfMlp36pw1qmhp4FNdfoiJljLmv7NL3W

2yxsqBhM7Xa0fCjLmj6POyvwspsl9MEGzQaJGVAv84Q/BpeSO5ARv8p9eSLp6rOblPJM

BUKXU8gWswwINsoSBB0BIFT0goRhy9l7o7KgZR3RH7FDICdWiLnr14QpzD1RaW7xsCnv

ZncMOlNbcqXgVq5Lop/R0myJ1pSVX4mb492cn51TB2+bOojBK5ukYC3gLeqx0x13uBzZ

e0SfXQgqV2oN7tDaV8qcmk+pVTk4sPEIT0W8hy7xNke29y2vNdzoregSkmRrnzKRtmJp

znJg==

X-Gm-Message-State: AOJu0Yx2tDaYB9XAqjl41Yiuv6/QtD+jfgQkgEEZol1mzaLTLaIN/qiC

TNSKJQEdGs3yJs8OecgxBaXVjy+iTmQT8yvxXjzQN2PygTXZQS+EmLzuUxRvKA/p51V4nzREYKo

eVA49YMVvxA==

MIME-Version: 1.0

X-Received: by 2002:a05:6102:2d0c:b0:602:7acd:ab2e with SMTP id

ada2fe7eead31-602aeacae29mr1019842137.1.1773977225247; Thu, 19 Mar 2026

20:27:05 -0700 (PDT)

Reply-To: cloudsystemnotification@yopmail.com

Message-ID: <00000000000059c12d064d6c429c@google.com>

Date: Fri, 20 Mar 2026 03:27:05 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

From: Cloud System Notification

To: doctor@nl2k.ab.ca

Content-Type: multipart/alternative; boundary="00000000000059c11a064d6c4299"

X-Spam_score: 12.1

X-Spam_score_int: 121

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your mailbox has reached 96% of its storage capacity. Manage

storage or confirm your account. ABCDEFGHIJKLMNOPQRSTUVWXZY0123456789ABCDEFGHIJKLMNOPQRSTUVWXZY0123456789ABCDEFGHIJKLMNOPQRSTUVWXZY01234567

[...]

Content analysis details: (12.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.70 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URI: ni03hfph.com]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: ni03hfph.com]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.70 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.70 listed in sa-accredit.habeas.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.70 listed in wl.mailspike.net]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.70 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.222.70 listed in bl.score.senderscore.com]

1.0 OFFER_URI URI: Offer in link address

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

1.0 ACCT_PHISHING Possible phishing for account information

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

Brand Logo

Your Cloud Storage Is 96% Full

Hello,

Your mailbox has reached 96% of its total storage capacity. This may affect your ability to send or receive new messages and could result in important communications being delayed or lost.

To avoid interruption of service, please take immediate action to free up space or upgrade your storage plan.

Click below to confirm your account status and manage your account prefernces.

96% Used

Get More Storage

Thank You,

Cloud Storage Support Team

To unsubscribe, click here.

Social media follwers spam

Posted by Dave Yadallee on Friday, March 20. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Mar 2026 21:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3QhR-00000000LXU-24ek

for dave@doctor.nl2k.ab.ca;

Thu, 19 Mar 2026 21:39:01 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Mar 2026 21:39:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f71.google.com ([209.85.217.71]:42332)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <3z7G8aQkJBXoYbcjkYsYgekYgj.amkqYjcqli.aY@maestro.bounces.google.com>)

id 1w3PgM-00000000IJH-1yZD

for sales@nk.ca;

Thu, 19 Mar 2026 20:33:58 -0600

Received: by mail-vs1-f71.google.com with SMTP id ada2fe7eead31-5ffba307845so12425076137.1

for ; Thu, 19 Mar 2026 19:32:53 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1773973967; x=1774578767; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=nkdlNbnNDtlO4bMiofEaafkPrewgHrMA7D1ptDlncray6CUgJzI2LbvblOVcAFZ8mI

bOQOagvK/AxK2EDi2AgGaoALArobjyM/XoLvD6R8wArUoO0QkmLoPIPmo18jEaWuFN7Z

+th3FbtnDWec0ExUc2FPeslyIL55P2g4Tvs1P+v9mslKbfyOTfgQpdxrnlK2kgsx+BKs

muhGiO+Rgjr7TmVfvsZiF1WMaSU75rKYL39AIJXLoTacbJ8rG3Ea/cFhhng7I3IhBKbe

7ujXH866LXs4r/eH7O69eDlpvoY/UyUJk+2i0BujisZ8nnuXlf6E0dlUjqVKogbqpqgq

UfUA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773973967; x=1774578767;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=MolHwDvaNZwG3rS8MbR47lTrbl6iyASwACB0zTCV43eOmdTfBnE+vq3bwcrPhmL/8k

A5DhxVLlpVD+Ol+pwYbi+T3KhMKaibhIw0pK1obFV8+gZwgshEVNZ7T+CQSvJdO1C4Dj

uu3JyuwbiHeDp9LZSlwNQ77HsNzQ3OGyYkuE+i3DZ0CU0WKOwSjStPMgsRxPq4eeE/Jh

UQ15Kf1mcQglAwGdIPeWIu0RbdHMQV55ANKkv8b0c56UTFUbwCkppS8zuwBye81jRqwd

qb71UU5C+nSUiyYvkWBkzuY09jx/qOEfSryMKX84LJzCgStIuzEa0lxnwue3VrSNSNEW

32eg==

X-Gm-Message-State: AOJu0YwTQeV0+mI5SGl3spSKwrUNvzsri6xcSXDalV48fK1QOPg+4HSH

Q4pvkMCTMZOIcO6s6n0O2jpjno5F0dFhaVX4DIFpJEliNQq8epskeJAU9vC2y5MX+dQDGrDD4NB

VIkPenw==

MIME-Version: 1.0

X-Received: by 2002:a05:6102:4b89:b0:602:79ed:e5c5 with SMTP id

ada2fe7eead31-60295f7ebf1mr3078832137.15.1773973967163; Thu, 19 Mar 2026

19:32:47 -0700 (PDT)

Message-ID:

Date: Fri, 20 Mar 2026 02:32:47 +0000

Subject: daveyadallee, Get More 10,000 Instagram Followers

From: adelmauai@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 9.5

X-Spam_score_int: 95

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, daveyadallee, Get More 10,000 Instagram Followers Sorry

to interrupt your time. We offer social media services, If you're interested,

please visit our Website. If you're not interested, please skip this step.

Content analysis details: (9.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

[209.85.217.71 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.217.71 listed in dnsbl.ahbl.org]

[209.85.217.71 listed in dnsbl.ahbl.org]

[209.85.217.71 listed in dnsbl.ahbl.org]

[209.85.217.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.217.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.217.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.217.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.217.71 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: instatool.site]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.217.71 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[adelmauai(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.71 listed in wl.mailspike.net]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

Subject: {SPAM?} daveyadallee, Get More 10,000 Instagram Followers

Hi, daveyadallee, Get More 10,000 Instagram Followers

Sorry to interrupt your time.

We offer social media services,

If you're interested, please visit our Website.

If you're not interested, please skip this step.

We will help you increase your social media presence to another level.

( Threads, Instagram, Twitter, Youtube, Facebook, etc. )

Are you interested in a free trial ?

Special For You Bonus Extra $2 - $5 FREE BALANCE TODAY SIGNUP NOW..!!!

GET 100K Followers Instagram NOW !!!

Order here :

[ https://instatool.site/services/?daveyadallee ]

Take free trial service today only...!!

10 -101K Instagram Followers

- Instant Start

- Safest Methods

- Privacy Protection

- Speed 200K Followers/day

- High Quality Followers

- Drop-Back Guarantee

- Trusted Seller testimony

- Starting get 100K Followers Instagram

- Guaranteed to be the cheapest

Thank you,

Regards,

Copyright © 2014 - 2026 instatool.site

Social Media Promotion spam From Google Gmail

Posted by Dave Yadallee on Friday, March 20. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Mar 2026 21:39:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3QhN-00000000LWB-1Dk1

for dave@doctor.nl2k.ab.ca;

Thu, 19 Mar 2026 21:38:57 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Mar 2026 21:38:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f71.google.com ([209.85.160.71]:46129)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <3mbG8aQsJBUQzgxojoyg9DEmsgor.iusygrkytq.ig@maestro.bounces.google.com>)

id 1w3PfY-00000000IBq-0JJF

for sales@nk.ca;

Thu, 19 Mar 2026 20:33:07 -0600

Received: by mail-oa1-f71.google.com with SMTP id 586e51a60fabf-40450320b4fso9137975fac.0

for ; Thu, 19 Mar 2026 19:32:00 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1773973914; x=1774578714; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=MKzdAlZLh13HNZLzhtFyj99E8qPGEwu4ybESZNHmLWZMj5o9jg2kL3KOk80CRvjtbT

4CBxIoOAgTydLfwZhZzQqsoLkt9J3tRtPCaCYHyVZsLtwpoEehzCwIGQu+rB3kdvDqcs

GQaKDecjUdjyOwFpr2ISrcAYQ3u+QhLPigWCkh51j+3CfmNE2RfSbUF1SuFCehXEW2Kp

/3cswzaM5vqJ9r2hgZwvz3vpk4E4TzNr/RpE/HVmoeQ6YI4ETVRMRRZb3zqdUKAqpLob

Oa/qESxcdT83+hkofP4wGgxVIyPwHFhDK+fOo4EorRYpFkb+96WCoF9BuQIcQ0lOqk0X

rjMg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773973914; x=1774578714;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=ZJdlhgWmRXvHnCtuDraaS88prupyiaZawnHfdDEVSbRQq102cZ9SMFWVfLAaiW7tTf

Ks+lW/gY+jXEjJ7piXKtS/eXx9GzvKJnVTHif0YwXv9uAwd1LopB6M3j8oonpTmF28Ml

pvx7EIAgwqY2upoQcKWGko1ZqppTubqfToan//BRuEE428cj1luM4jsWeW3dbHEUsvjy

TzV9oDNb84nRJOA1mKowE0zEEuVSsmKW299C/vhfHkuHkWqIOaErJs4Y9etu9dpCTc/g

FreTmoFJ/YVaWQgaDFKFE+QOwUebnKtB/q5jk1BRKUDwZroskiZeltjpDluDDlbS/d58

XCyQ==

X-Gm-Message-State: AOJu0YzM5aIAXJtWGe48ttEOo8vUtO2a+OkcHd+UYfzEOgR0DhIGwBWb

XszkXOVTcBWhMe1Uo1VKZHRy7xk8BGLJWHsAb1B9MhBR3qOYfSL4L2ymYnQbEdudH7/jIn8r6cX

uEsOCGw==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:6ae5:b0:67c:2215:ee3b with SMTP id

006d021491bc7-67c22f6792bmr1216057eaf.47.1773973913858; Thu, 19 Mar 2026

19:31:53 -0700 (PDT)

Message-ID:

Date: Fri, 20 Mar 2026 02:31:53 +0000

Subject: daveyadallee, Get More 10,000 Instagram Followers

From: taridisa378@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 11.4

X-Spam_score_int: 114

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, daveyadallee, Get More 10,000 Instagram Followers Sorry

to interrupt your time. We offer social media services, If you're interested,

please visit our Website. If you're not interested, please skip this step.

Content analysis details: (11.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

[209.85.160.71 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.71 listed in dnsbl.ahbl.org]

[209.85.160.71 listed in dnsbl.ahbl.org]

[209.85.160.71 listed in dnsbl.ahbl.org]

[209.85.160.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.71 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.71 listed in list.dnswl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: instatool.site]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[taridisa378(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.71 listed in wl.mailspike.net]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.71 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.160.71 listed in bl.score.senderscore.com]

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} daveyadallee, Get More 10,000 Instagram Followers

Hi, daveyadallee, Get More 10,000 Instagram Followers

Sorry to interrupt your time.

We offer social media services,

If you're interested, please visit our Website.

If you're not interested, please skip this step.

We will help you increase your social media presence to another level.

( Threads, Instagram, Twitter, Youtube, Facebook, etc. )

Are you interested in a free trial ?

Special For You Bonus Extra $2 - $5 FREE BALANCE TODAY SIGNUP NOW..!!!

GET 100K Followers Instagram NOW !!!

Order here :

[ https://instatool.site/services/?daveyadallee ]

Take free trial service today only...!!

10 -101K Instagram Followers

- Instant Start

- Safest Methods

- Privacy Protection

- Speed 200K Followers/day

- High Quality Followers

- Drop-Back Guarantee

- Trusted Seller testimony

- Starting get 100K Followers Instagram

- Guaranteed to be the cheapest

Thank you,

Regards,

Copyright © 2014 - 2026 instatool.site

Web/SEO/App Spam from Google Gmail

Posted by Dave Yadallee on Thursday, March 19. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Mar 2026 16:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3LpX-00000000LjQ-24fQ

for dave@doctor.nl2k.ab.ca;

Thu, 19 Mar 2026 16:27:03 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Mar 2026 16:27:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f196.google.com ([209.85.214.196]:60603)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3KGo-00000000HpP-2rRo

for sales@nk.ca;

Thu, 19 Mar 2026 14:47:16 -0600

Received: by mail-pl1-f196.google.com with SMTP id d9443c01a7336-2b0603ee486so9766355ad.0

for ; Thu, 19 Mar 2026 13:46:20 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=weba2zsolution-com.20230601.gappssmtp.com; s=20230601; t=1773953174; x=1774557974; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=WhFteZrbRzUIjXSuSLiCQ2bQxI5lHkqrSLs6LCZbQxI=;

b=tPGKTldvajZcKMASaWiGAzUMvMuW9JTgEIBPS/9NLTHkHwh8eypGi3Ks20rJ4HANkG

p//7nEGnvq2gfevuPfsy0x9HgF6zXBRQ2wek0zCo6OS+Z5WSAvpncEopen6bpWGuM00N

rHsIj1Odul3Qc4b0KowJSYVr6ALegKVkkmaDkEYPXcN7oFLhhxVQFtKwir5rJiHc7lx1

qrOc20Jmh1EPx2tXfu70jwTIPoJgt42FLUOcpD257fxR0ydsX7g8r+/XFzCjJU/9kDZn

KITpFYt0SnWiHzDjjuMt0zL33j6fz7nWr1NLyYROfXdkkg1UN0TSq0N3xlJrgRckB+G9

aB4Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773953174; x=1774557974;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=WhFteZrbRzUIjXSuSLiCQ2bQxI5lHkqrSLs6LCZbQxI=;

b=nWeLPbpshCpBlE4JEARaT2+YVe7YF/e2ImBxWbev0TaQHYMAk1eAs73w9OEACdvoTT

F5gCo9se+jWF+BqUBSwUlAiH2LIrQRvQYtQMym9tRiwHUrhXTpSFVTn/5LafmlJgWwBj

TNbCOyh+sDfxbGFX8uJmxpEdcOoIAsjIv/ToQjA3Jqnx9ntW5lpCf50AhikSbqA7q8s5

Ge2qRHFkVNU35VR77S3iyEkvSqo4s4N+VA4+YHIMlv56EYNE6phK4z1je9wSNbHDWzt5

x1olTCnJZAlcXnzy8EoddumjWK7uVT7gMsBIpr2X/rEh8NVooDdDWei68ndpSYfp5Kw9

Oavg==

X-Gm-Message-State: AOJu0YxIqNa8oMYe6RcQhMQvFLiw8xYAAkxrF9EbjNCGkcarA1u5hLiS

E0BN8kH2Sf0rRCBA8fGe+wlVoONIbOoYJU46D8qfwDBUsqQedSdtjrXA8WCaK8a1LgxBp7i5rwz

8N7EAwFg=

X-Gm-Gg: ATEYQzzU9PWd2nYdzJLlOtt1AOE2IJowbAnrkbk4SewHrzMknkD99U1hKsW71f/7gtv

FH2BJc1iTagcV1+MAuJ+zWkXCLIP11nEksoQgzVoDrd77TSPhoDlnvAdQiZROK8wiYJ/y2LYhpZ

M6p0CchCbR5uo0jJkMJq2DJIoKCHvIFH60QOECgDxvSsRlR7wA2Rk1r1rbEBnI/C554ZSF28zT6

TND6DfEKCHU6gpqet0XS77vMfIt+MUAEWuaOwDolpBDrw9MYwDEeOQV+eHtRz4fdnDS8WlqJPJZ

Up3K/RifD0wYmr5TedkGSP8AmfiRvjEFTd9NGGfk3aoQDt1wO5cM+238g/arPRbjsdx8bICrrSm

d36Qsilvre1ftBJucz/X2vJJQimskLg5AAZIw2d0a3dQ1Zff+tl5qKHqXlrgVmHtPs371QrLBbl

m6rmB32soa01/dVe19JimIgW92+k5d

X-Received: by 2002:a17:903:8c7:b0:2b0:5d60:7f43 with SMTP id d9443c01a7336-2b0826b89fbmr4666105ad.8.1773953173682;

Thu, 19 Mar 2026 13:46:13 -0700 (PDT)

Received: from dell ([2401:4900:1f38:7203:884:fba3:81d0:88cc])

by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b083655b81sm814705ad.41.2026.03.19.13.46.12

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Thu, 19 Mar 2026 13:46:13 -0700 (PDT)

From: "vijay"

To:

Subject: Quote?

Date: Fri, 20 Mar 2026 02:09:40 +0530

Message-ID: <6e1c01dcb7e1$6a540c90$3efc25b0$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_6E1D_01DCB80F.840C4890"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Ady32lSCOSNTnoQZSqmv8KhZKvBJgw==

Content-Language: en-in

This is a multi-part message in MIME format.

------=_NextPart_000_6E1D_01DCB80F.840C4890

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Hi sales@nk.ca,

I'm an SEO expert, and I'd love to discuss your website's optimization. I

can also share a customized quote based on your requirements.

Would you be available for a quick chat on WhatsApp or Skype? Please let me

know a convenient time.

Kind regards,

vijay

------=_NextPart_000_6E1D_01DCB80F.840C4890

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">

class=3DWordSection1>

Hi sales@nk.ca,

I’m an SEO expert, =

and I’d love to discuss your website’s optimization. I can =

also share a customized quote based on your requirements.

Would =

you be available for a quick chat on WhatsApp or Skype? Please let me =

know a convenient time.

Kind regards,
vijay

class=3DMsoNormal>

------=_NextPart_000_6E1D_01DCB80F.840C4890--

Geek squad phish from Google Gmail Part 3

Posted by Dave Yadallee on Thursday, March 19. 2026

Geek squad phish from Google Gmail Part 4

Posted by Dave Yadallee on Thursday, March 19. 2026

/InformAction">
mprop=3D"object" itemscope itemtype=3D"http://schema.org/Event">
rop=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>
mprop=3D"publisher" itemscope itemtype=3D"http://schema.org/Organization"><=

meta itemprop=3D"name" content=3D"Google Calendar"/>
=3D"eventId/googleCalendar" content=3D"B92ZEtOz91NLGQaazYP76OB2ej"/>
tyle=3D"display: none; font-size: 1px; color: #fff; line-height: 1px; heigh=

t: 0; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidden;"=

itemprop=3D"name">GSINV1525274 update now accessible
en=3D"true">
me><=

table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation=

" align=3D"center" style=3D"width:100%;" class=3D"body-container">
r>

aria-hidden=3D"true">

sentation" align=3D"center" style=3D"width:100%;" class=3D"">
style=3D"" class=3D"" align=3D"left">
hema.org/EmailMessage">

Order now includes a new=

update

=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" style=3D"wi=

dth:100%;" class=3D"">

rder-radius: 8px; direction: rtl; font-size: 0; padding: 24px 32px; text-al=

ign: left; vertical-align: top;" class=3D"main-container-inner">

ign: left; direction: ltr; display: inline-block; vertical-align: top; widt=

h: 100%;overflow: hidden; word-wrap: break-word;">
adding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%" class=

=3D"main-column-table-ltr" style=3D"padding-right: 32px; padding-left: 0;;t=

able-layout: fixed;">

ng:0; vertical-align:top;">
g=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-layout: fixed;"=

>

reak-word;;padding-bottom:2px;">

', Roboto, sans-serif;font-weight: 400; font-size: 22px; line-height: 2=

8px;color: #3c4043; text-decoration: none;" class=3D"primary-text" role=3D"=

presentation">GSINV1525274 update now accessible
pan>

left; word-break: break-word;;padding-bottom:24px;">

ly: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14p=

x; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration=

: none;" class=3D"primary-text" role=3D"presentation">
true">
me itemprop=3D"endDate" datetime=3D"20260320T090954Z">F=

riday Mar 20, 2026 =E2=8B=85 5:09am (Eastern Time - New York)

<=

/td>

break: break-word;;padding-bottom:24px;">

sans-serif;font-style: normal; font-weight: 400; font-size: 14px; line-hei=

ght: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;" cl=

ass=3D"primary-text" role=3D"presentation">Receipt Date: Friday, 20 M=

arch 2026
Receipt number: GSINV1525274

Renewal is now complete and act=

ive

Account Update,

We appreciate your continued association wi=

th Geek Squad for Two Years. Your membership has been successfully renewed,=

and we thank you for your trust.

Inventory Management Hub-
Renewa=

l Date: Friday, 20 March 2026
Amount Paid: USD412.88
Activation Key: =

3c249867-b611-43f1-98e4-249b4279af32
Item Purchased: PremiumShield Cover=

age
Support Duration: Two Years Warranty
Customer ID: MCHWIQ8O2H5N0R<=

/p>

No further action is required unless you wish to make changes. For as=

sistance, please contact us at Helpdesk: { 1-808- 221-0492 }.

Many th=

anks,
Geek Squad
Helpdesk: { 1-808- 221-0492 }
Manager: Ryker Rodr=

iguez
Project Management: 300 Taylor Rowland Road - Po Box 1160 Port Cha=

rlotte Fl 33954-1046 Us

"Receipt Date: Friday, 20 March 2026

Receipt number: GSINV1525274

Renewal is now complete and active

Account Update,

We appreciate your continued association with Geek Squad for Two Years. You=

r membership has been successfully renewed, and we thank you for your trust=

.

Inventory Management Hub-

Renewal Date: Friday, 20 March 2026

Amount Paid: USD412.88

Activation Key: 3c249867-b611-43f1-98e4-249b4279af32

Item Purchased: PremiumShield Coverage

Support Duration: Two Years Warranty

Customer ID: MCHWIQ8O2H5N0R

No further action is required unless you wish to make changes. For assistan=

ce, please contact us at Helpdesk: { 1-808- 221-0492 }.

Many thanks,

Geek Squad

Helpdesk: { 1-808- 221-0492 }

Manager: Ryker Rodriguez

Project Management: 300 Taylor Rowland Road - Po Box 1160 Port Charlotte Fl=

33954-1046 Us"/>

text-align: left; word-break: break-word;;padding-bottom:24px;">

=3D"font-family: Roboto, sans-serif;font-style: normal; font-weight: 400; f=

ont-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; te=

xt-decoration: none;" class=3D"primary-text" role=3D"presentation">
order=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=

=3D"padding-bottom: 4px;">
able>(Guest list has been hidden at organizer's request)
able>

size: 14px;color: #3c4043; text-decoration: none;font-weight: 700;-webkit-f=

ont-smoothing: antialiased;margin: 0; padding: 0;">Guests

dy>

--000000000000752b81064d66280d--

Geek squad phish from Google Gmail Part 2

Posted by Dave Yadallee on Thursday, March 19. 2026

#outlook a {

padding: 0;

}

.ReadMsgBody {

width: 100%;

}

.ExternalClass {

width: 100%;

}

.ExternalClass * {

line-height: 100%;

}

table,

td {

mso-table-lspace: 0pt;

mso-table-rspace: 0pt;

}

img {

border: 0;

height: auto;

line-height: 100%;

outline: none;

text-decoration: none;

-ms-interpolation-mode: bicubic;

}

p {

display: block;

margin: 13px 0;

}

=20

=20

=20

=20

Geek squad phish from Google Gmail Part 1

Posted by Dave Yadallee on Thursday, March 19. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 19 Mar 2026 16:27:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3LpM-00000000Lhl-1HDH

for dave@doctor.nl2k.ab.ca;

Thu, 19 Mar 2026 16:26:52 -0600

Resent-From: The Doctor

Resent-Date: Thu, 19 Mar 2026 16:26:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f74.google.com ([209.85.161.74]:52615)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3JiV-000000008Ua-0DEG

for doctor@nl2k.ab.ca;

Thu, 19 Mar 2026 14:11:48 -0600

Received: by mail-oo1-f74.google.com with SMTP id 006d021491bc7-67c0da9bd62so22529100eaf.1

for ; Thu, 19 Mar 2026 13:10:27 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1773951021; x=1774555821; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=wZHO9L9PAnSj5HGbqvvTpAlirlJquRqwYDjz6CTQZ+A=;

b=Agy7fiLeBsxVj/Ky+OvEVsC2qNPI64mW23h/vBE5AvLRCF6LiYUA8D5pJm55nw2AKn

tU16JTeI9Z2wnSH70sMiyzJQ2CxJZ6hBUPPlPtZhroFdRCEIygJU5k1BhAtOxmX7Bmnp

twxc9pIJkOu1X8NY1SC+Rsv61sf0dJhjXQJWl7CqPlsXY197a6piyPmqXcmFnBJS2sQO

tJYyMAGqSZuyNkZpRXAfn+QaB0LsQV6//u4KN26U9UfdK89eUrZWZBekarpC/2TyMJLO

4e8o0F+Zta3N9U8fX1QaK/lkD9q+wcaylxRKkJWcsCBwcKuYUIfW0ZyC47flBI3w75mL

cnMA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=sainisch-com.20230601.gappssmtp.com; s=20230601; t=1773951021; x=1774555821; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=wZHO9L9PAnSj5HGbqvvTpAlirlJquRqwYDjz6CTQZ+A=;

b=lHq3KWZrfHrDz6i9wXNZ+bXKGOsj8YVaAhDQRA3utvut9KKOOmRMnu/wCuddVHyIbx

9UawB4m8I3y6aSQKutbf4yOaTh9S0Z24d30LYzvk71w+WTavvAi320k2rRaz/c3+I3m2

rFQnUjmkPQi8XPoRgACD+4nj2Uy3OHkl1PnsvfqRA1SylwJLCpdJtI3RtMJOh46B73/6

j2zWi8t8HPz+zyS3+aseg91UF9U+3Tom2yYA5h3pVSeBZCyd5R8+nLOUGHyqGYwOsRae

vhpcBIC9KycrPODRl5SyknaBsd6cu45WECFXfkGFFzMYAf8OAhAyao4X5V7txw6Oa0tB

m8GQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773951021; x=1774555821;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=wZHO9L9PAnSj5HGbqvvTpAlirlJquRqwYDjz6CTQZ+A=;

b=HQohUTLqPrNtWw8rUNg78ob8S1lsPwNn4WbbFvFnC0ykKr1FHikobYEqEKBQESuyNg

X5W44QkELgvHfRaMtiOqn/VdPH4NpT10PTkDKtqH7i5QLBTlOWOr/TdHxi/3DMEiPuOA

G3+uUawRGtnKh9kt6iz9sRfRZ4hWpExv/yOppu4S/vSgV8EnaBbpeUd74qt3u4thRMbf

xM/3xbdjC0rS3tFyW8KpJ1NtzEsPQIE7NBnB0cd0DiqCkpdzhFg6rfhQy9A6Weapdqzm

mbjpXRxVPJYCx5nzBUVilfhvbYWzcDns0qWuhNr8QXWCpFgkuBpUJuKtl/3QDo+NXSkh

dMxg==

X-Forwarded-Encrypted: i=1; AJvYcCWrG6Z5YfmQtJ3QTx4lQaBje6vSkVu7IoQqRADigNH3IiUTFUXt5KybtXGKdc0mdERuEtKNiZA=@nl2k.ab.ca

X-Gm-Message-State: AOJu0Yzk+BSzPi5COX5OAtBy+TIfsy5Fjkdi4w1BTxsqUIYEuXcBA+H6

VyRTp+EKiMsCahNfAW+YVPTua0B5pzDYsn2meb2PxgzbHZ9OpzwU+GDB3Zx3SrDcdhDDtYS93vp

jGlBPvNwIGlr5XcU9mi+LbhIwIUmi8abANYM9U+7J7KaYlA==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:4de9:b0:67c:170c:d90a with SMTP id

006d021491bc7-67c22f856aamt749641eaf.33.1773951020442; Thu, 19 Mar 2026

13:10:20 -0700 (PDT)

Reply-To: Johnny Ramirez

Sender: Google Calendar

Message-ID:

Date: Thu, 19 Mar 2026 20:10:21 +0000

Subject: Order now includes a new update

From: Johnny Ramirez

Content-Type: multipart/alternative; boundary="000000000000752b81064d66280d"

X-Spam_score: 12.8

X-Spam_score_int: 128

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Order now includes a new update GSINV1525274 update now accessible

Friday Mar 20, 2026 â‹… 5:09am Eastern Time - New York Receipt Date: Friday,

20 March 2026 Receipt number: GSINV1525274

Content analysis details: (12.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.74 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.9 REPLYTO_WITHOUT_TO_CC No description available.

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Order now includes a new update

--000000000000752b81064d66280d

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

T3JkZXIgbm93IGluY2x1ZGVzIGEgbmV3IHVwZGF0ZQ0KDQpHU0lOVjE1MjUyNzQgdXBkYXRlIG5v

dyBhY2Nlc3NpYmxlDQpGcmlkYXkgTWFyIDIwLCAyMDI2IOKLhSA1OjA5YW0NCkVhc3Rlcm4gVGlt

ZSAtIE5ldyBZb3JrDQoNCg0KDQpSZWNlaXB0IERhdGU6IEZyaWRheSwgMjAgTWFyY2ggMjAyNg0K

UmVjZWlwdCBudW1iZXI6IEdTSU5WMTUyNTI3NA0KDQpSZW5ld2FsIGlzIG5vdyBjb21wbGV0ZSBh

bmQgYWN0aXZlDQoNCkFjY291bnQgVXBkYXRlLA0KDQpXZSBhcHByZWNpYXRlIHlvdXIgY29udGlu

dWVkIGFzc29jaWF0aW9uIHdpdGggR2VlayBTcXVhZCBmb3IgVHdvIFllYXJzLiAgDQpZb3VyIG1l

bWJlcnNoaXAgaGFzIGJlZW4gc3VjY2Vzc2Z1bGx5IHJlbmV3ZWQsIGFuZCB3ZSB0aGFuayB5b3Ug

Zm9yIHlvdXIgIA0KdHJ1c3QuDQoNCkludmVudG9yeSBNYW5hZ2VtZW50IEh1Yi0NClJlbmV3YWwg

RGF0ZTogRnJpZGF5LCAyMCBNYXJjaCAyMDI2DQpBbW91bnQgUGFpZDogVVNENDEyLjg4DQpBY3Rp

dmF0aW9uIEtleTogM2MyNDk4NjctYjYxMS00M2YxLTk4ZTQtMjQ5YjQyNzlhZjMyDQpJdGVtIFB1

cmNoYXNlZDogUHJlbWl1bVNoaWVsZCBDb3ZlcmFnZQ0KU3VwcG9ydCBEdXJhdGlvbjogVHdvIFll

YXJzIFdhcnJhbnR5DQpDdXN0b21lciBJRDogTUNIV0lROE8ySDVOMFINCg0KTm8gZnVydGhlciBh

Y3Rpb24gaXMgcmVxdWlyZWQgdW5sZXNzIHlvdSB3aXNoIHRvIG1ha2UgY2hhbmdlcy4gRm9yICAN

CmFzc2lzdGFuY2UsIHBsZWFzZSBjb250YWN0IHVzIGF0IEhlbHBkZXNrOiB7IDEtODA4LSAyMjEt

MDQ5MiB9Lg0KDQpNYW55IHRoYW5rcywNCkdlZWsgU3F1YWQNCkhlbHBkZXNrOiB7IDEtODA4LSAy

MjEtMDQ5MiB9DQpNYW5hZ2VyOiBSeWtlciBSb2RyaWd1ZXoNClByb2plY3QgTWFuYWdlbWVudDog

MzAwIFRheWxvciBSb3dsYW5kIFJvYWQgLSBQbyBCb3ggMTE2MCBQb3J0IENoYXJsb3R0ZSBGbCAg

DQozMzk1NC0xMDQ2IFVzDQoNCk9yZ2FuaXplcg0KSm9obm55IFJhbWlyZXoNCmpvaG5ueXJhbWly

ZXoxMDA2QHNhaW5pc2NoLmNvbQ0KDQpHdWVzdHMNCihHdWVzdCBsaXN0IGhhcyBiZWVuIGhpZGRl

biBhdCBvcmdhbml6ZXIncyByZXF1ZXN0KQ0KDQo=

--000000000000752b81064d66280d

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

size: 14px;color: #3c4043; text-decoration: none;font-weight: 700;-webkit-f= ont-smoothing: antialiased;margin: 0; padding: 0;">Guests

size: 14px;color: #3c4043; text-decoration: none;font-weight: 700;-webkit-f=

ont-smoothing: antialiased;margin: 0; padding: 0;">Guests