Amazon Phishing from globconnex.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 12:50:06 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYUR7-00000000FrW-2Ucx

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 12:50:01 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 12:50:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.177.238.69] (port=46145 helo=as-hawe-lire-i.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1uYU2L-00000000CDg-24LM

for sales@netknow.ca;

Sun, 06 Jul 2025 12:24:33 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;

h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=sales@netknow.ca;

bh=JwKVWbHk8SqRGaL0lJzFecwze+0=;

b=dUXF90NRR+oHb7RefB2koKKyY4iijBYreVL/xMGFwh0gMdWYeejhWn0XL/NCAHK546upzf+olgW1

jeX1Tscty1O23Mapgr91KArUKSdkYEMQOsKA4Ps9X/cc1d2cFCLM49xpAEhRPnwYN1Z8kelqyU2O

Wt91Sro3F3ilEFyIDaY=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;

b=pbdNReIEjOhTxt5bzpxFy7bAf+cnTj5g1oQOibQMZVvgnA/e5b4qS52EtX4uD5PstbLLcBCI8KP8

7kFn3IwBAMByW0KNQVEPNctQBQHz1ruzHclP9Stzu0lY2KT9P9mJIo2nq2sj31m/8YdD5nBOIs3x

4DrS6BptN7GVwtyZfOo=;

To: sales@netknow.ca

From: =?UTF-8?B?QW1hem9u?=

Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=

Date: Sun, 06 Jul 2025 18:22:10 +0000

Content-Type: text/html



Content-Transfer-Encoding :BASE64

X-Spam_score: 20.3

X-Spam_score_int: 203

X-Spam_bar: ++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started

Early With Our Favorite Deals Amazon's Prime Day sale is now four days long

(July 8-11), which sounds great until you realize that's four days of scrolling

through endless deal pages. We figured you probably have better things to

[...]



Content analysis details: (20.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: 185.174.30.244]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: 185.174.30.244]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 185.174.30.244]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[185.177.238.69 listed in bl.score.senderscore.com]

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8

characters

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=



CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzR2QkZOUDIyNjU3RmxGZzQ0OHNobGR3Z2VmemoxMzUyM1BKSkRHREZNWUlTWEtDRzIwODA0UU1WWDUyNjRWOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80WGl5eGEyMjY1N2RIb1k0NDhiaGJqcGV6a3p6MTM1MjNQR1pWREpIUVdBQUZMRlcyMDgwNEtMSVU1MjY0bzkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRUR2dsaTIyNjU3dmFNZzQ0OGJjcXZtdHViaHcxMzUyM0hJUlFCR1NJVUNPWFFGTDIwODA0TVZDTTUyNjRUOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNXJLSVVyMjI2NTdrS3l2NDQ4d2RubHNxYWFtdDEzNTIzQU9IWUJTR0pJUkJEWklYMjA4MDRDRVdKNTI2NGM5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNub0N6SDIyNjU3c05JbjQ0OHp2ZnpsanVhZ2QxMzUyM0lTVEZHUFJESVhBT0ZKSzIwODA0QkhCRDUyNjRoOSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==

Amazon Phishing from globconnex.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 12:50:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYUR3-00000000Fqi-3J8w

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 12:49:57 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 12:49:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.177.238.69] (port=37847 helo=as-hawe-lire-i.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1uYU2L-00000000CDi-24Oc

for root@nk.ca;

Sun, 06 Jul 2025 12:24:33 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;

h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=root@nk.ca;

bh=kjl2nf2c65vUv4MbBjpWO2I/sgs=;

b=MzEeAmsUN3u9kpUXLwPwBPpEq8L62JTFXUC1Yk1JPC5EfSseMjaKRAGBHVTvvQXW4XInwpi0zzv/

MDYPwgwk/qi47mysvEuP+0WUSDDKm4oGYU+nMa0upEVbl8+2Z2rYrOz44JHKvT2svwTBeU2j4OAA

gAiLMBZHOQaZp6818y8=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;

b=RtwU7a4YVVBNs3B2e6xGVWV6jsoaJO3Dyxsg6sQJjgex4lgsPq+1IhmagEBvt2C/+TeoBvpqtKOY

TSUUNoHezanWoqd2NoUM8PJPVu+gR2b75x8Z/3TX7PgRqdOY/JDXEn0tH+37t1LggTTGDJE/wdhI

x6xdx3ygxeRaeZ758UQ=;

To: root@nk.ca

From: =?UTF-8?B?QW1hem9u?=

Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=

Date: Sun, 06 Jul 2025 18:21:57 +0000

Content-Type: text/html



Content-Transfer-Encoding :BASE64

X-Spam_score: 19.5

X-Spam_score_int: 195

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started

Early With Our Favorite Deals Amazon's Prime Day sale is now four days long

(July 8-11), which sounds great until you realize that's four days of scrolling

through endless deal pages. We figured you probably have better things to

[...]



Content analysis details: (19.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

[185.177.238.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.177.238.69 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

[185.177.238.69 listed in will-spam-for-food.eu.org]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: 185.174.30.244]

0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: 185.174.30.244]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 185.174.30.244]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[185.177.238.69 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[185.177.238.69 listed in bl.score.senderscore.com]

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8

characters

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=



CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRDRXpDaTIyNjU3QWlIbzQ0OHZrdmFzeWxlZ3UxMzUyM0ZMRUNaUklVRkRWQVFOTjE2NDgxRlNIQTUyNjRmOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80eWtLWmYyMjY1N25CWGg0NDhocWZ6emZxcHloMTM1MjNMSVdVQUdaTkVLU1lXRk8xNjQ4MUZLSVI1MjY0STkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRZTFRBazIyNjU3WW1BUjQ0OG9oZ3FheXFkaWIxMzUyM0tMQ1RVV0JBSlpWSEtLQTE2NDgxS0RVUDUyNjRGOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNU5pemxoMjI2NTdkTkdENDQ4aGZoa3F0bW1hdjEzNTIzQUtBVU5VU0pETEJCVlNSMTY0ODFLWFZRNTI2NGg5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNGUmRPcjIyNjU3bGNUVzQ0OHh6ZGtucWRrYncxMzUyM0NISEhBQkhQTkZJVlhXQjE2NDgxVVBaRjUyNjR5OSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==

Nigerian spam from google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 12:47:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYUNO-00000000FGi-2Dkc

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 12:46:10 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 12:46:10 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f177.google.com ([209.85.128.177]:56702)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYOLO-000000009DW-0Ynm

for doctor@nl2k.ab.ca;

Sun, 06 Jul 2025 06:19:51 -0600

Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-70e4043c5b7so17750487b3.1

for ; Sun, 06 Jul 2025 05:17:47 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1751804261; x=1752409061; darn=nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=2qIlu8o72PR5lFjLecb/MsQKrSjE2j2TghTOD9Z1Jp0=;

b=fpdC+TrUeQfT1SCPHd0W7Ra8Yk9DyF37XEo0hd930UV0PddCaOkFC9NQf3c8tZ7aqo

ANjtdVwP4GqtMjro2yTjf+MsKHOu2O0WcHYnDX23NIAdDjc6sWUQDIeTgiJvjzcYgjDn

qTtf5EM5flTC3/oSMHmtteuqm68OlXWLu8vX/O2AFdSz57n3MfH6y5MiIb+E4PJA4Vs1

4Yirx2tiZL3+J8MVhDxsKdKChcNIfev1ULaI982dYaTEGmQxuvYXDHylR4KZjrvU7fHK

YiBUmMbj8nRkIaHP2NcyablyRI/c6zZkZ1K2KgXxCSe3w4G1rDGI6OPVV7qcUrX/ZG4x

NoBQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751804261; x=1752409061;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=2qIlu8o72PR5lFjLecb/MsQKrSjE2j2TghTOD9Z1Jp0=;

b=MJ0c1zqRrYIqMaui4UmUbyeH2bgoSli3rmA7uuT/KsSzDpNb+7Bg9OX4Tly62ZpOP2

YbTb7WDsPc5MK9Teqx7joc5h5Y8wDkdbsOJ1rTb9ZtVzyIHq0WpcHefAUL9igggaoODq

8TDvArdYv4dbhM9a96S7Ja4mjW9OoLyDiBr050YSaoVfKrsluIG/QZtIUIfIH1X8n64j

vrSHmqlAjMYOAx8hcSNXdkE+PccMptjsHOzUp87RFIdnmnWeJ2WMTJ0F3/9bhDZ8SP0U

69I0U+dzJNZGDGuNBBs6IaLaVk0hy/YZPVmWqUhMg/rQ5j6FrIGnhxaWK/BvjXheKoC4

1X5w==

X-Forwarded-Encrypted: i=1; AJvYcCUDe6kB4JDRSnSx/pPwxlnyjbz5ETb/POV7QvF+UtgVezxJX2a1YZH66qf8NDeA+jM/jWZua0A=@nl2k.ab.ca

X-Gm-Message-State: AOJu0YwCwhbBsyTnwKe9KWuczXyfxQ29CQ00g+Gi816PwhOBA5I7CCmO

ui7tKOcx9X5KKaCjnWODZg1AQCNF3aAVN4Jxpy8N6sffTL1+Bc2k1GsyIFHggkYKx8tOZNUVURw

5tRhTwmqKZ/STVa+wAbSwaV7Fi0owi3A=

X-Gm-Gg: ASbGncuzgc8u08LlEbLXQEhrTtvvNXNbdbpAM0p/my96JAaQw0BYJ0q4H4gLZyfX7kK

+Cow9dCKK+ck4gx++Ly52EtUe/8Zydpt7o0CIMvc6ykkFLvchszbjN59uCat7XIC2H/zrx4+koX

gfWv+J7Ibj3DJsvlQ3TPNtVT3tmPIJyWG+elAZ0q76onUPww==

X-Google-Smtp-Source: AGHT+IEmLeZsR/8Ox66mA0eOQ8n9M/7u9wH02mufO9co81g8EdMZfqTcxnEAG7nWN1x9gaB+ymxruC/GbhD3YPlUc30=

X-Received: by 2002:a05:690c:f0a:b0:70e:2d17:84b5 with SMTP id

00721157ae682-7166b3f729dmr108174517b3.0.1751804260870; Sun, 06 Jul 2025

05:17:40 -0700 (PDT)

MIME-Version: 1.0

Reply-To: nonadeboh60@gmail.com

From: Nona Deboh

Date: Sun, 6 Jul 2025 14:17:26 +0200

X-Gm-Features: Ac12FXwA9LibWuh0XcBsEklWv2Y2UkjRJmIeaiOcVEv28iC8rCgZkDGpHgE0S8w

Message-ID:

Subject: From Mrs,Nona Deboh.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000af6e82063941b6db"

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 17.6

X-Spam_score_int: 176

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- From Mrs,Nona Deboh. Dear, I am Mrs,Nona Deboh from israel

a widow to late Mr Daniel Deboh. I am 53 years old, I am a Christian suffering

from long time cancer of the breast, from all indication my conditions is

really deterior [...]



Content analysis details: (17.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.177 listed in dnsbl.ahbl.org]

[209.85.128.177 listed in dnsbl.ahbl.org]

[209.85.128.177 listed in dnsbl.ahbl.org]

[209.85.128.177 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.177 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.177 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.177 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.177 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

[209.85.128.177 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.177 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.177 listed in wl.mailspike.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[nonadeboh60(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[madainamadas(at)gmail.com]

0.9 URG_BIZ BODY: Contains urgent matter

0.6 J_CHICKENPOX_34 BODY: 3alpha-pock-4alpha

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 XFER_LOTSA_MONEY Transfer a lot of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

1.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} From Mrs,Nona Deboh.



--000000000000af6e82063941b6db

Content-Type: text/plain; charset="UTF-8"



--

>From Mrs,Nona Deboh.



Dear,



I am Mrs,Nona Deboh from israel a widow to late Mr Daniel Deboh. I am

53 years old, I am a Christian suffering from long time cancer of the

breast, from all indication my conditions is really deteriorating and

it is quite obvious that I wouldn't live more than three months,

according to my doctors, and in all indication regards to medical

analysis, this is because the cancer stage has gotten to a very bad

stage that no hope for me to be a living person again,



My late husband was killed during the France raid against terrorism in

Ivory Coast, and during the period of our marriage we could not

produce any child, my late husband was very wealthy and after his

death, I inherited all his business and wealth. the doctors has

advised me that I may not live for more than Four months, so I now

decided to divide the part of this wealth, to contribute to the

development of the church in America, Africa, Asia and Europe

especially create solution to problem of less privileged ones and

orphanage homes.



I selected you after visiting the website I prayed over it; I am

willing to donate the sum of US$2.5 million dollars, to the less

privileged. Please I want you to note that the fund is lying in a bank

in Ivory Coast and upon my instruction will file in an application for

the transfer of the money in your name.



Lastly, I honestly pray that this money when transferred will be used

for the said purpose even though I am late then, because I have come

to find out that wealth acquisition without Christ is vanity and I

made the promise to God that the fund will be use to build his temple.

May the grace of our lord Jesus the love of God and the fellowship of

God be with you and your family I await urgent reply.



God blesses you.

Mrs Nona Deboh.



--000000000000af6e82063941b6db

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable






ature_prefix">--

-smartmail=3D"gmail_signature">From Mrs,Nona Deboh.

Dear,

I a=

m Mrs,Nona Deboh from israel a widow to late Mr Daniel Deboh. I am
53 ye=

ars old, I am a Christian suffering from long time cancer of the
breast,=

from all indication my conditions is really deteriorating and
it is qui=

te obvious that I wouldn't live more than three months,
according to=

my doctors, and in all indication regards to medical
analysis, this is =

because the cancer stage has gotten to a very bad
stage that no hope for=

me to be a living person again,

My late husband was killed during t=

he France raid against terrorism in
Ivory Coast, and during the period o=

f our marriage we could not
produce any child, my late husband was very =

wealthy and after his
death, I inherited all his business and wealth. th=

e doctors has
advised me that I may not live for more than Four months, =

so I now
decided to divide the part of this wealth, to contribute to the=


development of the church in America, Africa, Asia and Europe
especi=

ally create solution to problem of less privileged ones and
orphanage ho=

mes.

I selected you after visiting the website I prayed over it; I a=

m
willing to donate the sum of US$2.5 million dollars, to the less
pr=

ivileged. Please I want you to note that the fund is lying in a bank
in =

Ivory Coast and upon my instruction will file in an application for
the =

transfer of the money in your name.

Lastly, I honestly pray that thi=

s money when transferred will be used
for the said purpose even though I=

am late then, because I have come
to find out that wealth acquisition w=

ithout Christ is vanity and I
made the promise to God that the fund will=

be use to build his temple.
May the grace of our lord Jesus the love of=

God and the fellowship of
God be with you and your family I await urgen=

t reply.

God blesses you.
Mrs Nona Deboh.




--000000000000af6e82063941b6db--

Nigerian spam from google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 05:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYNPT-000000000kr-0o5p

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 05:19:51 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 05:19:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qt1-f181.google.com ([209.85.160.181]:56493)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYNH0-00000000PGE-30am

for doctor@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 05:11:16 -0600

Received: by mail-qt1-f181.google.com with SMTP id d75a77b69052e-4a774209cf0so26022821cf.0

for ; Sun, 06 Jul 2025 04:09:16 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1751800150; x=1752404950; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=e2Rq/Ms35lzhkSf73D6JgroI30807rm58QmQyWDEPY8=;

b=U8dmO1hF6mt0jBO0GSn2x8ZQ/GlzQOpc7I0GcaoTbhT5eKV+ftos9/+Dq9MxZknKWo

5WPC3Qh9wpgb9LijuWeaM6JLNFlLxZ6Iu2oG9cwesYMrG9Y1N/r4mqd/U6ORl3taiYqS

Vj94ijeO940/eGD2jcrTwEb1r2ba4TtZdXbaELx7oj2xag3lVuXTo/6U9rwVHi1pDD62

I9ykn9/h7+g2jmnO9O3aauA3CqygjWG66Ua1ZS1VBz1g8THKlS1LhLmZJ7a8c1HsgKAg

OWH/f4VBDi3JqJtYrGbaxJmmePUtwrMuEAalZwlUdJhYck53SiQVN1ZPn7XFp9WyrkWX

2ceg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751800150; x=1752404950;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=e2Rq/Ms35lzhkSf73D6JgroI30807rm58QmQyWDEPY8=;

b=vysiDS48sb7zeatoDvwZsIvKjlj9q42mJaEPrDW168HP/HHlfLixgLzrhXQ3cKktKK

BTsr7jNpzsYgZ037xIi8SfHLxFAP3amUhA2ZsKiN4U0UMjsw6M//0VDJnBr7+BfJCcRi

SnMD1Wwcw8QMKouDTlNdXzB1dcUL6H9/GQWmnYzcfdGk8mMt79z1un7I1K9J9egAN2sH

9hjAxjiQqgqZMUhGq1pMCz099msWlLbob9odeg2Vnou/IupGcZYu43wEYizNV9oVxx5v

sbLHKAo+sWz2OdrgdYoeVYm4JqH6Vmzz86BwyNkYO4QaF+YpZmuEF0jWTbvTUbOjyJXp

xV1A==

X-Forwarded-Encrypted: i=1; AJvYcCXER40n4BTJsAFt6GuwtTbRdmqxJzizmODuB7rb6o44JPZ6j/WPOphE7q1ujOy54JxYkfg3dng=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YwaSvkioIs3Jjp9xl455ivkpW34OvkpxXLCWbxQ4LZwUV58pRhk

drqioIdrLUD9w4DqocF92T7KY2CLKGn5GGbq0ff4JOpgsnTmRrQof9tXzzVKHiVcqWktqjhYumk

WLzrpZJ7vD05HuVk5CAe6ebd0TjVVMf4lUskJfWc=

X-Gm-Gg: ASbGnct/Ptz8gwmUSK2NIVF1QRBHzm+vawqrPjczekJaBECL1WFrI45pgr7Yldm+Sb/

gU06947tc7DNfZh6uzc3sXdG0k5FInyH08iaM6VMh+SFRsRCB3cEafE7bRTjkf4jK1mPO2MuUOH

xv4tL+3Nh9CctIeyUG1l4W1xZ9F0LvSPWM7drzep5v4zGXLXkOTCiC+BBLtq+jMPfJrFsKFPDWR

7wfviKARqnOafs=

X-Google-Smtp-Source: AGHT+IGpmeGgXPHTJOwPPK3B/FN4fjZNy9WFMHkJRpeKZdvMjgmvp4otGpo5crhEG3KuQ3TRo1N48qufhp7pLRGoAb4=

X-Received: by 2002:a05:690c:6d05:b0:70e:5eda:4941 with SMTP id

00721157ae682-7166b6cc2demr100375777b3.23.1751799446884; Sun, 06 Jul 2025

03:57:26 -0700 (PDT)

MIME-Version: 1.0

Reply-To: ibrahim.1moustapha@protonmail.com

From: Ibrahim Moustapha

Date: Sun, 6 Jul 2025 10:57:16 +0000

X-Gm-Features: Ac12FXxDWhjrkYS8eabS9fUMw9sZqE5_NQkfN6XN918xlApQrvXd1m68_AdwuJw

Message-ID:

Subject: HELLO

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000bfd5a7063940974e"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 19.5

X-Spam_score_int: 195

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, I am Mr. Ibrahim Moustapha from Burkina Faso.

I am sending you an email,because of the latest development in my bank which

I would like to bring you in. This business is worth the sum of Thirteen

Mill [...]



Content analysis details: (19.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.181 listed in dnsbl.ahbl.org]

[209.85.160.181 listed in dnsbl.ahbl.org]

[209.85.160.181 listed in dnsbl.ahbl.org]

[209.85.160.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.181 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.181 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.181 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.181 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.181 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.181 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[dourelarry(at)gmail.com]

2.3 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

0.6 J_CHICKENPOX_57 BODY: 5alpha-pock-7alpha

2.5 MILLION_USD BODY: Talks about millions of dollars

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.181 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.160.181 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.160.181 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_SHARE_50_50 Share the money 50/50

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 SHARE_50_50 Share the money 50/50

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

0.0 T_MONEY_PERCENT X% of a lot of money for you

1.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} HELLO



--000000000000bfd5a7063940974e

Content-Type: text/plain; charset="UTF-8"



Dear Friend,



I am Mr. Ibrahim Moustapha from Burkina Faso. I am sending you an

email,because of the latest development in my bank which I would like to

bring you in. This business is worth the sum of Thirteen Million Three

Hundred Thousand United State Dollars (US13.3Million) and it is real and

legitimate.



In completion of everything, we will share the funds equally. 50% for me

and 50% for you. If you are interested in the deal, kindly contact me for

more details.





Best regards,





Mr. Ibrahim Moustapha



--000000000000bfd5a7063940974e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Dear Friend,

I am Mr. Ibrahim Moustapha from Burkin=

a Faso. I am sending you an email,because of the latest development in my b=

ank which I would like to bring you in. This business is worth the sum of T=

hirteen Million Three Hundred Thousand United State Dollars (US13.3Million)=

and it is real and legitimate.=C2=A0

In completion of everything, w=

e will share the funds equally. 50% for me and 50% for you. If you are inte=

rested in the deal, kindly contact me for more details.


Best reg=

ards,


Mr. Ibrahim Moustapha




--000000000000bfd5a7063940974e--

Fedex phish from sendgrid

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 04:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYMfN-00000000K18-0Av5

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 04:32:13 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 04:32:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wrqvnvpf.outbound-mail.sendgrid.net ([149.72.40.63]:62788)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYIIi-00000000C1e-27Vg

for doctor@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 23:52:40 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;

h=content-transfer-encoding:content-type:from:mime-version:subject:to:

cc:content-type:from:subject:to;

s=smtpapi; bh=EO+fI4E8vPzMilYFqVa8AOAxfRUnRzYH0mKz1qKGktM=;

b=twJjGM3JuCEIkAQ6W6rlQfUMuReU5K20wz/1ASQfC1W5j1W3WZI1WwkibrhcO1r+6NWA

vwzhVi962J7i+6ha4lAP0sPT4Az024Oecj3+NADRbkUL74ForoJ/vK3WWdp1rulCcfNnrX

5q9WDgFHHMY7fJeRy4fOjXFQidUuHZs+c=

Received: by recvd-574749c66-sd6rc with SMTP id recvd-574749c66-sd6rc-1-686A0EAB-23

2025-07-06 05:50:35.802968912 +0000 UTC m=+2726203.046578313

Received: from NDYwNjgxNzg (unknown)

by geopod-ismtpd-12 (SG) with HTTP

id ZACF9ZnKRSiM5WU0skxbuA

Sun, 06 Jul 2025 05:50:35.791 +0000 (UTC)

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset=us-ascii

Date: Sun, 06 Jul 2025 05:50:35 +0000 (UTC)

From: FedEx Canada

Mime-Version: 1.0

Message-ID:

Subject: Your package is waiting for you !

X-SG-EID:

=?us-ascii?Q?u001=2EQqNlE5al1bvBBtqp7HdPg3qk7u83EBZlc=2Fin6U0clhsZMNjnt=2FrF5oPLM?=

=?us-ascii?Q?Mv1romKPD702Vxr7dpQGUNgxMsL+wrlxuOx9jYB?=

=?us-ascii?Q?h=2F+iQOBPZqRHQZryIZ6gcytDzFT6cqIWRIdLmnY?=

=?us-ascii?Q?iMUQEM6o3dj=2FT+5sQfWcK6F75Ls3c41EUPqoaMQ?=

=?us-ascii?Q?shrGVNGf2xxbP75s4NWL4eVzssduBdiq93tn7VL?=

=?us-ascii?Q?NGNHtuhFb5YJUvU+agmuQZsSBd1t9jf5=2FMyBTTU?= =?us-ascii?Q?twuq?=

To: doctor@doctor.nl2k.ab.ca

X-Entity-ID: u001.eVfYoeOP/svoOt39COy6QA==

X-Spam_score: 40.5

X-Spam_score_int: 405

X-Spam_bar: ++++++++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: F27e83d20E16x21 78 Y77o81u34r42 32p49a14c22k26a21g93e32 10i40s19

15w45a31i64t12i96n39g25 78f90o53r45 35y53o23u88!74 84 T70r47a63c89k19i86n55g74

42c13o62d26e84 57 30 22596710763222150520180152721380952132



Content analysis details: (40.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[149.72.40.63 listed in dnsbl.ahbl.org]

[149.72.40.63 listed in dnsbl.ahbl.org]

[149.72.40.63 listed in dnsbl.ahbl.org]

[149.72.40.63 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[149.72.40.63 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[149.72.40.63 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[149.72.40.63 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[149.72.40.63 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

[149.72.40.63 listed in will-spam-for-food.eu.org]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.3 LONGWORD BODY: Uses overlong words

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[149.72.40.63 listed in wl.mailspike.net]

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.5 FROM_SUSPICIOUS_NTLD From abused NTLD

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD

-0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender

Subject: {SPAM?} Your package is waiting for you !




nt-size:48px">F
ransparent;font-size:0px">27<=

/font>e83d
ize:0px">20
n style=3D"color:#e67e23">E=

16x
r:transparent;font-size:0px">2178
--GNIXOR-lord7789 -->


sans-serif">Y77o
font-size:0px">81u
t style=3D"color:transparent;font-size:0px">34r
--GNIXOR-lord7789 -->42
transparent;font-size:0px">32=

p49a
size:0px">14c
le=3D"color:transparent;font-size:0px">22k26a
parent;font-size:0px">21
t>g9=

3e
0px">32
"color:transparent;font-size:0px">10i40s
t;font-size:0px">19
ont style=3D"color:transparent;font-size:0px">15w=

45a
r:transparent;font-size:0px">3164t
t-size:0px">12i
tyle=3D"color:transparent;font-size:0px">96n39g
nsparent;font-size:0px">25
ont> f
e:0px">90o
=3D"color:transparent;font-size:0px">53r45
rent;font-size:0px">35=

y53<=

!--GNIXOR-lord7789 -->o
x">23u
olor:transparent;font-size:0px">88!74



84
--GNIXOR-lord7789 -->


ans-serif">T
=3D"color:transparent;font-size:0px">70r47a
rent;font-size:0px">63=

c89<=

!--GNIXOR-lord7789 -->k
x">19i
olor:transparent;font-size:0px">86n55g
font-size:0px">74
t style=3D"color:transparent;font-size:0px">42c
--GNIXOR-lord7789 -->13o
transparent;font-size:0px">62=

d26e
size:0px">84
le=3D"color:transparent;font-size:0px">57 30
parent;font-size:0px">22
t>57
ze:0px">107
=3D"color:transparent;font-size:0px">632221
rent;font-size:0px">50=

520<=

!--GNIXOR-lord7789 -->1
x">801
olor:transparent;font-size:0px">527213
font-size:0px">809
t style=3D"color:transparent;font-size:0px">521
--GNIXOR-lord7789 -->32



76
--GNIXOR-lord7789 -->


ans-serif">y31o
ont-size:0px">15u
style=3D"color:transparent;font-size:0px">66
-GNIXOR-lord7789 -->84w
ransparent;font-size:0px">36<=

/font>i47l
ize:0px">61l
e=3D"color:transparent;font-size:0px">62 99h
arent;font-size:0px">52
>a54=

v
px">44e
color:transparent;font-size:0px">24 86t
;font-size:0px">85o
nt style=3D"color:transparent;font-size:0px">64 <=

!--GNIXOR-lord7789 -->29p
:transparent;font-size:0px">4287y
-size:0px">94
yle=3D"color:transparent;font-size:0px">63t94h
sparent;font-size:0px">78
nt>e=

15
:0px">31d
=3D"color:transparent;font-size:0px">66e93l
rent;font-size:0px">61=

i69<=

!--GNIXOR-lord7789 -->v
x">17e
olor:transparent;font-size:0px">40r47y
font-size:0px">68
t style=3D"color:transparent;font-size:0px">72c
--GNIXOR-lord7789 -->69o
transparent;font-size:0px">95=

s58t
size:0px">66s
le=3D"color:transparent;font-size:0px">37.43
parent;font-size:0px">67
t>O8=

4n
0px">90c
"color:transparent;font-size:0px">68e70
t;font-size:0px">99y
ont style=3D"color:transparent;font-size:0px">70o=

20u
r:transparent;font-size:0px">8980
t-size:0px">98o
tyle=3D"color:transparent;font-size:0px">35r22d
nsparent;font-size:0px">48
ont>er
e:0px">21
=3D"color:transparent;font-size:0px">46h13a
rent;font-size:0px">50=

s22<=

!--GNIXOR-lord7789 -->
x">20b
olor:transparent;font-size:0px">85e38e
font-size:0px">51n
t style=3D"color:transparent;font-size:0px">65
--GNIXOR-lord7789 -->72p
transparent;font-size:0px">17=

r95o
size:0px">67c
le=3D"color:transparent;font-size:0px">76e93s
parent;font-size:0px">95
t>s7=

1e
0px">10d
"color:transparent;font-size:0px">44,88
t;font-size:0px">33y
ont style=3D"color:transparent;font-size:0px">30o=

37u
r:transparent;font-size:0px">8411
t-size:0px">80p
tyle=3D"color:transparent;font-size:0px">19a27c
nsparent;font-size:0px">86
ont>ka
e:0px">35g
=3D"color:transparent;font-size:0px">98e16
rent;font-size:0px">60=

w67<=

!--GNIXOR-lord7789 -->i
x">17l
olor:transparent;font-size:0px">85l70
font-size:0px">32b
t style=3D"color:transparent;font-size:0px">12e
--GNIXOR-lord7789 -->11
transparent;font-size:0px">14=

d70e
size:0px">67l
le=3D"color:transparent;font-size:0px">78i47v
parent;font-size:0px">80
t>e8=

5r
0px">10e
"color:transparent;font-size:0px">14d24
t;font-size:0px">43w
ont style=3D"color:transparent;font-size:0px">73i=

68t
r:transparent;font-size:0px">8086i
t-size:0px">43n
tyle=3D"color:transparent;font-size:0px">23 63a
nsparent;font-size:0px">79
ont> m
e:0px">69a
=3D"color:transparent;font-size:0px">27x86i
rent;font-size:0px">92=

m85<=

!--GNIXOR-lord7789 -->u
x">77m
olor:transparent;font-size:0px">15 42o
font-size:0px">57f
t style=3D"color:transparent;font-size:0px">84
--GNIXOR-lord7789 -->505
transparent;font-size:0px">62=

 46w
size:0px">64o
le=3D"color:transparent;font-size:0px">84r34k
parent;font-size:0px">41
t>i8=

1n
0px">93g
"color:transparent;font-size:0px">96 75d
t;font-size:0px">16a
ont style=3D"color:transparent;font-size:0px">15y=

62s
r:transparent;font-size:0px">8624



83
--GNIXOR-lord7789 -->


ans-serif">C11o
ont-size:0px">17n
style=3D"color:transparent;font-size:0px">59f
-GNIXOR-lord7789 -->72i
ransparent;font-size:0px">16<=

/font>r94m
ize:0px">62
e=3D"color:transparent;font-size:0px">81b91y
arent;font-size:0px">86
> 63=

c
px">58l
color:transparent;font-size:0px">59i95c
;font-size:0px">63k
nt style=3D"color:transparent;font-size:0px">61i<=

!--GNIXOR-lord7789 -->81n
:transparent;font-size:0px">9213
-size:0px">90o
yle=3D"color:transparent;font-size:0px">71n81
sparent;font-size:0px">97
nt>t=

50h
:0px">60e
=3D"color:transparent;font-size:0px">10 81l
rent;font-size:0px">53=

i64<=

!--GNIXOR-lord7789 -->n
x">12k
olor:transparent;font-size:0px">62 63b
font-size:0px">69e
t style=3D"color:transparent;font-size:0px">60l
--GNIXOR-lord7789 -->92o
transparent;font-size:0px">41=

w50
size:0px">65:
le=3D"color:transparent;font-size:0px">39



22
--GNIXOR-lord7789 -->


ans-serif">
.ldA6wftLzC6HGUe3P9LYsoo79ESkEsHM4FDJUaNgKCM28mKx-2BShosB2uItwjD4i5TTm6_GyW=

e1RRaaz-2B-2B-2Bm2R4SiSUcHZOTY4dgdpSVRaTGu9ktOffv79UHKIOX41oSMtfHYbgEaZyhHX=

fo8MB3QkSiRcUOG-2FQJwDPUlQblWwSktqVNpjug23VN7nVftApqxXXmOvmluhOKwki8EofS077=

2th-2B-2BANQZMQhXWzvOUrv6SaKQuPmGDMWswzBIGdDTI9KHellx2KaX3EW3tlGHBxW0gwRA-3=

D-3D" rel=3D"noreferrer" target=3D"_blank">h
t;font-size:0px">32t
ont style=3D"color:transparent;font-size:0px">40t=

86p
r:transparent;font-size:0px">9047:
t-size:0px">15/
tyle=3D"color:transparent;font-size:0px">48/30d
nsparent;font-size:0px">79
ont>el
e:0px">62i
=3D"color:transparent;font-size:0px">26v81e
rent;font-size:0px">18=

r50<=

!--GNIXOR-lord7789 -->y
x">32.
olor:transparent;font-size:0px">41f35e
font-size:0px">73d
t style=3D"color:transparent;font-size:0px">16e
--GNIXOR-lord7789 -->32x
transparent;font-size:0px">60=

.23c
size:0px">94o
le=3D"color:transparent;font-size:0px">29m15/
parent;font-size:0px">34
t>



78
--GNIXOR-lord7789 -->


ans-serif">C14o
ont-size:0px">50n
style=3D"color:transparent;font-size:0px">18t
-GNIXOR-lord7789 -->79a
ransparent;font-size:0px">43<=

/font>c69t
ize:0px">37
e=3D"color:transparent;font-size:0px">62u35s
arent;font-size:0px">14
> 73=

i
px">83f
color:transparent;font-size:0px">32 55y
;font-size:0px">65o
nt style=3D"color:transparent;font-size:0px">58u<=

!--GNIXOR-lord7789 -->62
:transparent;font-size:0px">3418a
-size:0px">72v
yle=3D"color:transparent;font-size:0px">80e11
sparent;font-size:0px">62
nt>a=

70n
:0px">38y
=3D"color:transparent;font-size:0px">17 60q
rent;font-size:0px">11=

u31<=

!--GNIXOR-lord7789 -->e
x">52s
olor:transparent;font-size:0px">90t57i
font-size:0px">99o
t style=3D"color:transparent;font-size:0px">26n
--GNIXOR-lord7789 -->69s
transparent;font-size:0px">84=

.59



78
--GNIXOR-lord7789 -->


ans-serif">R57e
ont-size:0px">68g
style=3D"color:transparent;font-size:0px">22a
-GNIXOR-lord7789 -->31r
ransparent;font-size:0px">16<=

/font>d50s
ize:0px">55
e=3D"color:transparent;font-size:0px">71F39e
arent;font-size:0px">17
>d31=

e
px">37x
color:transparent;font-size:0px">35



66
--GNIXOR-lord7789 -->
f/open?upn=3Du001.vAfwyCsv5SKe20dbI9Z6QKeFEUiu7Ze4oT3Osa2V9TbD7-2FDBmiTTBMV=

fGXZzzzzJBWbOUS6DFBA5eDxX4uJDsdZw3g6i5RYdx763aihdMot-2FtUh99cJlVZRPYAt0BhGv=

2xIZnXPgsZH0dev8RxK3ptsCF3-2F36kAwqrJFTf4Ng3UL4ivv-2FPtiz-2B5htQrmB4VcpFLr5=

6ib1PIGYrDBcXrPgVFiy36Q8IXyzp3yGUoCuRQ-3D" alt=3D"" width=3D"1" height=3D"1=

" border=3D"0" style=3D"height:1px !important;width:1px !important;border-w=

idth:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin=

-right:0 !important;margin-left:0 !important;padding-top:0 !important;paddi=

ng-bottom:0 !important;padding-right:0 !important;padding-left:0 !important=

;"/>

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Jul 2025 04:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYMf2-00000000Jyh-0Q0a

for dave@doctor.nl2k.ab.ca;

Sun, 06 Jul 2025 04:31:52 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Jul 2025 04:31:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f66.google.com ([209.85.160.66]:48335)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYHVd-0000000058R-0Nxh

for sales@nk.ca;

Sat, 05 Jul 2025 23:02:00 -0600

Received: by mail-oa1-f66.google.com with SMTP id 586e51a60fabf-2eb5cbe41e1so1873496fac.0

for ; Sat, 05 Jul 2025 21:59:53 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=aivirtual10x-com.20230601.gappssmtp.com; s=20230601; t=1751777987; x=1752382787; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=Np6YEoE8HhxKOSfmWSe0TlLj/U73PUV01jf06Ke/73k=;

b=wt6nsgit+QjhOBi62CizxiA3972pqRHFmgMtd7etTsDsZpwnSrMuRXXQtY9Yb3gWet

HFyNdpcMDqbmACCE94wUM+peFm/3xgqexfQWrkFsz+cNHZFF0KowJOhfYlvhZw3K7d7j

lupC3nN6+qekNkbLTiC3i5sXZBNFhKmjW0h3jCdosPAPOoMHcijJXvCRiXYkamTiuGMc

Tgbo1WTtbPxyiIVRJEqu0NLZx3jG7NRNt1Nafo6Jrn/OIJopIQOVVR2opt9irFee1dT6

gvzqS3iIx/THCX06rOW5xWMPXrVZec7/6KxBGQv3VIVaXtyI+v5bEl1DWH0VpdtVoJ8I

uy1w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751777987; x=1752382787;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Np6YEoE8HhxKOSfmWSe0TlLj/U73PUV01jf06Ke/73k=;

b=Y2WDUo9XxvDzGhLDA74TvcR+RjIrdeJ611KvQlP++TJ42badiRQMTg8Isb8ezEEvY8

UJr9bJm7kkTdHmOW+jXd9vmIKLQ8HNUZ8DHDP2z24AGz7yR/NjcMp/5HGEcQHK7CH1r+

fBVEFaiR5jtIvwDSV9vEvlBp4dhXiWuA7nusSrpPD2qDgIRvBlWB7Om2X1YsFl8NEW70

7IBPSEi1YCCTosIFk1VcuSNAUAG7mtHVrSapYnA/DAUjmcCUoZAHkPLzvwuX4TdOZYCv

YJ3qeD7T/ZCKONRUPk2ZDruDY9lsp2znCytns0Be55di1ai1j60UcoEULIz0/mnePldw

yWTw==

X-Gm-Message-State: AOJu0YwvSSRqPenVgaKJ2TJiStGCnnf0oO8ae7ax5k8ffgVDT9DKPWJr

NcDMms1ScIZa8+Y5UDTtn+AuDuw9ec2dybYtCLCzfBJPCD2ZDP+GOElgoh09sb7qLMuZ7bc8IK+

CskAEDsaH/SzWGoNSiMcWlJGJiR3M21UdAvNj0ncBe5jymFBeAADdRti65I9X8w==

X-Gm-Gg: ASbGnct43jbt03hwKLV+s71kwcCjiSzsL0xUAyMStSf61zzRMNZ0ja1SiH5hJ77yEVh

uFyuADH5ZJUuwlvnXi9Ng9ByApQrgRRr5oxnl2UzY65ELCXBD+3AItyaIZGAy+bdqovrkmGslQD

G3p8PcVjjErHo5PXzSzdo6kjOf7gi0Umg85yP1sgb62Mtc

X-Google-Smtp-Source: AGHT+IH8QqOxOHZzdMkWORVr9n1oVcaPJK+N/y+oMkbjpcx+D2Thn1dh99QAIR49F7Yn5fqm6JQq2T48/C40T3/yUEY=

X-Received: by 2002:a05:6870:1b8f:b0:2ef:eddd:690d with SMTP id

586e51a60fabf-2f7b0057900mr2625345fac.24.1751777986822; Sat, 05 Jul 2025

21:59:46 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Sat, 5 Jul 2025 21:59:46 -0700

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Sat, 5 Jul 2025 21:59:46 -0700

MIME-Version: 1.0

Sender: Ruben Stanton

From: Ruben Stanton

Date: Sat, 5 Jul 2025 21:59:46 -0700

X-Google-Sender-Auth: v5aeCuGZ4xqWWPpZ5yGVEJSXh1U

X-Gm-Features: Ac12FXyWF4H1fFsxTwLLwzX21JyvHqTWtIV5e9fxQgFrspfF7p71_7go5a5F0BE

Message-ID:

Subject: vancouverbreastcenter.com Needs to improve for better looks.

To: Sales

Content-Type: multipart/alternative; boundary="000000000000a1516806393b987b"

X-Spam_score: 8.0

X-Spam_score_int: 80

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Business owner of vancouverbreastcenter.com
[...]



Content analysis details: (8.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.66 listed in dnsbl.ahbl.org]

[209.85.160.66 listed in dnsbl.ahbl.org]

[209.85.160.66 listed in dnsbl.ahbl.org]

[209.85.160.66 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.66 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

[209.85.160.66 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.66 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.66 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

0.6 J_CHICKENPOX_73 BODY: 7alpha-pock-3alpha

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} vancouverbreastcenter.com Needs to improve for better looks.



--000000000000a1516806393b987b

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Dear Business owner of vancouverbreastcenter.com


PB_2Xn7au0qi4jdrnlfxhrelwFeQQ0GwHBHSJ7X-66ZhzoVg-N_wcMSV-3qd5hcE1U7SFseoJuD=

kgYbWbYDXwjKLizXQJjkhNANWezQy8FLxEUU7GTlR1ZZJxUMdMqWEVoAC29JdtAFe1fJ75L52P2=

VXdD533EU>

.



Hope you are doing well!



I have analysed your website.you seem to have a nice website. But the

concern is, It needs to be an improved design for better looks and

attractiveness with mobile responsiveness. So that visitors will see your

services briefly as well as navigate one page to another page easily. While

I was going through your website, I came across some factors which need to

improve.



Such as:



=C2=B7 Your website needs to be mobile responsive.

=C2=B7 At smaller screen, the texts are needed to be arranged in pr=

oper

way

=C2=B7 The design needs to improve for better looks and attractiven=

ess.

=C2=B7 Need to add well-organised Logo for your website

=C2=B7 Need to add looking images to describe your business.

=C2=B7 Images are too small to attract your visitors

=C2=B7 Footer part also needs to improve your website.

=C2=B7 Need to modify the favicon image according to your logo



Colour combination always grabs visitor attention,that=E2=80=99s the reason=

it

should be eye-catching.We can redesign your website responsively by writing

the back end code with HTML5 and CSS3 technology with which your site will

auto fit the device where it is being accessed.



Let me know if I should share a customized plan as per your website

requirement.



Look forward to your kind response.



Best Regards,

Ruben Stanton



Web Developer

------------------------------------------------------------------------

Note: - Our next conversation will be on my corporate Email ID.I will se=

nd

more details on our =E2=80=9Ccorporate identity=E2=80=9D, =E2=80=9Ccompan=

y profile=E2=80=9D, "Send

your Quote and Price list"



Click here


ilAjQZi5H6Ff-6oGGJhxhrelwGD95QjPE2y7TgZ3Udgfi3zXNr1gcV__3b7r3WNLJHrBHcBgJ6M=

qj70Hx47JmM1XmW9407awkd0-z73YHIzDGy8kjbVjgpjWsCiJ6i5vDJ3ceEGMPr3fkru59Aju30=

i>

to

unsubscribe.





[image: beacon]



--000000000000a1516806393b987b

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




ight:107%">Dear Business owne=

r of
SPgiV7IpL2wb104PB_2Xn7au0qi4jdrnlfxhrelwFeQQ0GwHBHSJ7X-66ZhzoVg-N_wcMSV-3qd=

5hcE1U7SFseoJuDkgYbWbYDXwjKLizXQJjkhNANWezQy8FLxEUU7GTlR1ZZJxUMdMqWEVoAC29J=

dtAFe1fJ75L52P2VXdD533EU" rel=3D"nofollow">vancouverbreastcenter.com.
font>






face=3D"verdana, sans-serif">Hope you are doing well!






face=3D"verdana, sans-serif">I have analysed your website.you seem to have =

a nice

website. But the concern is, It needs to be an improved design for better l=

ooks

and attractiveness with mobile responsiveness. So that visitors will see yo=

ur

services briefly as well as navigate one page to another page easily. While=

I

was going through your website, I came across some factors which need to

improve.






face=3D"verdana, sans-serif">Such as:






face=3D"verdana, sans-serif">=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=

=A0=C2=A0 Your

website needs to be mobile responsive.


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 At smaller screen, t=

he texts

are needed to be arranged in proper way


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 The design needs to =

improve

for better looks and attractiveness.


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0Need to add well-org=

anised

Logo for your website


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Need to add looking =

images to

describe your business.


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Images are too small=

to

attract your visitors


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Footer part also nee=

ds to

improve your website.


=C2=B7=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Need to modify the f=

avicon

image according to your logo





Colour combination alw=

ays

grabs visitor attention,that=E2=80=99s the reason it should be eye-catc=

hing.We can

redesign your website responsively by writing the back end code with HTML5 =

and

CSS3 technology with which your site will auto fit the device where it is b=

eing

accessed.






face=3D"verdana, sans-serif">Let me know if I should share a customized pla=

n as per your

website requirement.






face=3D"verdana, sans-serif">Look forward to your kind response.






face=3D"verdana, sans-serif">Best Regards,

nterchange-newline">
b(255,255,255)">Ruben Stanton<=

/b>


Web Developer


-----------------------------------------------------------------------=

-


Note:=C2=A0- Our next conversation will be on my corporate Email ID.=

I

will=C2=A0send more details=C2=A0on our=C2=A0=E2=80=9Ccorporate i=

dentity=E2=80=9D,

=E2=80=9Ccompany profile=E2=80=9D,=C2=A0=C2=A0"Send your Quote=

=C2=A0and Price

list"






face=3D"verdana, sans-serif" size=3D"1">Click=C2=A0
pan>
tWaXbL5XMD6VXvilAjQZi5H6Ff-6oGGJhxhrelwGD95QjPE2y7TgZ3Udgfi3zXNr1gcV__3b7r3=

WNLJHrBHcBgJ6Mqj70Hx47JmM1XmW9407awkd0-z73YHIzDGy8kjbVjgpjWsCiJ6i5vDJ3ceEGM=

Pr3fkru59Aju30i" rel=3D"nofollow" target=3D"_blank" style=3D"color:rgb(5,99=

,193)">here=C2=

=A0to unsubscribe.






face=3D"verdana, sans-serif" style=3D"" size=3D"1">=C2=A0




NpNygQtwA57ZVniTm3iUWoEKqzwGVdxhrelwHDuhW-QDcXisSUBMAq_4gXrJ03O316LdStNV3bW=

kIcn01gXjRT0-VuIB8T5o2Qlj3lOmfgq3DfxK2hxBgHKgLeQLiuJFIS49x_lQMsLxVsWfRad44G=

" width=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; display:no=

ne!important;">



--000000000000a1516806393b987b--

Nigerian spam from google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 17:53:00 -0600

Received: from mail-yw1-f196.google.com ([209.85.128.196]:59673)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYCga-00000000OeO-34vZ

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 17:52:58 -0600

Received: by mail-yw1-f196.google.com with SMTP id 00721157ae682-7111d02c777so15290847b3.3

for ; Sat, 05 Jul 2025 16:50:54 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1751759448; x=1752364248; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=MI7AOlBUdOtXEGPmtDWUkcxSqDUfMgxmMa+SsZdh1fk=;

b=UAPKjw/9qIKoLVBakgSjP0sNTqALKxrVUlZjJm5t9LmPN0Weqkm/fxX4KQ2UNhZvxl

yDPq8f3G/UPTvbgf6iYqWC8ck0BOk68fB7uR+fW3/YjLOL7h9SciZUNE3P7tgLgKwniJ

n8dbqUdeKF5y/Qo3fgHJOUAoQ5PsBUAxyqBIvTUaLMAUJr7iOtVWcrhabgbNKxNWm4cc

vQNixSW89eeDUZOKfBKlsusvC1nmttuCZ06MTqtEwCUm1KlTJH2VE02x+hUuUH7H6R4M

rrYyeqFBDIpD95URfDLkqdktYo79ltwzHOVIswqqi+kjqAmtH57GHoks3sfvzR+LZ+55

C1Gw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751759448; x=1752364248;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=MI7AOlBUdOtXEGPmtDWUkcxSqDUfMgxmMa+SsZdh1fk=;

b=qr8QAv3st6v0e8/fvIzjI8z7iirGzYpR0phIPSDl4UQjQmwdOJWrvY4dLMz1JaUiP3

13d0Cs9laA4SFxrsyeG8YQTAZoXkrcN44cmbh1SmR3Z5yKM/UIA9viLdNic8XEFaFOtt

Y4Hma9Dly8zfLciuAIDnpM8efE7twSqDWf0oGowqvA1Uy4Z+jLbRR0l3SQvLW/tp+KsQ

REgMVpojhjOMdU1NI61PXftHd1d1H7E6DwBo60bi9hBJB4RuEo28LLduyOb9NyAmoNXJ

Frsd187IQ+wRh11QjLKjfyGsAsSDoY83EyjnFTrd+fYRhIC7ZRZ+csymIzzHPxbvrZHM

71qQ==

X-Forwarded-Encrypted: i=1; AJvYcCXlAMDiI3vWz9QqmUtRu9wG0DMAKl/Q7CihK66IR4pR36DrbXfKui98O/5ejoyCf5AX+Pbx@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YwTKrUkJoNGwX/0O6T8btwU09LuVgLFN83h6Ey0MwF+Iwm2l6/f

XwLXCbRtr2o4O4iikvS+NRIb8Xcpt3DFNSCfPcqZfZf40kXQ6BF5NzlF4nB0IMkHLhd+KSUVnKY

jstKfHH773pdMSxalPdIWCXWWy5S9DZY=

X-Gm-Gg: ASbGncuaBNGGYhvsVEACGLUOIpPHYJGxjjWQt2CyeTcpmaqMvP++NPQNLi0jZbsClF/

QtARUU+ZzZk2t/871mDiXM75C4chI7jotuoYOtFtbFO31L+qhiXxdjwEEOe2Mq/2Yp52BB68EVf

TC74BqWnziseAzDgoXhL3MuSxcjoLJZfZpR6R/EcUfmyFbIw==

X-Google-Smtp-Source: AGHT+IF2V4l33ACMBPM6L9gaEftxwxpQrXwT6MSovv4Rig3k2ll9Phe5wmNiN4Tb7AfX4kTeni+uwFqjpbzGcJrvlsg=

X-Received: by 2002:a05:690c:6285:b0:710:e6b0:1688 with SMTP id

00721157ae682-7166b5bd0d0mr95613397b3.14.1751759447344; Sat, 05 Jul 2025

16:50:47 -0700 (PDT)

MIME-Version: 1.0

Reply-To: duboltmartta23@gmail.com

From: Martta Dubolt

Date: Sat, 5 Jul 2025 23:50:32 +0000

X-Gm-Features: Ac12FXz_D9KE846t211PYFbpZz7MJyaZPta8heH_eZrNN0F5VBgxF20AZxXAFN0

Message-ID:

Subject: dearest

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000974e24063937473f"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 14.0

X-Spam_score_int: 140

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings dearest I'm a 75 year old woman. I was born an orphan

and GOD blessed me abundantly with riches but no children nor husband because

he died when I got sick which makes me an unhappy woman. Now I am affected

w [...]



Content analysis details: (14.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.196 listed in dnsbl.ahbl.org]

[209.85.128.196 listed in dnsbl.ahbl.org]

[209.85.128.196 listed in dnsbl.ahbl.org]

[209.85.128.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.196 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

[209.85.128.196 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.5 ONE_WORD_SUBJECT Subject with only one lower-case word

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.196 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.196 listed in sa-accredit.habeas.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.196 listed in wl.mailspike.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[duboltmartta23(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[duboltmartta23(at)gmail.com]

2.3 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.196 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.128.196 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

0.0 XFER_LOTSA_MONEY Transfer a lot of money

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases

1.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} dearest



--000000000000974e24063937473f

Content-Type: text/plain; charset="UTF-8"



Greetings dearest



I'm a 75 year old woman. I was born an orphan and GOD blessed me abundantly

with riches but no children nor husband because he died when I got sick

which makes me an unhappy woman. Now I am affected with cancer of the lung

and breast with a partial stroke which has affected my speech. I can no

longer talk well. and half of my body is paralyzed, I sent this email to

you with the help of my private nurse.



I decided to make my last donation of Ten Million Five Hundred Thousand

United Kingdom Pounds 10.500, 000, 00 to you as my investment manager. I

want you to build an Orphanage Home With my name ( Ms. Martta Dubolt )

in your country.



If you are willing and able to do this task for the sake of humanity then

send me below information for more details to receive the funds.



1. Name...................................................



2. Phone number...............................



3. Country of Origin and residence



Ms. Martta Dubolt,



--000000000000974e24063937473f

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Greetings dearest

I'm a 75 year old woman. I wa=

s born an orphan and GOD blessed me abundantly with riches but no children =

nor husband because he died when I got =C2=A0sick which makes me an unhappy=

woman. Now I am affected with cancer of the lung and breast with a partial=

stroke which has affected my speech. I can no longer talk well. and half o=

f my body is paralyzed, I sent this email to you with the help of my privat=

e nurse.

I decided to make my last donation of Ten Million Five Hund=

red Thousand United Kingdom Pounds 10.500, 000, 00 to you as my investment =

manager. I want you to build an Orphanage Home With my name ( =C2=A0Ms. Mar=

tta Dubolt =C2=A0 ) in your country.

If you are willing and able to =

do this task for the sake of humanity then send me below information for mo=

re details to receive the funds.

1. Name............................=

.......................

2. Phone number.............................=

..

3. Country of Origin and residence

Ms. Martta Dubolt,=C2=

=A0




--000000000000974e24063937473f--

Amazon Phishing from globconnex.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYBQ5-00000000KNX-3lDA

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 16:31:41 -0600

Resent-From: The Doctor

Resent-Date: Sat, 5 Jul 2025 16:31:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [81.19.140.55] (port=48263 helo=adminiral.live)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1uY9vO-00000000OiK-0vAM

for root@nk.ca;

Sat, 05 Jul 2025 14:56:04 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;

h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;

bh=k1wGAm+0ehv2t4ETJJYd04Q5boA=;

b=s9rjPnrwO4Xj7/9s+MiyXzmZKEMmJj7t2v+DIiCtft8hwIhjAgC2HqMm+KtgaV3sJQWIHMvHkPWM

JOeZocMDDv5nV6ZfMm0ToQ7JWpBC55YYn+b1WxTKl19Rfp1yVo9Hn1m+82xyY2yd5WLFeXTqtCt4

EKMDOmBM6e17z4sBr7Q=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;

b=p0e6Cql3odplP0K4OMfxbeSkJDXrLqBc+0AvXf1ZBN9MRj2hYV6f5qQ3ZPJJlyBBkrvPQCb+Gjxv

hzC9YkddgtFlO7xP+WPyIN1maVPvPyy4V3f6pxMGescXzLnFtkAnu1LrCR3tbZI1chh+wlSdboAg

6PirO37QoWpFHfAsPug=;

To: root@nk.ca

From: =?UTF-8?B?QW1hem9u?=

Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=

Date: Sat, 05 Jul 2025 20:52:36 +0000

Content-Type: text/html



Content-Transfer-Encoding :BASE64

X-Spam_score: 22.1

X-Spam_score_int: 221

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started

Early With Our Favorite Deals Amazon's Prime Day sale is now four days long

(July 8-11), which sounds great until you realize that's four days of scrolling

through endless deal pages. We figured you probably have better things to

[...]



Content analysis details: (22.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 185.174.30.244]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: 185.174.30.244]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: 185.174.30.244]

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8

characters

3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=



CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRBckpaTzIyNjQ0cWFyZTM1OWNsb2xvb2l5ZmIxMzUyM0NDQVdHU1NKSVdTS0hKRjE2NDgxRUxaTzUxNDZqOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80b0VrVGIyMjY0NHN1SHozNTlwaXN4aWhiY3dwMTM1MjNCRVlXRURYUEtZVlpPS0ExNjQ4MUlIQko1MTQ2dDkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRld3hiUzIyNjQ0d1hOQjM1OW1rY3dhbnJuZXoxMzUyM1VBSVBJSERRV01JSlNTTTE2NDgxWFFFTzUxNDZzOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNVdJcUtRMjI2NDRzaHJTMzU5bWtwamdhbmNlZjEzNTIzQ0tVSEhTSExUVlZWWE5WMTY0ODFLUU9aNTE0NlQ5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNxRkZZWjIyNjQ0ckxUajM1OXdvcmJsemp4cG0xMzUyM1ZTTkRPSlNBRERKSEpTVDE2NDgxSkxEUjUxNDZROSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==

Amazon Phish from globconnex.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYBQ5-00000000KNX-3lDA

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 16:31:41 -0600

Resent-From: The Doctor

Resent-Date: Sat, 5 Jul 2025 16:31:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [81.19.140.55] (port=48263 helo=adminiral.live)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1uY9vO-00000000OiK-0vAM

for root@nk.ca;

Sat, 05 Jul 2025 14:56:04 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;

h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;

bh=k1wGAm+0ehv2t4ETJJYd04Q5boA=;

b=s9rjPnrwO4Xj7/9s+MiyXzmZKEMmJj7t2v+DIiCtft8hwIhjAgC2HqMm+KtgaV3sJQWIHMvHkPWM

JOeZocMDDv5nV6ZfMm0ToQ7JWpBC55YYn+b1WxTKl19Rfp1yVo9Hn1m+82xyY2yd5WLFeXTqtCt4

EKMDOmBM6e17z4sBr7Q=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;

b=p0e6Cql3odplP0K4OMfxbeSkJDXrLqBc+0AvXf1ZBN9MRj2hYV6f5qQ3ZPJJlyBBkrvPQCb+Gjxv

hzC9YkddgtFlO7xP+WPyIN1maVPvPyy4V3f6pxMGescXzLnFtkAnu1LrCR3tbZI1chh+wlSdboAg

6PirO37QoWpFHfAsPug=;

To: root@nk.ca

From: =?UTF-8?B?QW1hem9u?=

Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=

Date: Sat, 05 Jul 2025 20:52:36 +0000

Content-Type: text/html



Content-Transfer-Encoding :BASE64

X-Spam_score: 22.1

X-Spam_score_int: 221

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started

Early With Our Favorite Deals Amazon's Prime Day sale is now four days long

(July 8-11), which sounds great until you realize that's four days of scrolling

through endless deal pages. We figured you probably have better things to

[...]



Content analysis details: (22.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 185.174.30.244]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: 185.174.30.244]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: 185.174.30.244]

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8

characters

3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=



CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRBckpaTzIyNjQ0cWFyZTM1OWNsb2xvb2l5ZmIxMzUyM0NDQVdHU1NKSVdTS0hKRjE2NDgxRUxaTzUxNDZqOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80b0VrVGIyMjY0NHN1SHozNTlwaXN4aWhiY3dwMTM1MjNCRVlXRURYUEtZVlpPS0ExNjQ4MUlIQko1MTQ2dDkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRld3hiUzIyNjQ0d1hOQjM1OW1rY3dhbnJuZXoxMzUyM1VBSVBJSERRV01JSlNTTTE2NDgxWFFFTzUxNDZzOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNVdJcUtRMjI2NDRzaHJTMzU5bWtwamdhbmNlZjEzNTIzQ0tVSEhTSExUVlZWWE5WMTY0ODFLUU9aNTE0NlQ5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNxRkZZWjIyNjQ0ckxUajM1OXdvcmJsemp4cG0xMzUyM1ZTTkRPSlNBRERKSEpTVDE2NDgxSkxEUjUxNDZROSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==

Amazon Phish from globconnex.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 16:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uYBQB-00000000KOC-46EH

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 16:31:47 -0600

Resent-From: The Doctor

Resent-Date: Sat, 5 Jul 2025 16:31:47 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [81.19.140.55] (port=37771 helo=adminiral.live)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1uY9vO-00000000Oil-0v3A

for sales@netknow.ca;

Sat, 05 Jul 2025 14:56:04 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=adminiral.live;

h=To:From:Subject:Date:Content-Type:Content-Transfer-Encoding; i=contact@adminiral.live;

bh=oxFtmRD3etLFx3WMNISaaw6x6xA=;

b=zxU0/wN7wg/MgCwdN95LPilyPdcNcs4Fa5TbIJTJQPwvEuRoL0/X9ZRxle8xngJuhe4wxL6LoCXO

ibSDhuyV6akhvRFgEYhaPuKxkdgopPdQt8Y9FkedjbE/DH4eCEJKVdPBsPJI64gRkSm7MDZswRpu

+Q5PI+zAmpikAijT6EI=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=adminiral.live;

b=SfIVktWCrFYlhLYW8qyqqWNFQ7pW21+SHmLrmBnyfcYzRUbpjG+2VnGF1X27fiqevTLSDSe4aOs0

OxTUqIlNT67NCVFedKpQvKSC/9etyseg5A6KOWpCB0XiOkzEp3JdQJbjdVsOnR72IxsJl+nKuWK/

qGjU+FKB5S9qeuGWPfY=;

To: sales@netknow.ca

From: =?UTF-8?B?QW1hem9u?=

Subject: =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=

Date: Sat, 05 Jul 2025 20:52:44 +0000

Content-Type: text/html



Content-Transfer-Encoding :BASE64

X-Spam_score: 22.1

X-Spam_score_int: 221

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Amazon Prime Big Deal Days Starts July 8-11. Get Started

Early With Our Favorite Deals Amazon's Prime Day sale is now four days long

(July 8-11), which sounds great until you realize that's four days of scrolling

through endless deal pages. We figured you probably have better things to

[...]



Content analysis details: (22.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

[81.19.140.55 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[81.19.140.55 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

[81.19.140.55 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: 185.174.30.244]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: 185.174.30.244]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: 185.174.30.244]

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

2.0 SUSP_UTF8_WORD_SUBJ Word in Subject using only suspicious UTF-8

characters

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

3.7 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

Subject: {SPAM?} =?UTF-8?B?8J2Xp/Cdl5vwnZec8J2XpiDwnZe28J2YgCDwnZe88J2Xu/Cdl7Ig8J2XvPCdl7Mg8J2YgfCdl7XwnZeyIPCdl5vwnZe88J2YgfCdmIHwnZey8J2YgPCdmIEg8J2XlPCdl7rwnZeu8J2Yh/Cdl7zwnZe7IPCdl6PwnZe/8J2XtvCdl7rwnZeyIPCdl5fwnZeu8J2YhiDwnZeX8J2XsvCdl67wnZe58J2YgA==?=



CgoKPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPgo8aHRtbD4KPGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CjwvaGVhZD4KPGJvZHkgc3R5bGU9Im1hcmdpbjogMDsgcGFkZGluZzogMDsgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNTsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyI+CiAgICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjYwMCIgc3R5bGU9Im1hcmdpbjogMCBhdXRvOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOyI+CiAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQgc3R5bGU9InBhZGRpbmc6IDIwcHg7Ij4KICAgICAgICAgICAgICAgPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPiA8IS0gLSBBZGRlZCB0ZXh0LWFsaWduOiBjZW50ZXI7IC0gLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4gPCEtIC0gQ2VudGVyZWQgdGV4dCAtIC0+CiAgICAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyNHB4OyBjb2xvcjogIzAwMDBGRjsiPjxzdHJvbmc+PGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzRWckhKcTIyNjQ0eGpSWDM1OWhjeWtraGVld3QxMzUyM05HWklKUFdFWlZaVlVaWTIwODA0U0xZWTUxNDZsOSIgc3R5bGU9ImNvbG9yOiAjMDAwMEZGOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij5BbWF6b24gUHJpbWUgQmlnIERlYWwgRGF5cyBTdGFydHMgSnVseSA4LTExLiA8YnI+IEdldCBTdGFydGVkIEVhcmx5IFdpdGggT3VyIEZhdm9yaXRlIERlYWxzPC9hPjwvc3Ryb25nPjwvcD4KCjxhIGhyZWY9Imh0dHA6Ly8xODUuMTc0LjMwLjI0NC9yZC80bk5qbmYyMjY0NGpOeGUzNTlpZ2V3ZmRqZ2JoMTM1MjNYUlRWV01YRVZUUFlNRVoyMDgwNE1MRUc1MTQ2UzkiPjxpbWcgYm9yZGVyPSIwIiAgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR3ZBUi1BTlhvQUFfdzdTP2Zvcm1hdD1wbmcmbmFtZT1zbWFsbCIgd2lkdGg9IjYwMCIgaGVpZ2h0PSIzMDAiPjwvYT4KICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogIzAwMDAwMDsgZm9udC13ZWlnaHQ6ICI+QW1hem9uJ3MgUHJpbWUgRGF5IHNhbGUgaXMgbm93IGZvdXIgZGF5cyBsb25nIChKdWx5IDgtMTEpLCB3aGljaCBzb3VuZHMgZ3JlYXQgdW50aWwgeW91IHJlYWxpemUgdGhhdCdzIGZvdXIgZGF5cyBvZiBzY3JvbGxpbmcgdGhyb3VnaCBlbmRsZXNzIGRlYWwgcGFnZXMuIFdlIGZpZ3VyZWQgeW91IHByb2JhYmx5IGhhdmUgYmV0dGVyIHRoaW5ncyB0byBkbywgc28gd2Ugc3BlbnQgaG91cnMgc29ydGluZyB0aHJvdWdoIGV2ZXJ5dGhpbmcgdG8gZmluZCB0aGUgMTAgZGVhbHMgYWN0dWFsbHkgd29ydGggYnV5aW5nLiBCb251czogd2UgbmVnb3RpYXRlZCBzb21lIGV4Y2x1c2l2ZSBkZWFscyBvbiBnYWRnZXRzIHVuZGVyICQ2MCB3aXRoIHVwIHRvIDcwJSBvZmYganVzdCBmb3Igb3VyIHN1YnNjcmliZXJzLiBDb25zaWRlciBpdCBvdXIgZ2lmdCB0byB5b3VyIGZyZWUgdGltZS4KCgo8L3A+PGJyPgoKICAgICAgICAgICAgICAgIDwhLSAtIENlbnRlcmVkIENUQSBidXR0b24gLSAtPgogICAgICAgICAgICAgICAgPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+CiAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3JkLzR6eHRWZzIyNjQ0am5rdTM1OW5idWtsdWV5aWoxMzUyM1BETlpJV0NYVkVOWk5RVzIwODA0RllQSTUxNDZaOSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2Rpc3BsYXk6aW5saW5lLWJsb2NrO2NvbG9yOiMwMDAwMDA7YmFja2dyb3VuZC1jb2xvcjojRkY5OTAwO2JvcmRlci1yYWRpdXM6MjVweDt3aWR0aDphdXRvO2JvcmRlci10b3A6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2ZvbnQtd2VpZ2h0OjQwMDtib3JkZXItcmlnaHQ6MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1ib3R0b206MHB4IHNvbGlkIHRyYW5zcGFyZW50O2JvcmRlci1sZWZ0OjBweCBzb2xpZCB0cmFuc3BhcmVudDtwYWRkaW5nLXRvcDo1cHg7cGFkZGluZy1ib3R0b206NXB4O2ZvbnQtZmFtaWx5OidIZWx2ZXRpY2EgTmV1ZScsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7Zm9udC1zaXplOjE4cHg7dGV4dC1hbGlnbjpjZW50ZXI7bXNvLWJvcmRlci1hbHQ6bm9uZTt3b3JkLWJyZWFrOmtlZXAtYWxsOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjYwcHg7cGFkZGluZy1yaWdodDo2MHB4O2ZvbnQtc2l6ZToxOHB4O2Rpc3BsYXk6aW5saW5lLWJsb2NrO2xldHRlci1zcGFjaW5nOm5vcm1hbDsiPjxzcGFuIGRpcj0ibHRyIiBzdHlsZT0ibWFyZ2luOiAwOyB3b3JkLWJyZWFrOiBicmVhay13b3JkOyBsaW5lLWhlaWdodDogMzZweDsiPjxzdHJvbmc+U2tpcCB0aGUgSHVudCwgR2V0IHRoZSBCZXN0IERlYWxzID88L3N0cm9uZz48L3NwYW4+PC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxicj48YnI+CiAgICAgICAgICAgICAgICAKCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCIgd2lkdGg9IjYwMCI+CgkJICA8dGJvZHk+CgkJICAgPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iNjAwIj4KCQkgIDx0Ym9keT4KCQkgICAgPHRyIHZhbGlnbj0idG9wIj4KCQkgICAgIAoJCSAgICAgICAgIDx0ZCB3aWR0aD0iMTAwJSIgYWxpZ249ImNlbnRlciIgdmFsaWduPSJtaWRkbGUiIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6ICNhM2E5YjU7IGxpbmUtaGVpZ2h0OiAxNnB4OyBwYWRkaW5nOiAyMHB4IDQwcHggNDBweCA0MHB4OyI+VG8gc3RvcCByZWNlaXZpbmcgZW1haWwgYWR2ZXJ0aXNlbWVudHMgcGxlYXNlIDxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vMTg1LjE3NC4zMC4yNDQvcmQvNUJ4Rm5hMjI2NDRBaG9UMzU5Z2pqdmpwZ2NqZjEzNTIzWVhHQ1RKVktXWkVFSUNaMjA4MDRJSk5JNTE0NnA5IiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHg7IGNvbG9yOiAjYTNhM2EzOyBsaW5lLWhlaWdodDogMTZweDsiPkNMSUNLIEhFUkU8L2E+IDxicj4gb3Igd3JpdGUgdXMgZGlyZWN0bHkgYXQ6IEp1c3RHaXNtb3MgfCA8c3Bhbj4zMDIgV2FzaGluZ3RvbiBTdCAjMTUwLTc4MzU8L3NwYW4+IDxzcGFuPnw8L3NwYW4+IDxzcGFuPlNhbiBEaWVnbywgQ0EgOTIxMDM8YnI+PGJyPjwvdGQ+CgkgICAgICA8L3Rib2R5PgoJICAgIDwvdGFibGU+PC90ZD4KICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgPC90cj4KICAgIDwvdGFibGU+CjwvYm9keT4KPC9odG1sPgo8aW1nIHNyYz0iaHR0cDovLzE4NS4xNzQuMzAuMjQ0L3RyYWNrLzNrcnNhSDIyNjQ0ZFhMWTM1OW5mZGxtY3pibGgxMzUyM1FXWUhQVFVWU05PV0JBSjIwODA0VEtMTTUxNDZ6OSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ii8+IAoKCg==

Web/SEO/App Spam from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 09:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uY4zl-00000000MmK-1Q2g

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 09:40:05 -0600

Resent-From: The Doctor

Resent-Date: Sat, 5 Jul 2025 09:40:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19013084.outbound.protection.outlook.com ([52.103.43.84]:62491 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uY4uB-00000000Lmb-1OMo

for doctor@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 09:34:29 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=VFAFrvOUZuq3rKXHB18c3hhg+bRhU+Wp9VH4a3xWQnIlsAILnJqg1jNwNrMy9K1cOyyk5j6O8tfu7DMQesFYAkQDmEAJntsgzaXjKn5RM16Gx2GPOcuY3Fa/ljPFj8shZBGmchd/8OoeZ55efmDehB9YaulQRkfx/5THJBNIJObukZxKrLMUyji1Zgww/yhYEfyICbLF9+GOa0kLsZPlcRO/prEeZ0ZSIF/ceC1EXvzgaOyxQ+gstbHMwBKAzXiOYsChFUlpliEDlp+SXFlwc3m6DZc3IfalcTd2y84hMsGnzVvgrDYwpbrhetPMHI09zQ7CP2QA1PIPIryZ5xUkLg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=GP97PQmlILYVKvlWH1olRgdFr83cSbsyzMiRTMG26D4=;

b=sMnRu4lvAmcGleXfoefiPNqNF0vrVlJSoP0SWvKcGn+6Jbgwy2j9vXknDpZl1CggN2U9f+c1INtj62eR0AMv/YHRRwLsQX9q+2CFyTVepolEELqsdClWVN5WDTctR7rtRbNbv/dh94YzYKhUnerrGcIvz5/l3ClugKlWrLbnisV0LtdwCcohPRrcQ3v2woIB6Avqi7oJhE/HouSCVq9ikpVoCL2ugItrmKlHAK9C8RyFmyMzEolxYpy7ht5Vei3TJR2vXo+A9ffHXjcx6st8zuWAf2hNrA9ff67B0/FWFuoHeg9Kxic+y/zqfwo1n0LEh9OnLySljfAX5wuwyFxJEg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=GP97PQmlILYVKvlWH1olRgdFr83cSbsyzMiRTMG26D4=;

b=HCNT/lswulX1S81wd2eqIqarLfYKOzkBadDBL7qTkYS7lNAaHOmHeUat1c4tZEscpqUCE8MmByhSM0rNoh2xPTrqyJJiYj1dfy5VhhlzqTcgeZLXPRedcnkunMNa4z8gT/OIFhwyPXeM4cBNFLcpSsIDR1SmqrrDIPeJimVnC/C1ZGCNqH8VLUptnzZpyF9+32KZTUAgrsz/PIBdZL9ANLa4Y0AMgKSwm520ujSVY+68YlA2A93IwdKyMni/+HMJ7ru0tOrnkUeb3O5LvuWMVbC0fSWuQS9+XsEOSq0ihgNN2Ka89QaYOz5WSFkHRmi4HUvBdrw0tFlTcXM8CjkkeA==

Received: from TYZPR01MB5836.apcprd01.prod.exchangelabs.com

(2603:1096:405:1d::14) by TYPPR01MB7818.apcprd01.prod.exchangelabs.com

(2603:1096:405:2b7::5) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8901.21; Sat, 5 Jul

2025 15:31:46 +0000

Received: from TYZPR01MB5836.apcprd01.prod.exchangelabs.com

([fe80::32a6:b1f7:6647:837]) by TYZPR01MB5836.apcprd01.prod.exchangelabs.com

([fe80::32a6:b1f7:6647:837%4]) with mapi id 15.20.8901.023; Sat, 5 Jul 2025

15:31:46 +0000

From: Isabella Herry

To: Isabella Herry

Subject: Re: SEO Packages

Thread-Topic: SEO Packages

Thread-Index: AQHb6zksX95J5AzuQUONnQV3Qg6yyLQjrT6M

Date: Sat, 5 Jul 2025 15:31:44 +0000

Message-ID:



References:



In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYZPR01MB5836:EE_|TYPPR01MB7818:EE_

x-ms-office365-filtering-correlation-id: 7555b6b5-6a39-4d40-3b4d-08ddbbd90c96

x-microsoft-antispam:

BCL:0;ARA:14566002|15080799009|19110799006|8060799009|8062599006|461199028|15030799003|13041999003|40105399003|39105399003|3412199025|440099028|41105399003|39145399003|102099032|1710799026;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?QZeOUhGgvhsYrI+g6mPHQ07PS+hCJechnY/L0W9irnx4k2C2HCnoaLTh?=

=?Windows-1252?Q?DKcV1PLrcMl//jUlaruzFKTJeXacArYcxwnOCGDWPysmyvI3rECfbyGl?=

=?Windows-1252?Q?s2brCkfdoTDYkcBA0jV2zVlf7li6m27M/FZGYkojUvy6DciaxtVKzqfj?=

=?Windows-1252?Q?OjOAyD1w2lojOiRoLWWnoq4dRiuGT968cAO02TFOsqophxkz6cf/oFL8?=

=?Windows-1252?Q?0nT8XaVSin60OgL12309SlHWhWcJfOyKHBf9iGeBlQmSs/9WWI779r/A?=

=?Windows-1252?Q?1UTaZaL5PjS/2Imom9jTJkmrqVBeQ7/JMmiFg8WITe7wgHBnK33zte2Q?=

=?Windows-1252?Q?bQc2aKZ1QwHWoHy1QguJBMZl61kYpC5F0shcvGlpWvVu0ewu2ruxDcyh?=

=?Windows-1252?Q?k8pB33572yLb/VhYQqKNa7nOT4v00fMEJO38sWiALpSAnUT67GwuUxgS?=

=?Windows-1252?Q?gwtRx9yyyIJgQe/glmniUStAkSubvUez7WYozswFmzduUBbmSYYGa8Ey?=

=?Windows-1252?Q?Nq9EcOpbOydtYGB5marpMrP126BoMYit/XQOjNnIipGLEWJPVGfvHCAk?=

=?Windows-1252?Q?ECFR54nrz9nhTwQcu1yJQX51tbcFVGI5hntVw9nM3g8xNspF6GThEy4R?=

=?Windows-1252?Q?2eIKWrw/PdVbWN9E18ATlg/tRojK2mcnSRgr0U8j0h2oDYFgNuYbGYc1?=

=?Windows-1252?Q?N8BpXBeiSrHU84UtIWDSvkR34O8byMp+Han5Bo+Q5we5cQW0M5QvVaF8?=

=?Windows-1252?Q?aG4OdAgz7rVrbDgZVPDPsgRhAkag8nmSLKLbXaC5z217Fw5fVuQu+ogF?=

=?Windows-1252?Q?DC8CBPcs3Blm3fLTd6aOf1YdlSxOpS5wBjZfXIYJ6qAZ1RQKe7hnkJN7?=

=?Windows-1252?Q?i5Muk0XmHkj2Wltn1lBABJ0YpNrnZ8gQoWhE0xqGdyr+HGyVb7vMWpHN?=

=?Windows-1252?Q?FCulxiQ0qMOvaW9EJvH74S/0u/tS4JfG5CukiVETxnwgNz0SbBTp4TF0?=

=?Windows-1252?Q?GjcMQgyplHa9SVVKXvOgvZt5o1zjeoeFCuK1CExNrCIH1slbV2tzNjrs?=

=?Windows-1252?Q?fj3UrpmJNSOCiQja8i5HVlEOhOR9t1LyfXVZdmgXIx6vOugxLzp9gRoP?=

=?Windows-1252?Q?b9QfwgJOx29AsNEbKcFxaZEbf6FJw5pu4Dl8IPSeR9Zot/en9C+x9leT?=

=?Windows-1252?Q?LQauPabucQ3YfD+negXQsnlJNb7DO0OxQRtzWNy0+OcsRM/ZKUp9ZRaE?=

=?Windows-1252?Q?bv/GG6knWiFxea4imp69AKCof3h0BrpjjrwLdfHYcMsxzMdyXpX1tX0I?=

=?Windows-1252?Q?KKNznt8wZq6BXMfdaVKuATVF3McO+IsmEJWY6Z4mnSw1WBOddZu0XiDD?=

=?Windows-1252?Q?ieI8PQJyXTR1iWDOUSw0YkxMXAWlrXZsYV4=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?XtPBAmNNICEaliZEkY+4tCbAtZhXI9wHxYnHnVgRCwloJxUtouHTfxf/?=

=?Windows-1252?Q?kMl0A8iqDsho8Z4tqyPiqscGw+Crodqya441XT6U8y/Ky0hfOC1GY+Zi?=

=?Windows-1252?Q?kR/Nsjec2OG9p30gLT7tXiMLzKu4wzfe0B1ZPHD16fR8YqNxvv/ahCVq?=

=?Windows-1252?Q?dwmB0u60kWUiKilx0tnKPkspUo/YVRn2uR16lWNADjkBld58ITDjrxZt?=

=?Windows-1252?Q?t/OuBEncpD+EelzeB9oByTw/5evkbgHZd2hYQGEYddFE/mwnDdXzNtV/?=

=?Windows-1252?Q?yl960X7Lj6fPcna+sr7htM724YcUGkKL6RKTQ1pdIelvlzsd1YWNxq/T?=

=?Windows-1252?Q?kv7pcf6cTTlXj+5SF2GizzKBleMjnx4AwDMyXGW6kI6dbW5AVuBgbW9+?=

=?Windows-1252?Q?2hv3859AQA28rU8/e6MI7/QPkNmihAeItfsgL/E1QHrrjDCB3Ow4tpSn?=

=?Windows-1252?Q?z6bJZRpOj07DDDw/uNGPccEyGfFf+7bpJ5MrVkUclVbMB8J0QjPBEVnN?=

=?Windows-1252?Q?mOaEn5m1dSraz2W7XYQSvMw0Gk6yX8cTLK/ULscDCXN2x/1FWAZaZDZp?=

=?Windows-1252?Q?KnR39ew2Hh/UVX+ErqBftiCYBcLjEmZ+WxMkBloLkJsz3BlyTYYskdzy?=

=?Windows-1252?Q?MULCF/lbE7uuwxRqC77E5EY6UKkTDUnddVDkKUSXhPuvHQPnWebYJKzS?=

=?Windows-1252?Q?3dZmXfZtfAs/m29Tn4WKNLRvUnN+vBMfUgNsF+VKFe97C46ykFrvFTra?=

=?Windows-1252?Q?dF/l6m0XereSJX69fTZ3VdTyny5gq38jV9oW5nKNYYYQqY3CVECxRhzd?=

=?Windows-1252?Q?PI1VAAWC6Ku57vDTA6yQrd7H3lVCMYJ7qGyh6R8vLK1adzZC94zJ0P2z?=

=?Windows-1252?Q?zWifX+ARCuMltCBvd8q74HA3e3KIjtbNJACvNHnBLcB08fbzsGJti6xh?=

=?Windows-1252?Q?NsXtApPQs2mNzP/h/FpCGEqEDhqISVdFSkKW3Qu7zsA9u4Fm2dBOHwih?=

=?Windows-1252?Q?ylRGHDrcwy2uFHTQb98XNnL8ZS6tkyL3xomEMG737yGTankYK0niaH7z?=

=?Windows-1252?Q?P+TG+oxNCEa7WaHk3wDOzT6SxhMXuIGqmzznSjAqKBBeaWw8Qp3/P6dj?=

=?Windows-1252?Q?G9GO01RDXM2cSD0Xb17zUt5cI4wR7Dw8slVsatgB4tBKPL2POcHCR6mF?=

=?Windows-1252?Q?kXdE4Z8DBY8wUYmcF8N4UDDsgBldXxqj0flrcZqvFagPMF6nkDkpivwD?=

=?Windows-1252?Q?07bQ4cCs36VRcdjgx57dI3Yv47Gvhh9FmPMTT884TBLKVwKYtJjQYRV+?=

=?Windows-1252?Q?PHgqN43wgLrQhnHflGslrLzpL66wql21SIECeZp4zmpx4g/H?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR01MB58360E6F0A51A5F5D50037DB834DATYZPR01MB5836apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR01MB5836.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 7555b6b5-6a39-4d40-3b4d-08ddbbd90c96

X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2025 15:31:44.9587

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYPPR01MB7818



--_000_TYZPR01MB58360E6F0A51A5F5D50037DB834DATYZPR01MB5836apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable





________________________________

From: Isabella Herry

Sent: Wednesday, July 2, 2025 10:08 AM

Subject: SEO Packages



Hi,

I=92m still waiting for your reply,

Please let me know if you are interested in my SEO services.

Thank you!

Isabella.



--_000_TYZPR01MB58360E6F0A51A5F5D50037DB834DATYZPR01MB5836apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">











yle=3D"font-size:11pt" color=3D"#000000">From: Isabella Herry


Sent: Wednesday, July 2, 2025 10:08 AM


Subject: SEO Packages

 









margin-left:0px; font-family:"Aptos Narrow",Aptos_EmbeddedFont,A=

ptos_MSFontService,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Hi, 



margin-left:0px; font-family:"Aptos Narrow",Aptos_EmbeddedFont,A=

ptos_MSFontService,sans-serif; font-size:12pt; color:rgb(0,0,0)">

I=92m still waiting for your reply,    



margin-left:0px; font-family:"Aptos Narrow",Aptos_EmbeddedFont,A=

ptos_MSFontService,sans-serif; font-size:12pt">

Please let me know
le=3D"color:rgb(200,38,19)">if you are interested in my SEO services.
>



ly:"Aptos Narrow",Aptos_EmbeddedFont,Aptos_MSFontService,sans-ser=

if; font-size:12pt; color:rgb(0,0,0)">

Thank you!



margin-left:0px; font-family:"Aptos Narrow",Aptos_EmbeddedFont,A=

ptos_MSFontService,sans-serif; font-size:12pt; color:rgb(0,0,0)">

Isabella.










--_000_TYZPR01MB58360E6F0A51A5F5D50037DB834DATYZPR01MB5836apcp_--

Nigerian spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 07:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uY38B-00000000K1w-0qNh

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 07:40:39 -0600

Resent-From: The Doctor

Resent-Date: Sat, 5 Jul 2025 07:40:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f48.google.com ([209.85.167.48]:42439)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uXyap-00000000Dt8-0XU7

for doctor@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 02:50:09 -0600

Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-553d52cb80dso1437346e87.1

for ; Sat, 05 Jul 2025 01:47:57 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1751705270; x=1752310070; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=9FXBZ2KzumckRUjyCCLZ3bD0TIwx6iyyCIPd6jSi3B8=;

b=hebIYa2kj61j8Cip+IbKOoyGJ39JKF5aWP/rfzdcXuzZcTQZfzGhidissB8H2zehHa

HwebxqSS82a+gp0mcR2f+z/Ry3gZ+lsMzKdSUOwro7+KjG5jZMMUFr6W5XYt4oU1xjOB

wKfdHXZbz2On28BrzqJqi+gZbYcJTN1D2RNnyRS0+qUufAiL9odmHO2M8iB43T8yLWgs

lECwnMu0A/BtpFIdVkwyGmB2zqqwk0doJrAsH3VStCDSYhxuqORvtHo3HmlwqJP7WSye

g7UDPo3zUlenCv7VJI2UyQ3e15X0A4nqlyWzyCCnXLKRFs48XBiUmbwUxhSVl/YMAuG8

t4yA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751705270; x=1752310070;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=9FXBZ2KzumckRUjyCCLZ3bD0TIwx6iyyCIPd6jSi3B8=;

b=ZA1/xjvB5RvBy+mEvlASsA/DNy5ZomiWiJOX2OLVo+co8pB638Jvq2SH5mcgLYM8N2

0ZgVao3BLHeBPMNUMCm0knti7ARkCnSOH+oXqIm8wmp/fnjqLWbkisTFzzUktya4D1/o

Rn3uXm+MUIym6czLkL5gPHBX4b8BE3GKnzaTsoRcGJRLPht2snUq8pgLTPiEP5Yr8d7j

kOwA8GtLUR/ddTFIRy82nvSwuVOwaAvZGinHJ846SOaTZK6TtuNOtoiKoneYovZgx8cO

dz9U/+mLYSie0CYnxHiUn/iMsigAfmhBL5Ti4Ex6vKEav6P3KVw6jdv0htSivIMgycfR

t87g==

X-Forwarded-Encrypted: i=1; AJvYcCWg1JksdmlllhMISxeLkdqm3MMyVMjeisScGA14+TeveL8P7QBpuFYIuPIga5ppMx/oHnmhNrM=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0Yx7Gqb8/gknXeSNpevvM9cc2lliFYv4mZ/0N6gXtGeJ7WlDsHTi

p9SNfSZfaws5yDnCbpOXLTfpM+IxDZwgTYR4mSFXLFFNtuqx6LbIUDWdGsWk6PtNkZLVE/oQR7H

HT0jhvDZXQsS3/uGr/MLdSxSHCVio8zk=

X-Gm-Gg: ASbGncvSarQRRN1uXd+R+aUJEX5SPCY+wkWvQxe/RieBNbvMouphFn6DyKrWPZjLKNS

zNML5Nptp/BbJy/R83tqDicSXv3M+Vi0DTe4FDojJOEk3IhWpsev2cedWHrF0DxxlOUc1D9gUWk

BhCg+xBq5LYUF2pwQ5m+WnVKngfbss9uFZBAlGk7tqfg==

X-Google-Smtp-Source: AGHT+IHJ58hpJw6iliTRYrX1niiUkH0FG//4AJyqgMw1U+Nhl6kB1/fJEE+FT7UaDADQ80eF3AKfe63ItNC0cpkokJU=

X-Received: by 2002:a05:6512:31d0:b0:550:e04d:2b66 with SMTP id

2adb3069b0e04-5565b6d6235mr1725231e87.17.1751705269899; Sat, 05 Jul 2025

01:47:49 -0700 (PDT)

MIME-Version: 1.0

From: Isunuoya Akhigbe

Date: Sat, 5 Jul 2025 01:47:24 -0700

X-Gm-Features: Ac12FXxU7Ev_pGS8aDjJgZyJJTh4RwXI_VHGshX_-iseYXb0aYujF5mp4HKqpCk

Message-ID:

Subject: =?UTF-8?B?4oKsNTAwLDAwMA==?=

To: jidanni@jidanni.org

Content-Type: multipart/alternative; boundary="0000000000005d174b06392aaa06"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- A mortgage refinance might reduce your monthly payments.

Or it could help you eliminate debt faster. Our experienced mortgage team

can explain all the potential advantages so you can make a smart d [...]



Content analysis details: (9.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.48 listed in dnsbl.ahbl.org]

[209.85.167.48 listed in dnsbl.ahbl.org]

[209.85.167.48 listed in dnsbl.ahbl.org]

[209.85.167.48 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.48 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.48 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.48 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.48 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

[209.85.167.48 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.48 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[isunuoyaakhigbe(at)gmail.com]

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.167.48 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.167.48 listed in sa-accredit.habeas.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.48 listed in wl.mailspike.net]

1.7 BAD_CREDIT BODY: Eliminate Bad Credit

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.167.48 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.167.48 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 FREEMAIL_REPLY From and body contain different freemails

0.0 FILL_THIS_FORM Fill in a form with personal information

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

2.2 FILL_THIS_FORM_LOAN Answer loan question(s)

Subject: {SPAM?} =?UTF-8?B?4oKsNTAwLDAwMA==?=



--0000000000005d174b06392aaa06

Content-Type: text/plain; charset="UTF-8"



--

A mortgage refinance might reduce your monthly payments. Or it could help

you eliminate debt faster. Our experienced mortgage team can explain all

the potential advantages so you can make a smart decision. We understand

where you are, and you can trust us to create a solution tailored to your

best interests. Choose loan terms ranging from 1 to 15 years duration,

Competitive

interest rates 2% with Low closing costsSunTrust Bank is a direct real

estate hard money lender. Direct Real Estate Bridge Lender. Fix & Flip, Hard

Money and Commercial Bridge Loans. No Credit Score Minimums. No

deposit collateral. This is hard money lenders in Texas that have no credit

score before loan approval. we just need your cooperation with a valid

identity to process your loan transfer documents. We are given a great

opportunity to borrow to purchase a new Car/new Flat/House, expansion of

Factory/Business & expanding on miscellaneous needs. We are encouraging you

to take a loan from our bank & pay later in installments with slight 2%

interest rates. No Credit Score Minimums. No collateral deposit.



In case you don't know how to ask for a huge loan from our bank?.

Present a Clear Plan: Explain how the loan will be used and how it will

benefit you financially. Professional Communication: Be polite, confident,

and respectful in your interactions with the lender. Keep It Concise:

Present your pitch in a clear and concise manner, avoiding unnecessary

details, I am given you 100% guarantee that as soon as you tell us how

much you need and how many years you intend to invest the loan, we will

immediately approved your loan because your name is among those we are

lending in 2025.



Include the following information:



1. Your Full Name:.:.........................................

2. Loan Amount:..............................................

3. Loan Duration:...........................................

4. Your Home Address:..............................................

5. Your Business Name:...................................

6. Your Business Address:...............................

7. Reason For The Loan:.................................

8. Phone Number:...........................................

9. Your Age:...................................................



We await your information to proceed with your loan documentation Via this

Email:William-H-Rogers-Jr@cash4u.com



William H. Rogers, Jr.Chairman and CEO, SunTrust Banks

WhatsApp-Number: +1 360 453 9464



--0000000000005d174b06392aaa06

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable






"gmail_signature_prefix">--

ature" data-smartmail=3D"gmail_signature">


gin-right:0px;margin-left:0px;color:rgb(61,61,61)">
roman, serif">A mortgage refinance might reduce your month=

ly payments. Or it could help you eliminate debt faster. Our experienced mo=

rtgage team can explain all the potential advantages so you can make a smar=

t decision. We understand where you are, and you can trust us to create a s=

olution tailored to your best interests.=C2=A0
gb(26,26,26);font-size:small;font-weight:normal">Choose loan terms ranging =

from 1 to 15 years duration,=C2=A0
;font-size:small;font-weight:normal;line-height:0;vertical-align:baseline">=

=C2=A0
:normal">Competitive interest rates 2% with=C2=A0
r:rgb(26,26,26);font-size:small;font-weight:normal">Low closing costs
>


61)">
ont-weight:normal;color:rgb(71,71,71)">SunTrust Bank is a direct real estat=

e=C2=A0hard m=

oney lender
gb(71,71,71)">. Direct Real Estate Bridge=C2=A0
ize:small;color:rgb(118,118,118)">Lender
ll;font-weight:normal;color:rgb(71,71,71)">. Fix & Flip,=C2=A0
pan style=3D"font-size:small;color:rgb(118,118,118)">Hard Money
style=3D"font-size:small;font-weight:normal;color:rgb(71,71,71)">=C2=A0and=

Commercial Bridge=C2=A0
,118,118)">Loans
lor:rgb(71,71,71)">. No Credit Score Minimums. No deposit=C2=A0collateral. =

This is=C2=A0
-weight:normal">hard money lenders in Texas that have no credit score befor=

e loan approval. we just need your cooperation=C2=A0with a valid identity t=

o process your loan transfer documents.=C2=A0
e:small;font-weight:normal;color:rgb(34,34,34)">We are given a great opport=

unity to borrow to purchase a new Car/new Flat/House, expansion of Factory/=

Business & expanding on miscellaneous needs. We are encouraging you to =

take a loan from our bank & pay later in installments with slight 2% in=

terest rates.=C2=A0
;color:rgb(71,71,71)">No Credit Score Minimums. No collateral=C2=A0<=

span style=3D"font-size:small;font-weight:normal;color:rgb(71,71,71)">depos=

it.


elvetica,Arial,sans-serif;margin-right:0px;margin-left:0px;color:rgb(61,61,=

61)">

lvetica,sans-serif;font-size:small">

le=3D"line-height:1.5">=C2=A0<=

/div>

iv style=3D"line-height:1.5">In=

case you don't know how to ask for a huge loan from our bank?.<=

/u>

serif">=C2=A0Present a Clear Plan: Explain how the loan will be used and ho=

w it will benefit you financially. Professional Communication: Be polite, c=

onfident, and respectful in your interactions with the lender. Keep It Conc=

ise: Present your pitch in a clear and concise manner, avoiding unnecessary=

details, I am given you 100% guarantee that=C2=A0 as soon as you tell us h=

ow much you need and how many years you intend to invest the loan, we will =

immediately approved your loan because your name is among those we are lend=

ing in 2025.

"line-height:1.5">=C2=A0
=


ace=3D"times new roman, serif">Include the following information:
>

  1. x;margin-left:15px">Your Full Name:.:=

    .........................................

  2. ttom:4px;margin-left:15px">Loan Amoun=

    t:..............................................

  3. rgin-bottom:4px;margin-left:15px">Loa=

    n Duration:...........................................

  4. =3D"margin-bottom:4px;margin-left:15px">
    f">Your Home Address:..............................................    <=

    /li>

  5. w roman, serif">Your Business Name:...................................
    t>

  6. new roman, serif">Your Business Address:...............................
    ont>

  7. es new roman, serif">Reason For The Loan:.................................<=

    /font>

  8. imes new roman, serif">Phone Number:.......................................=

    ....

  9. n, serif">Your Age:...................................................
    t>

erif">We await your information to proceed with your loan documentation Via=

this Email:
ow" style=3D"color:rgb(17,85,204)" target=3D"_blank">William-H-Rogers-Jr@ca=

sh4u.com=C2=A0


=3D"color:rgb(29,29,29);font-family:Helvetica,Arial,sans-serif">
=3D"2" face=3D"times new roman, serif">=C2=A0=C2=A0


"font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;margin-r=

ight:0px;margin-left:0px;color:rgb(61,61,61)">

;color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small=

">

=3D"line-height:1.5">

ht:1.5">

>

man, serif">3D""
tps%3A%2F%2Fci3.googleusercontent.com%2Fmeips%2FADKq_NZJLrbz7lvAbtFzqyWq1Cp=

Oy3FTSFz7f186xwy7spPAnyxCoT9aYfz9WjBSclj1ydq5QXepZrfxY626DdhGUNRjk0rF8ke77H=

KK2fRrMwYzaJJRlVk24lBwy8OIUKnqZYMxI51HEnu1CV9NqmmibFiszkba4EJ92sqVhavTlWsyw=

rSCp12UEzs_1zfW3HDFMFNuX0xgwyJrhQR47Z6DFQiOw4BlTfwP6ui2TvTgFAhjWmTJLQ0KJQMT=

NWmtJLHg9Qe9e6SL4udLtPgP5JzydLKowH7ty8kbyyM6fATYo5sTKSClRkDtRhRL1KpwK8PrLzY=

ICIY%3Ds0-d-e1-ft%23https%3A%2F%2Fecp.yusercontent.com%2Fmail%3Furl%3Dhttps=

%253A%252F%252Fglobalforum.wpengine.com%252Fwp-content%252Fuploads%252F2014=

%252F11%252Fwilliam-Rogers.jpg%26t%3D1749019640%26ymreqid%3D156e27d6-f209-3=

71d-1c10-52000601d800%26sig%3DSQd_SHV1qiHi6j2FCNdeeA--%7ED&t=3D17491027=

13&ymreqid=3D156e27d6-f209-371d-1c9c-af000a015300&sig=3D9ra51VLRPkD=

Iu_659GN9lw--~D" title=3D"" style=3D"outline:0px">
=


mily:Helvetica,Arial,sans-serif">
serif">William H. Rogers, Jr.


ont-family:Helvetica,Arial,sans-serif">
oman, serif">Chairman and CEO,=C2=A0SunTrust Banks


font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;margin-ri=

ght:0px;margin-left:0px;color:rgb(61,61,61)">

color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"=

>

=3D"line-height:1.5">

ht:1.5">

rgb(0,0,0)">


=3D"color:rgb(29,29,29);font-family:Helvetica,Arial,sans-serif">
=3D"color:rgb(136,136,136);font-weight:normal">
es new roman, serif" style=3D"background-color:inherit">WhatsApp-Number: +1=

360 453 9464


font-weight:normal">
=3D"background-color:inherit">




--0000000000005d174b06392aaa06--

Nigerian spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 05 Jul 2025 04:41:00 -0600

Received: from mail-vk1-f172.google.com ([209.85.221.172]:54672)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uY0K7-000000002j4-26Ey

for dave@doctor.nl2k.ab.ca;

Sat, 05 Jul 2025 04:40:57 -0600

Received: by mail-vk1-f172.google.com with SMTP id 71dfb90a1353d-5315ebfda19so534116e0c.1

for ; Sat, 05 Jul 2025 03:38:53 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1751711926; x=1752316726; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=OREkT/UPFWR3sqXmTo0fI1GzSFhcRxPRZAOX7NL7pEU=;

b=gtY0UBBpJnkS5Wm7sXbOQ96ymd/Zo64FVBFqnnW+AzSw4OP0lNScao0Y65Br7JosOM

kay0Sotm9UkfpNfwuV/uUkgTLt0JiW+Q1nlFbIaUSp5DMLV0i8SfCVmQbT6iWo4V4x9+

NRr5gcUjfabqJ3ofYoMIoi2Otm07iq2vZQBOxB9OicwXqRAUnBG8FquuM9JDCtR8cVTM

D541EhXfeeG97u9Ep1oISzSuMp02wl2yGlS4UUMXhhumWldmyZ4s5sEr4ZtxraYhMSUj

wjN+My3BKlTyx1LHKQ2Pj40eSYp2a5EUK9JyvojlMGzjrm0hfC8MO6P7rDsUuQW5Lo27

BTCw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1751711926; x=1752316726;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=OREkT/UPFWR3sqXmTo0fI1GzSFhcRxPRZAOX7NL7pEU=;

b=WSBSN1QcMs7fUWpCMLj6eAX1UXMj9Rkzj0rtVpIixo/5DMhDD0XfISEwdwt7mDH2ZU

47I2qUQ155We0T9mqA0IalM+JEREW12fR/cKNOOR9Q5Gjz6n/+iEB8Ibt7dnHbF6rq0e

WN52Fzwb3YbiueYuqGy/2YEECa3CNp+djtgO5miMe9GDmL2HBgVhD07+nxfKQR6bDFQg

+BaKIFM1NZL3WU/eaNVn0oGOwM3JB3sOF7ofSaBhTixasd4LOhiGNG53LsryTD1mAVhZ

YwRD1EvGXD6wqsWG9X6eVzMJPiL9VZ7EET4dHebCGUIWNuTLROfHLNmRgyS/AKQpjW6R

io3g==

X-Forwarded-Encrypted: i=1; AJvYcCX3fA0oe6ysZwuVK2Ni2/FKJ+q8wiH7sh7tkh2YlSGwF2JQwa/ssSUm8zq7ckaRpKoJ1uAH@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YwU59fEMF/KeHhNHjkJ2+mDgUMYn8BfFAo5hkT5SivwJFL0RJkT

H6coR5sqkMmFXw6nit+fE9pX6QroB5n6Tv0NXaUs7yoHU4rQNj3OhhiN0YrLui1xh55TWkr9I+Q

gQwt3eTDQ8kRrI80rGsh9lRDJE3wIS5k=

X-Gm-Gg: ASbGncsRBT0j9VTFBcL679gk6U1HnpI446YOPGKARbdx5jcacf/fo6VRRmpzdgGc2dQ

ttiNBU7z3/8a8KarU524YMoO3gE/ViVYMXoazvYMk4mem9M+F0p2BSDId6m7ctcRj4a27irgggk

xDyyD+OHT91vNCE7MnKY1ujtj6zHtec7lrnu9E9rHWiaJVKw==

X-Google-Smtp-Source: AGHT+IEk3EsLrRIFbJ2Z9aTQ17xZYgqqgml8rBOTQfL5C/umIyPxSeKkNI+LUYkN8OGXgwvz0sH7JwA3SRdtpmA8ZRo=

X-Received: by 2002:a05:6102:548a:b0:4e7:b728:e34b with SMTP id

ada2fe7eead31-4f2edfef718mr4211157137.3.1751711925534; Sat, 05 Jul 2025

03:38:45 -0700 (PDT)

MIME-Version: 1.0

Reply-To: mrshestherthembile580@gmail.com

From: mrs hesther thembile

Date: Sat, 5 Jul 2025 11:38:33 +0100

X-Gm-Features: Ac12FXyJMFYuPk83H6NMxj7mccZtplg1WwyE6plm1VFmwHBBKEaMtsFzTSDggvc

Message-ID:

Subject: Hello

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000012081006392c37dd"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 8.6

X-Spam_score_int: 86

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I am Mrs. Hesther Thembile, an aging widow suffering from

long time illness (Esophageal Cancer). I have some important information (Charity

Proposal) for you, Please reply ( mrshestherthembile580@gmai [...]



Content analysis details: (8.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.172 listed in dnsbl.ahbl.org]

[209.85.221.172 listed in dnsbl.ahbl.org]

[209.85.221.172 listed in dnsbl.ahbl.org]

[209.85.221.172 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.172 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.172 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.172 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.172 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

[209.85.221.172 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.172 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.172 listed in sa-accredit.habeas.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.172 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.172 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.221.172 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[mrshestherthembile580(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[richardclerk49(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[richardclerk49(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} Hello



--00000000000012081006392c37dd

Content-Type: text/plain; charset="UTF-8"



I am Mrs. Hesther Thembile, an aging widow suffering from long time illness

(Esophageal Cancer). I have some important information (Charity Proposal)

for you, Please reply ( mrshestherthembile580@gmail.com) for more details.



your sister in the Lord,



Mrs. Hesther Thembile.



--00000000000012081006392c37dd

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





I am Mrs. Hesther Thembile, an aging widow sufferi=

ng from long time illness (Esophageal Cancer). I have some important inform=

ation (Charity Proposal) for you, Please reply (
erthembile580@gmail.com">mrshestherthembile580@gmail.com) for more deta=

ils.

your sister in the Lord,

Mrs. Hesther Thembile.




--00000000000012081006392c37dd--

Trust Wallet Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 04 Jul 2025 20:43:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uXsrQ-000000003iX-3sRA

for dave@doctor.nl2k.ab.ca;

Fri, 04 Jul 2025 20:42:40 -0600

Resent-From: The Doctor

Resent-Date: Fri, 4 Jul 2025 20:42:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.aex.com.py ([190.128.226.6]:35200)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uXr4a-000000003yE-0VqL

for sales@nk.ca;

Fri, 04 Jul 2025 18:48:16 -0600

Received: from [192.168.1.42] (unknown [105.68.203.104])

by mail.aex.com.py (Postfix) with ESMTPSA id 66ADC7B1DEF

for ; Fri, 4 Jul 2025 21:46:05 -0300 (-03)

Content-Type: multipart/alternative; boundary="===============0463365303528699428=="

MIME-Version: 1.0

From: Trust Wallet Alert

To: sales@nk.ca

Reply-To: notificaciones@aex.com.py

Subject: =?utf-8?q?=F0=9F=9B=A1=EF=B8=8F_Important=3A_90-Day_Security_Verification?=

X-Spam_score: 12.4

X-Spam_score_int: 124

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Trust Wallet - Mandatory Security Update 🔒 Mandatory Security

Update



Content analysis details: (12.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.4 MISSING_DATE Missing Date: header

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[190.128.226.6 listed in dnsbl.ahbl.org]

[190.128.226.6 listed in dnsbl.ahbl.org]

[190.128.226.6 listed in dnsbl.ahbl.org]

[190.128.226.6 listed in dnsbl.ahbl.org]

[105.68.203.104 listed in dnsbl.ahbl.org]

[105.68.203.104 listed in dnsbl.ahbl.org]

[105.68.203.104 listed in dnsbl.ahbl.org]

[105.68.203.104 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[190.128.226.6 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[190.128.226.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[190.128.226.6 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[190.128.226.6 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[105.68.203.104 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

[190.128.226.6 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium

trust

[190.128.226.6 listed in list.dnswl.org]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_MESSAGE BODY: HTML included in message

3.8 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} =?utf-8?q?=F0=9F=9B=A1=EF=B8=8F_Important=3A_90-Day_Security_Verification?=



--===============0463365303528699428==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+Cgk8bWV0YSBjaGFyc2V0PSJV

VEYtOCIgLz4KCTx0aXRsZT5UcnVzdCBXYWxsZXQgLSBNYW5kYXRvcnkgU2VjdXJpdHkgVXBkYXRl

PC90aXRsZT4KPC9oZWFkPgo8Ym9keSBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNl

cmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZjJmNGY4OyBwYWRkaW5nOiAyMHB4OyI+Cjx0YWJsZSBj

ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJtYXgtd2lkdGg6IDYwMHB4OyBt

YXJnaW46IGF1dG87IGJhY2tncm91bmQtY29sb3I6ICNmZmZmZmY7IGJvcmRlci1yYWRpdXM6IDhw

eDsgYm94LXNoYWRvdzogMCAwIDEwcHggcmdiYSgwLDAsMCwwLjEpOyIgd2lkdGg9IjEwMCUiPgoJ

PHRib2R5PgoJCTx0cj4KCQkJPHRkIHN0eWxlPSJwYWRkaW5nOiAyMHB4OyI+CgkJCTxoMiBzdHls

ZT0iY29sb3I6ICMxZDcyZjM7Ij7wn5SSIE1hbmRhdG9yeSBTZWN1cml0eSBVcGRhdGU8L2gyPgoK

CQkJPHA+SGVsbG8sPC9wPgoKCQkJPHA+VG8gZW5zdXJlIHRoZSBzZWN1cml0eSBvZiB5b3VyIGFj

Y291bnQsIHdlIGtpbmRseSBhc2sgeW91IHRvIHVwZGF0ZSB5b3VyIGluZm9ybWF0aW9uLjxiciAv

PgoJCQlBdCBUcnVzdCBXYWxsZXQsIHdlIGNvbmR1Y3QgYSA8c3Ryb25nPm1hbmRhdG9yeSBzZWN1

cml0eSB2ZXJpZmljYXRpb24gZXZlcnkgOTAgZGF5czwvc3Ryb25nPi48L3A+CgoJCQk8cCBzdHls

ZT0idGV4dC1hbGlnbjogY2VudGVyOyBtYXJnaW46IDMwcHggMDsiPjxhIGhyZWY9Imh0dHBzOi8v

c2FuYWVsZWJiYXJzdGVhbXdvcmIxYzE3Lm15Y2xpY2tmdW5uZWxzLmNvbS9ocnVzdHdhbGwiIHN0

eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiAjMWQ3MmYzOyBjb2xvcjogI2ZmZmZmZjsgcGFkZGluZzog

MTJweCAyNHB4OyBib3JkZXItcmFkaXVzOiA2cHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsgZm9u

dC13ZWlnaHQ6IGJvbGQ7Ij7wn5GJIFVwZGF0ZSBOb3cgPC9hPjwvcD4KCgkJCTxwPlRoYW5rIHlv

dSBmb3IgeW91ciBjb29wZXJhdGlvbi48YnIgLz4KCQkJQmVzdCByZWdhcmRzLDxiciAvPgoJCQk8

c3Ryb25nPlRydXN0IFdhbGxldCBUZWFtPC9zdHJvbmc+PC9wPgoJCQk8L3RkPgoJCTwvdHI+Cgk8

L3Rib2R5Pgo8L3RhYmxlPgo8L2JvZHk+CjwvaHRtbD4K



--===============0463365303528699428==--

Godaddy phish from newdream.net

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 04 Jul 2025 17:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uXq4E-00000000DIJ-1yXm

for dave@doctor.nl2k.ab.ca;

Fri, 04 Jul 2025 17:43:42 -0600

Resent-From: The Doctor

Resent-Date: Fri, 4 Jul 2025 17:43:42 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vps65186.dreamhostps.com ([67.205.40.236]:33290)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1uXox3-00000000NBc-4AUD

for sales@nk.ca;

Fri, 04 Jul 2025 16:32:21 -0600

Received: by vps65186.dreamhostps.com (Postfix, from userid 6800630)

id 4bYpDc4lmgzbpGmZ; Fri, 4 Jul 2025 15:28:00 -0700 (PDT)

To: sales@nk.ca

Subject: Action Required: Please Update Your Payment Information

X-PHP-Originating-Script: 6800630:header.php

From: GoDaddy Billing Team

Reply-To: dh_u5m2dt@vps65186.dreamhostps.com

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Message-Id: <4bYpDc4lmgzbpGmZ@vps65186.dreamhostps.com>

Date: Fri, 4 Jul 2025 15:28:00 -0700 (PDT)











Action Required: Update Your Payment Method















Action Required: Update Your Payment Method






Dear Customer,



We attempted to renew your GoDaddy services, but were unable to complete the transaction due to a problem with your current payment method.



To prevent any disruption to your services, please update your payment information as soon as possible.



You can securely update your details by clicking the button below:











If you have already updated your payment method, no further action is required.



Thank you for choosing GoDaddy.



Sincerely,


The GoDaddy Team









© 2025 GoDaddy Operating Company, LLC. All rights reserved.


This message was sent from a no-reply email address. Please do not respond.