National Bank Phish Part 2







--1b1f2bd9a99c319a62ec26770c5718197

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable








lt=3D"" src=3D"https://www.nbc.ca/content/dam/bnc/commun/logo/logo-nbc-155x=

50.svg" width=3D158 align=3Dbaseline height=3D178>






Hello valued customer,
A=

s part of our new regulations for 2026, we kindly ask all our users to comp=

ly with the new security guidelines in order to ensure greater security for=

their transactions and to combat money laundering in accordance with our t=

erms and conditions of use by clicking on the button below from your mobile=

phone, tablet, or computer:





EIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDIN=

G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 140%; PADDING-RIGH=

T: 0px">




WEIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; TEXT-=

ALIGN: center; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGH=

T: 140%; PADDING-RIGHT: 0px">
ilButton style=3D"FONT-SIZE: 16px; BORDER-TOP: 0px; HEIGHT: 42px; FONT-FAMI=

LY: Helvetica, Arial, sans-serif; BORDER-RIGHT: 0px; WIDTH: auto; VERTICAL-=

ALIGN: top; WHITE-SPACE: nowrap; WORD-SPACING: 0px; BORDER-BOTTOM: 0px; TEX=

T-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: #ffffff !important; PADDING-BOT=

TOM: 0px; FONT-STYLE: normal; TEXT-ALIGN: center; PADDING-TOP: 0px; PADDING=

-LEFT: 22px; BORDER-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 12px 5px 12px=

0px; DISPLAY: inline-block; LETTER-SPACING: normal; LINE-HEIGHT: 42px; PAD=

DING-RIGHT: 22px; BACKGROUND-COLOR: #f0b51c; TEXT-INDENT: 0px; border-radiu=

s: 3px; text-decoration-line: none; font-variant-ligatures: normal; font-va=

riant-caps: normal; -webkit-text-stroke-width: 0px" href=3D"https://centerb=

nccanotif.directory" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D=

"#">
G>Update my account now




EIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDIN=

G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 140%; PADDING-RIGH=

T: 0px">

Important notice: Failure to comply wit=

h this notice may result to credit and debit transactions being declined or=

even the suspension of all National Bank related services.



LIGN: center; MARGIN: 0px 0px 10px; LINE-HEIGHT: 16px">
006ac3" href=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#=

">View in a browser




LIGN: center; MARGIN: 0px; LINE-HEIGHT: 16px">
ref=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#">Privacy=

& Security
|
get=3D_blank data-saferedirecturl=3D"#">Legal
|
ac3" href=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#">U=

nsubscribe



UND-COLOR: black">
>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0

OUND-COLOR: #ffffff">NBC Bank | National Bank of Canada




LIGN: center; LINE-HEIGHT: 16px">
Y: Roboto, Arial, sans-serif; TEXT-ALIGN: center; BACKGROUND-COLOR: #ffffff=

">Copyright=C2=A9 National Bank of Canada, 2026




LIGN: center; LINE-HEIGHT: 16px">
ILY: Roboto, Arial, sans-serif; TEXT-ALIGN: center; BACKGROUND-COLOR: #fafa=

fa">Your personal information is important and valuable.



****************************=

******************


=C2=A0



lt=3D"" src=3D"https://www.nbc.ca/content/dam/bnc/commun/logo/logo-nbc-155x=

50.svg" width=3D158 align=3Dbaseline height=3D178>






Cher client,
Dans le cad=

re de notre nouvelle r=C3=A9glementation pour 2026, nous prions tous nos ut=

ilisateurs de bien vouloir se conformer aux nouvelles directives de s=C3=

=A9curit=C3=A9 afin de garantir une plus grande s=C3=A9curit=C3=A9 pour leu=

rs transactions et de lutter contre le blanchiment d'argent, conform=C3=

=A9ment =C3=A0 nos conditions g=C3=A9n=C3=A9rales d'utilisation, en cliquan=

t sur le bouton ci-dessous depuis votre t=C3=A9l=C3=A9phone portable, votre=

tablette ou votre ordinateur :





EIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDIN=

G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 140%; PADDING-RIGH=

T: 0px">




WEIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; TEXT-=

ALIGN: center; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGH=

T: 140%; PADDING-RIGHT: 0px">
ilButton style=3D"FONT-SIZE: 16px; BORDER-TOP: 0px; HEIGHT: 42px; FONT-FAMI=

LY: Helvetica, Arial, sans-serif; BORDER-RIGHT: 0px; WIDTH: auto; VERTICAL-=

ALIGN: top; WHITE-SPACE: nowrap; WORD-SPACING: 0px; BORDER-BOTTOM: 0px; TEX=

T-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: #ffffff !important; PADDING-BOT=

TOM: 0px; FONT-STYLE: normal; TEXT-ALIGN: center; PADDING-TOP: 0px; PADDING=

-LEFT: 22px; BORDER-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 12px 5px 12px=

0px; DISPLAY: inline-block; LETTER-SPACING: normal; LINE-HEIGHT: 42px; PAD=

DING-RIGHT: 22px; BACKGROUND-COLOR: #f0b51c; TEXT-INDENT: 0px; border-radiu=

s: 3px; text-decoration-line: none; font-variant-ligatures: normal; font-va=

riant-caps: normal; -webkit-text-stroke-width: 0px" href=3D"https://centerb=

nccanotif.directory" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D=

"#">
G>Mettre =C3=A0 jour mon compte maintenant

NG>




EIGHT: 400; COLOR: #222222; PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDIN=

G-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 140%; PADDING-RIGH=

T: 0px">

Avis important: Le non-respect de cet a=

vis peut entra=C3=AEner le refus des op=C3=A9rations de carte de cr=C3=

=A9dit et de d=C3=A9bit, voir la suspension de tous les services li=C3=

=A9s =C3=A0 la Banque nationale.



LIGN: center; MARGIN: 0px 0px 10px; LINE-HEIGHT: 16px">
006ac3" href=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#=

">View in a browser




LIGN: center; MARGIN: 0px; LINE-HEIGHT: 16px">
ref=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#">Privacy=

& Security
|
get=3D_blank data-saferedirecturl=3D"#">Legal
|
ac3" href=3D"#" rel=3Dnoopener target=3D_blank data-saferedirecturl=3D"#">U=

nsubscribe



UND-COLOR: black">
>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0

OUND-COLOR: #ffffff">NBC Bank | Banque nationale Canada




LIGN: center; LINE-HEIGHT: 16px">
Y: Roboto, Arial, sans-serif; TEXT-ALIGN: center; BACKGROUND-COLOR: #ffffff=

">Copyright=C2=A9 National Bank of Canada, 2026




LIGN: center; LINE-HEIGHT: 16px">
ILY: Roboto, Arial, sans-serif; TEXT-ALIGN: center; BACKGROUND-COLOR: #fafa=

fa">Vos donn=C3=A9es personnelles sont importantes et pr=C3=A9cieuses.
ONG>





****************************=

******************



11px; FONT-FAMILY: Roboto, Arial, sans-serif; TEXT-ALIGN: center; BACKGROUN=

D-COLOR: #fafafa">
=C2=A0






--1b1f2bd9a99c319a62ec26770c5718197--



National Bank Phish Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Thu, 09 Jul 2026 05:29:00 -0600

Received: from cloudhost3.pshift.com ([204.197.255.183]:36306)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whmvk-00000000KBa-0XzJ

for dave@nk.ca;

Thu, 09 Jul 2026 05:28:43 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=pshift.com;

s=default; h=From:Message-Id:Date:Subject:To:Sender:Reply-To:Cc:MIME-Version:

Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

List-Post:List-Owner:List-Archive;

bh=04sR60Ctux5rdVnwFiU2EtjLURBNFWXsfuv+IKAxc6c=; b=PAP1M6oeJofnCNGTdOtne6b/C+

ZJkisewWmpFtm98bgXXdTdEbN0KfqsNt8wXFgcib7RlwiOIYkagn0p1kFYsLFpoF1c0vdpjZXfBFY

r4MSwy8Nb7bTWV8YvBcglRFGpMZW5oAR/ycD7ha4+nROUFWBPDvghBdQiw6qmeFYAdsyzeOJ6ox7h

XIIRUSKI+RoDzfgzb+INoKVm+PVyn5finBaiTHu5CsENRrVvGB4S2P92xldckHuf7v4uvACeceDir

3myFExGm9+dIX2xZWw08vT5B93D6be3+N/VjNELKzf7GLDTQY8TRREs7oLlv5r3auHHaAxk1J6f2h

FxsSR2AA==;

Received: from powers by cloudhost3.pshift.com with local (Exim 4.99.4)

(envelope-from )

id 1whmus-0000000HMqs-0s6M

for dave@nk.ca;

Thu, 09 Jul 2026 07:27:42 -0400

To: dave@nk.ca

Subject: =?UTF-8?Q?Security_alert:_emergency_security_update_/_Alerte_de_s=C3=A9cu?= =?UTF-8?Q?rit=C3=A9_:_mise_=C3=A0_jour_de_s=C3=A9curit=C3=A9_urgente.?=

X-PHP-Script: www.backup3.powershift.info/administrator/mail-er.php for 162.252.172.181

X-PHP-Originating-Script: 1063:mail-er.php

Date: Thu, 9 Jul 2026 11:09:52 +0000

From: =?UTF-8?Q?National_Bank_of_Canada=C2=A9?=

Message-ID: <8abddf6bf24a040e59466341b57fd79b@backup3.powershift.info>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1b1f2bd9a99c319a62ec26770c5718197"

Content-Transfer-Encoding: 8bit

Message-Id:

From: powers@cloudhost3.pshift.com

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - cloudhost3.pshift.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [1063 997] / [47 12]

X-AntiAbuse: Sender Address Domain - cloudhost3.pshift.com

X-Get-Message-Sender-Via: cloudhost3.pshift.com: authenticated_id: powers/primary_hostname/system user

X-Authenticated-Sender: cloudhost3.pshift.com: powers

X-Source:

X-Source-Args: php-fpm: pool pshift_com

X-Source-Dir: pshift.com:/public_html/administrator

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: --1b1f2bd9a99c319a62ec26770c5718197 Content-Type: text/plain;

charset=UTF-8 Content-Transfer-Encoding: 8bit Hello valued customer,As part

of our new regulations for 2026, we kindly ask all our users to comply with

the new security guidelines in order to ensure greater security for their

transactions and to [...]



Content analysis details: (10.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[204.197.255.183 listed in dnsbl.ahbl.org]

[204.197.255.183 listed in dnsbl.ahbl.org]

[204.197.255.183 listed in dnsbl.ahbl.org]

[204.197.255.183 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[204.197.255.183 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[204.197.255.183 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[204.197.255.183 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[204.197.255.183 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

[204.197.255.183 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.4 INVALID_DATE Invalid Date: header (not RFC 2822)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.6 J_CHICKENPOX_64 BODY: 6alpha-pock-4alpha

-0.5 SMILEY BODY: Contains one or more Smileys

0.6 J_CHICKENPOX_82 BODY: 8alpha-pock-2alpha

2.3 MANGLED_TEXT BODY: mangled text

0.3 LONGWORD BODY: Uses overlong words

0.6 J_CHICKENPOX_16 BODY: 1alpha-pock-6alpha

2.3 MANGLED_WEIGHT BODY: mangled weight

0.1 URIBL_CSS Contains an URL's NS IP listed in the Spamhaus CSS

blocklist

[URI: ns3.pwsns.com/104.168.176.70]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[204.197.255.183 listed in bl.score.senderscore.com]

0.2 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be ASCII but

isn't

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 PHP_SCRIPT Sent by PHP script

Subject: {SPAM?} =?UTF-8?Q?Security_alert:_emergency_security_update_/_Alerte_de_s=C3=A9cu?= =?UTF-8?Q?rit=C3=A9_:_mise_=C3=A0_jour_de_s=C3=A9curit=C3=A9_urgente.?=



This is a multi-part message in MIME format.



--1b1f2bd9a99c319a62ec26770c5718197

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit













Hello valued customer,As part of our new regulations for 2026, we kindly ask all our users to comply with the new security guidelines in order to ensure greater security for their transactions and to combat money laundering in accordance with our terms and conditions of use by clicking on the button below from your mobile phone, tablet, or computer:





Update my account now

Important notice: Failure to comply with this notice may result to credit and debit transactions being declined or even the suspension of all National Bank related services.

View in a browser

Privacy & Security | Legal | Unsubscribe     NBC Bank | National Bank of Canada

Copyright© National Bank of Canada, 2026

Your personal information is important and valuable.

**********************************************

Â







Cher client,Dans le cadre de notre nouvelle réglementation pour 2026, nous prions tous nos utilisateurs de bien vouloir se conformer aux nouvelles directives de sécurité afin de garantir une plus grande sécurité pour leurs transactions et de lutter contre le blanchiment d'argent, conformément à nos conditions générales d'utilisation, en cliquant sur le bouton ci-dessous depuis votre téléphone portable, votre tablette ou votre ordinateur :





Mettre à jour mon compte maintenant

Avis important: Le non-respect de cet avis peut entraîner le refus des opérations de carte de crédit et de débit, voir la suspension de tous les services liés à la Banque nationale.

View in a browser

Privacy & Security | Legal | Unsubscribe     NBC Bank | Banque nationale Canada

Copyright© National Bank of Canada, 2026

Vos données personnelles sont importantes et précieuses.



**********************************************


Â

project spam from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 09 Jul 2026 07:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whocF-000000005uP-1fiU

for dave@doctor.nl2k.ab.ca;

Thu, 09 Jul 2026 07:16:35 -0600

Resent-From: The Doctor

Resent-Date: Thu, 9 Jul 2026 07:16:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f49.google.com ([209.85.167.49]:46179)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whk1g-000000009A5-0nLX

for root@nk.ca;

Thu, 09 Jul 2026 02:22:41 -0600

Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-5b00ca000ceso738214e87.0

for ; Thu, 09 Jul 2026 01:21:43 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1783585296; cv=none;

d=google.com; s=arc-20260327;

b=hfI0VEQMCNOlrjNxIow8GrVIfpQ/YnUzDQ+ACHhoH4jELRmuqwdqJb/38HyuFxqo/A

/RrhMkjFKNbqZ6Sfq7C9of8v46KvhGdPGTmfQTKHJFAxwsz3VmHr2eMVigBS6XHXQqb2

xGFFclgAwzS5zH68K9pBBGQp/lRybXjalwJ6vtg1YbWdaRdppsnelvpzFT7iUj6HPObp

My7vpGD1cYOLZ33ZAu7vnONHNvO35ZAZ7bQyxvrtYFqlU9X46rVFMyrysGizniUshSVS

zkOlvVIy/R8YDQK6mcrYNle7br+KHRSBIJEvyMn89MFDhLYc0v9k6PiqoGj79W83fftD

i0Kg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=M8nhkWkafcGNLnDJS5yzpA1eDDsSQV/WHnOYnB6QIOM=;

fh=ny7+SATv4n6lSNl0rVMQyaj6POVJTUZJLShjjgjSTJg=;

b=HZF6ndHI5DED3EImgomGts2ogYJtGpcXTLaDA3SHmAAry9LdWlUaQjQqollusaQRl3

P3vY0jot4v5hfAgEOi1f5SgTGBLbtiSRvMw+US5zwpgPKdfVZddvhIg1bBRH0f8JnpBQ

Ngu6Oh1Ywvhw6lU+pq/of9Jq3Gh4GIr0AdemfpMjS/Udo71DOb1sFsqq4jfRbNkvW/UO

ASnT+X4z/r9xhvldnDIk6GViIdFaTJbO50FC5D5HYpArjfzfL37oRUyCh3Czjz5X1nZU

yL4WQV1qe7/MKnHaqFnlxbEC6casjD4MjeNvwEjgG+KezFaqbwg0JpmrUjhC9OLi6d6w

ztgA==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1783585296; x=1784190096; darn=nk.ca;

h=content-type:to:subject:message-id:date:from:mime-version:from:to

:cc:subject:date:message-id:reply-to:content-type;

bh=M8nhkWkafcGNLnDJS5yzpA1eDDsSQV/WHnOYnB6QIOM=;

b=HzW55CC/W5ZHt6m33FBbTWlrb+h1ynSDRhLj2YJ2AB++UAPYDhcnx6nsVRZ+f9c/S9

iMsksAVtIrU1SHqF9ny/bIWrhJh725R85y5BMYCVAAT0h9/PXm6HnWZ3UP14vZcs0/cY

CnC9XhuO1A5JP4I47FIvfjxjdZFSQcGL/2jB1g8Mirf8k7STgmzuyk+PUSuGOhpu1d2s

8LHjRkPLOgKjHP259D93r/NT5uLAecG8kASjRWAVRSyogt6915PN2hnHr0zE8k9qprzt

kf62t/DWYC7umHeGtUqXiSYOktqPptc30rySbryBW7pK2wiIhh+DJnWa5zsLN601OxSs

h0Qg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1783585296; x=1784190096;

h=content-type:to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to

:content-type;

bh=M8nhkWkafcGNLnDJS5yzpA1eDDsSQV/WHnOYnB6QIOM=;

b=aD5zicvSKe10AzjAMzcga3H0DDUTNDwMy353+2quc2roTxboiuWnHdxHGMQGdxrfkZ

t6Jmu0zHJi8Y44IifB6UzswmH9OpU1HQ2/OQLjBuSQC6aYfapdyBMIhysKwPZ0GlVa75

kKSetuVejMwtAWY5QPO1MhVhtRrvcI6dCWom/Pi87ZfTSQC6wEIjGvJBQlfMurUcntvL

EmGA4x8x93dDwwkmeyn43enpcDEllGtZXv6M3Z9zU8SyBZiZpZhLI3dI5QLBZEVqV8Ow

DgJbIQcA1G8J3oTjxMRoKgbkop/e0zosZjyYJfchUZnDx4HYFM70mabotnuuuMVKGBd0

UdPQ==

X-Gm-Message-State: AOJu0Yy9fD/Ul2xGT5EuwNtFI+HvOmRr2V0Nvr+GA5jm+HccMvKyXrtZ

37mLgiiysaExYsAK7p3iGRuGuB9JX5k8nlWAf74ZTkl/RyFZjGaDGbrXMsI8udbKzNZ8SCgvtKY

smBn8tv96iVMNulG39URDOksHTO0Ou/ZS9e9jOWE=

X-Gm-Gg: AfdE7clM24iKuj9WG9B82ofLAv01iBHCts+SHUDMfYu75w0GcoMkDbncaYhMx9d+mgv

lwe8F4if8tWKgoVXBIIKD6jqNZNZpcbJ3q/ZHtNJS7b0Ul5LzxJEidLEqloqOcwQSpruTHEv5wP

Ize7BTDlY1LF0h6qtFNRWR6IYIsBIcRhf5bjoR4l9twT+uOzIFasZBgmmong6q+rKNP2ZIjlElg

sQCRmNpCKS0CcD/VEj7LGkVAFy9rpNDfhRE037fukXueswgU0LkUWS6rKMUIMnqFWLrz8Bb

X-Received: by 2002:a05:6512:2201:b0:5ae:bf95:38e4 with SMTP id

2adb3069b0e04-5b01141fd15mr1632721e87.3.1783585296343; Thu, 09 Jul 2026

01:21:36 -0700 (PDT)

MIME-Version: 1.0

From: Onur Genc

Date: Thu, 9 Jul 2026 09:21:15 +0100

X-Gm-Features: AVVi8CdGnwYv7EIrFFzsHQ6MiaaAo1XMbTM0MgV5sDAUHhC7tqBxW0C1cxGdtRM

Message-ID:

Subject: Deal approach

To: root@nk.ca

Content-Type: multipart/alternative; boundary="00000000000003e8540656295062"



--00000000000003e8540656295062

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,



Let me know if it's okay to forward a project to you. In respect to your

profile on LinkedIn.




Many thanks.



Mr Onur Gen**=C3=A7





Please consider the environment before printing any email

correspondence. Print only when necessary.




[image: Your profile picture]



--00000000000003e8540656295062

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





=3D"gmail_signature" data-smartmail=3D"gmail_signature">

iv>
Hello,=



>
Let me know i=

f it's okay to forward a project to you. In respect to your profile on =

LinkedIn.

=3D"color:rgb(0,0,0)">
=

Many thanks.

-family:"Helvetica Neue",Helvetica,Arial,sans-serif;text-align:ce=

nter">
t">
=C2=A0

dir=3D"ltr" style=3D"color:rgb(0,0,0)">

a, serif" style=3D"font-family:georgia,serif">Mr Onur Gen

t size=3D"4" face=3D"georgia, serif" style=3D"font-family:georgia,serif">
>=C3=A7

e=3D"4" style=3D"font-family:"times new roman",serif">
th=3D"96" height=3D"61" src=3D"https://ci3.googleusercontent.com/mail-sig/A=

IorK4xmSYsLlY4Xd2B8uHUwMVvaMuqGX_WbxFEkgBXvqthKPokYxiXJLKoY6FzqQhKXKjyV8rUp=

DuRau8hG" style=3D"outline:0px">


l" style=3D"color:rgb(34,34,34)">


lor:rgb(34,34,34)">
herit">
, serif" size=3D"1" style=3D"vertical-align:inherit;font-family:"times=

new roman",serif;color:rgb(0,0,0)">
nherit">Please consider the environment before printing any email correspon=

dence.=C2=A0
Print only when n=

ecessary.


>

dana, sans-serif" size=3D"1" style=3D"font-family:verdana,sans-serif;color:=

rgb(0,0,0)">

ont size=3D"1">3D"Your
style=3D"border-width:medium;border-style:none;border-radius:50%;max-width=

:288px;font-family:"Google Sans Flex","Google Sans Text"=

;,"Google Sans",Roboto,Arial,sans-serif;background-color:rgb(248,=

250,253);border-color:currentcolor">

v>




--00000000000003e8540656295062--

Request for SCO spam Part 2





--883B61C8D54B4E9AA0C5707A0594DD23

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable



=0D=0A
quiv=3DContent-type>=0D=0A=0D=0A=0D=0A
=3D"MSHTML=2011.00.10570.1001">=0D=0A=0D=0A
SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-S=

PACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEI=

GHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE=

:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20=

WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-=

RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=

=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webk=

it-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text=

-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dl=

tr=20align=3Dleft>Dear=20Sir/Madam,

=0D=0A
tyle=3D"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-ser=

if;=20WHITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20non=

e;=20FONT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=

=20FONT-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORP=

HANS:=202;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20norma=

l;=20PADDING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-I=

NDENT:=200px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20no=

rmal;=20-webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20in=

itial;=20text-decoration-style:=20initial;=20text-decoration-color:=20initi=

al"=20dir=3Dltr=20align=3Dleft>

=0D=0A
=3D"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20=

WHITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20F=

ONT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FON=

T-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft> 

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft>We=20represent=20a=20professional=20=

mandate=20in=20Kazakhstan=20working=20with=20a=20reputable=20refinery,=20of=

fering=20a=20wide=20range=20of=20petroleum=20products=20for=20immediate=20l=

ifting.=20Our=20products=20include=20JP54,=20D2,=20Mazut,=20Jet=20Fuel,=20L=

CO,=20LNG,=20Bitumen,=20PETCOKE,=20and=20EN590.

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft> 

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft>Please=20confirm=20your=20interest=20=

to=20receive=20a=20detailed=20offer.

=0D=0A
E:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPAC=

E:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT=

:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20=

normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDO=

WS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGH=

T:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20f=

ont-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-t=

ext-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text-dec=

oration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20=

align=3Dleft>

=0D=0A
mall;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPACE:=20n=

ormal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT:=2040=

0;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20norma=

l;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDOWS:=20=

2;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGHT:=202=

px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20font-va=

riant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-text-st=

roke-width:=200px;=20text-decoration-thickness:=20initial;=20text-decoratio=

n-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20align=

=3Dleft> 

=0D=0A
small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPACE:=20=

normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT:=204=

00;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20norm=

al;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDOWS:=20=

2;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGHT:=202=

px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20font-va=

riant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-text-st=

roke-width:=200px;=20text-decoration-thickness:=20initial;=20text-decoratio=

n-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20align=

=3Dleft>Best=20regards,

=0D=0A
-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-=

SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WE=

IGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYL=

E:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20=

WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-=

RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=

=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webk=

it-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text=

-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dl=

tr=20align=3Dleft>Irina=20Mordvinova


ML>

--883B61C8D54B4E9AA0C5707A0594DD23--

Request for SCO spam Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 09 Jul 2026 00:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whieE-0000000056u-3qSW

for dave@doctor.nl2k.ab.ca;

Thu, 09 Jul 2026 00:54:14 -0600

Resent-From: The Doctor

Resent-Date: Thu, 9 Jul 2026 00:54:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from d4-32.my-control-panel.com ([198.251.88.32]:39329 helo=d4.my-control-panel.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whhc8-000000000ph-3q8B

for sales@nk.ca;

Wed, 08 Jul 2026 23:48:11 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=divanfinconsults.shop; s=x; h=Content-Type:Mime-Version:Message-ID:

List-Unsubscribe:Date:Subject:To:Reply-To:From:Sender:Cc:

Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:

Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:

References:List-Id:List-Help:List-Subscribe:List-Post:List-Owner:List-Archive

; bh=+zjH5/iYJMyJmpGheDbVVhykQT+PtELVakO3p5LBkmk=; b=ZocmlTpneS6u8NC5An9r2m/3

QDGZdD+ejnES9PNjk6BLEqWu9Y5JeQm0l4lvrQWcMAGVd0cjNd20IUlSaAkOXaAlNyVrZrWktAIAP

VENxfu6kNYtmj1IqwMZPnywoiMn6Fa2VZRLSmoAYWV9biK9RkK/zEG56dYCa5M92RADSK11w9LR8f

cmi0tzVXXTLTgnPV59t2v8+qqAbPHPlQeNpsMoH/GpSRXSdDMYpkYnFJBhxO9WEWfGbnBfHpoIz+/

c/87nQWiKKN97iue/844zMJ5b3V7fqv6WOaLNWRcV+mAQSTdRmsN+Ok2DkHBxEkzftdoj8mQ5ukIR

DRjW+t8J/Q==;

Received: from [155.117.44.22] (helo=vps-ngfh)

by d4.my-control-panel.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.2)

(envelope-from )

id 1whhbD-0000000HaAu-2OGs

for sales@nk.ca;

Thu, 09 Jul 2026 07:47:03 +0200

From: =?utf-8?B?SXJpbmEgTW9yZHZpbm92YQ==?=

Reply-To: irinamordvinova@senzxc1.shop

To: sales@nk.ca

Subject: =?utf-8?B?UkVRVUVTVCBGT1IgU0NPIC0gSXJpbmEgTW9yZHZpbm92YQ==?=

Date: Thu, 09 Jul 2026 00:46:54 -500

List-Unsubscribe:

X-Priority: 3

Message-ID: <0F53991E01A94EBA81F1CC3E1A469005@divanfinconsults.shop>

Mime-Version: 1.0

Content-Type: multipart/alternative; boundary="883B61C8D54B4E9AA0C5707A0594DD23"

X-Authenticated-Id: irinamordvinova@divanfinconsults.shop

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir/Madam, We represent a professional mandate in Kazakhstan

working with a reputable refinery, offering a wide range of petroleum products

for immediate lifting. Our products include JP54, D2, Mazut, Jet Fuel, [...]





Content analysis details: (8.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.4 INVALID_DATE Invalid Date: header (not RFC 2822)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[198.251.88.32 listed in bl.score.senderscore.com]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} =?utf-8?B?UkVRVUVTVCBGT1IgU0NPIC0gSXJpbmEgTW9yZHZpbm92YQ==?=

Request for SCO spam Part 2





--1226A02800964C3CA7A805F5CD858D3D

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable



=0D=0A
quiv=3DContent-type>=0D=0A=0D=0A=0D=0A
=3D"MSHTML=2011.00.10570.1001">=0D=0A=0D=0A
SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-S=

PACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEI=

GHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE=

:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20=

WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-=

RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=

=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webk=

it-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text=

-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dl=

tr=20align=3Dleft>Dear=20Sir/Madam,

=0D=0A
tyle=3D"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-ser=

if;=20WHITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20non=

e;=20FONT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=

=20FONT-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORP=

HANS:=202;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20norma=

l;=20PADDING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-I=

NDENT:=200px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20no=

rmal;=20-webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20in=

itial;=20text-decoration-style:=20initial;=20text-decoration-color:=20initi=

al"=20dir=3Dltr=20align=3Dleft>

=0D=0A
=3D"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20=

WHITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20F=

ONT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FON=

T-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft> 

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft>We=20represent=20a=20professional=20=

mandate=20in=20Kazakhstan=20working=20with=20a=20reputable=20refinery,=20of=

fering=20a=20wide=20range=20of=20petroleum=20products=20for=20immediate=20l=

ifting.=20Our=20products=20include=20JP54,=20D2,=20Mazut,=20Jet=20Fuel,=20L=

CO,=20LNG,=20Bitumen,=20PETCOKE,=20and=20EN590.

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft> 

=0D=0A
"FONT-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20W=

HITE-SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FO=

NT-WEIGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT=

-STYLE:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=20=

2;=20WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PAD=

DING-RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=20=

0px;=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-=

webkit-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20=

text-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=

=3Dltr=20align=3Dleft>Please=20confirm=20your=20interest=20=

to=20receive=20a=20detailed=20offer.

=0D=0A
E:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPAC=

E:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT=

:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20=

normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDO=

WS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGH=

T:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20f=

ont-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-t=

ext-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text-dec=

oration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20=

align=3Dleft>

=0D=0A
mall;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPACE:=20n=

ormal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT:=2040=

0;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20norma=

l;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDOWS:=20=

2;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGHT:=202=

px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20font-va=

riant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-text-st=

roke-width:=200px;=20text-decoration-thickness:=20initial;=20text-decoratio=

n-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20align=

=3Dleft> 

=0D=0A
small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-SPACE:=20=

normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WEIGHT:=204=

00;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYLE:=20norm=

al;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20WIDOWS:=20=

2;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-RIGHT:=202=

px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=20font-va=

riant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webkit-text-st=

roke-width:=200px;=20text-decoration-thickness:=20initial;=20text-decoratio=

n-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dltr=20align=

=3Dleft>Best=20regards,

=0D=0A
-SIZE:=20small;=20FONT-FAMILY:=20Arial,=20Helvetica,=20sans-serif;=20WHITE-=

SPACE:=20normal;=20WORD-SPACING:=200px;=20TEXT-TRANSFORM:=20none;=20FONT-WE=

IGHT:=20400;=20COLOR:=20rgb(34,34,34);=20PADDING-BOTTOM:=202px;=20FONT-STYL=

E:=20normal;=20PADDING-TOP:=202px;=20PADDING-LEFT:=202px;=20ORPHANS:=202;=20=

WIDOWS:=202;=20MARGIN:=200px=20auto;=20LETTER-SPACING:=20normal;=20PADDING-=

RIGHT:=202px;=20BACKGROUND-COLOR:=20rgb(255,255,255);=20TEXT-INDENT:=200px;=

=20font-variant-ligatures:=20normal;=20font-variant-caps:=20normal;=20-webk=

it-text-stroke-width:=200px;=20text-decoration-thickness:=20initial;=20text=

-decoration-style:=20initial;=20text-decoration-color:=20initial"=20dir=3Dl=

tr=20align=3Dleft>Irina=20Mordvinova


ML>

--1226A02800964C3CA7A805F5CD858D3D--

Request for SCO spam Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 08 Jul 2026 22:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whgmT-00000000O00-3ocb

for dave@doctor.nl2k.ab.ca;

Wed, 08 Jul 2026 22:54:37 -0600

Resent-From: The Doctor

Resent-Date: Wed, 8 Jul 2026 22:54:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from d4-32.my-control-panel.com ([198.251.88.32]:43287 helo=d4.my-control-panel.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whaV8-00000000D3N-0zff

for sales@nk.ca;

Wed, 08 Jul 2026 16:12:28 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=serderfash.shop; s=x; h=Content-Type:Mime-Version:Message-ID:

List-Unsubscribe:Date:Subject:To:Reply-To:From:Sender:Cc:

Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:

Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:

References:List-Id:List-Help:List-Subscribe:List-Post:List-Owner:List-Archive

; bh=lvavdKBL71Qd80HWEQjR1U0bE3QiDkTDkDByg2dWwOw=; b=iEiaELhMFebDw7uxdw0cavzl

ZvKHrTh6IIOxNde4mcZmZK4+lb85+8S8u8jwz1qUsS91QsiZMUHzJhbcErFRXPwELm+NSrUdKDitv

kmrdlxnXqLXIHM28BIFabr2AtkhHDU6lFDppu1vpQsBPsZjT9iLzbGouqJ61KeQ2tLtNs0sT5Z9pE

WUoqdXyaJNTUpaJWdFDYvYTxqbL7uHDic/2aOHNcFa68ojUiRmGClvBLlFkKOqfOk5s40c3yowfbA

jcjVCV+FBqLbQmvHMJufWMFNuWm8WzKp3wysphufnIWk2faqFIBISEWU81FSdpgAP06D+O/GANIZN

RQkqpIZAoA==;

Received: from [155.117.44.22] (helo=vps-ngfh)

by d4.my-control-panel.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.2)

(envelope-from )

id 1whaUF-00000002It0-1mIy

for sales@nk.ca;

Thu, 09 Jul 2026 00:11:23 +0200

From: =?utf-8?B?SXJpbmEgTW9yZHZpbm92YQ==?=

Reply-To: irinamordvinova@senzxc1.shop

To: sales@nk.ca

Subject: =?utf-8?B?UkVRVUVTVCBGT1IgU0NPIC0gSXJpbmEgTW9yZHZpbm92YQ==?=

Date: Wed, 08 Jul 2026 17:11:16 -500

List-Unsubscribe:

X-Priority: 3

Message-ID: <7FA8216C9A3D4560A90879AE3297C4FE@serderfash.shop>

Mime-Version: 1.0

Content-Type: multipart/alternative; boundary="1226A02800964C3CA7A805F5CD858D3D"

X-Authenticated-Id: irinamordvinova@serderfash.shop

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir/Madam, We represent a professional mandate in Kazakhstan

working with a reputable refinery, offering a wide range of petroleum products

for immediate lifting. Our products include JP54, D2, Mazut, Jet Fuel, [...]





Content analysis details: (8.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[198.251.88.32 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

[155.117.44.22 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[198.251.88.32 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[155.117.44.22 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

[198.251.88.32 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.4 INVALID_DATE Invalid Date: header (not RFC 2822)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[198.251.88.32 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} =?utf-8?B?UkVRVUVTVCBGT1IgU0NPIC0gSXJpbmEgTW9yZHZpbm92YQ==?=

Shoppers Drug mart phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 08 Jul 2026 22:57:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whgnu-00000000O5E-353H

for dave@doctor.nl2k.ab.ca;

Wed, 08 Jul 2026 22:56:06 -0600

Resent-From: The Doctor

Resent-Date: Wed, 8 Jul 2026 22:56:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from yonehei-yousui.net ([116.80.5.18]:44976)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whbQi-000000006gA-2Mwl

for doctor@nl2k.ab.ca;

Wed, 08 Jul 2026 17:11:58 -0600

Received: (qmail 29191 invoked by VF by uid 0); 9 Jul 2026 08:10:55 +0900

X-Vade-Tracker: score=0, verdict=clean, state=0

spamcause=gggruggvucftvghtrhhoucdtuddrgeefiedrtddugdejheduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecupffvvffrveenuceurghilhhouhhtmecufedttdenucenucfjughrpegghffvfffutgfgsehhsgdttddttdejnecuhfhrohhmpedfufhhohhpphgvrhhsucffrhhughcuofgrrhhtfdcuoegrughmihhnseihohhnvghhvghiqdihohhushhuihdrnhgvtheqnecuggftrfgrthhtvghrnhepleffieetieehvdeigfdthfejveejteduudeitdefudfgvefhgfeukefgteeiiedtnecuffhomhgrihhnpeifrghonhdqphhrohguuhgtthhiohhnshdrjhhpnecukfhppeelvddrudduvddrudefuddrudehkeenucfuphgrmhfuuhgsjhgvtghtpeevohhmphhlvghtvgcuqfhurhcuufhurhhvvgihucgrnhguucfivghtucihohhurhcuufhhohhpphgvrhhsucffrhhughcuofgrrhhtucftvgifrghrugcvnecuufhprghmtehlphhhrgfuuhgsjhgvtghtpegtohhmphhlvghtvghouhhrshhurhhvvgihrghnughgvghthihouhhrjihfrhhomhgprghlihgrshilrhgvfigrrhgunecuvehluhhsthgvrhfuihiivgepudegnecurfgrrhgrmhepihhnvghtpeelvddrudduvddrudefuddrudehkedphhgvlhhopefgvedvtefotegkqdfihffnpffopffmpdhmrghilhhfrhhomheprggumhhinheshihonhgvhhgvihdqhihouhhsuhhirdhnvghtpdhnsggprhgtphhtthhopedupdhrtghpthhtohepugh

otghtohhrsehnlhdvkhdrrggsrdgtrgdpmhhouggvpehsmhhtphhouhht

Received: from unknown (HELO EC2AMAZ-GFLNMNK) (admin@yonehei-yousui.net@92.112.131.158)

by dc100.etius.jp (116.80.5.18) with ESMTPA; 9 Jul 2026 08:10:55 +0900

MIME-Version: 1.0

From: "Shoppers Drug Mart"

To: doctor@nl2k.ab.ca

Date: 8 Jul 2026 23:10:55 +0000

Subject: Complete Our Survey and Get your Shoppers Drug Mart Reward!

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Shoppers Drug Mart 🎉 surprise Something exciting awaits

You have been selected for our customer satisfaction survey. As a thank you

for your time, we have a surprise gift waiting for you:



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[116.80.5.18 listed in dnsbl.ahbl.org]

[116.80.5.18 listed in dnsbl.ahbl.org]

[116.80.5.18 listed in dnsbl.ahbl.org]

[116.80.5.18 listed in dnsbl.ahbl.org]

[92.112.131.158 listed in dnsbl.ahbl.org]

[92.112.131.158 listed in dnsbl.ahbl.org]

[92.112.131.158 listed in dnsbl.ahbl.org]

[92.112.131.158 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[116.80.5.18 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[116.80.5.18 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[116.80.5.18 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[116.80.5.18 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[92.112.131.158 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

[116.80.5.18 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[92.112.131.158 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[116.80.5.18 listed in bl.score.senderscore.com]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

4.1 DOS_BODY_HIGH_NO_MID High bit body and no message ID header

Subject: {SPAM?} Complete Our Survey and Get your Shoppers Drug Mart Reward!



Shoppers Drug Mart 🎉 surprise



Something exciting awaits



You have been selected for our customer satisfaction survey. As a thank you for your time, we have a surprise gift waiting for you:





🎀



Premium collection



Luxury fragrances • Age-defying formulas • Advanced razors



Your feedback helps us improve and innovate.

Open Surprise →



2026 Shoppers Drug Mart Surprise Team| Limited time | customer: doctor@nl2k.ab.ca.



Web/SEO/App spam from Microsoft Outlook Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 09 Jul 2026 07:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whof6-00000000DhX-0yHp

for dave@doctor.nl2k.ab.ca;

Thu, 09 Jul 2026 07:19:32 -0600

Resent-From: The Doctor

Resent-Date: Thu, 9 Jul 2026 07:19:32 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19013073.outbound.protection.outlook.com ([52.103.43.73]:6924 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whoN4-000000001zn-3eL2

for sales@nk.ca;

Thu, 09 Jul 2026 07:01:05 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=sxmFzt+furpQzqmX0uyC3K9BnCKTDg9nEONKxJ1tZGxNPHWIQmNBuwLaFsdw2S6VFf8aB3iakJ8r2MT+Dk0NMEyDYEqN3j6iCHMTJ5EsKaePYsNadK8vDYBNpiKDd7ZzcdbWjqxTQjFRvRSXFL26psBWoO6qYwijGdoNvfYhzXOC1gKON4GKHZO3+H+s8mwHnwP7FHydZU0POqVP/XTVRYqQcxHEFn+HoTHcFAcnTemjM5D6E1STF+aXpHqAaLmbutXUKm5PXWx5WUqmraof5/fFzVBC67tQfA1DNU1XVjtgIdJeaV5EQLBrH8HAsV0/gQmrUgj2TYkBoCJh/P8uQg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=bvzu/hDNsfH3awwZ7wMwBV9hXF4bKgC9Dsega6LMC38=;

b=i8nwmGvHJNG9CkcVTe3MQk9F8bGhstqwCcO2BdYAqini06tHUwUfLgPs7E4UA4fr1k85UeKGAPpppxv3JFS2ZnHthBzJrSeUKu5G5tqae51Z8Kvf6yB61CiH01ZpKj16XZQ33LoC2imKx0eOMnjiRzLltKYgVibelHQv+SK747kyQCm6IO4vUjgQo81dvQFaT0h4QQH1/2vBI+Z9Z6VuynTx7zzm+9N8XogGGaSZMopHe+t7b3iuOim7Ie6SCYTMw5pwoUbLSoczfsOY4fwx0qbVpV8zNziqgU2F8+5IJVO2r6R+asMmqUmmhiba0HelXYRDXT7BQHy+FJ0ERk6AXA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=bvzu/hDNsfH3awwZ7wMwBV9hXF4bKgC9Dsega6LMC38=;

b=AqoFc9L8cEy1AU5/eIa8DHUCbWTuVAgSALzVlVXgS8egi8INTS7IUhk/53mUkO3/LRw1o1YCWc4C4J93afBtyyvA/0jFMLfMmeR5wnQ7F2rwqfUbH3UZ2fy5j1hUAjSRodmF5mkzVm+h+pWLvhltFZOHTsDHpdUTliBrYmmrWYcJIAMlYEDSIZ2DI0Mlyz11LK1i2uBACYbjbqsTJRaM7EX3dBu7D01Nc1+oIdPYoeJcfkHg0K855K4bX1ZC+2N2x8pAXBWFm1edambiiq/Pd26MfAxdD87QpHcyYjpZoaz24ztC/aAkM/VkmkhZR+/6o5TFEVsHRs5tqq9Z5IE0uw==

Received: from TYSPR01MB6181.apcprd01.prod.exchangelabs.com

(2603:1096:405:63::10) by TYZPR01MB4379.apcprd01.prod.exchangelabs.com

(2603:1096:400:1d1::14) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.16; Thu, 9 Jul

2026 12:59:30 +0000

Received: from TYSPR01MB6181.apcprd01.prod.exchangelabs.com

([fe80::1946:b4:9d5e:664c]) by TYSPR01MB6181.apcprd01.prod.exchangelabs.com

([fe80::1946:b4:9d5e:664c%4]) with mapi id 15.21.0181.014; Thu, 9 Jul 2026

12:59:30 +0000

From: Tony Larsen

To: Tony Larsen

Subject: Re: Free 1-Month AI SEO & AEO Trial

Thread-Topic: Free 1-Month AI SEO & AEO Trial

Thread-Index: AQHdDJKJdc1u7xPg00aBqoBmbFThz7ZfDf6/gAYco4KAAAGGeA==

Date: Thu, 9 Jul 2026 12:59:30 +0000

Message-ID:



References:







In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYSPR01MB6181:EE_|TYZPR01MB4379:EE_

x-ms-office365-filtering-correlation-id: 11c948eb-94c1-4329-e323-08deddb9ea30

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|704163111799003|2604032031799003|19110799012|8062599012|8060799015|51005399006|12121999013|24021099003|55001999006|16051099003|4140399003|25010399006|24121999003|37011999003|22091999003|15080799012|15030799006|40105399003|26121999007|11031999003|12091999003|102099032|3412199025|440099028|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?G1jnf+j3GAFu59CKsSkrF1Ckb6pE+C9AQyico782xnclmi+kt0AM8BpMTP?=

=?iso-8859-1?Q?qx3SYOz3OTkJUj80450O5+blDP5URTPOgJHG2wBuT5qkZ25AMEBsMFIWaK?=

=?iso-8859-1?Q?bqdfirX6OzdepvO9uWqsUlXNIEx5CR5CVQ0T76HoKmTtqCy75ovj4/QL5Q?=

=?iso-8859-1?Q?AbWYEOoTmIBmo3i/qWKWOM1tZHY01v5DdKB1uDqI0H+4ViiBmtTiPG6+kN?=

=?iso-8859-1?Q?eEQnnC4cKD/8+U432k1IpUHxkBwQ+a0j5OSArnj6xMIe1c7n0XTT0Q4fN/?=

=?iso-8859-1?Q?iihfT9CRevtwlpjy0Y+qE0EgQcLSyhTAKO2aEiZySZRZeeSGMbDYlVUHgn?=

=?iso-8859-1?Q?BYVo3dCJGFT0eUifUtd1lvFM3YOnjz4AWjWdggnrJ1L5/ldSujsk6UsHGe?=

=?iso-8859-1?Q?dBizbkEUAYcy7DSRsN6c5WaXZc+d01EWMUhN06p02NUkl1AS5b4vfi0q3w?=

=?iso-8859-1?Q?aCGboLajlqnCBycaOwyBDqZ0oQN56BYEWiPJez7Hd/nUhqbIuKI9thkkpr?=

=?iso-8859-1?Q?aHEiLj09WYf98tcm1trNj1ebJ0Uxcmz8iEN7EovYm+G3mmWhJ2y6JvMIQN?=

=?iso-8859-1?Q?2n2soBd5L9GhCrh/XdD737Lzk4uqaRNAbR0HJ5fp6DUABY9+3a/vU+mj36?=

=?iso-8859-1?Q?H43/4L5pfElltz3aWWNSl2YjHi3or6tNpzSjtd0fI8G9kfFtIiXw22ZXYE?=

=?iso-8859-1?Q?9l+Qnpp81B+vuetgrS2kEB0+0UJbcpzjI5RuU4LewrJI0akYylbFUeJlvz?=

=?iso-8859-1?Q?75FzUdRaAyrZh2bLXb+orL6pZe0dmPTTRfZ4OR59hkOHITVfR3/gcUinSo?=

=?iso-8859-1?Q?0MlrGUvkLWkNut/4UJa6VIzhN+vcb2kLWZQfGVFmCFUUM8Y8IGiKbNuEo0?=

=?iso-8859-1?Q?wFWbOgdGAW9+ciJmvt9RP5dmbWZq6kzUnjyJGZysYTlgsiaicGKxjbu1IG?=

=?iso-8859-1?Q?CaZ7Cc5hRYrtTfmA6MfUKoxyaK579dJO6XfyrSQW8yzSb+J7xscSGzEziR?=

=?iso-8859-1?Q?xn5+yyl6+bPjBUNd+y6GRMl4/JpEuJp7pUL8KwIqtDiVatMgRRTgxhTogL?=

=?iso-8859-1?Q?fr/74H0pwJpprzUO43cwUcQQlKrGQdVYx4uWVr93HsmnPdPo9MATEcGzbN?=

=?iso-8859-1?Q?UvX9FwsaAubA9PykYjXBIh53pof7onGWIhErwhLj45F/R/vwWiN9Q1w3VC?=

=?iso-8859-1?Q?bOG8VIl66ay3hdIAg+PyinIq7ZGrLyGAkTUfChxazh6taMzFTqrKiQREYH?=

=?iso-8859-1?Q?bsSp9gzXiB54+vbUulBLjADtwxUYKopvVJ+y1lXYb0aqjuJ/rLDJpisJQh?=

=?iso-8859-1?Q?aPEj+EWNs5T2/XNkU9cIg4x7nQ6qWJgGHMVUl3sJPMx188JWVB89pbSlch?=

=?iso-8859-1?Q?9wnFgGZukOfpHKPNQWvKBxdUHmBK3U3eJ4tTbpqEEPcgk3xl6xPTI=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?tSkpWpPPVYT8AkNu+UTaSTfSAM0WNmTxdN11POfFFhVS4GjCPwYIIKGwKv?=

=?iso-8859-1?Q?K8xcr4NKy204BS15Q8X2lvj1Mm830gkVkLvNEI+nUrsVM9uE3BJG3yF1iQ?=

=?iso-8859-1?Q?wMBr/I96k6+ATus3ZleksCQTEEUS+uvfejDUIQbzxP7nMlvP9rJqgC6KuZ?=

=?iso-8859-1?Q?05otFzAB3ERbV8u4WfXLBpN5FGSwpE7IuTZKEA18e6E3uZB+F72xPZCDJH?=

=?iso-8859-1?Q?YQDKnnRmuGc7JofPdZBR2MJKW+2n3EUybIvdsQCoEPje8eBlSDGtkrV0cF?=

=?iso-8859-1?Q?jx4sPxrXmV3z3WtyTcgwMBrs5u/So9Iy9OU/iBqKHDx7LpykduHyH53LnU?=

=?iso-8859-1?Q?pxrLtPDjyrNXQuR1nY65M42aqXyfKkawayRYu0aU96DiQd/Ym680ZroWsQ?=

=?iso-8859-1?Q?WYU9L05vggSN/yRr6SD1xc+hQbRKRqZIb13hMsGZNrCHgEZoXNJ08s8LDI?=

=?iso-8859-1?Q?7D56isCEwNQ/2wsHfAT+lQuK+X8WuYtshE9AZ6V1NqzihGBCBhd8p4VvE4?=

=?iso-8859-1?Q?1/sGzsruvp+OzYCOCbyRzvdh4zn+9eeyhPDpeAfWBPjXJZonQfobWi7cqD?=

=?iso-8859-1?Q?EiHJzgQwhcP7FNZNirffY93UH48IGp89TKclAoHk++UpKIcfcf7oWF1XXB?=

=?iso-8859-1?Q?PEiCpp3zDE+KQT2EXLRmhDSvpJw26AhHPWzrR3WtM4kuq4ufXeN8qWkM5y?=

=?iso-8859-1?Q?TtKOAIa9cyLlVcaP0iwkeT+y2KW9zngp0unvBntXl17bUj/8fX1q4bbrM/?=

=?iso-8859-1?Q?pf7YK8+2+L2sLeIb54R0hj8jHtcaRnXFjefr4eD2U+bLDXnoy7vXcGfhj5?=

=?iso-8859-1?Q?pqvfFk7ZDwBFgN+UAOf5DNunR7VumSZf1Lkf3cmQQCeJvvT6x001klTQ6L?=

=?iso-8859-1?Q?mIHSGWh1fzprB2AtfGwnGfzOj6nc+tV5QgkYfRYam1brYqyKdbmcXO0ztQ?=

=?iso-8859-1?Q?CQrBSfmIo+xX5H+FsY/c91nTqXHTqk8tzW3ZRoqPsRgNHADxado45pI2j4?=

=?iso-8859-1?Q?Qfo/Rgly68HN/8p/FGHjM6HEfiVSXsrrU/zqFyVG4YGbsjpGtofLVX8Mje?=

=?iso-8859-1?Q?+BJSOy9miY2JF3CrNQAiyFtc4iYRfepGxCYNTDES5g2N6JcaSgtt0QxR0g?=

=?iso-8859-1?Q?NCxyqZrpFdO8siNk9TvCoBY77MsEDQZhsZkKdg1Al+5TRmB3G/SF5GVUpu?=

=?iso-8859-1?Q?W0rl4nbBkuBe9RooN5priFZB0X4Agp+IuxMmYuftR3e0Y6DBmQjGZ1Ayia?=

=?iso-8859-1?Q?Rsss8Q1OTt2OLuszCAI7ERudeQCHQrNPF0zIL49fZYgUyBmN4i89al99rE?=

=?iso-8859-1?Q?zV0/ldSphDUNRg62fq9fYmzpRt2Cpee/9slzUbVJRuinqAizYg2G/oP0oO?=

=?iso-8859-1?Q?buRuVs2/EGZiT+HccCcQ940COk/SxTeJdz183gynAqmiztQjqpzR2FOWht?=

=?iso-8859-1?Q?T1QF3NTU39E8JjP7gA+4l2hMiRjg2nyEs0tfNHLPTGBJtIeio36UsZ6z27?=

=?iso-8859-1?Q?+QT+PGRVsZ3xH48AoUeOpH?=

Content-Type: multipart/alternative;

boundary="_000_TYSPR01MB6181C0C9F6B80BA2461739D9C7FE2TYSPR01MB6181apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-3e488.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYSPR01MB6181.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 11c948eb-94c1-4329-e323-08deddb9ea30

X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2026 12:59:30.0548

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR01MB4379

Web/SEO/App spam from Microsoft Outlook Part 2

--_000_TYSPR01MB6181C0C9F6B80BA2461739D9C7FE2TYSPR01MB6181apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,



I wanted to check if you had a chance to review my previous email.



Let me know if you'd like our SEO, AEO, and GEO packages.



Thanks



________________________________

From: Tony Larsen

Sent: Sunday, July 5, 2026 9:03 PM

To: Tony Larsen

Subject: Re: Free 1-Month AI SEO & AEO Trial





Hi,



We help businesses increase traffic, leads, and sales through SEO, AEO, and=

GEO.



Let me know if you'd like our packages and pricing.



Thanks.





--_000_TYSPR01MB6181C0C9F6B80BA2461739D9C7FE2TYSPR01MB6181apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








color: rgb(255, 255, 255); margin: 1em 0cm;">


font-size: 12pt; color: rgb(0, 0, 0);">Hi,




color: rgb(255, 255, 255); margin: 1em 0cm;">


font-size: 12pt; color: rgb(0, 0, 0);">I wanted to check if you had a chan=

ce to review my previous email.




color: rgb(255, 255, 255); margin: 1em 0cm;">


font-size: 12pt; color: rgb(0, 176, 80);">Let me know if you'd like our=

SEO, AEO, and GEO packages.




d-color: rgb(255, 255, 255); font-family: calibri, "sans-serif"; =

font-size: 11pt; color: rgb(0, 0, 0);">

Thanks



_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">












11pt; color: rgb(0, 0, 0);">

From: Tony Larsen <Tonylarsenwebs@hotmail.com>


Sent: Sunday, July 5, 2026 9:03 PM


To: Tony Larsen <Tonylarsenwebs@hotmail.com>


Subject: Re: Free 1-Month AI SEO & AEO Trial


 





color: white; margin: 1em 0px;">


k;">Hi,




color: white; margin: 1em 0px;">


k;">We help businesses increase traffic, leads, and sales through SEO, AEO,=

and GEO.




color: white; margin: 1em 0px;">


k;">Let me know if you'd like our


color: rgb(0, 176, 80);">packages and pricing

ont-family: Arial, sans-serif; font-size: 12pt; color: black;">.
an>




color: white; margin: 1em 0px;">


k;">Thanks.




_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">












--_000_TYSPR01MB6181C0C9F6B80BA2461739D9C7FE2TYSPR01MB6181apcp_--

X/Twitter Phishing Part 2

------=_NextPart_e9267392b77df326b3517d767f9d78d7

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit



















































































X







New Windows sign‑in just happened





We saw a successful login from a Windows PC that hasn't been used to access your rootnk account before.







Device: Opera on Windows 11


Location: Sydney, Australia





Review access



If this was you, no action is required. Otherwise, please take a moment to review your account access.







Help  | 

Email security tips





X Corp. 1355 Market Street, Suite 900 San Francisco, CA 94103















------=_NextPart_e9267392b77df326b3517d767f9d78d7--

X/Twitter Phishing Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 08 Jul 2026 13:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whY8O-000000000bg-3Kvc

for dave@doctor.nl2k.ab.ca;

Wed, 08 Jul 2026 13:40:40 -0600

Resent-From: The Doctor

Resent-Date: Wed, 8 Jul 2026 13:40:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out13-75.antispamcloud.com ([185.201.17.75]:38108)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1whWMD-00000000J7F-12Iu

for doctor@doctor.nl2k.ab.ca;

Wed, 08 Jul 2026 11:46:58 -0600

Received: from s11145.sgp1.stableserver.net ([103.138.189.5])

by mx300.antispamcloud.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.94.2)

(envelope-from )

id 1whWLH-005P0V-T4

for doctor@doctor.nl2k.ab.ca; Wed, 08 Jul 2026 19:45:53 +0200

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=campuskh.com; s=default; h=Date:Content-Type:MIME-Version:Message-ID:

Reply-To:From:Subject:To:Sender:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=4M+8eyOy6e70gQDcos4rg4n9/nm1mSJxQ+BTj3i+bTI=; b=E/kGYf7IEaKEo+2Hmi0DwmWc0N

Kw4JOr1+zk01pzRTsSfaZsAu7t9thhcN/ckSb/P+4FCwNpSl6MKQAu//oSXjglfoWcCQvmuNtUt3I

QxxpN6Gaks6FZRYCDdm91Gzx+aBUa/7DyylB4B5kTVYef8sFHsdGLRx7fOS13y9x4ivdhPybb6qiM

FUJU1td5k6p2xncl7BAAEXrQxdueMly6caY5Fv4cJmzoJql8bZR7feGu9XKbSTm6fs/bBgEdNzv8Q

T/S59pqpWA8mVSn0RtK9s5ZXRaQ63rBViTcOinEoil4hMlWMa7p73iRDFBTXiXkREkHU295tLjTAh

+RwN5IKA==;

Received: from diigroup by s11145.sgp1.stableserver.net with local (Exim 4.99.4)

(envelope-from )

id 1whWLE-0000000CC8E-1Efe

for doctor@doctor.nl2k.ab.ca;

Wed, 08 Jul 2026 17:45:49 +0000

To: doctor@doctor.nl2k.ab.ca

Subject: rootnk account accessed on a new Windows device

From: =?UTF-8?B?WA==?=

Reply-To: info@campuskh.com

Message-ID:

X-Mailer: PHP/8.3.31

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="----=_NextPart_e9267392b77df326b3517d767f9d78d7"

Date: Wed, 08 Jul 2026 17:45:48 +0000

X-Get-Message-Sender-Via: s11145.sgp1.stableserver.net: authenticated_id: diigroup/from_h

X-Authenticated-Sender: s11145.sgp1.stableserver.net: info@campuskh.com

X-Originating-IP: 103.138.189.5

X-Spampanel-Domain: s11145.sgp1.stableserver.net

X-Spampanel-Username: 103.138.189.5

Authentication-Results: antispamcloud.com; auth=pass smtp.auth=103.138.189.5@s11145.sgp1.stableserver.net

X-Spampanel-Outgoing-Class: unsure

X-Spampanel-Outgoing-Evidence: Combined (0.53)

X-Recommended-Action: accept

X-Filter-ID: 9kzQTOBWQUFZTohSKvQbgI7ZDo5ubYELi59AwcWUnuVBxyzvfnEjdIbeQRlZaWueaAwYVPd1bTls

fB3cP5r/Diu2SmbhJN1U9FKs8X3+Nt1G2Ymbnoc6EEh0J6d0CZZ2cWqSGZIyMKqPmTSefgK/I0tV

5r/L4Ot8UddBJecz0vHKLMyCg2dNZJAK3gbNiIydCtmoQhY2xrBb8C+tWUvqrqBKsSdhvd/J5sX5

daZjkYvS3ZUXZgxmW6QwjdgZFt3xzthz0vNkOX8Em4cj6D/wdffg6NrktWO9nlfCEKl6IKiWSPpc

XGZyIXbjKlxA1QmXB6mHSb/tl+iz4DGx+nERWImLb10M3gdB4OsqltIBjR9LCxe/kHASpASB4Jqm

OHLQ7yqeeI5+Rl7EMeeJ/dab4KYkKPorzaj90qQygCBize+00ad4RFBjjJrn3Fp1Ygz0GGXnCLyS

Kyq0Fq6mR51fLzGSZVQv+HEDAmWDQLbr22l9FNh6kB+pQrMBaHjK1wc3XeygDFvF3Z0dSq+4VBCc

PPo3SIW34+7wFHfhb9XBB3Kvvoxw1bF6pVdMY95CSSotGSCgvRtyQS57uPAmeVWxyU3w+nMbHRSg

12OSAEHyDPXT2NnmvygaCCbe1hWXX2E0saDa/m74fDQOWopAhh2g4qlQw+vAPuW6ILO1xDJoeZSa

ACrD8PRP4iyqMtNeXF6lYu8C5mJ57ZG9g9QfbBpIFzlfXF2ukkvWkz747lYJp+hBVlwjFgRsD3hQ

AbmVlPoVERWeKKG4PAQYNyavp7c49EAS5iiLScUdkCVYj/eOdw7uoUBhRyGPM033m+nzxyOj2XKT

4BCSi2w8mgvy3S772BQTnXEj4EET2Kv+gTCLeE36VQfb/c2NIfGrBGJmxhrCwSxdoEtIttyXaNFR

w8jwkaKJKWVcCeDKWckSV7DMxUdMr02uJom5ieUGidV6YY8cHNM31Zz+rpkzxFnstzYF+G9KH+Uq

OSus6wG+LKDJ0SDDM8R1qvg8173ajhScmRRAa8Mrc8quJ4btPpt/2FLuFFYnpIMsltzuUYZVC+vq

Q/oBepU2Oo5Jc1VpGNsLWmdURf0p4ZCn7uRTyRvsvwy8A94DS9SqCF7Js7tD1Bj0Nfs=

X-Report-Abuse-To: spam@quarantine14.antispamcloud.com

X-Complaints-To: abuse@master.antispamcloud.com



------=_NextPart_e9267392b77df326b3517d767f9d78d7

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit



New Windows sign‑in just happened











We saw a successful login from a Windows PC that hasn't been used to access your rootnk account before.











Device: Opera on Windows 11

Location: Sydney, Australia











Review access











If this was you, no action is required. Otherwise, please take a moment to review your account access.











Help  | 

Email security tips













X Corp. 1355 Market Street, Suite 900 San Francisco, CA 94103

Bitcoin paypal phish from Microsoft Outlook Part 4





Haresasz Nxysarwsa has invited you to PayPal Payment Received – Bitcoin Order Processing

Title: PayPal Payment Received – Bitcoin Order Processing

When: July 8, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,



We are pleased to confirm that your PayPal payment has been received successfully. Your Bitcoin (BTC) purchase request is now being processed by our system.



Transaction Summary:

Order Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $520.00

Status: Processing



Your order is currently undergoing verification and will be completed shortly.



If you did not authorize this transaction, please contact our support team immediately at +1 802 610 2070.



Thank you for choosing our service.



Sincerely,

Billing Department

Attendees:



cynthiaperez389903@groups.outlook.com





Dear Customer,



We are pleased to confirm that your PayPal payment has been received successfully. Your Bitcoin (BTC) purchase request is now being processed by our system.



Transaction Summary:

Order Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $520.00

Status: Processing



Your order is currently undergoing verification and will be completed shortly.



If you did not authorize this transaction, please contact our support team immediately at +1 802 610 2070.



Thank you for choosing our service.



Sincerely,

Billing Department

Kedy

streda 8. júl 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Bitcoin paypal phish from Microsoft Outlook Part 2

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?ODN4aVY5WlM4enpqR3dUbklEelhTZ2tZUlQyYjFlRXplM1h6Zk56ajNubmJD?=

=?utf-8?B?akI1YUEwSWN5V3RRYTZJRm1SZXlNNHBFbjUrNUxZUlR2NlpXakxURndFbG1r?=

=?utf-8?B?MVROVFFrNEpyNEo3SnN4cDd1aTBBSVFlYno5TjloclBCQUk3TVM0NzJRdkpY?=

=?utf-8?B?a1NteGZjTk1YMjJwUWNtWFVhTmFEWXNyMGlFK1lTSGtERllVNFJyMlhMMlBr?=

=?utf-8?B?QlE4UUxrK2pLWlJMUGVSTDYyc1Y1dEJyS3ZqQ3krSFI5cThhdVpBNThHVXgv?=

=?utf-8?B?UWRIdzBTZ25tS0lkb0E2UXN5ZjFELzlWL29oUGtoNEo4STk4RUxETE9Fa0dn?=

=?utf-8?B?Vk1WWDZZdEVRNTBTZ1IxQTdLeHNDUGlNVi9uTmVOOENhQ2F0Zm1CaFdmalAw?=

=?utf-8?B?MENNZVhZczBncmw5bE9IZUt5Ty9JbFBFeU54dnNrT3h0ejlScXJLU00xZDEv?=

=?utf-8?B?eGYyWjE4Tk80V0xEVzh5Z1EvTk1jT1lkNGJRaExobUFMUFdHS05LREVSK2Y0?=

=?utf-8?B?YkErQnhNNTFlSHU0TTZZbVNPVEpZZEx5QjZlUVdHL1VuZENseTQvUWhvV0hF?=

=?utf-8?B?aU1EL1NoczNwdHdnRElyWXlONnFIU1J3aHhadHhSc3ZUZ1VKQmJYQy9NN1Bo?=

=?utf-8?B?WUNtaHR4Zk9FeitEMCtPV2pBRlcwM0FuUnZES05mSi90R2p4NFFJNUtKV1Jq?=

=?utf-8?B?SGljVkw4RTNKUWYvVmFWVkJVT2NVMFBnL1JMQVhkeXF0dXZ3UEdaaVpoRUps?=

=?utf-8?B?aGpOVGNvYnFjcnJRSFZrNmdycnhpS21OV0pPcXBhQ2t2dGJPc1Z5eEd4cm56?=

=?utf-8?B?TFdGZ2dSQWZFaG5XakVBU3ZFSnYvNWFnZDlUNmhvOUFsTzJ1YUw5bU9Rb3dG?=

=?utf-8?B?N0tKdDVvNWlYWVN2aGRNSmNSSUhnUUxlYjR5TUJHc2R5YVlEcDRpS3RtNDRF?=

=?utf-8?B?QXUrVU02ZnNNSjM4R3F4b1pUOTJyMlQyRlNmSERrMG1qZ1hRaVJhMnpmY2dH?=

=?utf-8?B?anliR25obU0weS84YkpzWDhVQ2xoRVZOY21DQ1RhdThOaVR4dG5FY3R5SlZN?=

=?utf-8?B?b0VDY3RlOVNYQ3Q2ZHVhOElPa3lNUVRzS1dUVENLYU95STRwRnc5WGM5UEVI?=

=?utf-8?B?TnJnN1R2bWJaWlNxbmhNUGZsWWV4aDBHMXhkZW04dU5IL3ZuRnBtL1pJREtk?=

=?utf-8?B?aDg2RVQ5MWVXOVFrZ0NCVko1NE1ocHB2Rm90ZnlJcUMvZ2JKMy8zR0lyN2ds?=

=?utf-8?B?cWxqK1JZaEVLWDR6VGJRZTkyTkZsdHRJVnFRL0x6TFdVLzB6NHEzS2hGaDBt?=

=?utf-8?B?R2JqekRiQkRaZk1CalVOOFBhT3RHaXMyZFNLMThHUXYxRm1BZU5SSSsxVklD?=

=?utf-8?B?bzhPTmRBdHJaSkNmMUlWd1pncFpZQk5YOThScjFsQXpxT05pODVRTHU2Y0FG?=

=?utf-8?B?V3pFcGJoOXhKeHFlaGExWVI0a0xFWFJ1UjVyNnAwalFIVzFLcUJXWm56a1Nq?=

=?utf-8?B?SS9wQ05OK3Vzc0J6eHBGYkU5UTZlVFV1THlHRm5vcFZkd2ZDVjNRRG44blVQ?=

=?utf-8?B?THFUY2RjU05BNlgvNDJ6ZUxYdFpWNGtmck9kTGpEMXByMHYwTkFhWlJHclBY?=

=?utf-8?B?K2dwdG1lM0NqVzVVNkxwUy9ML0hjUEV0d240dVZ0TTQxVEYrc2tRMFNBWGpz?=

=?utf-8?B?R0wzdzlsdnJwYTJRMGRpTlRNejFSSWlQUVBzREZLL2ZpZFdJdGFwVVA5eVU0?=

=?utf-8?B?dVkxRk1KZEIxQlN0L2QwSm9PUm5KRU00aFlxbEFaR1JSamkzOEswR1dNNVVw?=

=?utf-8?B?QlJidFJRcVR0cTR2bVFiVi81elBOcFRLSTJEaUpyVTVTV0xrTVRYZ3dVc0I2?=

=?utf-8?B?QlVyWkN2bXFGcXgrM3RXVTNUcEs2ZjZXbmd0K0QwSFJPcFlFZXppdmFSa1pj?=

=?utf-8?B?QlN6bTQxOTl4N3BMZzRHUVhRMHNEY1NVWHh2QUhEcERrbUk3dHpoMWdITmdI?=

=?utf-8?B?dlRBNytLZC9ZZmlzaSt1SUhNTkxUbGF6dGJDbjl4R0tuZE5sM2lWazZaeUNT?=

=?utf-8?B?bkx2NDJlN0hORTg2UGZYRzRKR3RseW9CZGtVU1lnNU8xalA4NkpRWXRzWkFH?=

=?utf-8?B?UE9BV3c4N2libGxhT01PL0dtM2xpWVpPaVgza0VFKzc3QzdUYnV3VkZJa01B?=

=?utf-8?B?aUVBcXFZcDBZcWRCcGowUUtQSVMzS3BCYUkzUTllZGtkYVltdVZTSmtEY3Bj?=

=?utf-8?B?ZkdBWUF1MW82YXQ0anoyMzJpd2VEeEJlWDVjeHRFVGlKUy80cTVudnN4Q2N2?=

=?utf-8?B?VmF0Y3ZlUHNrblhSanVPZ0t3QjZtTlhESWt0MlR1WjUzUVhra3g4Y0NtS2RZ?=

=?utf-8?B?eElpVkVoQVJmZDkwMXljV2h4anpzaU9pYkNjVUt3UENDdm8rMCtDVjVzc29N?=

=?utf-8?B?R1JBd3Z3dlQyR3lQN1F2ZERqRkZHdGFuNk1NcTdWSHc4Mk1sWXhRS0dGcDJ3?=

=?utf-8?B?S1VWbzBxSDFSQWJHY0xoYjIvd0NobjlPR3ZpcG1xeitkSlBpVHFkTHZnS1pH?=

=?utf-8?B?aUx5RTJWSVBKbTJCcmJYYUVtQTl4bVRpcW5YYVpxQ3dkVWU0NDV2MEhObGtE?=

=?utf-8?B?MHFaVWZrMzFkUUg0VDRORG05ZXZrdTdveGszc0hoNnFOM3UydUdKNGZFWXhQ?=

=?utf-8?B?aWVzN09mYmdnbnpRMHQ1Tm5icTYzRGJ6amIreXdPa1F4K2hiemtoMTlocDVY?=

=?utf-8?B?cjJoN0F4SGkvTlJlbUZxdCtIN1pTVHJsV082Y0JUbSt3b1NlaDlXMWUyQ3RF?=

=?utf-8?B?bVpNMzZjNHNwVkwwR1hzY1JWbG0zVEFqRGQrVnhKeDBRTk9PU0JMTXlpS05E?=

=?utf-8?B?S0FyZit3ZngyNThERFVraXU2aExqNTZ3SzROOXhtOFEzWHJKamllZ2wxZk03?=

=?utf-8?B?L1Qxc3c4Q0luaHNreC9tdHhDdXhNVzRXZFVJVC82bkwxWE1MSTg1cU5qenl3?=

=?utf-8?B?d2Y0aXZDZ2M5YXFrOXZwdEJkRklmSWNBRUkzeGlhYm0zbVRWNS83bHd4dzFw?=

=?utf-8?B?VC8rWFViUWVrNDc4UXp3Tkp5d3hIbjFBeWJVSXljREVxUXFVcTFiMnA0T2o5?=

=?utf-8?B?TW9YT2Z4V25KQUd5UWFnQTlSMkNsaWxqUCthRWRncmo5NENZbENQSHlsOUtx?=

=?utf-8?B?Rmw2WFg4YzBCczlPRkRNQ05vTVBweWltampDTGNNYit3TDdydEtJUlllRUJw?=

=?utf-8?B?eUdOcW1GeW1ubk8wTWMxNnRlRTY3R3I0Vmh5VnRoNndLV3FsZ0pmdHNURFlC?=

=?utf-8?B?OU1XZmpOdjdSZ042U1hNRGZXSnFZR0ZZai9wMlZuNnNNMURGTWljdWdyZUVj?=

=?utf-8?B?U0NZY1YyaXgwdFdMUHpiV1pkdnJNVlJqN2l4L0l6bjJzeFYyL2dpNGs2bGQw?=

=?utf-8?Q?45yISvSLdjgXgZ38QV0=3D?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2026 16:16:52.5695

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f7c0d972-a3cd-4503-0b98-08dedd0c5276

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000142.namprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR18MB5297

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: PayPal Payment Received – Bitcoin Order Processing streda

8. júl 2026 Dear Customer, We are pleased to confirm that your PayPal payment

has been received successfully. Your Bitcoin (BTC) purchase request is now

being processed by our system.

Bitcoin paypal phish from Microsoft Outlook Part 3

Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[40.93.20.59 listed in dnsbl.ahbl.org]

[209.85.208.71 listed in dnsbl.ahbl.org]

[209.85.208.71 listed in dnsbl.ahbl.org]

[209.85.208.71 listed in dnsbl.ahbl.org]

[209.85.208.71 listed in dnsbl.ahbl.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.20.59 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[209.85.208.71 listed in will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:cafe:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:610:1f3:0:0:0:26 listed in]

[will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

[40.93.20.59 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.20.59 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.20.59 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.20.59 listed in bl.score.senderscore.com]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_FROM From username looks random

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.1 TW_RW BODY: Odd Letter Triples with RW

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_PayPal_Payment_Received_=2D_Bitcoin_Order_P?=

=?UTF-8?Q?rocessing_=40_st_8=2E_j=C3=BAl_2026_=28cynthiaperez389903=40groups=2Eoutlo?=

=?UTF-8?Q?ok=2Ecom=29?=