Nigerian Spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Apr 2026 06:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDM7q-00000000McQ-38pP

for dave@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 06:47:18 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Apr 2026 06:47:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f48.google.com ([209.85.219.48]:48221)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDIzC-000000008Cn-1ptk

for doctor@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 03:26:20 -0600

Received: by mail-qv1-f48.google.com with SMTP id 6a1803df08f44-8a0323830beso62553166d6.0

for ; Thu, 16 Apr 2026 02:25:22 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1776331516; cv=none;

d=google.com; s=arc-20240605;

b=BlrY16JsISW4t1qGvY0UL9s1AM4XBfvA6gn3w5BGvwzTbtJJccYvU42zJg/gUvHBoW

Se9JygL9WHKUMxVZY0veqADU+WmHS5M9o1bytzXTTRKKfpRRTMTCkAOxEV73I21/JyLx

cRopH3HkAd45achbv9xgGsHp5HlG27BM35Q2W7J6rrZOUhpG1au2+o7sME9NIxtcTGvb

FQct6B/Tomz7pKgOM/ICVMSqan62aDPXMS/NbCi15p+Sx3ukg1BlcvG0RDvNvF0m7/eO

rOSziyxhbEi2kOL38WSieVCObFDufDMSyd83DFmiCcTktBaMcGo/rIF3FKBWsdVmoUHG

OnFg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=+8QOm29wqTXXk6QpIpGAA4wRdnbKo0ttWhHJXUBEV2U=;

fh=gvoCMyF2v2TB0u4UdX11NQ5LabT9G95y3m9Q6YofHb4=;

b=hMcr0WgxqRC3nJme4RN/n/DEsuz5U7TQAqAzzAIlRjUluRVcxD34+FDXIe/BIePGi1

JAglgpVoOxnREJOmaqMw8wOeQ72eq4/tyWxs+723VqUErhe4JVdMEwJUSMolCSI4vEtC

3xKK7KMrmci+HvnFakOZfTbNJAuzOvmX9H5Pa10OrHTYsqJyfYlpUoJiIUsJDvDeondo

HBY/jNFFShgA92YjjQjGHX+w3vDABzQPwyb2viiPUyS32DdM0NTcbPRKkatgGtdfpT5D

aBnlnmI5wOnOiRFpeiPDJwYRA8HZJL2dz97PDLEiF6i+CwAVZOZGPFQkC/2h5MD+azA4

UCHw==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1776331516; x=1776936316; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=+8QOm29wqTXXk6QpIpGAA4wRdnbKo0ttWhHJXUBEV2U=;

b=YT00XBJQsGyMPeXT2bRgBdE0oMKht3aSKaN5mScTysp1JLvkW+UnJhFR1twJouC1F+

IaMVrPditbTVjL68fKu0TrOCCB4oPQkrBwnvrr6owoIQdMcWRmZnsgnDiMYCvoe2WicQ

HO53i31OAKX9yR5xSBJmwnX7Q9ZwwJsOKwB3LcqAnGbiHcXNIhjgw6N7uZKcuMWV6kVa

2ZP8eBnKyiYPQ7KI/ig/KwduUyuk30qRuvNtk1lBy+hrzgOW2sa77oMwV0QAC6CQEi8w

JbkZg4CIpbzyJtVLURPFa5yY1WJONpN6rRJdB5eHHlNWhnmhXpZMb23yMcns8yvuTLe4

whKA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776331516; x=1776936316;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=+8QOm29wqTXXk6QpIpGAA4wRdnbKo0ttWhHJXUBEV2U=;

b=Sk2YNcmivX0pW73HV8Q1TZlqBw0r63oZceT7EX/7MatDXUq6aOm+yz0i0RTKPDcXCK

6SceuzEgooEquh2CrjwrwOcIWgptArt6SdEasnp64WXF6z3KoPhuMDdX9Tzk58idC9XH

t5U4H0AFmnBDgAj0/JYISUx6Kwz/KZJq3pBuCxiNHKFEfk/gQ9x+PkiTCvjXgLXvcg8j

mvC35GpZPq/EfQzvnoRQQGcvoUQFaJGLbAFhlvrYSszEBw9GSYH5eYJt7dCAs/t+gvux

3QxbWiCcd2bCAWiaWYvEHfZvsNbRejFcFtJtm98NaZuDlIPJ+mChu2pFEgweQkQc/cEk

0nVg==

X-Forwarded-Encrypted: i=1; AFNElJ+busdGc0jtBicgy+O0d9FXXvW+bWNvkBuVC9uMzUBW3d0jc7wlNWjT/hZNhRVqGZFMKO7U7mY=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YzSURv/Msn2+csasjCEspF3Qlih9ejB8AMs08hVhG3hMTMpXTK5

FQe1ZqkpgcdRQKLJTFoU4ERwba5bi61+BNUIz4INPTPiDhOymQB1DJylBw2Nisuo89+beSqKad7

OGTT/5Ed/tjcl1Ho1GnIKqrM1kynPEZo=

X-Gm-Gg: AeBDietXszOqrQPGVzVG9YhQTX+ma53b+m7H414E4LvgzLtCkLcXxovDdS2rFCPzdfC

T1yGVdkahNk1aMEaq9+PBbKBCPrjg9c4LwIwIQkf3l3PPs6fLWoi5nEOizEuEmBr5iJPiwuhJus

/n8YwQixZd4D+XDFRn/CMUJVCmG0GoNp4qbc0zgznayrb3Fr9OrhA2duLNjQeAr2buciZz415Rb

kpvnAFpdZJu2794RPK/5MvbTZKLw72hZEX0KqR7vNytJecUIqQzOgfeGcMpFnZEvevnVLvSoGhu

SPWKlqIfG/xkkBHZKPPZS+ftSzK2OwCD/HrRPr99MP2dGIWLWtJlqYa4

X-Received: by 2002:a0c:f116:0:b0:89c:e371:2b3d with SMTP id

6a1803df08f44-8ac86220211mr349848556d6.45.1776331516184; Thu, 16 Apr 2026

02:25:16 -0700 (PDT)

MIME-Version: 1.0

From: Henry John

Date: Thu, 16 Apr 2026 11:23:27 -0700

X-Gm-Features: AQROBzDYM4Rp_pgE8L8fIEZd1_PKjjDNcgbaGwlK0r5Gr0HEAnIE5vTguM8E_5s

Message-ID:

Subject: Re: Proposed Representation

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000068d4d064f9069be"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 16.9

X-Spam_score_int: 169

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear friend, I believe you may be a family member of a late

client who left an inheritance. Please get in touch with me immediately for

further details regarding your potential claim. Please kindly reply to mingmu

[...]



Content analysis details: (16.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.48 listed in dnsbl.ahbl.org]

[209.85.219.48 listed in dnsbl.ahbl.org]

[209.85.219.48 listed in dnsbl.ahbl.org]

[209.85.219.48 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.48 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.48 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.48 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.48 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

[209.85.219.48 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.48 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[henryjohn12090(at)gmail.com]

0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[henryjohn12090(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.48 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLY From and body contain different freemails

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Re: Proposed Representation



--000000000000068d4d064f9069be

Content-Type: text/plain; charset="UTF-8"



Dear friend,



I believe you may be a family member of a late client who left an

inheritance. Please get in touch with me immediately for further details

regarding your potential claim. Please kindly reply to mingmui09@outlook.com



Yours truly,

Mr. Ming Mui.



--000000000000068d4d064f9069be

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Dear friend,

I believe you may be a family member o=

f a late client who left an inheritance. Please get in touch with me immedi=

ately for further details regarding your potential claim. Please kindly rep=

ly to mingmui09@outlook.com
>
Yours truly,
Mr. Ming Mui.




--000000000000068d4d064f9069be--

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (5.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.43.50 listed in dnsbl.ahbl.org]

[52.103.43.50 listed in dnsbl.ahbl.org]

[52.103.43.50 listed in dnsbl.ahbl.org]

[52.103.43.50 listed in dnsbl.ahbl.org]

[2603:1096:101:192:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:192:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:192:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:192:0:0:0:6 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.43.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.43.50 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.43.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.43.50 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:192:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

[52.103.43.50 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.43.50 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[rahulkumarwebs254(at)outlook.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[rahulkumarwebs254(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.43.50 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} May I send you a quote?



--_000_SEZPR01MB57706539EEFC90EFD93E8F03EE232SEZPR01MB5770apcp_

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable



Hi,







Do you want more targeted visitors on your www.nk.ca website we can place y=

our website on the 1st page of Google,







If Yes, May I send you a quote?







Kind Regards,



Rahul



--_000_SEZPR01MB57706539EEFC90EFD93E8F03EE232SEZPR01MB5770apcp_

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=

//www.w3.org/TR/REC-html40">




>








break-word">




;Cambria",serif">Hi,




;Cambria",serif"> 




;Cambria",serif">Do you want more targeted visitors on your www.n=

k.ca website we can place your website on the 1st page of Google,
>




;Cambria",serif"> 




;Cambria",serif">If Yes, May I send you a quote?




;Cambria",serif"> 




;Cambria",serif">Kind Regards,




;Cambria",serif">Rahul











--_000_SEZPR01MB57706539EEFC90EFD93E8F03EE232SEZPR01MB5770apcp_--

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Apr 2026 13:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDSKI-000000003ST-2MHT

for dave@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 13:24:34 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Apr 2026 13:24:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19012050.outbound.protection.outlook.com ([52.103.43.50]:30354 helo=TYPPR03CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDR7A-00000000Piw-3MBb

for sales@nk.ca;

Thu, 16 Apr 2026 12:07:06 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=cTZ4Qepth/bYfJXZV9tU2+O3KI5tuC5uoDksETxoIrglY5OT9wKFiIMwWvpNkhXbJHtL/bhIMH6mnyteU7oMg/z6YF0wfPHzmv57DQC/Snx2Sy6kkJyvYFKPeXFbNf1bC7EZ7OMKHlrq0mm1fob9pep35o9BhYmfUEXQMkfTE2YzNn8mf0TtGF6s4rOD3TrhHdB3wOJenN0QALgGPhoBSXBTohQhsSC+VLcNMmzVyS28+S/OdqIK/BJN2Bg9hmrqzpdKdo+MG3qINweuGtmyCIXchSXHfv0nMp85kxxY+U9VYzViikGmBu+aan8Jb1z40ph2LuANSDD7cjiPMcberg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=9b8lT7x1M450+dfSmZlSY33fBL5Cf/j3abdYFh7ieUQ=;

b=LK0l5xq//0eRdGSQy+WGLDnB39CNegw6fnzFzEKl9TCu5666BFEivBy65uMaud5dgAwylqLe1Ieu1t8QmwipXcmqd2KlhXVlRQMw0IadehEdbirrGdr/ZmFmMJlvoDhWINZ3AJewqdQpdQzwaXqZ4thUi4CNfCqN/Q3OPposvaTbh7S7YsFe9ybsbM9RZVMErzbrowih7C+5yiB7rRadr7leUv+QRJFx+/w47USwFYuhQ3n9U4BvceuBNbX0uellG0geVK5B+rZDL5tfJkO2qS4ecHXTyul/BUbfogxc7nM/Lx6zZZkI9XglGq8qOwrLYC9o14w0bjBZ/uLTHsGIpg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=9b8lT7x1M450+dfSmZlSY33fBL5Cf/j3abdYFh7ieUQ=;

b=pF8WiICFoy+YS/64n1O12yWrosdyDkQ8q3n9jzbJR0sY3owBzSpDLy8FjdKIxaXckxh1/LGKdxHg63wOMx0diO1G+KbWHbvu0HoQ270L0au2DHy5gO41y3wSSGap4GefYHdyZ6pvE0vRquikjrIEzg/b2gc1+j+L0LeY0tqBtFhhWsnO1Sm7LZo7kYg19Tu4or+xZ7jH49lmfE7xd1rgk6Y7aRhyNwWS2mxS1M40SMT+VXJtnd7EJbkZlkcxyF4JW299nGw0jCrLBItH9D8tMAG5Jbk/Z+Dc7yr2b3SP6N1LoE0eBL+iQyu4d8r0OGu2FKLf6Ld3NU7ByPHuun55UQ==

Received: from SEZPR01MB5770.apcprd01.prod.exchangelabs.com

(2603:1096:101:192::6) by SG2PPFFB82CAF0F.apcprd01.prod.exchangelabs.com

(2603:1096:f:fff6::463) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Thu, 16 Apr

2026 18:05:59 +0000

Received: from SEZPR01MB5770.apcprd01.prod.exchangelabs.com

([fe80::a473:a25d:910f:a400]) by SEZPR01MB5770.apcprd01.prod.exchangelabs.com

([fe80::a473:a25d:910f:a400%5]) with mapi id 15.20.9818.023; Thu, 16 Apr 2026

18:05:59 +0000

From: rahul kumar

To: "sales@nk.ca"

Subject: May I send you a quote?

Thread-Topic: May I send you a quote?

Thread-Index: AdzNys0ZiJL5LSr3TgObZLJT61HMWA==

Date: Thu, 16 Apr 2026 18:05:33 +0000

Message-ID:



Accept-Language: en-GB, en-IN, en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB5770:EE_|SG2PPFFB82CAF0F:EE_

x-ms-office365-filtering-correlation-id: ed3d5be3-a9aa-4375-1a5b-08de9be2d04a

x-microsoft-antispam:

BCL:0;ARA:14566002|461199028|704163111799003|20031999006|31061999003|2604032031799003|24071999003|19110799012|8062599012|8060799015|15080799012|39105399006|2604032081799003|13091999003|22091999003|24121999003|37011999003|1602099012|40105399003|4302099013|3412199025|440099028|10035399007|102099032;

x-microsoft-antispam-message-info:

=?us-ascii?Q?HpOhbaU1PCdwIny3CEd5n15MF0As2UCYTEx8ZdyX0mCvrWyU9i0aZ0RAMwDn?=

=?us-ascii?Q?cyM4yJmnCLiXs8wcbCha7YB/fMkR3CCDuvKoHFWxQepFQgy1xRFcY0WpcpfL?=

=?us-ascii?Q?Uew73+YtHHz9vurNTBn5DM42ORSja6xd8B7n/i11x0Z88P/rhPb+5t0bMQbc?=

=?us-ascii?Q?i8qYAYLAMTIcD/Omv5fjaFfQsigaOjK51o39wB2EpnqVJpr5Wy7lM4KYWQQL?=

=?us-ascii?Q?S0Csj2UjHBT1rcqbRkYFk1MmqJ8oUTVh/+FB9qZ0YA60PSwc0dyQXhC/izNj?=

=?us-ascii?Q?jqL7YxgWsRQ6dVHt8I1Ew9YyDERGSzdaYTivbbQXJo1beXcBax86/KcaKhQx?=

=?us-ascii?Q?s4wHYPM1zsewxXukL4HrNWlMBZMB2yw7aZ8z2XVTRaV7gPGaqldnX1bEFDkU?=

=?us-ascii?Q?G9zvf4McwgLEzZvJwCJTMhCZi1fhri5DOrmqZNCiPM3qySMf/T+vVTsCpBI2?=

=?us-ascii?Q?4HAGe6PVyGimbY1YuHRQBKWBUY/uJD9h/TB+CODKDH7RQc+Ge9FDMD+cN8I+?=

=?us-ascii?Q?4YGuXa0eG3YFVyN4TYHlVvRZAs92sZ12WxHl0tglGCGOVA3xlYHJ9oaZCLay?=

=?us-ascii?Q?fQA+s0zCUuCOZtQSCQe/Ik8IELvKX8RJL11YEgnnzkQDYP0GogfCKKyhARr/?=

=?us-ascii?Q?XiPtieIGm1DFkun7LHdQprG1wfZoNKWhJIaWRaKxVgyB6ADgQRBwWSEppUg8?=

=?us-ascii?Q?LSLOrFiDadSwvyqkV87lWML43T4mNncB86rsudhlKq2kuPZZC0KX9y2+Ok4U?=

=?us-ascii?Q?G9KHyEE0O2o/cTf0VAz5ppx02gpJ5g1m1kQw+O2N3HawpldrJPqcmIv8K6GN?=

=?us-ascii?Q?A7jhdffjHzPlipCaSVKldYy7fCZ4SzpEQAJGaNiPAUYwX6qSZg0M07gmEZzb?=

=?us-ascii?Q?/uF5auDwOwtsxkCUNDk69RGfe5G8GB6/9deO3XiL78wMfh/2qbhvC6uXHTdQ?=

=?us-ascii?Q?uUBzKmMtooQBGo6l9FYMmHH1Dvoshl0myhCqE4OVknSRTRtnl+Y1o4U9Kkz+?=

=?us-ascii?Q?QF3m/DeK/x/NP8Bp6nQgThTRMIym4JRuJH8tSDdbDxvPWclnIw3UI3G+3GE8?=

=?us-ascii?Q?M59OSITv7MAyXBH6somnspFhduyLVomMA6EIJbk86qSful3c5f7g5Z5E7q7A?=

=?us-ascii?Q?tJiGncxiPN1Gu6nFekZYjQLw08N58gIt6vH0cpSK5/RLxpw/yd/wSTv2EnJR?=

=?us-ascii?Q?sZQrXukW5WIxleW3xL4BSc5E5Qxcxo8ook07FSo/Ulu3M+oc2llBvHw62iUV?=

=?us-ascii?Q?2T3u820YKjcGqHHy5wleBWAqM+ZZy06Ikb3y3p6+b1qeTGJl4g6ddmgSVyOc?=

=?us-ascii?Q?g/TSDffmK4afaMEFy+3byLs5jXO0lRrBwRSyi8XPwBo/jgOg4uZIPJYv3b90?=

=?us-ascii?Q?SSCAYznKbRuww1z5r5qjAWO2ena7H7nXnu2bVrdmrPYiN/qXYNPHMnWHJDwq?=

=?us-ascii?Q?lxL09ICs4jPKYvjgu6Z4JbrVXBLanwIVvU/08h8vQoz74aPdf0GnT9+UPVDw?=

=?us-ascii?Q?57jHwthe8SHmZu2pSEPpL0bOsnO868fWQ0aZHG0tY7ara1fmFbH89SOYXJLB?=

=?us-ascii?Q?nurfN/8np/X4tviTgCzLMSlhp8SLZCSIL86Uo0ZpcMrOSVJleToS5Nx7NLy7?=

=?us-ascii?Q?yNXBK5pWiMwpReXqLspBMk3wxrtxHQNZDCSJZLqHbEHfay3GTJAFUnHvjvOr?=

=?us-ascii?Q?uvs3y+SUuIJqjuocuOMIP4A3B9WO5we4g3Vbkf3+OPdQxnjMLOSYjCm4NWKr?=

=?us-ascii?Q?tFeSr5Xc/6io6dFBYaZlRzL/Swgx7iP1jNbZt+LJ2K6cHqwR84mJuhs4k8bu?=

=?us-ascii?Q?wUoS5VlW9SEqcKaWvfI3ILZJauzNc0SceVJ9QPA3W9JLBIqgjvu/mv20cOJ3?=

=?us-ascii?Q?wbyXPKRfj2N5NBCZ7DMcO0uJxG56H4bk4sSrxryna4YVupaS0+W5urKzz4C+?=

=?us-ascii?Q?uP54QPXrM0opifyRayuF3KQoRmYYJ2sycoISBVwjJx0=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?us-ascii?Q?SqWGuWi2agRUVaFtiX+ivo7eoeDsnwlumDvDaEKKcuxuJmlUkl8vZ/NiDI0/?=

=?us-ascii?Q?b9U/4gxeAL4K7YtWhaPNNwRd76Qp+LtWfdEg9jKOiLtg+AVgmKJQfZJaE5Hr?=

=?us-ascii?Q?7jnXMEvM7W+Zbw+MzSC7D1qQBpNm3XWbY/Wdo3CGDIsOrLXysrTmgN5q4hoU?=

=?us-ascii?Q?sMPH9L8T5fUg40C/dbyNAv3r//Yj+FZBDktHIa7KV8g1jpq/Rj2j3C87QKnG?=

=?us-ascii?Q?vp2DUIN3oork9jdPCRgJbWngSiVWlOB7k9ISq3xrcBEz9AxoRRJwLhj9p0NX?=

=?us-ascii?Q?H6XZudkQsfvTJKI6meJY9CZ+bpSKszVHGGjFc2svDegfH6oMUtU/aZVMsoa4?=

=?us-ascii?Q?IQFZNgiQtE19oWO4w78OmCdPZ2s72y955DRJZd/3/nqwbpKayP7o4CTQoGmT?=

=?us-ascii?Q?xey13JToxK9ZxQKxHW8eCGJTjzuIeWv+xRe28rdzED93i6hVYXypeXMr/x4v?=

=?us-ascii?Q?I2jO2aj4Y4RmoimLwMEZAQXogzurKGtZBnPcnu8d/ZZ07c4WCkG4x20L7prJ?=

=?us-ascii?Q?WmZmj0ituzDfRl1cdKXhHnU5art7AXw6LOKfxRvSXHZ2am30f2BZXsZKV8uJ?=

=?us-ascii?Q?zQ0qOLf2m62/WhNLI97gnTmC3y0I5ebuJHQQFZriEK/HpU/Di4dC/caSw21l?=

=?us-ascii?Q?ZeAXYP753oFZqg8nehzlb1+sMBCImSo5hi2CeIDkWi28f2Jwfn21FgqZEBdu?=

=?us-ascii?Q?3vlcdpVgFx2iLkHmD1cys612fIGxPovmyglZ0KZLB5vk7iitAlgd7hsE+MFf?=

=?us-ascii?Q?sNueknJllSpJUJPR6dfDrG/+d5sItGPyyOEHnowE2ASGRjP3HAEAIKvFLDPp?=

=?us-ascii?Q?upu9klqD33/6lNoQz4F15/cKTKqKsirwpeXLQvxYVrqCERo3CueYu09fv/Ai?=

=?us-ascii?Q?Edgak5DoYQLISloScICpZGvLT/H66510k0mCDIC2d9NFXpHeIi5Aa3DiAQv6?=

=?us-ascii?Q?nrJVs8HQZAwLxClrIA0TIaa+PEHDAKrIjpDC4DmWr3wYf5Kj+WRejr4paYdb?=

=?us-ascii?Q?wPGCA2QLJA8mp64i1hrqzybFW2LcVBNgGYcnAp51hq1iJbU1zHg1fa4T/R5I?=

=?us-ascii?Q?DX1E+mGKw4Mg1sMWTiXb9Y+Yjw+hTKRsP6bWn7Hoxq5ygLd3QGaZKEJoB4tu?=

=?us-ascii?Q?qZdoIzc4NeaZM3fSJGtDTQ71+yUO5szKFPSTW8Nd/9NLz4ATL0i7w/4uLhPM?=

=?us-ascii?Q?YZjVtxY84pSq2Ckf2+hubR6jAm1IKl3lnWlIBs9noBquBUNWZdACORqMVs/y?=

=?us-ascii?Q?Ku4IsJY1o9Sfwwxxg2bCgYA1bP8l586maM4e+m8p4GKs9a1r3ti1JJFgjFzx?=

=?us-ascii?Q?3AUK+LE7ZO4UJ3AbJ3F1sSlmD1JDry9KVYmyFdPQkRq7lEHmvpxTcllv+695?=

=?us-ascii?Q?OHuXipoCegDeVDR4ZwvRFT+bdRl2WaFFcwFZ1tzD7/f7Kq28IiGUg0/wsh1U?=

=?us-ascii?Q?lC3r/Qk3dW567OYe8Lenu6NZDV7BDgrvg+qfEmpTWt9NRfuPUYGTlJoJKks4?=

=?us-ascii?Q?D2W4sIs2oHpvm0J+ZWTaZR7FUlB5ol0tm1T6hB0NdmZPwoedecQeMx0P+ogZ?=

=?us-ascii?Q?Z5Nng+5lkD22t7F9i0zMt8vbd+Uhzoo9jBUw8Th9MAL5I2RxDxvGbA36CknR?=

=?us-ascii?Q?eg=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_SEZPR01MB57706539EEFC90EFD93E8F03EE232SEZPR01MB5770apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB5770.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: ed3d5be3-a9aa-4375-1a5b-08de9be2d04a

X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2026 18:05:33.3739

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PPFFB82CAF0F

X-Spam_score: 5.0

X-Spam_score_int: 50

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, Do you want more targeted visitors on your www.nk.ca website

we can place your website on the 1st page of Google, If Yes, May I send you

a quote?

Copyright spam from Protonmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Apr 2026 13:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDSJz-000000003SF-3VJB

for dave@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 13:24:15 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Apr 2026 13:24:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-43166.protonmail.ch ([185.70.43.166]:62853)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDQUz-00000000Nds-1gdY

for sales@nk.ca;

Thu, 16 Apr 2026 11:27:37 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;

s=protonmail; t=1776360395; x=1776619595;

bh=c/xkaknpRfwAKuIU8QRqzUnwr3txGSpWteaIyftl1Cg=;

h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:

Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;

b=VlORRsLparvvODCWVjICB++rrKLvvO5y64gt4NPMwFMZhMFonqAL9A0vfSQDdV1Hn

GGpsN2LCjmIga66k3oSiouuNwr/AakydjqWVFW/oIAZYSsQELhuOzEH1Oz8jLKxhlW

SAZT1j/Sz2fAi2YbF0gYbKlaySb5esmKUfmrhp1Byz59veBptqFRzDZxZoTEfSnNS6

9MRD1fW/WZMEvCmVQplGqFpLNkmJcHOqMRZB8v9qfJ2bZmpM0kU/mQbwPCi12np5lP

RTJEyKpOp5ONTK1HvYVg1HvCnEipbAiSy/lhPtw5MosbPA/6UHI9hxhGiOkSjwr5rj

K/ZcbXVB9hHQg==

Date: Thu, 16 Apr 2026 17:26:30 +0000

To: "sales@nk.ca"

From: Author19

Subject: Article removal/copyright issue

Message-ID:

Feedback-ID: 90908068:user:proton

X-Pm-Message-ID: 1897733c526f56769d985c7452ebd6648574f47c

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1=_4K6ePsM3WycNPd2gCTp5aTPxvGwv6Bg4sCSgANCGPg"



Good afternoon,



An article of mine appears on your website. My work is protected by Copyright, and I ask that you remove the material. I appreciate your timely attention to this matter. I've included the link below.



https://www.nk.ca/~realcon/in-the-news.html



Regards,

Tanya Enberg







Sent with Proton Mail secure email.

Copyright spam from Proton

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Apr 2026 13:22:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDSHP-000000003Lx-0Afv

for dave@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 13:21:35 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Apr 2026 13:21:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-10696.protonmail.ch ([79.135.106.96]:24187)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDPfn-00000000LLT-20JF

for sales@nk.ca;

Thu, 16 Apr 2026 10:34:44 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;

s=protonmail; t=1776357219; x=1776616419;

bh=aoyMANHIWD9/PiJcmQ41yCbcZ8x8LnAb15nabNFU//o=;

h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:

Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;

b=dwVpGfdQUnUXYWwxoHBl3Ah64GwPN9C58jCJno1on4Yro+/08HaCVpLD9tgNdM5WJ

x0LZ1DTHCtcYvBjJeWZbhGxcI/Pwxnf5RyGXZADfE2z7Tf+NGnrDH8YRqbCsgsn1BV

7okRXmwzvyks/wGYAA55d2KjmTgVOdYyQvSjjJvofz1A8ik0/NAWtf3Q/MYaw4Eydt

cCRzJQ9aDMm3JMthnywwIm9Pk3kCFUAZhBdOAMJ4sTEb8jQpGrP7hVeMbStnIS2wtO

wTI+UXRokSbqSUof+lMJOPhp68vsIbjCXNqLEOCVJo6w/g4d2UJ6Jc1yJ5qoaBv21I

i51PYklTzc02Q==

Date: Thu, 16 Apr 2026 16:33:36 +0000

To: "sales@nk.ca"

From: Author19

Subject: Article removal

Message-ID:

Feedback-ID: 90908068:user:proton

X-Pm-Message-ID: dc20e867759728965f2621c20223b80138b46006

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1=_hmXCGZMJSPXMh7at6TKRYOy9aRbMnIEXOQXV74J3D8"





Good afternoon,



An article of mine appears on your website. My work is protected by Copyright, and I ask that you remove the material. I appreciate your timely attention to this matter. I've included the link below.



https://www.nk.ca/~realcon/in-the-news.html



Regards,

Tanya Enberg





Sent with Proton Mail secure email.

Paypal Cryptocurrecy phish from Microsoft OutLook Part 3

Posted by Dave Yadallee on
[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

[40.93.23.35 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[103.230.209.8 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.23.35 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.23.35 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_FROM From username looks random

3.5 VOWEL_TOCC_7 To or Cc header with 7+ consecutive vowels

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

Subject: {SPAM?} =?utf-8?q?Payment_Received_=E2=80=93_BTC_Order_Proces=E2=80=8Bsing_TXN-69781?=

=?utf-8?q?9500?=



--===============6654849753571745883==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable



Dear Customer,



Your PayPal payment has been received successfully and your Bitcoin (BTC) o=

rder is now under processing. Our system has securely logged your transacti=

on and it is currently waiting for confirmation.



Transaction ID: TRX16243851

Date: 04/16/2026

Amount: $573

Payment Method: PayPal

Order Status: Pending Confirmation



Please note that Bitcoin transactions depend on blockchain confirmations, w=

hich may take some time based on network activity. You will be notified onc=

e your transaction is completed.



For any questions or further assistance, please contact our support team us=

ing the number below:



Customer Support: +1 818 463 0317



Thank you for your trust in our service.



Best Regards,

Billing Department

--===============6654849753571745883==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable



Dear Customer,





Your PayPal payment has been received successfully and your Bitcoin (BTC) o=

rder is now under processing. Our system has securely logged your transacti=

on and it is currently waiting for confirmation.





Transaction ID: TRX16243851


Date: 04/16/2026


Amount: $573


Payment Method: PayPal


Order Status: Pending Confirmation





Please note that Bitcoin transactions depend on blockchain confirmations, w=

hich may take some time based on network activity. You will be notified onc=

e your transaction is completed.





For any questions or further assistance, please contact our support team us=

ing the number below:





Customer Support: +1 818 463 0317





Thank you for your trust in our service.





Best Regards,


Billing Department


--===============6654849753571745883==--

Paypal Cryptocurrecy phish from Microsoft OutLook Part 2

Posted by Dave Yadallee on
=?utf-8?B?QWlmcU96dkZoS2VCdC9STW9Hc1RQcTNzMDR6ZWNoM001eVozR2N2djMwWTUz?=

=?utf-8?B?U0VQZjhZdGtITGdxbWhxVk1jQSszYVErQ0IxUzFpZjRHekM0UnZOKy9aSFor?=

=?utf-8?B?UUpyNHpnTHozT2NGOUhVazZEY1ZHNlpmcFJNc042SzRaS0M4OVdsZFVYaEVG?=

=?utf-8?B?NXNUa1prMThNN1JONUZsN2Z3bDJQazJNVHJlR1NOYWJKNS9nVmdBY2lkOHlC?=

=?utf-8?B?cW9DNGZZZHlnS00vS0l0WnhqdUVualhQQms1V1g0bWFKcEVlS3NwNVRpUVVN?=

=?utf-8?B?Y3c1WUMzTitxTncyeldpNEJNTXlnNmd2cmJwVHl2OTJMVlNSUUhIczRBN1cw?=

=?utf-8?B?Rk9acUFTODVaaU1WWm41VHptaDQ5enpVNVhVWjBNeThyRjZObmVpQVQ4Sy83?=

=?utf-8?B?N1IxekxCc0xPRUNoa3E1MFR0M2RVY0s2aGorVStxTVFsTnZ1UFZ6WW4ySjBD?=

=?utf-8?B?ci96eWhLWUMrMy92alJhUGZvbFd3TWpSeE1ud2J6bFlxNFF1clNJWEZKS0R1?=

=?utf-8?B?eW85RzIrK0FBcFo0RXBzQTdHVHArSy8yZHVMR0ZxVjYwUEoxU0MrTklBd0Qr?=

=?utf-8?B?aWVEQTVuUjAwNCt0blVFRk11Q2oyVmIxSUVLRWRWM1AzSFJWbkV5bnhJbmtB?=

=?utf-8?B?cUZUUERlS0VvaHpMcCtEZWQvZ0M5VUFicUVtVFRpa2dmRXNFSTRCeXFNTnp2?=

=?utf-8?B?V0F2YzVwSjQ0VVg1T29SaEZVeVRXTEZnZjM5Q3JjM1hlOWNvd2pnZkpUSWw3?=

=?utf-8?B?UnZuMWdCbGlkY2wvclBRQ3VBKzhOMVpyeHhrWFk5OWE1MGllTndWbWkwVGZh?=

=?utf-8?B?Y3hWL3d4d1VNZDBsQ1NEVzMrQ1ZKNHB2R2E1d0NVSzFRSWNHVFQvT2x5WW1O?=

=?utf-8?B?VGI1aElBRUJkbTlRcmZNR2hSUFdxUUMvUmZidFdBWWo4U0cwU3ZaeEtXWStE?=

=?utf-8?B?WTZKaHprZTFGejlib1RZSXVIZXVqNEJOSnl5T3N6U1lUL1BzakQ1QngzK2Mv?=

=?utf-8?B?c29Xa1hBOCtvQ2dNSXlibzRtTytrRXpKWWw4dDQ5MHBoaUpSMnZ6eHV5TGJx?=

=?utf-8?B?MllZRGdzVzRsZUVnUldvUDdveS9YUFdZb011Vy9ubW0vbXVya0xZR3BoUTZM?=

=?utf-8?B?Q2hWRDdlQ3RkbHkzd0UrdTd1MFZKc1hiOEZ5MGVmZDVDOUFWZVZrMWlGSzBU?=

=?utf-8?B?eHU4YlFXbWZ5QW1ZT3ZkU0I2eFBoMk5MVitCNnc1Zk1SMnRYbFRxU1VnMlZn?=

=?utf-8?B?Zk81OWJqMjJNNktTUGVOYUQxU3lpV1plSTVLY1NucFZ4eDlvRUt5bGtYUUxN?=

=?utf-8?B?ekY0RXhESTlHUit2QW92TDRoRzZqeUMxalRNWkNMYmdHZnJrZHUxbzNlV0tt?=

=?utf-8?B?STY4dXMydDFJZTFUYTZWcEtXTjlBN1IyQXFXRXQ0SlprMkZzMDVPVS9SczVM?=

=?utf-8?B?NUY0U2p3ZjM3bkVuR0NYM2Q1S2x0NFZjdUl4OXlkNzQySmZFMDdycm1ROTdU?=

=?utf-8?B?ZnIxbGlwemRhd2ZNV3BFVE9VVy9pVld1QmxWMm5BU3BYaXpHSURHM3hDNGE0?=

=?utf-8?B?YmhWaGpDV1VzdlMrK1JkMEpiMmpGSEFHZ29JYjhkaGxIOHJxV3M2elM1bWdZ?=

=?utf-8?B?aDFUeGxNTE1OQ3AyYk1JbkJqbVlVZjN4aklmMHFXT0hFTC9FVDdDZXA1dnBl?=

=?utf-8?B?Y01KdnI2eVZmUkNJWGZxTEF1dGRjdGVsaFNRRTQyV1NtRkFBS2ttaXJ6ZHRy?=

=?utf-8?B?RVhtZzJaZHVjVUczMVNRTStUdU53OVdVSkl4K0FBUzhxZlZDSFZXUjdRR2Ft?=

=?utf-8?B?bzNtdmRTRkhRWGNRZDgvWlYzNUhNaVU1L0R6bmpXVVkxZ2NIYVJGbG5WUmpt?=

=?utf-8?B?TmhIbnVvb1Q2SXcvU0tUcy9DUElRZHZEY2U0d1I1Y0VGbldkVTBicEFPUFRk?=

=?utf-8?Q?tdiOckzG1lLnuaDq?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2026 15:27:07.5957

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 4aa2178b-be83-46d8-4bec-08de9bcc9efc

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: DB5PEPF00014B8D.eurprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA3PR18MB6311

X-Spam_score: 16.8

X-Spam_score_int: 168

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Customer, Your PayPal payment has been received successfully

and your Bitcoin (BTC) order is now under processing. Our system has securely

logged your transaction and it is currently waiting for confirmation.



Content analysis details: (16.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.23.35 listed in dnsbl.ahbl.org]

[40.93.23.35 listed in dnsbl.ahbl.org]

[40.93.23.35 listed in dnsbl.ahbl.org]

[40.93.23.35 listed in dnsbl.ahbl.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:0:0:0:16 listed in]

[dnsbl.ahbl.org]

[209.85.210.182 listed in dnsbl.ahbl.org]

[209.85.210.182 listed in dnsbl.ahbl.org]

[209.85.210.182 listed in dnsbl.ahbl.org]

[209.85.210.182 listed in dnsbl.ahbl.org]

[103.230.209.8 listed in dnsbl.ahbl.org]

[103.230.209.8 listed in dnsbl.ahbl.org]

[103.230.209.8 listed in dnsbl.ahbl.org]

[103.230.209.8 listed in dnsbl.ahbl.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.23.35 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.23.35 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.23.35 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.23.35 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[103.230.209.8 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[209.85.210.182 listed in will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:28c:cafe:0:0:46 listed in]

[will-spam-for-food.eu.org]

Paypal Cryptocurrecy phish from Microsoft OutLook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Apr 2026 13:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDSGm-000000003K2-4AAm

for dave@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 13:20:56 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Apr 2026 13:20:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-westus3azlp17012035.outbound.protection.outlook.com ([40.93.23.35]:13737 helo=PH8PR06CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wDOdU-00000000IHr-27hS

for doctor@doctor.nl2k.ab.ca;

Thu, 16 Apr 2026 09:28:20 -0600

Received: from DU2PR04CA0281.eurprd04.prod.outlook.com (2603:10a6:10:28c::16)

by IA3PR18MB6311.namprd18.prod.outlook.com (2603:10b6:208:529::12) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Thu, 16 Apr

2026 15:27:08 +0000

Received: from DB5PEPF00014B8D.eurprd02.prod.outlook.com

(2603:10a6:10:28c:cafe::46) by DU2PR04CA0281.outlook.office365.com

(2603:10a6:10:28c::16) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.51 via Frontend Transport; Thu,

16 Apr 2026 15:27:07 +0000

Authentication-Results: spf=pass (sender IP is 209.85.210.182)

smtp.mailfrom=gmail.com; dkim=fail (signature did not verify)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.210.182 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.210.182; helo=mail-pf1-f182.google.com; pr=C

Received: from mail-pf1-f182.google.com (209.85.210.182) by

DB5PEPF00014B8D.mail.protection.outlook.com (10.167.8.201) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17

via Frontend Transport; Thu, 16 Apr 2026 15:27:07 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:EF0D298B3494D1BCFD27828B4DD9C2FCD112A7C6D26E014595037A901A0AA5DC;UpperCasedChecksum:8B0AADF0702131700FAA6928D5C672D7D5203B9933B58B316E73C58261AD3CA0;SizeAsReceived:3343;Count:16

Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-82f69a286dbso1359142b3a.2

for ; Thu, 16 Apr 2026 08:27:07 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1776353226; x=1776958026; darn=groups.outlook.com;

h=mime-version:subject:to:from:mime-version:date:message-id:from:to

:cc:subject:date:message-id:reply-to;

bh=hOibzVndEthsSVihcDjH46YDHFkmFraibNK9scwIA2M=;

b=I/+8j5B4iVcNb/Zvg0kIBBLyeNytJcoXAfZQYuf9GgeI1kXzIxooUO3X6AboQN2are

n9u4/w/zJf51nOJsSKgI6OKNH9PUFbp79XpzVri+U70V1VymDDc3RefD4Vi1yZ7gD2ok

r94H0A6Ph8znMmpH2kNQPK+ICiHl8bdLwOfoktOTMDZRdyja56/BpC8G6+diHzIfuB6g

PqbFTZ9pLLWyiI2NuQqLzL6+MHuARIZgBm/VUVVbXEfFPFqQEqYhzp4AfkdS5oidPuwB

RkHjeiHIf1OloC5K24WEBcccI435QyYwuRNtqFssq08Wl1ZgViDkybQ/1/AfSbqYaRZ8

HciQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776353226; x=1776958026;

h=mime-version:subject:to:from:mime-version:date:message-id:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=hOibzVndEthsSVihcDjH46YDHFkmFraibNK9scwIA2M=;

b=BpF6Tu/98D50+pIexOktZkBFMGGkQFU3ANyYFth9DG/jIJkzvfvhzm9+155RmNiZ4p

vQCw7ZsghPDftabvJkgr2pbhs0qL450jm3MkuPzqi4D1FB84P1gGKuq3xhghjQrhUUQI

N0rwSuJ2HCo2xDKo3QxoEudhWxDK8qMcCoEAvSbfK0W+T0K0SGdPzC9t5u+keCfZoE6b

13em8hsazPkBNZvgfbMvtND5pP2Y8a7ZMDm4+G7tzobZwCWdMrk+s/rG9Uq76Q2N8th5

ugiy72KTnGnAJiAVdZ0auYJ6nqp4bDBrySMUUV9AK9JGXW8q55038nlGSsaWMSK9agQS

ECjw==

X-Gm-Message-State: AOJu0YxhSO/CrToFRfRQQnk8gW9lcFhxtHkw5pOOeGNioTGw7vCwvOuG

64fC2xDGB7//0CSYN+Nqvja/qMlvPojARoPK5GT6/mq/gle6FQqHjg/SiFnZCw==

X-Gm-Gg: AeBDiet55L2RX3AgqKL5p1dzS4uVZGGrXJ9e4S19ndeacB0U7lvPGKibTXourBV+Xea

5uo2+SOBCMz7cHBnkBre2VAMWcsde2gR1+G+i+tXgGJJv3J2f/8nPdmdySfHv6Yxja2B7wo2i9D

2EKWRfBzFOLCcgX0x5C5wkC1M4pzl5amX3PA2d2CcUm6A+b3swZdsVR75PxaD5ww1qYHCP109AT

xyogExAeij/pJmwrMGWY409BLDBtxyPBPg/HYg5kjLbwNTY052hycoqxAeBynS932vHdX+OPFOG

nDsBOibB94bSmjrFYHCuUKAPm4jikf8d5q5ThxeQCNjcTD5HXjDj/wPsvREPA2KTEOGno7H/BYp

l3vGxBQvkrDDkJhGkrlvdmCpilu+qOBuBx1RTzKaOpxoTvON8OkeLdgWER1IkNrUxkjoFGS+Qk0

v1N9x6cTYdlhIltFvlM9snP3/IQDZq5XYyFY50k9LuSfC8EnO6rsC6TK5McyZYY0cys3k+8g==

X-Received: by 2002:a05:6a00:400b:b0:82c:6b46:271d with SMTP id d2e1a72fcca58-82f0c2efb17mr28067233b3a.48.1776353225866;

Thu, 16 Apr 2026 08:27:05 -0700 (PDT)

Received: from [192.193.194.105] ([103.230.209.8])

by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82f6e46ecd5sm4511161b3a.23.2026.04.16.08.27.02

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Thu, 16 Apr 2026 08:27:05 -0700 (PDT)

Message-ID: <69e0ffc9.a70a0220.1c1737.cf0e@mx.google.com>

Date: Thu, 16 Apr 2026 08:27:05 -0700 (PDT)

Content-Type: multipart/alternative;

boundary="===============6654849753571745883=="

From: JONATHAN WARD

To: cynthiaperez389903@groups.outlook.com ; haressaznzxrrsxaxz321@gmail.com

Subject: =?utf-8?q?Payment_Received_=E2=80=93_BTC_Order_Proces=E2=80=8Bsing_TXN-69781?=

=?utf-8?q?9500?=

MIME-Version: 1.0

X-Priority: 3 (Normal)

X-IncomingHeaderCount: 16

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DB5PEPF00014B8D:EE_|IA3PR18MB6311:EE_

X-MS-Office365-Filtering-Correlation-Id: 4aa2178b-be83-46d8-4bec-08de9bcc9efc

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.210.182

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|2700799029|6149299003|58200799025|9020799019|6019299003|461199028|47200799024|60050799006|970799060|100100799003|29130799006|29090799004|13020799009|34130799006|440099028|3412199025|26104999006|22062799003|1360799030|1370799030|1380799030|30041999003;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?cDVrUWt0ZHNNWDJnc2NMRDFKWkphVC9OL3VrUmVOWlk2d0pCam5tcjUvNCti?=

=?utf-8?B?V083UFZmQnlobjFYdHd2UUsrZFloeDczSWN6ZVY5Tnh6NU81L3d0MURDbzVr?=

=?utf-8?B?VVFlN2RPdzBOc2JwazBBYjM5Q2E5ZWxQMU8wTmhBT0hDZnhudldkTmkrZGRz?=

=?utf-8?B?Yk8rRk5iMit1MFdocW10dVBMalZZWlViMUNicXlCZ2Q0dDZxVk44NExma1Ji?=

=?utf-8?B?MVlzdmVDRFFDUW11TUlOekoyeERsemdSbVhnV0lmMEFuMXArbEVHNytMTis1?=

=?utf-8?B?Y2gwaEl4V3ArWjNtN053Q05JSXN3SGNrL3hNU24wVG5UKzR5K3EzQnlWNXE0?=

=?utf-8?B?bWthRjR4cnBaWlZZSW8wU3FZLzdVV1NtOVpITWkrMkpBZENGamNJZlRYZ0ho?=

=?utf-8?B?TTNqVUZCNWJNbFd3MXFkZnJmN0tKZmFjZDBZR0lHejZ5a3ErTVkrakFvcGVm?=

=?utf-8?B?c3pQVlQrYWI1Z25aSGE5NlZGUVFzWmQzVEhyR3c3S21ZRk9sa0hQZU1ER2Zz?=

=?utf-8?B?bC81clBSL3d5UmFsbS8yRGRyQUIzTGRLdU9rLys1dmV4UTdIK05wUzBEWWxZ?=

=?utf-8?B?ekQwbU1Lb1k4ZkV4S29KVEZCbmpHbHNxUjV5MGZGZkFRNUw5bmlKeVRlZUlG?=

=?utf-8?B?OERqc1N0VGJIV29LZCt1VWw4VGlqSDlPeHNZT283bXdyUnRmdDBpV2hZSjBm?=

=?utf-8?B?a3k4ZzdpdXRNTnVCV0k3RFJ2eGVya3g3WFlYUHVFVk1jK28rb21VMjRDcDUy?=

=?utf-8?B?TWZVZVNxdGFtVmgvY0RMajlNVndhbGltaW9IWE5pak1zSno0eUl3UUVsQXo1?=

=?utf-8?B?TGI0bEJLUmJNV3NYVFBHenBpeC9FVHcrUlBWeEZieXpFYmhtZFhuVmhWWlZj?=

=?utf-8?B?YkpQWXpnUk5uenFjZVNMdU8rREJzV09XMGZldEVvVXFVMDl1Z01yclB5bGRy?=

McAfee Phish from Google Gmail Part 3

Posted by Dave Yadallee on




















































































































--===============4247830413798550445==--

McAfee Phish from Google Gmail Part 2

Posted by Dave Yadallee on
@media (max-width:620px) {

.mobile_hide {

display: none;

}



.row-content {

width: 100% !important;

}



.stack .column {

width: 100%;

display: block;

}



.mobile_hide {

min-height: 0;

max-height: 0;

max-width: 0;

overflow: hidden;

font-size: 0px;

}



.desktop_hide,

.desktop_hide table {

display: table !important;

max-height: none !important;

}

}