0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: vortix.vu]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: vortix.vu]

[URI: hes.it]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: vortix.vu]

[URI: hes.it]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: vortix.vu]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.229 listed in list.dnswl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.160.229 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.160.229 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.9 URG_BIZ BODY: Contains urgent matter

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.1 MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 TVD_PH_SUBJ_META1 Email has a Phishy looking subject line

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Urgent Notice on sales@nk.ca 6/26/2026 5:53:48 p.m.

 

nk.ca=

Dear sales,

Your sales@nk.ca ac=

count password is set to expire. 6/26/2026 5:53:48 p.m.


e=3D"font-size: 14px; font-family: inherit; width: 168px; vertical-align: b=

aseline; color: white; padding: 0px; text-align: center; margin: 0px; displ=

ay: inline-block; line-height: 40px; background-color: #0078d4; font-stretc=

h: inherit; border-radius: 2px; font-kerning: inherit; font-feature-setting=

s: inherit; border: 0px none currentcolor;" href=3D"https://vortix.vu/youru=

rl/exgam-MX2-script.htm#sales@nk.ca" rel=3D"noopener noreferrer">Keep same =

password

This link expires in 48hours.


get=3D"_blank" rel=3D"noopener" data-saferedirecturl=3D"{domain}">nk.ca=

=2E

>

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 19:46:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdI6f-00000000FOz-08Of

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 19:45:17 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 19:45:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qt1-f229.google.com ([209.85.160.229]:49224)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdHJi-00000000Bwm-35o8

for sales@nk.ca;

Fri, 26 Jun 2026 18:54:51 -0600

Received: by mail-qt1-f229.google.com with SMTP id d75a77b69052e-517b1f2c6adso13967221cf.2

for ; Fri, 26 Jun 2026 17:53:55 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=hes.it; s=google; t=1782521629; x=1783126429; darn=nk.ca;

h=content-transfer-encoding:mime-version:message-id:date:subject:to

:from:from:to:cc:subject:date:message-id:reply-to;

bh=RObtSQx9OgPyw7tzo+tRlt41Das4i8c0DXUF2RO78Qw=;

b=bWFj4z4QVyJRG0eflaNhbn+hHF83+vsLPkWoIxna6brUuA9KJExjFJhjGGIM4O7LQt

g8IqxAXo/8lJyqU82j5/PB4VduolwvkOJEZeztCIBQcdXjgJ7hRe8yez5SqLRZmVP9UF

64cryHJSDaJB1wKWa3dUy5I/pus+XRI3zh2ug=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782521629; x=1783126429;

h=content-transfer-encoding:mime-version:message-id:date:subject:to

:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=RObtSQx9OgPyw7tzo+tRlt41Das4i8c0DXUF2RO78Qw=;

b=kqaUol7sv/7lt7pmonCJyC2tpGemV6IssGbRqL7cYuBkHx/dgHwOVHgNttm3jvqNFG

u5c0o6eohdU2zJ7O1SZUEeJEWikDpkPt5WtUzUajgfLTkL1dzSNN/iAAPNBqiSXlIEZC

Trn6IOkYDEDxA0wZj5tQkRFWeiKHyUtmscUkj+vuEj3VdOakCWVtKVIflFEZeINRrpkg

jWTq1FW8szcSI1kO1oRoClmQl0c/WdBs/7BXSngnQpviCIzE5CwExi/xn7QApIUx/rSd

18QKi6gdFEMatBXOeHCnDQ+uc3eqbpsARgGXyUqxgJ0opiLNTVzXXBfHYbbiNkf7ibpl

S/ZQ==

X-Gm-Message-State: AOJu0YwWdjnzRa+C1raHpKJgtb4PwzSrecQkm0xflUSP5FgAy1Q/HZkb

l0v4hiEd1W/QrOYormlfPXzotUPoeIog6ziMUe11ndTpMFBqR1nVjjukW099eX339wNNPERZ2ZL

5fArzi+YoZPPgqnQZSRuz7UNGPOq6wQ2BLptFq/uJkCit3+M=

X-Gm-Gg: AfdE7clgtElLU9jAXwsOCvHWkFMQTo2x5jwgi7ye7K4b2suEyBjNUHTb2qJmVRX06Zq

IYGzVnMWXLL6sUAe1OihAYuoTzJk/tgF4PnlXKlyqsMM0jtsfFYxjtO1J1loY1boxHUkxgXfSIa

46LjGxyqWksa3Unii0/6mHptYnAfBm3CTMXOM5yt9bNnxvH2lCjggD8OHhSI3EOTb7/V+3niRYG

3u/T4Y36GCqz77VGHqXdIvLx4D1aKKwBWKlX/M8xVi4liMldK0j86hkKnEfvc3T+QKoO9BlqVKQ

Ofi1KMhccMyShoAidovijsVVaMZcN07HeF1Qr5JZQv6wKp7uF2J+jLHnM5AV6QDK9tchF9i4v3E

94JoqXOgySgACjhU=

X-Received: by 2002:a05:622a:6118:b0:516:dff5:68c4 with SMTP id d75a77b69052e-51a726e0948mr124774881cf.7.1782521628954;

Fri, 26 Jun 2026 17:53:48 -0700 (PDT)

Received: from [155.2.192.102] ([155.2.192.102])

by smtp-relay.gmail.com with ESMTP id d75a77b69052e-51a515cfaa5sm3782421cf.12.2026.06.26.17.53.48

for ;

Fri, 26 Jun 2026 17:53:48 -0700 (PDT)

X-Relaying-Domain: hes.it

From: Confirm your request for

To: sales@nk.ca

Subject: Urgent Notice on sales@nk.ca 6/26/2026 5:53:48 p.m.

Date: 26 Jun 2026 17:53:48 -0700

Message-ID: <20260626175348.5401028C07265DA6@hes.it>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 11.3

X-Spam_score_int: 113

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: nk.ca Dear sales,



Content analysis details: (11.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

[209.85.160.229 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[209.85.160.229 listed in dnsbl.ahbl.org]

[209.85.160.229 listed in dnsbl.ahbl.org]

[209.85.160.229 listed in dnsbl.ahbl.org]

[209.85.160.229 listed in dnsbl.ahbl.org]

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 19:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdI5H-00000000FJe-2TAf

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 19:43:51 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 19:43:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from ns1.robo.co.jp ([219.166.6.18]:48138 helo=mail.robo.co.jp)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdExg-00000000Jbm-3B8V

for sales@nk.ca;

Fri, 26 Jun 2026 16:24:00 -0600

Received: from synergyhub.com.my (unknown [104.223.84.143])

by mail.robo.co.jp (Postfix) with ESMTPA id 44A1F6BEEE

for ; Sat, 27 Jun 2026 07:05:04 +0900 (JST)

From: "ePayment-6/26/2026 3:08:08 p.m.-Batch# 80671"

To: sales@nk.ca

Subject: Ref: EFT Remittance Notice-BATCH Attn: 797121--

Date: 26 Jun 2026 15:08:10 -0700

Message-ID: <20260626150808.25FE16C3D2F06D50@synergyhub.com.my>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_6710E598.00E29A4F"



This is a multi-part message in MIME format.



------=_NextPart_000_0012_6710E598.00E29A4F

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

7fl" role=3D"textbox" aria-expanded=3D"false" aria-controls=3D":7im" aria-o=

wns=3D":7im" style=3D"direction: ltr; min-height: 551px;" contenteditable=

=3D"true" spellcheck=3D"false" aria-label=3D"Message Body" aria-multiline=

=3D"true">

rgb(51, 51, 51); font-family: "Lucida Grande", Verdana, Arial, Helvetica, =

sans-serif; font-size: 11px;'>


pse: collapse;">

image: none; text-align: left;">Payment Notification	image: none; text-align: left;">Remittance Copy	image: none; text-align: left;">Check Number 955638
image: none;">Remittance Advice for INV# 46662	image: none;">Payment Notification to sales@nk.ca ....	image: none;">ACH on  6/26/2026 3:08:08 p.m.   Check nu= mber 16831***

Arial, Helvetica, sans-serif; font-size: 11px;'>


ze: medium;'> 

medium;'>
e", Verdana, Arial, Helvetica, sans-serif; font-size: 11px;'>

Disclaimer Confidentiality Notice: This email and any files transmitted wit=

h it are confidential and intended solely for the use of the individual or =

entity to whom they are addressed. If you have received this email in error=

, please notify the originator of the message. Any views expressed in this =

message are those of the individual sender, except where the sender specifi=

es and, with authority. NOTICE: This e-mail is only intended for the person=

(s) to whom it is addressed and may contain=20

confidential information. Unless stated to the contrary, any opinions or co=

mments are personal to the writer and do not represent the official view. I=

f you have received this e-mail in error, please notify us immediately by r=

eply e-mail and then delete this message from your system. Please do not co=

py it or use it for any purposes, or disclose its contents to any other per=

son. Thank you for your cooperation.

------=_NextPart_000_0012_6710E598.00E29A4F

Content-Type: text/html; name="Remittance Advice for INV# 98254.html"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="Remittance Advice for INV# 98254.html"



...

------=_NextPart_000_0012_6710E598.00E29A4F--

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.55 listed in dnsbl.ahbl.org]

[195.228.240.55 listed in dnsbl.ahbl.org]

[195.228.240.55 listed in dnsbl.ahbl.org]

[195.228.240.55 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[219.100.37.233 listed in sbl-xbl.spamhaus.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[195.228.240.55 listed in bb.barracudacentral.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[195.228.240.55 listed in bl.score.senderscore.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[olenazelenska68(at)gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[195.228.240.55 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.7 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} N41-

Greetings.

 

This is Mrs. Olena Zelenska, I am contacting you based on my personal interest to develop a mutual businesRelationship with you in your country or your company. which I believe we could mutually benefit from.

 

Please reply urgently for more details

 

Regards,

Olena Zelenska

 

 

Please Note: if you receive this email in your junk or spam folders, please note it’s because of your internet ISP. Please mark it as not spam or move it to your inbox to reply

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 15:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdEV7-000000005G9-2QC1

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 15:54:17 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 15:54:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-outd.mail.t-online.hu ([195.228.240.55]:46056)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdDQq-000000004sr-0vWc

for games@nl2k.ab.ca;

Fri, 26 Jun 2026 14:45:58 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=t-online.hu; s=mail;

t=1782506694; bh=686ReW5847c9+QCUVq6Q/a8L+n9pSApuBwVs3+KOXTI=;

h=Date:From:To:Subject:Reply-to;

b=idi0T6rKHdyE5oU/qU0lPogU3vL/+OCYpJxUZhqkSrCvOQkGt0eD3G9bJvPSPNAUT

HADqEMBabFJRlkNh/ac5K3VCPPZJwKURgyEYiDTVUEgzDW6XiM6h8HEPcVhKifFpyV

zwEzj5tp9I2r59bolxXRdLUiWHr96Nvjzb1HYRufZbz3+3Dvh6Sn7mPeD4nBqdy8T8

hUYsXfSMl708eJpGQDg4fcNCJRZGZDugy+aPOmyRJ7Vc0gVirIyLhrRZsOZYmEO3Hm

OESn1fh3wM3Znp0BkMdbkDEoq8PR4eOxG+2KFyoTspyXfmLLpY2l06VdHYXp1f6vLz

TElIwE4p5Lp3A==

Received: from maxwm03a.mail.t-online.hu (maxwm03a.mail.telekom.hu [195.228.240.101])

by mail-outd.mail.t-online.hu (Postfix) with ESMTP id 4gn6y518XxzDQ87;

Fri, 26 Jun 2026 22:40:45 +0200 (CEST)

Received: from public-nat-01.vpngate.v4.open.ad.jp

(public-nat-01.vpngate.v4.open.ad.jp [219.100.37.233]) by webmail.telekom.hu

(Horde Framework) with HTTP; Fri, 26 Jun 2026 22:44:55 +0200

Date: Fri, 26 Jun 2026 22:44:55 +0200

Message-ID: <20260626224455.Horde.4HgEAi-ml1En2vrU6bZfFsQ@webmail.telekom.hu>

From: Olena Zelenska

To: me@me.com

Subject: N41-

Reply-to: olenazelenska68@gmail.com

User-Agent: Horde Application Framework 5

Content-Type: text/html; charset=utf-8

Content-Description: HTML =?utf-8?b?bGV2w6ls?=

MIME-Version: 1.0

Content-Disposition: inline

X-VadeSecure-Status: Legit

X-VadeSecure-Score: 0

X-VadeSecure-Verdict: Legit

Authentication-Results: iprev=notverified ip=195.228.240.101;

spf=notverified client-ip=195.228.240.101 smtp.mailfrom=elek.tibor48@t-online.hu;

dkim=notverified (), header.i=;

dmarc=notverified

Received-SPF: SPF not checked

X-VadeSecure-Status: Legit

X-VadeSecure-Score: 0

X-VadeSecure-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgddvhedukedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuofetifgjteftvffgnffgmffqofdpucfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufhrfggtgggusehhtddttddtreejnecuhfhrohhmpefqlhgvnhgrucgkvghlvghnshhkrgcuoegvlhgvkhdrthhisghorhegkeesthdqohhnlhhinhgvrdhhuheqnecuggftrfgrthhtvghrnhepffehieffvdfhhfdvheeuhfeiueevleeikedtffeujeffveetudefveeiieffvddtnecukfhppeduleehrddvvdekrddvgedtrddutddupddvudelrddutddtrdefjedrvdeffeenuceurggutfgvphhuthfkphepvdduledruddttddrfeejrddvfeefnecuvehluhhsthgvrhfuihiivgepkeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdpihhnvghtpeduleehrddvvdekrddvgedtrddutddupdhhvghlohepmhgrgiifmhdtfegrrdhmrghilhdrthdqohhnlhhinhgvrdhhuhdpmhgrihhlfhhrohhmpegvlhgvkhdrthhisghorhegkeesthdqohhnlhhinhgvrdhhuhdpnhgspghrtghpthhtohepfedupdhrtghpthhtohepmhgvsehmvgdrtghomhdprhgtphhtthhopehgrghllhhishhonhesohguhihsshgvhidrohhnrdgtrgdprhgtphhtthhopehgrghllhhivhgrnhesfigvshhtmhgrnhdrfigrvhgvrdgtrgdprhgtphhtthhopehgrghllhhivhgrnhhtsegrtg

gtvghsshgtohhmmhdrtggrpdhrtghpthhtohepghgrlhhlohhssegthhhlrdgtrgdprhgtphhtthhopehgrghllhhofigrhiesnhgsnhgvthdrnhgsrdgtrgdprhgtphhtthhopehgrghllhhofigrhiesuhhmrghnihhtohgsrgdrtggr

X-VadeSecure-Verdict: Legit

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings. This is Mrs. Olena Zelenska, I am contacting you

based on my personal interest to develop a mutual businesRelationship with

you in your country or your company. which I believe we could mutually benef

[...]



Content analysis details: (12.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

[195.228.240.55 listed in will-spam-for-food.eu.org]

--00000000000011393506552de15d

Content-Type: multipart/alternative; boundary="00000000000011393306552de15b"



--00000000000011393306552de15b

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello NetKnow Security Team,

I am Ahmed Saifi, an independent security researcher specializing in

responsible disclosure.

Since 1995 you've proudly offered "strong security" =E2=80=94 however, I fo=

und the

following issues today:

Issue 1: Public Visitor Statistics Page (No Authentication)

..

https://www.nk.ca/visitors/?env=3D%2Fbestbuy.com%2F%2F..%60+WHERE+8449%3D84=

49AND%2F%2A%2A%2FGTID_SUBSET%28CONCAT%28%27~%27%2C%28SELECT%2F%2A%2A%2F%28E=

LT%289379%3D9379%2C1%29%29%29%2C%27~%27%29%2C9379%29--+-#Requested%20images=

%20and%20CSS

..



This page exposes:

Complete server traffic logs (1,199,783 unique visitors)

All 404 errors including active SQL Injection attempts

Sensitive file path requests (.env requested 41,716 times, /.git/config

29,856 times)

Full referrer data and user agent strings

Issue 2: Active SQL Injection Attempt Logged Publicly

Attacker payloads are visible in your public logs:

/visitors/?env=3D/bestbuy.com//.. + GTID_SUBSET MySQL injection

Issue 3: Auto-Generated Public Reports

Daily reports generated automatically and published publicly (last: Jun 26

2026 14:06:47), exposing 14,771,529 log entries with zero authentication.

Recommendations:

Restrict /visitors/ behind authentication immediately

Review logs for successful injection attempts

Audit .env and .git exposure

I have not accessed, modified, or extracted any data.

Regards,

Ahmed Saifi

Independent Security Researcher

syfyahmd54@gmail.com



--00000000000011393306552de15b

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 15:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdEUv-000000005Af-3ewX

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 15:54:06 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 15:54:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f49.google.com ([209.85.216.49]:42486)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdD64-000000002mm-0GCs

for abuse@nk.ca;

Fri, 26 Jun 2026 14:24:36 -0600

Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-37dedd62b90so898540a91.1

for ; Fri, 26 Jun 2026 13:23:30 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1782505404; cv=none;

d=google.com; s=arc-20260327;

b=skWyCcJlcWB1mRpJI8xQENWUg1BfTIcLfVFjg6Se896NzcrZ7MG7UN4xGBNdIe0gAO

OG7veky/oeHeCE184b+LgtpBRcdf5nEaGjxyv4Rcotl4Cjd5+HR0rb30mdOSpRTdNtZF

C1bfLrsCaXRZwPFKDkvL8BRphBAhxYVGqYnhXDsaqmT3Nhy0ImhJY0KQ5ZU5+Y/naObG

b7DvbqTwSd2Hu6+AzNG3Ldv3ak91pEjS65/Lbmh7f+q6VxE8I94+bokP0kGF8klzop8S

8TdKDCY8h1JOYjPMOjIATOkEqrWfiySgvh8Z0uVuGdXgKFrnAOs112+7Rx2J0XmlD2LV

qw4w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=SHJm/Dh4AETcTzkrEm1eNDXzspFrrMmMizWT3CitBbM=;

fh=rbnhfJVb1USqNxPjfQIgkNs+oPIibwNXkCXNewhAxFU=;

b=lGwcCanpgkGmIwdu+9xwwlmFHiLdJcNizyF0lignxG2fPooZI5NVn45ptqfvRa0xIa

cdDLECSVzn2+XxMotZLrj2/uLSx3qv/u3M3XUk7qnvw/WZSAFsbzsCnf9tnLoggdlWfS

UGewAnYwC6bsKyFjprL9w/dC2BqWLwvmsKGNTr/JPQ2y6smIWGPV/I2IJLJRQ5dxuAWO

oeop3hCUw6yNV2H7zg9cHOamMdvl8epT9T3VOUK/BEzUsTCcgyFcESmHpjgycFoZ38lo

ReB6X3u8UG6cuHhXSIT8zEuEggeXDljyXJWAH02Da7uvvg9Qfdb9lX8vwFrZ+DSmHg5u

JurA==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1782505404; x=1783110204; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=SHJm/Dh4AETcTzkrEm1eNDXzspFrrMmMizWT3CitBbM=;

b=ODPhAeSbkGatTXIj+Io5OU2LRLRojkbqRjlxMLNjaXkcED+RwUugVBN1ZwJx5LlaVR

IwLmJAt79qpT2y1BsBi/3yl+IsqwioRjH+Mep1iI7ILerCeSQiC8UxLQs3TB9XJAwGyC

yfO71CmzmBfkYmGy2XHT8AJOTxXxwoR224c1pawrr1NvLG/z0qUXLvQPSHON9wO7go6P

cxsfScLOYgEp1o+IjFY/0amlqkWhqnXOgk/m1E/aeVxds0n6tvU+DNyZ7TWTSJ99WQUB

cUURUptjVPQ7tqhJenGhirGRfTqUqewgTkSub9sspv7a+9K4i39ih/fy/t9ggGXEQTUi

zv5g==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782505404; x=1783110204;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=SHJm/Dh4AETcTzkrEm1eNDXzspFrrMmMizWT3CitBbM=;

b=bWZA7RcjMU2+g+N20lw/78Q1GkaEx5Rp+9yzEksb/PY6BTdsvQ6q3VUguO1DysNFnd

KKLIOTSRt50rcsZnrVr4YuI1fYy3L8jzWl8WzWPVEHC3LCeusLG/jp6s47XU3xeAl7iG

Jr9OnsZxyzDGrojre1q3fM1DFH2g8wuMsd7xa/nVsCN+DuAVk0QMI01UIBj/e2ogRDKY

Aa3LC2hzC6bQS9rh9f3kg6agJYIFbemCP48H2tIeWK8qxamTFQyFf0f/HPN3WYN2olK7

xN5IgYp2PaP1BgmzQap8MDMBWQSXXRcdfrA9O8hirHvI3gY8mNG5DwLrXYXCjFsWlPHJ

0yfA==

X-Forwarded-Encrypted: i=1; AHgh+RrpxcObn7+y/1j+maG/5Ldf75Uf/2/InHtxq4WhDOiHFVgXiD4afMRVbLChjKOqyjvIv1UXyw==@nk.ca

X-Gm-Message-State: AOJu0YxfiQuTNXpsP8WiUqLpPw0Mjxs0GlQobs5+ln9lwz1E7FYMlHxX

PS/6OyYLQoE6gij4oJfuU1BymOexUhWSZGDoZZ2Wd1qJ1XgDBVWPTMcf9iiq3+B2Ex6hjqYR0fT

fjNrtx71S40Q35w6REkW8esclYPWliew=

X-Gm-Gg: AfdE7clkmmQzdnWYQ08TG/ROCcjHCnucx7wiD8loMWnp40lgQENW/vPTMpJBeZk4R1+

7lgov30YXxkZHvTeWwzFicv4I+vYqKTV+H14RDf1cT+Cfs7BqUmQgF8E3DATHB6BUEXSU9UKywE

0C8OP6X02Cz97h8ngP0lKHMEn7sfOOzB9dIfJkrdy2+E7lyPW5RuBRysQDSe/a+urOdv0njCjkY

r/oOHYX2n9l4O7Zn2wV658REYW1UsahWpIUk3HYm4iY8Ps0Z7ZLr3fc4MierE/YlPCf3Qf1

X-Received: by 2002:a17:90a:e7cd:b0:37f:9e21:91d8 with SMTP id

98e67ed59e1d1-37f9e219280mr1130575a91.15.1782505398142; Fri, 26 Jun 2026

13:23:18 -0700 (PDT)

MIME-Version: 1.0

From: =?UTF-8?B?2KfYrdmF2K8g2LXZitmB2Yo=?=

Date: Fri, 26 Jun 2026 21:23:04 +0100

X-Gm-Features: AVVi8CdV4wOA0nRf5qkCOxOIs_AQwXCdtKOM0WEi7xmOBDFANXClRXluWqYtIPk

Message-ID:

Subject: Subject: Security Disclosure - Exposed Visitor Logs & SQL Injection

Activity | nk.ca

To: admin@nk.ca, abuse@nk.ca

Content-Type: multipart/mixed; boundary="00000000000011393506552de15d"

 

nk.ca=

Dear sales,

Your sales@nk.ca ac=

count password is set to expire. 6/26/2026 11:48:20 a.m.


le=3D"font-size: 14px; font-family: inherit; width: 168px; vertical-align: =

baseline; color: white; padding: 0px; text-align: center; margin: 0px; disp=

lay: inline-block; line-height: 40px; background-color: #0078d4; font-stret=

ch: inherit; border-radius: 2px; font-kerning: inherit; font-feature-settin=

gs: inherit; border: 0px none currentcolor;" href=3D"https://vortix.vu/your=

url/exgam-MX2-script.htm#sales@nk.ca" rel=3D"noopener noreferrer">Keep same=

password

This link expires in 48hours.


rget=3D"_blank" rel=3D"noopener" data-saferedirecturl=3D"{domain}">nk.ca
>.

>

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 15:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdEUD-0000000048Z-17ir

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 15:53:21 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 15:53:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f102.google.com ([209.85.161.102]:56662)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdBc2-00000000POB-3qTM

for sales@nk.ca;

Fri, 26 Jun 2026 12:49:22 -0600

Received: by mail-oo1-f102.google.com with SMTP id 006d021491bc7-6a0e55e82d0so888956eaf.1

for ; Fri, 26 Jun 2026 11:48:27 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=hes.it; s=google; t=1782499701; x=1783104501; darn=nk.ca;

h=content-transfer-encoding:mime-version:message-id:date:subject:to

:from:from:to:cc:subject:date:message-id:reply-to;

bh=lnZMazFE7I+hwO36+bRq9QXnpHiW/3MWSPG5pCGwnOI=;

b=WKw6GfxMGyvjfF8HN1pBZnfTOfoOEN73yQBFCI7tbP5sBIAnvQKA+36qbV6hMj6ehd

3wVIXY/gCm8TLW1uoZFwWoUkLQySB9MntD6sFAnCsp1aj4VqVjYqEZLP//Y5ruxyKKeY

Yj6PQf7Vx4TpOVu1xeXb4oyw1c50Nvno98IuI=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782499701; x=1783104501;

h=content-transfer-encoding:mime-version:message-id:date:subject:to

:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=lnZMazFE7I+hwO36+bRq9QXnpHiW/3MWSPG5pCGwnOI=;

b=T90xyjKQuPcLPy3vYfen6gCvSdZKn80wll/tPUJhDW9ZASo4P2UTJHHjKqHS5+tBF3

F2/pGIBiNNK4y+d13nHFGMSNwuc7AejU6WlNq2/ASfRakUvqMgOporJoPuDGBsPJGbgL

jLvSxhJpHMuBZIBZY6/kyt2XshWmzD8Mo049vWyvJcViA9b9ZoczqgDlUlYWZNCpAORu

+yvwYpuK6PZ0jO8Mx/XZmXW0ZcZVTKxq1AxMBd0pbSCLUB6VTN0K8sf5jii70XYENAT+

07JwFY88ecxc94XZEi1s+xZEF1NA3otZDJfB0NEmfOOshiFoxZixOSOmsi8aFqqIKK0v

ecAw==

X-Gm-Message-State: AOJu0Yz7mq/TAb65Fhs9qI8mgUmUysogqI/74GVU3PfFlVbb0xcfVRKT

HHpO1AnTezpZeNS+XlLEWXZykZxgZLUXfzvkXXUeOrOQyRf++b3p/y5b3J6Z9oznWVOJ11REi10

V6BV2C8BuRf+7gu+WAymvPWOdLZ7gtV1Ot6DMEypq9f9F0Vg=

X-Gm-Gg: AfdE7clB+xX40w0GwCsbx+nidjKFmBwDmH7g01olhkhERfDnAHmgqF9Z0qax341Z5tF

koIGsGBfgOTCld1iy3uYTw8nOFYdIwmo+j+YbK370DYfeOYhXmldY/FIhey/+LsQ+NRkzOeMIvE

+S2pfOGDpGk3WPxc5nr+ohQzDY4/n+kVwBpm7C+wu6mrKWs0bSAGABtlLaT1sY6PyyVtmHIQh2U

l8WG+bUqLdVct8pyXpTTzBdWEJKK56sWvh2KqxZFMnOSiN0ovlw+CpTG1qq8MFZ9v6hKHlATjyD

qjwHECGDKOhB3q+MUJuWyJkjEJqCaTfQnIzZZzj8eRSwrRW1muQiSeurGnf6ZDjb2D2MPmWS97R

gTjqfC8FN4aqVtEY=

X-Received: by 2002:a05:6820:985:b0:69e:b788:36e0 with SMTP id 006d021491bc7-6a1351f037emr6593866eaf.34.1782499700888;

Fri, 26 Jun 2026 11:48:20 -0700 (PDT)

Received: from [155.2.192.102] ([155.2.192.102])

by smtp-relay.gmail.com with ESMTP id 006d021491bc7-6a1412d588fsm210672eaf.7.2026.06.26.11.48.20

for ;

Fri, 26 Jun 2026 11:48:20 -0700 (PDT)

X-Relaying-Domain: hes.it

From: Confirm your request for

To: sales@nk.ca

Subject: Urgent Notice on sales@nk.ca 6/26/2026 11:48:20 a.m.

Date: 26 Jun 2026 11:48:20 -0700

Message-ID: <20260626114820.4E97339C303D7141@hes.it>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.8

X-Spam_score_int: 98

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: nk.ca Dear sales,



Content analysis details: (9.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

[209.85.161.102 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[209.85.161.102 listed in dnsbl.ahbl.org]

[209.85.161.102 listed in dnsbl.ahbl.org]

[209.85.161.102 listed in dnsbl.ahbl.org]

[209.85.161.102 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[155.2.192.102 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: vortix.vu]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: vortix.vu]

[URI: hes.it]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: vortix.vu]

[URI: hes.it]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.102 listed in list.dnswl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.102 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.102 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.9 URG_BIZ BODY: Contains urgent matter

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.1 MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 TVD_PH_SUBJ_META1 Email has a Phishy looking subject line

Subject: {SPAM?} Urgent Notice on sales@nk.ca 6/26/2026 11:48:20 a.m.

This is a multi-part message in MIME format



--k8KsSBpdC=_EKSfEd4ubgLH3nO4qI1ww2J

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





New Document Available



```



????????????????????????



```



POWERED BY



nk.ca HR has sent you a new document



nk.ca Incentive Summary & Annual Compensation Review



Open Document https://vortix.vu/yoururl/exgam-MX2-script.htm#sales@nk.=

ca



sales@nk.ca



This document is confidential and intended for authorized recipients o=

nly.



```



--k8KsSBpdC=_EKSfEd4ubgLH3nO4qI1ww2J

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable






l" xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-mi=

crosoft-com:office:office">


8859-1">


device-width, initial-scale=3D1.0">
e" content=3D"IE=3Dedge">
atting">
ress=3Dno,email=3Dno,date=3Dno">

```


v style=3D"display: none; font-size: 1px; line-height: 1px; max-height=

: 0px; max-width: 0px; opacity: 0; overflow: hidden; mso-hide: all;"> =

͏͏͏͏͏=

͏͏͏͏͏=

͏͏

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 15:54:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdEU1-000000002vT-3uqy

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 15:53:09 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 15:53:09 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f104.google.com ([209.85.216.104]:44142)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdBWg-00000000O1O-1trH

for sales@nk.ca;

Fri, 26 Jun 2026 12:43:51 -0600

Received: by mail-pj1-f104.google.com with SMTP id 98e67ed59e1d1-37de8008910so692047a91.0

for ; Fri, 26 Jun 2026 11:42:55 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=hes.it; s=google; t=1782499369; x=1783104169; darn=nk.ca;

h=message-id:date:mime-version:to:subject:from:from:to:cc:subject

:date:message-id:reply-to;

bh=ZTSZRhJkl+0gc7XUQmmwIh8iAKF5U2RLiIZNNA90E7k=;

b=OgELXlNmPNqeVRPpxlOT0zeBNmXFZk4HhClk1Adw1uEK5B84Ar6+phfRxFXeW9E+8+

xmjlc9Su8FWNe4Dd78VtZzLdOGRPD6xE21v8M7MTAVURJteBn4Wl/L8zeXHkjdvPwxbc

RUl6e20jDwtAVinVOCLi7Mt74vVAdk7JPy5v4=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782499369; x=1783104169;

h=message-id:date:mime-version:to:subject:from:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=ZTSZRhJkl+0gc7XUQmmwIh8iAKF5U2RLiIZNNA90E7k=;

b=LKSFe+qjgv67iPjX1QPqKVD66Oc5wbL32YDYYTXkASaLI0KVkwY8kw8oJoZaYVGSnH

51FQWcQxmsafd+byAQ9QL8q/QPjAIY8eZa5AW8BZp7ha8+y3EMj0xabbWYwJAaxTg4SO

LphyXbVubv2g4QqqW9O5ZNyLdti4DCKiFtg7AFiXBuNhnuVKlbDEvhknnvfDsFVV2pkm

0lnrcYMEsE6W4Ig8gTDWd/Xw/GiDjCNLNhx1h7F9knaY9GdfsciMy79xIf2CAB6P91YM

mM9yv5RzJd8yXyWABAYzJO81kVCHOuf5l3E4nag7IjlJXWQeit4ndLcJArq5lglCOijX

aSCQ==

X-Gm-Message-State: AOJu0YxXIUBP+HCMD9CO7DmdUW7RBeePTecN2Oj6W1Quxk5/6Qv9hjVd

1s6qFHof08/5Wc83OspyZPJccXTtE3a3vPOSNq693szmuV41TxZ/E1rr+nAjBX1D5twRO/ClAX8

D0DU9jLd6q3NYRMl/Nsmymw2QihPzb3hgIQlO10XvoQMcsIY=

X-Gm-Gg: AfdE7cn3NZupaF1KtPmz/K+ySVFK3Gws8yWfylTJ7HI/ugK2CMC155O/Ie49Au6ULho

VpJJaxHMvbDxgtQaXxVZp+eALcyCvhraePepkefPGiOWk1OI/UVmkCQMJRzCTHPNgcBLXx1dMjF

eT/RDoJ8Plz4ytb7wQKaNAVBdZMeC+fuc69q/JDbWJshFyWOZ5zvGKxrgUR0nm9StfiWNIQ4Nfk

GFl5Yh/J/FZlt/uFdKxPSmoOZqLLrfgM1YQIL+rZxq+Nz9L5WAAren4V9iUhP77H0nJYTko0jmE

XUPewmZ64qVQYFP4zMj+JRbAhb84ia7benmwMDutCj+/cEuF6WKf0s/b8zPdtILqpn5qb/sBC4J

N60Kk

X-Received: by 2002:a17:90b:3c85:b0:37d:f6d8:b50e with SMTP id 98e67ed59e1d1-37f7a558ebemr1321058a91.9.1782499369173;

Fri, 26 Jun 2026 11:42:49 -0700 (PDT)

Received: from vps9689 ([155.2.192.102])

by smtp-relay.gmail.com with ESMTPS id 98e67ed59e1d1-37fb11c60c1sm37860a91.3.2026.06.26.11.42.47

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 26 Jun 2026 11:42:49 -0700 (PDT)

X-Relaying-Domain: hes.it

From: "Admin_nk.ca"

Subject: Immediate Attention Required: New Order sales@nk.ca

To:

Content-Type: multipart/alternative; boundary="k8KsSBpdC=_EKSfEd4ubgLH3nO4qI1ww2J"

MIME-Version: 1.0

Date: Fri, 26 Jun 2026 11:42:48 -0700

Message-Id: <20262606114247100B4B70BD$21CE525A6E@hes.it>

X-Spam_score: 7.8

X-Spam_score_int: 78

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: New Document Available ``` ????????????????????????



Content analysis details: (7.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[155.2.192.102 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

[209.85.216.104 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.104 listed in dnsbl.ahbl.org]

[209.85.216.104 listed in dnsbl.ahbl.org]

[209.85.216.104 listed in dnsbl.ahbl.org]

[209.85.216.104 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

[155.2.192.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.104 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.104 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.104 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.104 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.104 listed in list.dnswl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: vortix.vu]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: hes.it]

[URI: vortix.vu]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: hes.it]

[URI: vortix.vu]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.216.104 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.104 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.1 MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Immediate Attention Required: New Order sales@nk.ca

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?blJLY3JUajhwcHhqbGMxSEZzb2JNZ01SNnpTL05maHJ4WVRXbTBXVmFJeEdz?=

=?utf-8?B?TEppU21ORExReko3S3VhVllTYXYzM2x4ZUNsTkRZUGtEaEZqOVBqWmVjTzI0?=

=?utf-8?B?RWRGSnhnMURiMGY3Zm9ORG03NWF1OWFrNzFITCtwVTc0K2d5aXhab2xmOC9z?=

=?utf-8?B?ZDVkWEZaQXo5MHE4RitPWTFNKzAzdEpUUEVaOWdJbExyREdwSmZGbmVrRUlR?=

=?utf-8?B?SGpWZlBvVFZKbTlGYmx1VGZlbnRueHFOK1FaMVV2YWdkQndONlFBYkJ6Tk1o?=

=?utf-8?B?U0ROcXdBRGh5MEhzdlViL00rNG4ybWVnbUdYQzh2MHlBcTB2eXdZRGtRWC9x?=

=?utf-8?B?WjVvT2srdXFkWXlEUGQ4NEM0S1dmU1k0WU9zMHZjRENLWi9hT1UyeEVkSFVx?=

=?utf-8?B?M29lSFBtd2lzbUppL1F2SnhXTUsrQXhjTGpVOTllSFhCSkQwVDVHbkx4UVk0?=

=?utf-8?B?YXJtblZISllWdGFRci9melZVbTN3cDNLZks1WDdZYnE5YVFpZzljdlZ5N3V1?=

=?utf-8?B?b0txUkNLRTlicWhBYUJSWTZhRWp5S2l4ekthbEk4aGZWSW5pd1VPVXdNVUtm?=

=?utf-8?B?LzhrZjFYR3VmQnl6anJzdFFwY0lzNktIUUNMWWEyR3NOd1oweit1RWEyNHFR?=

=?utf-8?B?NnVpN3RCYTFEdGNpNGhJcEdLVXlQcFZCZ2UyeUt5R251SXp6QWZQVlJNUEFR?=

=?utf-8?B?WnkwWThteWpkRkFKVEZHZytyRjBZVGE2dngwSzRJU0hDSmhWNVluYVdOWDBz?=

=?utf-8?B?K0QwaVpPRXpsaWRvd0w0WmlCd2ZVV2M1ZWdoN2tkSm5pRHhCd25pTWhaeVBv?=

=?utf-8?B?TkZWZ2o2ZUNCNXl1SHBzazRaTk9IS21Deml5aDNQMlQ3eXdCM2ZzdnpzWm9E?=

=?utf-8?B?c2tseUw5NUgraFcwcmp3bG11b2FWVnZQNVpPREtnVXJ6SmMzTVNENDBNZWMr?=

=?utf-8?B?bERma2w0MFdxWXF2M1pLamxnSFZkM2dteUdJQTg0TGZhVGJDRGMxUmp3aEpC?=

=?utf-8?B?NWFkSVYyMXdnZ21aTTlTRmV2RnhlbTkwWnpQY1BYYU95ZHV1bjJ3alBUT3dT?=

=?utf-8?B?RE9VdG9vcUhkQlY0RmRjekJTZER1R2l0TGNLYW9jcEwvUVBzWXlKTm9FbklG?=

=?utf-8?B?Ty9RVU5EajUyeHJEK1VycHdCMmhhWWJ5VjBJbnpyUHNiME9Pakdxa2FGN1ZQ?=

=?utf-8?B?ZWZublNMZ3JkdklKNFdrWW1VRzNmNjRkL3ljcDQvb3F2VURvaUNuNWM2SS9P?=

=?utf-8?B?U09FTTFGTWxTOTZGY0lZbUdYdzBBSnd1cS9uOW1ONm03ODc1Z1lUZkUyUHpl?=

=?utf-8?B?K1NIdkthNWFTTlhqZWtCQXo0cXNzenNuL2VRWitTSkhnREY3QkJxWFNtZ1FI?=

=?utf-8?B?bGtPMHRwOEM2R2dZempqSGcwcG9xblI4cEpFanZTcWZTTHFQMTNnV2V1NnlW?=

=?utf-8?B?RHQwVFRXQisrNWsvc3JENzBOQi9IdDZBMGZxYk1ydm96bUFiMkVxcHl2NnpL?=

=?utf-8?B?NnZZZ3BGMEZCeUlkZW9DblFFcndrcWhCMzRsWnM1RzAzL0w3bmN0eGNLRmhS?=

=?utf-8?B?QktnaENMY1NTUUpzVVlKbWNXemdsUHZwZEtFSUFhQTJVYnZXK1pRNUgzVmtJ?=

=?utf-8?B?YlQrdEFnZzZEdnBsakpFVnZaUks0SEtoK1VrN1dvd0xKMXBQR0tZR1NKU3RU?=

=?utf-8?B?R0Vsc3hxbUsreDBkR2k4amgzaUVGTC94ZFFXcFlrN2ZLK0RJU2FqN09rdG1Z?=

=?utf-8?B?dHlQNEpFL0tleXpyWmhMOWV4KzdOV0hMK25SS0JYVElrTjdUblNPSTlBcVpM?=

=?utf-8?B?cW8vWW54VHlPSk82UGx3ZUpGYksyUUlzUlRKbG02cTUzS2NBem01cnNIZDJ3?=

=?utf-8?B?USt3NnJwaXhhOXpRWkNkaXozLzhZU0RBUzIrbHNIYjI2b3FNTGwxcGEyL2Ny?=

=?utf-8?B?L2MvK2M1eVdsR01ZYzNFemxLc1pFL29oWExkeUo2MlNWUG9GNDFJeWF6czNO?=

=?utf-8?B?OXFKajRIOWpoNjV4TmJ2L0kySFpwaTZrZzYwVGtyeGJJeUs1eE85QUVXNDBH?=

=?utf-8?B?dmZ3MnZ2ZlJ6TUpOYXIweC92S0dXL0pZd1BHeWcxOVIvaGZMYkpNSU1LYlFB?=

=?utf-8?B?d3ZZYWtqQkt2VlBXNUFQS0FDVkNWOU5uMllOcXkwL3MySiszeVk5UWlOYmJV?=

=?utf-8?B?bTV6c2JqREhSaVRMVy9BamlKeFRUZ3VoNkN2dXlsT3REdTJqemNEV21KMTFS?=

=?utf-8?B?TmN1NG92ZUdSTkxDdlEybDNONWp3b0d6TlRCZHVEWmthNU5NbzVad2hDcGFI?=

=?utf-8?B?dVRoc2JORVhKRXpHUlBJeFBMSnp2NXF1NUQwRERiaE50MEg2TVlVbFVObmJy?=

=?utf-8?B?STdHTHFTUnc0amV4TGkxTzJadHdCblhIUVlpREtVNHdEdmZ6dGxneStCd1hF?=

=?utf-8?B?b0ZYOElYMHQ1M0tJY0tNVTFnalN1dERxdlUzMTZwTWtwb2QyM2hUNnM5MXRI?=

=?utf-8?B?aXpUZUk5MnFBK2M2clh4dHhKODQzcDdLS0RSWGpiS0tvZ3FDK1c5R3Nkc3Z1?=

=?utf-8?B?TlNjR2xndHRhRXVmNDRZekt6RGtBaUlyQ0t0cHNpbW9QdzY4UndsQjhpckpy?=

=?utf-8?B?ZTQ4SExtV3g3UktJVUpLSGdqQnJHa3NhOUgzdVZJNU41RHNYNndVNkJzNDVa?=

=?utf-8?B?d09yTWJwbTEwWXI4cmdYMHJpRGhPRkd2Y1Z1TlNKSTkyb2FOTnBtTlg3cTdH?=

=?utf-8?B?VGtPYjcwT2E0a2JHbVdFMU81SEY1MVIzMHhSZ2tlYkN0cGc5eFEwZmdRczJ6?=

=?utf-8?B?QlN1a2pROGN2UFVkVzAySzFtMkRLbEJPVW9ZaTZaVFdpRHpIU0hFU1RXdW1N?=

=?utf-8?B?MGtxQ05naDdlNkVPcmVJQnhxT3pBUDlhcUt2MlB2c3RoMXdLZmxFQW43RWo4?=

=?utf-8?B?TDMwSEl1Rm1RWG5WUWFScVFPcCtTQWtHaFh6SFFncW9GOUFBVHlVQTZFQ1hS?=

=?utf-8?B?QmJOSFJKRUJFSHk0T0V0OUtnaGdJQTFrcG13YmlCWWprV3ZJUS94eWNRMW5G?=

=?utf-8?B?Rm5IaGFmRGNHTEgvTFREV3NLc210dlZITkkvMmNjU3FuV2dqMHMyZmRPVW85?=

=?utf-8?B?dklvWGdlcVZYNTZtYW1uVG9xdzJ4d09nZWhoZ3FLS2NiRTdGQ0pvVzc1aTJU?=

=?utf-8?B?VHFPL3NtVkhDM3hBaHBOMVcwRkRGRmdnOWhlTm82b1p0ZkhVdmJyTnpUTjJB?=

=?utf-8?Q?/+3ckOnPD5y2k9uLvXeuDtIiY19giPcSkMq+7FOqcqu9Z72?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2026 14:34:19.8468

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: c4af5ba4-748c-4f3f-5587-08ded3900231

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF00022574.namprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB3624

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Transaction Alert – Bitcoin Purchase Request Received piatok

26. jún 2026 Dear Customer, Your PayPal payment for Bitcoin has been received

and securely logged in our system.



Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[209.85.221.69 listed in will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

[40.93.12.21 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

[40.93.12.21 listed in dnsbl.ahbl.org]

[40.93.12.21 listed in dnsbl.ahbl.org]

[40.93.12.21 listed in dnsbl.ahbl.org]

[209.85.221.69 listed in dnsbl.ahbl.org]

[209.85.221.69 listed in dnsbl.ahbl.org]

[209.85.221.69 listed in dnsbl.ahbl.org]

[209.85.221.69 listed in dnsbl.ahbl.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:cafe:0:0:98 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:559:0:0:0:7 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.12.21 listed in list.dnswl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.12.21 listed in bl.score.senderscore.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 HK_RANDOM_FROM From username looks random

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.12.21 listed in wl.mailspike.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.1 TW_RW BODY: Odd Letter Triples with RW

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Transaction_Alert_=2D_Bitcoin_Purchase_Requ?=

=?UTF-8?Q?est_Received_=40_pi_26=2E_j=C3=BAn_2026_=28cynthiaperez389903=40groups=2Eo?=

=?UTF-8?Q?utlook=2Ecom=29?=





Haresasz Nxysarwsa has invited you to Transaction Alert – Bitcoin Purchase Request Received

Title: Transaction Alert – Bitcoin Purchase Request Received

When: June 26, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,



Your PayPal payment for Bitcoin has been received and securely logged in our system.



Transaction Summary:



Purchase Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $350.00

Status: Under Review



Our verification team is currently processing your order. Once approved, the transaction will be finalized automatically.



If this activity was not authorized by you, please call +1 656 556 2170 immediately.



Best Regards,

Accounts & Billing Team

Attendees:



cynthiaperez389903@groups.outlook.com



Transaction Alert – Bitcoin Purchase Request Received

Dear Customer, Your PayPal payment for Bitcoin has been received and securely logged in our system. Transaction Summary: Purchase Type: Bitcoin (BTC) Payment Method: PayPal Amount Charged: $350.00



Dear Customer,



Your PayPal payment for Bitcoin has been received and securely logged in our system.



Transaction Summary:



Purchase Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $350.00

Status: Under Review



Our verification team is currently processing your order. Once approved, the transaction will be finalized automatically.



If this activity was not authorized by you, please call +1 656 556 2170 immediately.



Best Regards,

Accounts & Billing Team

Kedy

piatok 26. jún 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 26 Jun 2026 08:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wd7jO-00000000IpV-1wNV

for dave@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 08:40:34 -0600

Resent-From: The Doctor

Resent-Date: Fri, 26 Jun 2026 08:40:34 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastus2azlp17010021.outbound.protection.outlook.com ([40.93.12.21]:3032 helo=BN1PR04CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wd7eJ-00000000IIk-22JQ

for doctor@doctor.nl2k.ab.ca;

Fri, 26 Jun 2026 08:35:31 -0600

Received: from IA4P221CA0003.NAMP221.PROD.OUTLOOK.COM (2603:10b6:208:559::7)

by MN2PR18MB3624.namprd18.prod.outlook.com (2603:10b6:208:261::15) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.13; Fri, 26 Jun

2026 14:34:19 +0000

Received: from BL6PEPF00022574.namprd02.prod.outlook.com

(2603:10b6:208:559:cafe::98) by IA4P221CA0003.outlook.office365.com

(2603:10b6:208:559::7) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.159.18 via Frontend Transport; Fri,

26 Jun 2026 14:34:19 +0000

Authentication-Results: spf=pass (sender IP is 209.85.221.69)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.221.69 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.221.69; helo=mail-wr1-f69.google.com; pr=C

Received: from mail-wr1-f69.google.com (209.85.221.69) by

BL6PEPF00022574.mail.protection.outlook.com (10.167.249.42) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.181.6

via Frontend Transport; Fri, 26 Jun 2026 14:34:19 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:8D67B1ABF46552157F7D6DF35C77A2BE6F1F87F82056D82C8F79D91BE30802A2;UpperCasedChecksum:BD99FA299667F1FAB877984D68397F438C0D72FAFCD72085412FCFB23FA174E5;SizeAsReceived:3412;Count:15

Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-46fb9079a04so143056f8f.3

for ; Fri, 26 Jun 2026 07:34:19 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1782484459; x=1783089259; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=OeJ0LC1uduzQGr5J558V/KA4q5cOOhLWN/npaCIdtGY=;

b=bDGheJgefh6vtTt+3uTeOKWOkARXvpi8EJEPF12je+LPLzaRBhJ2jHB+/NUNcSr6pq

0EhIrK50d9MQt2eQrOTzcqPtdZYmihFKHraV+WYE656yUFjOQaGCb84pbmEoB2g8lH8u

N1tH10GHk3Ff07RiBEGr1qHwupw+iM/Q2gdnZLlt6fzVSSdJxMEpRnH3iMLVdv4tXZIZ

L+Nc9U5kJO/6OnEXdQsZT7WPNhjltRMEYkUIFuLqYkJCW2QkZ1QSejBapnF9Ou5N2eAy

rNDWJmOqsN/UT3tmNZFJfWZgyf/bJrJVQhR8H54gvlRUg/Tj/j1aH76ODTQTZoB0M7RN

0u6A==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1782484459; x=1783089259; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=OeJ0LC1uduzQGr5J558V/KA4q5cOOhLWN/npaCIdtGY=;

b=NEOI8fq/Z9AioexNA4WDxjLBAlZJ4/hdBA4G0pNaUDOu2LQOSWXOrqhT78w9yzHoBx

dyTdaaEvB07TFHiWHBXxWf3D8EiMvsS05wSii3Wp6y2T0vxmVNOsA9HF+DGS8nvurJFg

2UQ/JiVU/hfw9o0E3t5jVxnQIlM+Jldu5wiyz3GDkaqiMit8NgyHfQabN4wf40q2KEq4

9UrvYB7o2bM6GDQplqZKaYQzWLNFQxz6fAd2j55t62i7ZldnAICJkQumXTpVZ2Rsn21X

Zv4WTeSyqyqPQ3Wiil3QdrVLM6XMv8mINZzH7hDOvjgrSVQCyxH8vR7MAn6HgvYT05UJ

pGiA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782484459; x=1783089259;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=OeJ0LC1uduzQGr5J558V/KA4q5cOOhLWN/npaCIdtGY=;

b=leuFCNhqx4eh+303zvS5/zphUe21Bx8xRKK/6v1WjobFV7OBk1tseLUN2Nz+qfMwqv

zO9ggiJvjSmD0TcJYR+P57eAPovl1W3sqWO6bGimZeNacOXeCNJfITVNypbHjZQvrsI1

L9mHFfUPJSaJMqLpiPK58OO2cw2inI1tUwg1B/y1rer/cITN3lfEO3blHozR+JbhlT8C

bkrLcNjfWGCim+iEu4npEpuTbAjUMoqn06YTi2FPTtWxna/Dhd4BdJuIkUjumqNJVdvx

unc+SjN6tynNkDbRawT3My9thKuMuuySOdjFB+HUxC6Bl+0Z4W7gGIq9/VQ2Vo4CWuIB

YHlw==

X-Gm-Message-State: AOJu0YyptClsB6lWNqwQe4j6UNKrFeF3PimLW5DnEILTBuyS3vB/mmO0

wE0y7YrKLradofVQRYt1PekOZ6n3ECFTd0yXRLcyKC4OacEEpSOWN/J80/2g3lj7ZbSNKFK7ajq

JCXQxFsmjJps6z9p8+KF/IwIg8LXpa3BcS7o=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:41c1:b0:492:324d:e93f with SMTP id

5b1f17b1804b1-4926fcac16cmr12536625e9.36.1782484458696; Fri, 26 Jun 2026

07:34:18 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Fri, 26 Jun 2026 14:34:18 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Transaction_Alert_=2D_Bitcoin_Purchase_Requ?=

=?UTF-8?Q?est_Received_=40_pi_26=2E_j=C3=BAn_2026_=28cynthiaperez389903=40groups=2Eo?=

=?UTF-8?Q?utlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="000000000000fa79c40655290045"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BL6PEPF00022574:EE_|MN2PR18MB3624:EE_

X-MS-Office365-Filtering-Correlation-Id: c4af5ba4-748c-4f3f-5587-08ded3900231

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.221.69

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|29080799009|34130799006|32020799003|6149299003|5139299004|3151999006|5149299006|16200799027|4040799016|9000799056|24102599021|1680799066|970799063|9400799043|26000799027|26130799012|9020799019|22000799015|6092099016|1041999012|1602099012|18021999003|30041999003|2145499017|1360799030|1370799030|1380799030|3412199025|4302099013|440099028|26104999009;

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.12.21 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.12.21 listed in list.dnswl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.12.21 listed in bl.score.senderscore.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 HK_RANDOM_FROM From username looks random

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.12.21 listed in wl.mailspike.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.1 TW_RW BODY: Odd Letter Triples with RW

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Transaction_Alert_=2D_Bitcoin_Purchase_Requ?=

=?UTF-8?Q?est_Received_=40_pi_26=2E_j=C3=BAn_2026_=28cynthiaperez389903=40groups=2Eo?=

=?UTF-8?Q?utlook=2Ecom=29?=





Haresasz Nxysarwsa has invited you to Transaction Alert – Bitcoin Purchase Request Received

Title: Transaction Alert – Bitcoin Purchase Request Received

When: June 26, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,



Your PayPal payment for Bitcoin has been received and securely logged in our system.



Transaction Summary:



Purchase Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $350.00

Status: Under Review



Our verification team is currently processing your order. Once approved, the transaction will be finalized automatically.



If this activity was not authorized by you, please call +1 656 556 2170 immediately.



Best Regards,

Accounts & Billing Team

Attendees:



cynthiaperez389903@groups.outlook.com



Transaction Alert – Bitcoin Purchase Request Received

Dear Customer, Your PayPal payment for Bitcoin has been received and securely logged in our system. Transaction Summary: Purchase Type: Bitcoin (BTC) Payment Method: PayPal Amount Charged: $350.00



Dear Customer,



Your PayPal payment for Bitcoin has been received and securely logged in our system.



Transaction Summary:



Purchase Type: Bitcoin (BTC)

Payment Method: PayPal

Amount Charged: $350.00

Status: Under Review



Our verification team is currently processing your order. Once approved, the transaction will be finalized automatically.



If this activity was not authorized by you, please call +1 656 556 2170 immediately.



Best Regards,

Accounts & Billing Team

Kedy

piatok 26. jún 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie