Dell Laptop paypal phish from Microsoft Outlook Part 4







Haresasz Nxysarwsa has invited you to Urgent: Your PayPal Order Confirmation - Invoice #INV-9942-XPS processed successfully

Title: Urgent: Your PayPal Order Confirmation - Invoice #INV-9942-XPS processed successfully

When: July 13, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Valued Customer,

Thank you for your recent order with PayPal. We are pleased to confirm that your order has been processed successfully and that your payment has been authorized.

We appreciate your business and look forward to serving you.

The authorized payment will be reflected in your account activity shortly.



For any inquiries, please contact us at +1 805 302 5662.



Invoice Details:



Invoice ID: INV-9942-XPS



Product: Dell XPS 13 Laptop



Order Date: Jul 13, 2026



Amount Due: $749.00 USD



Payment Method: Authorized PayPal Auto-Debit



If you did not authorize this charge, please contact us within 12 hours to review the transaction and request a refund.



For cancellations or concerns regarding unauthorized charges, please contact our support team at +1 805 302 5662.



This is an automated message. For further assistance, please contact our support team.



©️ 1999–2026 PayPal All Rights Reserved.

Attendees:



cynthiaperez389903@groups.outlook.com





Dear Valued Customer,

Thank you for your recent order with PayPal. We are pleased to confirm that your order has been processed successfully and that your payment has been authorized.

We appreciate your business and look forward to serving you.

The authorized payment will be reflected in your account activity shortly.



For any inquiries, please contact us at +1 805 302 5662.



Invoice Details:



Invoice ID: INV-9942-XPS



Product: Dell XPS 13 Laptop



Order Date: Jul 13, 2026



Amount Due: $749.00 USD



Payment Method: Authorized PayPal Auto-Debit



If you did not authorize this charge, please contact us within 12 hours to review the transaction and request a refund.



For cancellations or concerns regarding unauthorized charges, please contact our support team at +1 805 302 5662.



This is an automated message. For further assistance, please contact our support team.



©️ 1999–2026 PayPal All Rights Reserved.

Kedy

pondelok 13. júl 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Dell Laptop paypal phish from Microsoft Outlook Part 2



X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BN2PEPF0000449F:EE_|DS0PR18MB5393:EE_

X-MS-Office365-Filtering-Correlation-Id: 409fca8a-4902-4570-225c-08dee104f292

X-Sender-IP: 209.85.128.69

X-MS-Exchange-EOPDirect: true

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|6092099016|26000799027|9000799056|9400799043|9020799019|32020799003|1680799066|3151999006|16200799027|34130799006|4040799016|970799063|26130799012|3069299007|29080799009|5139299004|24102599021|6019299003|22000799015|1041999012|1602099012|30041999003|22062799003|2145499017|18021999003|56899033|1370799030|1360799030|1380799030|3412199025|26104999009|440099028|4302099013;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?MUUyZXNVUXF2ZW5PUkRSWTFhS1MwczFlZ3h0cXRsUTlVTnYyUllqNEQzZWVq?=

=?utf-8?B?cXg4UXo1eTVSQzZOZ0R6MFZWbmxGMHVJcENrWVdSYmNIcERUZ0txbXJ4aEFz?=

=?utf-8?B?eXNKQ24vZ0p0MkZZajF0ZVdkd0Zjb3oxKzYydlB0dzc5OUFnOGRkYmRrREVt?=

=?utf-8?B?cDV2TG0wcmxLSEN0N05MbHdWUHJhaXYxMlNUdTZ3VFpQKzMrZC9VMkNYYWNN?=

=?utf-8?B?S0laeFZXYUwxMSsrdy9NSWtXOXBicWFqYmhoNlJFYVVMcjQxOFZ5V2pPNytL?=

=?utf-8?B?WEFtTytVbXJOcHkxQ0JjTmY0Q0x1VkxYK1kwY2xnb2c5ZkhkT05VQVMwMmRa?=

=?utf-8?B?T0F5SjRma09MN3VESU41WHpwU21zRXIxbDZWZmFuUzdRam56SGFQRWd3RmZz?=

=?utf-8?B?QnduT2FLWXNsbTVCUzVmUDZWMkdXZHh5VHVacWwrR0tYSmszYUcxY3dqOG1K?=

=?utf-8?B?OEg2Qm9jQkY1QVBDUDBzYzJjRmxCNmxSTm42MlhuTjRsZUlkWSthVDkrS0VJ?=

=?utf-8?B?RjZoWTE2T1dsZHVQU1NyWDBDTWVDWnNVMkxLNUR5d0lJQy91R0RseTJ6Y3Rt?=

=?utf-8?B?Y1Q0V2ttR1E3TjdFajRJQXdpbE8rKzlLWjJEU1ZoM2ptNSsybDdiVWpIV3FK?=

=?utf-8?B?T1ZBR2pPWThId2lQTUFmS09qM25rWnZndHhRclA5TlpveVBWVkJ4Q2s2TC9L?=

=?utf-8?B?cXhQQ3B1Y21lU05yOTdJZGZRaXA4dkp2WG4rOUZ2WEF4VWlDWmZrMURXOTVD?=

=?utf-8?B?eElSYnRqaDBoc0pWUFIyZ3pSb08rOG5rWmhMZUx3QyswRzQyc1NDZFowaFFK?=

=?utf-8?B?a3pHdTBmaUZnejIyQmV6NVhGNVlIQUZSMXRQVXh2Y09BK3ZMMGI0amZZUXBY?=

=?utf-8?B?bEZLV3hsZGp4ckNUZXBpbWZRMytyQ3BDNkRnU21VM3YwSzdUNjRPamlnVlhZ?=

=?utf-8?B?T3lkUlA5RzBqSk5OYUh1UUNYTzZXcnhrN1Rtd2NZL2JtRGlOSUgrVEVKZ0xS?=

=?utf-8?B?a3FXSzBFOVppRVFFdHR3RHRuLzVnTTM1dGRuYW01UnBKZU41UEdtNzlqMFp4?=

=?utf-8?B?WTh1cWtlSlhsYjFPVmhWN292eERmcUthM0lJejBTR28zSjkwK0pTNlNEZVBL?=

=?utf-8?B?U1gyMjk0ZGNkUTBCSDZHNWVxRFpITU9sUkg5RkdvbU9RNzFFMFV2TnhaYVRy?=

=?utf-8?B?OENoZTlYczFHNGlLNVp6bURwWFExbnd0N2tYdjRlT0QwRC9wbjZ2ekU5ek9a?=

=?utf-8?B?VHErVXVmQ1hhcm4xTml3eFVsMlE4b2c1RFZQMXVBa1lGdXBKdGtpc3FNclgz?=

=?utf-8?B?cEQyUkRjQ1NLajNYL2N0c2FoQzVvS0NhOW9hTlRmUm0yZlFMNmJqN2hmYm9n?=

=?utf-8?B?bGxBeWZVNnRqaVptdXNMclN5alZheStUa2hYSk1hODY0cTJ2UHZZanp3WG1T?=

=?utf-8?B?R1B5K21WempINnN3NTlxVkVlYjU4dVRxMlI2bTFHVkk3dlZMQzhUWSs4RS84?=

=?utf-8?B?Tk5GdW9jYkpldWJ0NHFmQ0QvQzVKMnpTWnVZZXY0bG5yRDZKQU1iZmpQOTZm?=

=?utf-8?B?K21ORTg4WWRxMUVveGpqMTF2SW5EVnFtZ3RaeS8rT21lU29CajNyMStCQ3Fn?=

=?utf-8?B?RjdhY2JXVGc3elNIdlhEQ3VIZnNQeDBMYkVKb1NQSit2ZDB6Q3lmODRIU3g5?=

=?utf-8?B?end3NlE0Vi9YRTZ6aU1xV0NqcE5udk5ZeGZtRmtoTlpaUDRkd0dZRjZ3YXpP?=

=?utf-8?B?T2RSNmlpSStSdHE0anJuNlRSTVRSTm5JN2VxU2szeHo0dGo3R25yNTE3QlFD?=

=?utf-8?B?M0w1d3lOMFNCemhxckFrdjR3NWc3RmI5UHRsbi9hS1AzS1UyTXRKaGlBWS9u?=

=?utf-8?B?M0tqUDRybmRObElnWnFxUkxhdTFHbVN0bjFjTjJHMkZMdGtSOTExYjFNUXpM?=

=?utf-8?B?eDkvL25FNjNZRTRySGJxMzRPTUxtZkk5QnBQYWsyQ3lDam9vaVArdGdNTGNB?=

=?utf-8?B?NjJ3S0dibnlUaXdvWC9Ga25XSDQ0NG1hM2I3dk1ITW42eG1qNjFMU3ZSTUcx?=

=?utf-8?B?UWlUcGo3bEwwbURER1h4RGdCZHJjS0ROZjFaUkZMZE1ubHRLM2M1WmFHOTlT?=

=?utf-8?B?dDh0YmFUenRKUGlKM3ZNZ25JSlVTT1ZUS3RpNWIzbFI1VlJZcmJFWVlSaXlk?=

=?utf-8?B?a2FUNEd2WHBDNEx1b0E2a29DR3BvY0NHZkY4aXd4Zy9QYmR0UGo2aUorRyt1?=

=?utf-8?B?MStmaElFTENiWERkeDdjMGdxSVdJUnAyL1UyblYvOGxubUI5VVlPZGFLbHkv?=

=?utf-8?B?V2c1SUhzUW1hSFNJNTNmSUR3VTJRZUkwWVpESUJIZWJ3OWhPWWpqWjBNTjEr?=

=?utf-8?B?ZVdvRVlMU3dWbEl5cmZIM1hhUGFvVTUvd2szYkpOeU9XUkNKVU1JQ3ArYXVR?=

=?utf-8?B?YUNJTThMbTZhSVBxTjZvRkpEdGh2a2ZGNCtCeWttS3d6ZHhSOGNxOEdwV3Ri?=

=?utf-8?B?dWtranRMdm50SnJCSW5ZRWhBcXdEcENsZllRc1pQSXArdVBjVTVua0pJVTFt?=

=?utf-8?B?R2FaMFhKdm9XV1gvVG1NaXpQWUpOWTBEdXp6am9ZbEtTY2Zqc2x4K1hjdith?=

=?utf-8?B?Zk5OSU44dmpsb2lWNTlRQzFKMmxSdXh0V0pNN3d0cnVGWktsUk11UEE4WFFj?=

=?utf-8?B?d1ZmMitOTEg4TFZaSnc1OTBGMkx5aEVHUWNnaWhzelJRdXVsTWhERnAxczBn?=

=?utf-8?B?bTVXcjJEczNiUHhGMVhtR2dxc0xaTjh2ZkIrLzU2RHFxYUR0T08wbm9tQml1?=

=?utf-8?B?N2owWU84SkpHRlBqZlpqWHR4eFNXQnpOcWF2R0h2ZDRMRXgrRVNMNXVseDJt?=

=?utf-8?B?aitaZExmUm1XZ2FwK2tML3BUNWEyVWlxbEVyVUdCK2RCM2U0eEYzNGFBMUR2?=

=?utf-8?B?KzRiSVpPck1QOVhVUk1QazB6V2RiRHRaVDczS3JrT3hYaWMrbHVuM1JDeVhi?=

=?utf-8?B?NExOcUM4SGFDa2psT0s5U0l3aHNNTlUxVGJOTEROeHpEVHpSY3FDbGRuUnFy?=

=?utf-8?B?YTVqMEZkNXJmc0Ixa09qNWRic3VNaGZLeXJSVjl5M1ZXa1JnVk1lT3BqR0Rz?=

=?utf-8?B?VXU2RThiWDFiV3RKTTFWN2dWTC8zN0RIMFJ4RUxWWi9OL0g0eExhZ2xXaDFY?=

=?utf-8?B?ZU9YbGdBRkNWa1NtUmpLcnMxNVlGZkw2c0hWQTdVZjFvNHArT2U3Y2ZZK1Zt?=

=?utf-8?B?Kzd0YW1Rc3RadjhhQXRjblA1clZtdnIzUm1jZUQxTUhyaWxWYVVjUDJ2WDdJ?=

=?utf-8?B?NURaZDlBeDJyZ2owUnhLbjIxY0VYSitwWnczMytDaklOeitOM1BlekcrSjlZ?=

=?utf-8?B?WHpxRDlKUVdCM3luUThIREh5a0ZET25CalNkcnJRYVN2Z21JMkw5UUJHdz09?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2026 17:34:09.8666

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 409fca8a-4902-4570-225c-08dee104f292

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF0000449F.namprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR18MB5393

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Urgent: Your PayPal Order Confirmation - Invoice #INV-9942-XPS

processed successfully pondelok 13. júl 2026 Dear Valued Customer, Thank

you for your recent order with PayPal. We are pleased to confirm that your

order has been processed successfully and that your payment has been authorized.

We appreciate yo [...]

Dell Laptop paypal phish from Microsoft Outlook Part 3



Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.14.11 listed in dnsbl.ahbl.org]

[40.93.14.11 listed in dnsbl.ahbl.org]

[40.93.14.11 listed in dnsbl.ahbl.org]

[40.93.14.11 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[209.85.128.69 listed in dnsbl.ahbl.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[dnsbl.ahbl.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.14.11 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.14.11 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.14.11 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.14.11 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[209.85.128.69 listed in will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:cafe:0:0:c listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:408:109:0:0:0:15 listed in]

[will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

[40.93.14.11 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.14.11 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.14.11 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.14.11 listed in bl.score.senderscore.com]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_FROM From username looks random

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.1 TW_RW BODY: Odd Letter Triples with RW

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Urgent=3A_Your_PayPal_Order_Confirmation_=2D_?=

=?UTF-8?Q?Invoice_=23INV=2D994=2E=2E=2E_=40_po_13=2E_j=C3=BAl_2026_=28cynthiaperez389903=40g?=

=?UTF-8?Q?roups=2Eoutlook=2Ecom=29?=

Dell Laptop paypal phish from Microsoft Outlook Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:11:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOr0-00000000MGk-3SZP

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:10:22 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:10:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-southcentralusazlp17012011.outbound.protection.outlook.com ([40.93.14.11]:14280 helo=SN4PR2101CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjKYj-000000001GE-15rA

for doctor@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 11:35:25 -0600

Received: from BN9PR03CA0970.namprd03.prod.outlook.com (2603:10b6:408:109::15)

by DS0PR18MB5393.namprd18.prod.outlook.com (2603:10b6:8:127::12) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.202.19; Mon, 13 Jul

2026 17:34:10 +0000

Received: from BN2PEPF0000449F.namprd02.prod.outlook.com

(2603:10b6:408:109:cafe::c) by BN9PR03CA0970.outlook.office365.com

(2603:10b6:408:109::15) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.202.19 via Frontend Transport; Mon,

13 Jul 2026 17:34:09 +0000

Authentication-Results: spf=pass (sender IP is 209.85.128.69)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.128.69 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.128.69; helo=mail-wm1-f69.google.com; pr=C

Received: from mail-wm1-f69.google.com (209.85.128.69) by

BN2PEPF0000449F.mail.protection.outlook.com (10.167.243.150) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.223.9

via Frontend Transport; Mon, 13 Jul 2026 17:34:09 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:AFCB1B2FFEF3D37E321C4E3ED3ED8CC7C57292F07C40C207FF5E347CA4B4FB82;UpperCasedChecksum:22F474E799F9A3E5E683F30FC28609C6E2DD55F58A4BAADEFE3C2EDE3975554D;SizeAsReceived:3543;Count:15

Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-493f75ebec5so21155515e9.1

for ; Mon, 13 Jul 2026 10:34:09 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1783964049; x=1784568849; darn=groups.outlook.com;

h=content-type:to:from:subject:date:message-id:sender:reply-to

:mime-version:from:to:cc:subject:date:message-id:reply-to

:content-type;

bh=WzmCdTHK05IDiVSZss4rnk2x0LNf4rLYWYiWEaPTbK4=;

b=rHzoS8dibzEOrDxvgn8hGjJ2xR93H3wbRvlDSADiSDTYwFAmS6B+vcGFNTDoq7mMHN

4V6Rqeu26kKG69isz4Fw8os0br2tCqqHr4xYQ/yWxcYwz9pxamoA2PgWMMZSMUoNkqeE

qIPn0g9u5i7lfOnEpjV2U+up3aXCaudGUgoYhD/RmR33v0Bxc8aIeBOG6nqvas4ZsGqM

HApnN4P7R1Z2D1WdFgveWQQ294Fx6NGPDiyZ1F8GltEmu9IaFwhScHlXjzrrTvfqS705

M6yBAguW88p9XT1PlX+lvzalvEA5mLu+0tEYxNVUlXmIAZXwi58rVQyb7ah4LxrJmjnA

Sh4g==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1783964049; x=1784568849; darn=groups.outlook.com;

h=content-type:to:from:subject:date:message-id:sender:reply-to

:mime-version:from:to:cc:subject:date:message-id:reply-to

:content-type;

bh=WzmCdTHK05IDiVSZss4rnk2x0LNf4rLYWYiWEaPTbK4=;

b=a+G3CtjojW35AM7dP+nDCRAXUW9mASE2sgFWJpreqWsIJjKgJnsuBXhmyKrk9NOdif

YEfwxJ7wfHGtqxURndM0clGkjCd5ZpiUi4pr0w0yYUci2WY0hRPhQBxLFAC36ZsXbBUa

oBBj1uf/ONsCMxmbWyom+H0G0Gst5M0dlvwpbHnA03fmMQVtZI0Y7yfiVqAHkFkeaauq

0YzOEfEc66ToDUMoJ5GM3PLDNTSY0HkHlylaSIIysFJ6Xcl3J+zDSF9T9p53ZkwkDGcn

XsFIUeHW2Xp6/kMqrvRbfvYb18yKyGlwQFgA2hFSR2u+YJ1wLTL4BT9qIOjIVICGVFc7

JkCQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1783964049; x=1784568849;

h=content-type:to:from:subject:date:message-id:sender:reply-to

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to:content-type;

bh=WzmCdTHK05IDiVSZss4rnk2x0LNf4rLYWYiWEaPTbK4=;

b=qXe2bio1hhR1AWsfFhUZY7UAr1nuikrSSgg+/Y4pRDrdd1rF/RBj5ivj+k6Wx/BVEG

RnRZiQyKsmA62bIQIpU+xI23xbmbHvyV0kFMv19rQHeprjeat19jsWGjBzXLOd3dS8te

4XKgd380bsFzTO6mO8NxJWCAcwtn3gCh2NR562GcbIWNK0Oox9eR3tpIhhHDIery2v4F

hqrsgf0yy+BkM82DcN6x/wxxNCOTYuceUwV/XHyV9iowj+rOGB1mmzT4dMKpyiCUfsE+

kdvNXqBR9pjna+rXswzkYlQ0pUV1zpvMGIP3tVyPCJLPigWU5kIGydtnPeWyt1xSlE9n

/dfg==

X-Gm-Message-State: AOJu0Ywozh7MOIHKU6sdWQma51J/AZwSfuN6LqqXLlGW0oMjFtYoc8zL

5wasSWrpJ63VEFXWrsEcgNTRW0R1dCazMH0/M43sZQHDUvREh/Xzu67eyirZ83jK3tFGe4bXORK

SoEQibn65C0CsnMPxvQte2E25tZUAZ+w7bL8=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:4ca4:b0:493:e974:41ac with SMTP id

5b1f17b1804b1-493f87ebbf4mr63715215e9.16.1783964048857; Mon, 13 Jul 2026

10:34:08 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Mon, 13 Jul 2026 17:34:08 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Urgent=3A_Your_PayPal_Order_Confirmation_=2D_?=

=?UTF-8?Q?Invoice_=23INV=2D994=2E=2E=2E_=40_po_13=2E_j=C3=BAl_2026_=28cynthiaperez389903=40g?=

=?UTF-8?Q?roups=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="0000000000006ca0be0656817f9c"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

invoice phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOqV-00000000MES-4A6w

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:09:51 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:09:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from srve89.controlvps.com ([45.227.163.89]:38509)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjK7W-00000000LYj-3KhV

for doctor@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 11:07:14 -0600

Received: from localhost (localhost [127.0.0.1])

by srve89.controlvps.com (Postfix) with ESMTP id E479C2518A;

Mon, 13 Jul 2026 14:04:20 -0300 (-03)

Received: from srve89.controlvps.com ([127.0.0.1])

by localhost (srve89.controlvps.com [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id q4fdCqYeG6pv; Mon, 13 Jul 2026 14:04:19 -0300 (-03)

Received: from 45.227.163.89 (localhost [127.0.0.1])

by srve89.controlvps.com (Postfix) with ESMTP id 3F1B12516B;

Mon, 13 Jul 2026 14:04:18 -0300 (-03)

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8;

format=flowed

Content-Transfer-Encoding: 7bit

Date: Mon, 13 Jul 2026 10:04:18 -0700

From: "Les Harris & Associates, Inc."

To: undisclosed-recipients:;

Subject: Invoice

Reply-To: sales@stiriacum.ro

Mail-Reply-To: sales@stiriacum.ro

Message-ID: <67d7e7efa91107845773cd48dead8329@lbm-mg.com>

X-Sender: sales@stiriacum.ro

User-Agent: Roundcube Webmail/0.9.1

X-Spam_score: 10.4

X-Spam_score_int: 104

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Please review the Attached or payment link copy invoice dated

07/13/26 which are also listed below: https://artassentos.com.br/xc/ScreenConnect.ClientSetup.exe

INVOICE# AMOUNT



Content analysis details: (10.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[45.227.163.89 listed in dnsbl.ahbl.org]

[45.227.163.89 listed in dnsbl.ahbl.org]

[45.227.163.89 listed in dnsbl.ahbl.org]

[45.227.163.89 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[45.227.163.89 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[45.227.163.89 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[45.227.163.89 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[45.227.163.89 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

[45.227.163.89 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[45.227.163.89 listed in bl.score.senderscore.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.4 SALES_REPLY Your parents named you sales?

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 MONEY_NOHTML Lots of money in plain text

2.0 FSL_HELO_BARE_IP_2 No description available.

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Invoice



Please review the Attached or payment link copy invoice dated 07/13/26

which are

also listed below:







https://artassentos.com.br/xc/ScreenConnect.ClientSetup.exe









INVOICE# AMOUNT



======== ==============



$1,300.60



$5,459.40





DIANE TREMBLAY



Adresse

Adresse du domicile

SUITE 8 205 RUE SAINT-PIERRE

TERREBONNE, QC J6W 5P2

Remittance phish impersonating ae Edmonton Kia car dealership Part 2


ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;"> 




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">Thank you.




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">
1pt;"> 




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">Have a great day!




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;"> 




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">
runge";'>Snehpal Brar




34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">Appointment Coord=

inator




34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">


t-family: Cambria, serif; font-size: 14pt;">


34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">GO KIA SOUTH

3D""
=3D"cid:unnamed.png" border=3D"0" hspace=3D"0" width=3D"355" height=3D"35">=






34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">3030 GA=

TEWAY BLVD | Edmonton, AB | T6J 6V4
=




34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">Phone:&=

nbsp;780.465.3535  Ext. 37412




34, 34, 34); text-transform: none; text-indent: 0px; letter-spacing: normal=

; font-family: Arial, Helvetica, sans-serif; font-size: small; font-style: =

normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: =

2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -w=

ebkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-deco=

ration-style: initial; text-decoration-color:=20

initial;">



------=_NextPart_001_0013_B0BA2F23.7D1799C3

Content-Type: image/png; name="unnamed.png"

Content-Transfer-Encoding: base64

Content-ID:



...



------=_NextPart_001_0013_B0BA2F23.7D1799C3--



------=_NextPart_000_0012_B0BA2F23.7D1799C3

Content-Type: text/html; name="SWIFT Remittance Advice For Inv#94096 .html"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="SWIFT Remittance Advice For Inv#94096 .html"

...



------=_NextPart_000_0012_B0BA2F23.7D1799C3--

Remittance phish impersonating ae Edmonton Kia car dealership Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOqI-00000000MDr-3uUe

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:09:38 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:09:38 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 5108641.shenimed.com ([162.215.212.201]:57362)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjJzV-00000000Jcx-2VWf

for sales@nk.ca;

Mon, 13 Jul 2026 10:59:00 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=dakotadrc.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:

Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=zsroaDvKfo3YaQhjz3cMowVdTTwBOt+ER8LL+sXOwwk=; b=ZIujb8BhvNJTDlURR/jJtbIdrQ

80+YNzUwW++u46OiU/iyA7Tv7hnAKZ/6Fm+HnbGcKJhNtLqc8K4+HMi7b7hY9JR+WRO5Kot5G4z00

a0A2QgxLgkX/5zSm78O6eElYorDuh2DPnZWBg6BlFM7lqmdFR8KpyuGVpcR0dYSC3+D0Fb3F4HA2f

UvTfFKk8F84aH8luO5MAVMObg9F+eRz5mdKBfSDpRXzB9KJB/a38q5q1TwWzbz8PGtxGwQzIxeIC9

3IamA4ffblQSovVxmvskE7n7ZjjnAMYmrJvFZT7MvrdYCFrAXWCbwQ+Bh2ZyMvb6quoQ8WM/5iDZ2

h1+E686w==;

Received: from [104.223.84.143] (port=56654 helo=synergyhub.com.my)

by 5108641.shenimed.com with esmtpa (Exim 4.99.4)

(envelope-from )

id 1wjJyh-000000007oi-0FK8

for sales@nk.ca;

Mon, 13 Jul 2026 11:57:59 -0500

From: "Snehpal Brar"

To: sales@nk.ca

Subject: =?UTF-8?B?RUZUIFBheW1lbnQgUmVtaXR0YW5jZSBBZHZpY2UgOiBEbyBub3QgUmVwbHkgLyBBdmlzIGRlIHBhaWVtZW50IEVGVCA6IE5lIHBhcyByw6lwb25kcmUg?=

Date: 13 Jul 2026 09:58:01 -0700

Message-ID: <20260713095800.95B9D15E1EB0ED3D@synergyhub.com.my>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_B0BA2F23.7D1799C3"

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - 5108641.shenimed.com

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - synergyhub.com.my

X-Get-Message-Sender-Via: 5108641.shenimed.com: authenticated_id: jplejeune@dakotadrc.com

X-Authenticated-Sender: 5108641.shenimed.com: jplejeune@dakotadrc.com

X-Source:

X-Source-Args:

X-Source-Dir:



This is a multi-part message in MIME format.



------=_NextPart_000_0012_B0BA2F23.7D1799C3

Content-Type: multipart/related;

boundary="----=_NextPart_001_0013_B0BA2F23.7D1799C3"





------=_NextPart_001_0013_B0BA2F23.7D1799C3

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable














ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">Good morning, sales




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;"> 




ransform: none; text-indent: 0px; letter-spacing: normal; font-family: Aria=

l, Helvetica, sans-serif; font-size: small; font-style: normal; font-weight=

: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; backg=

round-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-varia=

nt-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness:=

initial; text-decoration-style: initial;=20

text-decoration-color: initial;">Please see the attached =

payment
an>
 receipt.

Chinese Products spam

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOq2-00000000MDH-3NdT

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:09:22 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:09:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-m81225.xmail.ntesmail.com ([156.224.81.225]:14458)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjJmZ-00000000ImD-2Z51

for sales@nk.ca;

Mon, 13 Jul 2026 10:45:44 -0600

Content-Type: multipart/alternative; BOUNDARY="=_Part_70790_157208311.1783961070654"

To: sales

Reply-To: sales23@abiscircuits.com

Subject: =?UTF-8?B?TWVldCBBYmlzIOKAkyBZb3VyIFNpbmdsZS1Tb3VyY2UgRU1TIFBhcnRuZXIgU2luY2UgMjAwNg==?=

X-Priority: 3

MIME-Version: 1.0

Received: from diana@abiscircuits.cn( [10.139.5.81] ) by ajax-webmail ( [127.0.0.1] ) ; Tue, 14 Jul 2026 00:44:30 +0800 (GMT+08:00)

From: Diana

Date: Tue, 14 Jul 2026 00:44:30 +0800 (GMT+08:00)

X-WM-Tid: 0a9f5c5dac2f03c0kunm9e8a5048176eb

DKIM-Signature: a=rsa-sha256;

b=Od94VH+MHygPHTvZ+fVn/xfulOtwsSxMYXCBk9nUTzZVPfkqLk8CYzH6VDwyrah2qm7cj+6NTeM3+dpH+Bhmy7P39gaDk7COfHnUCuo+rXYESSthWK4C+4crBc09RA5EZmRgBr/zVFZFk+56pT6UFpwfHsk5Ihah6UO3ksJe3hA=; s=default; c=relaxed/relaxed; d=abisassembly.net; v=1;

bh=XOxFbKXYSbn3bUcJIAOeczsd8E3yDJM9LmsejPs47xw=;

h=date:mime-version:subject:message-id:from;

Message-ID:



Hi Sales ,



Since 2006 Abis has grown into two PCB plants plus one ISO/UL-certified PCBA facility, supplying 1-40 layer boards and full turnkey assemblies to aerospace, medical and industrial customers around the world.



Our vertically-integrated model eliminates multi-vendor headaches while keeping every process step—DFM, fabrication, assembly, testing—under one roof and one quality system.



We look forward to showing you why global EMS buyers rate Abis “Top-Tier” in audits and why we are ready to back-stop EI’s own demanding programs.







Diana Dai

Project Representative | ABIS Circuits Co., Ltd



Rigid PCB, Flex PCB, Rigid-Flex 1~32 Layer PCB, Metal PCB, HDI PCB, PCBA

Mobile / Whatsapp / Wechat: +86 13510754753

Email: sales23@abiscircuits.com / diana@abiscircuits.cn

Website: abiscircuits.com









Toronto Dominion Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:09:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOpC-00000000MB5-26dm

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:08:30 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:08:30 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.mac4boxtek.info ([166.0.192.129]:56179)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIxj-000000005G7-2fAg

for root@nl2k.ab.ca;

Mon, 13 Jul 2026 09:53:00 -0600

Received: by mail.mac4boxtek.info for ; Mon, 13 Jul 2026 15:52:37 +0000 (envelope-from )

From: "TD Bank Canada"

To: root@nl2k.ab.ca

Subject: Payment Verification Required: Payment on Hold

Date: 12 Jan 2026 12:51:21 -0300

Message-ID: <20260112125121.B8EDE48451013111@email.ca>

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_NextPart_000_0012_97055C30.F86430D9"

X-Spam_score: 6.4

X-Spam_score_int: 64

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: You have received a payment of $4,781.22 on July 13, 2026.

For your security, this payment has been placed on hold pending verification.

Please review and approve the payment through your account to c [...]



Content analysis details: (6.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[166.0.192.129 listed in bl.score.senderscore.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.0 LOTS_OF_MONEY Huge... sums of money

Subject: {SPAM?} Payment Verification Required: Payment on Hold





------=_NextPart_000_0012_97055C30.F86430D9

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable










k" border=3D"0" alt=3D"TD" src=3D"cid:tdshieldstv1.png" width=3D"67" height=

=3D"60" data-bit=3D"iit">



WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,6=

8,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; B=

ACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligatures=

: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=

ecoration-thickness: initial; text-decoration-style: initial; text-decorati=

on-color: initial">




; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,=

68,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; =

BACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligature=

s: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-=

decoration-thickness: initial; text-decoration-style: initial; text-decorat=

ion-color: initial" dir=3Dltr align=3Dleft>

You have received a payment of =

$4,781.22
on July 13, =

2026
 For your security, this payment =

has been placed on hold pending verification. Please review and approve the=

payment through your account to complete the deposit to your available bal=

ance.




e=3D"CURSOR: pointer; TEXT-DECORATION: none; COLOR: rgb(51,102,153)">


AMILY: helvetica, arial, sans-serif; FONT-WEIGHT: bold; COLOR: rgb(255,255,=

255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 25px; DISPLAY:=

inline-block; PADDING-RIGHT: 25px; BACKGROUND-COLOR: rgb(0,138,0); border-=

radius: 5px" href=3D"https://denall2.nsdns.in/images/yifgtbx/pojmwxd/tk1hug=

n/ink.html" rel=3D"nofollow noopener noreferrer" target=3D_blank>Log In
=





Standard message and data rates may apply.

Thank you for choosing TD=

Bank.

This is a servicing message from TD Bank. Please do not reply=

to this email.

Your privacy is our priority. We'll never ask you to=

confirm your account number, PIN, password, or personal information. Learn=

more about our 
com_zimbra_url class=3DObject style=3D"CURSOR: pointer; TEXT-DECORATION: no=

ne; COLOR: rgb(51,102,153)">


href=3D"https://www.td.com/privacy-and-security/privacy-and-security/our-p=

rivacy-commitments/td-privacy-code/privacy.jsp" rel=3D"nofollow noopener no=

referrer" target=3D_blank>TD Privacy Code
.


------=_NextPart_000_0012_97055C30.F86430D9

Content-Type: image/png; name="tdshieldstv1.png"

Content-Transfer-Encoding: base64

Content-ID:



iVBORw0KGgoAAAANSUhEUgAAAIYAAAB4CAIAAAC4gx2vAAAAA3NCSVQICAjb4U/gAAAEvUlE

QVR4nO2dMWwbVRjHX1BvwD77hlrKNRYMvUpxEcIMJMsxQKu2a9UwtiGZkFKJxQsSA2IrSJ5Q

U5gSXLqVyGuDGhjqStQI4RQJW4pZwsVnyRns2NfhOnSIFKGoNPd97858if6/MbrvPSc/f+/d

++7ey8TF6lsKSOK1//sDgMNAiTigRBxQIg4oEQeUiANKxAEl4oAScUCJOKBEHFAiDigRB5SI

A0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsRxKvqlZXfVTuWT+yjS8ANPKeU/87rBTrvf9AOv

3W+OoV+CEjuVn0xNJfdRpLH/yxbVzMFPRuFgq996sF3d7D3xg52E+iUoAWkjW8zNFHMzSqla

Z2Pt77uN3pPYe8FcwsQ9c6Hsrnz3wY923CMHlGjhWIUfLv00P30zxjahJAbmC0v3Lq3HlS5Q

Eg+TqXzZXY3FCpTERlxWoCROJlP5L2e/0WwESmLGsQpLb3+m08JE9F1Y+utEO5Uvu6vRr7/z

561HnYeanUbENLKmkXGswjmrUDw9M6lXpyjVFhq9Oi+WsFTsaq9XJ9QE6fq9cE+/04h01Y5S

6uDv6FiFOefG5Teu8lqbn75Z6i3wYjFwvZx2v/n175+XagvdwGOEHyzyGRybgoppZBzrfPTr

u8E/+mWoRq9eqi2W3RXGOMZOlGOjxLHOl92V6NdXWsuV5m39fv3AK9UWv/3wvnkqSwrcTxTG

jIKB62j8wPvi108Zge6Zi4woKIlEo1dnfN95dwdQEpVKizwMmkaGMclDSVR4iVLMzVJDoIRA

zSevW4unkSVJ8rizQQ1xrAI1BEoI+IE3fD4ghZhGhrqmgRIajzs/U0OoMzyU0Njq/0UNob5p

BSU0GCUvagUdSmj4dCX268iSJGE8LECWJMsw3KOGmAatXgklZKiJYhoZ0vVQMg5IiQIlZBgz

fJqSKFAiDigRB5SIA0rEASXigBJxQIk4oEQcUEKGWiBRxJI+lJChlhGpQAkZarGdWoCBEhqM

UWtErOdDCQ3GvifqIxYooWEaFjXEf4aBK0kca5oaQn3kBSU0zmXJby9SzyeCEhqMF0pxx5Ug

+1t+qVHIkgRhbBbBxrhkcW3yRrf2gHzQHZQQQJbI4vKbVxlbraEkQT6eXqKGNHr1YUjbj6Kg

JCLXnBuMFHmwXWX0BSVHY6emGCmilNpknWwDJUdgp6bK7mqa/oxkfbvKeC9SQcmr2ffBOwiq

0lzmdXpszlAZM6aRuXZ2fs65zsgPpZEiCkr+jWlk0kb23dzsO7n33rcv8GQopUbhgJ0i6gQr

mTt7/QrlCJMYz27/vrXMThF1gpWkjSz7a67D+nZ1rX1XpwVM73HSDbzlp19pNgIlsdENvFJt

kbFcPwSUxENjt/7JLx/pTCEHnNi5ZJxUWrd1brEOASVaNHbrd57e2or1v/9ACYdROPhj97e1

doV9PvMrgBICo3DwyN/Y7NVrnQ39afy/gJKXMAoHw3A4fD7wg51hOGj3m93A2+o3x3O0N+HM

eTAecBMsDigRB5SIA0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsQBJeKAEnFAiTigRBxQIg4o

EQeUiANKxAEl4oAScUCJOKBEHFAijhcJGl/TQfHsfQAAAABJRU5ErkJggg==



------=_NextPart_000_0012_97055C30.F86430D9--



Toronto Dominion phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 16:09:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjOp9-00000000MAx-10CT

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 16:08:27 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 16:08:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.mac4boxtek.info ([166.0.192.129]:56179)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIxb-000000005G7-2mfx

for www@nl2k.ab.ca;

Mon, 13 Jul 2026 09:52:55 -0600

Received: by mail.mac4boxtek.info for ; Mon, 13 Jul 2026 15:51:50 +0000 (envelope-from )

From: "TD Bank Canada"

To: www@nl2k.ab.ca

Subject: Payment Verification Required: Payment on Hold

Date: 12 Jan 2026 12:50:34 -0300

Message-ID: <20260112125034.45D8659B029E7931@email.ca>

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_NextPart_000_0012_CB8C2854.C8E38C70"

X-Spam_score: 6.4

X-Spam_score_int: 64

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: You have received a payment of $4,781.22 on July 13, 2026.

For your security, this payment has been placed on hold pending verification.

Please review and approve the payment through your account to c [...]



Content analysis details: (6.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

[166.0.192.129 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[166.0.192.129 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

[166.0.192.129 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[166.0.192.129 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

Subject: {SPAM?} Payment Verification Required: Payment on Hold





------=_NextPart_000_0012_CB8C2854.C8E38C70

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable










k" border=3D"0" alt=3D"TD" src=3D"cid:tdshieldstv1.png" width=3D"67" height=

=3D"60" data-bit=3D"iit">



WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,6=

8,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; B=

ACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligatures=

: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=

ecoration-thickness: initial; text-decoration-style: initial; text-decorati=

on-color: initial">




; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,=

68,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; =

BACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligature=

s: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-=

decoration-thickness: initial; text-decoration-style: initial; text-decorat=

ion-color: initial" dir=3Dltr align=3Dleft>

You have received a payment of =

$4,781.22
on July 13, =

2026
 For your security, this payment =

has been placed on hold pending verification. Please review and approve the=

payment through your account to complete the deposit to your available bal=

ance.




e=3D"CURSOR: pointer; TEXT-DECORATION: none; COLOR: rgb(51,102,153)">


AMILY: helvetica, arial, sans-serif; FONT-WEIGHT: bold; COLOR: rgb(255,255,=

255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 25px; DISPLAY:=

inline-block; PADDING-RIGHT: 25px; BACKGROUND-COLOR: rgb(0,138,0); border-=

radius: 5px" href=3D"https://denall2.nsdns.in/images/yifgtbx/pojmwxd/tk1hug=

n/ink.html" rel=3D"nofollow noopener noreferrer" target=3D_blank>Log In
=





Standard message and data rates may apply.

Thank you for choosing TD=

Bank.

This is a servicing message from TD Bank. Please do not reply=

to this email.

Your privacy is our priority. We'll never ask you to=

confirm your account number, PIN, password, or personal information. Learn=

more about our 
com_zimbra_url class=3DObject style=3D"CURSOR: pointer; TEXT-DECORATION: no=

ne; COLOR: rgb(51,102,153)">


href=3D"https://www.td.com/privacy-and-security/privacy-and-security/our-p=

rivacy-commitments/td-privacy-code/privacy.jsp" rel=3D"nofollow noopener no=

referrer" target=3D_blank>TD Privacy Code
.


------=_NextPart_000_0012_CB8C2854.C8E38C70

Content-Type: image/png; name="tdshieldstv1.png"

Content-Transfer-Encoding: base64

Content-ID:



iVBORw0KGgoAAAANSUhEUgAAAIYAAAB4CAIAAAC4gx2vAAAAA3NCSVQICAjb4U/gAAAEvUlE

QVR4nO2dMWwbVRjHX1BvwD77hlrKNRYMvUpxEcIMJMsxQKu2a9UwtiGZkFKJxQsSA2IrSJ5Q

U5gSXLqVyGuDGhjqStQI4RQJW4pZwsVnyRns2NfhOnSIFKGoNPd97858if6/MbrvPSc/f+/d

++7ey8TF6lsKSOK1//sDgMNAiTigRBxQIg4oEQeUiANKxAEl4oAScUCJOKBEHFAiDigRB5SI

A0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsRxKvqlZXfVTuWT+yjS8ANPKeU/87rBTrvf9AOv

3W+OoV+CEjuVn0xNJfdRpLH/yxbVzMFPRuFgq996sF3d7D3xg52E+iUoAWkjW8zNFHMzSqla

Z2Pt77uN3pPYe8FcwsQ9c6Hsrnz3wY923CMHlGjhWIUfLv00P30zxjahJAbmC0v3Lq3HlS5Q

Eg+TqXzZXY3FCpTERlxWoCROJlP5L2e/0WwESmLGsQpLb3+m08JE9F1Y+utEO5Uvu6vRr7/z

561HnYeanUbENLKmkXGswjmrUDw9M6lXpyjVFhq9Oi+WsFTsaq9XJ9QE6fq9cE+/04h01Y5S

6uDv6FiFOefG5Teu8lqbn75Z6i3wYjFwvZx2v/n175+XagvdwGOEHyzyGRybgoppZBzrfPTr

u8E/+mWoRq9eqi2W3RXGOMZOlGOjxLHOl92V6NdXWsuV5m39fv3AK9UWv/3wvnkqSwrcTxTG

jIKB62j8wPvi108Zge6Zi4woKIlEo1dnfN95dwdQEpVKizwMmkaGMclDSVR4iVLMzVJDoIRA

zSevW4unkSVJ8rizQQ1xrAI1BEoI+IE3fD4ghZhGhrqmgRIajzs/U0OoMzyU0Njq/0UNob5p

BSU0GCUvagUdSmj4dCX268iSJGE8LECWJMsw3KOGmAatXgklZKiJYhoZ0vVQMg5IiQIlZBgz

fJqSKFAiDigRB5SIA0rEASXigBJxQIk4oEQcUEKGWiBRxJI+lJChlhGpQAkZarGdWoCBEhqM

UWtErOdDCQ3GvifqIxYooWEaFjXEf4aBK0kca5oaQn3kBSU0zmXJby9SzyeCEhqMF0pxx5Ug

+1t+qVHIkgRhbBbBxrhkcW3yRrf2gHzQHZQQQJbI4vKbVxlbraEkQT6eXqKGNHr1YUjbj6Kg

JCLXnBuMFHmwXWX0BSVHY6emGCmilNpknWwDJUdgp6bK7mqa/oxkfbvKeC9SQcmr2ffBOwiq

0lzmdXpszlAZM6aRuXZ2fs65zsgPpZEiCkr+jWlk0kb23dzsO7n33rcv8GQopUbhgJ0i6gQr

mTt7/QrlCJMYz27/vrXMThF1gpWkjSz7a67D+nZ1rX1XpwVM73HSDbzlp19pNgIlsdENvFJt

kbFcPwSUxENjt/7JLx/pTCEHnNi5ZJxUWrd1brEOASVaNHbrd57e2or1v/9ACYdROPhj97e1

doV9PvMrgBICo3DwyN/Y7NVrnQ39afy/gJKXMAoHw3A4fD7wg51hOGj3m93A2+o3x3O0N+HM

eTAecBMsDigRB5SIA0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsQBJeKAEnFAiTigRBxQIg4o

EQeUiANKxAEl4oAScUCJOKBEHFAijhcJGl/TQfHsfQAAAABJRU5ErkJggg==



------=_NextPart_000_0012_CB8C2854.C8E38C70--



Nigerian Spam from Google Gmail Part 2



1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.47 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

[209.85.208.47 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.47 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[bank60073(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[igwehero80(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[igwehero80(at)gmail.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.208.47 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.47 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 LOTTO_DEPT Claims Department

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

0.0 FILL_THIS_FORM Fill in a form with personal information

1.5 MONEY_ATM_CARD Lots of money on an ATM card

0.0 T_FILL_THIS_FORM_LONG Fill in a form with personal information

2.3 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money

0.0 MONEY_FORM Lots of money if you fill out a form

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases

Subject: {SPAM?} UBA



--0000000000002bdfd506567f8941

Content-Type: text/plain; charset="UTF-8"



--









Having reviewed all at 50.5 Million Dollars and your inability to meet

up with some charges levied against you due to the past transfer

options. We the Board of Directors, United Bank For Africa (UBA) has

ordered our Foreign Payment Remittance Unit to issue you a CORPORATE

VISA CARD where your payment will be uploaded and today we got notice

that your Payment has been uploaded into this CORPORATE ATM CARD and

also have registered it with DHL for delivery to you.

For your information, The delivery charges has been paid and they were

supposed to have shipped your packaged ATM CARD but they insisted that

you must re-confirm to them your current delivery address to ensure

accurate Delivery.



MOST IMPORTANT: Due to the content of the package, DHL mandated that

before your package will be shipped, A Tax/Stamp Duty MUST be procured

according to the New Customs Creed, and the essence of such Document

is to ensure a hitch-free delivery.



Therefore re-confirm your current delivery address:



1. Full Names.

2. Delivery Address.

3. Telephone Number.

4. Your country.

5. Your city.

6. Your Occupation.

7. Your Age.

8. Your ID card or passport copy.



--0000000000002bdfd506567f8941

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable






ature_prefix">--


-smartmail=3D"gmail_signature">




Having revi=

ewed all at 50.5 Million Dollars and your inability to meet
up with some=

charges levied against you due to the past transfer
options. We the Boa=

rd of Directors, United Bank For Africa (UBA) has
ordered our Foreign Pa=

yment Remittance Unit to issue you a CORPORATE
VISA CARD where your paym=

ent will be uploaded and today we got notice
that your Payment has been =

uploaded into this CORPORATE ATM CARD and
also have registered it with D=

HL for delivery to you.
For your information, The delivery charges has b=

een paid and they were
supposed to have shipped your packaged ATM CARD b=

ut they insisted that
you must re-confirm to them your current delivery =

address to ensure
accurate Delivery.

MOST IMPORTANT: Due to the c=

ontent of the package, DHL mandated that
before your package will be shi=

pped, A Tax/Stamp Duty MUST be procured
according to the New Customs Cre=

ed, and the essence of such Document
is to ensure a hitch-free delivery.=



Therefore re-confirm your current delivery address:

1. Full =

Names.
2. Delivery Address.
3. Telephone Number.
4. Your country.<=

br>5. Your city.
6. Your Occupation.
7. Your Age.
8. Your ID card =

or passport copy.









--0000000000002bdfd506567f8941--

Nigerian Spam from Google Gmail Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 09:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIUw-000000004BZ-2hI6

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 09:23:10 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 09:23:10 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f47.google.com ([209.85.208.47]:42415)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIMf-000000003mc-1b29

for doctor@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 09:14:47 -0600

Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-698aa7ba320so8085684a12.1

for ; Mon, 13 Jul 2026 08:13:49 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1783955623; cv=none;

d=google.com; s=arc-20260327;

b=MSkni18yRvv95m/Bq8dJtOvSL7y4Gj07S0D/3TxzZouKjL9vBVQ8mj7v4ypyKmJIY3

FevIiIvBp8Cfv2zKSBigrv+H77iA/mopGI508pyFlP+S4zNWFpCbII/8zvGa6HFPahzp

jb1OopHhr3PW61QupLEelORpsKns+pntXleBac6XaN+cesuhh2+y1IBU033cBZD5Lms+

8rlqnOOI4sLBLGgydlTSkz9td3L35H+Xn/HqIrBQlEaDUcJnUyw6oVxuXpTU/KjQ2pG7

Zgc3vYSMi4E9A3g8M03cbniCvU1gUw4djv44dq4KwMtznOaQWp/VP6ShdK+F84HoJTah

hD/Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=4o2PsA81q0jjfx3LcgICzsHVmd0NC0IoEFLX4/n71dE=;

fh=uf2+R6DJQMNn1AdO/87PoP5oVoU81Pbdu2D4TDp95nQ=;

b=OX/RvxUHUUzec0trBNsFp8onDlpporjkWM1bA1idzf4E8IlzDipGLb1ruxKgq/tLPj

+rBjmHYzpSYvCfB12rRwHohmz+eQJUU6BBb8gqukevZMSvgVdBclYQ+MaN8yHoXwXlrO

uwXf8UG3Gqysvov2Hs1Iv67MLbC+NjrCDBuqQI4ZusiajVgGMZy2fO7W3I7j1MlMXT3s

CGm4ZYf5UkmTfKDkO6pUeA3S1PLFYEdyzbMqmR0Rzvx4aFZut8UL6yAVIxWBa9yUVXs+

gzOpD7yk/JH418EInCZuomRzQ/5HQWGcty1aIp/eThZSqht7DAbhb9xVLcZwFIPoK9+3

abqQ==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1783955623; x=1784560423; darn=doctor.nl2k.ab.ca;

h=content-type:to:subject:message-id:date:from:reply-to:mime-version

:from:to:cc:subject:date:message-id:reply-to:content-type;

bh=4o2PsA81q0jjfx3LcgICzsHVmd0NC0IoEFLX4/n71dE=;

b=XfIrxDXhHolKK0a/r/OY2qlu/EDkAicbzi6Xk40s67YrA+qgRcxDTQoq4dSpf6vrhC

s2jxUao76ylpXnmmLhvsgDX+4RBHe+PaoEaxxYQ+1DC8cv1FqzAyE/RmGbpJp4UUj0xF

wW3cZOMyGuNwxA0yJtINJxVsiKTAh3NlRHlI3HC0VAGou21mWG7jq8stu2XW5974Jbtb

YbrwnN7FKYqboRSp4iiQRdSWKrwKyszJq1LmULE+a4iQ4URnfQYFbkJWb9OY2yzCXMX9

F/ifj+jR0LY//iWs2qe9E2sD7y2meDUfXKgYd8HztZBgkAnO8Mfm5fwdhhpQWdGt35oE

e69Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1783955623; x=1784560423;

h=content-type:to:subject:message-id:date:from:reply-to:mime-version

:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to:content-type;

bh=4o2PsA81q0jjfx3LcgICzsHVmd0NC0IoEFLX4/n71dE=;

b=pl0HDsPu0qwwHZkiQY3nJXyhzGLWoV0r2VgT/66hkeKmFkz5FCqBpXYfsyCeD6eNb8

b2MV6lKpG5LGOf65pby0d4017OlVgVgBWuMnqxd2eyvfWKUnmesnWsFZH5sdvKfd92dl

AhXNynxt1AXhtnSKnsw/dOXyDCfj2Po6U4sdqLRyN9CzEEKUjOCG/OJKDJ5fsFTdzomw

YjLg2BxGevwvJgpMT8jUvN6hzfXB5WXQ0Flw0tGMxHUjnE2fm5P2bwR1hVy50IWG3oyE

vEmSrqPSOhgP67ANuCmeVFoss9RI35x9UueJ5Foa9St4y1Trn+kTaNKo93ovMImCeCqt

faBQ==

X-Forwarded-Encrypted: i=1; AHgh+RoZ1s+lxngL5At+5LVgqh+nBOjsWTCAGnukqoDhJf+UcWviIMxLIKe+vmnpMLEGzT0kKBr6W+A=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YxTGEKrmij446fhV84GSbDx/vfGs+APqy4yPsMIi5q8XLAU9xoQ

it4905/1TbPinLwutTYlJthn6zE7ruJawdfMxFe5CXZnulkMEnBJ1/BPZZzqLcX0hoDC+iTtogE

T+xJUXL5ZpvBKi7rXohIk/WpdbKJjifE=

X-Gm-Gg: AfdE7cnWlnvIaEc3wNhDvvIgOI0unx3J3jvWnYRxQ4u+/61sbFro4QCq9lXPyGNXuWR

4RpCWe9k5Q0Ygvt6mz90y9wATL+X1IohqjyFBmxz/rAvFJiifiThXBOznsEgXFnDS8XUeWV8d8V

NXm1u+sWI6Lu+iit2xjAEeRYfb1/QKv5ts57A1M2zYYQaL0KIfTbGb7zhZpVKFeJoJkGS50KMpX

YeUqX1KBlMY6QG7PdXnXxs2Ntzb1zdJ/9lp8THQxbQdT5xzDkQj2YTJp4opDvleJmfUwDLn1gCw

uK+wcZIH1X77bDri/dzca8BDwGiVGbx2DuZp/zhFUEdo5KzLIyqUSFpH3+2zMyxG52H6V1XqRVa

ypeIHu/aEHFBra/fnGsbmBGp+rSYbQ3yEx+X3/Vczz5aBHwtab26NWCZ6NPeqQYHY/7Wp2l+Hwy

Cs8QJUtS4BX5OE7FQ/XQ==

X-Received: by 2002:a05:6402:1914:b0:698:3b7c:3b2e with SMTP id

4fb4d7f45d1cf-69c6375e0d9mr4249635a12.16.1783955622452; Mon, 13 Jul 2026

08:13:42 -0700 (PDT)

MIME-Version: 1.0

Reply-To: bank60073@gmail.com

From: "Mr. Phillip Edward"

Date: Mon, 13 Jul 2026 08:13:27 -0700

X-Gm-Features: AUfX_mwZSDICWFpTBJ8yjmBoFZf3WTqqeoB0J5Qv75sWEu06fmW3ci2_b0K1sBs

Message-ID:

Subject: UBA

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000002bdfd506567f8941"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 19.8

X-Spam_score_int: 198

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Having reviewed all at 50.5 Million Dollars and your inability

to meet up with some charges levied against you due to the past transfer

options. We the Board of Directors, United Bank For Africa (UBA) [...]



Content analysis details: (19.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.47 listed in dnsbl.ahbl.org]

[209.85.208.47 listed in dnsbl.ahbl.org]

[209.85.208.47 listed in dnsbl.ahbl.org]

[209.85.208.47 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.47 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.47 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.47 listed in dnsbl.ahbl.org]

Chinese products spam

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 09:23:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIUl-000000004Ab-3zjs

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 09:22:59 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 09:22:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [103.126.93.224] (port=39882 helo=mail-m93224.xmail.ntesmail.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjHdg-00000000Kx1-0mpT

for sales@nk.ca;

Mon, 13 Jul 2026 08:28:20 -0600

Content-Type: multipart/alternative; BOUNDARY="=_Part_40467_707796179.1783952825787"

To: sales

Subject: =?UTF-8?B?U3RpbGwgbG9va2luZyBmb3IgYSByZWxpYWJsZSBzdXBwbGllcj8=?=

X-Priority: 3

MIME-Version: 1.0

Received: from park@hxcarts.com( [10.139.0.42] ) by ajax-webmail ( [127.0.0.1] ) ; Mon, 13 Jul 2026 22:27:05 +0800 (GMT+08:00)

From: Lilly

Date: Mon, 13 Jul 2026 22:27:05 +0800 (GMT+08:00)

X-WM-Tid: 0a9f5bdfdd38d0c0kusy19fc8388d5ec

DKIM-Signature: a=rsa-sha256;

b=vqstBaXymFPZlYnKM23kBnblvoOKISSCQJ7LpDoRh1WmlAWOMZvXebWD6Iup3YPaCWex9KFcF8CO5O9g48B+CE9VvQn33t5uTYqo+iLqK7Vi2lhgpJu9lKkfxZHLLcT/idBm6SrL8dtYJHrzgpceF2DwTF4F6xjqCRkcfnJBsspZKoG5ARwnbJ7cbJFJklnAUha+HeNbVBneggKxtnq4bBct+rafV4lN5fHDLbDBSeFqo/C0621bjkFDzmWpVmJ9ath2aSF2bS7Fb+wbxIBAIWLfeLvrUkbQkLKXbYuuQA3lluddgIjReqBN8zrtn4Ets4/vKxWmJKGD392jG6M7sQ==; c=relaxed/relaxed; s=default; d=hxcarts.com; v=1;

bh=EIoqv49k0GvplcLrsUeBdR/ymgmzSpgrBpdeovlAQeA=;

h=date:mime-version:subject:message-id:from;

Message-ID:





Hi Sales,

Following up on my previous email – here's a quick overview of what we offer:

🚗 Golf Cart

- 48V-72v lithium battery or lithium battery

- Street legal (LSV certified)

- 2-seat/4-seat / 6-seat optional

- Price: $1,500-$4,000

🛺 Electric Tricycle

- 500W-1000W motor

- 40-50km range

- Lead-acid or lithium battery

- Price: $400-$2,800

All fully customizable – color, logo, specs.

Which model would you like to see a quotation for?

This is my WhatsApp. Feel free to reach out anytime if there's any issue. Whatsapp



Best regards,

Lilly

Anhui Huaxin Electric Technology Co., LTD

定制豪华区高尔夫球车锂观光车狩猎越野高尔夫球车中国制造

CE Approved Electric Fashion Golf Cart 4-wheel Drive 3-4 Seater 48V 5KW DOT Certified Sightseeing 30-50Km/h 90km

Electric Golf Cart



Q5

C5

C2



S722

S542

S322



















Continue receiving fresh tips and features by hitting . Go With Future News



To eliminate this communication, just hit Manage Inbox Flow.







Park





park@hxcarts.com





2026 USA Hot Sale Li-ion Battery 48V/72V Golf Cart Luxury Electric Golf Carts

Newly designed 4-seater gorgeous golf cart

定制豪华区高尔夫球车锂观光车狩猎越野高尔夫球车中国制造



Electric Golf Cart

Newly Designed Golf Cart Street Legal Lifted Off Luxury Golf Cart Car

Price Prezzi Under 500 Street Legal Golf Cart Lifted Off Golf Carts Electric



C5

Q5

C2





















Do not miss a product highlight: hit . Stay Engaged



Whenever you’d like fewer emails, use Edit Email Choices.







Park





park@hxcarts.com







在2026-07-10,Lilly 写道:



-----原始邮件-----

发件人: Lilly

发件时间: 2026年07月10日 周五

收件人: [sales ]

主题: Need a reliable supplier for golf carts?



Hi Sales,

We make golf carts and electric tricycles. Factory direct. Fully customizable.

What that means for you:

- 30-50% lower cost than most brands

- Your logo, your color, your specs

- CE/EEC certified – ready for your market

We deliver 800+ units monthly from our China and Vietnam facilities. If you're currently sourcing these products, I'd love to send you our catalog and price list. Would you be open to a quick look?

This is my WhatsApp. Feel free to reach out anytime if there's any issue.



Whatsapp

Best regards, Lilly Anhui Huaxin Electric Technology Co., LTD





Stay informed with our latest news and enhancements by selecting . Stay Connected



If emails aren’t for you, hit Change Preferences.





Enable regular insights and our product’s newest features by hittinging . Continue Updates



If you’d rather not get more emails, just hit Adjust Settings at any time.



Park





park@hxcarts.com







SMO spam from Microsoft Outlook Part 2

Content-Type: multipart/alternative;

boundary="_000_SEZPR06MB72900DA44E56FF79797C748AE4FA2SEZPR06MB7290apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR06MB7290.apcprd06.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 171720bf-0077-4951-470e-08dee0e8f2f4

X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2026 14:13:44.6094

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSNPR06MB8541



--_000_SEZPR06MB72900DA44E56FF79797C748AE4FA2SEZPR06MB7290apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,

Looking to reach more customers through social media?

We offer Facebook, Instagram, LinkedIn, YouTube, Pinterest & X marketing.

Can I send our proposal and pricing?

Thanks & Regards,

Anthony



--_000_SEZPR06MB72900DA44E56FF79797C748AE4FA2SEZPR06MB7290apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

Hi,



font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

Looking to reach more customers through social media?



font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

We offer Facebook, Instagram, LinkedIn, YouTube, Pinterest & X marketin=

g.



font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

Can I send our propo=

sal and pricing?



font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

Thanks & Regards,



font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);">

Anthony








--_000_SEZPR06MB72900DA44E56FF79797C748AE4FA2SEZPR06MB7290apcp_--

SMO spam from Microsoft Outlook Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Jul 2026 09:23:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjIUW-0000000049w-1Cy4

for dave@doctor.nl2k.ab.ca;

Mon, 13 Jul 2026 09:22:44 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Jul 2026 09:22:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19013087.outbound.protection.outlook.com ([52.103.43.87]:18955 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wjHR8-00000000K8V-3l8A

for sales@nk.ca;

Mon, 13 Jul 2026 08:15:21 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=aeJKhALqfPO/e/CukhCSG6OY2iC73Dm5oylAyW0AguuLf6esbbwNankbgRDrqMXQBf8qwlsIazFV98RYPq2zIrMP7YK7i0/NqLV3TiigjLHk8JB8XiL6i0GqXR4V0/AAfbdwsvZz0lkWFwfWU9QRWSE2XaL6JZFsnxYcYj+HB9JeRn5DIDpo6pdaAWkG9OG8PZzGKe3o+CJOBlTkyus0q936bxnjobFMTzcwI/3ZDbedKvDJBrseXECdVoLVoSoFK3eFi3pSrRSsDtKUNZIvu42tm2O45IMHecqoelsVKuDtGZTeKy+86DGxNmbnroTzId0NLUxkBMyHC3217x4cKQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=8g58dqUn+8Q7HZ2rdNVkUGjo2pk4Drus8kxwstj40rc=;

b=RrVtu/9LQm/1fvpImrJ7xoLDhRhv2jj51FGg+aOGQJs4XRiHNXjl6nH5S2GhWqD/raf2nhv6EnNAkJb4LqRa2+vEvic7R1z14t6LQJmrcG3/9/Cjq68lbPcPAtpR8hLECugJU/8Tsavx6OzqMyglng2W7hshLO5Etx5CgxvvBbBcH7t/SR9+vhd60KOv82CpI7PPTnfjM0wRh9Lbhof9XVURY6LXhOyNG5TDHSnBLPMZ1QvxyrpbOCreDo/n2T/mb5m5rkU41XUV85uXnLigCtEcsdpDRxCj1OAb8195wlTLlOzlQVrBzwxsyBDWxWZtAMF7YJ5gBRiOE9IhY2Mvlg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=8g58dqUn+8Q7HZ2rdNVkUGjo2pk4Drus8kxwstj40rc=;

b=QdsVkMXHEZ9wVl3/axdAnivZi48CqIwMGujxkCmB36FRjIKKucNuQmuAs38R1yHbcWyVEIUHsZWo+RyU4FWCpedBuwUCO3Vad36UX2PRux3bTwQoqmWLsQBwlOn52j0n8ljPVlJYFQHtsTaALOfdMgQ6QLgI2PrjYl5XggSM5ye4i4lvfdCWnebysqj9lZIEnMCwakDdkBshEI+tVTio8oZlfymS5UCLYnZuvGk1uemVuiHoWAHLjKgXKzCaBhnQsG5Mwi7JbYy84thhAruyZjBCjkkOcYmZvbMyoLVr9Bj9CpY+o5HA/KvM+JiuA8XoThq6BS5VLI+Mb2nFEOQlWw==

Received: from SEZPR06MB7290.apcprd06.prod.outlook.com (2603:1096:101:24f::11)

by OSNPR06MB8541.apcprd06.prod.outlook.com (2603:1096:604:495::13) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.202.19; Mon, 13 Jul

2026 14:13:45 +0000

Received: from SEZPR06MB7290.apcprd06.prod.outlook.com

([fe80::8685:2c67:b26:5d04]) by SEZPR06MB7290.apcprd06.prod.outlook.com

([fe80::8685:2c67:b26:5d04%4]) with mapi id 15.21.0202.018; Mon, 13 Jul 2026

14:13:45 +0000

From: Anthony Pratt

Subject: Grow Your Social Presence

Thread-Topic: Grow Your Social Presence

Thread-Index: AQHdEtHLkLivl0WjpkKpKw04JkIbWg==

Date: Mon, 13 Jul 2026 14:13:44 +0000

Message-ID:



Accept-Language: en-GB, en-US

Content-Language: en-GB

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR06MB7290:EE_|OSNPR06MB8541:EE_

x-ms-office365-filtering-correlation-id: 171720bf-0077-4951-470e-08dee0e8f2f4

x-microsoft-antispam:

BCL:0;ARA:14566002|55001999006|16051099003|45011099003|19110799012|8060799015|8062599012|7071999006|7042599007|15080799012|15030799006|24071999003|37011999003|24121999003|22091999003|39105399006|31061999003|2604032031799003|25010399006|20031999006|4140399003|704163111799003|39145399003|41105399003|40105399003|35041999009|12091999003|56899033|102099032|3412199025|440099028;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?Y28xYSEkdbrQduGMtmEEsZxxKpMKJmTU+X0dLECbKcLaJNBbkPGHRIXb5t?=

=?iso-8859-1?Q?eAchzspt7gp+UP8+s3Fjb4xJRA3aoSOfS4aDWs/aMpPBrmMbAsdQnfQOar?=

=?iso-8859-1?Q?2VuGnGdSrMEfkAj7mkceP37SNDvOtJmK2/xjNky7KwGeBlPxxmTiCQxzk6?=

=?iso-8859-1?Q?6Pqh4ofYQWfdL0M48vVU6eQbI/Qh6wTsEqBhwI60nN1ybWa5KIS7kawn0E?=

=?iso-8859-1?Q?x5rxh9ynrWIpsaCAPjongu4fe1iGMlrfF01fkdfP1tE05oHG0Vd3Shd+Xk?=

=?iso-8859-1?Q?tMKnI0nJJ7lLxsC5ElbEvohIjQt6EnAjBLQdhUsOgAfobDgpDti9Xlr7Ln?=

=?iso-8859-1?Q?mMqaO8V+aRFeQULi0Xbx9uqP2DmWd3dkYYj3S/jv+lb8pwO8ZE7Kv+9VlY?=

=?iso-8859-1?Q?LxxiW98cfekJ/DsFSNsrHqsKy5OslXP4kvrS9kiF9RPy8FM1B5wSutRS8q?=

=?iso-8859-1?Q?ahVyLFgv//0qYn6stm1kEyxscRHi/D8p2guerFzxXFOEinshAb8aM+O3Wg?=

=?iso-8859-1?Q?bL7weRZOUQ4EnSDb03aSVfHGNxflWkQdKmpqoGk1KexeDN07ns5GvKnOgf?=

=?iso-8859-1?Q?esiv3kSkUHKtL9/xY+5+/YST7hedh1/oG/psQG6lCTH4QYKCu+qf0sD7Lb?=

=?iso-8859-1?Q?bVTD58qlu3EUoDyztLHi+MntKW9cTzYNhNbTQPMNE4cBOtcKbFgG/uG9uU?=

=?iso-8859-1?Q?i0ipTOblhpTfzSzokNnYvrxsPm9mwU00YN98OCmqFiezO6wdG1XHOVmFPJ?=

=?iso-8859-1?Q?s614cxpxryl/YgtcGZ42Xo07gzgNTPsoasm0sGjLJsE9b/1/IUaZkWiUcg?=

=?iso-8859-1?Q?M45d6SM2d5xmpQ40Sn+O1nG4y4nPLd+sqJ4rHad+mUEMHOQXKLLFgcUNyv?=

=?iso-8859-1?Q?S5/t0qsgUYM+saag/uwj/sYlkVJY/dLDIs2uZjF93TS6ujesQ8bpoxd4Nu?=

=?iso-8859-1?Q?vXm03qO/phLqmPugsKytjkE0iNkFmBVzuwqY631Okk0Qdp6LnNolCTwYL0?=

=?iso-8859-1?Q?d6pjDW/t1EOpHoOELUria57PawNGsM7ChjV7hY4+pUoBH7ffiB4ZmF/EXx?=

=?iso-8859-1?Q?I41KB+YYV30DkKh2IyDzgaBhHEmBuN4w7x/3XdG6o9JHN8MIKRRWnF6Fur?=

=?iso-8859-1?Q?jGH+c053a+xI38u4EI3kRVlwRdU/33HKcGscHohKtVX9L520RcTr64ceBe?=

=?iso-8859-1?Q?6HHZFlB+kukCFselIqAe/fN9mF8lc7keglThztvqCwCj2L9jgcU6Y5vGab?=

=?iso-8859-1?Q?tMnDB1b3etUPS0oX/eNvK7RwmR9Lv589ts06rFu1W3fFk90FDwtB+H7f2W?=

=?iso-8859-1?Q?6A0t1i7Rt0mpKXrDY7YvFSXJfFJ9GjErjftyPb2wLdGXf4F05RV05K9puw?=

=?iso-8859-1?Q?mFViXGjTS74I25Xj+vd94tnqMpue0gAMg+7e6sOZE+OOkMZ7hTJLVGCu1u?=

=?iso-8859-1?Q?BvAQIULKOGsuHAMeKLWMkACdf3toX4W58hfHCZe6cy1z7m88gDV5Y+iMfH?=

=?iso-8859-1?Q?DZ0IeXB4zYE5Vj9kbwhk+JfglDPiU1nVCk3pBqWEAVcQ=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?vRFzHx3VcUfVNFC+sYgeh7YozO08mpqQ/h+lxnUcvxeSS6n5mdY9oAlTQG?=

=?iso-8859-1?Q?p7s2vJ9ZAP1GbaDZZTvL0cZJ/0d/CIm4XRjC7ZTkdSA5espU++XjUntF1a?=

=?iso-8859-1?Q?qtHIdKe7EEVoTKu8IqGLeE/v0IxZr22MOkp7zGBFC3lEfag77JmyPJPZyF?=

=?iso-8859-1?Q?LkMalCABmSvWjvzaSdBJvkfpyMUzkQPQ6OZmBWY5blRfCQJHfyq21GvCD3?=

=?iso-8859-1?Q?WedoxPOAkvqwXmMKFIExerRoUpaGT6lILrdzr1q229emiQmGegoHOjlwW1?=

=?iso-8859-1?Q?y3dcU+NSE9JrHLxFzoTgFrxMXz8RDH7IByxBs3Mb+RxBiyGoPLXYrxd3uy?=

=?iso-8859-1?Q?nyPuYFo+HK42kjDlPJKLSWvLQbvNYCAvKw2RFYxZEK3DEQyOHaJa65Qz7w?=

=?iso-8859-1?Q?PV02fAIL80iaPo4EIT+tG9r3pI4iVL4ykECPkkzbcw4PHhotzAXQ7xQMT0?=

=?iso-8859-1?Q?GL2Q5CRaJb7XF56PwL+PorhaFmZGLiylSXkwVONGXyNh4zzS8+QCSCSiCR?=

=?iso-8859-1?Q?ovsuxj4LMKwYRITJJT9m3aWxSk1PwaaqBZYkx9QabPjtr395Z01AFgDBv/?=

=?iso-8859-1?Q?OhdMsC/peI7feyWKq7B1mSa3hyHZpOoNj6dn3PFJ9V7zrAumWwwEtVJ1VH?=

=?iso-8859-1?Q?yHkQ5Ui+SOSAR+nGxmu96eZ6yWEJW3riFGIXp3JM/T7IRV+99e1Wmz8OFc?=

=?iso-8859-1?Q?juYV74rtcx7nkmdbwPR9Hh/sPTDCha+Oa2OOyABz4QY4wK0amggCd/diVy?=

=?iso-8859-1?Q?EF2ld+MhfGAB4I5YnY0JADev6pYiZj0aniilPW+K+vHlXooQgaaLXEmdsb?=

=?iso-8859-1?Q?qBb+0X0UJvq58cGeMYIPdx0u15XzBuxm8HMyq3AetDuXDGJgKWpfLEJGQO?=

=?iso-8859-1?Q?RVdlA8hxxmYLKfPw7xI8xCpHLl7kMrShahpL8KnxIBj0IYYHNGU6I3yvCb?=

=?iso-8859-1?Q?ryZqyzvZFW4K+Zvg9DGBiSYSnSur4pBsH6jsxBHciIqefMYzXhG6PkKTk0?=

=?iso-8859-1?Q?iJnfwnx+hBtTHoWWyuV2lV/XiOsaD6Xg+rsDUci8YOxybuCOcuCcHolapQ?=

=?iso-8859-1?Q?Z1ZEIiW5/kkEq4vsqfcsCwDXFkLDq5M29/ne9m+iWIQp6fYFRtAJY/I54A?=

=?iso-8859-1?Q?5IgCL9Sty43z/kXqG0/6ck1K3UQcKD2z5vdGQzAnvrC94BVZzbVTg2x1Vn?=

=?iso-8859-1?Q?k08Hvcq2wvVpOCLTymXwVGTFbyr+aCLXTmLCLlanalKJR4fo/pfwKH05kp?=

=?iso-8859-1?Q?OSeYsA7gbB9w0oj/Jaf/Qiro52jRj62o/Xt1NmH0lmECkxoEYgWcERScDy?=

=?iso-8859-1?Q?+cmTMgLyLDEDgtiieeUoa3VA+0o0rc305EBRtDzZGQzbdpXm9w3AejkQhu?=

=?iso-8859-1?Q?5x+iRKkR/xX2rETDqWJ1E7U4BZu4qj/bkNf72ZCjxqcpaEJqxB9EuEcm5u?=

=?iso-8859-1?Q?P9wwmFVOqNaNR5kX?=