Document phish from Sendgrid

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 21:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQGce-000000002X0-2SNA

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 21:32:28 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 21:32:28 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.wrqvtnrb.outbound-mail.sendgrid.net ([149.72.114.91]:60388)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQEYn-00000000PLr-1sS6

for doctor@nl2k.ab.ca;

Thu, 21 May 2026 19:20:29 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=empverify.com;

h=subject:from:mime-version:content-type:date:to:cc:content-type:date:

from:subject:to;

s=s1; t=1779412720;

bh=iv4LvqVjGodypmUgYOths5WMgxCKkkmBTxarGGtbEiQ=;

b=kAvLQkWTpftw5lq8YAwtsQxUpEErxSNJmqkL83NC59AObFJz2qOYdSvTVbPxg1mFbA1j

K7u/AHMgJUMx3raJZyZa5hs1s+g4G7Mp7pCxM9QcvBaxUOXytJyhNl2YVhBvUIW2nQSgQo

z4PW3W4TzXfcprErBCJ26BZ/5MdJnbjBKfD+LHSUxjZ5yWeJ6qpg8dxzyNzacsgMp/bXmm

kQ9OB8nFRQqp8OlTrWS2daEMT/b78Ldn00D+J7AT1J4WfFfFoLnU9VKto8ZzKs7SifFctk

wMMQGL2GmJuJ8blvekZAavgVaaIo7DvCZW8vw9LDi5/Jsqy2+fGw4wq4VO7Nigrw==

Received: by recvd-6dc99dfcc-kmflc with SMTP id recvd-6dc99dfcc-kmflc-1-6A0FAEF0-57

2026-05-22 01:18:40.636401412 +0000 UTC m=+2000838.168727825

Received: from [185.161.208.213] (unknown)

by geopod-ismtpd-0 (SG)

with ESMTP id G0l_Rt7MQq-ti815lW-3Qg

for ;

Fri, 22 May 2026 01:18:40.563 +0000 (UTC)

Subject:

From: Doctor

MIME-Version: 1.0

Content-Type: multipart/related; boundary="===============67409873226141853702=="

Message-ID:

Date: Fri, 22 May 2026 01:18:40 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2EtEEv7EM7uSpW62rZ7UH0GP=2FJ=2Fh9mnSsjb2wcFT=2FPQAMNaIViiXhxGwGmf?=

=?us-ascii?Q?DvfEPFIf4gjizz20yJIibEdrhPm2A0mESfdi=2FO2?=

=?us-ascii?Q?JrVFX1PYn8hPIi9MH9IdN=2FoMz+5AGJIUsAlwZC2?=

=?us-ascii?Q?ot5jMTgHoPkTIT19kgsuKQZBJ69pj+62qok3qhP?=

=?us-ascii?Q?Rc3VMxXJ=2F50JjN6HHmCHiavml2WmcMKfPuDm+ZP?=

=?us-ascii?Q?8AHxQuKffnN4yb75keKkAQ=3D?=

To: doctor@nl2k.ab.ca

X-Entity-ID: u001.aET258zFD/ldDHwUwbLSRw==

X-Spam_score: 33.3

X-Spam_score_int: 333

X-Spam_bar: +++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Doctor Internal Update



Content analysis details: (33.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[149.72.114.91 listed in dnsbl.ahbl.org]

[149.72.114.91 listed in dnsbl.ahbl.org]

[149.72.114.91 listed in dnsbl.ahbl.org]

[149.72.114.91 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

[149.72.114.91 listed in will-spam-for-food.eu.org]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[149.72.114.91 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[149.72.114.91 listed in bl.score.senderscore.com]

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?}



Doctor Logo

Doctor

Internal Update

Document Ready for Review



Hi Doctor,



A new file has been added to your Doctor workspace and is now ready for review.



Please review the document before it expires on May 21, 2026.

Review Document →

Doctor

Automated Notice



Document phish from Sendgrid

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 21:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQGca-000000002Wl-1pve

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 21:32:24 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 21:32:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.wfbtzhsq.outbound-mail.sendgrid.net ([159.183.224.100]:38836)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQEYs-00000000PLq-2qQz

for doctor@doctor.nl2k.ab.ca;

Thu, 21 May 2026 19:20:34 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=empverify.com;

h=from:subject:mime-version:content-type:date:to:cc:content-type:date:

from:subject:to;

s=s1; t=1779412720;

bh=TDTNaJqSUnr4JCy7vVZdJIgZ25XLTNRsQmbVV5vO+JE=;

b=U2quqwC8rXYyP8tZ64/KuVWKxsusMP7wyi9a6cWI0CFO0QYYMTaBPKPP6F7xp8G5FWlQ

U7nzDd2k72H7sTdOrI/CCZmAHNqDolmXdiVUIHiKG/3J29VItFlJ9o0j/GPIBXS1QeRHJK

8oGM3u/8vMEKfogVS4D1Uaw+9i8NTjzzQYIZ0JSLwybUNumCDGpLpcX6vEiTWZrrOqrnsK

+f4u9THpJPiqSkKdDX1Je3i7aLWQZuHin+32bChYwXrLWp9r3wXryknvUPgMdLZFN0fQUy

CJU8GNIVKctaeYSkX1fpd3cy95lvkSSePanLamWbLAg6pderit1a6EmPqrVxUpCg==

Received: by recvd-5744f687b-9rlmj with SMTP id recvd-5744f687b-9rlmj-1-6A0FAEF0-44

2026-05-22 01:18:40.505790118 +0000 UTC m=+2000490.984851486

Received: from [185.161.208.213] (unknown)

by geopod-ismtpd-16 (SG)

with ESMTP id bxIIZDTASSywXUxHuMxk9w

for ;

Fri, 22 May 2026 01:18:40.391 +0000 (UTC)

From: Doctor

Subject:

MIME-Version: 1.0

Content-Type: multipart/related; boundary="===============45158735235125019587=="

Message-ID:

Date: Fri, 22 May 2026 01:18:40 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2EtEEv7EM7uSpW62rZ7UH0GP=2FJ=2Fh9mnSsjb2wcFT=2FPQAMNaIViiXhxGwGmf?=

=?us-ascii?Q?DvfEPFIHXHL5TkWSp+tS0enx7ezPjl5otVfQE9P?=

=?us-ascii?Q?+hOPHzWPwgzJWGB7a1x3DtbQ2J+8CQ1OhbJPWtn?=

=?us-ascii?Q?oncSnQwm3zCdItD0Yy1BM1y=2FvaE+Gib3MPcvmFX?=

=?us-ascii?Q?VuKE4UkzmCm2U1lnrKesY8aEkQLVhfa2xyc6b3P?=

=?us-ascii?Q?3IspgR+hZut1qs5AryQHh4=3D?=

To: doctor@doctor.nl2k.ab.ca

X-Entity-ID: u001.aET258zFD/ldDHwUwbLSRw==

X-Spam_score: 33.1

X-Spam_score_int: 331

X-Spam_bar: +++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Doctor Internal Update



Content analysis details: (33.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[185.161.208.213 listed in dnsbl.ahbl.org]

[159.183.224.100 listed in dnsbl.ahbl.org]

[159.183.224.100 listed in dnsbl.ahbl.org]

[159.183.224.100 listed in dnsbl.ahbl.org]

[159.183.224.100 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.161.208.213 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[185.161.208.213 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

[159.183.224.100 listed in will-spam-for-food.eu.org]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[159.183.224.100 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.183.224.100 listed in wl.mailspike.net]

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

Subject: {SPAM?}



From:

Doctor

Date:

5/21/26, 19:18

To:

doctor@doctor.nl2k.ab.ca



Doctor Logo

Doctor

Internal Update

Document Ready for Review



Hi Doctor,



A new file has been added to your Doctor workspace and is now ready for review.



Please review the document before it expires on May 21, 2026.

Review Document →

Doctor

Automated Notice

Nagindas Khandwala College phish From Google User

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 22 May 2026 11:49:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQTz1-000000001NC-2hD4

for dave@doctor.nl2k.ab.ca;

Fri, 22 May 2026 11:48:27 -0600

Resent-From: The Doctor

Resent-Date: Fri, 22 May 2026 11:48:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 138.191.192.35.bc.googleusercontent.com ([35.192.191.138]:59290 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wQPQi-00000000P02-3vZE

for root@nk.ca;

Fri, 22 May 2026 06:56:52 -0600

Content-Type: multipart/related; boundary="===============1254440665516529268=="

MIME-Version: 1.0

From: "Nagindas Khandwala College ."

To: root@nk.ca

Subject: =?utf-8?q?Completed=3A_Shared_via_ShareFile_=E2=80=93_Nagindas_Khandwala_College_shared_a_summary-Bonus=5FStatement=5F2026=2Epdf__Contact=2E?=

X-Priority: 2

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Reimbursement Summary Nagindas Khandwala College shared a

summary Shared from Nagindas Khandwala College Finance • 23 May, 2026



Content analysis details: (6.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.4 MISSING_DATE Missing Date: header

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[35.192.191.138 listed in dnsbl.ahbl.org]

[35.192.191.138 listed in dnsbl.ahbl.org]

[35.192.191.138 listed in dnsbl.ahbl.org]

[35.192.191.138 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[35.192.191.138 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[35.192.191.138 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[35.192.191.138 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[35.192.191.138 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

[35.192.191.138 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 TVD_RCVD_IP Message was received from an IP address

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[35.192.191.138 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.8 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

1.0 XPRIO Has X-Priority header

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

Subject: {SPAM?} =?utf-8?q?Completed=3A_Shared_via_ShareFile_=E2=80=93_Nagindas_Khandwala_College_shared_a_summary-Bonus=5FStatement=5F2026=2Epdf__Contact=2E?=



--===============1254440665516529268==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



Nagindas Khandwala College shared a summary

Shared from Nagindas Khandwala College Finance • 23 May, 2026

Hi Root, your reimbursement summary for the current period is available.



Two items need additional documentation before processing.

XLSX

Reimbursement_Summary_Root_2026.xlsx

310 KB • Spreadsheet

2 sheets • Updated today

Open in Excel

Shared from Nagindas Khandwala College. If you were not expecting this email, you can safely ignore it.

Canada Revenue Agency Phish from Japan

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 16:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQBuJ-000000003YA-3Fh4

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 16:30:23 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 16:30:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp1.kagoya.net ([153.127.234.3]:43938)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQA4G-00000000JeR-4A1h

for www@nl2k.ab.ca;

Thu, 21 May 2026 14:32:42 -0600

Received: from kagoya.net (act03.kagoya.net [133.18.75.69])

by smtp1.kagoya.net (Postfix) with ESMTPA id 56490608AB5D1;

Fri, 22 May 2026 05:26:55 +0900 (JST)

MIME-Version: 1.0

Message-ID: <20260521202655.0002E129.0152@kagoya.net>

Date: Fri, 22 May 2026 05:26:55 +0900

From: "Canada Revenue Agency (CRA)"

To:

Subject: Important Document

Content-Type: multipart/alternative;

boundary="-----ELU8WU74L82UYT.RFTZEWYE25FQ28T0_0_0002E129"

X-Priority: 3

X-MAILER: Active! mail



This is a multi-part message in MIME format.



-------ELU8WU74L82UYT.RFTZEWYE25FQ28T0_0_0002E129

Content-Type: text/plain; charset=US-ASCII

Content-Transfer-Encoding: 7bit





Changes On Your Canada Revenue Agency (CRA)

Canada Revenue Agency (CRA) sent you an important document to review and sign.

Review Document

If you have any questions or need assistance, feel free to contact us.

CRA

Canada Revenue Agency



Please do not reply to this email, as it is for notification purposes only.

This is an automated notification. Please do not reply to this message directly.



-------ELU8WU74L82UYT.RFTZEWYE25FQ28T0_0_0002E129

Content-Type: text/html; charset=US-ASCII

Content-Transfer-Encoding: 7bit









Changes On Your Canada Revenue Agency (CRA) 




Canada Revenue Agency (CRA) sent you an important document to review and sign.



If you have any questions or need assistance, feel free to contact us.

CRA
Canada Revenue Agency





 



Please do not reply to this email, as it is for notification purposes only.


This is an automated notification. Please do not reply to this message directly.















-------ELU8WU74L82UYT.RFTZEWYE25FQ28T0_0_0002E129--



Canada revenue phish from Japan

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 16:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQBuD-000000003XX-18PZ

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 16:30:17 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 16:30:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp3.kagoya.net ([]:44344)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQA8E-00000000K2y-1nGQ

for doctor@nl2k.ca;

Thu, 21 May 2026 14:36:46 -0600

Received: from kagoya.net (act02.kagoya.net [133.18.75.68])

by smtp3.kagoya.net (Postfix) with ESMTPA id 03C69663319B7;

Fri, 22 May 2026 05:26:24 +0900 (JST)

MIME-Version: 1.0

Message-ID: <20260521202623.0000F8AB.0116@kagoya.net>

Date: Fri, 22 May 2026 05:26:23 +0900

From: "Canada Revenue Agency (CRA)"

To:

Subject: Important Document

Content-Type: multipart/alternative;

boundary="-----FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB"

X-Priority: 3

X-MAILER: Active! mail



This is a multi-part message in MIME format.



-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB

Content-Type: text/plain; charset=US-ASCII

Content-Transfer-Encoding: 7bit





Changes On Your Canada Revenue Agency (CRA)

Canada Revenue Agency (CRA) sent you an important document to review and sign.

Review Document

If you have any questions or need assistance, feel free to contact us.

CRA

Canada Revenue Agency



Please do not reply to this email, as it is for notification purposes only.

This is an automated notification. Please do not reply to this message directly.



-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB

Content-Type: text/html; charset=US-ASCII

Content-Transfer-Encoding: 7bit









Changes On Your Canada Revenue Agency (CRA) 




Canada Revenue Agency (CRA) sent you an important document to review and sign.



If you have any questions or need assistance, feel free to contact us.

CRA
Canada Revenue Agency





 



Please do not reply to this email, as it is for notification purposes only.


This is an automated notification. Please do not reply to this message directly.















-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB--



Canada Revenue Phish from Japan

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 16:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQBuD-000000003XX-18PZ

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 16:30:17 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 16:30:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp3.kagoya.net ([153.127.234.5]:44344)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQA8E-00000000K2y-1nGQ

for doctor@nl2k.ca;

Thu, 21 May 2026 14:36:46 -0600

Received: from kagoya.net (act02.kagoya.net [133.18.75.68])

by smtp3.kagoya.net (Postfix) with ESMTPA id 03C69663319B7;

Fri, 22 May 2026 05:26:24 +0900 (JST)

MIME-Version: 1.0

Message-ID: <20260521202623.0000F8AB.0116@kagoya.net>

Date: Fri, 22 May 2026 05:26:23 +0900

From: "Canada Revenue Agency (CRA)"

To:

Subject: Important Document

Content-Type: multipart/alternative;

boundary="-----FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB"

X-Priority: 3

X-MAILER: Active! mail



This is a multi-part message in MIME format.



-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB

Content-Type: text/plain; charset=US-ASCII

Content-Transfer-Encoding: 7bit





Changes On Your Canada Revenue Agency (CRA)

Canada Revenue Agency (CRA) sent you an important document to review and sign.

Review Document

If you have any questions or need assistance, feel free to contact us.

CRA

Canada Revenue Agency



Please do not reply to this email, as it is for notification purposes only.

This is an automated notification. Please do not reply to this message directly.



-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB

Content-Type: text/html; charset=US-ASCII

Content-Transfer-Encoding: 7bit









Changes On Your Canada Revenue Agency (CRA) 




Canada Revenue Agency (CRA) sent you an important document to review and sign.



If you have any questions or need assistance, feel free to contact us.

CRA
Canada Revenue Agency





 



Please do not reply to this email, as it is for notification purposes only.


This is an automated notification. Please do not reply to this message directly.















-------FVNGIR5OT.RN46RKMCSQKPF7A3.09SJ_0_0000F8AB--



Company representative spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 13:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ9Tp-00000000Fm4-35tE

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 13:54:53 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 13:54:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [122.199.230.242] (port=38580 helo=mail.vtopia.co.kr)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ8uJ-00000000Btq-19Bi

for root@nk.ca;

Thu, 21 May 2026 13:18:21 -0600

Received: by mail.vtopia.co.kr (Postfix, from userid 1002)

id 82D17346A7; Thu, 21 May 2026 08:01:44 -1100 (SST)

Received: from [62.60.130.106] (unknown [62.60.130.216])

by mail.vtopia.co.kr (Postfix) with ESMTPA id 1D7382941A

for ; Thu, 21 May 2026 08:01:39 -1100 (SST)

Content-Type: multipart/mixed; boundary="===============1949812648329625108=="

MIME-Version: 1.0

Subject: COMPLY IF INTERESTED

From: Jacob Cheng

To: root@nk.ca

Reply-To: jacobcheng717@gmail.com

Disposition-Notification-To: stowefitzgerald@gmail.com

Return-Receipt-To: stowefitzgerald@gmail.com

X-Mailer: SMTP Load Balancer

Message-ID: <578672dc-ecb7-44b4-9aba-391d1e3fa344@122.199.230.242>

Date: Thu, 21 May 2026 08:01:44 -1100 (SST)

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, Our Company seeks a reputable representative in

your region, are you available for communication? Good day, Our Company seeks

a reputable representative in your region, are you available for [...]



Content analysis details: (17.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[122.199.230.242 listed in dnsbl.ahbl.org]

[122.199.230.242 listed in dnsbl.ahbl.org]

[122.199.230.242 listed in dnsbl.ahbl.org]

[122.199.230.242 listed in dnsbl.ahbl.org]

[62.60.130.216 listed in dnsbl.ahbl.org]

[62.60.130.216 listed in dnsbl.ahbl.org]

[62.60.130.216 listed in dnsbl.ahbl.org]

[62.60.130.216 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[122.199.230.242 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[122.199.230.242 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[122.199.230.242 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[122.199.230.242 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[62.60.130.216 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

[122.199.230.242 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[62.60.130.216 listed in sbl-xbl.spamhaus.org]

[62.60.130.216 listed in sbl-xbl.spamhaus.org]

[62.60.130.216 listed in sbl-xbl.spamhaus.org]

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[62.60.130.216 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[122.199.230.242 listed in bl.score.senderscore.com]

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[jacobcheng717(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.5 GB_FREEMAIL_DISPTO_NOTFREEM Disposition-Notification-To/From contain

different freemails but mailfrom is not a

freemail

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.5 GB_FREEMAIL_DISPTO Disposition-Notification-To/From or

Disposition-Notification-To/body contain

different freemails

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} COMPLY IF INTERESTED



--===============1949812648329625108==

Content-Type: multipart/alternative; boundary="===============6128958714502388886=="

MIME-Version: 1.0



--===============6128958714502388886==

Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit



Good day, Our Company seeks a reputable representative in your region, are you available for communication?

--===============6128958714502388886==

Content-Type: text/html; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit



Good day, Our Company seeks a reputable representative in your region, are you available for communication?

--===============6128958714502388886==--



--===============1949812648329625108==--

Geek Squad phish from Microsoft Outlook Part 4

Posted by Dave Yadallee on
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

1.0 HK_RANDOM_FROM From username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.1 TW_RW BODY: Odd Letter Triples with RW

0.6 MEGALONGWORD BODY: Uses really overlong words

0.1 TW_VW BODY: Odd Letter Triples with VW

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

0.1 TO_IN_SUBJ To address is in Subject

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Geek_Squad_Renewal_Transaction_Record_=40_?=

=?UTF-8?Q?=C5=A1t_21=2E_m=C3=A1j_2026_=28cynthiaperez389903=40groups=2Eoutlook=2Ecom=29?=





Haresasz Nxysarwsa has invited you to Geek Squad Renewal Transaction Record

Title: Geek Squad Renewal Transaction Record

Location: https://meet.google.com/wyb-anea-vwh

When: May 21, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Client,



We are pleased to notify you that the Geek Squad 365 Advanced Protection Plan has undergone a successful renewal for another three-year term.



The required amount of $214.99 was charged against your saved payment option. Please wait up to twenty-four hours for this activity to reflect on your personal bank account statements.



Transaction Overview:

Item: 365 Advanced Protection Plan

Span: 3 Years

Charged: $214.99



If this charge is unfamiliar or unauthorized by you, dial our Billing Specialists right now at +1 808 755 9135 to request instant and complete cancellation help.



Thank you for continuing to prefer Geek Squad for safety.



Respectfully,

Geek Squad Billing Team



-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Pripojiť sa cez Google Meet: https://meet.google.com/wyb-anea-vwh



Viac o službe Meet sa dozviete na https://support.google.com/a/users/answer/9282720



Túto sekciu neupravujte.

-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Attendees:



cynthiaperez389903@groups.outlook.com



Geek Squad Renewal Transaction Record

Pripojiť sa cez Google Meet – Dear Client, We are pleased to notify you that the Geek Squad 365 Advanced Protection Plan has undergone a successful renewal for another three-year term. The required amount of $214.99 was charged



Pripojiť sa cez Google Meet

Odkaz na stretnutie

meet.google.com/wyb-anea-vwh

Dear Client,



We are pleased to notify you that the Geek Squad 365 Advanced Protection Plan has undergone a successful renewal for another three-year term.



The required amount of $214.99 was charged against your saved payment option. Please wait up to twenty-four hours for this activity to reflect on your personal bank account statements.



Transaction Overview:

Item: 365 Advanced Protection Plan

Span: 3 Years

Charged: $214.99



If this charge is unfamiliar or unauthorized by you, dial our Billing Specialists right now at +1 808 755 9135 to request instant and complete cancellation help.



Thank you for continuing to prefer Geek Squad for safety.



Respectfully,

Geek Squad Billing Team

Kedy

štvrtok 21. máj 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Geek Squad phish from Microsoft Outlook Part 3

Posted by Dave Yadallee on
Content preview: Geek Squad Renewal Transaction Record štvrtok 21. máj 2026

Pripojiť sa cez Google Meet https://meet.google.com/wyb-anea-vwh?hs=224

Dear Client,



Content analysis details: (17.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.10.73 listed in dnsbl.ahbl.org]

[40.93.10.73 listed in dnsbl.ahbl.org]

[40.93.10.73 listed in dnsbl.ahbl.org]

[40.93.10.73 listed in dnsbl.ahbl.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[209.85.221.72 listed in dnsbl.ahbl.org]

[209.85.221.72 listed in dnsbl.ahbl.org]

[209.85.221.72 listed in dnsbl.ahbl.org]

[209.85.221.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.10.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.10.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.10.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.10.73 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[209.85.221.72 listed in will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:cafe:0:0:84 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:510:2cf:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

[40.93.10.73 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.10.73 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.10.73 listed in wl.mailspike.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.10.73 listed in list.dnswl.org]

Geek Squad phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on
X-Microsoft-Antispam-Message-Info:

=?utf-8?B?WUpuUDRWS1RZeU5zdlIzRUNXbWZoMGpibERtTUdBSW1hdTlTNGVFQWhZNkxY?=

=?utf-8?B?ZS9NNk1QNG9mZ3RqSXZzUXZkS1VtQUFzK3hBNFVoY2xCS1lxZGRPSzBSWC9z?=

=?utf-8?B?RmYwOVcvdFJBVnYwUzE1Njd2dERzSzlDaDdwaVRoY0owYytRNzh5RlloR1R6?=

=?utf-8?B?RFg1L3MxRWp1ZWR6MkpGbUFISE1MOGJzelJ2bk5NdVVkRWFBNVJsQnhwbjYr?=

=?utf-8?B?Y2tDTk5EVWxmOE1uU0tvR20vRG93emxaUi9yc1RrTisvZS8vbGpSeGNtamtF?=

=?utf-8?B?OTNmREVFUWxhdklUYmhDOHFvRHIwRjNwTEJSOVM3VFk2UU02d1JJeUF5VDdw?=

=?utf-8?B?dHV3UFQyUW1JK2JuOVhTWnA1U1RrSjZnVzhOTFF6b2dEcjg4NlNmL1VXZGo2?=

=?utf-8?B?NmRGN0RGL29EOHBQWFRCdEF1MmhyU2xXcjFndnV5alVLc1d4cUx1SXNzM2E1?=

=?utf-8?B?QW9kblV5ZUt5dU5vOGt4Z3lLQ3hLeE92c2czTVZEaHBxMFpWL3ZseUNMdE5V?=

=?utf-8?B?emFtSHFYajQvT2svZjY4MHp3dHR1K2ZLWmRsWVhGZ2dMS1VJeWw2eGZnNE1i?=

=?utf-8?B?V1JZMXJ5TEVSa1RNWmlvTzF0L1QwWWpQeVFiMHZaYXBXOE9XUHE3bmpQVzFR?=

=?utf-8?B?clNQdE9BNENrM2pWTFJiV1I1dFo4K0t6MlZDMzVxUGVzVk9mSCtHSXhIYWo2?=

=?utf-8?B?WlNCd0ZoeUlOcEJtdlYyVGlLK0JwcGJvaUlpRGNNSThwQmx4SitSM2dZd1Z4?=

=?utf-8?B?YXJrT0E0bURkWjc0bkIyaFJYSkZWUUxOVEtTMDVGWktqV2diV1M2S280QStM?=

=?utf-8?B?OE1DcEF5NzJNa2VsZzRBdSt2S0hYNGRaUlplMy9EQXBPSmZjWklKcThBUnh3?=

=?utf-8?B?QVNtWHB0U21zYzl6TjZMU0IwQnJqc3QzcjVvSUhOUTZuSTRuWlFUK1M2NnhE?=

=?utf-8?B?ajhqQmpxNzM1VkFpQnB0V3hXbjAvdW1SMFNITWttV2t3bVJ5UUU5ZG1IbXhG?=

=?utf-8?B?WkE4MHY2aXF1YVFDcCs2czFCeGJoVTZSc1d0Y1FHbnNLTmNKNWlZRFJna2g4?=

=?utf-8?B?c0grQ1dHUmI2TTVXYy9FSzlTbG1rK2FTbTdUUEVzNnBkLy91RC9hQ2Vra0dm?=

=?utf-8?B?RkFZZThpakVtZGZRbmhuaC9SRno5Y3ZHeWV4djNHTlJHcFllOHpPL2Vidlh5?=

=?utf-8?B?SUdvcGFlRnpZYktLTk5PUTJCUXF0ZHdVNEVQU2kxVHZkMGdqV3ZJR3VTSEY5?=

=?utf-8?B?dGRxS3NzckhtTGFRRzFiVWpXWlBzcUhEdHdzNy9xMDQ5N0JOeEZKT1FjQzBq?=

=?utf-8?B?SkpPS1NpVUNBa0Q5dVpoSW5zR0JhdU9HUFZacFMvdEYwSmRXdUU2ZTVxNlEw?=

=?utf-8?B?SWVPR2VGeHhJVFUzYVlJNUxvQllseGFacmJmMmY2UERBbm0yZFNCTlFOKzBG?=

=?utf-8?B?WTFvcFNEQ3JoSzQyOUFGS3ZTVDg4bUpUUjdiR1JycHV3TlI3MjRUZ3FUd3JB?=

=?utf-8?B?TjI2S3RoVmlaT205aU5UelFISVl1Z09SNG1uR2RpRWxtL0RSdjRXR1NIRHp3?=

=?utf-8?B?S09vdlc0SWxMT014WVQ5a2x2Ri9aWUpqbGFDeHpGQThsYlhUcGo2SEF0MHRV?=

=?utf-8?B?N2NFTUkxaWZOdEdJRXZ1bjI0bDJFWkxubllxcmo4OXRGR2ZmdmxTUnJRM0VI?=

=?utf-8?B?cnRjSXN0ZEpGV1F4emJSV25McE1JMm4yYWxBN3d4anorRDRKb3ZFVHh0Qksr?=

=?utf-8?B?SVpQQjI4a1NKNnE0R0V1VmNkazZkSW5qWGVPdEttb3RqVkcxdGh4Ulh2MWcy?=

=?utf-8?B?emFXVGZXTm5MQWdzTTRhenQzQUlPWVVHRGN4OGY1MzZmdjZGdVBwUVRtdFRW?=

=?utf-8?B?UDFJa2JqM25vNTVidXFPMGlDQnRCSUlleVBJY3RtNE1uZnJqdmxHQVoxN3Zt?=

=?utf-8?B?aEhIZnpzV1RPTUZWbEZMdGlFaFg4Y1p2anUrSTBvRnFjODlEMlJISUc4L3Rh?=

=?utf-8?B?SUp5N2hhZTliSjZhKzlDTER0Ujk3Y3hyWGZ4b09Xc1F4a2J2Mnc2Rm9RRFNr?=

=?utf-8?B?MGhLMTYrZys2ZWtyb1N6S2NrM1poR0dWNHVmTzgyRnlYQkxVZXRpc05xYWhH?=

=?utf-8?B?aVJjT3BBWEU0cldVdUxmaTZGdzJ6NSt0SmhjV1VPRmI5MS9WSkM3NTl1VndE?=

=?utf-8?B?R1E4MjB6TFpuc1hSbVZWclRvUzZoTGtJa0I1RVhNZ2dkMk5LQXNqTnhScEpr?=

=?utf-8?B?ZThEamkyTExyZ1BMMW5CQktZaHdDNkYzc1FWdHJWRy9Ob2dPajUwcjI0eGVa?=

=?utf-8?B?aW5YM1IrRFBGbks5bU1uYXJiQUR0V3hXdnZRSXdLd0dCc3NKQ052cVpJZjdx?=

=?utf-8?B?emFldFVZWmorTXNxQ2o4SDc3clYybDBEby9IVWM1ZjVlS0hNaElpSkJuZ2I0?=

=?utf-8?B?ZnNmOElPYzlLRUZ4d2RMUnBOTzJ5clN6OVB1UHZJd2FneHpWeFJPTHlMNUdl?=

=?utf-8?B?M01oNHJocmsxUG0xbFE3clNJdGtRb2VySURlK3JjOENlMklHY1NZVE5VejBD?=

=?utf-8?B?bVdGY3E2bzNYSEt2QlV1dFhEVCsweTVvUVIrSjFCWVBLZE8zSnh0QWNFb2lk?=

=?utf-8?B?c2daY1FZUms4dWRMUnN0Mll6TVlvTzNqb21LSk9iOHg3QlNzeml3K0xWbHFl?=

=?utf-8?B?NkMzcUs1UEVVNWtHWUtjdlJDbUQxTFRjUURPcCtqQXhJa1grRm5EU0F4MWNQ?=

=?utf-8?B?dXRqVEpGRXRqWE9zTjZ1OXRleUxnWXlSYUJmUWd1UXgwc3A1YXpPWld4dGRz?=

=?utf-8?B?RmVVVUFtOS9BeE1TY010b29wYlN3ZEx3SHlXZ2tpVVdnU0xjTCtXSE5yS2Q5?=

=?utf-8?B?eG9FMzUxQk9heCtuV2FvejkvR0xJWUF2QkJEZWtYR2dnbVNjSlZLL2hQalpB?=

=?utf-8?B?OVhNVHpxeEJZQUpVZXdjQ0ZLT0xKY3ZQUGtLdEs3cERHdXRPQW5YSFZKVTNT?=

=?utf-8?B?YlFjeFU2ckV5cjQ1ZHhYWUhvL1NxeWMxWnFpRzFpeURMbU9LTnF4YUVHQXZl?=

=?utf-8?B?alpWQVlyVDBGZndrNzFDbnU1VlRzNHFoODB4bUx5V05MdGxsWmd5SFhWQ0Jj?=

=?utf-8?B?dnFkS1pHTlZybU5rZWM4SUJvelJpcWNVNzJkN0Fwc3dJZ05jZ1ZSWEZyTGFH?=

=?utf-8?B?OGVkZWUyRHJJQ1g4amJYckRTdUZ3WVdvVVRmbXl1RzNiZy9rempvRW5Od2N0?=

=?utf-8?B?KzVmczROWGgvbUN5eVhvRUw2UmJnd3lwNll6MXd0eUxXN2xwdzRaNTI0Qk82?=

=?utf-8?B?YjhIVHczR3h4aFNvblJsS0lLOGFlY21JWXV1UjRna1A5TzFMZ0VDTlpzRnFT?=

=?utf-8?B?RndVdjQyTit3MUc1aDNqaUNiWjRZSVNIdlFmYTI1VVlTcDR0d1EvNTdvWld2?=

=?utf-8?Q?Y/F5tMmYx7rEORz+IA9DhbWEFBrgTCt6mHFzEsUb?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2026 17:34:27.2128

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 75e25c6f-defa-4d5f-453a-08deb75f3503

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D9.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR18MB5840

X-Spam_score: 17.0

X-Spam_score_int: 170

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Geek Squad phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 13:54:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ9Sh-00000000FeF-1I8I

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 13:53:43 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 13:53:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [40.93.10.73] (port=49540 helo=CO1PR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ7J0-000000004km-2aPh

for doctor@doctor.nl2k.ab.ca;

Thu, 21 May 2026 11:35:47 -0600

Received: from PH8PR07CA0026.namprd07.prod.outlook.com (2603:10b6:510:2cf::21)

by BY1PR18MB5840.namprd18.prod.outlook.com (2603:10b6:a03:4b5::5) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.23; Thu, 21 May

2026 17:34:27 +0000

Received: from CY4PEPF0000E9D9.namprd05.prod.outlook.com

(2603:10b6:510:2cf:cafe::84) by PH8PR07CA0026.outlook.office365.com

(2603:10b6:510:2cf::21) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.48.17 via Frontend Transport; Thu, 21

May 2026 17:34:27 +0000

Authentication-Results: spf=pass (sender IP is 209.85.221.72)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.221.72 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.221.72; helo=mail-wr1-f72.google.com; pr=C

Received: from mail-wr1-f72.google.com (209.85.221.72) by

CY4PEPF0000E9D9.mail.protection.outlook.com (10.167.241.72) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.7 via

Frontend Transport; Thu, 21 May 2026 17:34:27 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:1A1CF05D80548BC78EF099C3E635CB57598F6106C9BDB69AA49D9B252C27F5D1;UpperCasedChecksum:88AC9B03E598B61EC4695DD5E10DDBA3E7952946C317910243ACF6FF01405E55;SizeAsReceived:3385;Count:15

Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-43d7b7bacddso4642350f8f.0

for ; Thu, 21 May 2026 10:34:27 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1779384866; x=1779989666; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=Q0/Q0Hz64sMizArNW0XxHP5QfPQ3hXB3w7xzbnNIlHI=;

b=Yfbp4ADaktqE0ppiMalv3uzzuV+qNUNJ4mETAAyDwWFQZiW+mGQl/U0EWl3Wy+wT+q

UY5FqjO3OkFQeXoECjgZvNWObgAscAdzLAU2K97YRxDr0BioAZxprqA4CKljewHDbYSS

mOX9WG6f4tIo78VRbP3v5ldTfLTgVRFfF/V+vO5Ekt8azhlkEG3Oqyh/05E0SsSpbt7e

oFaJhlDoTYhfEsJfz3GDapJ1HMhnCI02YQAAOux7+c4wqqqn9bhMuRon5chOl/shuzs+

NOsk4TfYEY0N9LJPoqHhUmhYjH2070wcpHUpTMm7OX6LZM73JihD2AQbpJUPdzueZdnn

hzHw==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1779384866; x=1779989666; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=Q0/Q0Hz64sMizArNW0XxHP5QfPQ3hXB3w7xzbnNIlHI=;

b=QyJx/gH/Z+acMIbbUsDgUYHs1jagZ1QbgHLWT7O2VMJ4OAj1MLzO+tZZOHL3id/pmk

UtA2/lLqg3sghoHOJXiY9wRx3buqTpu2oP/suhwN4h8u3MVspa7mRf3gQBRmMXWnC15r

dQUtkmtaeHc25QtwVPihC5Q45Y5DHGyrNTOjmRbs1ko9PjAgsUM7s14cKvPh47HvF3S3

6vfDtuTgEVVvZPFmkLq0OGNXaj64w89otzgSfp9vPDprRHiu4TXITmlpS/gge6oTk618

zcdNCxoeacxIyScf3cBfrPiUpJdIrZO0tTLAFQwlGD/zNKpN7j6URiJqFxxlNTiHKGVi

Ufyw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1779384866; x=1779989666;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Q0/Q0Hz64sMizArNW0XxHP5QfPQ3hXB3w7xzbnNIlHI=;

b=Nxx536cdWy/2pRM8KgtebewkGZRcT5NSUBz+rOEG6uPYJEFHLjSHHSH5TqChY5xBgm

CJdtD8/LeOjEQqt8Y27/3a8cmqwsLeTylGx6YuVwJFf+RGIHqmhIjrJLpC4FTAw+eENP

kjPglBpBLokIpP+ZcBtMe7wUP7GXme5PclZrC91rFA3NoYBSdELkhYZVUBQ8wq6QqaB7

sVrsumNcHPbmcdTlHLAMEkj9PfjYIzmGbiixuMpz9+a03Wd9kuqoBKkFfViICrAnG9AU

y8Qrxta861IQnG3svz8zOksD93gKYROfVBLY2Aa3isu+FjQUj4yoXioSVCZ1CJ+3z2AM

0BVg==

X-Gm-Message-State: AOJu0YxjuTPp4f1CdIGVFChN1FNfRbOp9zUfRq0MXbdrIYo7owOjaSNP

yf7qRjpdwddYyhr0/VX6Fp2C5nDojwW1smjg5Y2CwrWwwyLKs/SdD4WcXufxNbLCU7FluFSoPQA

1kVirnyZTYKdRvQdNOUxWGPaGMcqjVcFQ1rI=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:698e:b0:48f:e230:c3fa with SMTP id

5b1f17b1804b1-490360d5902mr53098655e9.32.1779384865127; Thu, 21 May 2026

10:34:25 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Thu, 21 May 2026 17:34:25 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Geek_Squad_Renewal_Transaction_Record_=40_?=

=?UTF-8?Q?=C5=A1t_21=2E_m=C3=A1j_2026_=28cynthiaperez389903=40groups=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="000000000000ce081006525752f6"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D9:EE_|BY1PR18MB5840:EE_

X-MS-Office365-Filtering-Correlation-Id: 75e25c6f-defa-4d5f-453a-08deb75f3503

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.221.72

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|29080799009|22000799015|1680799066|5149299006|6092099016|3069299007|9000799056|970799063|26130799012|26000799027|9020799019|3151999006|9400799043|32020799003|24102599021|16200799027|4040799016|6019299003|5139299004|34130799006|3412199025|4302099013|440099028|18021999003|30041999003|2145499017|1360799030|1380799030|1370799030|26104999009|21002599022;

Lucrative business proposal spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 08:45:00 -0600

Received: from mail-wm1-f66.google.com ([209.85.128.66]:50402)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ4d6-000000006Xz-1vWz

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 08:44:18 -0600

Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-48a563e4ef7so49440275e9.0

for ; Thu, 21 May 2026 07:43:21 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1779374594; x=1779979394; darn=doctor.nl2k.ab.ca;

h=mime-version:message-id:list-unsubscribe:date:subject:to:reply-to

:from:from:to:cc:subject:date:message-id:reply-to;

bh=72RLEJ0BB3eiaKHaoADcLoK+obOnShVsV9dqWrc1H54=;

b=k+BLIB84Bl/ccrjSllVn1HySMCNfHaX5DAGaHJaJvuLZXpLyXjrRpwtj7jdJiwKYcN

n6MsElrWtmDdrdtQ4xeft/KkMdXbIFPnUhCC9k2JWBwCelKNcA2JHnNLf2YJS4DhwDtC

qRbdYk3Ju1SyTvWzXyPBCCqEkHQo+sRSr1LATrCfc4+a3KZTK475rJBEWlUm1xjNNDjD

fQSk0Kd17rPnOJDF7e1HJyIa1BxA4lQZv5XtE6rnhgK2mJXgyOkUFN/mTIg0JjWsOrKJ

e8rVLVwmPL1oLXzuEs7odzE/gYwUOPjVMORs6J5iFBcM/ln+PKh0Wr4KenPW82J8JU+d

I8kA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1779374594; x=1779979394;

h=mime-version:message-id:list-unsubscribe:date:subject:to:reply-to

:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=72RLEJ0BB3eiaKHaoADcLoK+obOnShVsV9dqWrc1H54=;

b=cx++jvwFFTqfuRirX9sJ5Z/tWO70SY32JPf6sBdKKl91HGbybB/MzV+RknaGf3fCoh

/YuxUy9pt4jQvENlOzVBN2An/+/gpa5opBBLwKmTTb+NUqscIKbafjwWucOvGd93+3bm

agUVTC504/IXJEzQ8+7ywA6+wF9i5Xst515ok7jQabWNeLDRo++fhz6JjKRtbM+Tmjgm

gyWJKczI8JfVTXKusmz0z98FdfwDvUJSLDaV0tOCRquEFOa4Yd1kRaDJEimrvUcZHp+e

oJ0BOKhjgXAAb/9x6L2v8lfXRLtdS1QDv0V3qFtTeaFyv2uKx7MV/1BnytmI4s4Au1f/

Kgiw==

X-Gm-Message-State: AOJu0YzuZ9M+BkO5LVmdqcmPAU1jEwRMxy8WH+gsCHpZ4mJaHnywhjpA

Ds+oNP/n3VvJots3p9Pczqro6GkG2F1kmYNkT481xvIr2cEcXmyfxspNZ+ShTWvxD1cfk1F7j2K

mlQ==

X-Gm-Gg: Acq92OFBPFyqbREA1vI1sTl5Z0Imq20XSMGouP8yOXL1ccuphU5hMPi1vVCqsiCMlb0

DGY8S3HcZ1e1bqpoBRPCNs4UM30riM3hPF4Gjpzo+OdwOE9oJ2yqWmRUu7chEbCWWmrMIRxH2yx

KKXxOMUP1Qa9Hd3iqZgUWA+W7PEb8dumazkRf7+POxXfDb5MUI7DpEIuOKU4S+z3reMNmoxNPqb

Kbt9cRGCTfJ1dTIb0tZltyjqRmolBvWuRABGvKcuXTmXOlfn8WQwAqlfXKGkW70uoT5WqjKg9M+

yZ7S7W239xd4p9A8IHC6s7jsaxapo3YSeiMYN+BqaHhfUWlw7jwcEzO62xls/jVJAsnyTwYvmRS

BV/XSUD/YJDmxKdLqoEjoMlFi+Lbj46p69MfQGZK+zYvgHGpkj52/6r8FEIqVYjival8JBC63At

eRHONq0kD4bXizvi6bJFfxbTxsUrKpkA0r/sJF6ptb/g==

X-Received: by 2002:a05:600c:8b45:b0:48e:635a:18d2 with SMTP id 5b1f17b1804b1-490360341c0mr51211975e9.2.1779374594044;

Thu, 21 May 2026 07:43:14 -0700 (PDT)

Received: from DESKTOP-7KFFQ7I ([102.89.82.27])

by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49033d9eca8sm69461925e9.12.2026.05.21.07.43.13

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Thu, 21 May 2026 07:43:13 -0700 (PDT)

From: =?utf-8?B?U2VudGFvZGlsYWx0ZA==?=

Reply-To: naruhitok@aktio-us.com

To: dave@doctor.nl2k.ab.ca

Subject: =?utf-8?B?THVjcmF0aXZlIEJ1c2luZXNzIFByb3Bvc2Fs?=

Date: Thu, 21 May 2026 15:43:10 +0100

List-Unsubscribe:

X-Priority: 3

Message-ID: <67FA77E5D1354E7CBE75C4A3C8A1FD75@gmail.com>

Mime-Version: 1.0

Content-Type: multipart/alternative; boundary="2FB4B6583ADE442BB24A50EA8863D94D"

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, I came across your profile and i was impressed by

your background. AKTIO CORPORATION are expanding into North America and are

looking to hire a Regional Executive Partner to lead their new operations.

[...]



Content analysis details: (5.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.66 listed in dnsbl.ahbl.org]

[209.85.128.66 listed in dnsbl.ahbl.org]

[209.85.128.66 listed in dnsbl.ahbl.org]

[209.85.128.66 listed in dnsbl.ahbl.org]

[102.89.82.27 listed in dnsbl.ahbl.org]

[102.89.82.27 listed in dnsbl.ahbl.org]

[102.89.82.27 listed in dnsbl.ahbl.org]

[102.89.82.27 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.66 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[102.89.82.27 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

[209.85.128.66 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.66 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[sentaodila3(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[sentaodila3(at)gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.66 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.128.66 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} =?utf-8?B?THVjcmF0aXZlIEJ1c2luZXNzIFByb3Bvc2Fs?=



--2FB4B6583ADE442BB24A50EA8863D94D

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable



=0D=0A
quiv=3DContent-type>=0D=0A=0D=0A=0D=0A
=3D"MSHTML=2011.00.10570.1001">=0D=0A=0D=0A
 Hello,
DIV>=0D=0A
I=20came=20across=20your=20profile=20and=20i=20was=20impress=

ed=20by=20your=20background.=20AKTIO=20CORPORATION=20are=20expanding=20into=

=20North=20America=20and=20are=20looking=20to=20hire=20a=20Regional=20Execu=

tive=20Partner=20to=20lead=20their=20new=20operations.=20This=20is=20a=20pa=

rt-time=20position=20with=20a=20competitive=20salary,=20attractive=20commis=

sion,=20and=20a=20flexible=20schedule=20that=20won't=20conflict=20with=20yo=

ur=20current=20job.
=0D=0A
If=20you=20are=20open=20to=20considerin=

g=20new=20professional=20opportunities,=20reply =20and=20I=20will=20be=

=20pleased=20to=20share=20additional=20information
 
Best=20rega=

rds,
=0D=0A
Independent=20Recruiter
=0D=0A

 

=0D=0A=



--2FB4B6583ADE442BB24A50EA8863D94D--

Webroot Phish from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 10:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ5rO-00000000HdJ-2szL

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 10:02:58 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 10:02:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ot1-f74.google.com ([209.85.210.74]:46198)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ3lR-000000000JD-2jp6

for doctor@nl2k.ab.ca;

Thu, 21 May 2026 07:48:51 -0600

Received: by mail-ot1-f74.google.com with SMTP id 46e09a7af769-7e56806cfecso7402185a34.0

for ; Thu, 21 May 2026 06:47:53 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1779371267; x=1779976067; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=g1vHfs9XyhGtlq2Q1mNxdb7+pvpuH13OEiHal728/Sk=;

b=DzVSXJC/9gSC/4JzVYMMLAeO7T8wZTjH+KEE3vjFjaEJ4TxgfmQ9Tx6hP5qn136CHb

7iRB4gYgzhnkS3TUNKw0W5XLXXoIgM85ckw8El1v3ejzSypAtOexq0LztcehHOLeHpNh

3B/qyml0NCqQmYouiglNcspSpNpmvDy8Q0YLYj2Tf1f+v5xBNuoi8xeKffDYF6rGpxO7

hiXW+DadG3r1o/ppQoy3Ea5+hh/tjGKyZcfhfenhCaRfQt0ZtlADe6dk7ueaEACXaaJX

CUo35eJjHHMICbdw8gMWweG/DxYeLb9c40OJRUMRRbD/83p1vGnXU597jQrO///njmHS

UTtA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=autonetfb-com.20251104.gappssmtp.com; s=20251104; t=1779371267; x=1779976067; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=g1vHfs9XyhGtlq2Q1mNxdb7+pvpuH13OEiHal728/Sk=;

b=VpCyunACLrJEojPkqGDTsU/rCMFCMxQxkQaRMJOyJK3QZf10g8/6D7SG9ZU/dJ/peQ

GEbAdTrcAe/8Y0ZYW0/VOdyyNH4a2MZK+6Ak2vKP6ZhOmnyfvOnd3ScQ+CRarwdrT8GS

o7ia2Sx2CpuuHicei4w3qhn1FFZ1Ifax/6R4LpfYxGck0twY+O0oMg6cSWyHVS0s7jAb

4fmBs/dip/bvQMWOQ8eIQLRFyMtUojvvNdeP7rJFk2LjPxPCxkrxfkHqq/M90Qly7guj

GjGltLDmf0i07OJCNwNUf0kkumyxg3TztnsSJ83WIFFFQ0vQIKfXbPfgOAJCI6F+GHfE

j7Bw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1779371267; x=1779976067;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=g1vHfs9XyhGtlq2Q1mNxdb7+pvpuH13OEiHal728/Sk=;

b=kOgbaVYk/QGqHiAFWAwt+cwE/CWU/Vv8Nv/sAfVt5/bR60EGSdrzcWlo6ClDad2EUv

/9+qX5njiR/Dm8lUUJ3p5QkFmwFI0WxGzDhyMFwXemQc4ZCREFRBQgCBsclccr8qx/6u

u/06qagrNy6tblHo54xhQ3rAjsbLAFC3/Y/Q0+4ktnZoSQAosZgvC4LYU0a1/K+MC+We

UncwV2yb3U3s975nLXAxu1A/K/JjHffsVPyPPkAReIyOB/gVDFtyOyeGlVBGhU7waqdY

ORNio5Ig8IBSHGG4jSGuJr8hB8VUgKAW60M4VnsBlWiZGXsIfiCqw3bk3sPnZdudNSlg

6wLA==

X-Forwarded-Encrypted: i=1; AFNElJ9aBo9LwhltQTGXaEhyTOu9NsgCdxxY9d+43/rtkA0o5in0onH2qzsrog4vPyyWZlqhKgZkzjY=@nl2k.ab.ca

X-Gm-Message-State: AOJu0YxI4n8UKygTF+COR+tYdeBc/VnvwTGSkXZN0vntXN2Qwk5Jmwa5

dnfStqH4ZXXTPaQfPp3eYMrlDJXg28PrxIAfck9Ltl64ZLZDNo8cyLDKCMZ227MJAmYyiYosy0o

fj01jJXCN1l6dSpjfEWffCqrUAPHp10od/fuXONsu/423ZA==

MIME-Version: 1.0

X-Received: by 2002:a05:6830:901:b0:7e1:90a:97c2 with SMTP id

46e09a7af769-7e5ec5bdb88mt1317208a34.23.1779371266740; Thu, 21 May 2026

06:47:46 -0700 (PDT)

Reply-To: Aero Zeso

Sender: Google Calendar

Message-ID:

Date: Thu, 21 May 2026 13:47:47 +0000

Subject: Billing Update: OJN - Invoice #68361

From: Aero Zeso

Content-Type: multipart/alternative; boundary="0000000000004c652d06525428e8"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Billing Update: OJN - Invoice #68361 Billing Update: OJN -

Invoice #68361 Thursday May 21, 2026 â‹… 10:47pm Eastern Time - New York

Webroot AntiSpyware 📄 Subscription Renewal Date: Thursday, 21 May 2026Subscription

Renewal ID-Digit: S4EM1UFBQZXLJG📞 Service Hotline: (805)-303 0254.Auto-security

renewal now active.Dear Member, [...]



Content analysis details: (10.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

1.2 MISSING_HEADERS Missing To: header

0.6 J_CHICKENPOX_64 BODY: 6alpha-pock-4alpha

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.74 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.74 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.210.74 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.9 REPLYTO_WITHOUT_TO_CC No description available.

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Billing Update: OJN - Invoice #68361





Billing Update: OJN - Invoice #68361





Billing Update: OJN - Invoice #68361

Billing Update: OJN - Invoice #68361

Thursday May 21, 2026 ⋅ 10:47pm (Eastern Time - New York)



Webroot AntiSpyware 📄 Subscription Renewal Date: Thursday, 21 May 2026

Subscription Renewal ID-Digit: S4EM1UFBQZXLJG

📞 Service Hotline: (805)-303 0254.



Auto-security renewal now active.



Dear Member,



This message is shared to acknowledge your association with the Webroot AntiSpyware community over the past 48-Month. We appreciate your time with us. Your previous subscription period has concluded, and assistance is available should you wish to continue using our services.



Order Tracking:



Quantity: One-X Device

Product: AlphaGuard Pro

Plan: 48-Month Warranty

Payment Method: Auto Debit

Total Amount: $442.11 USD

Client ID: NH3WFS7DY9

Activation Key: 7736ee85-19f8-4cec-b5c8-60a63c726b43



📌 If you have questions or would like support regarding your account, you may contact us at (805)-303 0254..



Stay Blessed,

Webroot Premium

Accounts Team: Denise Robinson

📞 Call for Customer Support: (805)-303 0254

Office Address: 64 Melody Ln Merced Ca 95340 US

Daily Hours: 6 AM – 6 PM



Guests

(Guest list has been hidden at organizer's request)

Business Broker Spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 10:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ5r4-00000000HM6-2ME1

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 10:02:38 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 10:02:38 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qk1-f177.google.com ([209.85.222.177]:57474)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ2UG-00000000MgU-11kU

for sales@nk.ca;

Thu, 21 May 2026 06:27:00 -0600

Received: by mail-qk1-f177.google.com with SMTP id af79cd13be357-911501a99feso783916285a.2

for ; Thu, 21 May 2026 05:26:05 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=teaminvesttheadvisory.com; s=google; t=1779366359; x=1779971159; darn=nk.ca;

h=mime-version:date:content-transfer-encoding:subject:to:from

:message-id:from:to:cc:subject:date:message-id:reply-to;

bh=kZvohykA6oQPlDU0OcEDsK7mNG8a/j6uJ6fxVW9Zg7o=;

b=bQHROnV/La2ZgOVTH6dC/4rCEmuImcJFJIT8E2cG2uqSIhHogGQ1/A7z3EL9/8Nv9+

B11y3oMHo10S0j4FBQ2573CCi5QuuPmOxXzvN3q9S/KkNl9rS9By1nHvEb++aMePCXDk

FxnvbRUToACex+g6Cpx/ovoplu8d4jJtiAy3A3fvpTZ2tFi6UQOZoQ6gmxTK1c5pzmC7

f22uH78JOBU2pD+XVp7Igm9JROZSl1hKFKTbgDKbbvA6ODbKe2q5xYBtricTVym/aDV/

46xlSrzGD1uGEkz3dypoC7cZaxROPCDEatt0D8erTaMioYyYq6rxzIkxK/RmU6Il7lC+

EMbA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1779366359; x=1779971159;

h=mime-version:date:content-transfer-encoding:subject:to:from

:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=kZvohykA6oQPlDU0OcEDsK7mNG8a/j6uJ6fxVW9Zg7o=;

b=ZxK4cZhu9xo1I9OUh2PJsgM0fscYAmAHtnPairQ8mYfzZB9LfAEdnuHzuDcfmLZ0yM

N+KQzbLskXR19MYhgI8FjD0flHD9h+aj2uOPqgIo52iMNKWLYwgMSEI80elRqAytUb6t

kzHgSoYEzKowl2RT5SB7h2l3/eVKYDuFhb5S5zbMWRs0gnVT5Acd3SSYZV0xwgtZoDDA

kifhDGD2TY4k9ZCji02IdB4PUsKPAu+KLT30+9U/mYdXvcIrryCaYT06OUPj1P/WkOMd

XbNXJTgmwfwTkOph+rKDJxfuNFOlQlJ4KlzRYjB7JR9rtoT17bk9PzWXNtub5t3lVmWr

0+7g==

X-Gm-Message-State: AOJu0YzwvEPhNB5hLjgVWJB2qIN5yvT93S5qA2h52o6uoPDNDzMIz0BR

tzBBg/MQErNz03GFwoP80rswEAMLYCa7hOQLmrw7dmNsBdyBG5NJGbBTNAICPIH4fwc+GD2g0v+

BdZYbrg==

X-Gm-Gg: Acq92OEUxSRppE01Zp+2ZRQVfiJeHeilHlhAJgcivjYgWUrWopjycPLyhgstFyN3lUe

r9Ys11TpWuAL1QNrLtsC9rJ8Djzl/MptRKV1G7KBhxGkpxY1ZbZvSxAcx/AeBR6PjRKQhaDD9TI

F92T4z6cd+zjcvnI8HsULztUHKWof6U3dBAayS+qFAksHmcdvozRjmzTbx5EFFlHDinhh24y4uc

zVmBnhl8sRGaf3yDivEVSOFbsW52YIR44GpG6+/rlG+EQDzESUwJi7dg0H5kqAiNXW8HTdqnFBd

UpNGiNYlKdKXID4bU6pwluvOegAiTObEZhkrxDAumWwx6GSoe2k7Svm09E25FeKsG3j2ZkVj33L

KUlc4hRBjHkWZoT9uRlnd+9otlZDavMmSq3J46R6zwlYkd7MFnzH4NwiStGu+7TEaTx4R+2OnLR

i/gPlJxGMakRTukI7CZPHqviwxUClbGKpEfnr4qG2rm3CipoTWlU9VUQSpVRzpEud1GHhLCTBLY

xaYh4nkS98d+zNHSxDqVpG72yCJaodMqgkoeCJ2WCk64JsRCa2Izm/o6r08ClsGklo/sRvG

X-Received: by 2002:a05:620a:408c:b0:8ef:3de6:c5a9 with SMTP id af79cd13be357-914a2d141afmr325976185a.47.1779366358523;

Thu, 21 May 2026 05:25:58 -0700 (PDT)

Received: from 019e4a7f-eb92-7c10-81f5-3f8810d93ffc.local (ec2-34-229-119-73.compute-1.amazonaws.com. [34.229.119.73])

by smtp.gmail.com with ESMTPSA id af79cd13be357-914abbae5d1sm76386985a.32.2026.05.21.05.25.58

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Thu, 21 May 2026 05:25:58 -0700 (PDT)

Message-ID:

<019e4a7f-eb92-7c10-81f5-3f8810d93ffc@teaminvesttheadvisory.com>

X-Mail-Abuse-Inquiries:

https://app.instantly.ai/privacy/report-abuse/019e4a7f-eb92-7c10-81f5-3f8810d93ffc

From: Oliver Bogner

To: sales@nk.ca

Subject: Netknow Internet Knowledge <> The Advisory

Content-Transfer-Encoding: quoted-printable

Date: Thu, 21 May 2026 12:25:58 +0000

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8



Hello,



Quick note: we may have a buyer who is actively seeking a =

=C2=A0business like Netknow Internet Knowledge.



Oliver Bogner here, =

Managing Partner at The Advisory Investment Bank (Top 5 Lower Middle Market=

, 2025). Previously sold some of my own companies, Forbes 30 under 30, and =

INC 5,000 CEO.=C2=A0



Are you free for a brief chat sometime next week?



Best,



Oliver Bogner

Managing Partner | The Advisory Investment Bank

Top 3 Lower Middle Market Investment Bank on Axial - 2025 List

2x Forbes 30 Under 30 Alumni | 2x Inc 5,000 CEO

A: 269 S Beverly Dr. =

Beverly Hills, CA 9021

Business partnership spam from google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 21 May 2026 06:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ2Mr-00000000Jlh-0Udk

for dave@doctor.nl2k.ab.ca;

Thu, 21 May 2026 06:19:13 -0600

Resent-From: The Doctor

Resent-Date: Thu, 21 May 2026 06:19:12 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f52.google.com ([209.85.208.52]:50384)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wQ1Kb-000000006J2-02gN

for root@nk.ca;

Thu, 21 May 2026 05:12:58 -0600

Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-6870a365c77so4101637a12.0

for ; Thu, 21 May 2026 04:12:00 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1779361914; cv=none;

d=google.com; s=arc-20240605;

b=VhyPQOMM+/WzL0Kxxj0j7YssqvajRpQnfhFyF0BpKzrMsINEzdSGRhnx4wNYWEXyte

3yf17dsq2uiOP1uTdA8/tnMXfLOyNsBn1OfREvchPWFBvULRANfAQajAZlBI3Hb3ylju

oKk1GPRbfmzKyxr9m3+TYOhWjDzbyl0s/+E+f6F3Vdga4czNpOSRzfsMT2YGVHDWS34U

r3nDrgcDn5Hn0WAO/C4rsxqumMWxvoJ0eWKNcDFq1JhXmclQutPTz+HG4hT8FlHbYwZv

qGC4HgWaS/1ClCrdnN5jxDkiXizQOqxLXYjtPpDLLgVTeqh1Kz+0YHxfcyIc72USoclB

63Uw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=GrWqkGwg6GzVjDwayYPwV6UdhJN+9q6PTRO83M6LGvQ=;

fh=YZIoAtBSAbOctlYA3kznnDQ+80+DtCt/5Bb/GiAIQy0=;

b=STEVCEJfUEdASDXawxiSx5x0jBlO4lpYQ1qQ1FlPK70RuoKDSg+yFTgR4uVSISv6pM

JmplkTJF4bYDzxGAdx+iSVIBju8YS76Oa44I2OrVeLZB4ymSsPjlHEAtb65vc550H4TP

HxWaCQ33T8C6x8DOyAxiEeeLbHmdWRpw0gqKBj0oW/GgI0gRuYaz5x6VFOebd1E7mhGG

Q7I3Y1BrihrpXY1OLzE1jKJQfZYw8nekTcfJ9tOugFlzw86/OXtR9/rYSp5mY+ca+vr4

n1G0SiTcgbr3lNNyCKuOn8RlrswpaF6dOsWxJLdY7QKOTASHT3zj6yoG6HqGhezastol

NNOw==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1779361914; x=1779966714; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=GrWqkGwg6GzVjDwayYPwV6UdhJN+9q6PTRO83M6LGvQ=;

b=NDiQHEJrltW8WvckJAcH5r0StifooQKwqp63yj2vNVuZ5gj5bdKx9dhSjAsrHcZfV5

LfX6HI5un/3+aF2kbT1LBPljq963hNc9fR03+K6nl3pK/qMvHTd8wMfo1EoS07Xk/7dW

h6qQRH+KzNbMs/m+cvYADOvCfqK35AamyhCfuQUeWOK+VtO8d5TJm9XhNcEkUNCV1el2

s/ZSHIeEEWmr2CUslECu5cdhKFjhShj9HxFbmLMUlzf+CUeerIN69jJp3NjnDqyHH7hg

6LwnirZd1BWg4ts32zmr6UXOa3c/b3k1/SR7PRJVxtdlCoiXH1TCrpGw0XhCpMPY2zFa

xkSg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1779361914; x=1779966714;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=GrWqkGwg6GzVjDwayYPwV6UdhJN+9q6PTRO83M6LGvQ=;

b=E1Qm4GTQnWyARoFS8ROjWprw1KGKv7gKN+2ZUzBAll1VeYtug+3rpFLM2J6JQLcOXC

HzdyMRwr+HI/rT0/Mhnm/Rt+rZTvVjFL0oSBG/SFzpX/0iQJjdzFWvqcsUFUl1kM1q/t

NQcgP2VX/09JgVGqWYzHmAvE5aBDB61MHNvuHEuiNmWx8B9ZHDLJmkR83T9ntg7q5wYh

fyjwzqw/alfroxJUSGQVd8gSpxnrxRs3g97NwH1LEqP+xAe0nDKpVZnBJHeVTy7EDcmw

ukVqpWEzDX1NwioQ7Jih+WTnuZvlhhAFvrkdxAFuY9FR9TXhqYF1bmnRjW+gGwmhxbwB

G0Yw==

X-Forwarded-Encrypted: i=1; AFNElJ8L0ZBGatz/+kZMPu6AtBfu7xoy85JL7j7EB470Zo7g70AYBLnfxe6bE4PbPpM58B+7qyLO@nk.ca

X-Gm-Message-State: AOJu0YzRxpp9cYjpt9jEw+yCkMRc931/LTKa053Jt2PFlCg8W4NJJC7K

VISeZZRlAdMw9f67R1GhhwyDIqZtAeOfZkvW1xwx+ly6eitQCwItp8W0DSLmBaM8wvQwIxZlFbx

HrJihfE1VKG2fAHxU8w9C7qMTZFtda+52+LDdqcgRXbOoP7PypeR0

X-Gm-Gg: Acq92OEY35VKzvtrCZC6rN4xflRqnTwWwim4G6EoOTmeul2I/G8XJEULFw0E0piMrlk

qQAqYq/iNC3/Bp7BraZqhsFKqPw4ezbLiCaQnr+1UQxkH3E+XjUI/UHvnXDiN6WdYuOK2ox/oLe

irrVHr9hwpE4ytiqxOCd6JLmiGbWybjEbXBxd31jxnhm83r/5nBYR4A1G+SxPRN0qWbrK8XUy44

jqmDCmU5HjWPevawXwr3l1DMAI46nq2qSYDDG+ckBMJZRXmUNvq+9czH+50RE/ycVsmIhnFZysz

chGqLCh2EqQuVpz6HWeXe10A5xhPbfIu+WWivDXEEuzyElBmL5s=

X-Received: by 2002:a05:6000:228a:b0:45e:93b2:37bb with SMTP id

ffacd0b85a97d-45ea39e9b9bmr3800914f8f.6.1779361245386; Thu, 21 May 2026

04:00:45 -0700 (PDT)

MIME-Version: 1.0

From: Ashraf Al Mamari

Date: Thu, 21 May 2026 11:59:51 +0100

X-Gm-Features: AVHnY4LrwHngetW5AQALw7n2akOKouw4nzsrJP0yC-spaKjUwMrcgZCJB4qlgGg

Message-ID:

Subject: Crude oil business opportunity

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000f55e50065251d220"

Bcc: root@nk.ca



--000000000000f55e50065251d220

Content-Type: text/plain; charset="UTF-8"



Hello,



I'm seeking experienced business executives who are open to new

opportunities in crude oil lifting partnership.



Should this be of interest to you I would be glad to provide further details



Regards

Ashraf Al Mamari

Oman Petroleum Company



--000000000000f55e50065251d220

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,

I'm seeking experienced business executi=

ves who are open to new opportunities in crude oil lifting partnership.
=


Should this be of interest to you I would be glad to provide further de=

tails

Regards
Ashraf Al Mamari
Oman Petroleum Company




--000000000000f55e50065251d220--