NetKnow Corporate Blog

Bitcoin Paypal phish from Microsoft Outlook Part 3

Posted by Dave Yadallee on Thursday, June 11. 2026

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.1.6 listed in dnsbl.ahbl.org]

[40.93.1.6 listed in dnsbl.ahbl.org]

[40.93.1.6 listed in dnsbl.ahbl.org]

[40.93.1.6 listed in dnsbl.ahbl.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[dnsbl.ahbl.org]

[209.85.221.71 listed in dnsbl.ahbl.org]

[209.85.221.71 listed in dnsbl.ahbl.org]

[209.85.221.71 listed in dnsbl.ahbl.org]

[209.85.221.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.1.6 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.1.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.1.6 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.1.6 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.1.6 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_FROM From username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.1.6 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.1.6 listed in bl.score.senderscore.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

0.1 TW_RW BODY: Odd Letter Triples with RW

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.1 TO_IN_SUBJ To address is in Subject

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_Bitcoin_Purchase_Confirmation_=2D_PayPal_Tr?=

=?UTF-8?Q?ansaction_Succes=2E=2E=2E_=40_=C5=A1t_11=2E_j=C3=BAn_2026_=28cynthiaperez389903=40?=

=?UTF-8?Q?groups=2Eoutlook=2Ecom=29?=

Haresasz Nxysarwsa has invited you to Bitcoin Purchase Confirmation – PayPal Transaction Successful

Title: Bitcoin Purchase Confirmation – PayPal Transaction Successful

When: June 11, 2026

Organizer:

Haresasz Nxysarwsa

Description: Dear Customer,

Thank you for your recent payment. We have successfully received your PayPal transaction for your Bitcoin (BTC) purchase request.

Payment Details:

Asset Purchased: Bitcoin (BTC)

Payment Method: PayPal

Total Amount Charged: $750.00

Current Status: Under Verification

Your transaction is currently under review as part of our routine security and processing procedures. Please allow a short period for final confirmation and completion.

If you do not recognize this transaction or did not initiate this purchase, please contact our support team immediately at +1 806 466 7708.

We appreciate your prompt attention.

Best Regards,

Transaction Review Team

Attendees:

cynthiaperez389903@groups.outlook.com

Bitcoin Purchase Confirmation – PayPal Transaction Successful

Dear Customer, Thank you for your recent payment. We have successfully received your PayPal transaction for your Bitcoin (BTC) purchase request. Payment Details: Asset Purchased: Bitcoin (BTC) Payme

Dear Customer,

Thank you for your recent payment. We have successfully received your PayPal transaction for your Bitcoin (BTC) purchase request.

Payment Details:

Asset Purchased: Bitcoin (BTC)

Payment Method: PayPal

Total Amount Charged: $750.00

Current Status: Under Verification

Your transaction is currently under review as part of our routine security and processing procedures. Please allow a short period for final confirmation and completion.

If you do not recognize this transaction or did not initiate this purchase, please contact our support team immediately at +1 806 466 7708.

We appreciate your prompt attention.

Best Regards,

Transaction Review Team

Kedy

štvrtok 11. jún 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno

Nie

Možno

Ďalšie možnosti

Pozvánka z Kalendára Google

Túto správu ste dostali, pretože ste účastníkom danej udalosti.

Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

Bitcoin Paypal phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on Thursday, June 11. 2026

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?UVkweVNsRTNURHRzQjI0T1VkbnlaRjRnN2VmcnZjU0QxVllMcU8ybXBFTU84?=

=?utf-8?B?cmNqc1NBMUFmTmVFQ1daZU1CMmtmaEhRRkNaOVZrL1VUMlo4eUdBNWdiUndO?=

=?utf-8?B?ZnJXbzhvT0JQR3FJVHN4MFhDSDNBb0EwYnZlVGpOZFFyREE0OGJmM0tpTUtE?=

=?utf-8?B?T2h1VTcrNmRZWkY1NDhWVlh6dlRON2VuSzhPUDkwRnFwUmY2bzRuREhDVWsx?=

=?utf-8?B?RnBxRzNuMWsyTEx4TjZodkRUVUF2cG1sNUlGZ25ZVHhrd09hQTZIQytDR2My?=

=?utf-8?B?UXJYZ0Q1VlZlbS9MSVIvWG1uZmRUanJmRmtaUGFyMzI0K2VxajhYSEwyRlFG?=

=?utf-8?B?NlllbVRYYzBMeXVCOGRxb2FmbTRqN05EYllGV1VVb0J2OWZiaFowWUdteGJK?=

=?utf-8?B?dlAxc09KRXUzcVdLb2lzUEZva1Z6Z1plYnpmNzFPbHhqRGY4MUFmN2VkaGg5?=

=?utf-8?B?R3JLdGgrWVF6WSs3UUU4Vk1seDJYV2w2TFJFNHR4VXhSRjk3bEQ1Vmw0R1NP?=

=?utf-8?B?d0ZvcVRNVWJHMGJUQldBeHhabndIRkhmVENGaDQrQVZIQkh6d0FkZUxGbG9U?=

=?utf-8?B?QVQ3dmVwTllIRmJudHJZVVdLNHBtcVhuejZRZjR4SFFSSmFRdzhlTlR1V3ZU?=

=?utf-8?B?R29SYW5KMnBGNVI2UUgyYUpETVFwcmRQYWVSTU1nSXBSRWwxOHFmOXBsTmdL?=

=?utf-8?B?ak54ZWpvNnRISnRtUzdienQ5ZklQQTNheHFFUjRRdldSNVdwTFJGdXpZYU9x?=

=?utf-8?B?UTYrczhyWUtDOUxvMVM4TURuZDVNanR3cDU2ZUhRT3hWdStpVlQyMEpOTWdR?=

=?utf-8?B?ZlgrQ0ZTbHQxUDVZSU5oeU5yN2FxMTZpZmRtaC9DRVVxaXhmOUpEOG9YRVJu?=

=?utf-8?B?cldNTEFYMnB3clRvY3BkN2VJTVZJZjNab0xjVTUydmQ0bXFxT0xOcjFRUTQz?=

=?utf-8?B?YktISksrQ0lSaVBpTUpRUWJQZFh5aUVaWmFPckhYMjY3U1lVbnZocnd2TGFP?=

=?utf-8?B?dDh1UXRORWkzZzlHa0dtSUZ3NFgvTzJWakw5dlgwUVNBVG9pT2FRd0Z2UjZU?=

=?utf-8?B?eVA2c1dqd01rR09VZktVUTFNRzVMWFJpVjljSmhXOUc2T3MvK3hOd3AyYlph?=

=?utf-8?B?RFpkY2VEQjk0bnNYR0wxQnNiOG1FTTNhY1BJYVNsUUtpZXlyeCtXTVRRV2Rs?=

=?utf-8?B?TElxU2hwZU5OY1o3UnJHOG0yYVQ4TlVzbTlZcUxER21yOVRuWjVUMjRRdk94?=

=?utf-8?B?V21zMCtXQ1pyelJURUl1enE0MnF1eXNHRnFxYXcrRVRvcDJWYU5MbUZxZmw0?=

=?utf-8?B?SXRLNlF2eHh5MFRielZwQ1doU0hxNW5xeXdkYzkyLzQ1Y1IrU0ZaVk9uaGVI?=

=?utf-8?B?aVBtOUpWTUtkR1V6VmFCYkhOUjVVaW1oQjhQRFh6Wkw5MW9WWTZORFl1MCtw?=

=?utf-8?B?ZnRsWmIycFFQbi9jbEhycWh5Q3BaYml6NGl6eURyeW1oR25TTnQ3R1hEdXVr?=

=?utf-8?B?MHB6NjAvOGI5bTBidlZ6UWY4NCtvcnduRHU3MlVkQWpKdzMvdGRld2JYeGR6?=

=?utf-8?B?WHp3dkpubnpDM01Rdjc5RnVSNk5RWmtBbk81dEhidnNELzdtYkg0QUh4cnZC?=

=?utf-8?B?T2tPNUdBWDZ0a0pYL2lzNFBiSHYvNGZucWx0TEsvWkp6VTdURlFFNHBxWCti?=

=?utf-8?B?WFpuS1IrZFVjR1NvU01RK2h3Rm9GMUN0U0Fsc2c1U1pRS0ZuWk5yMG84ejFh?=

=?utf-8?B?NWFpdHVLNWlZczdzRCs1T1MxZEV1RDRvM25zWUZDcTRoaGNpTU5qL1J6aThG?=

=?utf-8?B?cTRZS2NuQUFDN1dHazZwSzBRV2tucHVxWUhqZVMySWszYkNLeG8raWdKRmMx?=

=?utf-8?B?SnZLeTU4TmlTZGtHTWZSRW9ldUFHRnVnSjdHQklOc2RmejJoOFdya2svbHoy?=

=?utf-8?B?ajZQSkJpeEZWQ2F4QjB5VmY3bFlvWFUvUE1xZUpvcTJKV1BnWW9qWFYvaXpJ?=

=?utf-8?B?VmFKMnZzMzRXQXo3RjBMOGZaRUFYTEhkeWVlK3NDWm94R2o5N2swT2grb0F6?=

=?utf-8?B?OTg2dVZkajBSZ2w4Q3BndEdoSVk0djNVcDhLMG1zM0dmdWlsRExIY01CdzhS?=

=?utf-8?B?VVcyczZvbWdnbkFHa3BSVmIzcEhaM2I3Z1YzaDF1blRvSmVEeThhVmoxcFh6?=

=?utf-8?B?SnBXTDdRYitncmlGK2luU0JjenFxbmdOenF1TjdGRFlwZnFlbUY5WmpFS0Jv?=

=?utf-8?B?dXcyRHpFNFhLZzlWOUc2RkFDVEs1cXYybTVxNHlVTmdRU3FOVnZ2RCtqcmxw?=

=?utf-8?B?YnJBWjVxZmd0S3ljYVBtVExocTg0aHdNQjc2a1I0N1RmRk13TlRZUllsamJn?=

=?utf-8?B?QUE0ZjRvV2YwRE02djFwL0tUU09URUpJSGR3M21YQWRmdG5pQXlXZ3BuQk9Y?=

=?utf-8?B?OXV4ejhDZDlqcm1VZWJPM3pKUHlQa0RCOUJFMlBtN0VDdjdSd3lRcFExN3FX?=

=?utf-8?B?eTdnMnp4aDNwc2xmSmhpSzM2dzhqRjE2eE5HUXUra0c4RisvOWpBbXNYS2VD?=

=?utf-8?B?dzVJeGlUZ2ZrU3NYNEcranFrd21yWHd5Nkh3SDc4S2dvd1pnSU9YVVVNRGQv?=

=?utf-8?B?RGJBdnVGMWNIZWJlb245UERIR3I1NlBFVCsxdDRaUTlhYW55YWtPZktyektt?=

=?utf-8?B?NHQvNStjSHVQM1J6clpQa1ZlaFpjcXU5aTdQUmxQamhRMDFYakl2K2VnOSt5?=

=?utf-8?B?L296clcyci9HZkhYd25zTXNJSS9CNG5vamZ2Rmdoa1Boa2pPY0p6OHBWS3Bq?=

=?utf-8?B?OGRNTFgxWFJHbWNsV1JCb3Nzb3FDMWtqdlljMTNUQlNqd3dJdlpPUjRkMzhx?=

=?utf-8?B?YU1IODRiaVJ2UTBjaVNLZFc5NmpZMWE2ZDQxR3piYXhUM01YVUFESERkSmZ3?=

=?utf-8?B?ZzJzOCtjSEVmK1N1WGNNYWJJRzFCbVNiWlgydkdpVmFWL0JvOWNvY3hTbWI5?=

=?utf-8?B?UVdBUjlGVVJ5cWhzeFpreWlXbkdvZXkzNXIwSmgrc1E1YXBwMGd4SDFGQWxX?=

=?utf-8?B?dlpxamducFRZbDhXYktDWE02NG1vQmpiM1JuOU5jaWRFS0d3eGUvQ3BFMUNS?=

=?utf-8?B?U05PUi9rZGlFdHN3U1dMK21sZnMrYlQ5Y3ZQS1krNXVBbzhyYkdIV3EyYWR1?=

=?utf-8?B?ZmQrZkgrN3dFdEVadG1qMFZ4aGQzSzg2L3p3d21ndUJ3V3Ryc1dwa0hHQ3NK?=

=?utf-8?B?L0hjVFFKbUhjSnpxWnU0K2x1cUFYMzNGTVBtUmtTY01makFBdVdEbkdJRnRp?=

=?utf-8?B?V3I4ZTcyYjlPTko0MGNJQjcrN2hqRktPUzFuQ1N0d2VucmVxRkZtN3R1NHVN?=

=?utf-8?B?b0FONGVIMVBrN3h5RTc1NW5ha29hOGlXQnZMZXhWb1FmVzlFMThaK0RRd1FI?=

=?utf-8?B?bisrSkMwc1NMWlR1d1d0RS9xVk5BTHFPLzFlM3o1VXczQkpYQ0wvdmxBSFlO?=

=?utf-8?B?clBIWXdSNWZ0WXdkRTU2dzZZOVFaeUMxYnpzVmN4ZXFOOTYyYzJHNXBtdGw2?=

=?utf-8?B?TjlLV2NIdm94bFphQ3VDZDQrR0tqNC9VUStFN1JETUE4b0ZMT1ZYUHhUM01I?=

=?utf-8?Q?5nT6oeRKfTPc=3D?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2026 16:36:43.0986

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: e1296726-3aed-4de1-74a4-08dec7d79eeb

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF0000468A.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR18MB3517

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Bitcoin Purchase Confirmation â€“ PayPal Transaction Successful

Å¡tvrtok 11. jÃºn 2026 Dear Customer, Thank you for your recent payment.

We have successfully received your PayPal transaction for your Bitcoin (BTC)

purchase request.

Content analysis details: (13.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[209.85.221.71 listed in will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:cafe:0:0:4a listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:235:0:0:0:23 listed in]

[will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

[40.93.1.6 listed in will-spam-for-food.eu.org]

Bitcoin Paypal phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 10:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXijB-000000007gR-3PJG

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 10:58:01 -0600

Resent-From: The Doctor

Resent-Date: Thu, 11 Jun 2026 10:58:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-westusazlp17010006.outbound.protection.outlook.com ([40.93.1.6]:42745 helo=BYAPR05CU005.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXiPX-0000000062n-0T7B

for doctor@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 10:37:56 -0600

Received: from MN2PR20CA0054.namprd20.prod.outlook.com (2603:10b6:208:235::23)

by SA0PR18MB3517.namprd18.prod.outlook.com (2603:10b6:806:95::20) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.18; Thu, 11 Jun

2026 16:36:43 +0000

Received: from BN1PEPF0000468A.namprd05.prod.outlook.com

(2603:10b6:208:235:cafe::4a) by MN2PR20CA0054.outlook.office365.com

(2603:10b6:208:235::23) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.21.113.13 via Frontend Transport; Thu,

11 Jun 2026 16:36:43 +0000

Authentication-Results: spf=pass (sender IP is 209.85.221.71)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.221.71 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.221.71; helo=mail-wr1-f71.google.com; pr=C

Received: from mail-wr1-f71.google.com (209.85.221.71) by

BN1PEPF0000468A.mail.protection.outlook.com (10.167.243.135) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.113.7

via Frontend Transport; Thu, 11 Jun 2026 16:36:43 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:46C9143CAB819CA7906F3F808002D081E33F02325ED7C2FE27DAAD1F5C5839A3;UpperCasedChecksum:714EC9B1A3BE7E296A989DA9A6BDA2E9C2B06CC92FB630886D5AD07D6D71D6D0;SizeAsReceived:3428;Count:15

Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-45ef9437b7aso21770f8f.0

for ; Thu, 11 Jun 2026 09:36:43 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1781195802; x=1781800602; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=rTAYtedL/31r8kwCOaBddK2TvXTyUvqhV1O1/uLQf6A=;

b=a7IPI/x9r1Q8E8HxM8W5a2Jgpjpvlr4Tg6TYIkSl87cko7RoEbk5V6QGgVMYYQn+y8

nzFMSjcvntQRTM4AZ7VtZAgyVZpfgD3K86nQkKWxjcLa7A7p0f2IiwXVzFPfGmmrgZzN

pp7t4tarBeygoHU09ka0OUHYAZ9kWoHLx5eXOsB/6GuucbDSPEmhSUQljJPNlCEyJ/We

hfq8xcIpXNoVUsUZ6XhQCjxVvRT496K7Z8zcXIS/iGItO10nYj+wdnr6A/r8iOu5Qq90

ANSRsd1rMTZZF1pH1Sv3MuNx9o0ED2bf1BZQeGi6D7NfVKn4J7ND2IyZHbjG+R/2RMEZ

jNwg==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781195802; x=1781800602; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=rTAYtedL/31r8kwCOaBddK2TvXTyUvqhV1O1/uLQf6A=;

b=AMjNFfwdGkZWqmUEM+lCRRTjSx++Ocs5dUxBa1aNrwCTRcMLRaXhdLRWosnauLc1MS

UdnkVr8Oq9S45AzXCTCU6qALh+2EUbHpqGESneyvqpAu6Tf+u5xYczPQGSrT4XSamMJ0

yqdTOTpCVL1dulEyq+vmZP1zHTZR6CvvpMw0H87LhophBeJQBoq2UMxHbt7F4SSyXuGV

NIrRdi4wKt5f26lI7NvHXdNhLievjLemr+MKq5Wrgh/2GGt9Fevud3zGUG1Tjc26evim

RfiUBQEceSH9BAVxm/di5ey9vzt4RBIH9cp/yt1jcEagA+sIsEShPvjz2yZu1d2XRodu

sIlw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781195802; x=1781800602;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=rTAYtedL/31r8kwCOaBddK2TvXTyUvqhV1O1/uLQf6A=;

b=ptJWisrQtWXlRGsBAWXrayu+byuOBfWTAcDQZ09Ie9gHLh+7EGwPdKczwkFIcaUNg9

aDS9L4QahU0U1ZChhyTQbWRNbDifHfFuvCxxjvWkxh+LFiem61ZoqGamtqw02ieUCgsH

tInNI6K1x64GkqObDqKoGnA9fNgv8pMj/BXxHwIePIjJKntBnekmql7gxHm5EDqGVbRO

VqksJZYKxiuqAVVKU3gxuHefQN82QON9uD/CCLvfPmICslx2mmtnTScmB/Nd8+AbXEuv

GQCsnPRXHP7bpFGtAk31DRcmRgQCzRkjLRgwS4kfPTCvGOhmetWkTmQyM1UzwoGmkdW8

zDvQ==

X-Gm-Message-State: AOJu0YxzSkXSaTLiYPwPb4xcgFPj9e3uqA99Sz2dUpiDpxUkGvCflDM2

pW5WqSi5t7W53uPf3UkTMsRzOvDSRvta5DqHn4DQABslFzk/hOIPYeE6QQaxv0jrMOEhBagkVou

zt2gCJQ2+d9amBFe119ZwxxVyvvJLy1dXN+g=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:b8d:b0:490:be8e:c890 with SMTP id

5b1f17b1804b1-490e55dbecamr55499035e9.13.1781195802100; Thu, 11 Jun 2026

09:36:42 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Thu, 11 Jun 2026 16:36:42 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_Bitcoin_Purchase_Confirmation_=2D_PayPal_Tr?=

=?UTF-8?Q?ansaction_Succes=2E=2E=2E_=40_=C5=A1t_11=2E_j=C3=BAn_2026_=28cynthiaperez389903=40?=

=?UTF-8?Q?groups=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="0000000000000f483c0653fcf733"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BN1PEPF0000468A:EE_|SA0PR18MB3517:EE_

X-MS-Office365-Filtering-Correlation-Id: e1296726-3aed-4de1-74a4-08dec7d79eeb

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.221.71

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|9020799019|6149299003|24102599021|6092099016|3151999006|9000799056|9400799043|41010799006|1680799066|16200799027|5139299004|26000799027|22000799015|29080799009|970799063|32020799003|4040799016|26130799012|34130799006|440099028|4302099013|3412199025|18021999003|30041999003|2145499017|21002599022;

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Thursday, June 11. 2026

--_000_TY0PR04MB5910F47DA456CB552238A3A3851B2TY0PR04MB5910apcp_

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

Hi,

I am a professional Web Design & Mobile App Developer, with 14 years of exp=

erience. I will create an amazing, beautiful and unique website for you. I =

can upgrade, rebuild and redesign your website.

May I send you previous work examples & price, if interested?

Thanks,

--_000_TY0PR04MB5910F47DA456CB552238A3A3851B2TY0PR04MB5910apcp_

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

>

Hi,

I am a professional Web Design & Mobile Ap=

p Developer, with 14 years of experience. I =

will create an amazing, beautiful and unique website for you. I can =

upgrade, rebuild and redesign

your website.

May I send you previous work examples &=

price, if interested?
b>

Thanks,

t;">

--_000_TY0PR04MB5910F47DA456CB552238A3A3851B2TY0PR04MB5910apcp_--

Categories: Microsoft Outlook Hotmail Spam

0 Comments

Web/SEO/App spam from Microsoft Outlook Part 1
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 10:58:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXiiW-000000007eL-13TU

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 10:57:20 -0600

Resent-From: The Doctor

Resent-Date: Thu, 11 Jun 2026 10:57:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013076.outbound.protection.outlook.com ([52.103.74.76]:38409 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXgf3-00000000NEt-1kca

for root@nk.ca;

Thu, 11 Jun 2026 08:45:48 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=l5eyLi0p8mYrsm/2OZlpdzl7o3Yb2EyGgCA1msO8pm5bbbtFJVwzNZT9B3uYS10NM5OiuqhHiGBvhd1VhfzR2LRqq4ubJ1BMPSoK1IAC5RmaEBS6Keg38Q6caQEF2ByU8ZzOoTqvyXcWL0RPx7/mIlUDWWpopOPDy1bMEuYe3tDLdQl5QbVuc7Blk6JO/nqn1jNoDO0i0ncBa9c9/mL5Kbdwr8KEMZF6sIc/1fY1pQK8hKmG0NXXJUo5//Wv+vvK6d6NJVg+R7vW/7MudaUV6SJCi7SjZ/GxCuR1OvBtqS7+ey6SrxL/vVY0Z2gsG0zhtS5KRthFyi+jxpJ9K/Blnw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=nM73bc5w14Fucq0WqXa4MWUACqs6F1hsEmDlco+EJbU=;

b=BHslxaPEU7DlaGm7EhDSkOgrBucbAIxBEmfcpuVU02/7qrwnDrJ+qfOyZa667LHutYoSv5RCzTp/JYPoP1BN94VzUTq+VT9Ihui8HjqomAbjbnephHeNHhJOcpmjFt/YX4yEvbKwhyT0jGJwQkid+4nf/GV34C4tFwKh+C00VtMZ8vMkb2l+SoOHZSHcUabcaCu0LyBePlzJykV9wcmlm+Qv0sV7S/mBTAu7P9W4QJrGAf2l1xwqtZBiVwBhY9Z5J43+uwDPqyel8vdUMyE58A/va9PjzGiqsD9smXWs2lkbC0xtn/lNiRqdt+leUR4C3zRi+sygzu7ZKgGFBjpf2A==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=nM73bc5w14Fucq0WqXa4MWUACqs6F1hsEmDlco+EJbU=;

b=TQSb6vbMevZ5uaB4W4wKSJH5dVUjHycCjZ5+esY7HDKTl7pdKFiiNB2kOgLTSd8pSIjBmdE1JBReFpuGe//yQ26TaNRS4ngqAqgBuEVGJFt9HsDdvaRa0LCF7Z+NiN3kfYkEMFjaVg5XSSDOKXUUHg+B+9xutXSLFXSAPUanyky+EPc3MtfwExu51unrL6+ZbvFu3UPh38bbc96CyK9YKqzcY/IhFHEbvU+yvtcG8ptubyOAG/UGRTJNM0rJ5OY3+8jiBVeLSMSmBzLxueWyyvU/nIZUlJmIjSOJhIOA0Q2v/F9R9hEEtTVdw0vkNmAfYFRScmjS8QZCG/EhHuR7Dw==

Received: from TY0PR04MB5910.apcprd04.prod.outlook.com (2603:1096:400:214::8)

by PUZPR04MB6796.apcprd04.prod.outlook.com (2603:1096:301:11d::16) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.18; Thu, 11 Jun

2026 14:43:29 +0000

Received: from TY0PR04MB5910.apcprd04.prod.outlook.com

([fe80::12a2:7317:ab9b:4d98]) by TY0PR04MB5910.apcprd04.prod.outlook.com

([fe80::12a2:7317:ab9b:4d98%5]) with mapi id 15.21.0113.013; Thu, 11 Jun 2026

14:43:28 +0000

From: Jessica Hughes

Subject: Re: Cost for website..!!

Thread-Topic: Re: Cost for website..!!

Thread-Index: Adz5sCSjWwp3P39fTM21f5WjwYIRXA==

Date: Thu, 11 Jun 2026 14:43:28 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TY0PR04MB5910:EE_|PUZPR04MB6796:EE_

x-ms-office365-filtering-correlation-id: 8259aed0-fee7-4b63-9288-08dec7c7cd2f

x-microsoft-antispam:

BCL:0;ARA:14566002|12300799018|55001999006|24021099003|37011999003|24121999003|20031999006|22091999003|39105399006|24071999003|31061999003|8060799015|15080799012|8062599012|13091999003|19110799012|4295299021|31055399003|43065399003|40105399003|440099028|3412199025|102099032;

x-microsoft-antispam-message-info:

=?us-ascii?Q?RqfV+c+osfmHooZcgNc9Ka+e42caqNXQwCagdYnSmmhIt9UDosxMZMEWgIiQ?=

=?us-ascii?Q?eUw9+4QpWHjSTv9LhPjAznQWDIXTIxW3EYLYUhI7ThGs5otTze6UuZv+QG4V?=

=?us-ascii?Q?2zVHA1MDvVnFn8aGOA8Ltc9AvOFfBV3Qyj8c+tieTW2kIsDkLxREGsFSMjKP?=

=?us-ascii?Q?RCKp4zUZ53ruRmILr3AIlzRbeTf41YdpBkAqluo60Fp8aG2ff6TMLsz97mkO?=

=?us-ascii?Q?9Vy1jNSk03Vtz1KveIRXOVYN90nWixUI6mcP84HKslHURtTyukqWz8PwUuz0?=

=?us-ascii?Q?qZ7XtScZsdm3MfCs8KmsZaC8fXMjqnVEE4kiIiowkDmGM7Xle1qmR/eW/Gef?=

=?us-ascii?Q?VQ383pufOJnRLZvBVbJZh+9Kf5lZ8pxjEzIt0fW4YeLDFYTIjACpAxYL65pj?=

=?us-ascii?Q?WOjv6LAbRqg6e9xcjY/HxCNWb4tS9v1xUyRy8/Lnr64+58vusO0n1vfKS1ob?=

=?us-ascii?Q?JgVZ1WvN9nJMzJ26nVH8QEj55vYjK7iUiY3Y9Td4pVebE/VpbqRkZ7/3UhfU?=

=?us-ascii?Q?AhVd0bFX7FgmTBSbA9ncS6RU4XC2UsrDNgLbBgSujeS26U+N6Tc3h1yDAuzN?=

=?us-ascii?Q?xAz2T2une43UtXq9n8kQE5Ts/OCK9g3WcK3csWNeTvv4/V5IdtMJQ5lmhNcC?=

=?us-ascii?Q?ll8oQXijSb4ldBRLpAHQ2He0dHqRZ3wbRxeti6INAj+uY+X93RRIbKMUDaEs?=

=?us-ascii?Q?5M97VYUg4BTtZmrIrto0bQOd13QGD7yNigHobF12Ftn5HxIpm+VnWga/8XgP?=

=?us-ascii?Q?/flOf9Y5MAWTz7WHgcMCySgKrCc7Db8+qFXlPRgzviiJLLFLcrDNLeWPpEQb?=

=?us-ascii?Q?Hj0TsapyhmIUHpnRjw4R98wQfR7v6QC6z9EJLP1t64UriwYpyWf1xMsqfztg?=

=?us-ascii?Q?mlMBVmZFtEiGTiCqxbmqH/0mlOqNcH0gcy2vyly/pNTh04uR4eOTkahfJ87m?=

=?us-ascii?Q?3LWCnpgU+biylA0afVTiivog4l0N6bRW9+dodWSY6rs/sxWIYjGmZLly5IuS?=

=?us-ascii?Q?wPEguiIhltk7M0XXT5joJdlxc5Wm1a/YC+u7fHp3Ct+8sLGysLa/4R4syLxU?=

=?us-ascii?Q?hhQQ7piQvibWbc5upby+WHf3bGGB7ay3HzgPCJqvdTICJPNrndN5OdUInR6P?=

=?us-ascii?Q?aVWVUja+MO4QcxrT714ixTGOMRzkxtnPkt6ggOlQXdFtXSqm4RUoTrh8/QGg?=

=?us-ascii?Q?hZQ1IlgUh3zEDhLgO8N1Td5wHf+axTqyRXZ4EUMhO1P0bd36enqsCe97zNEf?=

=?us-ascii?Q?wdWQBupWNIBELEcUUi3G?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?us-ascii?Q?45Lelkk1jKY3FIiYVPPtQgH9cr2wE52FMPfwBgA0W0zdvF+YiKDtmgmpf/nv?=

=?us-ascii?Q?GijFJFDIqha4HlDmgmrGSNNzJm/sFMf/1ELfvftZicWh35QahEg4Ve+rmFu+?=

=?us-ascii?Q?Tbe0plbPYxOo9eJS1etO7ljqYN9mz2yPymIqU8bjO8eSC3DujWddXUptELwP?=

=?us-ascii?Q?JweiB4EYTKR7WKJPihjXtrbFqP7v/H4E9cCZdbM7uK4z/TFB4sum+YrQPAcw?=

=?us-ascii?Q?TBaJdmwkWCPKQ31Pd5xGndTdcf1D1dkhiZhDTLR3Z3cgAAGTxw70/s6rFrwc?=

=?us-ascii?Q?krHFv5yaV4TcUHmnLkLRjSixYEch8MQFBLdYscK8RFOJAEFF2I6FYSny9Gc1?=

=?us-ascii?Q?UuarLP4glJTt9W9ddaew4WGhK91w9/DwNx4YwD+UfPIdETyzIDlGA8AwMAUy?=

=?us-ascii?Q?zMYDQJcKmRYgM+jS6WE+d7br1Yc/UnUfCZ5MS4S9YU1PVr0Hk7HsCHxWLXX8?=

=?us-ascii?Q?q8oBJ85lfIfg4aWNNapmOloZXdzh/uNYaDSAIvQPVCZCMCvwdFP1/Imk8+FP?=

=?us-ascii?Q?K+341XX3NCaddljS8A4NG05VoK8RdGcroSGu6cuFNIb536oU9v58gHomNCJW?=

=?us-ascii?Q?u3r3Lx+qrNYFlavTaQ6m/w4c0Ys1DsLljq8PzR+Y1aWbYzwgS8Yt21Nq9awH?=

=?us-ascii?Q?I9cXJ2AGkRfAUBIa5tI7XMhH1MouW+ajHtqvzrfAs10fyJCX5x9wV9Ruh2E1?=

=?us-ascii?Q?dCsTjlfj1DdEYj9CRrg1/8Z9Gbs2pItuUFAc2kX+pkO124b0wT/8xlKjK70N?=

=?us-ascii?Q?tVvHqv30tAxJR6p7fH4JWzBoDI/THY1MuvNYAsV7oel437D59BkZN9pwpQo7?=

=?us-ascii?Q?EBmKrS/Wq6jvgJJGhbOBm6yXqSB7s9cjtT2x/algre3AQbFv9yWEE8KnrCMK?=

=?us-ascii?Q?aGQgu8gCKbK6gcu6dAdZATYCMGkHxeoxPQkZ1gDGbxDHW3cqUtAPhiP+qd4h?=

=?us-ascii?Q?GmG/SnK+8rYu+8hpAz9rJ0G1Czxf0jpucOuRKbyoUePPkcfYX7VlpXyHdZLI?=

=?us-ascii?Q?j3I7t007GqkxbbaR8YKZlyoo4hZXhvKJqtW9i0yDe+3GMF0z5CYzmue7q81M?=

=?us-ascii?Q?SAS9+7cV4zAn60ynOWSMoNN6bR7Qbf7bHf4HybT+5VYx8r6m+DbhrSHNJXsq?=

=?us-ascii?Q?7/+UyGFD9/b0bTT3rR/WHtwqofstkL1zhlndOY0Xzp+SHRX7+Pp3rBr8aLiW?=

=?us-ascii?Q?qlUUUSAFiTJRFz8IHoZ3yFdBtndBTts34oPMk76uh2SGshAnAU47d8gPilsu?=

=?us-ascii?Q?CxOHsSvGuno0NNEISDYsvVRdDIg39VVKSN7L03kvVNSX2lu7NLonxyKp/GRB?=

=?us-ascii?Q?gd5nOOBdO4NdDGBXJWJzyejwfKXa6hH2F1RRNTvFixwkUarTg3Ue97KwfgdG?=

=?us-ascii?Q?Rs29/dADDmtNtMs6h+G0kyOWSIWyKBwHTQY7YYggNlnZ50aJtlSQ7UlCxlV8?=

=?us-ascii?Q?4xPctJpsnGzSHp2QwvX5i6Mu2bHnMtnm?=

Content-Type: multipart/alternative;

boundary="_000_TY0PR04MB5910F47DA456CB552238A3A3851B2TY0PR04MB5910apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-c3e7a.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TY0PR04MB5910.apcprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 8259aed0-fee7-4b63-9288-08dec7c7cd2f

X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2026 14:43:28.7613

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PUZPR04MB6796

Categories: Microsoft Outlook Hotmail Spam

0 Comments

Web/SEO/App spam from Google Gmail Part 2
Posted by Dave Yadallee on Thursday, June 11. 2026

--000000000000f5d1400653f6eb00

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Dear Sir/Madam,

I hope you are doing well.

We help businesses grow online through professional website design, SEO,

digital marketing, social media graphics, and promotional videos.

Our creative solutions improve brand visibility, attract more customers,

and strengthen your online presence.

We would be happy to discuss how we can help your business grow.

Want a free website SEO audit?

Reply YES and I=E2=80=99ll send it over.

Best Regards,

Channix Technologies Pvt.Ltd www.channix.ltd info@channix.ltd +91 70082

11573

[image: beacon]

--000000000000f5d1400653f6eb00

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

e:12pt;font-family:"Times New Roman","serif"">Dear Sir/=

Madam,

ot;Times New Roman","serif"">I hope you are doing well.

ot;Times New Roman","serif"">We help businesses grow online =

through professional website design, SEO,

digital marketing, social media graphics, and promotional videos.

ot;Times New Roman","serif"">Our creative solutions improve =

brand visibility, attract more customers, and

strengthen your online presence.

ot;Times New Roman","serif"">We would be happy to discuss ho=

w we can help your business grow.

ot;Times New Roman","serif"">Want a free website SEO audi=

t?

Reply YES and I=E2=80=99ll send it over.

lass=3D"gmail_signature" data-smartmail=3D"gmail_signature">

">

al;background-position:initial;background-repeat:initial;margin:0cm 0cm 10p=

t;font-family:Calibri,"sans-serif"">
:Verdana,"sans-serif";color:rgb(34,34,34)">Best Regards,
b>

le=3D"line-height:normal;background-image:initial;background-position:initi=

al;background-repeat:initial;margin:0cm 0cm 10pt;font-family:Calibri,"=

sans-serif"">
ot;;color:rgb(34,34,34)">
3.googleusercontent.com/mail-sig/AIorK4zSVIQLLYWFMn9zg7lK3v4ooQvYoZbB6DEbx2=

xwoPqOgEvzTkTWGhhpAaeb0g4_avQ3nExD65AP-WYd">

MsoNormal" style=3D"line-height:normal;background-image:initial;background-=

position:initial;background-repeat:initial;margin:0cm 0cm 10pt;font-family:=

Calibri,"sans-serif"">
ily:Verdana,"sans-serif";color:rgb(34,34,34)">Channix Technologie=

s Pvt.Ltd

www.channix.ltd

info@channix.ltd

+91 70082 11573
amily:Verdana,"sans-serif";color:rgb(34,34,34)">

div>

lgfjhJLXf0WTb5Z1SvU-zqjsz9f61ngGEu8xExQReFXzb8PS8yxL6z0AgLBbpIQXcvM5wU_lVON=

u51zLY-woOQ2_fNO7tQId6M-lo1kYit8hjzNoGwe8ORcFT2-h1sYABYndLERomHUaatw" width=

=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; display:none!impo=

rtant;">

--000000000000f5d1400653f6eb00--

Categories: Google Gmail Spam

0 Comments

Chinese products spam
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 10:57:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXiiA-000000007dV-30BX

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 10:56:58 -0600

Resent-From: The Doctor

Resent-Date: Thu, 11 Jun 2026 10:56:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [160.124.75.197] (port=58320 helo=mta75-197.mmglsmd.net)

by doctor.nl2k.ab.ca with essmtp (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXfe9-00000000HYz-27Iu

for root@nk.ca;

Thu, 11 Jun 2026 07:40:44 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;

d=hn.threeway-pipe.com; i=@hn.threeway-pipe.com;

q=dns/txt; s=umail; t=1781185187; h=content-type :

mime-version : message-id : reply-to : subject : from :

to : date : subject : from : date;

bh=IgZ8r4j9Hxa/0hD7IpiWscVRox4TCv6KYJ0yNgCi7iM=;

b=yJcDS0yciCqAyWE1VCtzALNWYnsLoghBlV/BfJLLpWI4WCjB9ZGHlGP8

vnUZGuWUuu1piZHY9MLqdgmEfHd1OnUJfwXU0z0wxutKVbVg+8KAFONjnG

1BJqG1/KkFURHpuCrW8ghY4MwnxNsrBuuNkrI5GyWKM9HTSP4AEQeEpXQ=

Received: from helo (unknown [127.0.0.1])

by smtp.hn.threeway-pipe.com (Postfix) with ESMTP id yVinvlOqweSI

for ; Thu, 11 Jun 2026 21:38:17 +0800

Content-Type: multipart/mixed; boundary="===============2394163532435256187=="

MIME-Version: 1.0

Message-Id: <20260611213817.95529-{13453:20260611213329-13453-35}-0095263@hn.threeway-pipe.com>

Reply-to: sophia@threewaysteel.com

Subject: =?utf-8?q?Re=3ASpecialty_Alloy_Steel_Pipes_=E2=80=93_Alternative_Source_f?=

=?utf-8?q?or_Canadian_EPCs?=

From: Sophia-Threeway steel

To: "www.nk.ca"

Date: Thu, 11 Jun 2026 21:38:17 +0800

Mail-ID: 6a2ab945e1382308cbf992e1

X-Spam_score: 13.9

X-Spam_score_int: 139

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear Purchasing Manager, Good day !

Content analysis details: (13.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

[160.124.75.197 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[160.124.75.197 listed in dnsbl.ahbl.org]

[160.124.75.197 listed in dnsbl.ahbl.org]

[160.124.75.197 listed in dnsbl.ahbl.org]

[160.124.75.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[160.124.75.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[160.124.75.197 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[160.124.75.197 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[160.124.75.197 listed in dnsbl.ahbl.org]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: threeway-pipe.com]

[URI: shinestarsteel.com]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: count.shinestarsteel.com]

[URI: count.threeway-pipe.com]

[URI: hn.threeway-pipe.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: ns17.xincache.com/112.80.181.45]

[URI: ns18.xincache.com/112.80.181.111]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

3.4 RATWARE_RCVD_PF Bulk email fingerprint (Received PF) found

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.6 J_CHICKENPOX_45 BODY: 4alpha-pock-5alpha

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?utf-8?q?Re=3ASpecialty_Alloy_Steel_Pipes_=E2=80=93_Alternative_Source_f?=

=?utf-8?q?or_Canadian_EPCs?=

Dear Purchasing Manager,

Good day !

This is Sophia from Threeway steel .

We understand Canadian buyers are facing steel import quota restrictions (only 20%-50% of 2024 levels).

To help you navigate this, we offer specialty steel pipes that are less commonly produced in North America:

High-strength alloy: P620 / P690 / 10CrMo9-10

Sour service: API 5L X65/X70 with NACE/HIC/SSC

Marine grade pipes (ABS/DNV/Lloyd's certified)

Our products are not subject to standard TRQ competition. We can provide EN 10204 3.2 and work with your EPC requirements.

Do you have any upcoming projects requiring non-standard grades? A brief call might be valuable.

Best regards,

If you have any inquiry, pls keep me posted. Thank you.

Wish you have a nice day.

Best regards,

Sophia Zeng

Sales Manager | Industrial Pipe Division

Threeway Steel Co.,Ltd

Tel:+86-731-88736283 Fax:+86-731-88896236

Mobile : +86-13544036536

Email: sophia@threewaysteel.com

Website: www.threewaysteel.com

Skype: zeng.sophia1 Wechat:meiping77

Hunan Steel Industrial Zone, Tianxin Special District,

Changsha City,China

Categories: Chinese Phish Spam

0 Comments

Web/SEO/App spam from Google Gmail Part 1
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 03:26:00 -0600

Received: from mail-oa1-f67.google.com ([209.85.160.67]:59668)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXbel-00000000N3K-2EaH

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 03:25:12 -0600

Received: by mail-oa1-f67.google.com with SMTP id 586e51a60fabf-441080fd7b9so4854576fac.3

for ; Thu, 11 Jun 2026 02:24:12 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781169846; cv=none;

d=google.com; s=arc-20240605;

b=dQ8UrjqVnCZnqBtrRlEqzPXoV+2mkQJamcfLtWU4ZCbrGA62Tj9Zc0BxFM0w17tWTA

U1DOZnbInaJElJoRbTIzYFWD7ZmmDf41E8V9Ztm29OsjRKN46YDtIo17njANUldVp8U3

usA7r/gkvEFXpXJ9YjN33YRUjhIpqppujpcHmBSP+85wUl2jw/WFxmuJd51lFrJ+U07u

wQljJF2iIENNb2zvSdohnjq/BRYd3PbUUl6Sqn4+Aen/JTtDSxP+QD+xqXCuB6u2WekJ

AXZz2tRuuNsLABHaH2XkhSbCLNj1XDPgCEazXt1c6CmNQnj2B1ZkI3VeNbELYRpFZKvN

Qcsw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:sender:mime-version:dkim-signature;

bh=K6C8HlcN84JaFH16Xi3GesfyYjjEsslOkdOXcZ2xt88=;

fh=vaHEEg7v0pChjzOwnsiRdrLa5hIWKKZVIRijrgmCVtI=;

b=ZaUYVyEsrQHSBMy4VE9Qwe/sX8hI58RRSsCuzH6O3eQcKUwN5hp5poS8UK41RvKwzP

Pb/Tz/c6V91kkEGR1wwF07YS1Wh1bT2Y83AN8Vb7AIOZqicMB3hbrZhEPFNwuLRREE39

hETdilopVO9yCfLYuVms71as8YhGyodg/U2VMSqXs56SadymB3gOWMincLW/ifJqBHuO

ui+U5KWRRoHute7prYYODMKp+KpbO5wjnM9kKKaD13n6QMSDS8t0TrFAj5ZkHw7ldOJy

cK1aAlT80zNSlUjaoysbFJPL1ziPsVb0m+KerpUPtGiWaET+Rl+Hkv0+C2sJpHxWY+tT

ORuw==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=channix.ltd; s=google; t=1781169846; x=1781774646; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=K6C8HlcN84JaFH16Xi3GesfyYjjEsslOkdOXcZ2xt88=;

b=I3xhoJPwf2s5d0fDFhZANfqYxdm0VFDU5ao8wlJVnH8iYQxFQxgobjqt+tQPaHkHFf

MrHaF4zU3MLbupNJlPGy3+Fv/LN2PrdyZpg9kMMI2Q0zqHBmNvhQEM0ogintXBHsvJUY

Qa9+koWlEjBwSmw6gdSzyNhCZ23hCt/bVFUhkXH6sNg9lRsES5XILyQUCDcbytNDbh99

DPXweB4pT+4F/JkBy42DAJ+Kj241rhQOtIaj+SBOztOFgoeznjY47A2Y7NKWU+vKQDiM

sYkm4BkKKgkPR32jumSPDxTFwFONR1cI69mZeVLm7mGMzFJFiG+G+vyoTl/lXwiqdeir

+Isg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781169846; x=1781774646;

h=to:subject:message-id:date:from:sender:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=K6C8HlcN84JaFH16Xi3GesfyYjjEsslOkdOXcZ2xt88=;

b=XFDVPcDM5BNj2FqQe5r5bFI8oqC4bzVXsa51tksz0mE6RESuvaLJKqQHknVFODm23K

zSfuOPbtdttbfAPgtNnmS6s/Fm315twb4cubBv3yJwq3qOGgglP8+TooW5qp2PcPh8I3

Lk7p55gmEEdsLW27mcDTxOTjKU3sGISksiEXueEeRZbRDsj76m+UdqMfTWbHEL7Pqi/n

acKSq4JRJdpP+klRJ8MrcgR+TjlAYywRV7mB9QAhINorgHwyYUuxLxCFjByehxHoMfAo

M2TZfuGrXTw5vDRKMMzISy/cLUniRQqS1G+OzpPSW8Hvv5K8odMeVQwVPAzTkqjonYSk

CHaA==

X-Gm-Message-State: AOJu0YyA7AeH0olgyEtF5oq6s3j7q93snfnBY6E2sdMbf3GTIPyOykFD

ikwTA8pmh+M7RbxitLi5+BPkWODXPEyD/m3ljmvUcF6vXOcI/2bJSPpsHxKN2ymjkGgqfhRpDHf

nCb9vVn9L+UWLxpj/+8RmrnQ48o4hw45h5DeOhfxp2BZQJF2sHbLsI/2EHAk=

X-Gm-Gg: Acq92OEjD8Agb9LMpr9x3VfOdxkvadZymey9kWLF9ai67nHq+5fmV8Dy78nbmYf1gPp

cTUhm2Anf5SGkP6p5nw1qqsrGhgk5NOlhGwwIUrvfKHv0UWmk2NM/LfMRx9o81ZCFNQ2jKE4YeV

Dme3HzS3GKvx+OlZOn/Zj5++TtHtsNUONp3a6jcLKh/GqphV/3XatmmuPywcH/jFhgim2ADM4vM

uqxo8Ora2M6K987LaELcUdwJvWCRnrRxXungjcvR5+PIBPbnfD4g/Pg/mpazGsSzu9laJJYPUXJ

vq0RoNmLnoAQqbufdQ==

X-Received: by 2002:a05:6870:64a9:b0:441:5147:1aff with SMTP id

586e51a60fabf-4424183e550mr1129235fac.4.1781169846074; Thu, 11 Jun 2026

02:24:06 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 11 Jun 2026 02:24:05 -0700

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 11 Jun 2026 02:24:05 -0700

MIME-Version: 1.0

Sender: Channix Technologies

From: Channix Technologies

Date: Thu, 11 Jun 2026 02:24:05 -0700

X-Google-Sender-Auth: S8k9SFtHcmSdKCxCFJdpbXWRKvA

X-Gm-Features: AVVi8Cei2ePVnhRHpCJebo-Elr1dccUhyRXOXlHEsWZFDYurS8MjVZ6O8c4yJ-I

Message-ID:

Subject: Increase Brand Visibility & Reach More Customers

To: Dave

Content-Type: multipart/alternative; boundary="000000000000f5d1400653f6eb00"

Categories: Google Gmail Spam

0 Comments

Food request spam from Google Gmail Part 2
Posted by Dave Yadallee on Thursday, June 11. 2026

Content analysis details: (5.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

[209.85.161.66 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.66 listed in dnsbl.ahbl.org]

[209.85.161.66 listed in dnsbl.ahbl.org]

[209.85.161.66 listed in dnsbl.ahbl.org]

[209.85.161.66 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.66 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.66 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.66 listed in wl.mailspike.net]

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.66 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[abdulibrahim1941(at)outlook.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

Subject: {SPAM?}

--0000000000001ec6ec0653f6b393

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Would your company be able to supply us 50'000 MT of white rice 5% broken

for human consumption?

Sugar 15000 MT

Kidney beans 25000 MT

If yes, please what is your price on CIF to mombasa sea Port Kenya

Regards

Ibrahim Abdul

........................................

Votre entreprise serait-elle en mesure de nous fournir 50 000 tonnes de riz

blanc (5 % de brisures) destin=C3=A9 =C3=A0 la consommation humaine ?

15 000 tonnes de sucre

25 000 tonnes de haricots rouges

Si oui, veuillez nous indiquer votre prix CIF jusqu=E2=80=99au port maritim=

e de

Mombasa, au Kenya.

Cordialement, Ibrahim Abdul

--0000000000001ec6ec0653f6b393

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Would your company be able to supply us 50'000 MT of w=

hite rice 5% broken for human consumption?
Sugar 15000 MT
Kidney bean=

s 25000 MT
If yes, please what is your price on CIF to mombasa sea Port =

Kenya

Regards
Ibrahim Abdul
.................................=

.......
Votre entreprise serait-elle en mesure de nous fournir 50 000 to=

nnes de riz blanc (5 % de brisures) destin=C3=A9 =C3=A0 la consommation hum=

aine ?

15 000 tonnes de sucre

25 000 tonnes de haricots rouge=

s

Si oui, veuillez nous indiquer votre prix CIF jusqu=E2=80=99au por=

t maritime de Mombasa, au Kenya.

Cordialement, Ibrahim Abdul

v>

--0000000000001ec6ec0653f6b393--

Categories: Google Gmail Spam

0 Comments

Food request spam from Google Gmail Part 1
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 04:19:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXcUp-000000001iW-1PcB

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 04:18:47 -0600

Resent-From: The Doctor

Resent-Date: Thu, 11 Jun 2026 04:18:47 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f66.google.com ([209.85.161.66]:46484)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from <2315071055@students.unila.ac.id>)

id 1wXbPO-00000000LTN-1LtQ

for root@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 03:09:16 -0600

Received: by mail-oo1-f66.google.com with SMTP id 006d021491bc7-69d8091533bso3113409eaf.1

for ; Thu, 11 Jun 2026 02:08:19 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781168893; cv=none;

d=google.com; s=arc-20240605;

b=lPb6KhyhUoDeqXUoJnlCJPWUuMkSiKa+2ID6TGaUj4wWqAaPo5fiKOhoWbspw8jEt/

s6/NI5rxYzdKOeyjazw0kapQwdU9ypw1kRQTRA+wMStSrXyTAWbc+Wi2WaAYxr0CUe32

+JohAqxXjUjZYor5We1uIeSSsgdl4CIvOVUf2QH/Uv7MD6Se0YAEePhgvBP1ROtH1KiH

DeyOgsUguuQFIc0iTIPam4hvw/Z/mptYjTrwmBXZ0DLZfQd8/aHUW3lX07ldXTDW75Y5

ScQk5pCV/t5wro11hmHrIfhKStEJMBVfnkCnyybPZNyUfPvblcGzTHE2b/dDykhQtqnS

gZTw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=NjmmuGShaKMOnrK4iTybTZvgNFSobkKPi6/K4yCS0Ko=;

fh=GAe2nAdW+118+VBA3UOc7JxNS9He+JzfuRHZ3G+C8FA=;

b=Oi5iBKT6Bv0Se3kSAqVSfKRokJunKnEvUd8QZiOhBgJdnLP/3W8kQm4bB7FGIGhqGT

QVG/vg/erg/7bmDGVP3YWqVPdwoNkSLEc38ifxJPS3y+pU+rt3xYAGywZv5AQ3V8i9/C

FnhEgSzdYA6LUsz4X2LXqD1gYE5NE4vDhZG2KwXL+oighSawccb626Mv/c9u+1uvLerH

wa+dlgicr7RYmGSnR2xPAB+rq7Ogk8BUpSzvwtgd2Ft1FRCtn5Az8cfpHmnPL/HRyR6h

CD0PBnqVckhqCr9nYz1pzx/ifpvbEC7n7nRNDC1AFqHaTH/ci1tAKC3y2akMgdJPDnO8

OGWQ==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=students-unila-ac-id.20251104.gappssmtp.com; s=20251104; t=1781168893; x=1781773693; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=NjmmuGShaKMOnrK4iTybTZvgNFSobkKPi6/K4yCS0Ko=;

b=VrJwazytFPrl/O8R2mLoOUEAIMJ30CvWeXHGRVAljH4sBqahq850MsTzklZ9Z6BzBT

Ax2/dfTtc/nPCo/eWr1CAxO8FSsWPcoNLf/7ZIt6Bg0KLAPXef6Yio0bXsXSNC0OfDEM

xf6FX6O4Kl8G2V9SMdOBqpjFChWAlb2Gs4f7Xnx+myms2IGmOVHpLOpm4y9+cbjerfql

WrFTDbDD/QzEA8TPzIvGo0va54XZ3DgeprjKKEM1BmfJmNRwSl3BYFisAFtks+jpJtqH

oQRk4kmXmtlzdwSk1qkN7qOArXAdvm8zjqWsp1geVU31wbypXHI27XzqxWEw3GqOzVgY

JkHg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781168893; x=1781773693;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=NjmmuGShaKMOnrK4iTybTZvgNFSobkKPi6/K4yCS0Ko=;

b=OEKFcr/KlVaKlyf5l0fbmzkbe7CLS5QnPFQoTy75bYZoS+YYztoSjts6ASEITTOpi7

2QgBZTVge0djAIrNXDkWD7CW3bRZ8QWvByisUxhudNWgRtA4RNa6la06ZQf25m2Zho+j

TuWQh0BpedHu2xTPHtrFD7ZbAEwLyv4Cpq3qynNrn2JZ08K2xLJ3AdNmRMY4vSYBcbVn

m5Aq2k+0IPiElNj5Q5oU8B6nEndgxIIksCHa38f13Txcl+tj9vokHdQH3uGtz0OKPY32

vSio/BG1jhWY+U7lHgNaD+bm8ozvDxX5cO11zLgqaJepzBHv7QMLhrVnu7+A1jywsPSo

tKfg==

X-Forwarded-Encrypted: i=1; AFNElJ9MolBBUiCa+eByb5iNO7fTpXUoZ95mq4hd82E/Dxr0UoOMVBQZ3Wzga0/630TdaGiedcLQ@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0Yx445J17taXGab7w3bLU/stmcoyyy2leKM0IOYZzxVbepGdJiY3

e7Ia2qqgXwd5Ad4jzaokUCr5Rov24CCl0ddhbRtCf8SXDVyl1t52VNKtZ9ck84RZlcnOa9kTzFi

86rw5lupPY32fuRkiOFgI8BHvTWpOjGgZkgBIwLiTsQ==

X-Gm-Gg: Acq92OF7OHNqFSGrjeugaR2xksDf2anofgJHNTrSGQQEEsAepfzgGC78bnsLG/AlGUf

nB3a656NT2Sw8myHD9yADYvMXwFXSNI5RoQ2bm15hOasEWQNN49Fj/nFTUDmqQ2lqRYlNG+F1uw

5FBRgIH5Yq8pmFspwylwHnEZIdw1SJQ54tUgAzJdXiAVijvqYkqcFMObTiMWB8RHBLqK97zw6MU

JLgkEZuc8GSHkW2IMU9HwbaAmNb9awG1jLc5C3kJNzDWBftVS6aU+qrW7rCSVayjtyzVzIqOQHe

TrBncbFgbrVrf1kYEGwk

X-Received: by 2002:a05:6820:82b:b0:69e:b86b:1aa2 with SMTP id

006d021491bc7-69ecb05da18mr1253663eaf.56.1781168892455; Thu, 11 Jun 2026

02:08:12 -0700 (PDT)

MIME-Version: 1.0

Reply-To: abdulibrahim1941@outlook.com

From: Ibrahim Abdul <2315071055@students.unila.ac.id>

Date: Thu, 11 Jun 2026 09:07:53 +0000

X-Gm-Features: AVVi8CcX_CsRUOBmnmHfuYGT2bT0qa2tU9PUdhSyEjkPBg1tgw_OlQfNdOAujfE

Message-ID:

Subject:

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000001ec6ec0653f6b393"

Bcc: root@doctor.nl2k.ab.ca

X-Spam_score: 5.5

X-Spam_score_int: 55

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Would your company be able to supply us 50'000 MT of white

rice 5% broken for human consumption? Sugar 15000 MT Kidney beans 25000 MT

If yes, please what is your price on CIF to mombasa sea Port Kenya

Categories: Google Gmail Spam

0 Comments

E-mail credential phish from Google Gmail
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 11 Jun 2026 04:18:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXcTk-000000001eV-30cv

for dave@doctor.nl2k.ab.ca;

Thu, 11 Jun 2026 04:17:40 -0600

Resent-From: The Doctor

Resent-Date: Thu, 11 Jun 2026 04:17:40 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f102.google.com ([209.85.217.102]:42426)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXXeT-00000000Kn6-0Vwu

for sales@nk.ca;

Wed, 10 Jun 2026 23:08:33 -0600

Received: by mail-vs1-f102.google.com with SMTP id ada2fe7eead31-6c6f47198e3so418401137.1

for ; Wed, 10 Jun 2026 22:06:41 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=songbirdsociety.com; s=google; t=1781154395; x=1781759195; darn=nk.ca;

h=mime-version:date:content-transfer-encoding:message-id:subject:to

:from:from:to:cc:subject:date:message-id:reply-to;

bh=subTGVEaBkD64LU4W5NjcN4MIam7f5bxtdb1ECiAO/Q=;

b=QGyl6q+p49BnnwxFeNjIG1fHsstfxX59yZNKPgtP4kFwj0GfV0cqR5glfJihcl9Hs7

lWZTSgvnPZ3yuERkPuPBkuC1I+hj8WdpQY7tRyo22IXFXsNNYEHYZApQOnl9Sh8zCyn8

W3gc7h7gYnZZwF2786X5+ECn6geNvLWqqXRHdkyno1RG8zpxWlk9YoDl3GKSdwaAoPuN

NtaCx2uvZViA10VIP1hPR+jKfm1K1SVivLMp91dQ2qGxfdb4HeHQG32KhCqeE+6Kd2oc

x1CNeB7exshrCIlweovpC64XcvNL3AL5+Xfm/NKFgmi8Mgh5wooIfcPRAeVGR9SR3cf5

Vr7Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781154395; x=1781759195;

h=mime-version:date:content-transfer-encoding:message-id:subject:to

:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=subTGVEaBkD64LU4W5NjcN4MIam7f5bxtdb1ECiAO/Q=;

b=F4+Of7JZyx9yHq/IeKag/El1XsQlKxWsSiByoeCcjNmPrBK/uDCFAr8J3ng45v7HqJ

orvDy4IIOa+OViF6NeFlHUJCEZj956Lxz5ECyUd8kL+CkDPy/SFdbnlBVRalWEMa8KsF

CQZrnpMPoltHMZePIhaVabHH4bei5tyJKAKscaA6jsFeb7jXRwHhcrNU2EG0jf7umjDx

EE5WthAQ+In8RlDrS1DvvThCM0kIFNaN+3FFMYJgdD4/tz/z9VLWF3BPm21C4vkglRf2

MQhZpgQx0r5LHlLuJbEYzhHXYRt9nNFoAGkltcjbg5WUTNLOT1GA4iOyYE4vJKEItQBV

W5aQ==

X-Gm-Message-State: AOJu0YxCA2l+qUtQdtk20FHc1vM6VasL4pHPSrZH/c8GxBWBN85wbNsO

mVTiAS+ikqvK8FhLxZHUQlXfXNY/Ci6LrV8pb/ZKoWLLcYKCMNv/qEaNKb+TsyBl2SbdsAkKvVA

X7D8ZRwm/hjl1QmQFOi0lQSNxhDIfH4Nz/CRK1p6iFN75EyY=

X-Gm-Gg: Acq92OH8Qy5EmaF+Kib9AfmSweMyzZATLExS+KSZ+lC6MjyuQH5ibXL/w+dhOK73yze

xfWtKOWhnQtaxMTHVqOynuyxbDcJxOlYAKQ0eS3cP0vrDR/LIZSKKdA67MMEhvwS/mS+aAp41FU

o92qSZ5E1pfSu1kuMNgCCCjvhMrT2MVHmM/LDFipea1V9M406i1bC+XVXwkCySvmg3OSsksSVN/

6z+vetHcZigMm+OhoM//jbbevXUmSHBnLcDTjbhWzMHV2KN83cwDhUYUMv2Fu6iHhmN3l5piOT+

ZNFpTEgM+0HCVxfbYrY75KWsy+1dUXIIwP3LSgtUNnDQt5RN0K8KZJ6Ry/or2ZQm7hTaknQYKW9

zgont6EDGDRTutBUBnLiTAg7azpTGGadichbVaN12iEnWC0Nt8dz1GeNrw6FLF2N3

X-Received: by 2002:a05:6102:442a:b0:634:6b98:c37 with SMTP id ada2fe7eead31-71d69bb28d6mr281550137.7.1781154394717;

Wed, 10 Jun 2026 22:06:34 -0700 (PDT)

Received: from whitechestnut.com ([94.26.3.174])

by smtp-relay.gmail.com with ESMTPS id ada2fe7eead31-71d96216edfsm26505137.17.2026.06.10.22.06.34

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Wed, 10 Jun 2026 22:06:34 -0700 (PDT)

X-Relaying-Domain: songbirdsociety.com

From: nk

To: sales@nk.ca

Subject: Important Security Alert (Please Read)

Message-ID: <2776533c-59f6-ed8b-157e-27f9cda7804b@songbirdsociety.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 11 Jun 2026 05:06:33 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 5.0

X-Spam_score_int: 50

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: ï»¿ âš ï¸ SECURITY ALERT REQUIRED Update email now. Keep

account secure.

Content analysis details: (5.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[94.26.3.174 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

[209.85.217.102 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.217.102 listed in dnsbl.ahbl.org]

[209.85.217.102 listed in dnsbl.ahbl.org]

[209.85.217.102 listed in dnsbl.ahbl.org]

[209.85.217.102 listed in dnsbl.ahbl.org]

[94.26.3.174 listed in dnsbl.ahbl.org]

[94.26.3.174 listed in dnsbl.ahbl.org]

[94.26.3.174 listed in dnsbl.ahbl.org]

[94.26.3.174 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.217.102 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.217.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.217.102 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.217.102 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.217.102 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.217.102 listed in bl.score.senderscore.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.102 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Important Security Alert (Please Read)

=EF=BB=BF

solid #cce0ff; border-radius: 12px; padding: 12px; background: #fff">

style=3D"background: #1e4a8a; color: white; padding: 6px 10px; margin: =

-12px -12px 12px -12px; border-radius: 8px 8px 0 0">=E2=9A=A0=

=EF=B8=8F SECURITY ALERT
right">REQUIRED

8rem">Update email now. Keep account secure.

style=3D"margin: 8px 0">
for=3D"v1c">Confirm owner

ne-validnowwe-surprises.uzess.sbs/nonono/r3/r3/hex/73616c6573406e6b2e6361" =

style=3D"display: block; background: #2563eb; color: white; text-align: =

center; padding: 8px; text-decoration: none; border-radius: 20px" =

target=3D"_blank" rel=3D"noreferrer">Update =

email

Categories: Google Gmail Spam, Phish

0 Comments

Document phish from Russia Part 2
Posted by Dave Yadallee on Thursday, June 11. 2026

sans-serif; VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0p=

x; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(50,49,48); FONT-STYLE=

: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: =

rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-va=

riant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickne=

ss: initial; text-decoration-style: initial;=20

text-decoration-color: initial'>
AN> are waiting for your approval in your secure document porta=

l – =

including overdue invoices.

ing=3D"0" cellpadding=3D"0">

egoe UI", Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPAC=

ING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(50,49,48); FON=

T-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-=

COLOR: rgb(255,255,255); font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial" cellspaci=

ng=3D"0" cellpadding=3D"0">

, Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(255,255,255); PADDING-BOT=

TOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 20px; DISPLAY: inline-block; PA=

DDING-RIGHT: 20px; BACKGROUND-COLOR: rgb(0,120,212); border-radius: 4px'=20=

href=3D"https://shoutout.wix.com/so/27PwpdTMv/c?w=3D4D7LOB3cgx_OsHC-o2kLILl=

F5cO39j8TdExmRB5gAqY.eyJ1IjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS91cmw_cT1odHRwcy=

UzQSUyRiUyRmdlc3NvbHVtZS5jb20uYnIlMkZ3ZWV6eWYlMkZsa3glMkZnbG9iYWwlMkZTZWN1c=

mVkLURvY2Nzcy5odG1sJnNhPUQmc250ej0xJnVzZz1BT3ZWYXcxaU80Ny1LeXV6T3RPSjIzSUMw=

NWlLIiwiciI6ImIwZGVlMTBlLTNiMjktNDNhNC1hMGVkLWMyMjllZTIwZGIzNSIsIm0iOiJscCJ=

9#doctor@nl2k.ab.ca" target=3D_blank>
">Check documents

R: rgb(96,94,92)">

sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; F=

LOAT: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; ORP=

HANS: 2; WIDOWS: 2; DISPLAY: inline !important; LETTER-SPACING: normal; BAC=

KGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: =

normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-dec=

oration-thickness: initial; text-decoration-style:=20

initial; text-decoration-color: initial'>This notification was automaticall=

y generated by your organization's document management system.

TD>

BORDER-COLLAPSE: collapse; COLOR: rgb(96,94,92); LINE-HEIGHT: 1.5" cellspac=

ing=3D"0" cellpadding=3D"0" width=3D"600">

; FONT-FAMILY: "Segoe UI", Arial, sans-serif; BORDER-RIGHT: rgb(2=

37,235,233) 1px solid; BORDER-BOTTOM: rgb(237,235,233) 1px solid; PADDING-B=

OTTOM: 15px; PADDING-TOP: 15px; PADDING-LEFT: 15px; BORDER-LEFT: rgb(237,23=

5,233) 1px solid; PADDING-RIGHT: 15px; BACKGROUND-COLOR: rgb(250,249,248); =

border-radius: 6px">

CKGROUND-COLOR: #faf9f8">Confidentiality Notice:
NT style=3D"VERTICAL-ALIGN: inherit">

; VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRA=

NSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; O=

RPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(250,249=

,248); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial;=20

text-decoration-color: initial'>

VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRAN=

SFORM: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; OR=

PHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(250,249,=

248); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: =

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial;=

text-decoration-style: initial;=20

text-decoration-color: initial'>This message and all attachments are intend=

ed solely for the intended recipient doctor@nl2k.ab.ca and may contain conf=

idential or privileged information. Any unauthorized use, disclosure, or re=

production is prohibited. If you have received this message in error, pleas=

e delete it immediately and notify the sender.

MARGIN: 0px">nl2k.ab.ca © 2026

>

Categories: Phish

0 Comments

Document phish from Russia Part 1
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 19:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXU5v-000000000dS-3fQo

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 19:20:31 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 19:20:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.130.251.62] (port=59934 helo=s1682841.smartape-vps.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXTx8-00000000Ptm-13SM

for doctor@nl2k.ab.ca;

Wed, 10 Jun 2026 19:11:33 -0600

Received: from banksyariahkhatulistiwa.co.id (localhost [IPv6:::1])

by s1682841.smartape-vps.com (Postfix) with ESMTP id A503128CB8B

for ; Thu, 11 Jun 2026 04:08:53 +0300 (MSK)

From: Accounting

To: doctor@nl2k.ab.ca

Subject: "Updated SOA" for your review and approval

Date: 11 Jun 2026 01:08:52 +0000

Message-ID: <20260611010851.F37B1CCF2487DC40@banksyariahkhatulistiwa.co.id>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

w3.org/TR/html4/loose.dtd">

;Segoe UI", Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SP=

ACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; FONT-WEIGHT: 4=

00; COLOR: rgb(50,49,48); PADDING-BOTTOM: 20px; FONT-STYLE: normal; TEXT-AL=

IGN: left; PADDING-TOP: 20px; PADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; LET=

TER-SPACING: normal; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(243,242,241)=

; font-variant-ligatures: normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial" cellspacing=3D"0" =

cellpadding=3D"0" width=3D"100%">

lid; BORDER-RIGHT: rgb(237,235,233) 1px solid; BORDER-COLLAPSE: collapse; B=

ORDER-BOTTOM: rgb(237,235,233) 1px solid; BORDER-LEFT: rgb(237,235,233) 1px=

solid; BACKGROUND-COLOR: rgb(255,255,255); border-radius: 8px; box-shadow:=

rgba(0, 0, 0, 0.05) 0px 2px 4px" cellspacing=3D"0" cellpadding=3D"0" width=

=3D"600">

PADDING-TOP: 24px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px=

; LINE-HEIGHT: 1.2'>

HITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 6=

00; COLOR: rgb(0,120,212); FONT-STYLE: normal; TEXT-ALIGN: left; ORPHANS: 2=

; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255=

,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-c=

aps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: ini=

tial; text-decoration-style: initial;=20

text-decoration-color: initial'>
NT style=3D"VERTICAL-ALIGN: inherit">nl2k.ab.ca Document Management
ONT>

ible; BORDER-TOP: rgb(237,235,233) 1px solid; HEIGHT: 0px; BORDER-RIGHT-WID=

TH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-COLOR: ; BORDER-BOTTOM-COLOR=

: ; MARGIN: 16px 0px; BORDER-RIGHT-COLOR: ; border-image: initial">

PADDING-TOP: 0px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">

Three new=

documents

Categories: Phish

0 Comments

Doument phish from Russia Part 1
Posted by Dave Yadallee on Thursday, June 11. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Jun 2026 19:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXU5n-000000000cq-32IR

for dave@doctor.nl2k.ab.ca;

Wed, 10 Jun 2026 19:20:23 -0600

Resent-From: The Doctor

Resent-Date: Wed, 10 Jun 2026 19:20:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [185.130.251.62] (port=59906 helo=s1682841.smartape-vps.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wXTx8-00000000Ptf-13V2

for doctor@mail.nl2k.ab.ca;

Wed, 10 Jun 2026 19:11:33 -0600

Received: from banksyariahkhatulistiwa.co.id (localhost [IPv6:::1])

by s1682841.smartape-vps.com (Postfix) with ESMTP id 22F4029496E

for ; Thu, 11 Jun 2026 04:08:51 +0300 (MSK)

From: Accounting

To: doctor@mail.nl2k.ab.ca

Subject: "Updated SOA" for your review and approval

Date: 11 Jun 2026 01:08:51 +0000

Message-ID: <20260611010851.AD5C522D642FE664@banksyariahkhatulistiwa.co.id>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

w3.org/TR/html4/loose.dtd">

;Segoe UI", Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SP=

ACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; FONT-WEIGHT: 4=

00; COLOR: rgb(50,49,48); PADDING-BOTTOM: 20px; FONT-STYLE: normal; TEXT-AL=

IGN: left; PADDING-TOP: 20px; PADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; LET=

TER-SPACING: normal; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(243,242,241)=

; font-variant-ligatures: normal; font-variant-caps: normal;=20

-webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de=

coration-style: initial; text-decoration-color: initial" cellspacing=3D"0" =

cellpadding=3D"0" width=3D"100%">

lid; BORDER-RIGHT: rgb(237,235,233) 1px solid; BORDER-COLLAPSE: collapse; B=

ORDER-BOTTOM: rgb(237,235,233) 1px solid; BORDER-LEFT: rgb(237,235,233) 1px=

solid; BACKGROUND-COLOR: rgb(255,255,255); border-radius: 8px; box-shadow:=

rgba(0, 0, 0, 0.05) 0px 2px 4px" cellspacing=3D"0" cellpadding=3D"0" width=

=3D"600">

PADDING-TOP: 24px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px=

; LINE-HEIGHT: 1.2'>

HITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 6=

00; COLOR: rgb(0,120,212); FONT-STYLE: normal; TEXT-ALIGN: left; ORPHANS: 2=

; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255=

,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-c=

aps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: ini=

tial; text-decoration-style: initial;=20

text-decoration-color: initial'>
NT style=3D"VERTICAL-ALIGN: inherit">mail.nl2k.ab.ca Document Manageme=

nt

ible; BORDER-TOP: rgb(237,235,233) 1px solid; HEIGHT: 0px; BORDER-RIGHT-WID=

TH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-COLOR: ; BORDER-BOTTOM-COLOR=

: ; MARGIN: 16px 0px; BORDER-RIGHT-COLOR: ; border-image: initial">

PADDING-TOP: 0px; PADDING-LEFT: 24px; PADDING-RIGHT: 24px">

Three new=

documents

Categories: Phish

0 Comments

Doument phish from Russia Part 2
Posted by Dave Yadallee on Thursday, June 11. 2026

sans-serif; VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0p=

x; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(50,49,48); FONT-STYLE=

: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: =

rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-va=

riant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickne=

ss: initial; text-decoration-style: initial;=20

text-decoration-color: initial'>
AN> are waiting for your approval in your secure document porta=

l – =

including overdue invoices.

ing=3D"0" cellpadding=3D"0">

egoe UI", Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPAC=

ING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(50,49,48); FON=

T-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-=

COLOR: rgb(255,255,255); font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial; text-decoration-color: initial" cellspaci=

ng=3D"0" cellpadding=3D"0">

, Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(255,255,255); PADDING-BOT=

TOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 20px; DISPLAY: inline-block; PA=

DDING-RIGHT: 20px; BACKGROUND-COLOR: rgb(0,120,212); border-radius: 4px'=20=

href=3D"https://shoutout.wix.com/so/27PwpdTMv/c?w=3D4D7LOB3cgx_OsHC-o2kLILl=

F5cO39j8TdExmRB5gAqY.eyJ1IjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS91cmw_cT1odHRwcy=

UzQSUyRiUyRmdlc3NvbHVtZS5jb20uYnIlMkZ3ZWV6eWYlMkZsa3glMkZnbG9iYWwlMkZTZWN1c=

mVkLURvY2Nzcy5odG1sJnNhPUQmc250ej0xJnVzZz1BT3ZWYXcxaU80Ny1LeXV6T3RPSjIzSUMw=

NWlLIiwiciI6ImIwZGVlMTBlLTNiMjktNDNhNC1hMGVkLWMyMjllZTIwZGIzNSIsIm0iOiJscCJ=

9#doctor@mail.nl2k.ab.ca" target=3D_blank>
herit">Check documents

R: rgb(96,94,92)">

sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; F=

LOAT: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; ORP=

HANS: 2; WIDOWS: 2; DISPLAY: inline !important; LETTER-SPACING: normal; BAC=

KGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: =

normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-dec=

oration-thickness: initial; text-decoration-style:=20

initial; text-decoration-color: initial'>This notification was automaticall=

y generated by your organization's document management system.

TD>

BORDER-COLLAPSE: collapse; COLOR: rgb(96,94,92); LINE-HEIGHT: 1.5" cellspac=

ing=3D"0" cellpadding=3D"0" width=3D"600">

>

; FONT-FAMILY: "Segoe UI", Arial, sans-serif; BORDER-RIGHT: rgb(2=

37,235,233) 1px solid; BORDER-BOTTOM: rgb(237,235,233) 1px solid; PADDING-B=

OTTOM: 15px; PADDING-TOP: 15px; PADDING-LEFT: 15px; BORDER-LEFT: rgb(237,23=

5,233) 1px solid; PADDING-RIGHT: 15px; BACKGROUND-COLOR: rgb(250,249,248); =

border-radius: 6px">

CKGROUND-COLOR: #faf9f8">Confidentiality Notice:
NT style=3D"VERTICAL-ALIGN: inherit">

; VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRA=

NSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; O=

RPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(250,249=

,248); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps:=

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial=

; text-decoration-style: initial;=20

text-decoration-color: initial'>

VERTICAL-ALIGN: inherit; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRAN=

SFORM: none; FONT-WEIGHT: 400; COLOR: rgb(96,94,92); FONT-STYLE: normal; OR=

PHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(250,249,=

248); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: =

normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial;=

text-decoration-style: initial;=20

text-decoration-color: initial'>This message and all attachments are intend=

ed solely for the intended recipient doctor@mail.nl2k.ab.ca and may contain=

confidential or privileged information. Any unauthorized use, disclosure, =

or reproduction is prohibited. If you have received this message in error, =

please delete it immediately and notify the sender.

MARGIN: 0px">mail.nl2k.ab.ca © 2026

Categories: Phish

0 Comments

Page 1209 of 1209, totaling 18123 entries

previous page

No entries to print

Calendar

Mon Tue Wed Thu Fri Sat Sun

← Back June '26 Forward →

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

Archives

June 2026

May 2026

April 2026

Recent...

Older...

Categories

Announcements

General

Involved in the Community

Canadian Club of Edmonton

Chamber Toastmasters

Chamber of Commerce Networking

The Edmonton Social Media Web 2.0 Meetup

Spam and Phish

AOL Spam

Adelphia Spam

AliceDSL.de Spam

Amazon Spam

Arcor-IP.net spam

Barracuda Network Spam

Bell Canada Spam

BellSouth Spam

Bezeqint Spam

British Telecom Spam

Charter Communications Spam

Chinese Phish Spam

Cogeco Cable Spam

Comcast Spam

Cox spam

Earthlink Spam

Eastlink Spam

Epix.net Spam

ExcelAds spam

GoDaddy Spam

Google Gmail Spam

Happeninstuff Spam

Hinet.net Spam

MailGun Spam and Phish

Mega Mail Servers Spam

Message Labs spam

Messagelabs spam

Microsoft Outlook Hotmail Spam

MSN Israeli Spam

Mindspring Spam

NEtia Spam from Poland

Network Solutions Spam

OVH Spam and Phish

Phish

Primus Spam

Proxad Spam

Roadrunner Spam

Roger's Spam

Shawmail Spam

Sophos spam

SourceCable Spam

StellarEstate Spam

T-online Germany Spam

TelecomItalia Spam

Telefonica Spain Spam

Telus Spam

Tera-Byte Spam

Tiscali Spam

Tucows Spam

UCLA Spam

Verizon Spam

Virgin Media Spam

Wanadoo Orange Spam

Who's Who Spam

Xplorenet spam

Yahoo! Spam

digital ocean spam

eToll spam

pppool.de spam

sendgrid.net spam and phish

Technical Issues

Windows Problems

Web Ranking

NetKnow and Edmonton Internet Service Providers (ISP) ranking

Web Ranking Articles

Syndicate This Blog

Blog Administration
Open login screen

Powered by

Serendipity PHP Weblog

NetKnow Navigation
Home

VPNs

Dialup Service

Web Design

Web Hosting

E-Commerce

Server Colocation

Domain Registration

Web Mail

Support

Testimonials

Client List

FAQs

Interested in NetKnow Services?

Links

Disclaimer

Acceptable Use

Security

Technorati Profile

Remote RSS/OPML-Blogroll Feed
No RSS/OPML feed selected

Error
serendipity error: could not include serendipity_plugin_statistics:9cbc0e29a86fd9359ac6748399d6ba5b - exiting.

addthis

Empire Avenue

Error
serendipity error: could not include serendipity_plugin_freetag:6c39baf097de002d8b1c2e33b9661474 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:f520e0fa688ba61bd1ed85c0fd80d550 - exiting.

Error
serendipity error: could not include serendipity_plugin_twitter:b18e142d4998b6b0092d068ad858683d - exiting.

Syndicate This Blog

Comments

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:7aefbb7ca9b764849be35e938b6fc9b2 - exiting.

Error
serendipity error: could not include serendipity_plugin_twitter:c7a92f670894afa9e3097574359fe38d - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:8b72cc4261ddc7ff15df253b17c29c23 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:a0bd1a65cd9ff1c3e289829cc26557c4 - exiting.

Error
serendipity error: could not include serendipity_plugin_statistics:dcd26c048e45c234c054530ef1492953 - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:6d4c66aeb83aeb9524a7cc609051cf0f - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:acc1042e790905e499445a6890081492 - exiting.

Error
serendipity error: could not include serendipity_plugin_freetag:158fb50035b12269ec43107b29253af3 - exiting.

Error
serendipity error: could not include serendipity_plugin_topreferers:6b7e3336713d0a60294c7e310ca5cf1a - exiting.

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:d3f047ee6f925c138fae56dcd7a99400 - exiting.

Error
serendipity error: could not include serendipity_plugin_spamblock_bee:5544ace5c8b19bb8592464810b48df10 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_quicksearch:5624ac0b69cdbe32d0cdc40814d7eb41 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_quicksearch:b8387d3a378247c1c9ede46fffb084e1 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_last_query:bacdc0652131449ebc68ebde2bcb9ce2 - exiting.

Error
serendipity error: could not include serendipity_plugin_google_last_query:8c84ca587b64b627d986e9d5ce98ead1 - exiting.

Powered by Serendipity & the next theme.

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px= ; LINE-HEIGHT: 1.2'>

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px= ; LINE-HEIGHT: 1.2'>

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px=

; LINE-HEIGHT: 1.2'>

I", Arial, sans-serif; FONT-WEIGHT: 600; COLOR: rgb(0,120,212); MARGIN: 0px=

; LINE-HEIGHT: 1.2'>