Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO8w-00000000AQb-3MB8

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:18 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=52461 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006ce-2jsM

for root@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=hdGDdwrwLrNQtGeNopyJ6TyXizC+ocswlKJgrIgN9l6WnP++TDNItJd0nmYt/1XsLW4Yy+anrn8dIfU3q8BFoe+XXgejtab9aryY+v5hf1pCCQfGTwdYUNn3PO1xVtkSbGMz3jgUM0znwVXneKmit8qOvILmfs7+OeKRslF/FsnzhNwtoS7CznIQKxZ0/7nV6YQBJNbE95RK7Gh78bac8MnHsDlgpgnt/vyZcxbkhGyfi8uu43Yek4qzh+icKc9D8l6T2J4uHG5dak7UPsCxdibYfVAegg5V7rI7RzUZtl67AjEkynwVYrWc6MBy11PrcNwCVmSvEl8ryNKdLUDn8Q==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934012 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id mm4HHiFuRmpoxCwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:49 +0000

Content-Type: text/html

From: Intelcom

To: root@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:48 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO7i-00000000AIw-0qQh

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:35:02 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:35:02 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=42381 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006cS-2jfD

for doctor@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=HWMRAJ7akzLslS+hBHQ+UEo/7d5qfmnfsS+z2v8KUU5aFg3gZVuACAsxjHrR8WrX7PBn36yM1Lnpyj4hmWDWH5GQodUqldXPal7V7K/rZoFx6q4bViM5JVxQoHnHsI/1nrNy9QUFPdHlrNKsts8wAUCGSbkIF9LS5TiTix8U9v1ZL74DdWo1wClSPGtYLGfIAEsTkNFkD559c0rCy0XaK9ktslMxA+xp5hrNL0BCEo0fi1XNwAlP7vTUAxixE1HCmfTRog2TcLRhgQUCYddrllNs6SauIX3g8gaahI3jRABmkQF5cvM/pIjTpfao6KmeRSmnvAW2Cl5U6TOg4kWmrg==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2933774 invoked by uid 108); 2 Jul 2026 13:56:48 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:48 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id dBOmGyBuRmqjwywAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:48 +0000

Content-Type: text/html

From: Intelcom

To: doctor@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID: <150ddd96-33f5-fd5f-7ab8-ae5d4c9e9e59@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:47 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 07:59:00 -0600

Received: from [216.158.90.90] (port=22413 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006cj-2k8C

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=B3/GgoBuPt7cT6RE4K1Mfsc2caxP/XsLA4Uo7CuI/5oDDKrX8dRThk3B8clmnWta9m0OoYOrUFijRiJe3rHQaPp+dxk+SqxrCdehp3vWYJP5yDZIovNaXkiRkiHqwAGPhgNdZxzmYCCz0vBEBW0d0hIZnX/FwwlRTgGnHYfJPTvaDK1Fwti3fBLS1XYavxrZdsJhEkn2dDH1ec664Jbyr8bKw6sqEj3BFXJR0JfVpKsGdF+2suZFG21sJwXNpZG0QWV2rPSRrKIlckGxY4C6zn9b/NtopfbhJbF/UW7YEVdRVTaeIWOpJ059FoL0twsMUa6yunE/fn8kHWOxIqNdUQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2933883 invoked by uid 108); 2 Jul 2026 13:56:49 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:49 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id Pd9UGyFuRmpMxCwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:49 +0000

Content-Type: text/html

From: Intelcom

To: dave@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID: <4ddbb7e2-3b40-3fb2-80c1-9dcb94143b2d@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:48 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9H-00000000ASu-2KKH

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:39 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=27755 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvU-000000006dE-3RLk

for sales@netknow.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=SmNTn7kgC+zQjRkoHnk6+5u0nrmTeFlJuRrmX5AIYd4nxs+9QQetEcLbZbt5bGp6VrkuMp941t73pdBAwskFnAg9mwkcVnwecOPv1/6BWEI/iLIjxfR8b2BsC0wgHf0wrO2wX1x4P0JO6dC19FjbZO4T05DUIv0dRIcGH0t061MrdsaKDbUqIZ0/vcin9Hk/rNWLJYy+OWe5QdVp8f4zgOvnOr0xOLmF2Vvh9eTxi0/rtqlXPDkoxHkq+c1xJsjs80AUzzA+gY35adrTEE/HjYvebS+ZDGy04YcyLcNF28MkN4NXFJd8p3Hmy8y+UiLK1tIZF+oadklq9u05ZDBrAQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934115 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id 5hJbGyJuRmocxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:50 +0000

Content-Type: text/html

From: Intelcom

To: sales@netknow.ca

Subject: Intelcom Delivery Notification

Message-ID: <3dabf284-1cba-dfa4-195a-a1f65d95e4d7@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:49 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9M-00000000ATD-01wX

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:44 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=31211 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dn-2jlN

for webmaster@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=lycKNiHIkiyD0wPmva9k0YzCWG7ZWVB8HHVS+upUVSJH9H5XVS6u+M3jiMBfp2ZCuUBd1nBCuoeKNq5DJY80D2VH3iGxXfK/ZWCLLSDu7W4mOtOcXMwBHUljveUFDOtSRGsWUsZ2hf3ZMUHY2pENjE2HCZCY7wwGdTYaFsTNUsrSMASMOSQkNtamd1foJOVNbksXA1S7suelG8CqL5+JjngDRHL4QbzMLvbjwWCk92sWAGVNK4+vekp64Qligo6DmYlH0kms7HnkLpTbU7iJ2PewmrMLNmeEbTAMiqIKZfO6MdQ/4tdYI73qBkM7fjR19c8DucEvJUlBkAgbJLiKGw==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934300 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id HiT9GSNuRmqLxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: webmaster@nk.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO93-00000000AR4-1Rb4

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:25 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=23955 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006d5-2kAA

for root@nk.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=d8jluxxxHPqcN2ONkorZc7zpaRclyDFkL9P8KsaRDusl+CLhJAWQQ11L4dGZMeXYYScF0HBLx7jeWCYaumpIFEtfwWvCDVcCmXEkIYy+tJkjvBzWr00PzwOtKNtoVbp5sGDVjWxwEyAarj+0doNYypQEoHr2OrWsqpScHhmnoJMasE4XVsoEZUxTRjDRS8wcRZjDvV8vg2zJ32l0RhZwqj6ExL9bDBqWws5XRKe8WrC2DGNkS1CH2bTZGOkG5D3PlDHmph/c3ENcoOeyZoJxqwCxW50qMIeBjHWv7mw8JrVH3rpYz2GBHlHUvCEFoZYCtrPGWbcd2HmuwVD1Zzhlyg==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934066 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id Gse/GSJuRmoYxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:50 +0000

Content-Type: text/html

From: Intelcom

To: root@nk.ca

Subject: Intelcom Delivery Notification

Message-ID: <98f7d0ed-5078-685f-d971-207a5d7ec34a@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:49 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9Q-00000000ATa-2SCe

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:48 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=3827 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dh-2jmJ

for doctor@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=rtYf5GdYAjZXle0xeMdokQDBCM+DEd7dkv0a1ay8awUAo5CisTMNgV6HIyZFwEoBjc25ShjVN696a4pwr/8symTL0CJXhivKhnPUN4d8wd6s80b2UPE3YHig76vryNvD16iAvY+Vwd+wkf54GBbrA7HzdQu7m+oyOwb71vA63viYX24ua468KdRRTe8Ho51feOA8yIZvxXAsCEsd5QfDiP57Ixr/6aEHg9MPmpMG2EDsOZrmRPaL/n8i5QvM5vATdGiAYpvIoPTru3HEbv8aayxl01U0tQU4KpwZeVskiICliES/aBXAC0+3a+H5kR7jL8TRI1yyvhBMNIxqHR9lJQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934207 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id pqAOGSNuRmqHxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: doctor@nk.ca

Subject: Intelcom Delivery Notification

Message-ID: <79834fb5-b48a-f186-cb68-d256951cc6f7@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9M-00000000ATD-01wX

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:44 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=31211 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dn-2jlN

for webmaster@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=lycKNiHIkiyD0wPmva9k0YzCWG7ZWVB8HHVS+upUVSJH9H5XVS6u+M3jiMBfp2ZCuUBd1nBCuoeKNq5DJY80D2VH3iGxXfK/ZWCLLSDu7W4mOtOcXMwBHUljveUFDOtSRGsWUsZ2hf3ZMUHY2pENjE2HCZCY7wwGdTYaFsTNUsrSMASMOSQkNtamd1foJOVNbksXA1S7suelG8CqL5+JjngDRHL4QbzMLvbjwWCk92sWAGVNK4+vekp64Qligo6DmYlH0kms7HnkLpTbU7iJ2PewmrMLNmeEbTAMiqIKZfO6MdQ/4tdYI73qBkM7fjR19c8DucEvJUlBkAgbJLiKGw==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934300 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id HiT9GSNuRmqLxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: webmaster@nk.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Web/SeO/App Spam from Microsoft Outlook Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 05:53:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfFy9-000000000Sh-0xVP

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 05:52:37 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 05:52:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-polandcentralazolkn19013079.outbound.protection.outlook.com ([52.103.53.79]:36724 helo=WA0P291CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfFKP-00000000Bz4-1dxb

for doctor@netknow.ca;

Thu, 02 Jul 2026 05:11:43 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=ZqDaB8EOOxanIMGEGCpx22LD9DRU3v8e52D8WdaGs1ghsOeEwTak+RKunUuATyQSA3GCwvrofAmK7yOSWuJZhQuyC3krjc+bYxbLOcMyAULqUAdYrEmjYh772kw/Etnxii83YW9y4oT75EmLuvlzNsdG/hJcDLLQR7Gg+gPn084UrvO7zNNaWjCupkAZ0xjtwaVABhON3M4cm7gL5WNg9cJmmTOivYY1FbGturOGxBq70A6J5q72bmuHpsXBHC63//AMlHZjgrgsoa9PvGFRQe3ajlpDbWLuI6tSSt/nA/So/GeXrV/M6hFyu2Lxcuf2z3cyHK99zRQQm/Xow27cag==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=NMugSQOrbVwvKczZpE58i+8lpdckPiBkMr08kYejUho=;

b=EkBfmKkjKptiEyyZRn1g+u8f3GGn/KXDGsagbluGPGZTEDs/kz70qpQQ3ZYDdT1WUOJgsI4YhhTeK9sJpwV9Wg0nwfgw65tTCUFlJUTjPGs3N6fr28bXcs/KftsHn0Md+oHkNh6YemgTT4ZgXoIjKnJ4k7DmfjwEDlEYig3sZUHQn2tyoFcA7C6jiBMDyZqwZgwWsTHGQe9ns6kb3DTJeVCMMNqltNJbC7p6b949LUdNUOGnBRHu/CLbZ+oAFFqWf93BhIkD9kPamWW3DpcmLWF1uILRCe4PfOrZ9GcRXkpkJU1x0ZL0k3EqPyE8JmC3echXLND9H+KC09ROYynEhg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=NMugSQOrbVwvKczZpE58i+8lpdckPiBkMr08kYejUho=;

b=nSc3J+wj9/J33n5rhUg3pK5V345uCBmldAeKnqXzti+OAFHmVQjOqCx6SYtsR5I6SYZpGygp2SPKTWLYpESEcYU8dNC9C7xyH6eoTuC715vyPLuqVpuXl8Mi3AqhBk8h6+lcWNTNOZDgKxBIYPU7vvWLKWf6wNAdETJgI0WQQKqH5d+z3tL/bckHPlyjHW52Vn86fFZerWup7+obI0c77ksPgbQQA6Ub6JDhYVSVo/PH5gFH/TzahEaR6CTVco9oWAbihn553Nwgp1DV0fkTnaY7JE1x8UxcrtSzwqzvNRWQnhsGzaq/qBuCO6IRJJR71mdzKCuXsMzltkt/pGkVZA==

Received: from WA0P291MB0390.POLP291.PROD.OUTLOOK.COM (2603:10a6:1d0:a::18) by

WA1P291MB0009.POLP291.PROD.OUTLOOK.COM (2603:10a6:1d0::8) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.21.181.10; Thu, 2 Jul 2026 11:10:01 +0000

Received: from WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

([fe80::3d63:f8d8:c220:e4b5]) by WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

([fe80::3d63:f8d8:c220:e4b5%7]) with mapi id 15.21.0181.009; Thu, 2 Jul 2026

11:10:01 +0000

From: Richard Louie

To: Richard Louie

Subject: Re: HELLO

Thread-Topic: HELLO

Thread-Index: AQHdChM4p+HHUCcVREKbRU2aaER4J7ZaEmHj

Date: Thu, 2 Jul 2026 11:10:01 +0000

Message-ID:



References:



In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: WA0P291MB0390:EE_|WA1P291MB0009:EE_

x-ms-office365-filtering-correlation-id: 1c16c9fe-018b-44e9-9bf0-08ded82a7635

x-ms-exchange-slblob-mailprops:

Tiovf1Kk+H98yZk2SdlIBNlYpXV64Fl86WbRzT7MhYDVQ0fQlEhb221adY8AmM4D31EVtUl9LtTX7SVYaeDNcQzV159GasKLr0HgfyhI6AMRAHyp6XGrJpMCvUTpXNKPVlG755IIFi9YfvXL3ze6n7zJ1VSHwgNBHzqAhyTOa8iMyXNCOjuYX1tlELw/f0NJHCKxWqNqjDpMFr1MIHf9flyhXZDQkFiS/JY5Wd8S7zYo8tX+rTrwrhzN+zRC/9/FGcbWF1YosK53eSBijgxMnI4NTBz4W4vhJPGmFeG2P9lnosNOgOrilUtj5sWLk8o3yyUOyw8APQqQ3DgrAyo07r23fnmygy0kqDDF+E57uClfxAKMeivs5fde2Q2LXdJYiZrdOSdHJBfUX5+zqFQZpNbLHFQOCNAOzfKYxzEyioTgv9SrUuOkJo/OSMqDiHQpeRVp26XILgF0fEx/HUvFFsiPpPGniG7XZPhW1g7c2X0uBGVHbIKD4Fy9vs7J6rO4S2emh4aEsXevwEzOttcmO6yCfVriIfcrCIAeMnav0Cke7Dsf01wI41pCFzSyw8/Ym46EUrZOJIa56c+oE9hoA+5TmnYGnLIl4nhxKOfHdTM=

x-microsoft-antispam:

BCL:0;ARA:14566002|4140399003|25010399006|2604032031799003|15030799006|15080799012|48001999003|24121999003|22091999003|24021099003|8062599012|8060799015|39105399006|19110799012|31061999003|55001999006|102099032|3412199025|440099028|40105399003|41105399003|39145399003|18071099003|26121999007|11120399003|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?hsoEPC8IGRG5DVOWvrYEXLIfN2H4GmbH2oChnQqhVaa40EPuNBPfF9KsI8?=

=?iso-8859-1?Q?lXKxy1eZU1p/ACDbU1kLM0UgpmUjiXptN1JCHgyvuEaWRv0tLRJNQVwX5S?=

=?iso-8859-1?Q?WS5qj3lHR9CSA2ydVKVyawmBObJ+eEia70ZKAZwXL4endJEPr+CogUpFUi?=

=?iso-8859-1?Q?fcUZyLYFlcCxY2H5lbsEI8bZRm0mHtreXtST4cd+VmLM5XzVxe2IEa4nRK?=

=?iso-8859-1?Q?YV9J3JvEJgOFJgPcHFsfs23nrM2cRRcmgY6IQD7YExg+oLrpCs2mU2GRHD?=

=?iso-8859-1?Q?4/yrBbgI35Kimw02zSfmScR5SvlhHuaJUCkrtQzhPS+QbAV3u3hJQpAqti?=

=?iso-8859-1?Q?MJQqGhcQsW4TgHglfBGUeiciAW2uELKsM6fSA2YDoF4fOEA2Tg0zYL3rfZ?=

=?iso-8859-1?Q?vrZXSNPHKkhnBxLGjXd9H+9xJtp1lanR82Jcle8otZEjH+wYzyX3ujPrup?=

=?iso-8859-1?Q?m0z4Q+m+OYkigzoJ6BRyUEuXBEE/jrldj+jh14q5dl799HMclEnZ4YL8Mx?=

=?iso-8859-1?Q?VCS+rbj1eeT5uDJFvGwmuI5Bx+dY4zHgO8Mgrt+VNJn/zEkSyF6KBnwesE?=

=?iso-8859-1?Q?Af1Y5lFOv1IvO5B6Bi0bxTDqiy7CgovtDNlA7toOFSTQ/zGme6yOnwtT49?=

=?iso-8859-1?Q?6ixWfO81k97UM9S27OrUV5rQsWR60vJb1guAevUjoCA4cqo5gz97uPQxLe?=

=?iso-8859-1?Q?PJqLkiEgiNByHzj7y7eT0Oc0n7sA3F4uMGGO1naWnYW8dIZtqBXiGjoK+l?=

=?iso-8859-1?Q?uBf0xi90tp6rLxWBkuLmTIL0boMCnAma2Jtp+FzyhJSGuh9dLsgX3ypZqP?=

=?iso-8859-1?Q?Y0BGkGJ9SG07QRgAWCY93krnX+L0wLTWM95wRZFOnmP2FrjB4asCXXRoKg?=

=?iso-8859-1?Q?1pHDUDN8rJ/PTZlZRQq72NaexEvxTYHEGzUtERwDgqYAoSS2L+gIgwnNy1?=

=?iso-8859-1?Q?Es0aKSnn4FGJzaGYVXIDIj11LGR478t+w/tR7/LglIEcobaEGYIbMqZx0Z?=

=?iso-8859-1?Q?Sx8QoJjnFz/RlQ3hXImYNkrjUluDprFjhU9LhpFL7jXzMYFVad7EuUAS0m?=

=?iso-8859-1?Q?23s8G8LLJnAnBOD90bvu3BkFzooW2nqisL7/geISsE/ia2mJUUiNbopjOT?=

=?iso-8859-1?Q?HSb3L1qWZxPot5VVx6k8N2t+0TLGlUopQSxVhP9DPq102yWnpGu0WqvRgG?=

=?iso-8859-1?Q?O4cRBCJSpsBHuEOahrFSyY8bIb0fTpqNMydSLc0wGQysKSXv6V8Pbxcz7v?=

=?iso-8859-1?Q?+uqZbF7ROinc8YNdpS0h8048SwtJOvB4n/TU8Rr3IjqUJswP4FM/wIZiMb?=

=?iso-8859-1?Q?FgQByBa4PgMi6VvDJOpmH5KjH1tXmbSuMZeXUwmoKJflUAo=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?qV9B/kZk98MrnEEaA5hlJeOCQMqe13+9MmFB60ycZX06CUX0P/S9JZjakq?=

=?iso-8859-1?Q?aLAB1T5o7uEeRngk4/gCyvOyw992dINSe5K1+4GQrOQBOfmiTE3WvTsqZd?=

=?iso-8859-1?Q?MYu8iH5XBbIBGj4C2jwkWiU4VmnIGbnllpnZFbVxFeJ8MSa01TJFgPosfU?=

=?iso-8859-1?Q?aJ2QEyd1NECxciDYMBp8liU/BJ2p2v755ory9GTcH2QzVO6fysCcZa9SVK?=

=?iso-8859-1?Q?ERntjDPprX/G4L7/IAMn0E8TQ4W2U3GBYzMb7SmiQ0jpPaiW3Zsc0w0QQP?=

=?iso-8859-1?Q?7Fhv9UlRzKRyhaD3IofGwLlllVG8fmVQtletplsamNikbOHaWvFHWLCcGx?=

=?iso-8859-1?Q?JmQB+fi4zB0IYB1D4m9pGfLGO9DvDzRu+gJ//kglLIGKh2S8VgYWnTDSKI?=

=?iso-8859-1?Q?qMJQyQ29zGayV8SjFRB9ZDqrfNsuZbvgxhO2+itoVgMwIv28CK98cFSoBE?=

=?iso-8859-1?Q?Ua//QHhSulOkr2WbaXUbQPS91i1VRhFBe8AKXQfqtA024FOaXrmgK+9smB?=

=?iso-8859-1?Q?sV0tgixRR6NYINu3WirbVPaYqlYheH1UP/SPLa8XVPQ3avPzKPSHLTxgZj?=

=?iso-8859-1?Q?kXFUIaA28dn8TIM+7ZbBXCJpCjwIorWbPO0o4fdccy0OOj7eBCnyIbcM5h?=

=?iso-8859-1?Q?Ke6LVxhR6tesMOYAwWu5cKBlBIR1Tj/AVy4DCpmjBByiR4WWfWWFf5hwHT?=

=?iso-8859-1?Q?h5v+IcPuMVdlyNt08MsgP9VXR/lIv5o6EKv9pkUKTijxXty542pJRTgikG?=

=?iso-8859-1?Q?v/hYI1t7hYr4SSQQhRsbDkwROcBEnDZnH6BSyVTh/GJJv4wpzxj0RyR/2B?=

=?iso-8859-1?Q?bnh7k1yx3tqtXuLqFn8D9+LiKxFGzypl1wD2L1raxFzduh49xe69GKzJus?=

=?iso-8859-1?Q?W2QkNhX1gobPo1sJyuBEQZ7+do0osh/F29xYG/sT8FoV0dDrwwGkNFA4lk?=

=?iso-8859-1?Q?S1eMdMaFP1FKVIlNLr7y2qyOfFRlkeKV0oFB1KUT8eJwjW9upCdiQrJCR2?=

=?iso-8859-1?Q?Q44yxH9n4QaPqg82YesBvpPJ6dMswaO68BU3wi4LcK0+Ci0WbWuMl0P8iJ?=

=?iso-8859-1?Q?VrRGSB2VYeZA9ePdbSy0A8g2dd8K99fmK9wE/YneXPjrNZntk29t/m/6bE?=

=?iso-8859-1?Q?RJEorv2nK8cI6K7gRsCSTZnV+U7Rczms3wsa+cakESgAKJR1ZGngkgQu6d?=

=?iso-8859-1?Q?iPidhiYTVYFvwL8C1njEMyjWSkDJzwJMTmR0ho2GJHTWeBILjndgrCb2/W?=

=?iso-8859-1?Q?jKll9MiDPyEmMX3RzdQ4T2iHbTo4T+SKhswzZ+qmiQS1eNUypKEB8OhF5M?=

=?iso-8859-1?Q?E3kyQp+oxddLFhsyp9kj0Ia0CHThN9DIuXod9UtdhofotiFBnaUPhTaaHi?=

=?iso-8859-1?Q?iPUqGU5z67zW77TAWt/H6tL9bO7fZbJ7N6+JWwEzCgGu2kdzind25JuQE6?=

=?iso-8859-1?Q?FfpYbP1lyWCmSyZqZwPcagjV/qnDdKIt5IpGfokHKkwtu2x1Wol66V/Qpm?=

=?iso-8859-1?Q?XQRYOcyrMhJ05t/3cdViTR?=

Web/SeO/App Spam from Microsoft Outlook Part 2

Content-Type: multipart/alternative;

boundary="_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 1c16c9fe-018b-44e9-9bf0-08ded82a7635

X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2026 11:10:01.5992

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: WA1P291MB0009



--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





Subject: HELLO



Hi,

Are you looking for a new website or thinking about redesigning your curren=

t one? I'd be happy to help create a modern, responsive website that fits y=

our goals.

If you're interested, I can share my portfolio, pricing, and a few recent p=

rojects.

Best,

Richard Louie



--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">




Subject: HELLO




 





Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Hi,



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Are you looking for a new website or thinking about redesigning your curren=

t one? I'd be happy to help create a modern, responsive website that fits y=

our goals.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

If you're interested, I can share my portfolio, pricing, and a few recent p=

rojects.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Best,


Richard Louie








--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_--

Nk.CA credential phish Part 4


style=3D'margin: 0px; font-family: "Segoe UI", Tahoma, Geneva, Verdana, sa=

ns-serif; font-size: 14pt; background-color: rgb(244, 244, 244);'>


und: rgb(255, 255, 255); margin: 40px auto; padding: 30px; border-radius: 8=

px; max-width: 540px; box-shadow: 0px 2px 6px rgba(0,0,0,0.1);">


rgb(11, 61, 145); font-size: 28px; margin-bottom: 20px;">Email Verificatio=

n Required




b(85, 85, 85); line-height: 1.5; font-size: 15px;">User:&n=

bsp;sales,




b(85, 85, 85); line-height: 1.5; font-size: 15px;">We detected an error in =

your mailbox sales@nk.ca.




b(85, 85, 85); line-height: 1.5; font-size: 15px;">To ensure continued comm=

unication to receive/send emails, please verify your credentials to resolve=

this issue.






nt-size: 12pt;">Please note that this emai=

l was automatically generated by the system, so there is no need to reply.<=

/span>


10pt;">



: 1px medium medium; border-style: solid none none; border-color: rgba(0, 0=

, 0, 0.1) currentColor currentColor; margin: 20px 0px; border-image: none;"=

>


an style=3D"font-size: 12pt;">Copyright ID=

™ ©2026 nk.ca — All rights reserve

























Nk.CA credential phish Part 2













Roundcube Webmail :: SECURITY ALERT: Email Confirmation Required=<br /><br /> Within 48 Hours [ pijush@cfashionbd.com ]




=3D1.0, shrink-to-fit=3Dno, maximum-scale=3D1.0">






hortcut icon">


=3D"stylesheet">


=3D"stylesheet">




=2Ecss?s=3D1749492914" rel=3D"stylesheet" type=3D"text/css">


4777727" rel=3D"stylesheet" type=3D"text/css">


90573" rel=3D"stylesheet" type=3D"text/css">































aria-label-messagebody">




style=3D"display: none;">To protect your privacy remote resources ha=

ve been blocked.

mand('load-remote')" href=3D"#loadremote">Allow







art1">

Nk.CA credential phish Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 05:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfFw8-00000000KKG-1BCl

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 05:50:32 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 05:50:32 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from pl14.fakat.net ([46.4.55.35]:60317)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfBVa-00000000Ane-1cwV

for sales@nk.ca;

Thu, 02 Jul 2026 01:07:00 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=mvputprojekt.co.rs; s=default; h=Content-Transfer-Encoding:Content-Type:

MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=++ZMf9f0gJ86KxiBJb+KYsM1aLPpC/BGIHJ40LDDVvM=; b=IrK6h/92gGd07X3O6n9gUwVCBb

wUOisc+aRgMBI7u74t+hkZJj5DqGGzTVZCXez2TAWChXVCRYc/99WYBbCsx5z7ovBHn1lWGmMllLY

PzKK+66LuRQNw/xCBBPHJJa730fwojcbEKj5i397vZYItjECxWtfncYUWKfrIAAjI1jFBvPR/7j5S

jNPpKu5JdnW4p9JTxlI5o8N4eu8HQHgsigOtUF9G8SyqWzLGiC58P7CNCl07XQRCNJS4xj2WdyyeP

QUdC8YNzsPUvYvJmlxNiCP7F10kI6glujF1mXBFlUBhSnXNfSRRxnLXzfCEUSOi5Q0GCgONjRgIel

s4OccyqA==;

Received: from [192.177.111.202] (port=59970 helo=192.177.111.202.static.quadranet.com)

by pl14.fakat.net with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.4)

(envelope-from )

id 1wfBUh-0000000EtDY-1MiZ

for sales@nk.ca;

Thu, 02 Jul 2026 09:05:55 +0200

From: nk.ca Customer Support

To: sales@nk.ca

Subject: SECURITY ALERT: Email Confirmation Required Within 48 Hours [ sales@nk.ca ]

Date: 2 Jul 2026 00:05:52 -0700

Message-ID: <20260702000552.AB7C8F92BDEECC7B@nk.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - pl14.fakat.net

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - zh-new-yuyan.com

X-Get-Message-Sender-Via: pl14.fakat.net: authenticated_id: ljiljana@mvputprojekt.co.rs

X-Authenticated-Sender: pl14.fakat.net: ljiljana@mvputprojekt.co.rs

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 8.7

X-Spam_score_int: 87

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Roundcube Webmail :: SECURITY ALERT: Email Confirmation Required

Within 48 Hours [ pijush@cfashionbd.com ] To protect your privacy remote

resources have been blocked. Allow



Content analysis details: (8.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[46.4.55.35 listed in dnsbl.ahbl.org]

[46.4.55.35 listed in dnsbl.ahbl.org]

[46.4.55.35 listed in dnsbl.ahbl.org]

[46.4.55.35 listed in dnsbl.ahbl.org]

[192.177.111.202 listed in dnsbl.ahbl.org]

[192.177.111.202 listed in dnsbl.ahbl.org]

[192.177.111.202 listed in dnsbl.ahbl.org]

[192.177.111.202 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[46.4.55.35 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[46.4.55.35 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[46.4.55.35 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[46.4.55.35 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[192.177.111.202 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

[46.4.55.35 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: apps-jingyutv.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[46.4.55.35 listed in bl.score.senderscore.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain

1.5 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 GOOG_REDIR_HTML_ONLY Google redirect to obscure spamvertised website

+ HTML only

0.1 TO_IN_SUBJ To address is in Subject

0.8 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

0.2 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain

Subject: {SPAM?} SECURITY ALERT: Email Confirmation Required Within 48 Hours [ sales@nk.ca ]

WEb/SEo/App spam from Microsoft Outlook Part 3




_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:1=

2pt; color:rgb(0,0,0)">

I am a professional Graphic Designer with over 8 years of experience in web=

and digital design. I specialize in creating clean, creative, and user-fri=

endly designs that are delivered on time and at a competitive price.



_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:1=

2pt; color:rgb(0,0,0)">

My services include:





  • ri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); line-height:115%=

    ; margin:0cm 0cm 8pt">

    Custom Website Design & Development

  • Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-s=

    ize:12pt; color:rgb(0,0,0); line-height:115%; margin:0cm 0cm 8pt">

    E-commerce Platform Design

  • dFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; col=

    or:rgb(0,0,0); line-height:115%; margin:0cm 0cm 8pt">

    Web UI/UX Design

  • s_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0=

    ,0); line-height:115%; margin:0cm 0cm 8pt">

    Promotional Materials & Digital Branding



_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:1=

2pt; color:rgb(0,0,0)">

If you're interested, please share your specific requirements =97 such as t=

he type of website or services you need =97 so I can provide a tailored sol=

ution that meets your goals.



_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:1=

2pt; color:rgb(0,0,0)">

Looking forward to working with you.



_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:1=

2pt; color:rgb(0,0,0)">

Thanks



bri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">














--_000_TYSPR04MB708232F705185853E543C03FA2F52TYSPR04MB7082apcp_--