Shoppers surprise phish from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 11:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v6BYF-00000000E3N-1CjF

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 11:32:39 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 11:32:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f198.google.com ([209.85.221.198]:56761)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v6Axi-00000000624-1hho

for support@nk.ca;

Tue, 07 Oct 2025 10:55:01 -0600

Received: by mail-vk1-f198.google.com with SMTP id 71dfb90a1353d-54a939c158bso10287671e0c.1

for ; Tue, 07 Oct 2025 09:54:07 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759856041; x=1760460841; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=c5IyRDwh1B0yYZI+nZowWaI8kHX1FV7RpCbCGpP2AcA=;

b=cMtzYig5+SE4rLibYGKCj2xHHJLuA6rr0uwgxqeboDCpoaTZWOHC49G0yl2M9rDLAK

4Z6pmlraGlpimzYxbwHi/uq/AEiCju8GA8kL2oI/dCJ2wfkQehnwdqFrZZlZ5/ZVUSO9

daIhvgZ4WfJS0syvAlJFTNCyVpPiolpwMYha1+zSr3RV1cRXC8APAqXoHQsBdrNbJv2K

EXBcndQMyvTspZr2vUNEMoo7b42F2cTPuYauWqXE4zDgw2HorhVuqrwa1UOrUTq0xKY5

/KpCii5A49Qqv1CDUqUGngkGTT1IOklrLgj6oFo9zaTmMOsLcdOkTHZBvQzv8P2sLhaA

tNcw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759856041; x=1760460841;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=c5IyRDwh1B0yYZI+nZowWaI8kHX1FV7RpCbCGpP2AcA=;

b=LKkchie3GueaGoThVu4VYcUajJEerWKKPUTJk3oEojn04JSRkrcv7Vw3SWMTXG5g3o

yt2M9RJ5Ng2Lp77nl9YeOi6FBVWzFu/rRJsTtue9v3GsztwWU5Nxr/4FSNNlYLvt5oA/

d/4Ch5ilMvoFydnuTCMfm2z+SodpRfQIiAD1ptCGcL9v/y7bfMWnyEorL+QK7038ripZ

1mAzpP1dHpkddtPYt+B7MAH45BMybxHKDRmEHueYUGE/fkL7PC9zUBL0fDut933xwtnM

g+7hqLw8y9rAGLxf1EyjJCmSUZA96dSvUJKRQ+KiSEiokD6CG3br9ZvUaCWpflc3P32X

36/w==

X-Gm-Message-State: AOJu0YwhYSfdobRA8b5GQJunBpOFy9X4lsnAAf/d0FYvw3HYhq5jbzQd

Bi6Iy94I3UBUdZaIVHM5ztLcq7FJ+Chjg4y7Ed7O9zRdMT2wRwJGtlc/UZ5MqBqTpTPKkJNQjCI

Z4F5huIhKSg==

X-Google-Smtp-Source: AGHT+IFJOMMwsm8y3yH+QP0otqqFZ5z2wjOMd/BLeXi7MaNYOLwvx0dEw+OA0hTNF0AAt+q+Zit7zKcltybv2KI=

MIME-Version: 1.0

X-Received: by 2002:a05:6122:c87:b0:54a:9fe8:171e with SMTP id

71dfb90a1353d-554b8b167a1mr147995e0c.7.1759856041649; Tue, 07 Oct 2025

09:54:01 -0700 (PDT)

Message-ID: <00000000000037e8e80640946a53@google.com>

Date: Tue, 07 Oct 2025 16:54:01 +0000

Subject: =?UTF-8?Q?=E2=9A=A1_Conrgratulations=2C_You=27ve_been_chosen_to_receive_?=

=?UTF-8?Q?your_Free_Oral=2DB_Kit_Today?=

From: Shoppers Surprise

To: support@nk.ca

Content-Type: multipart/alternative; boundary="00000000000037e8df0640946a50"

X-Spam_score: 11.8

X-Spam_score_int: 118

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your smile deserves this! Only a few free Oral-B kits left

- confirm yours now. Your smile deserves this! Only a few free Oral-B kits

left - confirm yours now.

Content analysis details: (11.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

[209.85.221.198 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.198 listed in dnsbl.ahbl.org]

[209.85.221.198 listed in dnsbl.ahbl.org]

[209.85.221.198 listed in dnsbl.ahbl.org]

[209.85.221.198 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.198 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.198 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: eblink6.com]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: eblinks.cc]

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URI: eblink6.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.198 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 OFFER_URI URI: Offer in link address

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A1_Conrgratulations=2C_You=27ve_been_chosen_to_receive_?=

=?UTF-8?Q?your_Free_Oral=2DB_Kit_Today?=

--00000000000037e8df0640946a50

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Your smile deserves this! Only a few free Oral-B kits left - confirm yours

now.

--00000000000037e8df0640946a50

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

ft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office">

=20

=20

=20

=20

=20

/>=20

1" />=20

=20

=20

=20

=20

0,700" rel=3D"stylesheet" type=3D"text/css" />=20

=20

=20

=20

=20

=20

=20

=20

=20

rmal; background-color: #ffffff;" class=3D" eb-drag-and-drop-builder">=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

-eb_f4498a85-ab6f-471b-afd3-d22280a702e2" style=3D"background:#ffffff;backg=

round-color:#ffffff;margin:0px auto;max-width:700px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:#ffffff;background-col=

or:#ffffff;width:100%;">=20

=20

=20

=20

=20

=20

10px 10px;text-align:center;">=20

=20

column-eb_70aa9164-3db5-43bf-8fd6-0b852b823ccd" style=3D"font-size:0px;text=

-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100=

%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

x ;">=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

=20

=20

=20

b4c5-22d1-4821-854c-ddf7f0952595 eb-image-full-width max-width-100 eb-image=

" style=3D"background:transparent;font-size:0px;padding:5px 5px 0px 5px;wor=

d-break:break-word;">=20

=3D"0" role=3D"presentation" style=3D"min-width:100%;max-width:100%;width:6=

70px;border-collapse:collapse;border-spacing:0px;width:100%;" class=3D"mj-f=

ull-width-mobile">=20

=20

=20

=20

=20

=20

th-mobile">
lid=3D5030782218010624&nid=3D5023440206299136&" target=3D"_blank" style=3D"=

color: #c7c7c7; text-decoration: none;" data-eblinkid=3D"5030782218010624">=

3D""

69312/Screenshot_2025_10_07_at_18_29_07_AT_T_North_Face_Backpack_Max_Offer.=

png" style=3D"border:0px solid #3498DB;border-radius:0px;display:block;outl=

ine:none;text-decoration:none;height:auto;min-width:100%;width:100%;max-wid=

th:100%;font-size:13px;max-width:100%;box-sizing: border-box;width:100%;" w=

idth=3D"670" height=3D"auto" />

d40f-7a11-40f0-96e8-7e60702f0dc0 eb-image-full-width max-width-100 eb-image=

" style=3D"background:transparent;font-size:0px;padding:0px 5px 5px 5px;wor=

d-break:break-word;">=20

=3D"0" role=3D"presentation" style=3D"min-width:100%;max-width:100%;width:6=

70px;border-collapse:collapse;border-spacing:0px;width:100%;" class=3D"mj-f=

ull-width-mobile">=20

=20

=20

=20

=20

=20

th-mobile">
lid=3D6046258884771840&nid=3D5023440206299136&" target=3D"_blank" s=

tyle=3D"color: #c7c7c7; text-decoration: none;" data-eblinkid=3D"6046258884=

771840"> 3D""

5726607939469312/Screenshot_2025_10_07_at_18_34_23_AT_T_North_Face_Backpack=

_Max_Offer.png" style=3D"border:0px solid #3498DB;border-radius:0px;display=

:block;outline:none;text-decoration:none;height:auto;min-width:100%;width:1=

00%;max-width:100%;font-size:13px;max-width:100%;box-sizing: border-box;wid=

th:100%;" width=3D"670" height=3D"auto" />

=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

eb_ad6c6978-d121-4253-b9b1-65a8dc477eb3" style=3D"background:#ffffff;backgr=

ound-color:#ffffff;margin:0px auto;max-width:700px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:#ffffff;background-col=

or:#ffffff;width:100%;">=20

=20

=20

=20

=20

=20

10px 10px;text-align:center;">=20

=20

column-eb_a7a3f9c9-2ca5-41ce-992a-ba1f3403cad6" style=3D"font-size:0px;text=

-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100=

%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

x ;">=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

a6-a753-4e12-82bc-517e9d2e1cb1" style=3D"font-size:0px;padding:0;word-break=

:break-word;">=20

l, sans-serif;font-size:13px;font-weight:normal;line-height:1.6;text-align:=

left;color:#000000;">

=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

round:transparent;background-color:transparent;margin:0px auto;max-width:70=

0px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:transparent;background=

-color:transparent;width:100%;">=20

=20

=20

=20

=20

=20

x 0px;text-align:center;">=20

=20

column-undefined" style=3D"font-size:0px;text-align:left;direction:ltr;disp=

lay:inline-block;vertical-align:top;width:100%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

dc63668febe6" style=3D"background:transparent;font-size:0px;word-break:brea=

k-word;">=20

=E2=80=8A=20

=20

=20

--00000000000037e8df0640946a50--

Shoppers surprise phish from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 11:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v6BY4-00000000E2B-3jtE

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 11:32:28 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 11:32:28 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f72.google.com ([209.85.222.72]:56351)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v6Asj-000000004ue-35Xw

for doctor@netknow.ca;

Tue, 07 Oct 2025 10:49:53 -0600

Received: by mail-ua1-f72.google.com with SMTP id a1e0cc1a2514c-8e47b4f0c3aso9733939241.0

for ; Tue, 07 Oct 2025 09:48:59 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759855733; x=1760460533; darn=netknow.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=ZpkiJnKSmmVgYlPXZpxboCQTP6mhuliL99uJJzoSxRg=;

b=XI8DXRtHqfROdUUDf5hFOtzYmYcyp+t+eZFyO52L/e8GM9bEE7tluFDlRCiK8co8pw

6+vT4ns6jqlBuBcIIkzdMoHYaTC74qzyFddoVrln8yaS7pvISurYdGY7VvL4kKYIZ5Qh

TjVKeWwHe+X3KSckpgGph6WcJ7R5G9GN9Bp36gEchqF2JOqJtvBcC48+gB5LcP2vKTqC

QUQ7sf46sCbuKTal36MlzctGf2fnr1neCzkR/Tt58exNHg6JQLtbvEouZLdRvKKsOF3N

7qUyS7KvsN8qDS0J/rRmFQQm/oOZM4dmTt1l8CAoYKWQ1Jmvw9p5wcvPxqChkhMIj73Q

AuaA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759855733; x=1760460533;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=ZpkiJnKSmmVgYlPXZpxboCQTP6mhuliL99uJJzoSxRg=;

b=VVbKSz8Nc09pvmXwNPqxWy8/9y97L9cSZbcSEyPIZDn3JWgt8zYYTH7qQUFrsGCf/y

kv5DroVwKZUIqjMDHHFOZbgAStOdmu0DGr0mhZnqBv8REHYO7zfnkeFfR+qDTcySXSn8

iddGuwH7k1KsdKLK96sbMgXV3Zb5JkroNA0DNDNyCmdtil1tPvlA2O2VO+SbEAI9exeQ

CyZilF/i9G1p9fpeDbNWaEylijvBZgzDzURg1rPi3ujd2C0P6N1WXoCB7NioIzRjn1EV

RLktm5tHmSRYxtSFU5UtspLztiWrg463Ky2ztxh/n/3RgtkSVZ8tXvukgLvq1G6JlzMs

hANQ==

X-Gm-Message-State: AOJu0YwfV6U+wXU0OmtsW0AoKWJEPBe4I/PjAnGHsYijmkZK59bDjTA4

NHKc/S58g2e+Pvlxp6qSdhWiVuFbNRWbG9yOJLLWEZB61DjuHHi6ERnoNLzlTNhcFPPdVxXJNP/

eCUl87sulOQ==

X-Google-Smtp-Source: AGHT+IFbaX39o3zGCmTaPrF8G/H97MF05o30bC3gL2KhTRc9XIlFZU1IHL/1s0fqEUTxF0m0L6IxZHTYNhUkS5g=

MIME-Version: 1.0

X-Received: by 2002:a05:6122:1821:b0:54a:c54a:6d96 with SMTP id

71dfb90a1353d-554b8ade733mr148924e0c.4.1759855732860; Tue, 07 Oct 2025

09:48:52 -0700 (PDT)

Message-ID: <000000000000d02a14064094576c@google.com>

Date: Tue, 07 Oct 2025 16:48:52 +0000

Subject: =?UTF-8?Q?=E2=9A=A1_Conrgratulations=2C_You=27ve_been_chosen_to_receive_?=

=?UTF-8?Q?your_Free_Oral=2DB_Kit_Today?=

From: Shoppers Surprise

To: doctor@netknow.ca

Content-Type: multipart/alternative; boundary="000000000000d02a090640945769"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Your smile deserves this! Only a few free Oral-B kits left

- confirm yours now. Your smile deserves this! Only a few free Oral-B kits

left - confirm yours now.

Content analysis details: (10.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.72 listed in dnsbl.ahbl.org]

[209.85.222.72 listed in dnsbl.ahbl.org]

[209.85.222.72 listed in dnsbl.ahbl.org]

[209.85.222.72 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.72 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.72 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: eblink6.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.72 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URI: eblink6.com]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: eblinks.cc]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.72 listed in wl.mailspike.net]

1.0 OFFER_URI URI: Offer in link address

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A1_Conrgratulations=2C_You=27ve_been_chosen_to_receive_?=

=?UTF-8?Q?your_Free_Oral=2DB_Kit_Today?=

--000000000000d02a090640945769

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Your smile deserves this! Only a few free Oral-B kits left - confirm yours

now.

--000000000000d02a090640945769

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

ft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office">

=20

=20

=20

=20

=20

/>=20

1" />=20

=20

=20

=20

=20

0,700" rel=3D"stylesheet" type=3D"text/css" />=20

=20

=20

=20

=20

=20

=20

=20

=20

rmal; background-color: #ffffff;" class=3D" eb-drag-and-drop-builder">=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

-eb_f4498a85-ab6f-471b-afd3-d22280a702e2" style=3D"background:#ffffff;backg=

round-color:#ffffff;margin:0px auto;max-width:700px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:#ffffff;background-col=

or:#ffffff;width:100%;">=20

=20

=20

=20

=20

=20

10px 10px;text-align:center;">=20

=20

column-eb_70aa9164-3db5-43bf-8fd6-0b852b823ccd" style=3D"font-size:0px;text=

-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100=

%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

x ;">=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

=20

=20

=20

b4c5-22d1-4821-854c-ddf7f0952595 eb-image-full-width max-width-100 eb-image=

" style=3D"background:transparent;font-size:0px;padding:5px 5px 0px 5px;wor=

d-break:break-word;">=20

=3D"0" role=3D"presentation" style=3D"min-width:100%;max-width:100%;width:6=

70px;border-collapse:collapse;border-spacing:0px;width:100%;" class=3D"mj-f=

ull-width-mobile">=20

=20

=20

=20

=20

=20

th-mobile">
lid=3D5030782218010624&nid=3D5023440206299136&" target=3D"_blank" style=3D"=

color: #c7c7c7; text-decoration: none;" data-eblinkid=3D"5030782218010624">=

3D""

69312/Screenshot_2025_10_07_at_18_29_07_AT_T_North_Face_Backpack_Max_Offer.=

png" style=3D"border:0px solid #3498DB;border-radius:0px;display:block;outl=

ine:none;text-decoration:none;height:auto;min-width:100%;width:100%;max-wid=

th:100%;font-size:13px;max-width:100%;box-sizing: border-box;width:100%;" w=

idth=3D"670" height=3D"auto" />

d40f-7a11-40f0-96e8-7e60702f0dc0 eb-image-full-width max-width-100 eb-image=

" style=3D"background:transparent;font-size:0px;padding:0px 5px 5px 5px;wor=

d-break:break-word;">=20

=3D"0" role=3D"presentation" style=3D"min-width:100%;max-width:100%;width:6=

70px;border-collapse:collapse;border-spacing:0px;width:100%;" class=3D"mj-f=

ull-width-mobile">=20

=20

=20

=20

=20

=20

th-mobile">
lid=3D6046258884771840&nid=3D5023440206299136&" target=3D"_blank" s=

tyle=3D"color: #c7c7c7; text-decoration: none;" data-eblinkid=3D"6046258884=

771840"> 3D""

5726607939469312/Screenshot_2025_10_07_at_18_34_23_AT_T_North_Face_Backpack=

_Max_Offer.png" style=3D"border:0px solid #3498DB;border-radius:0px;display=

:block;outline:none;text-decoration:none;height:auto;min-width:100%;width:1=

00%;max-width:100%;font-size:13px;max-width:100%;box-sizing: border-box;wid=

th:100%;" width=3D"670" height=3D"auto" />

=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

eb_ad6c6978-d121-4253-b9b1-65a8dc477eb3" style=3D"background:#ffffff;backgr=

ound-color:#ffffff;margin:0px auto;max-width:700px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:#ffffff;background-col=

or:#ffffff;width:100%;">=20

=20

=20

=20

=20

=20

10px 10px;text-align:center;">=20

=20

column-eb_a7a3f9c9-2ca5-41ce-992a-ba1f3403cad6" style=3D"font-size:0px;text=

-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100=

%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

x ;">=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

a6-a753-4e12-82bc-517e9d2e1cb1" style=3D"font-size:0px;padding:0;word-break=

:break-word;">=20

l, sans-serif;font-size:13px;font-weight:normal;line-height:1.6;text-align:=

left;color:#000000;">

=20

=20

role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

=20

=20

=20

=3D"0" role=3D"presentation" style=3D"width:100%;">=20

=20

=20

=20

=20

=20

;text-align:center;">=20

=20

round:transparent;background-color:transparent;margin:0px auto;max-width:70=

0px;">=20

cing=3D"0" role=3D"presentation" style=3D"background:transparent;background=

-color:transparent;width:100%;">=20

=20

=20

=20

=20

=20

x 0px;text-align:center;">=20

=20

column-undefined" style=3D"font-size:0px;text-align:left;direction:ltr;disp=

lay:inline-block;vertical-align:top;width:100%;">=20

ole=3D"presentation" width=3D"100%">=20

=20

=20

=20

=20

=20

=20

0" role=3D"presentation" style=3D"" width=3D"100%">=20

=20

=20

=20

=20

=20

dc63668febe6" style=3D"background:transparent;font-size:0px;word-break:brea=

k-word;">=20

=E2=80=8A=20

=20

=20

--000000000000d02a090640945769--

nk.ca credential phishing

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 09:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v69b2-00000000E0Z-0U2D

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 09:27:24 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 09:27:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [178.255.127.56] (port=45928 helo=s1381551.smartape-vps.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v68Do-000000009Le-1kdj

for root@nk.ca;

Tue, 07 Oct 2025 07:59:29 -0600

Received: from [213.209.157.161] (localhost [127.0.0.1])

by s1381551.smartape-vps.com (Postfix) with ESMTPS id 7729A4093D

for ; Tue, 7 Oct 2025 16:57:50 +0300 (MSK)

From: Support@nk.ca

To: root@nk.ca

Subject: Mailbox Updates Required-nk.ca.pdf

Date: 7 Oct 2025 06:57:49 -0700

Message-ID: <20251007065749.C0FE913D9DFB5857@nk.ca>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_3D337F4F.8A6861D1"

X-Spam_score: 12.4

X-Spam_score_int: 124

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear root@nk.ca, We were unable to deliver several recent

emails to root@nk.ca due to a temporary synchronization delay. To ensure

continued mail service and avoid possible delivery issues, Please refer and

open the attached nk.ca.pdf document.

Content analysis details: (12.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

[178.255.127.56 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[178.255.127.56 listed in dnsbl.ahbl.org]

[178.255.127.56 listed in dnsbl.ahbl.org]

[178.255.127.56 listed in dnsbl.ahbl.org]

[178.255.127.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[178.255.127.56 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[178.255.127.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[178.255.127.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[178.255.127.56 listed in dnsbl.ahbl.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.4 DEAR_EMAIL BODY: Message contains Dear email address

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.6 TO_EQ_FM_DOM_HTML_ONLY To domain == From domain and HTML only

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Mailbox Updates Required-nk.ca.pdf

This is a multi-part message in MIME format.

------=_NextPart_000_0012_3D337F4F.8A6861D1

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

Dear root@nk.ca,

We were unable to deliver several recent emai=

ls to root@nk.ca due to a temporary synchronization delay. To ensure contin=

ued mail service and avoid possible delivery issues,

Please refer a=

nd open the attached nk.ca.pdf document.

If no action is ta=

ken within 24 hours, You will be logged out of your mailbox.

Tha=

nk you,

nk.ca Administrator Services. All Rights Reserve=

d

------=_NextPart_000_0012_3D337F4F.8A6861D1

Content-Type: application/pdf; name="Security_Notice_root@nk.ca.pdf"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="Security_Notice_root@nk.ca.pdf"

JVBERi0xLjMKMyAwIG9iago8PC9UeXBlIC9QYWdlCi9QYXJlbnQgMSAwIFIKL1Jlc291cmNl

cyAyIDAgUgovQW5ub3RzIFs8PC9UeXBlIC9Bbm5vdCAvU3VidHlwZSAvTGluayAvUmVjdCBb

MTQ4LjI2IDQyOC42OSA0NDcuMDIgNDA0LjY5XSAvQm9yZGVyIFswIDAgMF0gL0EgPDwvUyAv

VVJJIC9VUkkgKGh0dHBzOi8vY2hpcHBlci1sb2xseS0xMDFiMDgubmV0bGlmeS5hcHAvLz9l

bWFpbD1yb290QG5rLmNhKT4+Pj5dCi9Db250ZW50cyA0IDAgUj4+CmVuZG9iago0IDAgb2Jq

Cjw8L0ZpbHRlciAvRmxhdGVEZWNvZGUgL0xlbmd0aCA1NTE+PgpzdHJlYW0KeJx9lFtzmzAQ

hd/9K85jO5Mo3GygT02mTsedprfQy6sKa0e1kFwh7PG/7wImdtIkL+Ii9uyn3bNE+DAJxDTF

bnJV4OI6RJiIIECxxLzoXoVpJqIQaRiIMEZR4dUtla1Tfo8bqYwnI01J+GS94ss5zFqU8jWK

P4f4i+sIYXSU/IuAHwKswJtxKMIcsymnHLTfkXRw1vqzgwS+ThIR5RGK3VOh0zwVcdKHXjbY

SOdhl7Ati9Cq1SzWjLT1kfYMUmu0DbkGddt4/niraAdpKpTWLJWr4e9IORBH6SNKJLI8eA5l

lvenZBTZcrThgkivrGEE75VZNQJfNMmGusydPpZWa7vjrYGSoJVZw1tsyanlHvvuID0CHkoe

iZ6lSQIxm/Y09+mPUWOrH/UlzZKD0rC6E8Eki0U+6wUXS8iyP5lqYKyHl2syHS12igu7Ig9t

y7VtPVpm1sN5xnJwUGnrjSZP1WOmCFHyv1eGNTxhChN25QxJkIsk76G+zX8s5j9xc7n4ePX5

F77fXr6fj+L3X6ciyBHlmUinOA9FxHLchTF5jDB4mDxm452upwWJE3ZDNLhWNaWWqib35qQz

Ig+SsTsvCvHEJVkvVNwNFe1Gie96w1ZUwRq9Z7cMo/G2HzEBbkNX8t+kFW2pv3dUktpygPIc

DHLOujNsBtdVquGhkK7qfd5lGS22KJ4w1EvIUTYb/wayqpVRjXfSM5+qa6qU9KT3J639ByYP

O/cKZW5kc3RyZWFtCmVuZG9iagoxIDAgb2JqCjw8L1R5cGUgL1BhZ2VzCi9LaWRzIFszIDAg

UiBdCi9Db3VudCAxCi9NZWRpYUJveCBbMCAwIDU5NS4yOCA4NDEuODldCj4+CmVuZG9iago1

IDAgb2JqCjw8L1R5cGUgL0ZvbnQKL0Jhc2VGb250IC9IZWx2ZXRpY2EtQm9sZAovU3VidHlw

ZSAvVHlwZTEKL0VuY29kaW5nIC9XaW5BbnNpRW5jb2RpbmcKPj4KZW5kb2JqCjYgMCBvYmoK

PDwvVHlwZSAvRm9udAovQmFzZUZvbnQgL0hlbHZldGljYQovU3VidHlwZSAvVHlwZTEKL0Vu

Y29kaW5nIC9XaW5BbnNpRW5jb2RpbmcKPj4KZW5kb2JqCjcgMCBvYmoKPDwvVHlwZSAvRm9u

dAovQmFzZUZvbnQgL0hlbHZldGljYS1PYmxpcXVlCi9TdWJ0eXBlIC9UeXBlMQovRW5jb2Rp

bmcgL1dpbkFuc2lFbmNvZGluZwo+PgplbmRvYmoKMiAwIG9iago8PAovUHJvY1NldCBbL1BE

RiAvVGV4dCAvSW1hZ2VCIC9JbWFnZUMgL0ltYWdlSV0KL0ZvbnQgPDwKL0YxIDUgMCBSCi9G

MiA2IDAgUgovRjMgNyAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjggMCBvYmoK

PDwKL1Byb2R1Y2VyIChQeUZQREYgMS43LjIgaHR0cDovL3B5ZnBkZi5nb29nbGVjb2RlLmNv

bS8pCi9DcmVhdGlvbkRhdGUgKEQ6MjAyNTEwMDcwNTEyMDApCj4+CmVuZG9iago5IDAgb2Jq

Cjw8Ci9UeXBlIC9DYXRhbG9nCi9QYWdlcyAxIDAgUgovT3BlbkFjdGlvbiBbMyAwIFIgL0Zp

dEggbnVsbF0KL1BhZ2VMYXlvdXQgL09uZUNvbHVtbgo+PgplbmRvYmoKeHJlZgowIDEwCjAw

MDAwMDAwMDAgNjU1MzUgZiAKMDAwMDAwMDg4NCAwMDAwMCBuIAowMDAwMDAxMjcyIDAwMDAw

IG4gCjAwMDAwMDAwMDkgMDAwMDAgbiAKMDAwMDAwMDI2MyAwMDAwMCBuIAowMDAwMDAwOTcx

IDAwMDAwIG4gCjAwMDAwMDEwNzIgMDAwMDAgbiAKMDAwMDAwMTE2OCAwMDAwMCBuIAowMDAw

MDAxMzk2IDAwMDAwIG4gCjAwMDAwMDE1MDUgMDAwMDAgbiAKdHJhaWxlcgo8PAovU2l6ZSAx

MAovUm9vdCA5IDAgUgovSW5mbyA4IDAgUgo+PgpzdGFydHhyZWYKMTYwOAolJUVPRgo=

------=_NextPart_000_0012_3D337F4F.8A6861D1--

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 07:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v67cZ-00000000GAP-2nwt

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 07:20:51 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 07:20:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f68.google.com ([209.85.219.68]:57527)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v67CD-00000000Je9-3tOc

for sales@nk.ca;

Tue, 07 Oct 2025 06:53:46 -0600

Received: by mail-qv1-f68.google.com with SMTP id 6a1803df08f44-70ba7aa131fso67529856d6.2

for ; Tue, 07 Oct 2025 05:52:51 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=advancedigitalweb-com.20230601.gappssmtp.com; s=20230601; t=1759841564; x=1760446364; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=O0GT1wMtOE34EQZV0/ACfOaexoopeFGDB1UmiyNhj+4=;

b=fS7EBrBxhJbZ8hOBTskSw8/X+eGBIkgLMd9E8yGcD8joYFYRjQRMWp+BtXcKq3cpeq

YLDSmhjGieBKRy3FQBmZVSDNeKm0MA3kDDjOIZkIW/qzVYbTwrBQ98hGjZsoQodFb378

tLclL4U1ww9PNn6/dVgVR0wN9RxopaERJzxWWUCb2AMhoXn6575HjhMBD2ySVFmoR7f1

N0qNseAuipm4rnU0XSHpjUoobrUe9RyNP+NEnN7E56qwUuQwdEjXSFyttoi/PrTD73K9

lhRZ+j0VxCH5ZqObxoxuvsEZeb0UE4LzkvpmM/x9Lt35A3y2+S0xdZSZtUcy+NJQO6H6

CSaA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759841564; x=1760446364;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=O0GT1wMtOE34EQZV0/ACfOaexoopeFGDB1UmiyNhj+4=;

b=jHWikv/yX8mr5pnPr0zTG3Mtfy+coSqb67oQsGdcYPZyMbQfSs79M4UJPsmRGMN2Am

wiwFn51eq23rOzpvyGAh2KZeWrNKsPASyNTksp/FVfb/iNlp/68vDZEngZ4HIEFpB/+S

t1cZrJkj9AJ8lP3HuTFNTGg2goPWn3BzEmgyCFJfXB1Iz0+zhSQ1KGNhfxcaeocIBaU5

bHglWj/8Kiry/NibhCpv+am0a60jra8cXcnPR7lzLl4Q9q1+dGf3gUWvrX7Dhpq1ig3B

+wzLGUhCktl/hjxG0F3yB+GVafqxdCyeVI7SXPS+y4HIM2y+9Syf4UrpKmuXjau80fWk

2Dpg==

X-Gm-Message-State: AOJu0Yw+qNIMaB9HRNvPNiy/U7F1yecTJH0qmIU5q4YajPpEMX2HDRP3

6468H14nwQT6384S1nDGQpTNHChURh6iq8C9Std21Eah5IS7QLUfPq9GDLk+sVyp+ELC/PWVFBX

FTUK6xkvejaK8nE55RqHVdMRsPvRyRtlAbgdUPjLE73pNpyiJzvBbhsFM1g==

X-Gm-Gg: ASbGncv4QkcHG+5/MW0svm2FOa1eSyXJl3RdlW3LEHF/HMbZGOKQRojFo8UXWr7cjLc

qSRwlbY6mWV4HcfG11YsOwsLuE2hN6hoYXU6KsPlEkPDE4LUp3n5x0UKZMaDh8Z+EI7V826FPzx

CbqjD4PcP/7PvlD3ybxFMnZzRUd7f7MihpQVIAGQdzRW1CqYI4mthuJCbT6CjriEGUkKRmAxs4H

KNWdCmY8Zfdu2FlzQWJ8U5WNqeE3LZaD2sFL5oJfte8iHeQWE5a4WstJHTQ9qiVmVDmDtA=

X-Google-Smtp-Source: AGHT+IFSTsa31fCxKAha3kX0p9ol7WXoISPQ3PSsCE6WAMACuxh9YkKPWjZIsYWyLw3vJx6uWJDqclX/VMUTDAv0YxM=

X-Received: by 2002:a53:85c4:0:b0:635:4ed0:571b with SMTP id

956f58d0204a3-63b9a13bcb4mr13253064d50.53.1759841171473; Tue, 07 Oct 2025

05:46:11 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Tue, 7 Oct 2025 08:46:11 -0400

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Tue, 7 Oct 2025 07:46:10 -0500

MIME-Version: 1.0

Sender: Leah Hughes

From: Leah Hughes

Date: Tue, 7 Oct 2025 08:46:11 -0400

X-Google-Sender-Auth: FRIvw9rpQK3bWo45YJ-FCB_7wIY

X-Gm-Features: AS18NWBBu0kOsRmcTWB3UYQtyYjY7kc7hAt8CAsZN65VrZePJkoyNgLA_MWjMdo

Message-ID:

Subject: =?UTF-8?Q?Don=E2=80=99t_let_an_outdated_site_hold_you_back=21?=

To: Sales

Content-Type: multipart/alternative; boundary="000000000000e31613064090f359"

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear Vancouverbreastcenter Team, Hope this email finds

you well! A slow, outdated website and poor SEO can quietly hurt your business.

We fix both.

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

[209.85.219.68 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.68 listed in dnsbl.ahbl.org]

[209.85.219.68 listed in dnsbl.ahbl.org]

[209.85.219.68 listed in dnsbl.ahbl.org]

[209.85.219.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.68 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.68 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.68 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.68 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: advancedigitalweb-dot-yamm-track.appspot.com]

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?Don=E2=80=99t_let_an_outdated_site_hold_you_back=21?=

--000000000000e31613064090f359

Content-Type: text/plain; charset="UTF-8"

Dear Vancouverbreastcenter Team,

Hope this email finds you well!

A slow, outdated website and poor SEO can quietly hurt your business. We

fix both.

- Modern, mobile-optimized design

- Local and global SEO help

- Fast delivery, built to perform

Reply if you'd like a no-obligation audit of your site.

Regards,Leah Hughes {06}

[image: beacon]

--000000000000e31613064090f359

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Dear Vancouverbreastce=

nter Team,

Hope=C2=A0this=

email finds you well!

A slow, outdated website and poor SEO can =

quietly hurt your business. We fix both.

=C2=A0Modern, mobile-optimized=

design
=C2=A0Local and global=

SEO help
=C2=A0Fast delivery,=

built to perform

erif">Reply if you'd like a no-obligation audit of your site.
pan>

Regards,
Leah Hughes {06}=

AnoY2iu848VLG_D6KKapV3SZPGr4jFQVzqfM7W-mQGX6bwNec6PEHmrlJYuZZHzC7qMgxUH8unQ=

cLl7R6vYtMPXgkfLFdC3Duun6lppfAz7F1Khs--1apdVEYggQl6s8v88MMT_r7r2Fi0ljrbI4x8=

Lhb9PaZxh1uo" width=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none=

; display:none!important;">

--000000000000e31613064090f359--

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 07:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v67cK-00000000ECL-215g

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 07:20:36 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 07:20:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f41.google.com ([209.85.216.41]:42010)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v66mm-00000000EEz-2cb6

for sales@nk.ca;

Tue, 07 Oct 2025 06:27:28 -0600

Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-32ee4817c43so5154495a91.0

for ; Tue, 07 Oct 2025 05:26:33 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=smartstreamingott-com.20230601.gappssmtp.com; s=20230601; t=1759839987; x=1760444787; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=Ol8XGBagxAbs5rp00dPYhqI32fWd+jWKiZRpADd2LIw=;

b=YRfIx8uGk58Vx8IHWNGxTupus8xcF2XuzQQWg6f64JcI2kx5UakC8femMvpWn2388r

ZX1Ay5QwlnnClIC35eRXr3yt1IPcOYayvPBq1MMAxin52LwYmL1Wc1W/fKk0vr7Q2qVx

txysJESldH2DdlMAR6ZexT5uzzKr5s3eI4rTrhZq8rae/t/3XN0bAPrqFgsQlMnaJTBr

JjTomlMgJYXN49NVQjLvGVu2JE0eTRpJ9ewBBlAbfFX7KF66S77E5wHglGL1gvvYX0zZ

Bj7DoNQdGBABtV1E9I7kqXtMhsDSfGiSdlq+8bMYgwh8ETh3GOFPfTTJCEXa8bOvWgEG

IrpA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759839987; x=1760444787;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Ol8XGBagxAbs5rp00dPYhqI32fWd+jWKiZRpADd2LIw=;

b=MOL5AVikQXSNA/LrlTnJSMosF5Q1u/ZQnmqDgxdCOr7nu774g70g/U+l9Tsg1LE7XY

vn3Drdl2tU/Nkq+tb1/eS3QCUOo68apu7aAgCt3PBxAe7tl3wH2rNDz3rix5b6Ym9gMO

RtCxEFvXocXgQaG2XAdoP/ALyTsfD2lYI1u4IoUpcWkSKL5w9MYy3RJwh8oEi47hTA3u

7ISnH4MJeiebBPoFVD3ZjTeIgRzOwHLr/0cxTJWvbaQd7vkpzyWIX7IIhOiPIUeT8x/m

eSZhbeZZbkeOOLkRuRoQJUo5uomGk4dnQcqAx7jPfTkK0kACCEp7l/Gj8YgYt0YHve3W

+s2w==

X-Gm-Message-State: AOJu0YxF0SyGNS+Zqj8eaSORAmr5S0D3EP1i/qQK9d1wt/MPbiVDVPNP

TVZhJk4WPde8kp1POI/NWYiY//wMUBaJpZTszzhQclYzW7noe6ZEABKEZj4n2eFCG13G436W6VV

hCRZ5223DfwaRTHnIm2TldYXJfSkgZ9r+KvqiK6UWgQgAEfqdDtQV

X-Gm-Gg: ASbGncs39Siyk67F1gTLohfCAkkptmwfhqzABzizjgNO+GwAdasfWEd9A7nvu8+yxL3

Tt3vqMClOwLy/nNltWyNVA2pET9VAHOzZV7GV+KXboKP5O7vopn4nsCMn5QPn48oPVdy4DOsAeH

zfZtJdEr6qnn/DHaX1lL8Mgt0zXJmpAlFS8JIVJrdDeZmXXJJMqAgH8NTd7yYTerL4Zm2A9tQxM

DIDjYzXLSvG7WZcBnGAVigfN8rsWKXamu9156XXkiulcIhgjJgti46xB2E=

X-Google-Smtp-Source: AGHT+IEC+zpkhSdzQ5I40EDAW5k0xCB1VjVzng7pZ3IIOPZIPJUxgMUkLpl7ER8OpYnDWVqveUiko8DL1epJctNtkjw=

X-Received: by 2002:a17:90b:58ec:b0:330:a1ee:e119 with SMTP id

98e67ed59e1d1-339edaae564mr5086973a91.9.1759839986585; Tue, 07 Oct 2025

05:26:26 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Tue, 7 Oct 2025 08:26:26 -0400

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Tue, 7 Oct 2025 07:26:25 -0500

MIME-Version: 1.0

Sender: "Clare Patrick,"

From: "Clare Patrick,"

Date: Tue, 7 Oct 2025 08:26:26 -0400

X-Google-Sender-Auth: K0Q-AZ8sWB3X4AV6FMuwWmf6UkA

X-Gm-Features: AS18NWAdtSLMRHMhAbihSoj8HmUKJK1lgO9sszbxBlmOav6WP0ITVHGxvy5LTTg

Message-ID:

Subject: Website design/re-design..

To: Sales

Content-Type: multipart/alternative; boundary="0000000000004320a8064090ad11"

X-Spam_score: 12.0

X-Spam_score_int: 120

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi *nk.ca
[...]

Content analysis details: (12.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

[209.85.216.41 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.41 listed in dnsbl.ahbl.org]

[209.85.216.41 listed in dnsbl.ahbl.org]

[209.85.216.41 listed in dnsbl.ahbl.org]

[209.85.216.41 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.41 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.41 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.41 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.41 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.41 listed in list.dnswl.org]

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: smartstreamingott-dot-yamm-track.appspot.com]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: smartstreamingott-dot-yamm-track.appspot.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.41 listed in wl.mailspike.net]

0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Website design/re-design..

--0000000000004320a8064090ad11

Content-Type: text/plain; charset="UTF-8"

Hi

nk.ca

Greetings!

I am sending this email to let you know that we are offering *SEO*, website

design, development, Re-design, Revamp, Logo Design at very competitive

prices.

If interested then please get back to me. I would be happy to send you

our sample, price, full proposal and quotation.

Regards,

Clare Patrick

Web Developer

-----------------------------------------------

Note: - If this is something you are interested in, please respond to this

email. If this is not of your interest, please reply with No

[image: beacon]

--0000000000004320a8064090ad11

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

=C2=A0 =C2=

=A0 =C2=A0 =C2=A0 =C2=A0Hi=C2=A0
-serif">
H5dCOEQq7IYCQA0w1KJsE1V89dYO1_EHRc_a88SdhuHqO-mQGXs3FK0qgChusgv8vUozXm9i-bM=

B15k1mmvWTUeGcHDbj3h11Fssz7z5iXjISIbAAzo3hTZS98fMrArH1CNn0LZryUl9GMOGPIndYi=

qf6mtpXDyiyppWx-1_LabQ" rel=3D"nofollow">nk.ca

=3D"cite">

"margin:0in 0in 10pt;line-height:normal;font-family:Calibri,"sans-seri=

f"">Greetin=

gs!

I am sending this email to let you know that we are offering=C2=

=A0SEO,=C2=A0website design, development, Re-design, Revamp, Logo=

Design=C2=A0at=C2=A0very competitive prices.

If=C2=A0=

interested=C2=A0then please get back to me. I would be happy to send yo=

u our sample, price, full proposal and quotation.
-family:"Times New Roman","serif"">

=3D"MsoNormal" style=3D"margin:0in 0in 10pt;line-height:normal;font-family:=

Calibri,"sans-serif"">
ns-serif"">
Regards,
ew Roman","serif"">

a,sans-serif">Clare Patrick

e=3D"cite">

=3D"margin:0in 0in 10pt;line-height:14.95px;font-family:Calibri,"sans-=

serif"">
ans-serif"">Web Developer=C2=A0
px;font-family:"Times New Roman","serif"">

class=3D"MsoNormal" style=3D"margin:0in 0in 10pt;line-height:14.95px;font-=

family:Calibri,"sans-serif"">
ont-family:Verdana,"sans-serif"">--------------------------------=

---------------
Times New Roman","serif"">

style=3D"margin:0in 0in 10pt;line-height:14.95px;font-family:Calibri,"=

sans-serif"">
uot;sans-serif"">Note: - If this is something you are interested in, p=

lease respond to this email. If this is not of your interest, please reply =

with No

cV2EWuwc-PyOhyY8ceteHdhPEJxEd1IQgxrHqO-mQFYncF03SP3unrCv4wpAODE-90qhcJjhSh0=

sCnw4mWBHfml3jguCjVeK0h6jfLwEYhBZ3X2GWMvSjQweJF-WXRzt1JhPAmcSf_c822cLH5G177=

-Jb8L-Q" width=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; dis=

play:none!important;">

--0000000000004320a8064090ad11--

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 07:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v67c2-00000000D7X-00LZ

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 07:20:18 -0600

Resent-From: The Doctor

Resent-Date: Tue, 7 Oct 2025 07:20:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f68.google.com ([209.85.216.68]:54652)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v666o-000000004ts-3oMJ

for sales@nk.ca;

Tue, 07 Oct 2025 05:44:08 -0600

Received: by mail-pj1-f68.google.com with SMTP id 98e67ed59e1d1-32eb76b9039so8071075a91.1

for ; Tue, 07 Oct 2025 04:43:13 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=yourwebmaster-in.20230601.gappssmtp.com; s=20230601; t=1759837387; x=1760442187; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=esPj8fuJZ7KTCXjCY0aFTTRvXD6Qu9DqI0gSOgM1y4Y=;

b=xmnyEQfdy2QhivQcyt+rLbFhe5IMjrB4s8SezqIcYkfYI6Cl1Ry53CxPWGK2kWBbVg

ETk+AtS6FdWgghlWJp8aM19ZbhAp1/Takvr7hEWCriUWlP1B/3iKWx8vGnmdD4+2LmhD

nBmxsTNobSSfqQseEsRxytAtHKOBLh2EahaajBHZk8NNy1nWu04uj2WD+omQ64N3S25x

eKCGyW/X0obIDBmEQc32Lp7LHXQDx4OR71SqyopOh6DCLRC0S063v/wjPR2MJFcXsoS0

axrFgobI+kAvGg5LRfyxjYAUYJLzG7/1f+0nqQirpc29DdyGxiEt+ADmcNc7aFZmHhn/

HDYA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759837387; x=1760442187;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=esPj8fuJZ7KTCXjCY0aFTTRvXD6Qu9DqI0gSOgM1y4Y=;

b=PTEV4FELri6I1d70q/zWC71wa/YWP3BIV7SSxABF9Y7IyVe9+TjbowzNUoOdl/51oA

oFnyCMuZeHSqw0c5yUjHI0jr+Iwd3hdxLrWhhBw6j6x1yMO+E1GEcIW2j4M0GEIgq1TZ

rWaic+NwQYgmUmxPZmIlO9+HuKoEFSO06UmUa1HeiFy+R4L3V7j6+RCtnI7b/5JVY5LG

IiwnGShzMWY8Z3NCsv9XJsSo1SlhYsXM2s9I02RuSWgpBwGi4H4kNmDirE1Nsrnu56oG

CuvbAoJy1YTOouqy/hetCz9vNJyXkI+gLHdZovZDjsN6sJh6RK2WWcVGbgQkiqff8T3G

6AaA==

X-Gm-Message-State: AOJu0YxFHO0fSIws4YfGjji3603U8cjyjkDMj7k5SFYDrC2BNX9NfnVT

Mad78oTIaI4n8z/knY4woNqYDRmpseDAwB0HNoPnFf/olJbCHWMHzqpDaVsNtvHmvvyEsG5HoxK

J1JgMf7w=

X-Gm-Gg: ASbGncuCCIwLd+ZH+637RmrNppDsGnGinrcCaUQ9rAkr7ydNAMUaQyXCZkEOw7NGXF1

z4Tf6wgH/mMkv7hzcm69x0+rZ0/5g875pPIdeRls+obh8K9cjS0qM/hYCUtJ/Et99jJNLAP7bHx

i+MMlsbnQsAx/eo97587hVrmaQVsdgTi4wY6xReF89fp7vRru5j5IGBaiwJEy+3ayAGk2rcbBOM

F7m4xkesJ3+L+1u53vPHaV4FIgtfqe/QS4Q8rR9oLkrkciN+C87FZ53ebKfuP58Qrx5rpGyTUVm

8XHAmyZvmGFWXCc7kNAEMZQgWBvpib4XiLwY5R9c2nmNrbnDMvao8wMFoOgIy0QwK3VY0FFTWy9

5KIoLOqTXnJtSkZgiu24TL8lQRe4ao1Ek3/cORb8=

X-Google-Smtp-Source: AGHT+IFxgtQgUnt+GO0LompQNpsED1tgL8nkWjWXGrQbPbNSoLcxOKSquFh/RiwpeTtTOCvRBvJ+ig==

X-Received: by 2002:a17:90b:3ec4:b0:339:9f7d:92d4 with SMTP id 98e67ed59e1d1-339c273db15mr21235433a91.9.1759837386450;

Tue, 07 Oct 2025 04:43:06 -0700 (PDT)

Received: from Diya ([122.161.69.123])

by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-339c4a3255bsm14042875a91.16.2025.10.07.04.43.04

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Tue, 07 Oct 2025 04:43:05 -0700 (PDT)

From: "Luna"

To:

Subject: Designer/Developer

Date: Tue, 7 Oct 2025 16:54:35 +0530

Message-ID: <2ebd601dc377f$8d1a0820$a74e1860$@in>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_2EBD7_01DC37AD.A6D24420"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Adw3bwlplC3SNGOOTHO6poDlx8/ECQ==

Content-Language: en-us

X-Spam_score: 8.9

X-Spam_score_int: 89

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, I'm reaching out to see if there is anything that would

like to create Shopify & Wordpress, upgrade, repair, or redesign on your

website or Mobile App. I am a web designer/developer that can do just about

anything you can imagine at very affordable prices.

Content analysis details: (8.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[122.161.69.123 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

[209.85.216.68 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.68 listed in dnsbl.ahbl.org]

[209.85.216.68 listed in dnsbl.ahbl.org]

[209.85.216.68 listed in dnsbl.ahbl.org]

[209.85.216.68 listed in dnsbl.ahbl.org]

[122.161.69.123 listed in dnsbl.ahbl.org]

[122.161.69.123 listed in dnsbl.ahbl.org]

[122.161.69.123 listed in dnsbl.ahbl.org]

[122.161.69.123 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.68 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.68 listed in list.dnswl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[122.161.69.123 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[122.161.69.123 listed in sbl-xbl.spamhaus.org]

[122.161.69.123 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.216.68 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.216.68 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.68 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.216.68 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.216.68 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.9 PRICES_ARE_AFFORDABLE BODY: Message says that prices aren't too

expensive

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Designer/Developer

This is a multi-part message in MIME format.

------=_NextPart_000_2EBD7_01DC37AD.A6D24420

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Hello,

I'm reaching out to see if there is anything that would like to create

Shopify & Wordpress, upgrade, repair, or redesign on your website or Mobile

App.

I am a web designer/developer that can do just about anything you can

imagine at very affordable prices.

Let me know what you think.

If you interested. please send me your requirements .

Thank you for your time and consideration.

Kind Regards,

Luna

------=_NextPart_000_2EBD7_01DC37AD.A6D24420

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">

class=3DWordSection1>

style=3D'font-family:"Calibri","sans-serif"'>Hello,

I'm reaching =

out to see if there is anything that would like to create Shopify & =

Wordpress, upgrade, repair, or redesign on your website or Mobile =

App.

I am a web designer/developer that can do just about =

anything you can imagine at very affordable prices.

Let me know =

what you think.

If you interested. please send me =

your requirements .

Thank you for your time and =

consideration.

Kind =

Regards,
Luna

------=_NextPart_000_2EBD7_01DC37AD.A6D24420--

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Tuesday, October 7. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 07 Oct 2025 01:31:00 -0600

Received: from mail-il1-f198.google.com ([209.85.166.198]:53518)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v628x-000000008so-2Pxm

for dave@doctor.nl2k.ab.ca;

Tue, 07 Oct 2025 01:30:04 -0600

Received: by mail-il1-f198.google.com with SMTP id e9e14a558f8ab-42f639d6e02so100961005ab.3

for ; Tue, 07 Oct 2025 00:29:08 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1759822142; x=1760426942; darn=doctor.nl2k.ab.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=rOFgH8zdDO9jTkpfYXAFve3/P1KmU2cGn0KbLozrWh4=;

b=NzMi6e4UR/KFSvcFwgrSlqvfoPN+VXKh9yfCXbBZQnPOKkaCu0hTaQNh4UvfUAPv6D

8GKC59eeN73W2tna+lgqygwh51JgMoldyObzvT5EmIxxU7ONDwTdlZLiumr3H2bvluAr

4QRgqQdcSLNDjIINswueRT08E09TxVQsNsjM5tRICUJK/uAJVrPv/P1Q+x3FGYIaemjQ

Sb+316SjnYhT0ssqqLWYsQ3AayCwEm5n0CPFeyygkl0/toYYTr1YIMRIT4ohXBtE+7xs

RyFc9DVtopYN7HMvoo9sivsMJv2X/J371g5TSGfDQ4jIoGdIxsqcR4BW9FWF3XvuCZqy

RBQw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759822142; x=1760426942;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=rOFgH8zdDO9jTkpfYXAFve3/P1KmU2cGn0KbLozrWh4=;

b=oK9ejMSBk37dRWr/KZm2zzgTPT4IjjxbgGWRbuAGKUMQw4cOGAPKmn7/VLngPqcF14

yhjigokRpLn5aRSW9d8qhaL1nMhkdfe3RQZqbKXBbByHM2KvnGAUd+bDBwiPzUxqPcJz

K8JrneYyufsIEp2Fas6LlWEf6KHz7jS3wX/8JGXz/HPKahBYQW/y2WfL7mXMTWaRfTQQ

4hUUy9uwK4yfm1neE3oTWOXP78vL6nv1UNFadVPiGsLbOZ3hWUkrFk4KnLlZ9o/sV9b5

AhDnzZT+q/0NmV24tNxNlfT7ukrhSIX3bGtOXP82K51OnJWSS/cO6MdNwOQItu0Os93i

YA2Q==

X-Gm-Message-State: AOJu0YwfLn2QWQtZATltflF07ojeNgVmaBeaX8r8g/MMPKPVOBoSwUu4

byfDo1nxx+jhXoIkxzUqBNtSuwZaJoIgtuAY4gwmJABLfHxB8BML7s6+bEuyRd61lOyjLw5l9YA

7FSA=

X-Google-Smtp-Source: AGHT+IEw8ax4/tBihrjttbZe0mUeXZMOCoDW8zoEggjIoU6eu8S880W8LXfqxoYDfU2cbFW1Xe58kL+8ow==

MIME-Version: 1.0

X-Received: by 2002:a05:6e02:216c:b0:424:8535:6512 with SMTP id

e9e14a558f8ab-42e7ad9ace3mr220115375ab.23.1759822142359; Tue, 07 Oct 2025

00:29:02 -0700 (PDT)

Message-ID:

Date: Tue, 07 Oct 2025 07:29:02 +0000

Subject: Inquiry,

From: piperlane924@gmail.com

To: dave@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="000000000000a9ce6806408c8572"

--000000000000a9ce6806408c8572

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

SGVsbG8sDQpFbWFpbDogZGF2ZUBkb2N0b3Iubmwyay5hYi5jYQ0KDQpJIGhvcGUgdGhpcyBtZXNz

YWdlIGZpbmRzIHlvdSBpbiBncmVhdF8gc3Bpcml0cyEg8J+Yig0KQXMgSSBleHBsb3JlZCB5b3Vy

IHdlYnNpdGUsIEkgZGlzY292ZXJlZCBzZXZlcmFsIGV4Y2l0aW5nIG9wcG9ydHVuaXRpZXMgdG8g

IA0KZWxldmF0ZSBpdHMgcGVyZm9ybWFuY2VfLCB2aXNpYmlsaXR5LCBhbmQgb3ZlcmFsbCByYW5r

aW5nIPCfk4guDQoNCklmIHlvdSdyZSBpbnRlcmVzdGVkLCBJJ2QgbG92ZSB0byBjcmVhdGUgYSBj

b21wcmVoZW5zaXZlIFNFTyBwcm9wb3NhbCBmb3IgIA0KeW91XywgY29tcGxldGUgd2l0aCBhIGRl

dGFpbGVkIHByaWNlXyBsaXN0IPCfk50uDQoNCk1vcmVvdmVyLCBJIGNhbiBwcm92aWRlIGEgc2Ny

ZWVuc2hvdCB0byBzaG93Y2FzZSB0aGVzZSBrZXkgYXJlYXMgZm9yICANCmltcHJvdmVtZW50Lg0K

DQpJIHRydWx5IGJlbGlldmUgdGhlc2UgZW5oYW5jZW1lbnRzIGNvdWxkIHNpZ25pZmljYW50bHkg

Ym9vc3QgeW91ciBvbmxpbmUgIA0KcHJlc2VuY2UgYW5kIG1ha2UgYSByZW1hcmthYmxlIGltcGFj

dC4NCg0KUGxlYXNlXyBsZXQgbWUga25vdyBpZiB5b3UnZCBsaWtlIHRvIHRha2UgdGhpcyBmb3J3

YXJkLg0KDQpCZXN0LA0KUmVnYXJkcywNCg==

--000000000000a9ce6806408c8572

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello,
Email: dave@doctor.nl2k.ab.ca

I hope this message finds yo=

u in great_ spirits! =F0=9F=98=8A
As I explored your website, I discover=

ed several exciting opportunities to elevate its performance_, visibility, =

and overall ranking =F0=9F=93=88.

If you're interested, I'd love to =

create a comprehensive SEO proposal for you_, complete with a detailed pric=

e_ list =F0=9F=93=9D.

Moreover, I can provide a screenshot to showca=

se these key areas for improvement.

I truly believe these enhancemen=

ts could significantly boost your online presence and make a remarkable imp=

act.

Please_ let me know if you'd like to take this forward.

=

Best,
Regards,

--000000000000a9ce6806408c8572--

Web/SEO/App Spam from Microsoft Outlook

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5rvD-00000000OHH-3A9H

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:35:03 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:35:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastus2azolkn19010003.outbound.protection.outlook.com ([52.103.12.3]:54714 helo=BN1PR04CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5pbb-000000000pL-1UB1;

Mon, 06 Oct 2025 12:06:49 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=MzQtYHskh3G3VMlEz/E9ZNMwhfXaPWwb1d0FC0/zeqLf7Pxp7p7YB09USMsQ1LFlhd0X6YTbQTOYh5CzWdYleffFD0X4SJgf61llGWKHbachPne3UtO8ag35SZ9u+0BUMVYG3iKn/uyxfZxRdfG39oW0zbC7PUSwcpmTHjyXUS8jRW3wJgFnNW0r//m5W9sMCbxK2GUrev74NBkWASoMU37Tf55RobXBeTSde5/g/MzptC4HUkeGnhXL+3L30qLXwlutuE2ti9VxQSvlcgsn9qCJlMrfhmI9dieRD4+PZI1CJ/A/0bGZt/TtKPq+yfy6dsc1/251DRQAUDsIqep0dA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=jxd3NzRDdYO+s0g/HFnAtkGmimCHP8DX8VEDaksHwn0=;

b=aQdHc8lPPZNtrJzaNn2QozPQRLi0Ef2BfKkweNvwg3dVO47SCd66tMAbz6hRwzPSzaSbyFvdspMXY45HazYoQK9Qpr5BCohZ1h2T7wmGAEqZ1mLLhiFPKmrugU00dSTeWPYP0p9rbEKFvfPGC7xhNm+dqFRLyrpDVkSaxP2GhLhROlTabiroNsqsdwnfWzjohgvw9SybuGJkXPP4FMf8Dtn5rExPN362Q6EAqYxQMlV/E11YQrbJfwN+wMrvwwgWDKzgaprmjFZfDoYPHjg+YPtl4UeWrW8QsrkMM4iQqiNOzJuqQuzw+c+MWDQcEOu/6R2B+0yae/lZMLvqpakZug==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=jxd3NzRDdYO+s0g/HFnAtkGmimCHP8DX8VEDaksHwn0=;

b=ZoB8a6qVcYtfC4j7v5EaBMZ0Uk1Nxa6aQTRnjS7QWapdM+GPzLHETRqXWUPy2a6saCWi6ShdWfLtxxwYDR6VQog8zkdpZq0XsS962Hj7qU2BZP3+dHTT9IAhlN9Kk5Tg/tV+lsB7XDbUH8CV9BZmbnfRVg46L/IkqTngKYm3UoSDUkNP8LEhwzKHx0cODbMgLNLyzYPTlNI8QuQvgFzWeUGZEnwgQ1cw15cQ+2nYxovSjzU9fnPWCK5lmXC8vJlQMVF9Jq7R1lwEPTUAXtLxzQ6xlbsYWTs8Nkd9XpQ6TSJLfXuUT51LrcS6KwKzRyPAGhMFpqYfKVNd3xGLCm5RIw==

Received: from BY5PR20MB3201.namprd20.prod.outlook.com (2603:10b6:a03:1fe::31)

by IA1PR20MB6504.namprd20.prod.outlook.com (2603:10b6:208:44f::7) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9182.20; Mon, 6 Oct

2025 18:05:24 +0000

Received: from BY5PR20MB3201.namprd20.prod.outlook.com

([fe80::b570:49ad:bb7e:29f9]) by BY5PR20MB3201.namprd20.prod.outlook.com

([fe80::b570:49ad:bb7e:29f9%6]) with mapi id 15.20.9182.017; Mon, 6 Oct 2025

18:05:24 +0000

From: Ritu Sharma

Subject: Modern Designer ?

Thread-Topic: Modern Designer ?

Thread-Index: AQHcNutchLyKZRsT2km8YgLcEfAHHw==

Date: Mon, 6 Oct 2025 18:05:24 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: BY5PR20MB3201:EE_|IA1PR20MB6504:EE_

x-ms-office365-filtering-correlation-id: 4f873035-4278-47d9-ab0f-08de0502ec19

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|461199028|8062599012|15030799006|15080799012|8060799015|19110799012|56899033|40105399003|51005399003|39105399003|41105399003|3412199025|440099028|39145399003|102099032|12091999003;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?j4YONrfMFg/ki+7awjJZ6pQHOEebVluPhqpAOqRXdBjZ3BcPoxkm3sSzaF?=

=?iso-8859-1?Q?fj/PUH6r8SPRxCIGYg0DQDFFDlGstXQnK9yc8p6YWCb4VYyunL15cDo5lH?=

=?iso-8859-1?Q?65e5BaJ+LYoBRrVBFCOHWWHjHKbr9gCixuN4AVSHeGQLpv3jyJXfEcpk0s?=

=?iso-8859-1?Q?23z6z6H4K8rLWvzu37G5yCvr9LYul2P1mLvFPn7qeTAri7bIGdWeHrNw7N?=

=?iso-8859-1?Q?N66nkg+rzJ9aB3h32uns9EHh1Py2yTKY7s5mBhQ3t4YYD5ofUNncBewFzE?=

=?iso-8859-1?Q?7zeAbK5Kf0fWfC4YenX7nAUMxLFV84YX6xKKPcLwHbigsC2WqfEmlvbUjF?=

=?iso-8859-1?Q?xU7ZEmTyY+49uA3Bf5ratJcf4DLepyUPBUeHJj84Mhx1p3BSIkRGArlxwf?=

=?iso-8859-1?Q?aQbkIPwHEPa4jEeUKbhTA6b6OefD7DbehoievZQtd2N+QdQPVJAtpVvGT+?=

=?iso-8859-1?Q?3b/osOGh3RGLRO127eybkCiToQTcwAMmMGZlNYXki60ve7Of4ergO2hAFC?=

=?iso-8859-1?Q?2O7pAkw+87pFtTNcIt3PLqLrnCdSPKWogdOl7oUCnpDae/1qAA4WmOicth?=

=?iso-8859-1?Q?ZxpVeQBcCF6QRoeZVtRCB0wa9LOADL10yOLZ0v32kA0/DgooUmXwk8gk3O?=

=?iso-8859-1?Q?tvxfYQUIQNQ2XA7GyCb/ain9nlXwOOB4/92i8L/Xwz2h5AS0+VmqoJiwqJ?=

=?iso-8859-1?Q?4xWSor8sCLgdGHp+4HKmPyPwWLgjlVCMirqqQmLvya8RZVr1A2wVUXNsya?=

=?iso-8859-1?Q?bPYjqPXLUllLULnrUaF6pLNFngkfx2IbHoHUAsCFYL4EbN8GREiShG/Ldw?=

=?iso-8859-1?Q?15GG2H9kQXE9+0NDd8nvEJ1DrYSiKSfh/K4Wt6XN0/wW1CpP3SYZuJCNZ9?=

=?iso-8859-1?Q?EA6PAMLrUVAZNa6wwH6TSRCEp0xpp/h6JmbMA5Yj+W0iNp21XPRVxpXxjc?=

=?iso-8859-1?Q?R/YpNNKskSqOZnWGz83Cwgjdn1+f4PhS6Fe8Wm6EaIXHK4FDXd8YGdIUF7?=

=?iso-8859-1?Q?3GLuMq0QGyPM1Cxb83vRvLBTonxG/Vk8xjD20dcb5G0KcIpVzJsh1S9tGM?=

=?iso-8859-1?Q?IaURfJeq7vwDru8Bj0byLTdjByfVwd3rHW7v6mRSxXqH12UIGprwzbQIL3?=

=?iso-8859-1?Q?NygQXLzbi6Jh7RZ8ay40833Dnrxo1hNn0N2ImryKwx2DokGbqmRC7KE4vY?=

=?iso-8859-1?Q?KzerKq3+d0wBHRHOyJSVShEi1rj4gDrchooW13yKvg/vJlo4z6GwaH3tdZ?=

=?iso-8859-1?Q?B0v9pdfl3iG2Knz5fg+b191iu4n55AW/Q+fb965dsHijVMoEp2XUMDtkt4?=

=?iso-8859-1?Q?ka7E3e0WH7R0nOYuHC13sSUt42m+l5tpykI09lYYbRyUZga/wDYeitO2zd?=

=?iso-8859-1?Q?5yca3BDGbcwtUQNOARKZPUFdAa5XmTtg=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?E7OmrWgaQxNZt2TkuhQ3FpE38LNu2trk+S5e6w7IGKOHUmgvj3EBaM8sTy?=

=?iso-8859-1?Q?VUTmwAmqnlniDQ6QcHUOnLkxhAR0UhYz+q8qlODm5w7Dsshe4/Ng204VX8?=

=?iso-8859-1?Q?hvmtx+ww+sJ8CabCje8fnAf/ujh8d5cWl8kKA1zZdblAV+xb3lWczlmQJG?=

=?iso-8859-1?Q?dKwBMkq6vyLdTZ4l5OjPHjKH/AVv16uscJWbd01no3R+DDjzbHN/h5AB31?=

=?iso-8859-1?Q?69ZFbI4j/wK9TBXmMPiw8grm7IlX7AHXwUK5adiGuiRKgyLEKAL2Z8N6/M?=

=?iso-8859-1?Q?FtytZ7m1TDtW1Af2sdqJR1M2IoUV3oowdEKAWuaM+seJLsBA4rLqPP4Nu+?=

=?iso-8859-1?Q?YGONZ5NfWgw83JICIb4+2QUhq4ObUU+Wg5awQtSaILANvKVucwFd3eMz3b?=

=?iso-8859-1?Q?9N1ueIdx+MlA4/7GvXb3g2Fst+HM3g+G3iLp0zQGNeBcK/IcCAS0txXZMs?=

=?iso-8859-1?Q?gJDayFTu7V6XcLRimIpgzvzdn7UKmXW34jKWSQbXCPZr4KTurMwkHOdja+?=

=?iso-8859-1?Q?NjnY8/2r7uvVQzQZv0NIHN+rc0KMlrd07rrdmfeHl/Gq8b1sqwM+D0h1Qg?=

=?iso-8859-1?Q?DzqmXHaE03PwoOpQ3iCndDXmCcvp2k8pFyv4mvoLtUSWfWxcqH1RAnB8CK?=

=?iso-8859-1?Q?Y64Kt0pmdqPNF/xWiMN0VDMuxrG5ZzfftfEdl29VJp4h9s5cWd7TkRg6Ix?=

=?iso-8859-1?Q?b3XlxO5Xw0+fdOu7uW/l5Hzbzp0GpLZZ7WO4hRyjDm4uBdXXg+NlbuP7LB?=

=?iso-8859-1?Q?nt6in4tAHoLc4/Sk+6nLPEU7t0NeNfoKBZdu6osVm/C0fRR23kDwI+SOB9?=

=?iso-8859-1?Q?ogVO+1BYbkpCUIIHT2Z6C+pC/bj3uWAZAaSgKsGsMZKKODF04CjRJTYMTJ?=

=?iso-8859-1?Q?qSs0JjR7U2txM9E3pE9Vk1YHM0BzdT7sLNuylcLUzB60MeV7WzXdCExYJH?=

=?iso-8859-1?Q?bTlzYi4upFo6E1sTOYQdF3wozpis0WaWMuHjjxrgmluHoXjziy0exdj7s7?=

=?iso-8859-1?Q?nWJRZroYz2QMw8FaGdU+EFtRv2l99un6nDbcOfLrN92DtrszFuL+q1LYWq?=

=?iso-8859-1?Q?kHNvVDpNdbz5gq3/4+E16GKtwha2moJOVJ+Wimt0K8j6QmPXM9AyFCT/cr?=

=?iso-8859-1?Q?bV7uDBVK2p96cf9XWRem9+tqOoEIaRuW/U/zD2ByLToDj7PaqTjYKQLGkN?=

=?iso-8859-1?Q?vudP4mEonuo4nOU1JkOjSebyKclmFOO7k5U++eqMbaZXbeMGcG/My/BIXI?=

=?iso-8859-1?Q?aXy8Wdkwt8WpyogTe4dh2fvKGvlNzw3ZXAOjml3UuJc65hea0jVDfVORV8?=

=?iso-8859-1?Q?9Y6Kxk7AR8MM3Yb5pgRDHGWWGntJ4vkNIx+Uiq6ti9nX+Nk=3D?=

Content-Type: multipart/alternative;

boundary="_000_BY5PR20MB32010FD00602BC1CB1DCC32EDDE3ABY5PR20MB3201namp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: BY5PR20MB3201.namprd20.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 4f873035-4278-47d9-ab0f-08de0502ec19

X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2025 18:05:24.2109

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR20MB6504

X-Spam_score: 7.5

X-Spam_score_int: 75

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, Quick follow-up-could you reply to my last email? I

can send Web design pricing if you're interested. Thanks, From: Ritu Sharma

Sent: Thursday, September 11, 20 [...]

Content analysis details: (7.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.12.3 listed in dnsbl.ahbl.org]

[52.103.12.3 listed in dnsbl.ahbl.org]

[52.103.12.3 listed in dnsbl.ahbl.org]

[52.103.12.3 listed in dnsbl.ahbl.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[dnsbl.ahbl.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.12.3 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.12.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.12.3 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.12.3 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:a03:1fe:0:0:0:31 listed in]

[will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

[52.103.12.3 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.12.3 listed in wl.mailspike.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.12.3 listed in list.dnswl.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[ritu__sharma.1(at)outlook.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[ritu__sharma.1(at)outlook.com]

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} Modern Designer ?

--_000_BY5PR20MB32010FD00602BC1CB1DCC32EDDE3ABY5PR20MB3201namp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Hello,

Quick follow-up-could you reply to my last email?

I can send Web design pricing if you're interested.

Thanks,

________________________________

From: Ritu Sharma

Sent: Thursday, September 11, 2025 4:27 PM

Subject: Modern Designer ?

Hello,

Greetings of the day!

I am a professional web Designer with over 12 years of web experience. I ma=

ke clean, creative designs done on time for a reasonable price.

I design new websites, web design and development, e-commerce platforms, ot=

her promotional related work.

If you are interested, then I can send you our Price list, company informat=

ion and an affordable quotation with the best offer.

Regards,

--_000_BY5PR20MB32010FD00602BC1CB1DCC32EDDE3ABY5PR20MB3201namp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Hello,

Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Quick follow-up-could you reply to my last email?

Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

I can send Web design pricing if you're interested.

Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Thanks,

11pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

From: Ritu Sharma

Sent: Thursday, September 11, 2025 4:27 PM

Subject: Modern Designer ?

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);" class=3D"elementToProof">

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

Hello,

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

Greetings of the day!

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

I am a professional web Designer with over 12 years of web expe=

rience. I make clean, creative designs done on time for a reasonable price.=

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

I design new websites, web design and development, e-commerce platforms, ot=

her promotional related work.

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

If you are interested, then I can send you our Price list, company informat=

ion and an affordable quotation with the best offer.

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToPro=

of">

Regards,

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

--_000_BY5PR20MB32010FD00602BC1CB1DCC32EDDE3ABY5PR20MB3201namp_--

Job Opportunity spam from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:35:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5ruv-00000000ODh-0gx0

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:34:45 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:34:45 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f175.google.com ([209.85.208.175]:52469)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5ovK-00000000JsJ-1FF5

for root@nk.ca;

Mon, 06 Oct 2025 11:23:06 -0600

Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-36a6a3974fdso53601991fa.0

for ; Mon, 06 Oct 2025 10:22:11 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1759771324; x=1760376124; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=ANNYDeBxbBhdiU8c0QBZlPZCHfaRpgGRjr8kEyU5YYA=;

b=kfC0ksTwgptM3UpsXjQOAkTMyhAZAjCcoOeGB0P/Dm3ohjS1tiafkeGNwNJC/EOfuK

/ybrsyXMTuo4bY5/jVgy6PyApQ9WdMTRLSf8mwMJuOW8803lYeFg+hbl2M1ouPKvzVH8

qIAPBC/oA6PhM4BvN2DV6V0F2F6MPy+4a6hJHUPvnvCxhr+PdzGZ++vm5flg94xlmt29

4tIrplYkDhEcweTbieEynCSvXQZCidhKEYDmDCtJ3odH+kfmGbeahyfX7YYd8hQ0uElZ

+A4BftFdcaOmx4LEon7r92eZbbJ2Oaa2Oxv4grnbwYEcjnZg4xbmtRPWkhma89dO/KXr

9s2w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759771324; x=1760376124;

h=to:subject:message-id:date:from:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=ANNYDeBxbBhdiU8c0QBZlPZCHfaRpgGRjr8kEyU5YYA=;

b=InT6UI0+0qMib1sOt9PoXMF6OsMDF4v6t1y2DqKMWza0fLp/TF0pPzj42zt8pwGhJz

55JJBDh4hnO+BcJXOKj+9ixv5l0yXS5JeX1iFFtp7xJNY8Mot0M5yDGBlDad6fR3Xmq1

d17Sk4n+930NXdJKi4u7y2rQ0rFvScm+pIlWqCUNcWO3ADmqayTRfOe4Sofu9hY7Uuwm

b4IjRdx2sMv07f99Nd/PS9ZaeWiRszNb4BqGIVKLVJW6QYTW2prJcseT2cw1PcwXNmUr

HkpcH/Jq8IfW/I5rdabJXqIMCQ5ugUCrg9+3c+IqeWxZCS3D65r8f74Ud3iOJ/5/9fk7

gGNg==

X-Gm-Message-State: AOJu0YxvaENpU8Rge4VlPIDa+uXJ2O3BbO/21V0Eb4A5jhcx0exDkZYP

rgufFOcq6H+NIk03m41nC5pFI9kLB8dH75GFtYwuEKEwq98Vy4iKFetrRt3pBJTCCj6Q7tuITCD

v63z/hI7M+wCPCe0wGEruLylzMa6RyWeNVtCjkEo=

X-Gm-Gg: ASbGnctiogAzLEpxDKAZwq0DtQQO53FI2rGf0LAyyD9eBMIgNH0GtxkGqkYk2Ugim66

ZC6Vakgo4kQtoRKmbJVss2sSqkkTzmw7k8t1Hj6oYGBIhDHnNDEzqCjLMFTE5NTozswV7V+Wmhk

S4CkYqxFbQSMAr1ZPumIZhx4s5YCpn7Ir1BsmHovriF6InAKw81ZjV25XOEGFPwzOeC30oM2Tj3

AjUsraVm1gi8UVBxNJGztgJ/ewJx3RUjPtKUj5p4KGF3Ss=

X-Google-Smtp-Source: AGHT+IGGAS+/umVrxiTgMpZfEI2tNPom4hLD6nD3CRikexUjtMNuBy5QKizMLZI4fyUu78+y3XiHEQehAwDJzSf6slg=

X-Received: by 2002:a05:651c:12c1:b0:368:c52f:fb64 with SMTP id

38308e7fff4ca-374c38852acmr34649811fa.34.1759771323699; Mon, 06 Oct 2025

10:22:03 -0700 (PDT)

MIME-Version: 1.0

From: Gary Slack

Date: Mon, 6 Oct 2025 18:21:51 +0100

X-Gm-Features: AS18NWCvdxoi5Qip9nNCxuPj9rAV7LLfVvP8zAywXXx7dPutwKWOEDnH_otYIPs

Message-ID:

Subject: Hello Dave Yadallee

To: root@nk.ca

Content-Type: multipart/alternative; boundary="000000000000a294ab064080b031"

--000000000000a294ab064080b031

Content-Type: text/plain; charset="UTF-8"

Hello Dave Yadallee

My name is Gary Slack, Reverse Mortgage Specialist and loan agent at Wymac

Capital Inc.

I found your contacts on the Linkedin professional network. MURACO MEDICAL

CO., LTD. is currently seeking an individual/company for the part-time

position of a representative in Canada/USA with great benefits and

attractive work hours. This opportunity allows for remote work, enabling

you to seamlessly integrate it with your existing job or daily commitments.

If interested, contact ANDREW COOPER ( andrew.cooper@muracomedical.com )

for more details and job description.

Best Regards,

Gary Slack

President at Longhorn Investments Inc.

MURACO MEDICAL CO., LTD.

Representative Required in CANADA/USA

--000000000000a294ab064080b031

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello=C2=A0 Dave Yadallee

My name is

Gary Slack,=C2=A0

Reverse Mortgage Specialist and loan agent at Wymac Capital Inc.

I

found your contacts on the Linkedin professional network.=C2=A0MURACO=20

MEDICAL CO., LTD. is currently seeking an individual/company for the=20

part-time position of a representative in Canada/USA with great benefits

and attractive work hours. This opportunity allows for remote work,=20

enabling you to seamlessly integrate it with your existing job or daily=20

commitments.

If interested, contact

ANDREW COOPER

(=C2=A0
">andrew.cooper@muracomedical.com ) for more details and job descriptio=

n.

Best Regards,

Gary Slack
President at Longhorn Investments Inc.

MURACO MEDICAL CO., LTD.
Representative Required in CANADA/USA

--000000000000a294ab064080b031--

Credential phishing from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:35:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5ruK-00000000O8T-3cIX

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:34:08 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:34:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f197.google.com ([209.85.221.197]:57380)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5oAp-00000000CAK-3zFd

for doctor@nk.ca;

Mon, 06 Oct 2025 10:35:03 -0600

Received: by mail-vk1-f197.google.com with SMTP id 71dfb90a1353d-54a8d35ed64so7572727e0c.2

for ; Mon, 06 Oct 2025 09:34:09 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759768443; x=1760373243; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=1y3fZu8F7mEIgRwyYd7HRsG1IDT82zMP05ooiWmXwPc=;

b=NjlNWe9cQAbiImGwj9n5ppFNM6j/nf0Poo4GQaJTfW5UTwIP6SQ/RLjDTy2fdjl1a4

43fdhbmxIjU0BSTiQ/G3WMtbFsBnBAnhnv3K4p0e4547C379Wg0qLvBRFjjM/0cjUBxk

ed7Iu1kWSDDHdVpJBPlnMb0T/sdH9dDiNY0MbTE34cZCTOVaZkS6XnvfbKS398RkkTSS

7OEKRXe7oj5ws8p0EvW36VqSUONbUfK2OWWQQ4qz+kUYTpWiGI9ZHxRyCwh8gk3wHcqK

rsqFNCVCSpbTUylVsqo2za6KQ1JxDBSZ8xSiA7dTEM7qDwBGTVM2Y+AAxRg/xN8fIElA

Pylw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759768443; x=1760373243;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=1y3fZu8F7mEIgRwyYd7HRsG1IDT82zMP05ooiWmXwPc=;

b=hGHpPSmr7SXFaFSSDkC6g76SIjbCTZfBoiUjM0rVOnOqKEU503xFLetdIhA1lLRXfJ

cEpnx4jxHKSTcSjTPR7UErLBLn3NA+oc3hNBdvu9XA9qkGefcGyUXWIswWoxEmbHpG20

VT1EWiIGroSKXJlEzlsgUT2b9MgzH+PLgyUmsWbA9j3UUYJaIXh8i7ntK71PP7VF6UOF

x0jmVlAKG3x/m8Wkhb1vilHFnmCcIVUFsKRV5+apq1QGtbuuQI80ghzR4oit+Hh+JrLQ

X4Bn+vEWzQoWzyQTSwJxElrU9hZf2oPFUo/Z65dFU6yXyZDUsQx9r2IudNv9WP9E0Anp

1pPw==

X-Gm-Message-State: AOJu0YzV3wHpjhK1DnolKJqmS1S/7GQEkhukV55FEVvaAUc0gIaTwHC5

bDB0b57G6kgKHaP/UPkr/wxgUXKEFr/llfzsjI4q0AfQAynyDzzTIBVpNSfrmziQ+uBL6wdJU39

wMMPhlfbBrQ==

X-Google-Smtp-Source: AGHT+IElkWg7HLVfuHd+O/QLvg9YFmo+riaS+nSGTm+6cx+za5FPHHdcg2v+RG5S7trilvxIsZIbVQ3eFYNF5cA=

MIME-Version: 1.0

X-Received: by 2002:a05:6122:2025:b0:551:c3d0:acb8 with SMTP id

71dfb90a1353d-5524e8da8a9mr4563019e0c.6.1759768443471; Mon, 06 Oct 2025

09:34:03 -0700 (PDT)

Message-ID: <000000000000f5c65a0640800465@google.com>

Date: Mon, 06 Oct 2025 16:34:03 +0000

Subject: Reset your password for x02258-eva-02-1089159020573

From: noreply@x02258-eva-02-1089159020573.firebaseapp.com

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="000000000000f5c64e0640800462"

X-Spam_score: 5.4

X-Spam_score_int: 54

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, Follow this link to reset your x02258-eva-02-1089159020573

password for your doctor@nk.ca account. https://x02258-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=T9hPfQ68bo1cL-vJhXT4EQ0VFN-TvY1BUajvhnTjttkAAAGZul95Yw&apiKey=AIzaSyBQuV_zuxDXIHzm72Beqvp4Kb9IkkzDuPA&lang

[...]

Content analysis details: (5.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.221.197 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.197 listed in sa-trusted.bondedsender.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.197 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.197 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.221.197 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.197 listed in bl.score.senderscore.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

3.0 URI_FIREBASEAPP Link to hosted firebase web application, possible

phishing

Subject: {SPAM?} Reset your password for x02258-eva-02-1089159020573

--000000000000f5c64e0640800462

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Hello,

Follow this link to reset your x02258-eva-02-1089159020573 password for

your doctor@nk.ca account.

https://x02258-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=T9hPfQ68bo1cL-vJhXT4EQ0VFN-TvY1BUajvhnTjttkAAAGZul95Yw&apiKey=AIzaSyBQuV_zuxDXIHzm72Beqvp4Kb9IkkzDuPA&lang=en

If you didn't ask to reset your password, you can ignore this email.

Thanks,

Your x02258-eva-02-1089159020573 team

--000000000000f5c64e0640800462

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello,

Follow this link to reset your x02258-eva-02-1089159020573 password for =

your doctor@nk.ca account.

ction?mode=3DresetPassword&oobCode=3DT9hPfQ68bo1cL-vJhXT4EQ0VFN-TvY1BUa=

jvhnTjttkAAAGZul95Yw&apiKey=3DAIzaSyBQuV_zuxDXIHzm72Beqvp4Kb9IkkzDuPA&a=

mp;lang=3Den'>https://x02258-eva-02-1089159020573.firebaseapp.com/__/auth/a=

ction?mode=3DresetPassword&oobCode=3DT9hPfQ68bo1cL-vJhXT4EQ0VFN-TvY1BUa=

jvhnTjttkAAAGZul95Yw&apiKey=3DAIzaSyBQuV_zuxDXIHzm72Beqvp4Kb9IkkzDuPA&a=

mp;lang=3Den

If you didn=E2=80=99t ask to reset your password, you can ignore this em=

ail.

Thanks,

Your x02258-eva-02-1089159020573 team

--000000000000f5c64e0640800462--

Credential phishing from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:35:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5ruQ-00000000O9C-0bJP

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:34:14 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:34:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f71.google.com ([209.85.222.71]:47272)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5oBb-00000000CGe-0QNw

for sales@nk.ca;

Mon, 06 Oct 2025 10:35:50 -0600

Received: by mail-ua1-f71.google.com with SMTP id a1e0cc1a2514c-8e2196b1f9eso7413900241.2

for ; Mon, 06 Oct 2025 09:34:56 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759768490; x=1760373290; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=YYGjnH7lPFxRV6Zt5i+9bisLJ+zwpw5RdwKprfBs6EY=;

b=dt9cFlx/MeWzxn38gDD6spZzm0HPYWdcFrPHauogEOOgle5sY0ykbBsD6RDEL1X7dD

uxzxyKWBSpxpOaZz0+cquFFLiQu3XU8OcAKW6pyKGkHNRi6IeOs0Cw4HxTpwHzHbzfyJ

dCRk73tlrRZbAD2hrCWhMbXpMReoz78FCFn+7c0HX96n+nVh5lWiKLZH5hQSfHYNUHjx

TGgfnxaSe8IRocvJqaIGjalDcb3vF/BYn95vUZYLvcBMD67cmIH6g4zDeC3bB+3p12op

kwBrwP8DloNpPEbi6jQHNzT/+ib9AYq4rpWMLWkLLgXZ2t4SXD3ktVjes/FmixnxytoZ

jm8A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759768490; x=1760373290;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=YYGjnH7lPFxRV6Zt5i+9bisLJ+zwpw5RdwKprfBs6EY=;

b=VJsTt1h4v6n2ZkpNdi+TZkb1Pf0Tx+0N8axLODe+KO2oWpqvhyIJGaJd0tjAFBkDco

GOY8ZOvAVrWo7StR9Y+ihJLVAOAOyaouW3lFVYjkrlJ8oSxqd+0RrEiLe9fM/tdtch++

Rw02MP0mOqtKL0+M8+jERFOJ4XXGX3dcIy65YNxnhD3s26B/wY3yIN5ve9OgYjYJDYoN

W1acDMvCkrEeunM1F4/fO+q1zVTN0V3Wnu5FsfNXKILrkLGpqSh0oZovML3ZfDiELTO7

6lwTh/5gPrgBSGlg6ViPwPpG1MiNHiKwcElneRjhpkylYjBXun+XBzPEFrSD3mocBwmh

HVmA==

X-Gm-Message-State: AOJu0Yzmmz3brnqiulQrtWIRU1c3VMyQb1ekvoexj5cnNIeMtPi3J92t

xPWIibbvOdke2M9fiFXs6YVea66Tqs6pOMhi4M5L61w6bxzFVVDzAgAGcVD8PQLTjIwPakGryKA

oFtwgKk2fMw==

X-Google-Smtp-Source: AGHT+IGD5RoApBeu7M/EjMTpnSf0ZrlBf8huELRkr8AKMhrY4LTMMSThjmZelqwWWjxuIznVli62cYO7EGwdANw=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:2909:b0:534:cfe0:f86c with SMTP id

ada2fe7eead31-5d41d03c5admr5182190137.15.1759768490519; Mon, 06 Oct 2025

09:34:50 -0700 (PDT)

Message-ID: <000000000000c3ab7f0640800762@google.com>

Date: Mon, 06 Oct 2025 16:34:50 +0000

Subject: Reset your password for x02278-eva-02-1089159020573

From: noreply@x02278-eva-02-1089159020573.firebaseapp.com

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="000000000000c3ab78064080075f"

X-Spam_score: 9.2

X-Spam_score_int: 92

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, Follow this link to reset your x02278-eva-02-1089159020573

password for your sales@nk.ca account. https://x02278-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=KlaC6Lss2He1n1W2MpsaUSb-rN6WIoLvg4Q9MKf-VikAAAGZumAxNg&apiKey=AIzaSyCcAO5hKmRdrghBZ7wk1D0rlg_2sn2mNdY&lang

[...]

Content analysis details: (9.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.71 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.71 listed in wl.mailspike.net]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

3.0 URI_FIREBASEAPP Link to hosted firebase web application, possible

phishing

Subject: {SPAM?} Reset your password for x02278-eva-02-1089159020573

--000000000000c3ab78064080075f

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Hello,

Follow this link to reset your x02278-eva-02-1089159020573 password for

your sales@nk.ca account.

https://x02278-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=KlaC6Lss2He1n1W2MpsaUSb-rN6WIoLvg4Q9MKf-VikAAAGZumAxNg&apiKey=AIzaSyCcAO5hKmRdrghBZ7wk1D0rlg_2sn2mNdY&lang=en

If you didn't ask to reset your password, you can ignore this email.

Thanks,

Your x02278-eva-02-1089159020573 team

--000000000000c3ab78064080075f

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello,

Follow this link to reset your x02278-eva-02-1089159020573 password for =

your sales@nk.ca account.

ction?mode=3DresetPassword&oobCode=3DKlaC6Lss2He1n1W2MpsaUSb-rN6WIoLvg4=

Q9MKf-VikAAAGZumAxNg&apiKey=3DAIzaSyCcAO5hKmRdrghBZ7wk1D0rlg_2sn2mNdY&a=

mp;lang=3Den'>https://x02278-eva-02-1089159020573.firebaseapp.com/__/auth/a=

ction?mode=3DresetPassword&oobCode=3DKlaC6Lss2He1n1W2MpsaUSb-rN6WIoLvg4=

Q9MKf-VikAAAGZumAxNg&apiKey=3DAIzaSyCcAO5hKmRdrghBZ7wk1D0rlg_2sn2mNdY&a=

mp;lang=3Den

If you didn=E2=80=99t ask to reset your password, you can ignore this em=

ail.

Thanks,

Your x02278-eva-02-1089159020573 team

--000000000000c3ab78064080075f--

Credential phishing from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5ru9-00000000O65-2HVf

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:33:57 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:33:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f71.google.com ([209.85.222.71]:42216)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5o5t-00000000BMf-0Ydj

for doctor@nl2k.ab.ca;

Mon, 06 Oct 2025 10:29:56 -0600

Received: by mail-ua1-f71.google.com with SMTP id a1e0cc1a2514c-90bceb0908eso7218428241.0

for ; Mon, 06 Oct 2025 09:29:02 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759768136; x=1760372936; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=gAE4KaV6ZObpuAMYL7g2Wu6WAZS9CCRWGg+MENjnbKM=;

b=Aj/yVvEG8CUb9i3HNSOSUvHBJEdGb90qAHD55lkdmyPTSmN3rFsMUytsHBciqdEXJr

ckzVECWnXD1Ki5ES/AycGPUWYgM0PbYN2psNF1gBjGCFl4k8u5yEgoWhQjroi1tlGmxu

oqk8MNRVH8gaQOI9wY1VKpB62PSy6LlWUwQsAsGrOd9SD2DUX4cTajcPhingsUPv/fMF

dfGboHazyuU85zEkA8E/BqcPrLaRNEbLPWFP3nqh0U7sLgDiQceMSHJdtcN6hwdlzzkQ

3D871A6kUiqYd1SNcqYLLDoLCUXwhA7n/yVQVak1kdmCn2IIHr5i7dQ4qf/azSWwphdc

K/WA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759768136; x=1760372936;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=gAE4KaV6ZObpuAMYL7g2Wu6WAZS9CCRWGg+MENjnbKM=;

b=ViCKL57QXTNzTAVypxLz6WTb5pVnAORQB6c/9+u4rLGvSrnfqIugFzz0ZlPa8wLmcu

3OcuSuKL0nnI9KvUCUSOW5PaaLwSKQQHEFhtB3O2sH+z7JRX7HuR09Lp1qeHZ3wq7w1r

mBX2LWPtZKS6x87eAswkutoflgJKPG8PiEwEkApq518qnC/yMjK7rTT1vPufCyfHrOCw

DWdvy3W2Dud78tfY8Tg6jkFYVRNf1i29yjB7SMN75JaawjxLxoD8YfuucV0gZZHyIrBP

rTpt8oKi9ZE1pVj3xNzWqc4FLjQwtYVgfVFCD68YwO+lUjksew9ZYK9/Ttkw2LL3eKRe

+R4Q==

X-Gm-Message-State: AOJu0YzmQFFLT6YqSND/yRrxufrWdUl3L02l3feiyQ6VhN2HlOKiTGj5

+0kVNRw9CgdGuZtTzUnZMlrDQY9bmQGjNla3aMyG+vl363p9rXLUoJe384YB+lfnlIMKozypeDS

JgpwLDMFNyw==

X-Google-Smtp-Source: AGHT+IFDP0vI+hd/1eQ/vgnyxmjDUUm6HhLHGVWSIhVdT/fDr4MUEdjLwLUBEQkuyn/G36x/2ezjhdZCFHKQqjo=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:3a14:b0:4e2:a235:24d1 with SMTP id

ada2fe7eead31-5d5d4cba04bmr142503137.4.1759768136660; Mon, 06 Oct 2025

09:28:56 -0700 (PDT)

Message-ID: <000000000000ac38c006407ff2c7@google.com>

Date: Mon, 06 Oct 2025 16:28:56 +0000

Subject: Reset your password for x02252-eva-02-1089159020573

From: noreply@x02252-eva-02-1089159020573.firebaseapp.com

To: doctor@nl2k.ab.ca

Content-Type: multipart/alternative; boundary="000000000000ac38b606407ff2c4"

X-Spam_score: 5.7

X-Spam_score_int: 57

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello, Follow this link to reset your x02252-eva-02-1089159020573

password for your doctor@nl2k.ab.ca account. https://x02252-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=DXNQZgeB-ZkX_OpC8OuRsVMAOSYC7G6nEbk1ajnUKBUAAAGZulrKrQ&apiKey=AIzaSyBTV7mBzR8PdXFY8ZtkXqwntCMiR7iDQEA&lang

[...]

Content analysis details: (5.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.71 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.71 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.71 listed in sa-accredit.habeas.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.71 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.222.71 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.222.71 listed in bl.score.senderscore.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.3 LONGWORD BODY: Uses overlong words

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

0.0 HTML_MESSAGE BODY: HTML included in message

3.0 URI_FIREBASEAPP Link to hosted firebase web application, possible

phishing

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

Subject: {SPAM?} Reset your password for x02252-eva-02-1089159020573

--000000000000ac38b606407ff2c4

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Hello,

Follow this link to reset your x02252-eva-02-1089159020573 password for

your doctor@nl2k.ab.ca account.

https://x02252-eva-02-1089159020573.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=DXNQZgeB-ZkX_OpC8OuRsVMAOSYC7G6nEbk1ajnUKBUAAAGZulrKrQ&apiKey=AIzaSyBTV7mBzR8PdXFY8ZtkXqwntCMiR7iDQEA&lang=en

If you didn't ask to reset your password, you can ignore this email.

Thanks,

Your x02252-eva-02-1089159020573 team

--000000000000ac38b606407ff2c4

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hello,

Follow this link to reset your x02252-eva-02-1089159020573 password for =

your doctor@nl2k.ab.ca account.

ction?mode=3DresetPassword&oobCode=3DDXNQZgeB-ZkX_OpC8OuRsVMAOSYC7G6nEb=

k1ajnUKBUAAAGZulrKrQ&apiKey=3DAIzaSyBTV7mBzR8PdXFY8ZtkXqwntCMiR7iDQEA&a=

mp;lang=3Den'>https://x02252-eva-02-1089159020573.firebaseapp.com/__/auth/a=

ction?mode=3DresetPassword&oobCode=3DDXNQZgeB-ZkX_OpC8OuRsVMAOSYC7G6nEb=

k1ajnUKBUAAAGZulrKrQ&apiKey=3DAIzaSyBTV7mBzR8PdXFY8ZtkXqwntCMiR7iDQEA&a=

mp;lang=3Den

If you didn=E2=80=99t ask to reset your password, you can ignore this em=

ail.

Thanks,

Your x02252-eva-02-1089159020573 team

--000000000000ac38b606407ff2c4--

Cloud credential phishing from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5rtB-00000000NxJ-3cgS

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:32:57 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:32:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f70.google.com ([209.85.217.70]:43334)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5muR-00000000PDP-1RAR

for support@nk.ca;

Mon, 06 Oct 2025 09:14:02 -0600

Received: by mail-vs1-f70.google.com with SMTP id ada2fe7eead31-5b431158f27so9833622137.1

for ; Mon, 06 Oct 2025 08:13:08 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759763583; x=1760368383; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=OiOH5io2FHzTK4ziAPEuZZrkvq4hKw2WESJmINq7GX0=;

b=d5Tu9esiN9WBlLUsFOwNdO6z7Tb2XYnQgAvU2bHxTnGrOr5RXYZfs3TNVMcm1vUFWB

GpQk/T+06el7J7T/7J8NGWbZjpXLjj1hRRsu2sRy2mUoSlVkin2YMrnSMv/ElL6TyvLk

tEqhlxsd9+jFRUupXwkfdSZxd2qHuSp3AVELePUqXXdozpwqaXy7L2vammnHbhT4T6rq

uzhfQE89rsUfuw+kuwpbIQFUKu145upvyHsL4jM8J0aSrk7sl0zIbNCx9vL+Llch1vbl

FVBPfRDCHPw9TQXGz9xgC0YLzUOwHeBaXpVp1n00o3eIiT0Z8IvD7IVkZIeds33SfVJB

j2tQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759763583; x=1760368383;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=OiOH5io2FHzTK4ziAPEuZZrkvq4hKw2WESJmINq7GX0=;

b=dnYORIHTCeIzllzAPgnRTv4kSRzjxTJk7rI3yDxBZqCuyH3u0fWaHWA2YZQZipPz7F

ymwQ/7mtbYtIRIbhRlFmXHjBqwolmwPFnA5iGIblQttRlOP5hjBGntYP6ylUTCsRax/7

K6P4eH3YCbDRa5E22TjYYd0B69UOftMnBfm5b2Vmo9TZxTwoFehJiyrXQzMuV9RjXm6i

Y/k5Ty8IPQsL0G2JXfFxsHVF5YXanPtQRvYwzlbA3ydeLV7K4MfpnEIhPWcHDdrMlkcZ

Hk6MoU+PrmdW48XSTEOnLc1JXU0Xr4R+EkZKKfub9AahKvHwwd8ruBzp9sF0s6HUQTqw

STBw==

X-Gm-Message-State: AOJu0YyEr03fxyZrfR9KNp+ClIINoHTj8UWHxQP5CaWWQm+rRpFdm1l9

upA7Zje/8gQkn92puzVN/wyoTjoHbgd9hhcSNyvNgis8aigAu84gw4yhXtb5/qqvRbZw3WlM3Wo

c4ZG65+Vjgw==

X-Google-Smtp-Source: AGHT+IF8aIaQNlJZMlGnkUs7qf6kgsmjK1ICg3p9dhfPnFXOhBLTdWtFgRvGvYyB5dZDLHIn4/1i4B2t83JlUgM=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:14a8:b0:52a:1104:3029 with SMTP id

ada2fe7eead31-5d41c17fc59mr5933612137.17.1759763582872; Mon, 06 Oct 2025

08:13:02 -0700 (PDT)

Message-ID: <0000000000003eedab06407ee329@google.com>

Date: Mon, 06 Oct 2025 15:13:02 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Update=3A_Your_Cloud_Storage_Is_Almos?=

=?UTF-8?Q?t_Full_=E2=80=93_Secure_Your_Files_Now?=

From: Cloud Notifications

To: support@nk.ca

Content-Type: multipart/alternative; boundary="0000000000003eeda306407ee326"

X-Spam_score: 10.2

X-Spam_score_int: 102

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Check Your Storage! Is It Reaching Full Capacity? Important

Alert Without sufficient storage, your new photos, videos, and documents

may no longer sync with the Cloud, and existing data may become inaccessible.

Content analysis details: (10.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.217.70 listed in dnsbl.ahbl.org]

[209.85.217.70 listed in dnsbl.ahbl.org]

[209.85.217.70 listed in dnsbl.ahbl.org]

[209.85.217.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.217.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.217.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.217.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.217.70 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

[209.85.217.70 listed in will-spam-for-food.eu.org]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[209.85.217.70 listed in psbl.surriel.com]

2.1 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: cloudstorage-benachrichtigung6.eblink6.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.70 listed in wl.mailspike.net]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Update=3A_Your_Cloud_Storage_Is_Almos?=

=?UTF-8?Q?t_Full_=E2=80=93_Secure_Your_Files_Now?=

--0000000000003eeda306407ee326

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

Q2hlY2sgWW91ciBTdG9yYWdlISBJcyBJdCBSZWFjaGluZyBGdWxsIENhcGFjaXR5Pw0KDQoNCg0K

DQoNCkltcG9ydGFudCBBbGVydA0KDQoNCg0KDQpXaXRob3V0IHN1ZmZpY2llbnQgc3RvcmFnZSwg

eW91ciBuZXcgcGhvdG9zLCB2aWRlb3MsIGFuZCBkb2N1bWVudHMgbWF5IG5vICANCmxvbmdlciBz

eW5jIHdpdGggdGhlIENsb3VkLCBhbmQgZXhpc3RpbmcgZGF0YSBtYXkgYmVjb21lIGluYWNjZXNz

aWJsZS4NCg0KDQoNCkNvdW50IGRvd24NCg0KDQoNCkJhY2t1cCBEZXZpY2UNCg0KDQoNClZSIHNl

dA0KDQoNCg0KDQpSZWNvbW1lbmRhdGlvbg0KDQoNCg0KQmFjayB1cCBZb3VyIEltcG9ydGFudCBG

aWxlcyBhbmQgUGhvdG9zIFRvZGF5DQoNCg0KDQoNCkRvbid0IGxldCB5b3VyIENsb3VkIHN0b3Jh

Z2UgcmVhY2ggaXRzIG1heGltdW0gY2FwYWNpdHkuIFdlIHJlY29tbWVuZCB5b3UgIA0KY2hlY2sg

eW91ciBzdG9yYWdlIHNwYWNlIHRvIGVuc3VyZSBpdCBuZXZlciBiZWNvbWVzIGZ1bGwuIFRvIGF2

b2lkIGxvc3Mgb2YgIA0KaW1wb3J0YW50IGZpbGVzLCB5b3UgY2FuIGJvb3N0IHlvdXIgZGV2aWNl

J3Mgc3RvcmFnZSBzcGFjZSB3aXRoIGFuIGVuaGFuY2VkICANCnBsYW4uDQoNCg0KDQpHRVQgTU9S

RSBTVE9SQUdFIEhFUkUNCg0KDQoNCklmIHlvdSBwcmVmZXIgbm90IHRvIHJlY2VpdmUgZW1haWxz

IGxpa2UgdGhpcywgeW91IG1heSB1bnN1YnNjcmliZQ0KwqkgMjAyNS4gQWxsIHJpZ2h0cyByZXNl

cnZlZC4NCg0KDQoNCkZvbGxvdyB1cyBvbiBzb2NpYWwNCg0KDQoNCmZhY2Vib29rIHR3aXR0ZXIg

bGlua2VkaW4gaW5zdGFncmFtDQoNCg0KDQpUbyByZWNlaXZlIHRoZSBsYXRlc3QgZGVhbHMNCg0K

DQoNCg0K

--0000000000003eeda306407ee326

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

rn:schemas-microsoft-com:office:office" lang=3D"en">

0">

padding: 0; -webkit-text-size-adjust: none; text-size-adjust: none;">

cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; ms=

o-table-rspace: 0pt; background-color: #000000; background-size: auto; back=

ground-image: none; background-position: top left; background-repeat: no-re=

peat;">

lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-l=

space: 0pt; mso-table-rspace: 0pt; background-color: #90e5ff;">

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; border-radius: 0; color: #000000; width: 680px;=

margin: 0 auto;" width=3D"680">

; mso-table-rspace: 0pt; font-weight: 400; text-align: left; vertical-align=

: middle;">

ing=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspac=

e: 0pt; mso-table-rspace: 0pt;">

Check You=

r Storage! Is It Reaching Full Capacity?

lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-l=

space: 0pt; mso-table-rspace: 0pt; background-size: auto;">

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; background-size: auto; color: #000000; width: 6=

80px; margin: 0 auto;" width=3D"680">

; mso-table-rspace: 0pt; font-weight: 400; text-align: left; padding-bottom=

: 5px; padding-top: 5px; vertical-align: middle;">

ont-size:1px;">

ing=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace=

: 0pt; mso-table-rspace: 0pt;">

Helvetica, sans-serif; font-size: 83px; font-weight: 700; letter-spacing: =

normal; line-height: 1.5; text-align: center; margin-top: 0; margin-bottom:=

0; mso-line-height-alt: 125px;">
=3D"word-break: break-word;">
ng6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" tar=

get=3D"_blank" style=3D"text-decoration: none; color: #0cc5ff;" rel=3D"noop=

ener">
break-word; position: relative;" id=3D"c1d82565-23c9-4d12-ae7b-118610840a03=

" data-position=3D"20-0-1" data-qa=3D"tinyeditor-root-element">
=3D"tinyMce-placeholder" style=3D"word-break: break-word;">Important Alert<=

/span>

dding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:26px;font-weight:400;letter-spacing:0px;line-height:1.2;t=

ext-align:center;mso-line-height-alt:31px;">

blink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" target=

=3D"_blank" style=3D"text-decoration: none; color: #ffffff;" rel=3D"noopene=

r">Without sufficient storage, your new photos, videos, and documents may n=

o longer sync with the Cloud, and existing data may become inaccessible.
>

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt;">

udstorage-benachrichtigung6.eblink6.com/openurl?lid=3D6196488250851328&nid=

=3D6427073904902144&" target=3D"_blank">

cloudfront.net/templates/default/8831/TimerBanner04-ezgif.com-resize__1_.gi=

f" style=3D"display: block; height: auto; border: 0; width: 100%;" width=3D=

"578" alt=3D"Count down" title=3D"Count down" height=3D"auto">

ng=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace=

: 0pt; mso-table-rspace: 0pt;">

enachrichtigung6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D642707390=

4902144&" target=3D"_blank" style=3D"color:#ffffff;text-decoration:none;"><=

!--[if mso]>

as-microsoft-com:office:word" href=3D"https://cloudstorage-benachrichtigun=

g6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" sty=

le=3D"height:54px;width:186px;v-text-anchor:middle;" arcsize=3D"7%" fill=3D=

"false">

ze:22px">

border-bottom: 2px solid #ffffff; border-left: 2px solid #ffffff; border-ra=

dius: 4px; border-right: 2px solid #ffffff; border-top: 2px solid #ffffff; =

color: #ffffff; display: inline-block; font-family: Arial, Helvetica, sans-=

serif; font-size: 22px; font-weight: 400; mso-border-alt: none; padding-bot=

tom: 5px; padding-top: 5px; padding-left: 20px; padding-right: 20px; text-a=

lign: center; width: auto; word-break: keep-all; letter-spacing: normal;"><=

span style=3D"word-break: break-word; line-height: 44px;">Backup Device
an><=

/div>

ont-size:1px;">

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt;">

tigung6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&"=

target=3D"_blank">

rk-and-security-1-2/32/Network_and_Security_Cloud_Warning-512.png" style=3D=

"display: block; height: auto; border: 0; width: 100%;" width=3D"238" alt=

=3D"VR set" title=3D"VR set" height=3D"auto">

lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-l=

space: 0pt; mso-table-rspace: 0pt; background-size: auto;">

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; background-size: auto; border-radius: 0; color:=

#000000; width: 680px; margin: 0 auto;" width=3D"680">

; mso-table-rspace: 0pt; font-weight: 400; text-align: left; padding-bottom=

: 5px; padding-top: 5px; vertical-align: top;">

ont-size:1px;">

dding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspa=

ce: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

ht:15px;padding-top:15px;">

s-serif;font-size:32px;font-weight:400;letter-spacing:0px;line-height:1.8;t=

ext-align:center;mso-line-height-alt:58px;">

blink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" target=

=3D"_blank" style=3D"text-decoration: none; color: #0cc5ff;" rel=3D"noopene=

r">Recommendation

ing=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace=

: 0pt; mso-table-rspace: 0pt;">

:10px;text-align:center;width:100%;">

Helvetica, sans-serif; font-size: 71px; font-weight: 700; letter-spacing: =

normal; line-height: 1.2; text-align: center; margin-top: 0; margin-bottom:=

0; mso-line-height-alt: 85px;">
igung6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" =

target=3D"_blank" style=3D"text-decoration: none; color: #ffffff;" rel=3D"n=

oopener">
k: break-word; position: relative;" id=3D"c4dfb215-2731-4a34-bf9c-bb54ddb99=

e0a" data-position=3D"30-0-2" data-qa=3D"tinyeditor-root-element">Back up Y=

our Important Files and Photos Today

dding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspa=

ce: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

ght:10px;padding-top:10px;">

s-serif;font-size:23px;font-weight:400;letter-spacing:0px;line-height:1.8;t=

ext-align:center;mso-line-height-alt:41px;">

blink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" target=

=3D"_blank" style=3D"text-decoration: none; color: #ffffff;" rel=3D"noopene=

r">
Don't let your Cloud storage reach its maximum capacity. We recommen=

d you check your storage space to ensure it never becomes full. To avoid lo=

ss of important files, you can boost your device's storage space with an en=

hanced plan.

dding=3D"15" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:17px;font-weight:400;letter-spacing:0px;line-height:1.2;t=

ext-align:center;mso-line-height-alt:20px;">

ng=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace=

: 0pt; mso-table-rspace: 0pt;">

enachrichtigung6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D642707390=

4902144&" target=3D"_blank" style=3D"color:#000000;text-decoration:none;"><=

!--[if mso]>

as-microsoft-com:office:word" href=3D"https://cloudstorage-benachrichtigun=

g6.eblink6.com/openurl?lid=3D6196488250851328&nid=3D6427073904902144&" sty=

le=3D"height:48px;width:296px;v-text-anchor:middle;" arcsize=3D"8%" fillcol=

or=3D"#0cc5ff">

ze:19px">

er-bottom: 1px solid #0cc5ff; border-left: 1px solid #0cc5ff; border-radius=

: 4px; border-right: 1px solid #0cc5ff; border-top: 1px solid #0cc5ff; colo=

r: #000000; display: inline-block; font-family: Arial, Helvetica, sans-seri=

f; font-size: 19px; font-weight: 400; mso-border-alt: none; padding-bottom:=

5px; padding-top: 5px; padding-left: 20px; padding-right: 20px; text-align=

: center; width: auto; word-break: keep-all; letter-spacing: normal;">
style=3D"word-break: break-word; line-height: 38px;">GET MORE STORAGE HERE=

<=

/a>

ont-size:1px;">

lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-l=

space: 0pt; mso-table-rspace: 0pt;">

g=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: =

0pt; mso-table-rspace: 0pt; border-radius: 0; color: #000000; width: 680px;=

margin: 0 auto;" width=3D"680">

le-lspace: 0pt; mso-table-rspace: 0pt; font-weight: 400; text-align: left; =

padding-bottom: 5px; padding-top: 5px; vertical-align: middle;">

dding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:16px;font-weight:400;letter-spacing:0px;line-height:1.2;t=

ext-align:left;mso-line-height-alt:19px;">

cellpadding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-ta=

ble-lspace: 0pt; mso-table-rspace: 0pt;">

=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;">

dding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:14px;font-weight:400;letter-spacing:0px;line-height:1.5;t=

ext-align:left;mso-line-height-alt:21px;">

If you prefer not to receive emails like this, you =

may
olor: #6a6a71;" rel=3D"noopener">unsubscribe
=C2=A9 2025. All rights=

reserved.

ble-lspace: 0pt; mso-table-rspace: 0pt; font-weight: 400; text-align: left;=

padding-bottom: 5px; padding-top: 5px; vertical-align: middle;">

dding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:16px;font-weight:400;letter-spacing:0px;line-height:1.2;t=

ext-align:left;mso-line-height-alt:19px;">

Follow us on social

ng=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace:=

0pt; mso-table-rspace: 0pt;">

ght:10px;padding-top:15px;text-align:left;">

" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; m=

so-table-rspace: 0pt; display: inline-block;">

dding=3D"10" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lsp=

ace: 0pt; mso-table-rspace: 0pt; word-break: break-word;">

s-serif;font-size:16px;font-weight:400;letter-spacing:0px;line-height:1.2;t=

ext-align:left;mso-line-height-alt:19px;">

To receive the latest deals

--0000000000003eeda306407ee326--

Web/SEO/App Spam from Microsoft Outlook

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:35:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5rv2-00000000OEh-1a4n

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:34:52 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:34:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japanwestazolkn19012059.outbound.protection.outlook.com ([52.103.66.59]:15092 helo=OS8PR02CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5oxk-00000000KG7-3AJU;

Mon, 06 Oct 2025 11:25:38 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=Yc3spccPS6dN8O0yZ4T8oxiFQN7cyGZQ2MT3gYCambvAlVepqi7HM06HFEw8DWOTqOLyZ+Ub/0/VfbHMuI3yiHjwA4DU8zGLjw/1RRDqaj7uWfcvmV7DwTQ61llQEQd2FpNWESAnWgZAFzFAaEBQeCOuIO8P1JM+Oaj4+/t1CmLraKRz9rGz0nMv+NDDyf832RDMI1SoYIOB39hEDg/oW68BqoRFuOn5JCsFWxCUp8JHWnPi/IlY0cEAii96D38BHX1T0cydpXki1RzI8ChaDI/3Q9lnmny+Ore5vDLV99MNFTlm+J5nqP8BadWJXGiNgHUgQDbZtoQsqF3hpNmHvA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=/X2ueM6Z+uvFH2uOHI7AeBezTliLneaOdwXkqazKG7w=;

b=ye01RVX5Z+Y/AVxlHZJU+p20cEbmM8LU1s+hXASBX83SfQJ7nK5iN+izHOuH6aTu17Hzw7Hum8XljcQwFWz/1mXelicaaxiTEz89q/eKEmOXrTAwLVo35GJdVo1kDdIGZ02J7INdruKjSixGqlRBPgHgFeSkWSa3nRd8ecvifZ2Km/PA5ZtAxqFR4vRGhZARukogEnh7EhjsaMGy4FHaAkfqWAr9rq96JZBhFuRsfeDY4ZIdoiIVdneavMAYcg3uuHDBdLbk22mmeR7tc6JgGQtYONJygX6rq4Jbh0u0d/Wwb4Cdd7U3iPKvuSIT5rJSu0UGONe+bivnWbtbcBGWXA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=/X2ueM6Z+uvFH2uOHI7AeBezTliLneaOdwXkqazKG7w=;

b=BjxscN3esEV+JK3Gpie1Jj/vRUZte9G+fTLZnSPpYAi/xxGLmSEOqtm6NWWQgoTCffdR2FC8bI438p2LLm1pjG1wNlhIenKMqSWU9IwJ+MROsccPGaJRPqkWATqRFQPXI/Yp3FX/uwosuGiNtSmHhWX4gDrp6V4AjitpARBDR5TY+o/fug5kBnvGXKj1A5u9n1EG+BYNxOS8GkbuODhVCuz1C/0+3v0nvb2jq+fIP3prqFTZaSOQ4j2rZkvYenoXAY4npK0GN6sGYQfQpKyX4qCiF7VdDQRdxbNGu6YffoFZRpfD4Mpk0VfEzFkscYHpJ5OSz93Sv2/xT3Ot64ffWA==

Received: from KU2PPFD50CD05E4.apcprd04.prod.outlook.com (2603:1096:d18::568)

by KL1PR04MB7584.apcprd04.prod.outlook.com (2603:1096:820:125::8) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9182.20; Mon, 6 Oct

2025 17:24:06 +0000

Received: from KU2PPFD50CD05E4.apcprd04.prod.outlook.com

([fe80::3e7a:be82:7616:befe]) by KU2PPFD50CD05E4.apcprd04.prod.outlook.com

([fe80::3e7a:be82:7616:befe%5]) with mapi id 15.20.9115.020; Mon, 6 Oct 2025

17:24:06 +0000

From: saloni kaur

To: saloni kaur

Subject: interested YES

Thread-Topic: interested YES

Thread-Index: AQHcNuYCXMDdPEej/UOUU3Y/AMnTTg==

Date: Mon, 6 Oct 2025 17:24:05 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-exchange-messagesentrepresentingtype: 1

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: KU2PPFD50CD05E4:EE_|KL1PR04MB7584:EE_

x-ms-office365-filtering-correlation-id: e3542e3f-84b3-4dbd-3e32-08de04fd26e6

x-microsoft-antispam:

BCL:0;ARA:14566002|19110799012|461199028|31061999003|15030799006|8062599012|8060799015|15080799012|51015399003|40105399003|39105399003|3412199025|440099028|102099032|1710799026;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?KjBkThViWyGhVf8doekyxB/LCjBlbarGvavIw599oPprpx0ZEG+SRN9Y?=

=?Windows-1252?Q?d4blztibQ6zrvaFz69iIBq7IF3C0w8ay+YC47do2R0Fpj9GJwnfC+ZOE?=

=?Windows-1252?Q?UbaFkOQDoUS358Bnaf6BRgzYYvG4srlNh3ZhX7gtPIU0TuwNojSm4Z1K?=

=?Windows-1252?Q?/XSOA8RHKb9Zgb5bSAp43pOGA5Ivuq1kuZGnFDog0EvBw7wsbc37/zSh?=

=?Windows-1252?Q?lONwktiku3S9Sq3rxR77DEeIUSNzgKcmLJ7quB9UjFIkXI4FRkL3iYlP?=

=?Windows-1252?Q?LCHNqdB4BNMbOT4JXUN/iJT2mji07OnLPZI5h8LqNOFaLOEKz9dGaWTr?=

=?Windows-1252?Q?QXeEsQ0ZAy+gQ4Y50MMe3e5oqetTwVvTXvoPKsi0TnBBQOMA5vRG1auD?=

=?Windows-1252?Q?QYWZjNRUuH4FUKBsw+bF8ikplPLKoD2ssAbN4IxphbPggg75tNMGD7do?=

=?Windows-1252?Q?0acqo2b6KZIVT4OWAjoN/Nj0pU1b3AfNQ810EHH26fKrovyDi2CVF3Il?=

=?Windows-1252?Q?UTphaAvPNUecYJ7E84d8KBu263IYzD/Z0i/Up2eZTr2bY+f8wPkXbDp/?=

=?Windows-1252?Q?QEqLM1MUvOhW31eTaX5O/2OcovoDce0BtzRTe/ymL6zomBqCnCkmH8ap?=

=?Windows-1252?Q?A1l+KVSQoL19Pb9L22nbcshXtAtJQ6NqtTQy8j2B+y0zPtBisoVNeSc9?=

=?Windows-1252?Q?czaEmfKLWw2RXfGdZtfZpfWfjr6I51djPtVBZDGnlF4JVxuJwR5MEhMD?=

=?Windows-1252?Q?phYA5Vz8E9fAqbW5XLyTxVSdlFyTGXg4CuITemC4FTKsDbF0t80i1Esd?=

=?Windows-1252?Q?gdogqiPjr5ulukGPd45kiVwIQQRSXLFa3nQ0/QProFv8WYg1jo/whorS?=

=?Windows-1252?Q?yg8IczvFztmwOw3ArqfRkrvW5KjcckGWHi7tUOTEKQ1wiFngyU6bpxFX?=

=?Windows-1252?Q?dYq319jZRIf/Skv+ewSVzgnePPYUNjCG9v1VPGUd5pqXlTw8+lSZ3SkN?=

=?Windows-1252?Q?F8rDS2n+GrgxiyARSZRKzHL7X4R0eD9d54QF1EHiz/j/4gzNDgTWOxUg?=

=?Windows-1252?Q?ck9VyHsF+Mf2jGqhSR13VUlp66IdNRZ8ImFWcaWMq36XLUOYMBNaBORH?=

=?Windows-1252?Q?0z1ukX/YWUmmrx3s/0sUsI9E5hW8yQ+nSQcTpbL4aOXVFZS4RufzgGBQ?=

=?Windows-1252?Q?nMie5jBzuk8g5OwkSwib5gZpFKZFtKpe7MejTFSe9X5vpNY2VQRrMb0I?=

=?Windows-1252?Q?2nC0j3F1fPxt+SNx/GjxgkQj2VJbp+fv6i0SZ88bq847GdP8/+z0BWRo?=

=?Windows-1252?Q?6Dxb1D9vVzHsPF0kl0oKLWlvB4H6p4K+yT3T563gZ5s7TACDDMPfNA0/?=

=?Windows-1252?Q?5aUC/OKe1LFWfg=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?U7Bhqee5iE6hSIJ1hpU3sKQ4EMfRSbdNk9S0rmpWq+65hv+qbtPGjGv3?=

=?Windows-1252?Q?qceLN8AiNgv9iSfYvQ9h7IJTTwZIVH+mIQxfnFxcITZq/2rKBxnu954W?=

=?Windows-1252?Q?Xv3pNv1t1kP1OYCqnMDqSehAkm52qKpAlN1pu8146Xufz4IQVG2hac98?=

=?Windows-1252?Q?ccr/roVSSBAGHEMBwebTFx3ATq1YN3/weiEbHCJtEnvOMQO4AVL0SIzf?=

=?Windows-1252?Q?pWluRhoQNBuQBO6xHolS+REksMP3dDAlQYT3HoFV/K2KTfAQc5Qhheew?=

=?Windows-1252?Q?nEjOMiZsv3CC8eB8L5twMYvwvrS451eZ5BmhYlBBCqnAJnEIW58So8E5?=

=?Windows-1252?Q?HhcIURIeCV8BPSd9xiQayKpImsBnWCj1Iw5L5ghYwaZntpoaMFJX1PTR?=

=?Windows-1252?Q?ogwr3zTLUklndi62HfiyoBRmYhCZ8cL62/8gn4dRSBwUfYEXA4xin9eJ?=

=?Windows-1252?Q?u1OoL3tSr9ueGLEYzPwOBOd9nJi4PXA61foyqXdRoDZiowh2nriZ7aak?=

=?Windows-1252?Q?BjwX4ZIAUkmJLfqIAWwQrq1SblHXByIKVBfFu9WnC1yPIKZX5E/Ckh7m?=

=?Windows-1252?Q?lKdqs6Rd5sH+bGrBpZBySSChLxaa9Lg03PxqYtWuk6p6ZHZR6ZvFjwH9?=

=?Windows-1252?Q?Ar2HX00M+hfUq82/sPB9yBp13zekedlLeE1WNTnU59+4VtqYtNr3lohK?=

=?Windows-1252?Q?V3sn3ki2wAKoJJX1ZyLn6l0lAvF/GXcrI+6rlGswvHFln7WUsqTIDcMp?=

=?Windows-1252?Q?dpS7xFvUcN/D1uOnMp7J3B0CAJyJkPUZ9e7dbVI3zBuGeOBMZqFDBsp0?=

=?Windows-1252?Q?A6bKxU+AT+lIHPxkZHYc/l+KfhUrE3dbrJSUExEXz9aEJwkKZlQKHYA9?=

=?Windows-1252?Q?wNL5IeeucpE/DrRJJI9vZwBxlJIhdrVJjC/xDF7bsrpzm5TM6Fay7O2n?=

=?Windows-1252?Q?c4wJ4Ve3eONP+jjx44W/+ORJTPLtYwV8yjPbL/SZiN0ruLzlGWDzuypD?=

=?Windows-1252?Q?/2cQwZWnBNUL3YokWDI7bFJKgRfbtmL0SpVrZWvdweUTeBZb3ASc6dfy?=

=?Windows-1252?Q?51H4C6HJP4/FCGq6UMwYDmPGtkkw00Q/QK9DCNHleKf6KHhYiR/hA67h?=

=?Windows-1252?Q?9AYC9WvLlG1NnsUocRoZ7egSVzh55M6GUy8ThB9ZBwEl17Pdj/U3h93p?=

=?Windows-1252?Q?4gV7J6p8Rod4txHn0DsSaSBdboPcj6k4lxc6hJ3LqkY8k1gSR0bRITLB?=

=?Windows-1252?Q?+UE1N37NXPnyo4bwbj2JuPH5YnOYbRGZHAJ99xq51m0lNueq0lfwNwcf?=

=?Windows-1252?Q?vffnfbelYzN7STVE1s6tWoAoSQ5sJ+1ppeBNGysRp0qoCsKbJ0cM6+El?=

=?Windows-1252?Q?U/Sv3N8gBkaKgC/90BPRSR5nJSMkQIHaX44=3D?=

Content-Type: multipart/alternative;

boundary="_000_KU2PPFD50CD05E47F8718B1C16C221B60E6C8E3AKU2PPFD50CD05E4_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: KU2PPFD50CD05E4.apcprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: e3542e3f-84b3-4dbd-3e32-08de04fd26e6

X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2025 17:24:05.8913

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR04MB7584

--_000_KU2PPFD50CD05E47F8718B1C16C221B60E6C8E3AKU2PPFD50CD05E4_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

Hi there,

I checked your website and believe your business has great potential.

I=92d love to send you a SEO proposal to help improve your website and get=

it on the first page of Google.

May I send a quote .? if interested

Sincerely,

--_000_KU2PPFD50CD05E47F8718B1C16C221B60E6C8E3AKU2PPFD50CD05E4_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

252">

, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"el=

ementToProof">

Hi there,

, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"el=

ementToProof">

I checked your website and believe your business has great potential.=

, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"el=

ementToProof">

I=92d love to send you a SEO proposal to help improve your website an=

d get it on the first page of Google.

, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"el=

ementToProof">

May I send a quote .? if interested

, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"el=

ementToProof">

Sincerely,

color: rgb(0, 0, 0);" class=3D"elementToProof">

--_000_KU2PPFD50CD05E47F8718B1C16C221B60E6C8E3AKU2PPFD50CD05E4_--

Cloud credential phishing from Google Gmail

Posted by Dave Yadallee on Monday, October 6. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 06 Oct 2025 14:33:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5rt1-00000000NvQ-2EF1

for dave@doctor.nl2k.ab.ca;

Mon, 06 Oct 2025 14:32:47 -0600

Resent-From: The Doctor

Resent-Date: Mon, 6 Oct 2025 14:32:47 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vs1-f69.google.com ([209.85.217.69]:56452)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v5mor-00000000OFs-27Lu

for doctor@netknow.ca;

Mon, 06 Oct 2025 09:08:12 -0600

Received: by mail-vs1-f69.google.com with SMTP id ada2fe7eead31-59d4df51326so8144195137.0

for ; Mon, 06 Oct 2025 08:07:22 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1759763236; x=1760368036; darn=netknow.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=q43teUcZ12Y4bneMNvR2wllyKYg1rPClyMHvi/OQTDU=;

b=fK9TscfVOAv0+U7jep1szu4NDxJgkvdoFwhDKxm3YJukAj7T3OSe1iH1DO0nOZUwQL

g+zgEPZSQqE+pl7f6h9Z2a9WFzODagLsZ0wXnIk/i7mEPYNbproMWrpaL6N0jHDaKkIk

+IgJrQuh0lYXud9wu/MrAUDD2kAgVQQzNAg85vYo+/hlV7tUfkdyr53sXdMF94w0pbqb

rpcfhGyvC0/9C7CtUXW5Vsx8U057ZJJYWJyiU8C3A0/mFwMJknBEGDRuUfbXy7mRcCsb

eXQ51d6ObZAjRHkpPsAo8y/FT7z8dWAnjZSbIXiRiLDcfU1eydgPCnmtj5LXKakuRwnX

6ilw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1759763236; x=1760368036;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=q43teUcZ12Y4bneMNvR2wllyKYg1rPClyMHvi/OQTDU=;

b=ikjnIYFk5pOjJvKvLBSvAXK04Mj/JKq09317q/FMQLI9IIm5ISmo6MxTGj+zIxX4Hd

ud7UFAUpZ0UmzRYfdX9JfKK8h9GFuCFoNBUD0ZV4wUV4//IXs3sSIlFUvFqHX78HZnEl

9vQR07lehuDXxBblXyfBBe3izuNX/P4kCfLSMvveuzHLOCI8O7pDyldsctpqcBOW8Qta

nqCdkMS6sI0q9u3grNUpZBoxSzn6KGn3M5IYImBtIgc7caUS8OBUgE/GEk3WT2fzAmxv

T6vVE7NhLGKGbvvI3Lu2GEzqwD9tgO6TZXQ9lr1a7XCOKnXLW1rH2LbX4zsIFR0gmmpU

wIHA==

X-Gm-Message-State: AOJu0Yw2rmIsisXK3BQrolY++vjO+qoaWkwjtnm54hTEfxekFR2MNaBN

wZv5Jela9ixkF0TB9hs7Y2F7/ZAhXOrtU2x/4aPJNBPYFZLnxLMOALmnByOQ9MOmjaap+vrrSBl

O/BYhOnwFqw==

X-Google-Smtp-Source: AGHT+IEqrxp1DINv4cwKbG4Wbny6zDh+SA5rysztoEWPIyYJLCJRPbgBmUZ0Muk7pzc0D7vdNCh2/ShrpxfPK80=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:952:b0:529:bfd2:382a with SMTP id

ada2fe7eead31-5d41d1344bamr5166715137.32.1759763236243; Mon, 06 Oct 2025

08:07:16 -0700 (PDT)

Message-ID: <00000000000095cf3706407ece95@google.com>

Date: Mon, 06 Oct 2025 15:07:16 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Update=3A_Your_Cloud_Storage_Is_Almos?=

=?UTF-8?Q?t_Full_=E2=80=93_Secure_Your_Files_Now?=

From: Cloud Notifications

To: doctor@netknow.ca

Content-Type: multipart/alternative; boundary="00000000000095cf2d06407ece92"

X-Spam_score: 7.7

X-Spam_score_int: 77

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Check Your Storage! Is It Reaching Full Capacity? Important

Alert Without sufficient storage, your new photos, videos, and documents

may no longer sync with the Cloud, and existing data may become inaccessible.

Content analysis details: (7.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

2.1 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: cloudstorage-benachrichtigung6.eblink6.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Update=3A_Your_Cloud_Storage_Is_Almos?=

=?UTF-8?Q?t_Full_=E2=80=93_Secure_Your_Files_Now?=

--00000000000095cf2d06407ece92

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

Q2hlY2sgWW91ciBTdG9yYWdlISBJcyBJdCBSZWFjaGluZyBGdWxsIENhcGFjaXR5Pw0KDQoNCg0K

DQoNCkltcG9ydGFudCBBbGVydA0KDQoNCg0KDQpXaXRob3V0IHN1ZmZpY2llbnQgc3RvcmFnZSwg

eW91ciBuZXcgcGhvdG9zLCB2aWRlb3MsIGFuZCBkb2N1bWVudHMgbWF5IG5vICANCmxvbmdlciBz

eW5jIHdpdGggdGhlIENsb3VkLCBhbmQgZXhpc3RpbmcgZGF0YSBtYXkgYmVjb21lIGluYWNjZXNz

aWJsZS4NCg0KDQoNCkNvdW50IGRvd24NCg0KDQoNCkJhY2t1cCBEZXZpY2UNCg0KDQoNClZSIHNl

dA0KDQoNCg0KDQpSZWNvbW1lbmRhdGlvbg0KDQoNCg0KQmFjayB1cCBZb3VyIEltcG9ydGFudCBG

aWxlcyBhbmQgUGhvdG9zIFRvZGF5DQoNCg0KDQoNCkRvbid0IGxldCB5b3VyIENsb3VkIHN0b3Jh

Z2UgcmVhY2ggaXRzIG1heGltdW0gY2FwYWNpdHkuIFdlIHJlY29tbWVuZCB5b3UgIA0KY2hlY2sg

eW91ciBzdG9yYWdlIHNwYWNlIHRvIGVuc3VyZSBpdCBuZXZlciBiZWNvbWVzIGZ1bGwuIFRvIGF2

b2lkIGxvc3Mgb2YgIA0KaW1wb3J0YW50IGZpbGVzLCB5b3UgY2FuIGJvb3N0IHlvdXIgZGV2aWNl

J3Mgc3RvcmFnZSBzcGFjZSB3aXRoIGFuIGVuaGFuY2VkICANCnBsYW4uDQoNCg0KDQpHRVQgTU9S

RSBTVE9SQUdFIEhFUkUNCg0KDQoNCklmIHlvdSBwcmVmZXIgbm90IHRvIHJlY2VpdmUgZW1haWxz

IGxpa2UgdGhpcywgeW91IG1heSB1bnN1YnNjcmliZQ0KwqkgMjAyNS4gQWxsIHJpZ2h0cyByZXNl

cnZlZC4NCg0KDQoNCkZvbGxvdyB1cyBvbiBzb2NpYWwNCg0KDQoNCmZhY2Vib29rIHR3aXR0ZXIg

bGlua2VkaW4gaW5zdGFncmFtDQoNCg0KDQpUbyByZWNlaXZlIHRoZSBsYXRlc3QgZGVhbHMNCg0K

DQoNCg0K

--00000000000095cf2d06407ece92

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

rn:schemas-microsoft-com:office:office" lang=3D"en">

0">

padding: 0; -webkit-text-size-adjust: none; text-size-adjust: none;">

cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; ms=

o-table-rspace: 0pt; background-color: #000000; background-size: auto; back=

ground-image: none; background-position: top left; background-repeat: no-re=

peat;">