PayPal Phish from Microsoft Outlook Part 3

Posted by Dave Yadallee on Tuesday, March 3. 2026

"0" >

line-height:13pt; color:#000;">

"0" border=3D"0" width=3D"100%" style=3D"" dir=3D"ltr" lang=3D"en">

=20

x; color:#333;">

Tha=

nks for verifying your RileySnyder@Tamra707.onmicrosoft.com account!

x; color:#333; font-weight: bold">

You=

r code is: 882488

Segoe UI', Tahoma, sans-serif; font-size:14px; color:#333;">

Sincerely,

Segoe UI', Tahoma, sans-serif; font-size:14px; font-style:italic; color:#33=

3;">

P=C3=A0ym=C4=97nt h=C3=A5=

s b=C4=97=C4=97n c=C5=8Fnf=C3=ACrm=C4=97d fr=C5=8Fm y=C5=8Fur P=C4=81y_P=C3=

=A5l USD 799.99 Pl=C4=97=C3=A5s=C4=97 r=C4=97vi=C4=97w =C3=A5cc=C5=8Funt d=C4=

=97t=C3=A5=C3=ACls.C=C5=8Fnt=C3=A5ct f=C5=8Fr H=C4=97lp 18304603867.

=20

tom:1px solid #e3e3e3;">

e3;">

top" colspan=3D"6" style=3D"border-bottom:1px solid #e3e3e3; padding:20px 0=

;">

ing=3D"0" border=3D"0" width=3D"585">

g=3D"0" border=3D"0" dir=3D"ltr" lang=3D"en" style=3D"margin-right:30px;">

:'Segoe UI', Tahoma, sans-serif; margin:0px 0px 0px 5px; color:#666; font-s=

ize:10px;">

Info">

Microsoft Corpo=

ration

|

One Microsoft W=

ay Redmond, WA 98052-6399

This message was se=

nt from an unmonitored email address. Please do not reply to this message.

AndLegalLinks" style=3D"color:#0072c6;">

s://privacy.microsoft.com/en-US/privacystatement" id=3D"PrivacyLinkAnchor">

Privacy

|

ps://www.microsoft.com/en-US/servicesagreement/" id=3D"LegalLinkAnchor">

Legal

=20

passwordreset.microsoftonline.com/images/1_MSLogo.png" />

e3;">

tom:1px solid #e3e3e3;">

KDBTBPEODKFAAVO7YL24JF2SSZDL2YJCMIZZFY5NRFH2XNZ664MWKAMISKUVNWUZ3CGD4FUZIPH=

U6JVTZIQQZUI6ZFTGFKO4V3QHP765FC6VHDI4CMXJHTHQI5TAYBUVDSIDBLHCHYQGZBFINI&i=3D=

AIAAD5KA3NWVYKTVNVVTH6PV44BUXHQTAGRRLXCQ4BYKI624ACYWJXH6KETVBVL7EW6ULCEUCCX=

OJUME2USC4LLZKDOJ5D5AVN5QBE7XD3NDLL2T5SR7KPJTQRJTF7QW6R3OYNSX7DK33L2ILP4X7G=

XF7FF52LT63FKSWLVJREXDCQI56323TJZFY2J4MCYRRCQBDDGQBKLBPUCU5YF3YLU55BDIHEANQ=

4FEC6VEAHNM6I6SV6CAYZD3CYKDCM26TVAI4WWX6SNPZRBKHFPYDJCTXO4WU4A' width=3D'1'=

height=3D'1' tabindex=3D'-1' aria-hidden=3D'true' alt=3D'' />

=

PayPal Phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on Tuesday, March 3. 2026

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

[40.93.23.2 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.23.2 listed in dnsbl.ahbl.org]

[40.93.23.2 listed in dnsbl.ahbl.org]

[40.93.23.2 listed in dnsbl.ahbl.org]

[40.93.23.2 listed in dnsbl.ahbl.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.23.2 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.23.2 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.23.2 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.23.2 listed in dnsbl.ahbl.org]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[40.93.23.2 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

2.1 MIXED_ES Too many es are not es

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.2 TVD_PH_SUBJ_META1 Email has a Phishy looking subject line

Subject: {SPAM?} =?utf-8?b?UMOgeW3El250IGjDpXMgYsSXxJduIGPFj25mw6xybcSXZCBmcsWPbSB5xY91cg==?=

=?utf-8?b?IFDEgXlfUMOlbCBVU0QgNzk5Ljk5?=

=?utf-8?b?IFBsxJfDpXPElyByxJd2acSXdyDDpWNjxY91bnQgZMSXdMOlw6xscy5DxY9udMOlY3Q=?=

=?utf-8?b?IGbFj3IgSMSXbHA=?= 18304603867. account email verification code

w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 =09 P=C3=A0ym=C4=97nt h=C3=A5s b=C4=97=C4=97n c=C5=8Fnf=C3=ACrm=C4=97d fr=C5= =8Fm y=C5=8Fur P=C4=81y_P=C3=A5l USD 799.99 Pl=C4=97=C3=A5s=C4=97 r=C4=97vi= =C4=97w =C3=A5cc=C5=8Funt d=C4=97t=C3=A5=C3=ACls.C=C5=8Fnt=C3=A5ct f=C5=8Fr= H=C4=97lp 18304603867. account email verification code 

dir=3D"ltr" lang=3D"en">

=20

der=3D"0" dir=3D"ltr" lang=3D"en" style=3D"border-left:1px solid #e3e3e3;bo=

rder-right: 1px solid #e3e3e3;">

:1px solid #e3e3e3;">

border-bottom:1px solid #e3e3e3;">

:1px solid #e3e3e3; border-bottom:1px solid #e3e3e3;padding:12px 0;">

Light; font-size:18pt; color:#ffffff; font-weight:normal;">

=20

"#FFFFFF">Verify your email address

;border-bottom: 1px solid #e3e3e3;">

der=3D"0" dir=3D"ltr" lang=3D"en">

n=3D"2" style=3D"border-bottom:1px solid #e3e3e3; padding:10px 0 20px;"> =09

PayPal Phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on Tuesday, March 3. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 03 Mar 2026 09:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxSgK-00000000Oyr-3fTd

for dave@doctor.nl2k.ab.ca;

Tue, 03 Mar 2026 09:33:12 -0700

Resent-From: The Doctor

Resent-Date: Tue, 3 Mar 2026 09:33:12 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-westus3azacs10201002.outbound.protection.outlook.com ([40.93.23.2]:16856 helo=PH0PR06CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxS6g-00000000NJX-3x32

for doctor@doctor.nl2k.ab.ca;

Tue, 03 Mar 2026 08:56:29 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=mMuydaIbi7RDPTTo682xneZMn/W6paYl7KSMhP8h+Wg8UdzWOuE+cUDvP+ToP5iqhJU3izfK/AFdNxLoQ6kiRCfdlGHchQn7bRI1gy9YlA8KgwYqx2qX0OiNW5494VH6tUF1q3E5GSqm64ng/FAtU8w6ODVCqgaG33GZDFP6CIu6XVb0kRungRF8q2cNv2DNGx9ugSkT2I+umwwr8iyA/3aqyVZwRHyB74mnNO3VifEI1Cs2OMAb7s3pi0WOVE4yd4yqy30X8QNgxYdKQj00uqVQfQkvReD4xvQXQ5bFeu96kEcgANeb4112QA+aGl/pG2/gfeWmYk4EgrQ0lJ/9Lw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=P4oMGZgQYy/rB3rqk5a3uWsgBTugoYpo5eR1EqtMmQ0=;

b=LQ1+DzObBpEsMSRZgnleITN6Dy9DKkXjv/OI8EzoZ5Nx7f2v5RAP3BYdMJeC37T6pIel80dkxDqx9gclaaYcSf8GH8Smttc/ltkeDiA2GwlSLGXcEumIO0GiLi/2P3/L9DFkj+kl48UQTw8+NG7XTY7Nzlk7VaKvlxXO4QsWyIyL0V1IdBkX0z4epfHcm2252IhQZizRB9eTkYcdkXI3z/k18NW7CoPxTnRwEd52hNxC19HLK1iYFpbKQCg2eYBpfedrJI7KsBiUUtPa0j3fYUfAs/A5WS4OHH/YK+K3iVBKJ1XBbOQ+49Ay9DqJlocU973Vdfv8SlOvk3qrsknbMQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

Received: from substrate.office.com (2603:10b6:208:40b::22) by

IA0PR10MB7273.namprd10.prod.outlook.com with HTTP via

DM6PR21CA0011.NAMPRD21.PROD.OUTLOOK.COM; Tue, 3 Mar 2026 15:55:28 +0000

DKIM-Signature: v=1; a=rsa-sha256; d=microsoftonline.com; s=s1024;

c=relaxed/relaxed; t=1772553328; h=from:to:cc:subject:date:messageid;

bh=P4oMGZgQYy/rB3rqk5a3uWsgBTugoYpo5eR1EqtMmQ0=;

b=X9bm2xdP7maeWTYD6uUU5oJW6W8R6XnSBzW/rfw5cX4/yzachoHBka7DSCdBvwEEDJZrt7Cwohm

PIQh5v368VXYVZTzLgTmzV9Vvlhnh5JhGErf+yG74F2dS4rU1Jgibs/mfne9l3/fUr8oYnqKwXL2v

76FiUUpWu5m2103LfQ4=

From: msonlineservicesteam@microsoftonline.com

To: doctor@doctor.nl2k.ab.ca

Subject: =?utf-8?b?UMOgeW3El250IGjDpXMgYsSXxJduIGPFj25mw6xybcSXZCBmcsWPbSB5xY91cg==?=

=?utf-8?b?IFDEgXlfUMOlbCBVU0QgNzk5Ljk5?=

=?utf-8?b?IFBsxJfDpXPElyByxJd2acSXdyDDpWNjxY91bnQgZMSXdMOlw6xscy5DxY9udMOlY3Q=?=

=?utf-8?b?IGbFj3IgSMSXbHA=?= 18304603867. account email verification code

Date: Tue, 03 Mar 2026 15:55:28 +0000

Message-ID: <[3bf39d65777947caadd340374ee344ce-JFZGS42DN5WW25LONFRWC5DJN5XFA3DBORTG64TNFVIHE33EFVBEYMSQPREUCTKTKNIFE7CTKNIFERLNMFUWY7CFPBXVG3LUOA======@microsoft.com]>

X-MS-Iris-MetaData: =?utf-8?q?{=22Type=22=3Anull=2C=22Fields=22=3A{=22InstanceID=22=3A=223bf39d65-7779-47ca-add3-?=

=?utf-8?q?40374ee344ce=22=2C=22ActivityID=22=3A=2261a8712e-038c-40ac-9963-271f5f541?=

=?utf-8?q?585=22}}?=

MIME-Version: 1.0

X-TsbHttpDeliveryResponseType: Success

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

X-MS-PublicTrafficType: Email

client-request-id: 3bf39d65-7779-47ca-add3-40374ee344ce

request-id: 3bf39d65-7779-47ca-add3-40374ee344ce

X-MS-TrafficTypeDiagnostic: IA0PR10MB7273:EE_ICP

X-MS-Exchange-SenderADCheck: 0

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam:

BCL:0;ARA:13230040|3109299003|69100299015|7149299003|7049299003|61400799027|376014|4076899003|8096899003|54012099003|15920700032;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?UVBzRG9YVVZFbWJyODdZUmhxdzR3VVB5U0xmVmJLU1k3NXNlSWdnNDRhR01r?=

=?utf-8?B?YXkvcm1leTB6QU9obkIzZmZ3UWd0RUsvOUpJdjBpdFJ5RE5XY3ljMC9GVXRF?=

=?utf-8?B?VEZLdFdicGQxcGN2UjBYTmpNL296SGFueCsveFY4eENhV3EzOHhLN21PRXp4?=

=?utf-8?B?MnlDWGcydVNDbGZpeW84Q05XeTdRZFdoaEZTUjQ4bnZLOC8xWWRxQlVaOGNi?=

=?utf-8?B?VnJzbjdnMURBVEYrZE00ZVhWMDdjZEJmTm1GbWdHdlNpUkgwcmEyekRJVFlW?=

=?utf-8?B?c2VmRy9seXpzWTM5OUhoOGRPU2lRTDluRUhxN0xpNHVTUzJuTjhKUFhJckpw?=

=?utf-8?B?KzZsUXNBbmxTK25zQjJlVDBVSm1qM2NiUXpMbzhVSnlpV1IxbkZjSG9NM2ta?=

=?utf-8?B?MGwzRjFQYk5ONDJld3NBaUJSWFV0VTcvbmtKU1lkeVdHRkdDM09nZWwzRnpP?=

=?utf-8?B?TDJsUUt6NENjS1RJV1FiOG96L284MzUreDlqMEt6cFBKOUFvRGtyWFowTVNY?=

=?utf-8?B?NmxtS2VLYTJaMEZuRW4xUEMvT0E2UzB0QWFDVVJMdzMrNVRrU2hFRmNzSFE3?=

=?utf-8?B?cHVKYld5SmN3UmZEd292WGp0bXRROEtQWEZIcFZDTHZRSDh6RVU2N0lNSUg2?=

=?utf-8?B?NEhySXBudGthVDZzRDM0TTN2bGhuMHJwVGdqSTd1ZytjTUhGYzV2QmJBWDBV?=

=?utf-8?B?dzBGNzRrdlNzb1IybmJyMFYwOXd1Q1pUTkdhU2d0NCtZb2Ria2ZwM2pBZWtU?=

=?utf-8?B?SkFHSmFsdURNVVhPUUk0bW16ZDlJeml2b0JPblZ3dWZKVmIzMGU5WGF3M0gy?=

=?utf-8?B?VVlNVjNaMk0vajUvRHY2N1FvSjR2SjBjMVlUM2tZV0RXQklGbHdPamI5Q3Az?=

=?utf-8?B?cFArZytML2FlQTZ3STZJaFlVVjdaQ0JidXNjY0o1ZE1SUml3REF6T3NIeW1x?=

=?utf-8?B?USs2c2tuS25BNU94UmJKL1R4RWRwVFVhSFJXbUwwRjZ1Z1FpVUZmdjVrMnBN?=

=?utf-8?B?N2F1RlJobjF6RXNBTWg5SzZxdEQ0ZjBDK004WXJqZ3F4S0d3TkkrUktsQlFH?=

=?utf-8?B?RURkNGNBWUh3SE1qVU9YaEpOTWFUR1FTbGVudkdzUWZDZnVrQ1BxTkM2TVVT?=

=?utf-8?B?czZrOEFiNHUrTkJ4ZkhCTmhpZ3Q2bU5KUkNOZmVldHE0dEFrVERkTFRwcVNQ?=

=?utf-8?B?bEVXYUxzdzhELy9zSFRwUnhpd1RnV3UreWI2VDJnNWlrZnZwemhZaHJ1L1dk?=

=?utf-8?B?b3hVaXZaMVJGR0lUc3Z4ejZhV0NkdE5Wb0hXYTdVMHdPVkxvVWFtMUZsSVRP?=

=?utf-8?B?YWtxeW81MUltWTR5ZWhQVjZXMkdxcER1TXJZOFJVNEtmQy94U1d0Rytkdkhm?=

=?utf-8?B?ZnE1a21KeG51K2p0YVRVZGZlOUFLM2NGZU5QVUJ6Slo2NVR1U3FYVFJnbFBG?=

=?utf-8?B?REcyVGhYRTRiUjY0TDdqR2RYRkF2bUx5NHNqekVhOU1QSUtnb0NuQVB4TXRl?=

=?utf-8?B?Y0h3eGQ3c1U4UnpCRU5kUGhheXJqR1ZPS0VNSUY3ZFROd0dFbStWMTBFZEM3?=

=?utf-8?Q?YIi34r2QSDVjJb/m2wW11gNfk=3D?=

X-Forefront-Antispam-Report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:8;SRV:;IPV:NLI;SFV:SPM;H:;PTR:;CAT:OSPM;SFS:(13230040)(3109299003)(69100299015)(7149299003)(7049299003)(61400799027)(376014)(4076899003)(8096899003)(54012099003)(15920700032);DIR:OUT;SFP:1020;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

S+czWdW16DJK63JLeVBTCvoZDXNWoA+ba4OBzPjuP1eRL7hstjLRaIpKir4tdwwfbgmiov4svocxNqvkB54yCQXEYj8R493xBkzVUW5PTnbMKdStpUYeGoFcVz0dVS7pWOh3uhVyk1KQ07OnN2LiTD1Xgt9Fvu3a9myb95/bK+mvs1Ts86hbn5g12pZz3RoVY33VxGRtJgew6bUQ9gt5/GrTk9hKrx3SZSdlmlTrZ+x8XAKsL1oNmF3Iwc31o+Q9qGL+OOVD1PW9E7YwWCZyMmuYRi9g0OCsziBS7cGk9uyu9jN/esJeX2sdcfE//LTGjo2KdZvKVCjOcdSaChV05EkA4wwz/kmc73SVSXzsG8ggQC9EVWVh5Q/cLIaFpZrn15JywK96oph5ogHG23ozMMbNcrD04ICI7ZlmuOJhQu8U/qf6HFzVVmdzrcET8lC8VjHaAFiFbmvYxkRmXn3z9QJlf1gFQsVzhBhpWGw6Fuet2mcOLsCVfHoSm6NKgKt+z6MdjyzK2mrTcADYVxjCKRbGAbjt5oNohgebupWOsLWq0Ie4PcOOSyfr/5TcKZ3MHOtmBnw+5u4+9rCrouU9R1fOCGucuwj2CC5FDlhixHchsntKLjt19DFz8uAkSupYO1mcitCKCk03mFjn7ghllnx54/6zW3IrlOTSXv7at/efzoXJrkeBSpARJLYoSfwUlxfQszgdl4qeqprEJ3bHtZAdr4M/il2jPHLiKLYk4m8voeva+iZDWGwbrpaJ3KMZcP7kNq2lZVJ78JgMsp5hk3uy0Z4GBksGGnmUu7xDnwkwdLmngsD79MEYU6UKQtcTy8VhuVXQrcGwtzKwi8cRAA==

X-OriginatorOrg: ideasprod04.microsoft.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: HttpSubmission-IA0PR10MB7273

X-MS-Exchange-CrossTenant-Id: 411ca7db-1b8b-4c3e-8589-e4ea7d89aaf9

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2026 15:55:28.1321 (UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id:

243bd456-5770-4816-298a-08de793d4a68

X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR10MB7273

X-Spam_score: 9.8

X-Spam_score_int: 98

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: PÃ ymÄ—nt hÃ¥s bÄ—Ä—n cÅnfÃ¬rmÄ—d frÅm yÅur PÄy_PÃ¥l

USD 799.99 PlÄ—Ã¥sÄ— rÄ—viÄ—w Ã¥ccÅunt dÄ—tÃ¥Ã¬ls.CÅntÃ¥ct fÅr HÄ—lp 18304603867.

account email verification code Verify your email address Thanks for verifying

your RileySnyder@Tamra707.onmicrosoft.com account!

Content analysis details: (9.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:40b:0:0:0:22 listed in]

[will-spam-for-food.eu.org]

DHL Phish Part 4

Posted by Dave Yadallee on Tuesday, March 3. 2026

Thank you for using On Demand Delivery.

D‌H‌L‌ ‌E‌x‌p‌r‌e‌s‌s‌ ‌-‌ ‌E‌x‌c‌e‌l‌l‌e‌n‌c‌e‌.‌ ‌S‌i‌m‌p‌l‌y‌ ‌d‌e‌l‌i‌v‌e‌r‌e‌d‌.

D‌H‌L‌ ‌G‌r‌o‌u‌p

2023 © D‌H‌L‌ ‌I‌n‌t‌e‌r‌n‌a‌t‌i‌o‌n‌a‌l‌ ‌G‌m‌b‌H‌.‌ ‌A‌l‌l‌ ‌r‌i‌g‌h‌t‌s‌ ‌r‌e‌s‌e‌r‌v‌e‌d‌.

style='display:inline-block;padding:10px 20px;font-size:13px;color:#777;

text-decoration:none;border-radius:4px;border:1px solid #ddd;'>

Unsubscribe

ID #yVXPG6z1cDRzLRiehQCxxqoIOh

DHL Phish Part 3

Posted by Dave Yadallee on Tuesday, March 3. 2026

To ensure a smooth delivery, we kindly request you to update your address as soon as possible.

DELIVERY INFORMATION

Waybill No.	9779802484
Status	On Hold
Reason	Incomplete Address
Shipper's Reference	N/A

Update Your Shipping Address

DHL Phish Part 2

Posted by Dave Yadallee on Tuesday, March 3. 2026

=20

=20

=20

DHL Phish Part 1

Posted by Dave Yadallee on Tuesday, March 3. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 03 Mar 2026 07:21:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxQcA-000000004UV-371W

for dave@doctor.nl2k.ab.ca;

Tue, 03 Mar 2026 07:20:46 -0700

Resent-From: The Doctor

Resent-Date: Tue, 3 Mar 2026 07:20:46 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [109.94.209.180] (port=47712 helo=vps.hasanboy.uz)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxPgv-000000000Xi-3JYk

for root@nk.ca;

Tue, 03 Mar 2026 06:21:47 -0700

Received: from test_portal_user by vps.hasanboy.uz with local (Exim 4.93)

(envelope-from )

id 1vxPg2-002uYU-F7; Tue, 03 Mar 2026 14:20:42 +0100

To: root@nk.ca

Subject: =?UTF-8?B?QWN0aW9uIG5lZWRlZDogT04gSE9MRCAjOTY2MTM2MQ==?=

From: á´…ÊœÊŸ (á´É´-á´…á´‡á´á´€É´á´…)

To: root@nk.ca

Reply-To: test_portal_user@test-portal.uz

Date: Tue, 03 Mar 2026 14:20:42 +0100

Message-ID:

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

X-Mailer: PHP/8.0.30

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

X-Spam_score: 13.2

X-Spam_score_int: 132

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Action Required ACTION REQUIRED: YOUR SHIPMENT IS ON HOLD

Hello, Your Dâ€ŒHâ€ŒLâ€Œ â€ŒEâ€Œxâ€Œpâ€Œrâ€Œeâ€Œsâ€Œs shipment with waybill

number 9779802484 is currently on hold due to an incomplete address. To ensure

a [...]

Content analysis details: (13.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

[109.94.209.180 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[109.94.209.180 listed in dnsbl.ahbl.org]

[109.94.209.180 listed in dnsbl.ahbl.org]

[109.94.209.180 listed in dnsbl.ahbl.org]

[109.94.209.180 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[109.94.209.180 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[109.94.209.180 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[109.94.209.180 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[109.94.209.180 listed in dnsbl.ahbl.org]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

2.3 MANGLED_DEALS BODY: mangled deal(s)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 URI_TRUNCATED BODY: Message contained a URI which was truncated

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

3.0 UNICODE_OBFU_ZW_MANY Heavily obfuscating text with hidden characters

Subject: {SPAM?} =?UTF-8?B?QWN0aW9uIG5lZWRlZDogT04gSE9MRCAjOTY2MTM2MQ==?=

Action Required

Nigerian spam

Posted by Dave Yadallee on Tuesday, March 3. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 03 Mar 2026 07:20:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxQaq-000000004LX-0zkn

for dave@doctor.nl2k.ab.ca;

Tue, 03 Mar 2026 07:19:24 -0700

Resent-From: The Doctor

Resent-Date: Tue, 3 Mar 2026 07:19:24 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.transip2.ca-it.dk ([136.144.203.208]:46372)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxJis-00000000AT3-0JhZ

for doctor@nl2k.ab.ca;

Mon, 02 Mar 2026 23:59:23 -0700

Received: from 172.94.9.71 (unknown [172.94.9.71])

by mail.transip2.ca-it.dk (Postfix) with ESMTPSA id CB08221249

for ; Tue, 3 Mar 2026 07:57:31 +0100 (CET)

Message-ID: <9A60396C04D0FE5D8184CD70B433D1A5@172.94.9.71>

Reply-To: "Pual Samaniego Maxi"

From: "Pual Samaniego Maxi"

To:

Subject: GOOD MORNING TO YOU!!!

Date: Mon, 2 Mar 2026 22:57:28 -0800

Organization: Maxi Law

MIME-Version: 1.0

Content-Type: text/plain;

format=flowed;

charset="windows-1251";

reply-type=original

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Windows Live Mail 15.4.3538.513

X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513

X-Spam_score: 34.1

X-Spam_score_int: 341

X-Spam_bar: ++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings, How are you? Please accept my apologies if my email

does not meet your personal ethical standards. I would like to introduce

myself and this business opportunity to you. My name is Barrister Rual Samaniego

Maxi of Integrity Law Firm London, I am the personal lawyer of my deceased

client who bears the same surname as you.

Content analysis details: (34.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[172.94.9.71 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

[136.144.203.208 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[136.144.203.208 listed in dnsbl.ahbl.org]

[136.144.203.208 listed in dnsbl.ahbl.org]

[136.144.203.208 listed in dnsbl.ahbl.org]

[136.144.203.208 listed in dnsbl.ahbl.org]

[172.94.9.71 listed in dnsbl.ahbl.org]

[172.94.9.71 listed in dnsbl.ahbl.org]

[172.94.9.71 listed in dnsbl.ahbl.org]

[172.94.9.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[136.144.203.208 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[136.144.203.208 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[136.144.203.208 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[136.144.203.208 listed in dnsbl.ahbl.org]

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[172.94.9.71 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[172.94.9.71 listed in sbl-xbl.spamhaus.org]

[172.94.9.71 listed in sbl-xbl.spamhaus.org]

[172.94.9.71 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[136.144.203.208 listed in bb.barracudacentral.org]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[136.144.203.208 listed in sa-accredit.habeas.com]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[136.144.203.208 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.2 STOX_REPLY_TYPE No description available.

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[paulsmaxi108(at)gmail.com]

0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

2.5 MILLION_USD BODY: Talks about millions of dollars

2.5 HK_SCAM_N2 BODY: No description available.

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[136.144.203.208 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[136.144.203.208 listed in bl.score.senderscore.com]

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 HK_SCAM No description available.

0.5 MONEY_NOHTML Lots of money in plain text

2.0 WINDOWS_7BITS Windows charset announced as 7 bit

1.0 MONEY_BARRISTER Lots of money from a UK lawyer

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

1.9 STOX_REPLY_TYPE_WITHOUT_QUOTES No description available.

2.0 FSL_HELO_BARE_IP_2 No description available.

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} GOOD MORNING TO YOU!!!

Greetings,

How are you? Please accept my apologies if my email does not meet your personal ethical standards. I would like to introduce myself and this business opportunity to you.

My name is Barrister Rual Samaniego Maxi of Integrity Law Firm London, I am the personal lawyer of my deceased client who bears the same surname as you.

I am contacting you regarding an unclaimed financial inheritance claim related to your surname. I want to know if we can work together as a team.

I want you to act as the next of kin of my deceased client who has an account worth $16.5 Million USD at a financial institution.

My deceased client died without any registered next of kin and therefore the funds now have an open beneficiary mandate. The board of his bank passed a resolution and I have been mandated to nominate his next of kin to pay this fund or the fund will be forfeited to the bank as unclaimed property.

Fortunately, since you share the same surname as my deceased client, it will be very easy for me to make you his official next of kin.

If you are interested, please let me know so I can give you full details on what we are to do.

Thanks,

Best Regards,

Barrister Pual Samaniego Maxi

180 Tottenham Court Road London, W1T 7PD.United Kingdom

The Law is Our Business

Valve electric actuator spam from China Alibaba Part 2

Posted by Dave Yadallee on Tuesday, March 3. 2026

Hello Si=

r ,

Ar=

e you searching for high-performance, cost-effective actuator solutions with f=

aster delivery for your critical valve controls? Perhaps you have long relied =

on AUXX or RoXXXX brands but are now facing supply chain uncertaint=

ies, lengthy lead times, or seeking more competitive cost optimization.=

As a leading=

manufacturer specializing in the R&D and production of industrial actuato=

rs, we professionally provide reliable products that can directly replace majo=

r brands, helping your operations maintain efficiency, reliability, and profit=

ability.

x"> Why Choose Us as Your Strategic Partner?

<=

p>

style=3D"width: 704.27pt;" height=3D"332" width=3D"939" cellspacing=3D"0" cel=

lpadding=3D"0" border=3D"0">

353"/>
e=3D"height:54.00pt;" height=3D"72">
tr>
d style=3D"width:439.50pt;" width=3D"586" class=3D"et5">

gn: center;">
e: small; background-color: transparent;">Torque range from 50N=C2=B7m to 20,0=

00 N=C2=B7m. Enclosure protection up to IP67/IP68,

font-family:times new roman;font-size:12px">

> suitable for extreme tem=

peratures, corrosive environments,

r;"> and potentially hazar=

dous areas

ight=3D"76">
le=3D"height:15.75pt;" height=3D"21">
e=3D"height:15.75pt;" height=3D"21">

ACTION REQUIRED: YOUR SHIPMENT IS ON HOLD
Hello,
Your D‌H‌L‌ ‌E‌x‌p‌r‌e‌s‌s shipment with waybill number 9779802484 is currently on hold due to an incomplete address.
4pt; width: 264.75pt;" width=3D"353" height=3D"72" class=3D"et2"> "font-family:times new roman;font-size:12px">Seamless Replacement & Broad = Compatibility	th=3D"586" class=3D"et3"> 12px">Our products are designed to be compatible with the mounting dimensions,= interfaces, and control protocols of brands like AUXXand RoXXX.
; height: 51pt;" height=3D"68" class=3D"et4"> new roman;font-size:12px">Superior Performance & Reliability
s=3D"et4">Advanced = Intelligent Control	ss=3D"et5"> t;times new roman"; font-size: small; background-color: transparent;">Sup= ports multiple communication protocols: Profibus DP, Modbus RTU, HART,<= /div> text-align: center;"> Foun= dation Fieldbus. IoT modules with remote monitoring and predictive > nt;"> maintenance functions are optionally available. =
center; height: 56pt;" height=3D"74" class=3D"et4"> :times new roman;font-size:12px">Significant Cost & Lead Time Advantages span>	=3D"text-align: center;"> t;; font-size: small; background-color: transparent;">While offering equal or = better quality, we provide more competitive pricing "font-family:times new roman;font-size:12px"> "> and shorter lead times = (typically 2 weeks for standard products), n: center;"> effectively h= elping you reduce Total Cost of Ownership
15.75pt;" height=3D"21" class=3D"et4"> an;font-size:12px">Certificate	r;" class=3D"et6">C= E / SIL / Ex d II C T4 Gb / Ex tb IIIC T130=C2=B0C Db
5.75pt;" height=3D"21" class=3D"et7"> n;font-size:12px">Industries Served:	r;" class=3D"et8">O= il & Gas/Power Generation/Water & Wastewater/Chemical/ Pharmaceutical/= Marine etc.

<=

img src=3D"https://pic2.ziyuan.wang/user/Emmmma/2025/11/FCC_6237633d35e64.jpg"=

/>

an style=3D"font-family:times new roman;font-size:12px">We ha=

ve successfully provided smooth upgrade solutions for numerous global clients =

to replace AUXX or RoXX, ensuring sys=

tem performance while optimizing supply chains and reducing costs.

<=

p>

Thank you for y=

our time. We look forward to discussing how we can provide the optimal solutio=

n for your specific application needs.

y:times new roman;font-size:12px">

y:times new roman;font-size:12px">best regards

"font-family:times new roman;font-size:12px">

"font-family:times new roman;font-size:12px">lucy =EF=BC=88WhatsApp=EF=BC=9A+8=

615022134315=EF=BC=89

font-size:12px">

Valve electric actuator spam from China Alibaba Part 1

Posted by Dave Yadallee on Tuesday, March 3. 2026

Ledger Security Phish from Google Gmail Part 3

Posted by Dave Yadallee on Tuesday, March 3. 2026

Dear
=3D"color: #0b0b0b; font-weight: 600;">doctor@nk.ca,

esponsive dark-mode-text-secondary" style=3D"margin: 0; padding: 0; color: =

#4a4a4a; font-size: 16px; line-height: 1.7; font-family: -apple-system, Bli=

nkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

Our records indicate that your Ledg=

er device is running an outdated firmware version. To keep your digital ass=

ets secure, please complete the mandatory firmware update by the deadline b=

elow.

This update contains critical secu=

rity enhancements that help protect your device and maintain safe access to=

your funds.

=20

=20

e-height: 32px; font-size: 0;">

=20

lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">

0;">

" target=3D"_blank" rel=3D"noopener" class=3D"btn-responsive dark-mode-btn"=

style=3D"display: inline-block; background-color: #0b0b0b; color: #ffffff;=

text-decoration: none; padding: 12px 40px; border-radius: 8px; font-weight=

: 400; font-size: 17px; min-width: 100px; text-align: center; font-family: =

-apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sa=

ns-serif;">

>Update Now

=20

e-height: 40px; font-size: 0;">

=20

=20

e-height: 20px; font-size: 0;">

=20

style=3D"margin: 0; padding: 0; color: #6a6a6a; font-size: 16px; line-heigh=

t: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto,=

Helvetica, Arial, sans-serif;">

Thank you for taking prompt action to keep =

your device safe and reliable.

=20

: 1px; background-color: #e9e9e9; border: 0; margin: 0; padding: 0;"> =

dding: 28px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">

d.wikimedia.org/wikipedia/commons/thumb/f/f0/Ledger-logo-long.svg/1280px-Le=

dger-logo-long.svg.png" alt=3D"Ledger" width=3D"117" height=3D"39" />

=20

size: 13px; line-height: 1.7; font-family: -apple-system, BlinkMacSystemFon=

t, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; margin-top: 16px;">

Ledger SAS

1 rue du Mail, 75002 Paris, Fra=

nce

=C2=A9 2026 Ledger. All rights =

reserved.

=20

=20

--000000000000f09247064c161b8c--

Ledger Security Phish from Google Gmail Part 2

Posted by Dave Yadallee on Tuesday, March 3. 2026

xt-size-adjust: 100%; -ms-text-size-adjust: 100%;">

=20

ng=3D"0" border=3D"0" style=3D"width: 100%; background-color: #f5f5f5; min-=

width: 100%;">

20px 0; background-color: #f5f5f5;">

=20

" cellspacing=3D"0" border=3D"0" align=3D"center" class=3D"main-table" styl=

e=3D"width: 100%; max-width: 600px; background-color: #ffffff; border-radiu=

s: 0;">

=20

dding: 40px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

=20

margin-right: auto;" src=3D"https://upload.wikimedia.org/wikipedia/commons=

/thumb/f/f0/Ledger-logo-long.svg/1280px-Ledger-logo-long.svg.png" alt=3D"Le=

dger" width=3D"255" height=3D"85" />

=20

e-height: 40px; font-size: 0;">

=20

e-height: 20px; font-size: 0;">

=20

ry" style=3D"margin: 0; padding: 0; color: #4a4a4a; font-size: 16px; line-h=

eight: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Rob=

oto, Helvetica, Arial, sans-serif;">

Ledger Security Phish from Google Gmail Part 1

Posted by Dave Yadallee on Tuesday, March 3. 2026

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 22:03:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxHu5-000000002Nu-2xKJ

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 22:02:41 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 22:02:41 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f70.google.com ([209.85.222.70]:58460)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxGEh-00000000Nzc-0VlG

for doctor@nk.ca;

Mon, 02 Mar 2026 20:15:58 -0700

Received: by mail-ua1-f70.google.com with SMTP id a1e0cc1a2514c-94de965f29fso6770718241.0

for ; Mon, 02 Mar 2026 19:15:08 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1772507702; x=1773112502; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=AbdfpzATrunnwDtAPn8y/p3nxoOMSOmu2ciDi4li4YQ=;

b=Lfz4pRVP2gOqLNJ9Wxzz8s71BjXbaZt6jHcl3MN8XEnxyzGPn50SheP+BMtu+jRCtt

9H5QZerXqd/YeOBLekYvCeDmi79GKrOERzSDwaW6grBDNNh5/zva9ZFtGw6nokrcrxzx

2m6nP13EJJ4pHsBq1OFfOaphjGK+HqSwCO4iv30B9+BFU0H8GfqeKu8Sw+iGm0rWSWkU

ldE2/B3vfFn435GerZKzvTexybqHuZZwAWP4w9Nm1bD6RE30KI1UaAzRE4Bnnlr6iMnP

DyIVX54YF7eV2jDd8VomTpgymhSurpLp2jQ0ZDv7yje7XwWDICJXAWqSIZuiOHT31V0i

kOlw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772507702; x=1773112502;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=AbdfpzATrunnwDtAPn8y/p3nxoOMSOmu2ciDi4li4YQ=;

b=JMaWCh7yMbU7h7D86cY2NnhJQYPndmNLeMd8d/hutMPMb3DIBuOc/L0I12tkZ6d13G

DU5aNgSbvnMhLOjopQOy9Yn6X9iJ3Gj5yzftIF+j5oe3EpnFO2qdXsLOhYxTkjMm8C+R

QDZT5nAgZYNkE9Es+P5LOurAJkbxjXL20iYT7wjGWYcL3Mh+Sjjkj1t/34yB4GkNtVbI

pUFE0PowiR39q36Uwo36xmY+ViNZTntSza978+6FLcoz626xLCYq6ndShWfsif8nfw1C

+rDOwabZNOmQQmoFVIFHVXVo2pXosgukUloPJWfYrh0g9DTkHnDDl14ubx5aXQ667+Bg

wZxQ==

X-Gm-Message-State: AOJu0YyGHehkF88G32MEbyYmjXIlBkht6t/4G9Y+6kW6vscx0un1jE6w

sML64yLNowtLfkjj7jyrYJlWHoghGdk+ChZfbwD+DvjgbRCtYUz0ngnu7tkAynF5VFXuKD1JgwL

5P6Zv4QPdrg==

MIME-Version: 1.0

X-Received: by 2002:a05:6102:c4e:b0:5ee:a38a:ebf6 with SMTP id

ada2fe7eead31-5ff324dc836mr4930752137.20.1772507702005; Mon, 02 Mar 2026

19:15:02 -0800 (PST)

Message-ID: <000000000000f09259064c161b8f@google.com>

Date: Tue, 03 Mar 2026 03:15:02 +0000

Subject: =?UTF-8?Q?Security_Update_Needed_=E2=80=94_Please_Act_Now?=

From: Ledger

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="000000000000f09247064c161b8c"

X-Spam_score: 9.3

X-Spam_score_int: 93

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Ledger Dear doctor@nk.ca, Our records indicate that your Ledger

device is running an outdated firmware version. To keep your digital assets

secure, please complete the mandatory firmware update by the deadline below.

Content analysis details: (9.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.70 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.5 DEAR_EMAIL BODY: Message contains Dear email address

2.4 ACT_NOW_CAPS BODY: Talks about 'acting now' with capitals

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.70 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

Subject: {SPAM?} =?UTF-8?Q?Security_Update_Needed_=E2=80=94_Please_Act_Now?=

--000000000000f09247064c161b8c

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

TGVkZ2VyDQoNCg0KRGVhciBkb2N0b3JAbmsuY2EsDQoNCg0KT3VyIHJlY29yZHMgaW5kaWNhdGUg

dGhhdCB5b3VyIExlZGdlciBkZXZpY2UgaXMgcnVubmluZyBhbiBvdXRkYXRlZCAgDQpmaXJtd2Fy

ZSB2ZXJzaW9uLiBUbyBrZWVwIHlvdXIgZGlnaXRhbCBhc3NldHMgc2VjdXJlLCBwbGVhc2UgY29t

cGxldGUgdGhlICANCm1hbmRhdG9yeSBmaXJtd2FyZSB1cGRhdGUgYnkgdGhlIGRlYWRsaW5lIGJl

bG93Lg0KDQpUaGlzIHVwZGF0ZSBjb250YWlucyBjcml0aWNhbCBzZWN1cml0eSBlbmhhbmNlbWVu

dHMgdGhhdCBoZWxwIHByb3RlY3QgeW91ciAgDQpkZXZpY2UgYW5kIG1haW50YWluIHNhZmUgYWNj

ZXNzIHRvIHlvdXIgZnVuZHMuDQoNCg0KVXBkYXRlIE5vdw0KDQoNClRoYW5rIHlvdSBmb3IgdGFr

aW5nIHByb21wdCBhY3Rpb24gdG8ga2VlcCB5b3VyIGRldmljZSBzYWZlIGFuZCByZWxpYWJsZS4N

Cg0KDQoNCg0KDQoNCkxlZGdlcg0KDQoNCkxlZGdlciBTQVMNCjEgcnVlIGR1IE1haWwsIDc1MDAy

IFBhcmlzLCBGcmFuY2UNCg0KwqkgMjAyNiBMZWRnZXIuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQoN

Cg0KDQoNCg0K

--000000000000f09247064c161b8c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

" />

=3D1.0" />

AAA Emergency Road Kit Phish from Microsoft Outlook Part 7

Posted by Dave Yadallee on Tuesday, March 3. 2026

Time	Primary Activity
8:00â€“8:40	Morning Operations Brief
8:40â€“9:20	System Diagnostics Review
9:20â€“10:00	Record Management Updates
10:00â€“10:20	Team Pause Interval
10:20â€“11:00	Operational Status Assessment

STAFF REFERENCE INDEX

Role	Name	Division	Status	Contact
Coordination Supervisor	Harper Lane	Operations	Active	harper[at]lane
Technical Evaluator	Mason Ortiz	Systems	Active	mason[at]ortiz
Outreach Specialist	Avery Kim	Communications	On Leave	avery[at]kim

*This summary is automatically generated for reference.

--_3e3b4aa1-e54f-49e3-959f-9e8fd3e3f004_--

AAA Emergency Road Kit Phish from Microsoft Outlook Part 6

Posted by Dave Yadallee on Tuesday, March 3. 2026

London â€”

On a rainy afternoon in London, Yin Xiuzhen sits under a canopy of red, pink, purple and orange garments stretched over a steel frame. From inside, the carpeted dome, complete with rugs and cushions, makes a vibrant sanctuary. From the outside, the structure, which stands next to a large mirror, resembles a human heart. Together, they form â€œA Heart to Heart,â€ an almost 25-foot-tall installation created specifically for the first major survey of the Chinese artistâ€™s work in the UK.

â€œI think itâ€™s very important for people to be able to sit down and talk through their hearts,â€ Yin said, dressed in a matching brown shirt and trousers with floral embellishments, ahead of the showâ€™s opening. â€œIn this era, communication between every individual is very important. As we all know, we are living in a chaotic, volatile world.â€

"Introspective Cavity" (2008) is meant to revive memories of being in the womb, according to the artist.

Courtesy the artist/Beijing Commune/UCCA

Named after the new work, the exhibition â€œYin Xiuzhen: Heart to Heart,â€ at Londonâ€™s Hayward Gallery, explores three decades of the artistâ€™s practice. It brings together several of her most significant and notably large projects, many of which have been shown at leading institutions including the Museum of Modern Art (MoMA) and the Guggenheim in New York, as well as biennials and museum exhibitions across Europe, Asia and the US.

Yinâ€™s ongoing international success is something of an anomaly. â€œIf you look at Chinese contemporary art, all the big artists are mostly men, and a lot of them are painters,â€ said Yung Ma, a senior curator at the gallery, who has known her for over 10 years. â€œI donâ€™t think there are many female artists of her generation still working today, at least not on that level.â€

"Dress Box" features a collection of the artist's own worn clothing â€” ranging from childhood to adulthood â€” sealed inside a wooden trunk with concrete.

Courtesy the artist/Beijing Commune

Born and raised in Beijing, and initially trained in oil painting, the artist has been constructing artworks from used clothes for more than three decades. The first came in 1995, when she created â€œDress Box,â€ an installation and video piece, for her first solo exhibition at a now-defunct contemporary art museum in the Chinese capital. In the work, Yin placed her own garments, collected over 30 years, into an old wooden trunk made by her father. She then filled the trunk with cement, â€œencasing all these memories into one,â€ as Hayward Gallery assistant curator Hannah Martin put it. A neatly folded pink shirt remains visible on top, guarding the stories hidden beneath.

An accompanying photo series, â€œMy Clothes,â€ put the 32 items sealed within the trunk into perspective, offering context for each oneâ€™s significance. When Yin was growing up, her mother worked in a garment factory, where she would buy offcuts to sew into fresh items designed by Yin herself. â€œI always call clothes a second layer of skin,â€ Yin said. â€œClothes bear the inference of our cultural background.â€

The artist has moved on from solely using her own clothes and now acquires garments in a multitude of ways. â€œI collect different clothes from different groups of people to symbolize the collective consciousness of different groups,â€ Yin said, noting how her formative years, which include coming of age amid the chaos of Mao Zedongâ€™s Cultural Revolution, exposed her to a staunch prioritization of joint, rather than individualistic, identity. In China, valuing â€œthe individual over the collective was considered a shame,â€ she explained.

In "Collective Subconscious" (2007), a 1990s Beijing minivan is bisected and reconnected by a 14-meter-long, textile-covered tunnel. Here, reclaimed clothing is used to evoke memory, addressing China's rapid modernization, shared urban experiences, and the nostalgia of the "dream" to own a car.

Courtesy the artist/Beijing Commune

Both Yin and the exhibitionâ€™s curator point to her 2007 work â€œCollective Subconscious (Blue),â€ in which a type of minivan known as a â€œmianbaocheâ€ (literally translating to â€œbread vanâ€ in Chinese due to its loaf-like appearance), is extended along the center using various items of clothing, creating a large-scale installation that viewers can sit inside.

Introduced to the country in the 1980s, a time when few people had cars of their own, the minivan was an inexpensive option that allowed growing numbers of Chinese people to take to the roads. The vehicles were often used as taxis or for freelance businesses. â€œIt was a symbol of progression,â€ Ma said. â€œHaving a vehicle like that was meant to embody some sort of entrepreneurial spirit and tied into the capitalist development of China.â€

But Yin also remembers how Beijing became almost unrecognizable in the early- to mid-1990s. Cycling through the city to work as an art teacher, she recalled passing â€œthrough countless hutongs (traditional alleyways) and old city streets.â€ On her return, she said she would often discover that the buildings had disappeared. In her 1996 piece â€œRuined City,â€ she covered popular Chinese furniture and clay roof tiles in dry cement powder, evoking a demolition site.

Yin Xiuzhen's "Thought" (2009) is made from salvaged materials like old clothing.

Courtesy the artist/Beijing Commune/Pace Gallery

Yin Xiuzhen's "Washing River" addresses environmental pollution.

Courtesy the artist/Beijing Commune

â€œBy 1995 and 1996, with the real estate boom in full swing, entire swaths of hutongs and courtyard houses were being razed,â€ she added. â€œAt the time, many intellectuals, architects and artists called for a halt to the large-scale demolition and construction to protect the ancient capital, but their voices were too weak.â€ The sense of hope offered by Yinâ€™s minivan serves as a stark contrast to the despair of those forced out of their homes echoing through â€œRuined City.â€

Yin also looks beyond China for inspiration. The first installation that visitors to her London show encounter takes a broader look at the urban experience. Atop a reconstruction reminiscent of an airport conveyor belt, Yinâ€™s ongoing â€œPortable Citiesâ€ series recreates miniature cities in discarded suitcases made from items donated by residents of the location depicted. â€œPortable City: London,â€ for example, uses clothes collected from staff at the Southbank Centre, the arts complex that houses the Hayward Gallery. One member even stopped to point out a purple-patterned shirt they had contributed to the piece.

"International Airline," a suspended airplane fuselage constructed entirely from discarded secondhand clothing, serves as a commentary on globalization, consumerism, and the movement of people and memories.

Courtesy the artist/Beijing Commune

â€œPeople in China didnâ€™t really start international travel until the â€˜90s,â€ Ma, the curator, said, highlighting that this was around the time Yin became a professional artist. Yin added: â€œMy first international travel was to Japan, and later the Netherlands. I was at an airport terminal when I saw the conveyor belt, and this idea just came to me.â€

The artwork adds a global perspective, but in â€œA Heart To Heart,â€ Yin is more concerned with matters closer to home â€” her audienceâ€™s hearts and minds. The installationâ€™s heart-shaped form, and the act of talking inside it, are integral to her wider practice. In Chinese, â€œxin,â€ which is commonly translated to â€œheartâ€ in English, can refer to the heart and mind in tandem. While Western thought often separates the two, in Chinese culture, emotion and reason are more deeply intertwined.

Light; font-size:18pt; color:#ffffff; font-weight:normal;"> =20 "#FFFFFF">Verify your email address

Archives

Categories

Syndicate This Blog

Blog Administration

Powered by

NetKnow Navigation

Remote RSS/OPML-Blogroll Feed

Error

addthis

Empire Avenue

Error

Error

Error

Syndicate This Blog

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Light; font-size:18pt; color:#ffffff; font-weight:normal;">

=20

"#FFFFFF">Verify your email address