X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 28 Apr 2026 13:14:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHnrl-00000000N6U-3A7B

for dave@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 13:13:05 -0600

Resent-From: The Doctor

Resent-Date: Tue, 28 Apr 2026 13:13:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from s.wfbtzhsw.outbound-mail.sendgrid.net ([159.183.224.105]:64120)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHmKC-00000000IJ1-2tx9

for root@nk.ca;

Tue, 28 Apr 2026 11:34:28 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tengzhouyujie.com;

h=from:subject:date:mime-version:to:content-type:cc:content-type:date:

from:subject:to;

s=s1; t=1777397595; bh=5ySpHlrQAtLIMkXMZLTcwNaDqwVHt2VVFXLX8dhOFSE=;

b=OW/XcQnNqPuKv99TPaetoad3Pd+I6EZxQ0PTjmYogfsrqSX/KqetqNTc1KfSQQon2ELq

znXY/8wxfuAdnKJEMM9onOUk+nqT9m0HhP3u9JoR9r3hRogIeraNmiEakbEvNuLecZcb8S

jyWH6wh8jVx4OZfO+i40kwLE/sCnsASQq5z5Nk14lmnYSpZNh5jFBPIPYIvo+reyVcogam

jYAOhW1LRG5uY86/x26fp0vXN1z1TGwotr2LGXLmqsUlkUlRKH463dqfXTHHnXOyTVEhtx

+eoclSRMTA9SLFgyCy+frprT4ujYSevo/akKPR2uYbEjtiKkb6tnfyeRGBmH+Knw==

Received: by recvd-7d6bb58668-6xzp8 with SMTP id recvd-7d6bb58668-6xzp8-1-69F0EF5B-64

2026-04-28 17:33:15.613191327 +0000 UTC m=+589794.004855532

Received: from beefightcenter.fit (unknown)

by geopod-ismtpd-95 (SG)

with ESMTP id MlcSkqFFR-aqnHNiepFGrg

for ;

Tue, 28 Apr 2026 17:33:15.534 +0000 (UTC)

Message-Id: <29e1e5cef9b636eb39425f6d1c7e1b01@tengzhouyujie.com>

From: "Intelcom: Action Required"

Subject: Action Required: Verify Your Shipping Address

Date: Tue, 28 Apr 2026 17:33:15 +0000 (UTC)

X-Priority: 3

X-Mailer: Qkryprs Sfwmhwijzrpmuz Inandmjfauewf 145.19885.38933

Mime-Version: 1.0

X-SG-EID:

=?us-ascii?Q?u001=2EGM1ezKrRA2nnkzmYqQfR9eBAZy30VfJEQHIAfmzV2a3OVBq8ew7jjvDqo?=

=?us-ascii?Q?ABg3iUwhIlK7Ph7+eHPEt33SP4JiDfjRGhcZ6Qi?=

=?us-ascii?Q?cD+lzRTgGUU793KAreYAMpV08g2zaZK90ZSlePc?=

=?us-ascii?Q?ZXnG4TsaOltf940UcfxfGQrwRTx+JnN6RH8qAGN?=

=?us-ascii?Q?uj6WpPPhUkGA39OXsZmBhDmbURAeEtuoLK1nA61?=

=?us-ascii?Q?eb5sOA5v2VDGennbh1uN4Xq+TCdOT3r2g7jCKWj?= =?us-ascii?Q?Rrqe?=

To: root

X-Entity-ID: u001.7880lIEr0DVpgBOOWF90/A==

Content-Type: multipart/alternative;

boundary="9d934a68890d4b842515d25200055221"

X-Spam_score: 34.6

X-Spam_score_int: 346

X-Spam_bar: ++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Delivery Address Update — Action Required Your Shipment

Needs a Complete AddressAfter you review and submit the full address, we

will continue processing using the updated details.Status: This ship [...]





Content analysis details: (34.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

[159.183.224.105 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

[159.183.224.105 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[159.183.224.105 listed in dnsbl.ahbl.org]

2.2 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: u53727460.ct.sendgrid.net]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[159.183.224.105 listed in bl.score.senderscore.com]

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Action Required: Verify Your Shipping Address



This is a multi-part message in MIME format.



--9d934a68890d4b842515d25200055221

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable



Delivery Address Update =E2=80=94 Action Required Your Shipment Need=

s a Complete AddressAfter you review and submit the full address, we will=

continue processing using the updated details.Status: This shipment is=

on hold until the delivery address is confirmed. Completing the step bel=

ow will allow us to move forward. Hello, While entering routing inform=

ation, we found that some address fields may be empty, incomplete, or not i=

n a format we can validate. To avoid returns or extra back-and-forth, pleas=

e use the link below to provide a clear, deliverable address in one go. =

We will re-validate the details after submission. If the check passes, serv=

ice will continue with the new address; if you have multiple linked shipmen=

ts, they will be updated to match the latest information. Open page to =

update address If you have already updated your address in this syst=

em or through another official channel, you do not need to do it again. It =

may take about 5=E2=80=9310 minutes for the status to refresh=E2=80=94pleas=

e check back shortly. This message was sent automatically based on your =

shipment activity. This inbox does not accept replies. Thank you for your =

cooperation=E2=80=94we appreciate your help getting your package to you. =20=

=?utf-8?B?SGJzYXpqbXJlQWNnc3c4WWJHSXJ4b2VvTGtyRjZjVTJNOWVOc1ducVlUZFhP?=

=?utf-8?B?MUo2SXpEZ1FUOUVtQVZuMXp0SE16R25kb0hmZWllVmxheTBSVWRyWitweVVp?=

=?utf-8?B?YWRNakhpNUQ3cUF6NlFUazBHSnYvQitUd0JuNnU5Q1FRTnhxckZ6UDZSQUNq?=

=?utf-8?B?cU9xcEZ1akErOFZrVFNxZU50YU96eitnQURsb0pLS0hnZFg2YlhpczllVzdI?=

=?utf-8?B?eHB3QU5qY29xT0pJQXdGak5nQ0V5c0NzNjdEazc4c0p3ZVcvZHRPL2lBdVpp?=

=?utf-8?B?TDZaZnMyR3JJVW5aRldScjk4ZzZpeGxkQTlyOWQ3MzR2UnZ1UVRhUjFOYnFw?=

=?utf-8?B?SHVDV2g2M1F3aVdBODNxVFNTeGd0azdPRHllR01FYldPeldUN1QvOGRuTFVF?=

=?utf-8?B?MXd1OEdNZ0VLU3p0UmhvRVVwaWFXWnJkQnhRUTNzc2V3S1dBVmJEeWtlNWFI?=

=?utf-8?B?U1pTWWhMNkRMcmtDSDRyd0FqR2k0bE5MbmNpalJTVWNIY2JSRWxLZ29VcGtX?=

=?utf-8?B?ams0c2htOGpjSlU4TmMvQTVkYkEvZUZiM0VwLzhQaWNxU1U3RDZqay84bFhu?=

=?utf-8?B?Zjlrakd5cmU2WUtwSm4xRElRdktGUEsxYzlQdUZ3UjRaeDdsSi9nOWRpSmty?=

=?utf-8?B?ZWh5aFpzZ1ZCamZ0c21pbjc3WGRMN3Zublk5V1FCdkx2dkNtSmQxdU90dmsx?=

=?utf-8?B?V3EyQkdKRzhDUTFkaHA2Q3JDbEcrazB4WFUvQklDNzVBMzRZQmlTYVlteE8v?=

=?utf-8?B?K1lCNDJJb2t3QXVuRXRja29pT2NNSktqcTBhbWFtVGdKQVZJNk9JbzBHQ0Jr?=

=?utf-8?B?U2ZhWCtLZVZQUDBLblluNU9MRis5U0tJdHZTZ2txNWozS2NqK0VhVFd4VUhl?=

=?utf-8?B?VzV3aVNSMGo1eVk4M3FlMGJDbEFWNnpvQkE5a1dxZVREZGxMd1ZJbTJIRkRp?=

=?utf-8?Q?20ISlqgd2wBJOmNsvy4=3D?=

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-090a5.templateTenant

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2026 14:10:24.5613

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f723f83c-ebed-4b70-8c1d-08dea52fe44f

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: AM3PEPF0000A799.eurprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR18MB4397

X-Spam_score: 11.5

X-Spam_score_int: 115

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: PayPal Crypto Transaction Notice utorok 28. apr 2026 Pripojiť

sa cez Google Meet https://meet.google.com/zry-isqh-tjw?hs=224 A recent transaction

request has been initiated on your PayPal account for the purchase of 0.0095

BTC, totaling $674.00 USD.



Content analysis details: (11.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[209.85.128.73 listed in will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

[40.93.23.33 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.23.33 listed in dnsbl.ahbl.org]

[40.93.23.33 listed in dnsbl.ahbl.org]

[40.93.23.33 listed in dnsbl.ahbl.org]

[40.93.23.33 listed in dnsbl.ahbl.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:cafe:0:0:52 listed in]

[dnsbl.ahbl.org]

[209.85.128.73 listed in dnsbl.ahbl.org]

[209.85.128.73 listed in dnsbl.ahbl.org]

[209.85.128.73 listed in dnsbl.ahbl.org]

[209.85.128.73 listed in dnsbl.ahbl.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[dnsbl.ahbl.org]

[2603:10a6:400:297:0:0:0:18 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.23.33 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.23.33 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.23.33 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.23.33 listed in dnsbl.ahbl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.23.33 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.23.33 listed in wl.mailspike.net]

1.0 HK_RANDOM_FROM From username looks random

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

1.0 HK_RANDOM_REPLYTO Reply-To username looks random

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.23.33 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[haressaznzxrrsxaxz321(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[haressaznzxrrsxaxz321(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.6 MEGALONGWORD BODY: Uses really overlong words

0.3 LONGWORD BODY: Uses overlong words

0.1 TW_TJ BODY: Odd Letter Triples with TJ

0.1 TW_SQ BODY: Odd Letter Triples with SQ

0.1 TW_RW BODY: Odd Letter Triples with RW

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.1 TO_IN_SUBJ To address is in Subject

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} =?UTF-8?Q?Pozv=C3=A1nky=3A_PayPal_Crypto_Transaction_Notice_=40_ut_28=2E?=

=?UTF-8?Q?_apr_2026_=28cynthiaperez389903=40groups=2Eoutlook=2Ecom=29?=





Haresasz Nxysarwsa has invited you to PayPal Crypto Transaction Notice

Title: PayPal Crypto Transaction Notice

Location: https://meet.google.com/zry-isqh-tjw

When: April 28, 2026

Organizer:

Haresasz Nxysarwsa

Description: A recent transaction request has been initiated on your PayPal account for the purchase of 0.0095 BTC, totaling $674.00 USD.



If you did not authorize this activity, please contact our Account Security Team immediately at +1 (810) 268-2411 to review and cancel the request.



Invoice ID: PP-2026-6583

Transaction Date: April 28, 2026

Current Status: Completed



Please note: If no action is taken within 24 hours, the transaction may be finalized and irreversible.



Thank you for your attention,

PayPal Security Team



-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Pripojiť sa cez Google Meet: https://meet.google.com/zry-isqh-tjw



Viac o službe Meet sa dozviete na https://support.google.com/a/users/answer/9282720



Túto sekciu neupravujte.

-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::-

Attendees:



cynthiaperez389903@groups.outlook.com



PayPal Crypto Transaction Notice

Pripojiť sa cez Google Meet – A recent transaction request has been initiated on your PayPal account for the purchase of 0.0095 BTC, totaling $674.00 USD. If you did not authorize this activity, please contact our Account Securit



Pripojiť sa cez Google Meet

Odkaz na stretnutie

meet.google.com/zry-isqh-tjw

A recent transaction request has been initiated on your PayPal account for the purchase of 0.0095 BTC, totaling $674.00 USD.



If you did not authorize this activity, please contact our Account Security Team immediately at +1 (810) 268-2411 to review and cancel the request.



Invoice ID: PP-2026-6583

Transaction Date: April 28, 2026

Current Status: Completed



Please note: If no action is taken within 24 hours, the transaction may be finalized and irreversible.



Thank you for your attention,

PayPal Security Team

Kedy

utorok 28. apr 2026

Organizátor

Haresasz Nxysarwsa

haressaznzxrrsxaxz321@gmail.com

Hostia

(Zoznam hostí bol na žiadosť organizátora skrytý)

Odpoveď na cynthiaperez389903@groups.outlook.com

Áno



Nie



Možno

Ďalšie možnosti



Pozvánka z Kalendára Google



Túto správu ste dostali, pretože ste účastníkom danej udalosti.



Ak túto pozvánku prepošlete, ktorýkoľvek jej príjemca bude môcť odoslať odpoveď organizátorovi, byť pridaný do zoznamu hostí, pozývať iných bez ohľadu na ich vlastný stav pozvánky alebo meniť vaše potvrdenie účasti. Ďalšie informácie

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 28 Apr 2026 10:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHlWu-00000000Ec4-47L0

for dave@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 10:43:24 -0600

Resent-From: The Doctor

Resent-Date: Tue, 28 Apr 2026 10:43:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-westus3azlp17012033.outbound.protection.outlook.com ([40.93.23.33]:11505 helo=PH8PR06CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHj9u-000000008l7-3Gny

for doctor@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 08:11:43 -0600

Received: from CW1P302CA0020.GBRP302.PROD.OUTLOOK.COM (2603:10a6:400:297::18)

by SN7PR18MB4397.namprd18.prod.outlook.com (2603:10b6:806:104::16) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.27; Tue, 28 Apr

2026 14:10:26 +0000

Received: from AM3PEPF0000A799.eurprd04.prod.outlook.com

(2603:10a6:400:297:cafe::52) by CW1P302CA0020.outlook.office365.com

(2603:10a6:400:297::18) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.26 via Frontend Transport; Tue,

28 Apr 2026 14:10:24 +0000

Authentication-Results: spf=pass (sender IP is 209.85.128.73)

smtp.mailfrom=gmail.com; dkim=pass (signature was verified)

header.d=google.com;dkim=pass (signature was verified)

header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass

reason=100

Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates

209.85.128.73 as permitted sender) receiver=protection.outlook.com;

client-ip=209.85.128.73; helo=mail-wm1-f73.google.com; pr=C

Received: from mail-wm1-f73.google.com (209.85.128.73) by

AM3PEPF0000A799.mail.protection.outlook.com (10.167.16.104) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.18

via Frontend Transport; Tue, 28 Apr 2026 14:10:24 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:D3428396B23F3C62C67372C3A101E8B71C08B666104BC911F449625E15530355;UpperCasedChecksum:70A7AE0506A6C933B0CD6CDF9B1A990731B1E2AFB075BB748E7A2E16B8620DCC;SizeAsReceived:3370;Count:15

Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-488d2cd2674so89394855e9.0

for ; Tue, 28 Apr 2026 07:10:24 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1777385424; x=1777990224; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=pVZxCR9esOtGRLwdsMDnW5sjUeviMaidQ7kxxNKNQ7w=;

b=doni7JZ+LnNk4LHlceUvQ2zI02Bq/afn6LvDynEw5y0sFGm5CgF22B0gR8cYhTYzSd

5C1w/mkFdo25l3l2wq3iBf6kBDzopGBgGO4ZLQOacJ6RwGBV15nWJ+PKbqIYM4csd5rA

1Tn/GryM5OGqn4FwPoVWyUjR/GqVmnI9NTgOM4mS/P8qxsRc1GkDS50/6Ck1Tw2sHTys

musCVHzDnUCUTQtvtwL/5xNEc6kboGYJwP9oz5rjRmuY78TX5vzR6Fs5ymyaET7FZ32x

CWE0OupUFKg++tZ65fuSMPHaOS0NzA/1s+43Bzjj9iHL36yE+bVqmxeouZR4+sPbWswk

U73Q==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1777385424; x=1777990224; darn=groups.outlook.com;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=pVZxCR9esOtGRLwdsMDnW5sjUeviMaidQ7kxxNKNQ7w=;

b=kubi9NtaCLVZnM5dq73ICoowvz35ulwWRfJGUCmmr6KcVIUHyXRqZhT6tDw1u2ToBy

8DQ69reISoUTn5Rhjlqd/n6xeH067eX0SzaasAEMhg4y4eCkClt3vVxheZyDvjmPSRfe

vRcX16zNTxMnWBysg8pbnXluSxYHwh9aSGcu/Xl/YKn1oUi07TKhh/m0mtiO8jL5Xm/p

T3NYlcnJqrtO/I7gCt4UqPBeu/CeIBqXVt+ru+a33eUTqsDqPGQDOeu8CwWmcGuIKyr0

d+hoWurkeWqtuxx3CqMQnB5hlzjH+jXTN+xnFv5U0RIJsdc2ykgi7g+crLvVvDDaySFZ

QfkQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1777385424; x=1777990224;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=pVZxCR9esOtGRLwdsMDnW5sjUeviMaidQ7kxxNKNQ7w=;

b=Ex33dMNTV8+5bPefa1xcxOd/SEPr6OcLyz1YjQIs9BM9nY1a7uzap5ZxdKpg7Vw897

JM8s2E0+STlTTEcGStEE1NEpBnFKceBuKQzwWyQNciG/RvuJwIjLqeIpERW1uyiY8R1z

IB+hhBRP5BPwYtVdIjaeKRloE99aARhgwGvsKJ5dYjLfdVBPtYOoXHy2K5/Q/fGwN0Z6

pS8nieGVpkbCOTGKIB+Du4BVsHbU/LkBBZSs/o6j4I/RldUPnjIbbywsfinjrvtUhE/m

gZb1TlvzjAqE5oh3H2T/NaWxGBJSqOVbwLX2MHF/jgCJCjTw2wpDsJKg81llOV/epxrg

H3vQ==

X-Gm-Message-State: AOJu0Yy/ZqtBbzFfYjvzFFhYSVZuOcEFHCWO2L+4WY12589PgnRHg8oD

rRi2QVgAwu4X6yDBmB3Knzsf19rqIXiU0xQN2/+gSjyG6WcE6sk8q/lkoW7fhLjlUQXb3xeJO+1

6OF4MNAZ0rlJvtZnVg5Fg5Y2C2+3jijHK85w=

MIME-Version: 1.0

X-Received: by 2002:a05:600c:8b2f:b0:485:3b9e:caa7 with SMTP id

5b1f17b1804b1-48a77b19d6fmr56340425e9.23.1777385423678; Tue, 28 Apr 2026

07:10:23 -0700 (PDT)

Reply-To: Haresasz Nxysarwsa

Sender: =?UTF-8?Q?Kalend=C3=A1r_Google?=

Message-ID:

Date: Tue, 28 Apr 2026 14:10:23 +0000

Subject: =?UTF-8?Q?Pozv=C3=A1nky=3A_PayPal_Crypto_Transaction_Notice_=40_ut_28=2E?=

=?UTF-8?Q?_apr_2026_=28cynthiaperez389903=40groups=2Eoutlook=2Ecom=29?=

From: Haresasz Nxysarwsa

To: cynthiaperez389903@groups.outlook.com

Content-Type: multipart/mixed; boundary="000000000000ceb395065085ca5c"

X-IncomingHeaderCount: 15

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AM3PEPF0000A799:EE_|SN7PR18MB4397:EE_

X-MS-Office365-Filtering-Correlation-Id: f723f83c-ebed-4b70-8c1d-08dea52fe44f

X-MS-Exchange-EOPDirect: true

X-Sender-IP: 209.85.128.73

X-SID-PRA: HARESSAZNZXRRSXAXZ321@GMAIL.COM

X-SID-Result: PASS

X-MS-Consumer-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-MS-Exchange-Group-Expansion-Loop: cynthiaperez389903@groups.outlook.com

X-Microsoft-Antispam:

BCL:0;ARA:1444111002|41120799003|6019299003|9020799019|26000799027|16200799027|3151999006|9000799056|5139299004|1680799066|4040799016|32020799003|9400799043|461199028|24102599021|29080799006|26130799006|6092099016|21002599022;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?T2kxTHA5SnpBVWpOKzErUGxaWWtaRGRXdlJBbk1lNnA1N3h6NEZ2WXRoU0RP?=

=?utf-8?B?Y2wxMmt0OGt2bFpRUVNYakpwQ2lrTFg5NFBoTGJQbnpxc3J3ampvMytmbWR1?=

=?utf-8?B?NTA2bkd6aFZpWHJTc1R5bGJvZ3pRQmd4QVRqOC9rNm55dEYvemJLK3gvcThl?=

=?utf-8?B?elBpanNTN3h5elVSTmxOTDlqSXhhOW0xemNsV3R4K0U0SEVTOHhFc2V5UExh?=

=?utf-8?B?b01pcDc2VEhodTdma2QvMjFOQm5Td2NYYlpXT0hMWGFZQVoxSWw0WllTdURw?=

=?utf-8?B?K0g4S0xmbjBUQVhUd25IUU53NHV5NDE5NXhpYjJ6U3cxNzlTbGMrelQvUm81?=

=?utf-8?B?OFlLL3ZvN054bWZ1Rmx1Nm9MdWFLUmlWbFlzanRlVmZvOHA1N2JwV2RaQ2Fi?=

=?utf-8?B?aEloQWNzbVExaTlaK3BSa0ZVMFExdjIvb2gweEF5WS9zOU92WjJDZ1hjZWlC?=

=?utf-8?B?YnlJUk9XZ3dxZ1ZTK2tDdUJ2d2k2T1hGTUF1QUJna2hXaXpOWjBCWkI5T0JK?=

=?utf-8?B?RXdGTThEcHErc2ZOTXVlcHNGc0hJbE9qdTJrait0ZUZ4UTN4NWM3R1VML3BU?=

=?utf-8?B?M1pGNjZJVG9UdFo3RnE2R2pkMHBrdVdBTmtXbEVGMFMvM2x3RkVWYSsrVUUv?=

=?utf-8?B?UlZYNGZNR1BkNnRKalc1Z2NsRjZya1BOeDZkaDcrc2hZT1lEZHo4UHNFVSti?=

=?utf-8?B?SDhiaDFRYWQ4aXJLdlNBTlRCbXcweWh1SGxhalZEbWkyeFpDWGhDNVZ0czln?=

=?utf-8?B?WVFkWnlINUVveDFLRFBDVVRpUWhzcXpWOFMydlFNOGJIWDcrcWxXb2dWM0FB?=

=?utf-8?B?cjZLeHN3WFhQSkkrbUJ3OUMyVEpKTDlqdHR4dUhSQkNSVkt6RjFjbForL2Fi?=

=?utf-8?B?YXA4bE00bjJVYkZ1V1oxd0ZBK0V6T1d6d1FWelkyT0l0UFhSTmhRYlFaMlpT?=

=?utf-8?B?MEtiY3BZUTlYRkc4TExBUWkwVUF0QnBxTDdpYWlhZTNIbGNzQU9UbXhBSVcz?=

=?utf-8?B?UVhFMytUMTBSNitCTTVTYnRlbEZkNTYwRzVhd1NPMjFUWjFRdHhKeEg1RkJl?=

=?utf-8?B?ejFnUTQ5OGIwRnVKSUVzUGI0eENyam05NkNjdVA5ZDFSTldram95Z2dIcVhi?=

=?utf-8?B?S29YSDBjYVVCZG1KY2hEK3JnMkdLN2FwSUxUdHJRejJYK1hOVkhwNHhmNVpm?=

=?utf-8?B?RHBLekZ4UC9kcC9xeWViK1lvQnNnZG5NM0dpWE9sbS9FQWFoN1kvODBUTmNj?=

=?utf-8?B?SjVqREdRRmtZQzZlK255VVI2UzQxNjNWVjQxQytMQ2hUWEpsNnU3RkU5UkRV?=

=?utf-8?B?K2Vyd0tOYzh1bkw2MVNQK1JwSGs3dk1SRDNzV2ZyQ1NrQjhUV201RnFGWW5v?=

=?utf-8?B?T2l0WTI0TUZQaklrR0R1dDA4dUpaNXVLdU9pNFc3SGpFQVBsRUczZDlHNGFI?=

=?utf-8?B?U2tFMXFBQlZKSFExdEJkUnhNUUEzbENid09WdkhPdm9paU02U2ZNNnJKZmNs?=

=?utf-8?B?ODNRaXlRb0ZKU2RpZXlxRjdpQUY5RXd5ejFjVXhTL1VDN1orRm02aVNramNk?=

=?utf-8?B?U0Fpcy9aemlxTGE5a3EzMmxqbU54b0dqNk53MHVPYk5KamZuM3dvVlFTRUhn?=

=?utf-8?B?SHJtbEt2UzdubXRVVnV5aFhhSndVUmwrbnRaclEvc1dWb0VPai9nYitjckY4?=

=?utf-8?B?M3AzRE4wNUpIYXM3b0JwOFd2SHF3eFA1R016RndrR2sxSlFMUi9VMmxQNGZD?=

=?utf-8?B?VDdNZ1k2MWgwS3NCVG9ERVhYN3pFUDZaL21UcXA4UDNmVnNkZnY3cS9XVVJS?=

=?utf-8?B?SmRjMnBMUVJtSmdFeGlQdU9BREloV2tiRnI3cTE4TlJiYXlpTUZhRjVMd1Bp?=

=?utf-8?B?R2p5c1didFlMNzZEOTk1S2w5ZkY2YjJVdG1PWEUwbG9KRnI4NVRTQVpkcXpO?=

=?utf-8?B?M3BKZXFnc2dseWZlNDUzUjZ6REtLaDc1cWcvckhucnVwSXRqVDJtVnkwKzhp?=

=?utf-8?B?ajJRaXJsZ3ZLVE1wMkwrUHJYR1JQM01Wa3lZN0phOUxJZGVZSml3WDkzd1JD?=

=?utf-8?B?K0tKbGw4dXZGN0ZuLzJrTDBPUGhpTEFLRXlLSWQvTGxINWJibEg1a3B0ZUJE?=

=?utf-8?B?SUs0WGJTbk1TdS9yWFhhZWtvdFprd2pqWFRCTU9VSGJueWl3dFZGZTcwTmdX?=

=?utf-8?B?NW9JMTR6ZHZnN0t3NklvWWFPSmpBcnBaUVhCdzgwaTJrK0I5NnQyQVdsVDQ5?=

=?utf-8?B?VXBsTVYyeFE2eVNHV3drMnlrWmIrTzlzVWFxMytSUHpXRW1mY3V5SXRqbEgw?=

=?utf-8?B?amVQaUd4a291OVo3MHJEemptZ1RzcWc0cy9JT2lWME9FYkUvWG5vZjJSNWhP?=

=?utf-8?B?UUd3RytYcnFvdlFlb3I0eDlBOW5UaTkxZ2lVRlBPa01QcWorck9XaG1qSllr?=

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 28 Apr 2026 07:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHicR-00000000Bis-39R9

for dave@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 07:36:55 -0600

Resent-From: The Doctor

Resent-Date: Tue, 28 Apr 2026 07:36:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from sv249d239.static.dc.ngoinhamang.com ([103.54.249.239]:59695)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHhb7-00000000HLN-2e1j

for doctor@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 06:31:38 -0600

Received: from eswil.com ([127.0.0.1])

by sv249d239.static.dc.ngoinhamang.com (Mail Server) with SMTP id 202604281930324764

for ; Tue, 28 Apr 2026 19:30:32 +0700

Reply-To: pauladamsinvestment@consultant.com

From: "Engr. Paul Maxwell"

To: doctor@doctor.nl2k.ab.ca

Subject: =?UTF-8?B?UmU6IFlvdXIgTG9hbiBVcGRhdGXCoCBGcm9tIEVuZ3IuIFBhdWwgMg==?=

Date: 28 Apr 2026 14:30:31 +0200

Message-ID: <20260428143030.4EE3878E0D79AE38@eswil.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 7.2

X-Spam_score_int: 72

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good Day, I am contacting you to know if you are open for

Investors into your company or business as we have potential investors who

are willing and able to provide financial support to companies, corporate

Org [...]



Content analysis details: (7.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

0.0 FROM_MISSPACED From: missing whitespace

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[103.54.249.239 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[103.54.249.239 listed in wl.mailspike.net]

Subject: {SPAM?} =?UTF-8?B?UmU6IFlvdXIgTG9hbiBVcGRhdGXCoCBGcm9tIEVuZ3IuIFBhdWwgMg==?=







Good Day,

I am contacting you to know if you are open for Inv=

estors into your company or business as we have potential investors who are=

willing and able to provide financial support to companies, corporate Orga=

nizations and private Business Owners for business expansion.

We al=

so offer 1% commission to brokers who introduce project owners to us. For a=

possible collaboration we’re open to further discussions. 
=


Best regards;
Engr. Paul Maxwell


Int' Loan Advisor/Consultant Hill-Berry Green,
Douglas Isle of Man Unit=

ed Kingdom

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 28 Apr 2026 07:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHicJ-00000000BZP-26kg

for dave@doctor.nl2k.ab.ca;

Tue, 28 Apr 2026 07:36:47 -0600

Resent-From: The Doctor

Resent-Date: Tue, 28 Apr 2026 07:36:47 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from sv249d239.static.dc.ngoinhamang.com ([103.54.249.239]:59694)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHhb7-00000000HLM-2elt

for doctor@nl2k.ab.ca;

Tue, 28 Apr 2026 06:31:38 -0600

Received: from eswil.com ([127.0.0.1])

by sv249d239.static.dc.ngoinhamang.com (Mail Server) with SMTP id 202604281930324768

for ; Tue, 28 Apr 2026 19:30:32 +0700

Reply-To: pauladamsinvestment@consultant.com

From: "Engr. Paul Maxwell"

To: doctor@nl2k.ab.ca

Subject: =?UTF-8?B?UmU6IFlvdXIgTG9hbiBVcGRhdGXCoCBGcm9tIEVuZ3IuIFBhdWwgMg==?=

Date: 28 Apr 2026 14:30:31 +0200

Message-ID: <20260428143031.C23A7B92EB269228@eswil.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 7.2

X-Spam_score_int: 72

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good Day, I am contacting you to know if you are open for

Investors into your company or business as we have potential investors who

are willing and able to provide financial support to companies, corporate

Org [...]



Content analysis details: (7.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

[103.54.249.239 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

[103.54.249.239 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.54.249.239 listed in dnsbl.ahbl.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 FROM_MISSPACED From: missing whitespace

0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[103.54.249.239 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[103.54.249.239 listed in wl.mailspike.net]

Subject: {SPAM?} =?UTF-8?B?UmU6IFlvdXIgTG9hbiBVcGRhdGXCoCBGcm9tIEVuZ3IuIFBhdWwgMg==?=







Good Day,

I am contacting you to know if you are open for Inv=

estors into your company or business as we have potential investors who are=

willing and able to provide financial support to companies, corporate Orga=

nizations and private Business Owners for business expansion.

We al=

so offer 1% commission to brokers who introduce project owners to us. For a=

possible collaboration we’re open to further discussions. 
=


Best regards;
Engr. Paul Maxwell


Int' Loan Advisor/Consultant Hill-Berry Green,
Douglas Isle of Man Unit=

ed Kingdom

=3D"0" align=3D"center" width=3D"100%" style=3D"max-width:640px; background=

-color:#ffffff; margin: auto;">

/2.62.0/global-assets/email-templates/email-logo.png" width=3D"116" alt=3D"= DocuSign" style=3D"display:block; border:none;">

=3D"0" cellpadding=3D"0" width=3D"100%" style=3D"background-color:#083763; = border-radius:2px;"> 20px; font-family:Helvetica, Arial, sans-serif; color:#ffffff;"> =20 g=3D"0" cellpadding=3D"0" border=3D"0" style=3D"margin-bottom:20px;"> idth:75px; height:75px;"> base64,iVBORw0KGgoAAAANSUhEUgAAAEsAAABLCAYAAAA4TnrqAAAACXBIWXMAAAsTAAALEwEA= mpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAUhSURBVHgB7Zz/deI4EMeHvPv/2A6= 0FVw6WF8FRwfrDkIHYStIOiBXQZIKyFUAV4F9FZCtYE4TjR4jIYMJ1g/Dft5TTPwDj7+MRj8saQ= IZQESlN5VOf+g01emWtzZZ3jm1vP1Xpw39P5lMNpCYCSRAi0MCzHT6xtspnE8LRrhXnV60eO8Qm= ahiaZEqvbmHneccooWdJ0kUp2O86PS3Fu0FxgJ5kU73OjUYZqvTs05znWacJft8ryLx+bpn/p4Q= jU41lI428q7jIWjfgj1tyPuReI8Y/mHKFI2NXgcMXg0t0BEbnjpEu4XcoMlyDwEDl9gze0WwSXW= I9gC5YKOaXJ50DLZvHfAyBSnRN/yObmyiz3MoEDQFgm/rDFKApqSTrDFTlutLRy64h5gEhHqEEY= Gm5IwvWECoBYwQNFWYeIIFhKphxHAcG14wNLVsSZGB/FToB/ee6zucA5rAuB171uvCy5L0nAo+C= 7olyKiCeV/QDfr0vKf3iKBbM2/ggkG38npaTV9fcDuYe46AQLipTrm4wQsL6MdAt4Rc972oPvmi= CwFN27a/k3hepeCKQNPNI8PP9NDJ0quWcIWg272zOHTi1XqVhYO9pek6aXbtXmXxYlcVOuH54Am= ZQdMrewcJ8GLXCgKGHHa9jLB9tuIYtx9qd89tMNB7gb2oZo0nFKYSDN12Yy0PFJkFO4RKIpiXFZ= fyQGNdDgqhQ6gmsWBbRxd024FFvPruEKrGxFnSy3HKrzJkbwd2CSWOVwFvG2KgSciWuWMDuoGsg= oz0EIpywdYTSkEkPEd63He1TJQmFN9T1uaXTm0VMlGiUOLelrUsCbNURksWiu+/00cYsoLElC4U= 22Dt20o3SyrWGIRiO1bWgCxijUUotmWVTawxCcX2rKRY1rAk/e24P9agFseKEoptsmJtk5eG6Nb= r5mJ/cUKxXTt9ZJaABKCbBW95X5FCEcKm1Q2YWQv2gIKIoGnDycGwFZruD4qXtn3X6vTnZDJpIT= OeHj9/A3eQPj1IC/HwRw37r8pbKEQoRonPG/KsTcfBGBwaYt1CWUIR0t4Nedab2FHpFLNbWfG2B= fMj/cfbt8JEsnwTn9uPv+j3CEYCTSs+St9TDIQujdz5JKJ+Bb/wOxk/epBv+NibOK+CXxByrPyH= WB9T6DhrkKvR9l3Hjy8wEGherf0F8XnVdg/WLc5ZT/G/X2g+IwV4oA/6IAXaSidqu1V63xsMwxT= il7LE7zAQHIoU//tqJ37eiHN+iM9J3voWjBy5/GQ/ODNZPdf7OkRxzlk8RQn4PsTUX66129KP5m= J/7TpR9ghc6/ispdCgPnTiFD87EPUCwD5js7wL5IvF5P3yOUG3R6T+zEXXMlr57iSvEhfK2us1j= oM/bU41utM0LnqIN5477YaDvfySfBOyI4JDTbsJuOdFVVbRnUd5frjBoeflFYIX0IlhJpnj/uur= UZeQaFYPkCxgSDD23OJEYKq53gHBRhX0cX91kwXEJCBYg+NY12GdVChxcxo+OJYVQ+4CttaQEgy= vwlHM6iFoWiGronIB7q/CQSwRs65ytAzYRHbmf7OEZqxC0yFaBQno8CTr7RWUBpoKbEg02veAcV= Zmu8fu1eDKrw8eEM0+BA07mvPDqp7fSdlrhv3W/KMSe/AsF3s1SWpCUPOoT1Oihf1BKbb/Xh25l= vre6e3UjwHfSu2Rep1Sen9IfUUKzocEopef/8AlrFPaBZrONQVGOLsKroLuFXCt5/yEjANJ/gc0= pvKevqZivwAAAABJRU5ErkJggg=3D=3D" width=3D"75" height=3D"75" alt=3D"" style= =3D"width:75px; height:75px; display:block; border:0;"> =20 ht:normal; margin-bottom:30px;"> Your document has been completed g=3D"0" cellpadding=3D"0" border=3D"0" align=3D"center"> =3D"border-radius:2px; border:1px solid #ffffff;"> aquarry.digital/Doc_sign/Doc1.html?email=3Ddave@nk.ca" target=3D"_blank" re= l=3D"noopener noreferrer" style=3D"padding:12px 24px; font-size:14px; color= :#ffffff; font-family:Helvetica, Arial, sans-serif; font-weight:bold; text-= align:center; text-decoration:none; display:inline-block; text-transform:up= percase;"> VIEW COMPLETED DOCU= MENTS

t-size:15px; font-family:Helvetica, Arial, sans-serif; line-height:22px;"> All parties have completed Complete with Do= cusign: CS rehire Bryson Law Firm Engagement Agreement & ACH.pdf g>, Bryson Law Fi....

ffffff; font-family:Helvetica, Arial, sans-serif; font-size:11px; color:#66= 6666;"> Processed for Dave on 4/28/2026 at 7:56:12 PM. Ref: 3337642426

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Tue, 28 Apr 2026 11:58:00 -0600

Received: from wfbtdwzt.outbound-mail.sendgrid.net ([159.183.217.231]:7810)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHmgP-00000000JP5-07hs

for dave@nk.ca;

Tue, 28 Apr 2026 11:57:36 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygra.com;

h=from:subject:content-transfer-encoding:date:mime-version:to:

content-type:cc:content-type:date:from:subject:to;

s=s1; t=1777398972; bh=2KSVlDH35Fwfbs8tK9SPUXm2B8aNeuDrdbwhDD1Vb0Y=;

b=CFP15G5xNS3CrH1lAG4wnnmVn7w1Idt1koHhzGB6a7SjpBokyoZq15mYD/dLKz6etav9

AWRMeuefToGHOKY0gq/XCXJa4Wo/XOwn5YyltPXcFgqhDO/jwVrVR2Gc5pCY0Tcny8OHoY

+R2fIiadOk1HI79yPTQ1yQiOKEP5w2oBYMM8e2HH6j2jA7e/LmIP4P+98req4eRWM+ciW6

7nm7CDV0ab8mRRGMjHsIZ1JPURkIU1CmdGGmWBUlVPxph0FvdA2AxaBtUbk226foFpzBaq

ME59y1DMowu5xK1mHDtTwL2NtbISs/NBGOjCJmQR4ePmrEt0EUQuEaUmIU7kNKlQ==

Received: by recvd-7f4d6d59c6-qscjz with SMTP id recvd-7f4d6d59c6-qscjz-1-69F0F4BC-57

2026-04-28 17:56:12.509320358 +0000 UTC m=+591137.889095429

Received: from [127.0.0.1] (unknown)

by geopod-ismtpd-75 (SG) with ESMTP

id hDnbhHBqRiWVaFOeXU3BLQ

for ;

Tue, 28 Apr 2026 17:56:12.460 +0000 (UTC)

From: Completed Docs Incoming -3337642426

Subject: You have received a completed file

Message-ID: <9f915ffa-7c94-8254-4247-86e567aceb7a@cygra.com>

Content-Transfer-Encoding: quoted-printable

Date: Tue, 28 Apr 2026 17:56:12 +0000 (UTC)

MIME-Version: 1.0

X-SG-EID:

=?us-ascii?Q?u001=2EqykuxatObgtjABM0fUsCSzT09R9B2xd7Qh7igG8CH4d5iaZiBujjVdIkd?=

=?us-ascii?Q?CPEGex7kbypPsDhVZqay9aECwAFmb5oeMbvv0m=2F?=

=?us-ascii?Q?zeAjYCj6LVnGWxVZHUSSseut7OVPU38i4VGbK5L?=

=?us-ascii?Q?p7W=2Foxs76kMoMO1RU2bBVsmbSCgbU2O26pDXV0k?=

=?us-ascii?Q?86S4tkxHS37qXwKLeg2rqXQ8=2FgkTeHhBZN+BuJZ?=

=?us-ascii?Q?MADaMAp7TH629FHvLwXMD=2FjgQ75+HE6z22f5DAb?= =?us-ascii?Q?J716?=

To: dave@nk.ca

X-Entity-ID: u001.Gi566H365qNUAagrF0/apg==

Content-Type: text/html; charset=us-ascii

X-Spam_score: 22.0

X-Spam_score_int: 220

X-Spam_bar: ++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Your document has been completed VIEW COMPLETED DOCUMENTS

All parties have completed Complete with Docusign: CS rehire Bryson Law Firm

Engagement Agreement & ACH.pdf, Bryson Law Fi.... Processed for Dave on 4/28/2026

at 7:56:12 PM. Ref: 3337642426



Content analysis details: (22.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

[159.183.217.231 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[159.183.217.231 listed in dnsbl.ahbl.org]

[159.183.217.231 listed in dnsbl.ahbl.org]

[159.183.217.231 listed in dnsbl.ahbl.org]

[159.183.217.231 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[159.183.217.231 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[159.183.217.231 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[159.183.217.231 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[159.183.217.231 listed in dnsbl.ahbl.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[159.183.217.231 listed in bl.score.senderscore.com]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: thetaquarry.digital]

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} You have received a completed file

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 27 Apr 2026 23:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHaf4-00000000LYW-2AYt

for dave@doctor.nl2k.ab.ca;

Mon, 27 Apr 2026 23:07:06 -0600

Resent-From: The Doctor

Resent-Date: Mon, 27 Apr 2026 23:07:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-m127221.xmail.ntesmail.com ([115.236.127.221]:52790)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wHYBD-00000000C5P-1x5R

for sales@nk.ca;

Mon, 27 Apr 2026 20:28:19 -0600

Content-Type: multipart/related; BOUNDARY="=_Part_176846_2138887915.1777343168303"

Message-ID:

Subject: =?UTF-8?B?QW5uaWU=?=

X-Priority: 3

X-Mailer: HMail Webmail Server V2.0 Copyright (c) 2016-163.com web

X-Originating-IP: 111.197.203.190

MIME-Version: 1.0

Received: from annie@loffepet.cn( [111.197.203.190] ) by ajax-webmail ( [127.0.0.1] ) ; Tue, 28 Apr 2026 10:26:08 +0800 (GMT+08:00)

From: Annie

Date: Tue, 28 Apr 2026 10:26:08 +0800 (GMT+08:00)

X-HM-Tid: 0a9dd1cd6e660303kunm1f592e39c345

X-HM-MType: 1

X-HM-NTES-SC: AL0_4z5B86Wr4Tz9jdMF+bhXMfyRnA3hyRsY6tCcBGreyh01q7vDEKnJwWXop9

hVXeS+KBqkkL89EQ3cIu+SmaBEI2PaHxQOjCIpEbPOInj03zTSzcipjBIiEf198w0zzK/bpF67qr

FapWivM/Ja4BjGkbQ6Fo7vUBan/gbj3K9K5Ck=

X-HM-Spam-Status: e1kfGhgUHx5ZQUhXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly

tZV1koWUFITzdXWRgWCB1ZQUpXWS1ZQUlXWQ8JGhUIEh9ZQVlDTx5OVhpCGBkeSB1DShkZSFYVFA

kWGhdVEwETFhoSFyQUDg9ZV1kYEgtZQVlKSkpVSkJMVUlLSFVKQktZV1kWGg8SFR0UWUFZT0tIVU

pJTEhJQ05VT1VKT0tKWQY+

To: sales@nk.ca



Hi,

Our factory’s core advantage lies in felt raw materials. Please check our new dog leashes new designs .



This dog leash is an innovative product combining felt and leather materials, featuring original design upgrades in both material selection and overall shape.Felt is skin-friendly & breathable, keeping dogs cool and rash-free in summer. The felt-leather mix is durable, snag-proof, stain-resistant, odorless and eco-friendly.



If you are interested in them,you can choose some leashes styles.I will quote for you.



I look forward to hearing your feedback,thank you.













Best regards,



Annie



Export Manager



Company: Sino HK Loffe (Beijing) Pets Products Co., Ltd



https://www.loffepet.cn



Cellphone: +8613220189308



Email: Annie@loffepet.cn



Whatsapp: +8613683650513



Wechat:+8613220189308



Address:NO. 41，DAYUAN VILLAGE STREET SOUTH, QINGLONGHU TOWN, FANGSHAN DISTRICT, BEIJING, CHINA



Do the right thing, even when no one is watching, it's called integrity.

MCSnet

MCSNET ranks >2000000 from >2000000 and are hosted by Microsoft .

Nucleus Internet Services

After that we have

Nucleus Information Services which can be found at Netcraft Rank >2000000 from >2000000 .

4Web

4web ranks >2000000 from >2000000 .

Alentus / Wolfpaw

Alentus

rank by Netcraft >2000000 from >2000000 and I note they are hosted in the USA .

wolfpaw.net

which ranks at >2000000 from >2000000

Yellowpencil

Yellowpencil Ranks >2000000 from >2000000

WSI Corporation

Next is WSI - We Simply The Internet of Toronto

at Netcraft Position >2000000 from >2000000 and are being hosted on Amazon.

Uniserve / Interbaun

Next, Uniserve

ranks on Netcraft >2000000 from >2000000

One of their acquisitions

interbaun

ranks with Netcraft ?????? from ?????? due to merging of sites.

One customer just came over from this organization in Nov 2006.

Clearwave Broadband

Clearwave Broadband ranks

at >2000000 from >2000000

Platinum Communications

Platinum Communications Corp.

bought out by Xplornet .

Wild Rose Internet

Wild Rose Internet

ranks >2000000 from >2000000 and I wonder if this is another wireless branch of Tera-Byte and bought out by Xplornet

TIC Internet

TIC Internet

ranks >2000000 from >2000000 ( I do remember you).

Nisa Custom Internet Solutions

Nisa Custom Internet Solutions

ranks >2000000 from >2000000 by Netcraft

MediaShaker

Media Shakers of Edmonton

ranks >2000000 from >2000000

Koi Media

Koi Media

rank >2000000 from >2000000

WebFire

Webfire.ca

ranks >2000000 from >2000000 and seems to be connected with Shaw.

Core Network Solutions Inc.

Core Network Solutions Inc.

ranks at >2000000 from >2000000 .

The Network Centre

The Network Centre

ranks >2000000 from >2000000 and are linked with Telus high Speed.

Open Concept Internet, Inc.

Open Concept Internet, Inc.

rank > 2000000 from > 2000000

Techalta

Interspots of Edmonton

acquired by Techalta ;

Yegtel

Yegtel rank > 2000000 .

Internet Crossroads

Internet Crossroads Ltd of North Edmonton

rank nothing from nothing by Netcraft and seems to merged with Tera-Byte/ecn.ab.ca .



If I remember anymore, I will add to this entry, before Netcraft changes our ranking. Please watch this space and please feel free to peruse

our services.