X-rated spam from OVH Part 2

Posted by Dave Yadallee on Sunday, March 22. 2026

--_=_swift_1774145055_349d1725fa483f57f511ed5f0fa016e7_=_

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

[header-logo]

[https://rosasau.com/index.php/campaigns/xb541dja9ef20/trac=

k-url/ob677nvejyaae/a1b00ade245a24789fd4269a56d81930da23aecf]

=09=09[=

top-banner]

[https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-=

url/ob677nvejyaae/a1b00ade245a24789fd4269a56d81930da23aecf]

=09=09[to=

p-banner]

[https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-ur=

l/ob677nvejyaae/4ac0007b51578558a2be5cd3e770204dc54865a6]

=09=09And s=

ince it=E2=80=99s your

first visit=E2=80=A6

=09=09[card1]

[https:=

//rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/4ac=

0007b51578558a2be5cd3e770204dc54865a6]

=09=09[bottom-banner]

[https=

://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/4a=

c0007b51578558a2be5cd3e770204dc54865a6]

=09=09[footer-logo]

[https:=

//rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b=

00ade245a24789fd4269a56d81930da23aecf]

=09=09[border]

[https://rosa=

sau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade2=

45a24789fd4269a56d81930da23aecf]

=09=09[rta-icon]

[https://rosasau.=

com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a2=

4789fd4269a56d81930da23aecf]

=09=09[asacp-icon]

[https://rosasau.com/i=

ndex.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789f=

d4269a56d81930da23aecf]

=09=09[divider]

[https://rosasau.com/index.=

php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd4269=

a56d81930da23aecf]

=09=09[x-icon]

[https://rosasau.com/index.php/ca=

mpaigns/xb541dja9ef20/track-url/ob677nvejyaae/7c96560f08ae933a07b1e7f4ffbf8=

b46caf49761]

=09=09[facebook-icon]

[https://rosasau.com/index.php/camp=

aigns/xb541dja9ef20/track-url/ob677nvejyaae/f51ce8d459ee2654297c0a3a22321cc=

953939928]

=09=09[telegram-icon]

[https://rosasau.com/index.php/campai=

gns/xb541dja9ef20/track-url/ob677nvejyaae/be0854c0e0d6f2061a3f8cb8da400ce33=

e0a1bb8]

=09=09This website is strictly for adults only! This website=

contains

sexually explicit content. You must be at least 18 YEARS OF AGE=

to enter this website.

=09=09[border]

[https://rosasau.com/index=

.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd426=

9a56d81930da23aecf]

=09=09=C2=A92026 ImLive.com All Rights Reserved=

UNSUBSCRIBE

[https://rosasau.com/index.php/campaigns/xb541dja9ef20/=

track-url/ob677nvejyaae/6daaddc40f50df294910d1f38232602ed5e1bd23]

--_=_swift_1774145055_349d1725fa483f57f511ed5f0fa016e7_=_

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

vice-width, initial-scale=3D1.0">

=09Last chance before she goes offline =E2=8F=B3

gin: auto; font-family: Arial, sans-serif;" width=3D"600">

=09

=09=09

=09=09=09

=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09

=09=09=09

=09=09

X-rated spam from OVH Part 3

Posted by Dave Yadallee on Sunday, March 22. 2026

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09

=09=09=09

=09=09

=09

=09=09=09
le=3D"margin:0 auto; " width=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

"https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejy=

aae/a1b00ade245a24789fd4269a56d81930da23aecf"> 3D"header-logo"

=3D"https://lynkme360.com/email-templated/im_live_two/header-logo.png" styl=

e=3D"display: block;" width=3D"151" />

=09=09=09

=09=09=09
th=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd426=

9a56d81930da23aecf"> 3D"top-banner"

ail-templated/im_live_two/border.png" style=3D"display: block;" width=3D"60=

0" />

=09=09=09

=09=09=09
th=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/4ac0007b51578558a2be5c=

d3e770204dc54865a6"> 3D"top-banner"

ail-templated/im_live_two/top-banner.jpg" style=3D"display: block;" width=

=3D"600" />

=09=09=09

=09=09=09

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

gn: left; color: #ffffff;">And since it=E2=80=99s your

=09=09=09=09=09=09first visit=E2=80=A6

">
l/ob677nvejyaae/4ac0007b51578558a2be5cd3e770204dc54865a6"> 3D"card1=<br

" src=3D"https://lynkme360.com/email-templated/im_live_two/card1.png" width=

=3D"500" />

=09=09=09

=09=09=09
th=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/4ac0007b51578558a2be5c=

d3e770204dc54865a6"> 3D"bottom-banner"

/email-templated/im_live_two/bottom-banner.jpg" style=3D"display: block" wi=

dth=3D"600" />

=09=09=09

=09=09=09
th=3D"600">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd426=

9a56d81930da23aecf"> 3D"footer-logo"

mail-templated/im_live_two/footer-logo.png" width=3D"215" />

=3D"https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nv=

ejyaae/a1b00ade245a24789fd4269a56d81930da23aecf"> 3D"border"

"https://lynkme360.com/email-templated/im_live_two/border.png" width=3D"600=

" />

=09=09=09=09=09=09
=3D"0">

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

x.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd42=

69a56d81930da23aecf"> 3D"rta-icon"

il-templated/im_live_two/rta-icon.png" style=3D"display: block;" width=3D"1=

18" />

x.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd42=

69a56d81930da23aecf"> 3D"asacp-icon"

mail-templated/im_live_two/asacp-icon.png" style=3D"display: block;" width=

=3D"118" />

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=3D"https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nv=

ejyaae/a1b00ade245a24789fd4269a56d81930da23aecf"> 3D"divider"

t=3D"77" src=3D"https://lynkme360.com/email-templated/im_live_two/divider.p=

ng" />

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

x.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/7c96560f08ae933a07b1e=

7f4ffbf8b46caf49761"> 3D"x-icon"

kme360.com/email-templated/im_live_two/x-icon.png" width=3D"34.8" />
td>

=09=09=09=09=09=09=09=09=09=09=09=09

f=3D"https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677n=

vejyaae/f51ce8d459ee2654297c0a3a22321cc953939928"> 3D"facebook-icon=<br

" height=3D"34.8" src=3D"https://lynkme360.com/email-templated/im_live_two/=

facebook-icon.png" width=3D"34.8" />

x.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/be0854c0e0d6f2061a3f8=

cb8da400ce33e0a1bb8"> 3D"telegram-icon"

s://lynkme360.com/email-templated/im_live_two/telegram-icon.png" width=3D"3=

4.8" />

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09

: center; font-size: 17px; line-height: 24px; letter-spacing: 0.03em; font=

-weight: 400; padding: 9px 0 26px;">This website is strictly for adults onl=

y! This website contains

=09=09=09=09=09=09sexually explicit content. You must be at least 1=

8 years of age

=09=09=09=09=09=09to enter this website.

=09=09=09

=09=09=09

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd4269a56d81930da23aec=

f"> 3D"border"

_two/border.png" style=3D"display: block;" width=3D"600" />

: 13px 0;">

=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

font-size: 18px; line-height: 24px; letter-spacing: 0.03em; font-weight: 40=

0;">=C2=A92026 ImLive.com All Rights Reserved

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09
ttps://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaa=

e/6daaddc40f50df294910d1f38232602ed5e1bd23">UNSUBSCRIBE

=09=09=09=09=09=09

=09=09=09

s/xb541dja9ef20/track-opening/ob677nvejyaae" alt=3D"" />

--_=_swift_1774145055_349d1725fa483f57f511ed5f0fa016e7_=_--

X-rated spam from OVH Part 1

Posted by Dave Yadallee on Sunday, March 22. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 22 Mar 2026 05:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w4GvE-000000001uI-098c

for dave@doctor.nl2k.ab.ca;

Sun, 22 Mar 2026 05:24:44 -0600

Resent-From: The Doctor

Resent-Date: Sun, 22 Mar 2026 05:24:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.smaily.info ([173.244.60.207]:59775)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w48Bj-00000000Fev-2t8Q

for doctor@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 20:05:20 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=smaily.info;

h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type:List-Unsubscribe:List-Id; i=noreply@smaily.info;

bh=5chvhiQux7TN+Mtwa7/myPXSnx0=;

b=iNPgpe4x8oR3KCnKGYIItRGy21AdVce4CsGu3UbHL1HtRmAVgFa/uGuEm6lUPZhncN/Sznj1kEaB

q58r2+TE+MlH/eD47sNQxlv7avD7WKuJLs8jeCQLJWtHrVQhGcTISN5+FylQhTAKSYwnl6yUkBnu

mUu1O5aCAC5SOSFe1ZU=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=smaily.info;

b=h6/rk63+Zg2sIgyyh8fa8i8aUhSkKUmuJYH8DtzzshZ8JlFhEyYuacDa6DdbdmaKSbITq5LGvRvV

qyWH5bCxK5swLt+saAygm4xC0PRkM2vN6oyZ0f51n2gD94JULg0ENpn00j63InGO3XabMETJsPz3

dFuS6WEdKDNw9s8wSBQ=;

Received: from rosasau.com (167.114.128.205) by mail.smaily.info id hnt75e0001g6 for ; Sat, 21 Mar 2026 22:04:15 -0400 (envelope-from )

Message-ID: <6c4f3e6a13a0e966341b2fe2c930d8e293b997a1@smaily.info>

Date: Sun, 22 Mar 2026 02:04:15 +0000

Subject: Last chance before she goes offline =?utf-8?Q?=E2=8F=B3?=

From: ImLive

Reply-To: ImLive

To: "doctor@doctor.nl2k.ab.ca"

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="_=_swift_1774145055_349d1725fa483f57f511ed5f0fa016e7_=_"

X-Report-Abuse: https://rosasau.com/index.php/campaigns/xb541dja9ef20/report-abuse/na6469fs6dceb/ob677nvejyaae

x-job: xb541dja9ef20

X-EBS: https://rosasau.com/index.php/lists/block-address

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Unsubscribe: ,

List-Id: na6469fs6dceb

Feedback-ID: xb541dja9ef20:ob677nvejyaae:na6469fs6dceb:dy792eggq06b2

X-Spam_score: 21.6

X-Spam_score_int: 216

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: [header-logo] [https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd4269a56d81930da23aecf]

[top-banner] [https://rosasau.com/index.php/campaigns/xb541dja9ef20/track-url/ob677nvejyaae/a1b00ade245a24789fd4269a56d81930da23aecf]

Content analysis details: (21.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[167.114.128.205 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

[173.244.60.207 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[173.244.60.207 listed in dnsbl.ahbl.org]

[173.244.60.207 listed in dnsbl.ahbl.org]

[173.244.60.207 listed in dnsbl.ahbl.org]

[173.244.60.207 listed in dnsbl.ahbl.org]

[167.114.128.205 listed in dnsbl.ahbl.org]

[167.114.128.205 listed in dnsbl.ahbl.org]

[167.114.128.205 listed in dnsbl.ahbl.org]

[167.114.128.205 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[173.244.60.207 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[173.244.60.207 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[173.244.60.207 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[173.244.60.207 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[167.114.128.205 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[167.114.128.205 listed in sbl-xbl.spamhaus.org]

0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS

blocklist

[URI: rosasau.com/167.114.128.205]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: rosasau.com]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.244.60.207 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.244.60.207 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: rosasau.com/167.114.128.205]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[173.244.60.207 listed in wl.mailspike.net]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: rosasau.com]

2.5 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: rosasau.com]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.244.60.207 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[173.244.60.207 listed in bl.score.senderscore.com]

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Last chance before she goes offline =?utf-8?Q?=E2=8F=B3?=

Spotify Phish from Google Gmail Part 2

Posted by Dave Yadallee on Sunday, March 22. 2026

--000000000000c2a8a2064d923cf9

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Spotify Premium

Update Your Payment Method

Dear Customer,

We hope you are doing well. Unfortunately, we were unable to process your

most recent payment due to an issue with your current payment method.

To ensure uninterrupted access to your account, please update your payment

details within the next 48 hours.

You can securely update your payment information by clicking the button

below:

Update Payment

Thank you for your prompt attention to this matter. We appreciate your

continued trust and support.

?mode=resetPassword&oobCode=XRgnps1QPVyzZUYS7RZ1fHhX4Cdlx637ODH680i4J9gAAAGdEwE3PA&apiKey=AIzaSyDXdEYjzvA2lugfU-0MRnCpuEuaJpB0QfE&lang=en&tenantId=ama114-mg9zk

--000000000000c2a8a2064d923cf9

Content-Type: text/html; charset="UTF-8"

Hello

Spotify

Premium

Update Your Payment Method

Dear Customer,

We hope you are doing well. Unfortunately, we were unable to process your most recent payment due to an issue with your current payment method.

To ensure uninterrupted access to your account, please update your payment details within the next 48 hours.

You can securely update your payment information by clicking the button below:

Update Payment

Thank you for your prompt attention to this matter. We appreciate your continued trust and support.

?mode=resetPassword&oobCode=XRgnps1QPVyzZUYS7RZ1fHhX4Cdlx637ODH680i4J9gAAAGdEwE3PA&apiKey=AIzaSyDXdEYjzvA2lugfU-0MRnCpuEuaJpB0QfE&lang=en&tenantId=ama114-mg9zk

--000000000000c2a8a2064d923cf9--

Spotify Phish from Google Gmail Part 1

Posted by Dave Yadallee on Sunday, March 22. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 Mar 2026 19:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w47YX-00000000Acr-2oYF

for dave@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 19:24:41 -0600

Resent-From: The Doctor

Resent-Date: Sat, 21 Mar 2026 19:24:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f199.google.com ([209.85.221.199]:45107)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w46xe-000000006cf-0nAz

for doctor@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 18:46:42 -0600

Received: by mail-vk1-f199.google.com with SMTP id 71dfb90a1353d-56cdaa45becso2223178e0c.2

for ; Sat, 21 Mar 2026 17:45:46 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=spierengenharia.com; s=firebase1; t=1774140340; x=1774745140; darn=doctor.nl2k.ab.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=JJQX2lUkKV+rgYVFAB+9keuLiaeMSmDtKciE7hQZNO8=;

b=QoM1ndXTM04pr+dhe0O/RzVuMpCAWR+lyDvLyh8ohug9egxjca4VkYNdAYCasrK2vK

wxrsAgHPmO3KHBOdSnst+l1TzSnzNchQYzc03XMMNn6Y7kdqcpZ2ZacoN+ZcdDr3mcUZ

wFdtDf54JQ2apUDavv03LuPd9PjvMWOSLL4zT7khzpFWqOj91zlFpiCNII5Ge7+pM1Rn

EyVtiQnWtRKgZO4HGdhhEczyVA7S6FWjkZqyZuhZFHAGOp/RhJUW2TNxQ9f4oijfrCa6

hXn8Lu8Izg5FtQzig8ImOR0rJHPr8rJVRE/OKF7PckojItieOc8/c8GEs3mHD++HGGFt

FgeA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774140340; x=1774745140;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=JJQX2lUkKV+rgYVFAB+9keuLiaeMSmDtKciE7hQZNO8=;

b=XLqaFr5UY5LIEWC7VhNkrpsNTPStTbXJpLrshWhd1zbzFcYizzmu0JpKDj8SdSeZYE

pzEu4JjPg6N+fr7yMWTgtvxlGImvhh4RZ0K/Wh+fdDIp8S7MTpE08mR4QqgRADNQrfkF

T7hz5U9IUgdSHFbJHb4XZrPxUUDzkEZf8gaEm/6hcSHVBgNmCpzpYQw+G/jcqOrvn10A

XzFDoQITu9hOvK3IAOfMo2C/ulXlqDjmvmf6jpL1U2oXFvNZQnUEu2xsrULpk+KyJ+pX

GiPsTExsFxDg3527h81pD7u6lqdaRiuKFkaf3M7OzbnOeJ7I5QoGsAw4YqdYOMcIfmu4

Mmcw==

X-Gm-Message-State: AOJu0YzAIMyc3z2U1m2ZpaDTmZlPEaj4HzAdsghtVOz4rjLYxG48HtGV

/PvfNEoEKoe9pFbGbNtBtrR223KtFdaCsxKMBY6tSu7St02vYBG6xF2XLHHOqouIUBV5E2z1k/z

8HI8lO52+xGCcmQ==

MIME-Version: 1.0

X-Received: by 2002:a05:6122:2883:b0:56c:d623:896e with SMTP id

71dfb90a1353d-56cde465491mr3357172e0c.14.1774140340217; Sat, 21 Mar 2026

17:45:40 -0700 (PDT)

Reply-To: infos@spierengenharia.com

Message-ID: <000000000000c2a8ab064d923cfc@google.com>

Date: Sun, 22 Mar 2026 00:45:40 +0000

Subject: =?UTF-8?B?U8+Bb3RpZnk6IM+BYXltZW50IPCdlqXwnZa68J2XgvCdl4XwnZa+8J2WvSE=?=

From: No-reply

To: doctor@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="000000000000c2a8a2064d923cf9"

X-Spam_score: 11.2

X-Spam_score_int: 112

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Spotify Premium Update Your Payment Method Dear Customer,

Content analysis details: (11.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.199 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 J_WEEDS_M FULL: Dec/Hex char Enc [Mm]

1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]

1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]

1.0 J_WEEDS_Y FULL: Dec/Hex char Enc [Yy]

1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]

1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?UTF-8?B?U8+Bb3RpZnk6IM+BYXltZW50IPCdlqXwnZa68J2XgvCdl4XwnZa+8J2WvSE=?=

Charity spam from Google Gmail

Posted by Dave Yadallee on Sunday, March 22. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 Mar 2026 19:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w47YH-00000000AbO-10hI

for dave@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 19:24:25 -0600

Resent-From: The Doctor

Resent-Date: Sat, 21 Mar 2026 19:24:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f50.google.com ([209.85.167.50]:49298)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w46CT-000000000Ec-0I0z

for doctor@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 17:57:59 -0600

Received: by mail-lf1-f50.google.com with SMTP id 2adb3069b0e04-5a27b5ad832so2901370e87.2

for ; Sat, 21 Mar 2026 16:57:01 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1774137414; cv=none;

d=google.com; s=arc-20240605;

b=CRJ3rQN47zCFjY4CTB3HtHVASD3TrgoDaG3s+OXRLtfQewybG7P+RK0kO+JCY9mg+2

I3A8kcorqryW+l0+rSdzTl0jZFo42KzKxzXI9kCKM1MgIceDHJRIrbe1ptTxgVemwD4V

0SYabOarkzbq7wj0D5EziBenGKKiZ3+sLAVBwe6Vx0H8Cykmyxjz+Oe2tM39E/NV7CsY

bqpd+e5j534k7NAG+MGV+ezOgfa0Pax9d9iLa4tUY4ZM7R9kr1lnJPUyZEzU3Afx+1Fc

i3jAybIXPQARDOdenIYmHvBRS1XJXk6HgQcz13nqHBBzWm37a9yAECXSvh2YnQ9I9AGW

p19Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=4XFB/kVSCpsSQOX9u/SOF70Ppa16ZTiQHeG6hnDDGuI=;

fh=orQndFsvf9zXb0UFqfR6B3GkBRr4wXjerEB+5FZH1oI=;

b=UeWQmI+pOMaDo+ofJgfuMatTnSk8oZ8kD5VI22yitvKA/M0lPP3+vhc8taFfSlBzZL

PJlxY63LnHE+yTbPUwp3nYXgEK40DZvJryARlDf9U3SbnU3753DfRM8CG5usmtWONvE0

L5KrKg1TNcxUJ9/mDnb5vp9s3TW55Rkvi0gT1JSbO5SzkimGOJRkvvVNLdYKH8gZutDy

UeHSYVThNSCc6/whnSYHgesjkZSEL0yWa5Dxhf5qGPE1muiiT7/W5G0+T5KeL70xtE2Q

1a8vvYe6EZa8SEJfza5eroD8SlqKn92IINLuiLz7W7CVgsFA1WKIKvZa9iVaqkhftiXg

2/1Q==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1774137414; x=1774742214; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=4XFB/kVSCpsSQOX9u/SOF70Ppa16ZTiQHeG6hnDDGuI=;

b=X0dw7lr8zLrZhdifPL72ZtuESENkBcLU6ZUhwm3msdwVLCO5i6pPskQ0WJ6VRjLEeH

AgQGnk62YLEHa3UaxvbabtSPTXd/BnMG1LhvyC0OQnIzvg8QWiSEUhNn2PmTmdmv4MY6

HhQ5dO6xFQTI2OQ27f9kfUWOdEiA/a2/zB7HDhGLDyhHvQuDPXsmWDVzdPLH4FLIjRad

QeBlXR0dhfPvBpUDNlRnls4nXeTSPk9bkTCJSsYuPkIRhq8wsFuSVZucf5IL6BEwgfmY

WLsIaYZiDHNfqqkc363HulOa/pn8YPFh8oBG/0FrlTk9bJMVlndmmNvHPSQFa9Xv2Xwl

xiOg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774137414; x=1774742214;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=4XFB/kVSCpsSQOX9u/SOF70Ppa16ZTiQHeG6hnDDGuI=;

b=K6P1sjkQ4SWnLVj8x/0E9GWMjJLIVikIIR+cHRR6AdfGpbonkM2dBi2XvU7I4JJJJ9

oP50zqramY6iM0wnCHWgYC0rh/UDP+5UkIV6t/udpBH+hYhWzSRFIc8J9f16HUH161dX

G0IzD/rIsKrfdGEPAqN82/9ZCNNi7Tx24E6fYsNEARzf7jrU6OZnkLYhIq6xdZm94VU3

zxajacNFh4Mr+oWDF9LPr2i3I4hkdg5BMoEUhhplqNcVa+wEXYo/d/4zEuacix7neGxO

lXgNdyr+2aiyyvgiWWIXaVA5024s6JWrjURoPDFxonc7FBrxurwN8ZepDeqLYAiQUVun

b3IA==

X-Forwarded-Encrypted: i=1; AJvYcCVw+2OaHPyCcQwlvQ/reBMVj/fP0GBpceNAFWENfazzJ4d6cFOSCjdxCNa9ahbmddqgdm/+a1U=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YzC8njJSFOoGc58x0Pavs4HWzl3yVpAP7xCf8Iu5ppLEssxYkqm

b52+wEvTu1+SAT89TVKk0efJUsyan726HhP9m62iDs5FA2DnWjjyRNnSMJu0jT4AwMXpxpmt7UJ

Lj3u7zJjWHe1Hh4jVoH9xfy0gtuXEONo=

X-Gm-Gg: ATEYQzy490JnnzAfv/NgRSQ+9knXDAyfNJAKkb9BZhc8w/bZLhMmp44T43gnik7AeEC

phnshCb2Da5qpZKD2kfA5dEUJDqGQR0CzxPU38ewEWsOS9vt2Y8Q1lu0/y2kwBC9ONecHWWGd25

LWKRbNmle3FHnsPPu1/Bu389/NBcfSAthTpKuVMU4WQS9E4rTgBuNJ2sBrrLkkpb2PJLpe8572q

5fYA1U/SwzGmDCaG2bhYeNL4LVaODYECyQG2+Jr0Mo+ZWb9cuobwupvdQC3CB1ZkflXUhonyRNK

YF97oIVwidwF48fV2XzEivP17vuNJ3C1BEDP0x/ypCZnj+09RTgb5H23

X-Received: by 2002:a05:6512:3d23:b0:5a1:4570:a8c0 with SMTP id

2adb3069b0e04-5a285b5da3fmr2072163e87.41.1774137413734; Sat, 21 Mar 2026

16:56:53 -0700 (PDT)

MIME-Version: 1.0

Reply-To: maviswancykp@gmail.com

From: "Mrs. Mavis L. Wanczyk"

Date: Sat, 21 Mar 2026 16:56:36 -0700

X-Gm-Features: AaiRm51w0UUQokOQ5pqAZRaKQ7-7tH2rE3Xk35c6xsWfaX2Fr56cHVmpGUVbgQ8

Message-ID:

Subject: Charity purposes only.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000005412ce064d918e93"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 18.7

X-Spam_score_int: 187

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: I am Mrs. Mavis L. Wanczyk, a widow and childless woman who

lost his husband in a car accident. I want to know if you received my donation

message of 2.500.000 million USD which I sent to you on 3/ 7/ [...]

Content analysis details: (18.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

[209.85.167.50 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.50 listed in dnsbl.ahbl.org]

[209.85.167.50 listed in dnsbl.ahbl.org]

[209.85.167.50 listed in dnsbl.ahbl.org]

[209.85.167.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.50 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.50 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.50 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.50 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[aminatasawadogo111(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[aminatasawadogo111(at)gmail.com]

2.5 MILLION_USD BODY: Talks about millions of dollars

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

1.5 HK_NAME_FM_MR_MRS No description available.

1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Charity purposes only.

--0000000000005412ce064d918e93

Content-Type: text/plain; charset="UTF-8"

I am Mrs. Mavis L. Wanczyk, a widow and childless woman who lost his

husband in a car accident. I want to know if you received my donation

message of 2.500.000 million USD which I sent to you on 3/ 7/ 2026, get

back to me quickly.

Please this Donation is for charity purposes only.

Mrs. Mavis L. Wanczyk.

--0000000000005412ce064d918e93

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

I am Mrs. Mavis L. Wanczyk, a widow and childless woman wh=

o lost his husband in a car accident. I want to know if you received my don=

ation message of 2.500.000 million USD which I sent to you on 3/ 7/ 2026, g=

et back to me quickly.

Please this Donation is for chari=

ty purposes only.

t color=3D"#888888">

Mrs. Mavis L. Wanczyk.

=

--0000000000005412ce064d918e93--

Cloud Credential Phish from Google Gmail Part 2

Posted by Dave Yadallee on Saturday, March 21. 2026

body{

margin: 0;

padding: 0;

}

a[x-apple-data-detectors] {

color: inherit !important;

text-decoration: inherit !important;

}

#MessageViewBody a {

color: inherit;

text-decoration: none;

}

p{

line-height: inherit

}

.desktop_hide,

.desktop_hide table{

mso-hide: all;

display: none;

max-height: 0px;

overflow: hidden;

}

.image_block img + div{

display: none;

}

sup, sub {

font-size: 75%;

line-height: 0;

}

@media (max-width:670px) {

.desktop_hide table.icons-inner {

display: inline-block!important;

}

.icons-inner {

text-align: center;

}

.icons-inner td {

margin: 0 auto;

}

.mobile_hide {

display: none;

}

.row-content {

width: 100%!important;

}

.stack .column {

width: 100%;

display: block;

}

.mobile_hide {

min-height: 0;

max-height: 0;

max-width: 0;

overflow: hidden;

font-size: 0px;

}

.desktop_hide,

.desktop_hide table {

display: table!important;

max-height: none!important;

}

}

d>
ng: 0; -webkit-text-size-adjust: none; text-size-adjust: none;">
s=3D"nl-container" width=3D"100%" border=3D"0" cellpadding=3D"0" cellspacin=

g=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rsp=

ace: 0pt; background-color: #FFFFFF;">

w-1" align=3D"center" width=3D"100%" border=3D"0" cellpadding=3D"0" cellspa=

cing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=

rspace: 0pt;">

nter" border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation=

" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt; color: #000000; wi=

dth: 650px; margin: 0 auto;" width=3D"650"><=

/tbody>

olumn-1" width=3D"100%" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0=

pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-top: 5=

px; vertical-align: top;">
"100%" border=3D"0" cellpadding=3D"10" cellspacing=3D"0" role=3D"presentati=

on" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt; word-break: brea=

k-word;">

r;font-family:'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;f=

ont-size:12px;font-weight:400;letter-spacing:0px;line-height:1.2;text-align=

:center;mso-line-height-alt:14px;">

Can't see images=

,
F-2BzqiGw3CIXpbHrtYHfLDtAIsYdtG4g9hue17UWvLxDlhB9MvwdyvvF_A3nRQoop3xGTTNLdb=

AlLJcD2sfZwkYwAzGLsVwWWgkysJsC7wSRYpipBhGB05ZVytHg8U4lxnVQgLrb1mKX9FHel3RYz=

kuQ7bb8o4coPfiWKjZDGo6Z0DBH1SeyI2OiHiqR3fSrdjspwxa3iA2RqQj2jfq8L0ZOtCDc5dkD=

Hj-2FwXnoF-2BUUa0PE-2Booxrda4CNAx2EiuPMQTHrtj-2FZm6SW272kk0wBNv9k6cAFyt8uAN=

gVW8qSQ9XKsAWirdUzxtxEG0KUI-2B97SyfFGF51msV9kWfeL2GTkiaeExWuwpOewY-2F6pBK-2=

Fz4pJCQGdykynS2zW8rTBgEWV7g83klyBDJJ57MOMMeuRXeNIz74IiUzHVTOYrZJtRmzG0-2Bw-=

2F1ES0iuz8KY2yQjhcIDGWfPwswtOop5A3CSCplrqBUuxiGDUWwUqHuXPeU-2FS9hFJdcE1XuV3=

c" target=3D"_blank" style=3D"text-decoration: underline; color: #000;" rel=

=3D"noopener">Click here

s=3D"image_block block-2" width=3D"100%" border=3D"0" cellpadding=3D"0" cel=

lspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=

ble-rspace: 0pt;">

lass=3D"alignment" align=3D"center">

f=3D"https://click.suprsend.com/ls/click?upn=3Du001.i-2BRQJxtL1ha3gF-2BzqiG=

w3CIXpbHrtYHfLDtAIsYdtG4g9hue17UWvLxDlhB9MvwdyvvF_A3nRQoop3xGTTNLdbAlLJcD2s=

fZwkYwAzGLsVwWWgkysJsC7wSRYpipBhGB05ZVytHg8U4lxnVQgLrb1mKX9FHel3RYzkuQ7bb8o=

4coPfiWKjZDGo6Z0DBH1SeyI2OiHiqR3fSrdjspwxa3iA2RqQj2jfq8L0ZOtCDc5dkDHj-2FwXn=

oF-2BUUa0PE-2Booxrda4CNAx2EiuPMQTHrtj-2FZm6SW272kk0wBNv9k6cAFyt8uANgVW8qSQ9=

XKsAWirdUzxtxEG0KUI-2B97SyfFGF51msV9kWfeL2GTkiaeExWuwpOewY-2F6pBK-2Fz4pJCQG=

dykynS2zW8rTBgEWV7g83klyBDJJ57MOMMeuRXeNIz74IiUzHVTOYrZJtRmzG0-2Bw-2F1ES0iu=

z8KY2yQjhcIDGWfPwswtOop5A3CSCplrqBUuxiGDUWwUqHuXPeU-2FS9hFJdcE1XuV3c" targe=

t=3D"_blank">

e21b58ba9a8f420e4bd0/69be358ac01d5abad40427dd/164422049fb905b52bf34e9c3aaf4=

cbd.original.jpeg" style=3D"display: block; height: auto; border: 0; width:=

100%;" width=3D"650" alt=3D"" title=3D"" height=3D"auto">

<=

/td>

" border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" st=

yle=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;">

=3D"pad" style=3D"width:100%;">

iv style=3D"max-width: 650px;">

fer-media-uploads.s3.amazonaws.com/69b0e21b58ba9a8f420e4bd0/69be358a13e65a8=

61c00487a/2b996a9cf773854d5eafd3dc099ee411.original.jpeg" style=3D"display:=

block; height: auto; border: 0; width: 100%;" width=3D"650" alt=3D"" title=

=3D"" height=3D"auto">

=3D"center" width=3D"100%" border=3D"0" cellpadding=3D"0" cellspacing=3D"0"=

role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0p=

t; background-color: #ffffff;">

tack" align=3D"center" border=3D"0" cellpadding=3D"0" cellspacing=3D"0" rol=

e=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt; c=

olor: #000000; background-color: #ffffff; width: 650px; margin: 0 auto;" wi=

dth=3D"650">=

=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt; font-weight: 400; text-al=

ign: left; padding-bottom: 5px; padding-top: 5px; vertical-align: top;">
ble class=3D"icons_block block-1" width=3D"100%" border=3D"0" cellpadding=

=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"mso-table-lspace: 0=

pt; mso-table-rspace: 0pt; text-align: center; line-height: 0;">

ily: 'Inter', sans-serif; font-size: 15px; padding-bottom: 5px; padding-top=

: 5px; text-align: center;">

--00000000000070b2a1064d853d0e--

Cloud Credential Phish from Google Gmail Part 1

Posted by Dave Yadallee on Saturday, March 21. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 21 Mar 2026 06:43:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3vek-00000000KJz-46Cg

for dave@doctor.nl2k.ab.ca;

Sat, 21 Mar 2026 06:42:18 -0600

Resent-From: The Doctor

Resent-Date: Sat, 21 Mar 2026 06:42:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f70.google.com ([209.85.161.70]:52262)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3sRH-00000000Lx1-0j5g

for sales@nk.ca;

Sat, 21 Mar 2026 03:16:18 -0600

Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-67c211a0a07so20106053eaf.0

for ; Sat, 21 Mar 2026 02:15:23 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1774084517; x=1774689317; darn=nk.ca;

h=to:from:subject:date:message-id:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=QCCLJEE8Jj27I0uDer01V16qjB+btrYczeMorgKFgh0=;

b=SJHiY7YCW+K9Uw43aT3XU5TwNY+z370D8QSCH5M4QGe3uTDwK2j34vgMXCcyk53Mt7

Wij8hg+YR/TKIHsCSXqDFVgVfrtGNNy8TTcaASpr93jMnZHh/daEpZyXWvPxHcjHZiuS

ellfDIMd+XjnaDsONK4OS/A5jccximtqcwGeBs9FlsA6TqmoIgZFvLWceoSInwtsgnsF

9KmcriPWnL/JY+fvgROxBvhJRWFiXVpopput93ZDs5JCqVsE3lSpfh28ui5XaELsLniJ

OmPEczk7RyMaoJMQ5SthBabAtnytNz5oVoxxLIX4Qfnm3E4C32wFOws5R53PsL0vDqYh

A+Ew==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774084517; x=1774689317;

h=to:from:subject:date:message-id:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=QCCLJEE8Jj27I0uDer01V16qjB+btrYczeMorgKFgh0=;

b=O0kbz+nR4MxiB//NP2ZgmIsTzyamJvC9qt+DtWSWmTURAFNfbSZPu+y/C2KqSplA4V

VCJgAB/6Us6dlgcayydmbB3oFQerw4K8grtpES8sYXsdAmj+IOKq8szDNuNe+g43jqPO

U0EBpnsc9Mz99XOnIpK58OD9ETNo4xkdxUIoH5D4MSZIlHt76f6m965KsTsqPNQg9GmR

7UQHFfjt84kkQIMKas5zDnqTFELVkD3TwmCddIWlZOyuIC8D73tEgAfHWZeXhaiMIxGo

PwUcxSf4h1tDp6BD5GfvQx+/SnDtqGhUEjl2oX2Bt1OEFnC/Eh2LBzR77FS2xwcAfYTC

xTlQ==

X-Gm-Message-State: AOJu0YwdI5Phdz8kUrsahJ5MAs8PONgPn/4U4pxuedshC9dYgjzJQGab

qgHHPzp1uxtnNtKKGFFgkyKxF/Crf5wdT0byBe3jzuA49xlTXfeuB0DBdPJC/3DJUvL9UPATQ8m

IkdmSptNZDw==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:4de9:b0:67b:e4a1:9e5a with SMTP id

006d021491bc7-67c22ef420bmr4541204eaf.19.1774084517048; Sat, 21 Mar 2026

02:15:17 -0700 (PDT)

Reply-To: cloudsystemnotification@yopmail.com

Message-ID: <00000000000070b2b2064d853d11@google.com>

Date: Sat, 21 Mar 2026 09:15:17 +0000

Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

From: Cloud System Notification

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="00000000000070b2a1064d853d0e"

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Can't see images, Click here Can't see images, Click here

Content analysis details: (6.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

[209.85.161.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

[209.85.161.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.70 listed in dnsbl.ahbl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in sa-accredit.habeas.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.70 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.70 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.70 listed in bl.score.senderscore.com]

0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?UTF-8?Q?=E2=9A=A0=EF=B8=8F_Important_Alert=3A_Uploads_temporarily_paused_=2D?=

=?UTF-8?Q?_storage_limit_reached?=

--00000000000070b2a1064d853d0e

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Can't see images, Click here

--00000000000070b2a1064d853d0e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

osoft-com:office:office" lang=3D"en">
=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
port" content=3D"width=3Ddevice-width, initial-scale=3D1.0">
ss2?family=3DOpen+Sans:wght@100;200;300;400;500;600;700;800;900" rel=3D"sty=

lesheet" type=3D"text/css">