Ledger Security Phish from Google Gmail Part 3

Posted by Dave Yadallee on
Dear
=3D"color: #0b0b0b; font-weight: 600;">doctor@nk.ca,


esponsive dark-mode-text-secondary" style=3D"margin: 0; padding: 0; color: =

#4a4a4a; font-size: 16px; line-height: 1.7; font-family: -apple-system, Bli=

nkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">



Our records indicate that your Ledg=

er device is running an outdated firmware version. To keep your digital ass=

ets secure, please complete the mandatory firmware update by the deadline b=

elow.



This update contains critical secu=

rity enhancements that help protect your device and maintain safe access to=

your funds.



 





=20



=20




e-height: 32px; font-size: 0;"> 


=20




lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">








0;">


" target=3D"_blank" rel=3D"noopener" class=3D"btn-responsive dark-mode-btn"=

style=3D"display: inline-block; background-color: #0b0b0b; color: #ffffff;=

text-decoration: none; padding: 12px 40px; border-radius: 8px; font-weight=

: 400; font-size: 17px; min-width: 100px; text-align: center; font-family: =

-apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sa=

ns-serif;">


>Update Now


=20




e-height: 40px; font-size: 0;"> 


=20



=20




e-height: 20px; font-size: 0;"> 


=20




style=3D"margin: 0; padding: 0; color: #6a6a6a; font-size: 16px; line-heigh=

t: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto,=

Helvetica, Arial, sans-serif;">

Thank you for taking prompt action to keep =

your device safe and reliable.







=20





=20








: 1px; background-color: #e9e9e9; border: 0; margin: 0; padding: 0;"> =







=20






dding: 28px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">


lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">








">


d.wikimedia.org/wikipedia/commons/thumb/f/f0/Ledger-logo-long.svg/1280px-Le=

dger-logo-long.svg.png" alt=3D"Ledger" width=3D"117" height=3D"39" />



 



 





=20


size: 13px; line-height: 1.7; font-family: -apple-system, BlinkMacSystemFon=

t, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; margin-top: 16px;">

Ledger SAS


1 rue du Mail, 75002 Paris, Fra=

nce



=C2=A9 2026 Ledger. All rights =

reserved.






=20





=20









=20







--000000000000f09247064c161b8c--

Ledger Security Phish from Google Gmail Part 2

Posted by Dave Yadallee on





xt-size-adjust: 100%; -ms-text-size-adjust: 100%;">



=20




ng=3D"0" border=3D"0" style=3D"width: 100%; background-color: #f5f5f5; min-=

width: 100%;">








































20px 0; background-color: #f5f5f5;">



=20




" cellspacing=3D"0" border=3D"0" align=3D"center" class=3D"main-table" styl=

e=3D"width: 100%; max-width: 600px; background-color: #ffffff; border-radiu=

s: 0;">



=20






























































































dding: 40px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

=20




margin-right: auto;" src=3D"https://upload.wikimedia.org/wikipedia/commons=

/thumb/f/f0/Ledger-logo-long.svg/1280px-Ledger-logo-long.svg.png" alt=3D"Le=

dger" width=3D"255" height=3D"85" />



=20




e-height: 40px; font-size: 0;"> 


=20






e-height: 20px; font-size: 0;"> 


=20




ry" style=3D"margin: 0; padding: 0; color: #4a4a4a; font-size: 16px; line-h=

eight: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Rob=

oto, Helvetica, Arial, sans-serif;">

Ledger Security Phish from Google Gmail Part 1

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 22:03:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxHu5-000000002Nu-2xKJ

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 22:02:41 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 22:02:41 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f70.google.com ([209.85.222.70]:58460)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxGEh-00000000Nzc-0VlG

for doctor@nk.ca;

Mon, 02 Mar 2026 20:15:58 -0700

Received: by mail-ua1-f70.google.com with SMTP id a1e0cc1a2514c-94de965f29fso6770718241.0

for ; Mon, 02 Mar 2026 19:15:08 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1772507702; x=1773112502; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=AbdfpzATrunnwDtAPn8y/p3nxoOMSOmu2ciDi4li4YQ=;

b=Lfz4pRVP2gOqLNJ9Wxzz8s71BjXbaZt6jHcl3MN8XEnxyzGPn50SheP+BMtu+jRCtt

9H5QZerXqd/YeOBLekYvCeDmi79GKrOERzSDwaW6grBDNNh5/zva9ZFtGw6nokrcrxzx

2m6nP13EJJ4pHsBq1OFfOaphjGK+HqSwCO4iv30B9+BFU0H8GfqeKu8Sw+iGm0rWSWkU

ldE2/B3vfFn435GerZKzvTexybqHuZZwAWP4w9Nm1bD6RE30KI1UaAzRE4Bnnlr6iMnP

DyIVX54YF7eV2jDd8VomTpgymhSurpLp2jQ0ZDv7yje7XwWDICJXAWqSIZuiOHT31V0i

kOlw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772507702; x=1773112502;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=AbdfpzATrunnwDtAPn8y/p3nxoOMSOmu2ciDi4li4YQ=;

b=JMaWCh7yMbU7h7D86cY2NnhJQYPndmNLeMd8d/hutMPMb3DIBuOc/L0I12tkZ6d13G

DU5aNgSbvnMhLOjopQOy9Yn6X9iJ3Gj5yzftIF+j5oe3EpnFO2qdXsLOhYxTkjMm8C+R

QDZT5nAgZYNkE9Es+P5LOurAJkbxjXL20iYT7wjGWYcL3Mh+Sjjkj1t/34yB4GkNtVbI

pUFE0PowiR39q36Uwo36xmY+ViNZTntSza978+6FLcoz626xLCYq6ndShWfsif8nfw1C

+rDOwabZNOmQQmoFVIFHVXVo2pXosgukUloPJWfYrh0g9DTkHnDDl14ubx5aXQ667+Bg

wZxQ==

X-Gm-Message-State: AOJu0YyGHehkF88G32MEbyYmjXIlBkht6t/4G9Y+6kW6vscx0un1jE6w

sML64yLNowtLfkjj7jyrYJlWHoghGdk+ChZfbwD+DvjgbRCtYUz0ngnu7tkAynF5VFXuKD1JgwL

5P6Zv4QPdrg==

MIME-Version: 1.0

X-Received: by 2002:a05:6102:c4e:b0:5ee:a38a:ebf6 with SMTP id

ada2fe7eead31-5ff324dc836mr4930752137.20.1772507702005; Mon, 02 Mar 2026

19:15:02 -0800 (PST)

Message-ID: <000000000000f09259064c161b8f@google.com>

Date: Tue, 03 Mar 2026 03:15:02 +0000

Subject: =?UTF-8?Q?Security_Update_Needed_=E2=80=94_Please_Act_Now?=

From: Ledger

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="000000000000f09247064c161b8c"

X-Spam_score: 9.3

X-Spam_score_int: 93

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Ledger Dear doctor@nk.ca, Our records indicate that your Ledger

device is running an outdated firmware version. To keep your digital assets

secure, please complete the mandatory firmware update by the deadline below.





Content analysis details: (9.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

[209.85.222.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.70 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.70 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.5 DEAR_EMAIL BODY: Message contains Dear email address

2.4 ACT_NOW_CAPS BODY: Talks about 'acting now' with capitals

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.70 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

Subject: {SPAM?} =?UTF-8?Q?Security_Update_Needed_=E2=80=94_Please_Act_Now?=



--000000000000f09247064c161b8c

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



TGVkZ2VyDQoNCg0KRGVhciBkb2N0b3JAbmsuY2EsDQoNCg0KT3VyIHJlY29yZHMgaW5kaWNhdGUg

dGhhdCB5b3VyIExlZGdlciBkZXZpY2UgaXMgcnVubmluZyBhbiBvdXRkYXRlZCAgDQpmaXJtd2Fy

ZSB2ZXJzaW9uLiBUbyBrZWVwIHlvdXIgZGlnaXRhbCBhc3NldHMgc2VjdXJlLCBwbGVhc2UgY29t

cGxldGUgdGhlICANCm1hbmRhdG9yeSBmaXJtd2FyZSB1cGRhdGUgYnkgdGhlIGRlYWRsaW5lIGJl

bG93Lg0KDQpUaGlzIHVwZGF0ZSBjb250YWlucyBjcml0aWNhbCBzZWN1cml0eSBlbmhhbmNlbWVu

dHMgdGhhdCBoZWxwIHByb3RlY3QgeW91ciAgDQpkZXZpY2UgYW5kIG1haW50YWluIHNhZmUgYWNj

ZXNzIHRvIHlvdXIgZnVuZHMuDQoNCg0KVXBkYXRlIE5vdw0KDQoNClRoYW5rIHlvdSBmb3IgdGFr

aW5nIHByb21wdCBhY3Rpb24gdG8ga2VlcCB5b3VyIGRldmljZSBzYWZlIGFuZCByZWxpYWJsZS4N

Cg0KDQoNCg0KDQoNCkxlZGdlcg0KDQoNCkxlZGdlciBTQVMNCjEgcnVlIGR1IE1haWwsIDc1MDAy

IFBhcmlzLCBGcmFuY2UNCg0KwqkgMjAyNiBMZWRnZXIuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQoN

Cg0KDQoNCg0K

--000000000000f09247064c161b8c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">






" />


=3D1.0" />





AAA Emergency Road Kit Phish from Microsoft Outlook Part 7

Posted by Dave Yadallee on


























Time Primary Activity
8:00–8:40Morning Operations Brief
8:40–9:20System Diagnostics Review
9:20–10:00Record Management Updates
10:00–10:20Team Pause Interval
10:20–11:00Operational Status Assessment






STAFF REFERENCE INDEX



























Role Name Division Status Contact
Coordination SupervisorHarper LaneOperationsActiveharper[at]lane
Technical EvaluatorMason OrtizSystemsActivemason[at]ortiz
Outreach SpecialistAvery KimCommunicationsOn Leaveavery[at]kim






*This summary is automatically generated for reference.





--_3e3b4aa1-e54f-49e3-959f-9e8fd3e3f004_--

London —
On a rainy afternoon in London, Yin Xiuzhen sits under a canopy of red, pink, purple and orange garments stretched over a steel frame. From inside, the carpeted dome, complete with rugs and cushions, makes a vibrant sanctuary. From the outside, the structure, which stands next to a large mirror, resembles a human heart. Together, they form “A Heart to Heart,” an almost 25-foot-tall installation created specifically for the first major survey of the Chinese artist’s work in the UK.
“I think it’s very important for people to be able to sit down and talk through their hearts,” Yin said, dressed in a matching brown shirt and trousers with floral embellishments, ahead of the show’s opening. “In this era, communication between every individual is very important. As we all know, we are living in a chaotic, volatile world.”
"Introspective Cavity" (2008) is meant to revive memories of being in the womb, according to the artist.
"Introspective Cavity" (2008) is meant to revive memories of being in the womb, according to the artist.
Courtesy the artist/Beijing Commune/UCCA
Named after the new work, the exhibition “Yin Xiuzhen: Heart to Heart,” at London’s Hayward Gallery, explores three decades of the artist’s practice. It brings together several of her most significant and notably large projects, many of which have been shown at leading institutions including the Museum of Modern Art (MoMA) and the Guggenheim in New York, as well as biennials and museum exhibitions across Europe, Asia and the US.
Yin’s ongoing international success is something of an anomaly. “If you look at Chinese contemporary art, all the big artists are mostly men, and a lot of them are painters,” said Yung Ma, a senior curator at the gallery, who has known her for over 10 years. “I don’t think there are many female artists of her generation still working today, at least not on that level.”
"Dress Box" features a collection of the artist's own worn clothing — ranging from childhood to adulthood — sealed inside a wooden trunk with concrete.
"Dress Box" features a collection of the artist's own worn clothing — ranging from childhood to adulthood — sealed inside a wooden trunk with concrete.
Courtesy the artist/Beijing Commune
Born and raised in Beijing, and initially trained in oil painting, the artist has been constructing artworks from used clothes for more than three decades. The first came in 1995, when she created “Dress Box,” an installation and video piece, for her first solo exhibition at a now-defunct contemporary art museum in the Chinese capital. In the work, Yin placed her own garments, collected over 30 years, into an old wooden trunk made by her father. She then filled the trunk with cement, “encasing all these memories into one,” as Hayward Gallery assistant curator Hannah Martin put it. A neatly folded pink shirt remains visible on top, guarding the stories hidden beneath.
An accompanying photo series, “My Clothes,” put the 32 items sealed within the trunk into perspective, offering context for each one’s significance. When Yin was growing up, her mother worked in a garment factory, where she would buy offcuts to sew into fresh items designed by Yin herself. “I always call clothes a second layer of skin,” Yin said. “Clothes bear the inference of our cultural background.”
The artist has moved on from solely using her own clothes and now acquires garments in a multitude of ways. “I collect different clothes from different groups of people to symbolize the collective consciousness of different groups,” Yin said, noting how her formative years, which include coming of age amid the chaos of Mao Zedong’s Cultural Revolution, exposed her to a staunch prioritization of joint, rather than individualistic, identity. In China, valuing “the individual over the collective was considered a shame,” she explained.
In "Collective Subconscious" (2007), a 1990s Beijing minivan is bisected and reconnected by a 14-meter-long, textile-covered tunnel. Here, reclaimed clothing is used to evoke memory, addressing China's rapid modernization, shared urban experiences, and the nostalgia of the "dream" to own a car.
In "Collective Subconscious" (2007), a 1990s Beijing minivan is bisected and reconnected by a 14-meter-long, textile-covered tunnel. Here, reclaimed clothing is used to evoke memory, addressing China's rapid modernization, shared urban experiences, and the nostalgia of the "dream" to own a car.
Courtesy the artist/Beijing Commune
Both Yin and the exhibition’s curator point to her 2007 work “Collective Subconscious (Blue),” in which a type of minivan known as a “mianbaoche” (literally translating to “bread van” in Chinese due to its loaf-like appearance), is extended along the center using various items of clothing, creating a large-scale installation that viewers can sit inside.
Introduced to the country in the 1980s, a time when few people had cars of their own, the minivan was an inexpensive option that allowed growing numbers of Chinese people to take to the roads. The vehicles were often used as taxis or for freelance businesses. “It was a symbol of progression,” Ma said. “Having a vehicle like that was meant to embody some sort of entrepreneurial spirit and tied into the capitalist development of China.”
But Yin also remembers how Beijing became almost unrecognizable in the early- to mid-1990s. Cycling through the city to work as an art teacher, she recalled passing “through countless hutongs (traditional alleyways) and old city streets.” On her return, she said she would often discover that the buildings had disappeared. In her 1996 piece “Ruined City,” she covered popular Chinese furniture and clay roof tiles in dry cement powder, evoking a demolition site.
Yin Xiuzhen's "Thought" (2009) is made from salvaged materials like old clothing.
Yin Xiuzhen's "Thought" (2009) is made from salvaged materials like old clothing.
Courtesy the artist/Beijing Commune/Pace Gallery
Yin Xiuzhen's "Washing River" addresses environmental pollution.
Yin Xiuzhen's "Washing River" addresses environmental pollution.
Courtesy the artist/Beijing Commune
“By 1995 and 1996, with the real estate boom in full swing, entire swaths of hutongs and courtyard houses were being razed,” she added. “At the time, many intellectuals, architects and artists called for a halt to the large-scale demolition and construction to protect the ancient capital, but their voices were too weak.” The sense of hope offered by Yin’s minivan serves as a stark contrast to the despair of those forced out of their homes echoing through “Ruined City.”
Yin also looks beyond China for inspiration. The first installation that visitors to her London show encounter takes a broader look at the urban experience. Atop a reconstruction reminiscent of an airport conveyor belt, Yin’s ongoing “Portable Cities” series recreates miniature cities in discarded suitcases made from items donated by residents of the location depicted. “Portable City: London,” for example, uses clothes collected from staff at the Southbank Centre, the arts complex that houses the Hayward Gallery. One member even stopped to point out a purple-patterned shirt they had contributed to the piece.
"International Airline," a suspended airplane fuselage constructed entirely from discarded secondhand clothing, serves as a commentary on globalization, consumerism, and the movement of people and memories.
"International Airline," a suspended airplane fuselage constructed entirely from discarded secondhand clothing, serves as a commentary on globalization, consumerism, and the movement of people and memories.
Courtesy the artist/Beijing Commune
“People in China didn’t really start international travel until the ‘90s,” Ma, the curator, said, highlighting that this was around the time Yin became a professional artist. Yin added: “My first international travel was to Japan, and later the Netherlands. I was at an airport terminal when I saw the conveyor belt, and this idea just came to me.”
The artwork adds a global perspective, but in “A Heart To Heart,” Yin is more concerned with matters closer to home — her audience’s hearts and minds. The installation’s heart-shaped form, and the act of talking inside it, are integral to her wider practice. In Chinese, “xin,” which is commonly translated to “heart” in English, can refer to the heart and mind in tandem. While Western thought often separates the two, in Chinese culture, emotion and reason are more deeply intertwined.




🎡 Entertainment
























Disney & Universal


Discounted theme park tickets


Sports & Concerts


Save on NFL, NBA, MLB, NHL


Movie Tickets


Discounts auto-applied at checkout








🛍️ Shopping & Dining






























Samsung


Up to 30% off sitewide


HP & Dell


Up to 35% off electronics


Home Chef


60% off first box


T-Mobile


Up to $200 when you switch








🏠Home & Business
















The UPS Store


15% off mailbox & print

Penske Truck Rental


12% off + free mileage

Atlas Van Lines


Avg. $840 savings on moves


















 



"This emergency kit gives me peace of mind every time I'm on the road."



— Verified AAA Member




Ready to claim your free kit?


One per eligible member · Shipping included · Supplies are limited



style="display:inline-block;background:#ffffff;color:#c8102e;font-family:'Source Sans 3',Helvetica,sans-serif;font-size:14px;font-weight:700;padding:16px 52px;text-decoration:none;letter-spacing:2px;text-transform:uppercase;">

CLAIM MY FREE KIT




You received this email as a registered AAA member who opted in to member benefit communications.


AAA Member Services does not sell or share your personal information with third parties.


To stop receiving promotional emails, allow up to 10 business days after unsubscribing.


Unsubscribing will not affect billing, renewal, or roadside assistance notifications.


© 2025 AAA Member Services · 1000 AAA Drive, Heathrow, FL 32746, USA




style="font-family:'Source Sans 3',Helvetica,sans-serif;font-size:10px;color:#888;text-decoration:underline;">Unsubscribe

  Â·  

Privacy Policy

  Â·  

Terms of Service












AAA Emergency Road Kit Phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.93.195.88 listed in wl.mailspike.net]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[40.93.195.88 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[40.93.195.88 listed in bl.score.senderscore.com]

0.3 OFFER BODY: Offers you Something

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels

1.0 XPRIO Has X-Priority header

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} 24 Hours Left to Claim Your Free Kit



--_3e3b4aa1-e54f-49e3-959f-9e8fd3e3f004_

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit













AAA – Free Car Emergency Kit













Your free AAA Emergency Kit + exclusive member discounts — claim today before supplies run out.



































































AAA


Member Services Bulletin



FREE OFFER


























Limited — While Supplies Last




Get Your


Emergency


Road Kit Free





A complete roadside safety kit — jumper cables, flashlight, first aid & more — shipped free to your door as our member appreciation gift.




style="display:inline-block;background:#c8102e;color:#ffffff;font-family:'Source Sans 3',Helvetica,sans-serif;font-size:13px;font-weight:700;padding:14px 30px;text-decoration:none;letter-spacing:1px;text-transform:uppercase;">

Claim Free Kit →



Inside Your Kit




🔌

Jumper Cables








🔦

LED Flashlight








🩺

First Aid Kit








📋

Safety Guide






$0.00


Free + Free Shipping
















★★★★★

"Rated 4.9/5 by AAA Members"

Verified Reviews


















Member Discounts & Rewards

discounts.aaa.com


















AAA Emergency Road Kit Phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 22:03:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxHtZ-000000002NR-4A1z

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 22:02:09 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 22:02:09 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-southcentralusazon11022088.outbound.protection.outlook.com ([40.93.195.88]:16119 helo=SN4PR2101CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxE80-00000000EJM-3rHH

for doctor@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 18:00:57 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=ePTOROJLdeUiTK5F7cL51JQz0/Y4m/TP4E0e19S8bCCymcjto0vs+nt/o4tgvesz0Tgj/ga9LD2WdHNqMXJIZsqsoej7+K8C8f3n02JsBY8YoTyDflQZqOIYnPJKALBcN812AmYGbyf0zWvcsFej+Duj5s0Dv13iRdm1O1ys323m6hVmuyEK0oxjIVb/joUt5gBuPtuCETOhZb+skvGAhCiQVG76+OrOCMAZlkkS8LggUKEzem2cDKchomalDmo0Cyqiv0Y1N/svzL2qE1P3H3lrmwcLxLrexn0BcGQpJQfiMSmQEA6ls5Gm3T7y+lMDjCvXxMC+Gk2gqpKHzh7ueA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=aKwwy1FfgUynRw1SCPDPeYj1PdV9WCnSRxUDD2a/R0E=;

b=srSj2Ru72OqWLUg1+hpzxD9gLKTjc7G4W0KonXxl45nsDh1JAqHjFpirB1EC+boXCyp+oJWGCWnMCIW1yJy6898F9AtAefHy3yPL6b03W4Mv8oNd/9qq8a3CTkDddOTk/FXVnjelYWq2m36zkxge6zyhmdvEqX10IiGfCqi5TkURrGKHDzz2hVG+p3yAr3HMw8CKnEJCYEl+hbRc8/yUxatNarRvEjFv/smBlLna0ASS4VWU/1ZRQr/EY5e/s1aPtpFptxsx7gvwzXhRLNN0qnEETyalFetYRjc4LGswJxMKohGxnWcOqtC4axgc5FXKzdSXBXkTJWAwh+PRqigKnA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

103.241.67.132) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=ohiostateuniversity52784.onmicrosoft.com; dmarc=none

action=none header.from=ohiostateuniversity52784.onmicrosoft.com; dkim=none

(message not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=ohiostateuniversity52784.onmicrosoft.com;

s=selector1-ohiostateuniversity52784-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=aKwwy1FfgUynRw1SCPDPeYj1PdV9WCnSRxUDD2a/R0E=;

b=ZZhKhow/KEPZwhSSOZ2mvmZv98NEtg3hpzCu6iapom/N5N/sAuoU6vwd2Cv3Qtxn8du5/Gim2exFpJb3iDDFU/kwlp9E4AtLgLIjfoKpa2Mm1cD1gkJPzg/pLP6RmARKCixO4Q/MX3Nmz0/kXmy6chbRVE0kLAoymLaQyFqKb+aLSyBGYt0Md1TGuJiMS72egVa3swb5QJ+3QfLhZMBa83j7fKlvv3HHi/gtTkE5rwAdL7L4qGyq94bavvT5MNhwHO7dwcCJzztbCt68thnI0V1lCExI6jBrg+Sh++v5NUXHXKFaowqF1nVLaEHnlRuNmj0d2G8bPeEPtf90JVmJYw==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.241.67.132)

smtp.mailfrom=ohiostateuniversity52784.onmicrosoft.com; dkim=none (message

not signed) header.d=none;dmarc=none action=none

header.from=ohiostateuniversity52784.onmicrosoft.com;

Date: Tue, 03 Mar 2026 01:53:17 +0100

From: "AAA Safety Update"

Reply-To: support.e0k4pdduu5lb5@ohiostateuniversity52784.onmicrosoft.com

To: doctor@doctor.nl2k.ab.ca

Subject: 24 Hours Left to Claim Your Free Kit

X-Mailer: AAA Campaign Mailer v1.0

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="_3e3b4aa1-e54f-49e3-959f-9e8fd3e3f004_"

List-Unsubscribe:

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Message-ID:

<11826ed4-7564-4b41-8758-ed47487e6342@BL02EPF0001A102.namprd05.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BL02EPF0001A102:EE_|SN7PR07MB9628:EE_

X-MS-Office365-Filtering-Correlation-Id: c82ccaa7-5ba6-4fe4-6111-08de78c02cd4

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam:

BCL:0;ARA:13230040|4022899009|61400799027|36860700013|34020700016|82310400026|376014|8096899003|54012099003|85622059;

X-Microsoft-Antispam-Message-Info:

ANdfcjTBHf/4f3lZB/nsMMvu79v0b14fXFwgMzrqAEn9jDIF+OAu529lUZFWpIUZi4e3lZ2OBC/oq6AVpzoZaSJp1CNvKkauLe3MvYJoRP5WXe27M0qLoLx6weGh5Kqw6DpsShL+3bsGYZ/w927RIxS70dGztURnPdRQ3ygpvY9deUUFaZc8KjDaJ9olDRj6SHdXwYPVR3TW9qZia10yXmc5m+mXaYLI16zMsiYHnFAB7q9rVSG8e4FlrPIBRLphKMOz6UERschUqjnYzaMSmPC7ac86pEmOipLqoVRhH5K0ZyE5Izk2VheH/CV9RiJWBwrYgXzbJe+s/s0Maniw8jw/rM8gZ6WQ//klWY7Q87VGlGIwNQG+O1sPCWV0R7MISXph8+ZvDFLfUAPqOTDeazAfHUbl4oVUcir24VGEYMW4mq//+i4/OpDSD7iguZCAxfy3JHRdAVXdWZcTUeL5Nh87uiG8Gk5quPsxdFGAcrQMq/uVQySvqOMgNYs2p7dDD+qIykCTe8hCOsPsBaXVzUnUqc6Ekiqz06sLjfgVk3ziBodvCCCefdkllZseukqEC5WVgvMR64qXpHZCv/txmd8vY335YGvtDgIUYlOcQKENk3yD6YJJDXaD6HANdwdslG9fQw7sR5pz4MvNnhqkko4zLaMCzeohe13pdJxKRvw5cOobWZPMkTOUoEeii1dn3FbkBq4mvBzXcYQOFR6+ILlt2QpFGmsdjfaN4NBaVRcsbv6AYr6/0RLVNSDfPuQqpLFRMCsIGhSxIiJC/Vs9JRepkxuq9ic3AuD26kX1+qs=

X-Forefront-Antispam-Report:

CIP:103.241.67.132;CTRY:ES;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:ohiostateuniversity52784.onmicrosoft.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(4022899009)(61400799027)(36860700013)(34020700016)(82310400026)(376014)(8096899003)(54012099003)(85622059);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

GoCx9W37ul+/5yXUQ2YzQh9NskywoirUVOxmmUQJtZpFp6rdzf60lEKA924ZBPu/h6DTBnI6rytij/ebBErL0XDXCCuOvdXE+wbYW7McIOdJXUAuFNy8Jj5B9haFi/6o8MJPGrwTp8eHBkm/Rsck1sMD2bwCU8NpR4BMFlPJVcpOF2IhaUtwLHQa7pkjquX8qqpItyAsgo42a4n2Qzo8LZ2nQvBHB7b8wwllpQAUvQmg2e7qjrCEXcVshSoQSZ5G10T9zHqon+Vu1/R9yUhCQiO9kcrda53onb3vSdEA7B1hmlLZm20PBZVxx9kTctAfSzMW8AQHAHoaSrqQsS9XEUus1yYHQY5Tqz7MCM57AS+PeEFFCH6ruQun9P7MBTxf6J6IUlmZ9+fnxC3+pz3Cu+y3s0qaraIoG2R6YO2imxU1rcs5HlTtdKXxPBpOd4eK

X-OriginatorOrg: ohiostateuniversity52784.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2026 00:59:51.2553

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: c82ccaa7-5ba6-4fe4-6111-08de78c02cd4

X-MS-Exchange-CrossTenant-Id: 879e33ec-cf75-4093-82ee-7d9b07a688a8

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=879e33ec-cf75-4093-82ee-7d9b07a688a8;Ip=[103.241.67.132];Helo=[ohiostateuniversity52784.onmicrosoft.com]

X-MS-Exchange-CrossTenant-AuthSource:

BL02EPF0001A102.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR07MB9628

X-Spam_score: 12.9

X-Spam_score_int: 129

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: AAA – Free Car Emergency Kit Your free AAA Emergency Kit

+ exclusive member discounts — claim today before supplies run out.



Content analysis details: (12.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

[40.93.195.88 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.93.195.88 listed in dnsbl.ahbl.org]

[40.93.195.88 listed in dnsbl.ahbl.org]

[40.93.195.88 listed in dnsbl.ahbl.org]

[40.93.195.88 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.93.195.88 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.93.195.88 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.93.195.88 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.93.195.88 listed in dnsbl.ahbl.org]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[40.93.195.88 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[40.93.195.88 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.93.195.88 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[support.e0k4pdduu5lb5(at)ohiostateuniversity52784.onmicrosoft.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[benefits.1g5(at)ohiostateuniversity52784.onmicrosoft.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[benefits.1g5(at)ohiostateuniversity52784.onmicrosoft.com]

NetKnow still in NetCraft's Top 10900 part 2

Posted by Dave Yadallee on

4Web





4web ranks >2000000 from >2000000 .



Alentus / Wolfpaw





Alentus

rank by Netcraft >2000000 from >2000000 and I note they are hosted in the USA .

wolfpaw.net

which ranks at >2000000 from >2000000



Yellowpencil





Yellowpencil Ranks >2000000 from >2000000



WSI Corporation





Next is WSI - We Simply The Internet of Toronto

at Netcraft Position >2000000 from >2000000 and are being hosted on Amazon.



Uniserve / Interbaun





Next, Uniserve

ranks on Netcraft >2000000 from >2000000

One of their acquisitions

interbaun

ranks with Netcraft ?????? from ?????? due to merging of sites.

One customer just came over from this organization in Nov 2006.



Clearwave Broadband





Clearwave Broadband ranks

at >2000000 from >2000000



Platinum Communications





Platinum Communications Corp.

bought out by Xplornet .



Wild Rose Internet





Wild Rose Internet

ranks >2000000 from >2000000 and I wonder if this is another wireless branch of Tera-Byte and bought out by Xplornet





TIC Internet





TIC Internet

ranks >2000000 from >2000000 ( I do remember you).



Nisa Custom Internet Solutions





Nisa Custom Internet Solutions

ranks >2000000 from >2000000 by Netcraft



MediaShaker





Media Shakers of Edmonton

ranks >2000000 from >2000000





Koi Media





Koi Media

rank >2000000 from >2000000



WebFire





Webfire.ca

ranks >2000000 from >2000000 and seems to be connected with Shaw.



Core Network Solutions Inc.





Core Network Solutions Inc.

ranks at >2000000 from >2000000 .



The Network Centre





The Network Centre

ranks >2000000 from >2000000 and are linked with Telus high Speed.





Open Concept Internet, Inc.





Open Concept Internet, Inc.

rank > 2000000 from > 2000000





Techalta





Interspots of Edmonton

acquired by Techalta ;



Yegtel





Yegtel rank > 2000000 .



Internet Crossroads





Internet Crossroads Ltd of North Edmonton

rank nothing from nothing by Netcraft and seems to merged with Tera-Byte/ecn.ab.ca .



If I remember anymore, I will add to this entry, before Netcraft changes our ranking. Please watch this space and please feel free to peruse

our services.

NetKnow still in NetCraft's Top 10900 part 1

Posted by Dave Yadallee on
All data is from Netcraft Toolbar .

Looks as if there are major changes to the Netcraft algorithm after some years! Why did Avast clasify the extension as URL:Phishing?

This is not the Alexa Tool Bar!



NetKnow







Netknow now at 10884 from 10853 at Netcraft and pfs compliant



A slight increase! We must do
  1. security audits regularly
  2. check on illegitimate traffic hitting the web server


    3. and
  3. keep design current!




How do we compare with other providers in

Edmonton, Alberta, Canada?



Rogers





Rogers Business Solutions

which rank 4895 from 4863 and are hosted in Europe.



Telus and reviews



Next we have Telus.com

ranked by Netcraft at 5685 from 6286 .

Sometimes their Web Hosting is done by
title="Internet Names for Business">Internet Names for Business

is ranked by Netcraft at >2000000 from >2000000 .



Is Telus's ADSL network susceptible to Code Red Attacks and Attackers?

Reviews of Telus are available :





Netknow again





We at Netknow are at 10884 from 18857 since the start of 2026.



Government of Alberta



The Government of Alberta Website

ranks 14761 from 14791 by Netcraft and seems to hosted on Cloudfare.



City of Edmonton







The City of Edmonton ranks 32596 from 31807 by Netcraft and hosted by Google.



University of Alberta







The University of Alberta ranks 51868 from 51699 hosted by Amazon Techonologies.



Juno and NetZero





We have Juno Internet ranked on top

at 301562 from 309275 who are the owners of

US Based Netzero at Netcraft Rank 78084 from 77026 .



Grant MacEwen University





MacEwan ranks 104997 from 105894 .



NAIT / Northern Alberta Institute of Technology





NAIT ranks 107894 from 106467 hosted by Microsoft .



TekSavvy



TekSavvy ranks 275196 from 264427 and are hosted by Microsoft



Shaw Cable





Next,

members.shaw.ca

ranks >2000000 from >2000000 and retired and

Shaw Cable

is next at Netcraft rank 1170578 from 1172972 . Hosted now by Akamei .

Their Network Hosting Arm,

Big Pipe is at

Netcraft rank 303560 from 303923 and hosted by Akamai in Europe .



Reviews of Shaw are available :





Xplornet



xplornet

ranks >2000000 from >2000000 and are listed with

Cirrus9 and are joining up with Shaw.

Their new domain xplore.ca ranks 399699 from 364551 .

According to an article in the Sherwood Park Independent, they are also getting an Alberta Government subsidy.



Internet Centre / CCINet



Internet Centre

rank 457602 from 458365 . Their partner Rack Nine ranks > 2000000.



Distributel / 3Web / CIA



Cybersurf

is ranked 827288 from 915352 and seems to be hosted in USA by DigitalOcean.



Primus



Primus

ranks >2000000 from >2000000 and now points to BLACKIRON_DataCentres ranked >2000000 from >2000000.



Northern lights Fiber







Northern lights Fiber are ranked by Netcraft >2000000 and uses AWS.



OkayVPN





OkayVPN

are ranked by Netcraft >2000000 and uses Cloudfare.



Radiant Communications / goco.ca





Radiant Communications

are ranked by Netcraft >2000000 and part of goco.ca

which ranks >2000000 .



Tera Byte Edmonton and reviews





Next is Tera-Byte

at Netcraft Rank >2000000 with

Tera-Byte.ca

ranking >2000000 from >2000000 and their wireless arm Tera-Byte Wireless

sold to Xplornet.

One of Tera-Byte's acquisitions

Edmonton Community Networks

ranks at >2000000 from >2000000 and

Go Edmonton ranks >2000000 from >2000000.

Alberta political blogger Daveberta ranks >2000000 from >2000000; interesting!!!

Reviews of Tera-byte is available at

here

and another here

and check Google for more reviews; just search tera byte.



MCSnet





MCSNET ranks >2000000 from >2000000 and are hosted by Microsoft .



Nucleus Internet Services





After that we have

Nucleus Information Services which can be found at Netcraft Rank >2000000 from >2000000 .

Intelcom phish from digitalocean

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 14:25:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxAkp-00000000AaS-2SsR

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 14:24:39 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 14:24:39 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [192.241.168.10] (port=34152 helo=vtwo.tyentusa.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vx9WX-000000007hq-2eow

for root@nk.ca;

Mon, 02 Mar 2026 13:05:57 -0700

Received: from www-data by vtwo.tyentusa.com with local (Exim 4.90_1)

(envelope-from )

id 1vx9Vj-000533-7m

for root@nk.ca; Mon, 02 Mar 2026 20:04:59 +0000

To: root@nk.ca

Subject: Important: Your Package Requires Customs Clearance - 2.96 CAD Due

Date: Mon, 2 Mar 2026 20:04:59 +0000

From: Intelcom

Message-ID: <98b25f0bfcd495f151d0955f06e03eba@tyentshowroom.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_98b25f0bfcd495f151d0955f06e03eba"

Content-Transfer-Encoding: 8bit

X-Spam_score: 7.3

X-Spam_score_int: 73

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Customs Update @media only screen and (max-width:

600px) { .container { width: 100% !important; padding: 20px !important; }

} Customs Clearance



Content analysis details: (7.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Important: Your Package Requires Customs Clearance - 2.96 CAD Due



This is a multi-part message in MIME format.



--b1_98b25f0bfcd495f151d0955f06e03eba

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update

@media only screen and (max-width: 600px) {

.container { width: 100% !important; padding: 20px !important; }

}







Customs Clearance







Your shipment needs additional information to clear customs.





Shipment ID: INTLXXXXXX



Origin: International



Status: Awaiting Clearance



Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.









Intelcom Logistics • Delivering Excellence







--b1_98b25f0bfcd495f151d0955f06e03eba

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update







Customs Clearance









Your shipment needs additional information to clear customs.







Shipment ID: INTLXXXXXX





Origin: International





Status: Awaiting Clearance





Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.











Intelcom Logistics • Delivering Excellence













--b1_98b25f0bfcd495f151d0955f06e03eba--



Intelcom phish from Digital Ocean

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 14:25:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxAl5-00000000Aag-33ge

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 14:24:55 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 14:24:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [192.241.168.10] (port=51378 helo=vtwo.tyentusa.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vx9bQ-000000007tW-0EyB

for sales@netknow.ca;

Mon, 02 Mar 2026 13:10:59 -0700

Received: from www-data by vtwo.tyentusa.com with local (Exim 4.90_1)

(envelope-from )

id 1vx9aY-0008CE-MY

for sales@netknow.ca; Mon, 02 Mar 2026 20:09:58 +0000

To: sales@netknow.ca

Subject: Important: Your Package Requires Customs Clearance - 2.96 CAD Due

Date: Mon, 2 Mar 2026 20:09:58 +0000

From: Intelcom

Message-ID: <8c1ae7d7775d860cd3fee3ac673a805b@tyentshowroom.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_8c1ae7d7775d860cd3fee3ac673a805b"

Content-Transfer-Encoding: 8bit



This is a multi-part message in MIME format.



--b1_8c1ae7d7775d860cd3fee3ac673a805b

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update

@media only screen and (max-width: 600px) {

.container { width: 100% !important; padding: 20px !important; }

}







Customs Clearance







Your shipment needs additional information to clear customs.





Shipment ID: INTLXXXXXX



Origin: International



Status: Awaiting Clearance



Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.









Intelcom Logistics • Delivering Excellence







--b1_8c1ae7d7775d860cd3fee3ac673a805b

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update







Customs Clearance









Your shipment needs additional information to clear customs.







Shipment ID: INTLXXXXXX





Origin: International





Status: Awaiting Clearance





Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.











Intelcom Logistics • Delivering Excellence













--b1_8c1ae7d7775d860cd3fee3ac673a805b--



Intelcom phish from digital Ocean

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 14:25:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vxAku-00000000AaX-3S6F

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 14:24:44 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 14:24:44 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [192.241.168.10] (port=34122 helo=vtwo.tyentusa.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vx9WX-000000007hk-2etl

for doctor@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 13:05:57 -0700

Received: from www-data by vtwo.tyentusa.com with local (Exim 4.90_1)

(envelope-from )

id 1vx9Vj-00051c-0u

for doctor@doctor.nl2k.ab.ca; Mon, 02 Mar 2026 20:04:59 +0000

To: doctor@doctor.nl2k.ab.ca

Subject: Important: Your Package Requires Customs Clearance - 2.96 CAD Due

Date: Mon, 2 Mar 2026 20:04:59 +0000

From: Intelcom

Message-ID: <071ab64dd2628dddf59847613533d17c@tyentshowroom.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_071ab64dd2628dddf59847613533d17c"

Content-Transfer-Encoding: 8bit

X-Spam_score: 7.3

X-Spam_score_int: 73

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Customs Update @media only screen and (max-width:

600px) { .container { width: 100% !important; padding: 20px !important; }

} Customs Clearance



Content analysis details: (7.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

[192.241.168.10 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

[192.241.168.10 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[192.241.168.10 listed in dnsbl.ahbl.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Important: Your Package Requires Customs Clearance - 2.96 CAD Due



This is a multi-part message in MIME format.



--b1_071ab64dd2628dddf59847613533d17c

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update

@media only screen and (max-width: 600px) {

.container { width: 100% !important; padding: 20px !important; }

}







Customs Clearance







Your shipment needs additional information to clear customs.





Shipment ID: INTLXXXXXX



Origin: International



Status: Awaiting Clearance



Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.









Intelcom Logistics • Delivering Excellence







--b1_071ab64dd2628dddf59847613533d17c

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit









Â



Intelcom Customs Update







Customs Clearance









Your shipment needs additional information to clear customs.







Shipment ID: INTLXXXXXX





Origin: International





Status: Awaiting Clearance





Provide Required Information





Need help? Call 1-888-744-1155 or reply to this email.











Intelcom Logistics • Delivering Excellence













--b1_071ab64dd2628dddf59847613533d17c--







✈️ Travel




































Hertz Car Rental


Up to 20% off base rate


Dollar & Thrifty


Up to 15% off rentals


AAA Preferred Hotels


Exclusive AAA rates


Airport Parking


Free reservation + 10% off


Rush My Passport


Exclusive AAA rates








🔧 Automotive






























NAPA Auto Parts


10% off + $22 off batteries


Shell Fuel Rewards


Save 30¢/gal on first fill-up


AAA Approved Repair


7,000+ shops + 24-mo. warranty


CARFAX Report


Exclusive member discount




Mon Tue Wed Thu Fri Sat Sun
Back March '26 Forward
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Archives

Categories

Syndicate This Blog

  • XML

Blog Administration

Open login screen

Powered by

NetKnow Navigation

Home


VPNs


Dialup Service


Web Design


Web Hosting


E-Commerce


Server Colocation


Domain Registration


Web Mail


Support


Testimonials




Client List


FAQs


Interested in NetKnow Services?


Links


Disclaimer


Acceptable Use


Security





Technorati Profile







AddThis Feed Button

Remote RSS/OPML-Blogroll Feed

No RSS/OPML feed selected

Error

serendipity error: could not include serendipity_plugin_statistics:9cbc0e29a86fd9359ac6748399d6ba5b - exiting.

addthis





AddThis Social Bookmark Button









Blog Grade for www.nk.ca/blog

Empire Avenue





Error

serendipity error: could not include serendipity_plugin_freetag:6c39baf097de002d8b1c2e33b9661474 - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:f520e0fa688ba61bd1ed85c0fd80d550 - exiting.

Error

serendipity error: could not include serendipity_plugin_twitter:b18e142d4998b6b0092d068ad858683d - exiting.

Syndicate This Blog

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:7aefbb7ca9b764849be35e938b6fc9b2 - exiting.

Error

serendipity error: could not include serendipity_plugin_twitter:c7a92f670894afa9e3097574359fe38d - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:8b72cc4261ddc7ff15df253b17c29c23 - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:a0bd1a65cd9ff1c3e289829cc26557c4 - exiting.

Error

serendipity error: could not include serendipity_plugin_statistics:dcd26c048e45c234c054530ef1492953 - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:6d4c66aeb83aeb9524a7cc609051cf0f - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:acc1042e790905e499445a6890081492 - exiting.

Error

serendipity error: could not include serendipity_plugin_freetag:158fb50035b12269ec43107b29253af3 - exiting.

Error

serendipity error: could not include serendipity_plugin_topreferers:6b7e3336713d0a60294c7e310ca5cf1a - exiting.

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:d3f047ee6f925c138fae56dcd7a99400 - exiting.

Error

serendipity error: could not include serendipity_plugin_spamblock_bee:5544ace5c8b19bb8592464810b48df10 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_quicksearch:5624ac0b69cdbe32d0cdc40814d7eb41 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_quicksearch:b8387d3a378247c1c9ede46fffb084e1 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_last_query:bacdc0652131449ebc68ebde2bcb9ce2 - exiting.

Error

serendipity error: could not include serendipity_plugin_google_last_query:8c84ca587b64b627d986e9d5ce98ead1 - exiting.