Paypal phish from Google Gmail Part 2

Posted by Dave Yadallee on




















=20



=20



=20

Paypal phish from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 24 Feb 2026 13:18:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuyqc-00000000PXe-3vwP

for dave@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 13:17:34 -0700

Resent-From: The Doctor

Resent-Date: Tue, 24 Feb 2026 13:17:34 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ot1-f74.google.com ([209.85.210.74]:61847)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuwib-000000004aT-0wld

for doctor@nl2k.ab.ca;

Tue, 24 Feb 2026 11:01:18 -0700

Received: by mail-ot1-f74.google.com with SMTP id 46e09a7af769-7d1936b8a7cso67755218a34.3

for ; Tue, 24 Feb 2026 10:00:22 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20230601; t=1771956016; x=1772560816; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=Ap1ui27/yMGg0HZC7UiC5AKznr4Q7yD49Jj9Y4z8tM4=;

b=HQuDFj6XrrdbsSDunp95DtubsEy616161n5+C3jnceQ0qP8Z1x9C0WLSNjazSUest7

0b5RicexjqOgfUqe9Ey0a2lRhrh83nNybEjEHkt5ONnrJiZ9Ul/Z2yJDqer3ipS+yw+u

7AyOyPnk4BgxM5DNc5xEfp+HYO5bentWOxO+McGm8P6GdQUgUK1h2Nx++4a7fVkVgN8r

QHzh70Lf/R4boICT3tOarj4jHmXFUf/ZVEVyvdtZvmqlSgp9sGIO/Mv6dVSxCxFWy9LH

pOTKWTW3PFN8qn6+fbeuJXmeF4fQ9HSF5oeqsaHJdPkyskQ9k6hdb0DvEVc4wcPh5ohW

rKkA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=smksb-org.20230601.gappssmtp.com; s=20230601; t=1771956016; x=1772560816; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=Ap1ui27/yMGg0HZC7UiC5AKznr4Q7yD49Jj9Y4z8tM4=;

b=Non2YatiftVMiJvI2jVFbIECCNPLydw2596CPUOm5i6I737sUWx3FPJE5mlVgLhLdk

J5UV/q8CmaOu6M+Wl2i2WwW5DIRqQCJUoFuuf+cELnXn3b31zVQnRLLKDTKS1OsB9bpt

Dpfpc54u3XCIa+U8fOuDVd4I/YzAkt6GIF0leFNLxSgNJ28l3bvONq34ofcCDXMoy17B

vSi5+JJce3Wnt0FVZaW2L4JO8I6Hq6oPBZTAqD99mbk71A/lumhH8cd2NSINoHU/Ngl8

mCvovI4Gpi9CHbVNaR55+sWItCLW8EKquxNR8xWS++0q/dXs0kuwMNoYxDO32vvV6KFN

kSDg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1771956016; x=1772560816;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Ap1ui27/yMGg0HZC7UiC5AKznr4Q7yD49Jj9Y4z8tM4=;

b=Lr228pFnwc0pzJSPnBBDWJ5mfoYdZLP/WnbrRojTZiM6nl+CERC2gh+QjFlGBCFdxt

zNiU91JPCSXhiMrLHiRVD8QVjdtu/9ee7JuIkxvJt7BIWnazBRYSO5QRQZY6BRe+/frO

+ORb/lGi9ShU8TtWzDRWDJ3WA25g6/DDV0a5WBvsLCcK9e3ZzbZIuDpqs84FRhG6fAh4

qjZtFwZSNFjLpsdhW0uGj28QBG8HjePOdF8efyJw6jASFKhUsh1WOo4O5O/wqCunaXUB

WPeyufY5hbebkWteV4RzELsCbDQwmgXHZ9+fE2DoRFB+Y8yb2cP2tNPEtUmwDx3mDX3u

+gEQ==

X-Forwarded-Encrypted: i=1; AJvYcCUMTIeKTqui2ZPxEkBWVza3GHkmzjI7Dcx4qdZ8tK18XrZZl1PhMn84X9WZMINunzMK8HYE0Vg=@nl2k.ab.ca

X-Gm-Message-State: AOJu0YwuUFqj6HjK4dQ2yNAb4uQjuPFIYrxFKYoyGH0Zp6VSMqb2DVHT

YuozphCX4J+7MeNA5UljF4Hf2M+R6epkdSQwRsmTB/GO2YYX8LBUr7f23QBoz+5lmcQblJnFhIA

g1EHBWaQQKgDRZ26QRmdlfjm988mqLDvDjYtqiSTNv2Tjfw==

MIME-Version: 1.0

X-Received: by 2002:a05:6830:210e:b0:7cf:d150:8251 with SMTP id

46e09a7af769-7d52c1c04e4mt13957058a34.33.1771956016385; Tue, 24 Feb 2026

10:00:16 -0800 (PST)

Reply-To: Chairty Ramos

Sender: Google Calendar

Message-ID:

Date: Tue, 24 Feb 2026 18:00:16 +0000

Subject: Your order {8f8f1fd was approved

From: Chairty Ramos

Content-Type: multipart/alternative; boundary="000000000000f0192b064b95a86a"

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: PayPal Paypal Gateway Financial Transaction Notice Logged

On: 2026-02-25 02:00:11 Aloha, Your financial transaction involving Tether

(USDT) totaling $568.56 has been successfully logged. Record ID: 32 [...]





Content analysis details: (13.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

[209.85.210.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.74 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.74 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

[209.85.210.74 listed in will-spam-for-food.eu.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.74 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

1.9 REPLYTO_WITHOUT_TO_CC No description available.

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Your order {8f8f1fd was approved



--000000000000f0192b064b95a86a

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



UGF5UGFsIFBheXBhbCBHYXRld2F5IEZpbmFuY2lhbCBUcmFuc2FjdGlvbiBOb3RpY2UgTG9nZ2Vk

IE9uOiAyMDI2LTAyLTI1ICANCjAyOjAwOjExIEFsb2hhLCBZb3VyIGZpbmFuY2lhbCB0cmFuc2Fj

dGlvbiBpbnZvbHZpbmcgVGV0aGVyIChVU0RUKSB0b3RhbGluZyAgDQokNTY4LjU2IGhhcyBiZWVu

IHN1Y2Nlc3NmdWxseSBsb2dnZWQuIFJlY29yZCBJRDogMzJlNzg5NTcxNWJhIFdhbGxldCAgDQpJ

ZGVudGlmaWVyOiBlNDM5ODc1OS0wODBhLTQyNTgtOGNmZS1mNjNhYmJiNGM5NWUgVW5pdHM6IDIu

NyBUaGlzICANCmRvY3VtZW50YXRpb24gaXMgaXNzdWVkIGZvciByZWNvcmQta2VlcGluZyBhbmQg

b3BlcmF0aW9uYWwgdHJhY2tpbmcuIElmICANCmRpc2NyZXBhbmNpZXMgYXJlIGlkZW50aWZpZWQs

IGtpbmRseSByZWFjaCBvdXQgaW1tZWRpYXRlbHkuIEN1c3RvbWVyICANCkhvdGxpbmU6ICg4MTAp

LTI4OCA0NTA1IFBheXBhbCAgDQpDcmVkaXQgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4N

Cg0KWW91ciBvcmRlciB7OGY4ZjFmZCB3YXMgYXBwcm92ZWQNClR1ZXNkYXkgRmViIDI0IOKLhSA5

cG0g4oCTIFdlZG5lc2RheSBGZWIgMjUsIDIwMjYg4ouFIDg6MzBwbQ0KUGFjaWZpYyBUaW1lIC0g

TG9zIEFuZ2VsZXMNCg0KDQoNCk9yZ2FuaXplcg0KQ2hhaXJ0eSBSYW1vcw0KamlkYW11c3NhQHNt

a3NiLm9yZw0KDQo=

--000000000000f0192b064b95a86a

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

PayPal Phish from Google Gmail Part 5

Posted by Dave Yadallee on

/InformAction">
emtype=3D"http://schema.org/EmailMessage">
ntent=3D"Ashley Rumel: PayPal Paypal Credit Official Processing Receipt Gen=

erated: 2026-02-25 01:59:46 Greetings, We confirm that your request relatin=

g to Tether-USDT with a declared value of $583.85 has been accepted by our =

system. Receipt Number: 6713fe27642e E-Wallet Reference: 9a2d088d-0c8c-474d=

-be4b-21df1a522e13 Processing Quantity: 3.5 The transaction is scheduled fo=

r routine monitoring and final confirmation within our network. For urgent =

matters, contact our service department. Customer Service Line: { 1-810- 29=

3-0364 } COINBASE EXCHANGE PVT LTD PAYMENT Exchange Services . . . . . . . =

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .=

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . =

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .=

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . =

. . . . . . . . . . . . . . . . . . . . . . . . . . . . ."/>
emprop=3D"object" itemscope itemtype=3D"http://schema.org/Event">
prop=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>
emprop=3D"publisher" itemscope itemtype=3D"http://schema.org/Organization">=


=3D"eventId/googleCalendar" content=3D"idu03a67hhtandn364sosojs60"/>
tyle=3D"display: none; font-size: 1px; color: #fff; line-height: 1px; heigh=

t: 0; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidden;"=

itemprop=3D"name">Dear account holder Acknowledgment for your order no {a1=

96473
=3D"0" role=3D"presentation" align=3D"center" style=3D"width:100%;" class=

=3D"body-container">

-[if mso | IE]>
=3D"presentation">
tbody>
=

 

ellspacing=3D"0" role=3D"presentation" align=3D"center" style=3D"width:100%=

;" class=3D"">

mscope itemtype=3D"http://schema.org/EmailMessage">


on">PayPal
Paypal Credit Official Processing Receipt

Generated: 2026-0=

2-25 01:59:46

Greetings,

We confirm that your request relating to Tethe=

r-USDT with a declared value of $583.85 has been accepted by our system.

=

Receipt Number: 6713fe27642e
E-Wallet Reference: 9a2d088d-0c8c-474d-be4b=

-21df1a522e13
Processing Quantity: 3.5

The transaction is scheduled fo=

r routine monitoring and final confirmation within our network.

For urgen=

t matters, contact our service department.

Customer Service Line: { 1-810=

- 293-0364 }

COINBASE EXCHANGE PVT LTD PAYMENT Exchange Services
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
=

.
.
.
.
.


0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"cente=

r" style=3D"width:100%;" class=3D"">

px #dadce0; border-radius: 8px; direction: rtl; font-size: 0; padding: 24px=

32px; text-align: left; vertical-align: top;" class=3D"main-container-inne=

r">

13px; text-align: left; direction: ltr; display: inline-block; vertical-al=

ign: top; width: 100%;overflow: hidden; word-wrap: break-word;">
er=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D=

"100%" class=3D"main-column-table-ltr" style=3D"padding-right: 32px; paddin=

g-left: 0;;table-layout: fixed;">

yle=3D"padding:0; vertical-align:top;">
" cellspacing=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-lay=

out: fixed;">

ord-break: break-word;;padding-bottom:2px;">

;Google Sans', Roboto, sans-serif;font-weight: 400; font-size: 22px; li=

ne-height: 28px;color: #3c4043; text-decoration: none;" class=3D"primary-te=

xt" role=3D"presentation">Dear account holder Ackno=

wledgment for your order no {a196473

"font-size: 0; padding: 0; text-align: left; word-break: break-word;;paddin=

g-bottom:24px;">

ormal; font-weight: 400; font-size: 14px; line-height: 20px; letter-spacing=

: 0.2px;color: #3c4043; text-decoration: none;" class=3D"primary-text" role=

=3D"presentation">Wednesday Feb 25, 2026 =E2=8B=85 12am=

=E2=80=93 11:30pm (Eastern Time - New York)

style=3D"font-size: 0; padding: 0; text-align: left; word-break: break-word=

;;padding-bottom:24px;">

style: normal; font-weight: 400; font-size: 14px; line-height: 20px; letter=

-spacing: 0.2px;color: #3c4043; text-decoration: none;" class=3D"primary-te=

xt" role=3D"presentation">
=3D"0" role=3D"presentation" style=3D"padding-bottom: 4px;">


ss=3D"primary-text" style=3D"font-size: 14px;color: #3c4043; text-decoratio=

n: none;font-weight: 700;-webkit-font-smoothing: antialiased;margin: 0; pad=

ding: 0;">Organizer


pan class=3D"notranslate">
e=3D"display: inline-block;;color: #3c4043; text-decoration: none;" href=3D=

"mailto:chatri0123x@renewalmfok.org">Ashley Rumel
=3D"organizer" itemscope itemtype=3D"http://schema.org/Person">
op=3D"name" content=3D"Ashley Rumel"/>
hatri0123x@renewalmfok.org"/>

class=3D"secondary-text underline-on-hover" style=3D"display: inline-block=

;;color: #70757a; text-decoration: none;" href=3D"mailto:chatri0123x@renewa=

lmfok.org">chatri0123x@renewalmfok.org

le=3D"font-size: 0; padding: 0; text-align: left; word-break: break-word;;p=

adding-bottom:24px;">

le: normal; font-weight: 400; font-size: 14px; line-height: 20px; letter-sp=

acing: 0.2px;color: #3c4043; text-decoration: none;" class=3D"primary-text"=

role=3D"presentation">
"0" role=3D"presentation" style=3D"padding-bottom: 4px;">


=3D"primary-text" style=3D"font-size: 14px;color: #3c4043; text-decoration:=

none;font-weight: 700;-webkit-font-smoothing: antialiased;margin: 0; paddi=

ng: 0;">Guests

(Guest list has been hidden at organiz=

er's request)


--00000000000088e6c9064b95a704--

Paypal Phish from Google Gmail Part 4

Posted by Dave Yadallee on








Paypal Phish from Google Gmail Part 3

Posted by Dave Yadallee on


=20



=20



=20



=20







Paypal Phish from Google Gmail Part 2

Posted by Dave Yadallee on

schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

















Paypal Phish from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 24 Feb 2026 13:18:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuyqS-00000000PXI-2DT9

for dave@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 13:17:24 -0700

Resent-From: The Doctor

Resent-Date: Tue, 24 Feb 2026 13:17:24 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f74.google.com ([209.85.161.74]:45336)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuwiE-000000004Yk-3DBQ

for doctor@nl2k.ab.ca;

Tue, 24 Feb 2026 11:00:56 -0700

Received: by mail-oo1-f74.google.com with SMTP id 006d021491bc7-679c6ef1538so46999395eaf.3

for ; Tue, 24 Feb 2026 09:59:59 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20230601; t=1771955993; x=1772560793; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=UAvIwWiTNPfbB1R+vAtk2nZhSk6d0sQ++OLcQrvq9pc=;

b=jW3KUvTfK6pgaalBxYIPhz8NSo3FNa8GTyQIgOGGDptEiQmm1c8f3axK670BOXpIwp

u1BJkE5wRQQH8uC9WH9bPlbnn5f5XYRhFDrApmmZb7rv9QV/9X3M9uiH6ZLwTkyg4dO4

acgq9OuNQDImVOY0L5e8ykBHUKU5i6qu7OFukuenQY/rT/lZvr2fJkTQaL0IxQuXDI29

zeIekZprb999CJDsDyXbls7TCtOOSmarhsvYZoez8a6gAmMiPoe49XfUz7yqYPQn7epi

sum/UvkmZKWkl+9BAtAvBZGZ1rH22XatJkO25M1M8lci3aT06LLUQIhTm86ybNMAVYkS

NjbA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=renewalmfok-org.20230601.gappssmtp.com; s=20230601; t=1771955993; x=1772560793; darn=nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=UAvIwWiTNPfbB1R+vAtk2nZhSk6d0sQ++OLcQrvq9pc=;

b=KrzAKzXq64oy2eTVUjyUQxtqO48iDF8/mHxvWYwQHn+FWKp127DdwcjElRh8Lk33T6

1ZGSEw57t8+UXNBdmE7lnV0u2BzDZy0skUa+am3UDSi0AlHicZa7No54WR8RVqmDHbB9

swTD4WKbIsoup/WnQED2j4Ch58kqri3PwJ23HXvo5d4m+ylUAmVj37CNAMNhyL8rYPBO

VNSZZ0jWRFyT3xrtJJ2jWcdbOqBPe9EzD568kVBsu5cP0n0LRdgwMB1LzXyQFv3Wc89h

LbhLW9+2lKgWEYJ9SLTDZOD64qSGvjVYERUYmwnAp6FG0eu/VjKyn2ycv82D2JzYn4m5

CKxA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1771955993; x=1772560793;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=UAvIwWiTNPfbB1R+vAtk2nZhSk6d0sQ++OLcQrvq9pc=;

b=xBmRFnt2D9vq1teIyKO073994aL0WN2MkzzJ8fV1ETK4nXuHikHeQlLyJDqanP2d+x

wGiAKXgfD/GBY8Dxj0PM4tbL33Q2PJABo9AuhrCtcvzQZUGF00A5Aapn1t0/dgDq1lKi

UXk/Wv7nffCWS6wj5+Orm37ZOFfjTCPRUn0/n6siWhjLptnsTztOhSWaOSay5hvAIE58

UAt92LzScJy+r/us40V73aJKeXwLpACULD/mzM0zYtLLSyJC5RqORvaMm9uIDhgPRLpg

PKg+/49q4IfQ0iZVsQqoWpWPRYEk7h4bkHYgxOpJx+7Yorlir/AlMXMkLXnIElfnNMhP

O1fw==

X-Forwarded-Encrypted: i=1; AJvYcCVBg6TNP5NLQos18BKuvwLbdo8ixRRUkZ2dAis+zYLQHfUpd49Xuvy3ROQFsloGyOGSNHGw2KI=@nl2k.ab.ca

X-Gm-Message-State: AOJu0YyfIy6CWda9Lwv4foVZWt7vwnrxxhTGxKx2OzaYYvQQVTs5KyCr

V9l61X050+BB/RGQ2CdryyD5LQFdXfqs0s1LuiX2l6XO7lehOYUZYRcC4fmMNIoNy5AExhhQAx3

oWR6SFxYhc/CCyxGlGeZwMzcezVURmTn5ues5h5EI2jy3Ag==

MIME-Version: 1.0

X-Received: by 2002:a4a:da52:0:b0:679:dcb5:b84a with SMTP id

006d021491bc7-679dcb5bc82mt2629928eaf.57.1771955992939; Tue, 24 Feb 2026

09:59:52 -0800 (PST)

Reply-To: Ashley Rumel

Sender: Google Calendar

Message-ID:

Date: Tue, 24 Feb 2026 17:59:53 +0000

Subject: Dear account holder Acknowledgment for your order no {a196473

From: Ashley Rumel

Content-Type: multipart/alternative; boundary="00000000000088e6c9064b95a704"

X-Spam_score: 9.4

X-Spam_score_int: 94

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: PayPal Paypal Credit Official Processing Receipt Generated:

2026-02-25 01:59:46 Greetings, We confirm that your request relating to Tether-USDT

with a declared value of $583.85 has been accepted by ou [...]



Content analysis details: (9.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.74 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

1.2 MISSING_HEADERS Missing To: header

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.74 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.74 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.74 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.74 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.74 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

3.0 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Dear account holder Acknowledgment for your order no {a196473



--00000000000088e6c9064b95a704

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



UGF5UGFsIFBheXBhbCBDcmVkaXQgT2ZmaWNpYWwgUHJvY2Vzc2luZyBSZWNlaXB0IEdlbmVyYXRl

ZDogMjAyNi0wMi0yNSAgDQowMTo1OTo0NiBHcmVldGluZ3MsIFdlIGNvbmZpcm0gdGhhdCB5b3Vy

IHJlcXVlc3QgcmVsYXRpbmcgdG8gVGV0aGVyLVVTRFQgIA0Kd2l0aCBhIGRlY2xhcmVkIHZhbHVl

IG9mICQ1ODMuODUgaGFzIGJlZW4gYWNjZXB0ZWQgYnkgb3VyIHN5c3RlbS4gUmVjZWlwdCAgDQpO

dW1iZXI6IDY3MTNmZTI3NjQyZSBFLVdhbGxldCBSZWZlcmVuY2U6ICANCjlhMmQwODhkLTBjOGMt

NDc0ZC1iZTRiLTIxZGYxYTUyMmUxMyBQcm9jZXNzaW5nIFF1YW50aXR5OiAzLjUgVGhlICANCnRy

YW5zYWN0aW9uIGlzIHNjaGVkdWxlZCBmb3Igcm91dGluZSBtb25pdG9yaW5nIGFuZCBmaW5hbCBj

b25maXJtYXRpb24gIA0Kd2l0aGluIG91ciBuZXR3b3JrLiBGb3IgdXJnZW50IG1hdHRlcnMsIGNv

bnRhY3Qgb3VyIHNlcnZpY2UgZGVwYXJ0bWVudC4gIA0KQ3VzdG9tZXIgU2VydmljZSBMaW5lOiB7

IDEtODEwLSAyOTMtMDM2NCB9IENPSU5CQVNFIEVYQ0hBTkdFIFBWVCBMVEQgIA0KUEFZTUVOVCBF

eGNoYW5nZSAgDQpTZXJ2aWNlcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLg0KDQpEZWFy

IGFjY291bnQgaG9sZGVyIEFja25vd2xlZGdtZW50IGZvciB5b3VyIG9yZGVyIG5vIHthMTk2NDcz

DQpXZWRuZXNkYXkgRmViIDI1LCAyMDI2IOKLhSAxMmFtIOKAkyAxMTozMHBtDQpFYXN0ZXJuIFRp

bWUgLSBOZXcgWW9yaw0KDQoNCg0KT3JnYW5pemVyDQpBc2hsZXkgUnVtZWwNCmNoYXRyaTAxMjN4

QHJlbmV3YWxtZm9rLm9yZw0KDQo=

--00000000000088e6c9064b95a704

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

AAA Safety kit phish from Microsoft Outlook Part 4

Posted by Dave Yadallee on




Millions across the US north-east remain under a state of emergency after a severe winter storm brought nearly two feet of snow in some places, along with high winds and cold temperatures. Parts of Canada's Atlantic Coast have also been affected.



New York's Central Park recorded almost 20in (51cm) of snow, according to the National Weather Center, and Providence, Rhode Island, received 33in (83cm) of snow, smashing the existing record for the single greatest snowstorm, 28.6in (72.6cm) set in February 1978.



The snow has started to taper off, but with so much on the ground, it could take several days for life to return to normal on the East Coast.



Here is where things stand at the moment:



In New York, a travel ban that brought the city of over 8 million to a near standstill has been lifted

NYC Mayor Zohran Mamdani - who has been in office for only two months and has already experienced two major snow storms - announced that millions of students are taking a full snow-day off, meaning they did not have to attend online instruction or in-person school

No deaths have been recorded in New York as a result of the storm, Mamdani said at a news conference. The last storm in New York in January left 19 people dead

In neighbouring Connecticut and New Jersey, there are concerns that falling trees and branches loaded down by snow could lead to dangerous road conditions and more power outages

Massachusetts appears to have been hit the hardest with power outages. More than 284,000 households and businesses are without power, according to blackout tracker PowerOutage.us

Thousands of flights in and out of the affected area have been cancelled

In Rhode Island and Connecticut, state bans on non-essential travel are in place until further notice

Massachusetts Governor Maura Healey, who activated the state's National Guard ahead of the storm, told residents to check on neighbours and the elderly and "stay off the roads"



We are ending out live coverage for today, but you can read more about the blizzard and its aftermath here: More than 5,000 flights cancelled as US east coast digs out of record snow



'A very unique experience' - New Yorkers and visitors react to winter stormpublished at 22:25 23 February

22:25 23 February

Berliner Peggy Ferber speaks to Reuters from Times SquareImage source, Reuters

Image caption,



Berliner Peggy Ferber woke up early to visit Times Square in the snow



New Yorkers are no strangers to snow, but resident Mickey Blank says it "doesn't happen too often in the city that the road is covered and you have to go through mountains of snow".



Speaking to news agency Reuters, she describes today's conditions as "a very unique experience".



Some visitors to the city have been charmed by the conditions too.



Berliner Peggy Ferber is temporarily living in New York, and describes it as a "very special moment". She says she "woke up early" this morning to visit Times Square. It is "crazy" to see it "so empty", she says.



Sylvain Roy is visiting from Lille in France, and describes seeing snow in New York as "perfect".



Here are some pictures from around the city today:

A New York Street blanketed in snow with the skyscrapers of Lower Manhattan in the backgroundImage source, Getty Images

Image caption,



A thick blanket of snow left parts of Manhattan eerily quiet

People building a snowman in Times SquareImage source, Getty Images

Image caption,



People building a snowman in Times Square

A person in grey hooded coat and backpack walks through the snow outside Radio City Music HallImage source, Getty Images

Image caption,



There was no stopping some New Yorkers

A car coming through a large arch at the end of a bridge during a blizzardImage source, Getty Images

Image caption,



A travel ban meant there were very few cars on the road

People sledding on fresh snowImage source, Reuters

Image caption,



And a full snow day allowed many children to take to the parks with sleds

Cape Cod worst-hit by power outages in Massachusettspublished at 22:21 23 February

22:21 23 February



In Massachusetts, the county that contains the wealthy seaside enclave of Cape Cod is struggling to restore electricity.



More than 156,000 customers were without power in Barnstable County as of Monday evening, according to PowerOutage.us.



Entire neighbourhoods are without power, according to local media, due to strong winds blowing down trees laden with heavy snow, severing power lines.



Local power utility companies say they are working to rapidly restore service, but are being hampered by blowing snow and poor visibility. They plan to bring in work crews from neighbouring states.









--_0a435d48-51ac-44dd-ae80-3a94c99c8273_--

AAA Safety kit phish from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content preview: Your AAA safety kit reservation is available. Confirm your

delivery details while supplies remain. 🚗 AAA Member Safety Rewards Your

Roadside Kit Is Ready AAA members may qualify for a complimentary roadside

safety kit designed to help you stay prepared wherever you travel. Secure

your kit now while this member benefit is still available.



Content analysis details: (16.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.101.193.75 listed in dnsbl.ahbl.org]

[52.101.193.75 listed in dnsbl.ahbl.org]

[52.101.193.75 listed in dnsbl.ahbl.org]

[52.101.193.75 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.101.193.75 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.101.193.75 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.101.193.75 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.101.193.75 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

[52.101.193.75 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.101.193.75 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[support.wfwp3jh1u7cwtexvhzgsfl0dypmv9m(at)harvardmedical84243.onmicrosoft.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.101.193.75 listed in wl.mailspike.net]

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 VOWEL_URI_6 URI hostname with 6 consecutive vowels

0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} Confirmation Needed For Your AAA Kit



--_0a435d48-51ac-44dd-ae80-3a94c99c8273_

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

















Your AAA safety kit reservation is available. Confirm your delivery details while supplies remain.




































style="max-width:600px;background:#ffffff;border-radius:10px;

border:1px solid #e4e7ef;">































































































































🚗 AAA Member Safety Rewards










Your Roadside Kit Is Ready













AAA members may qualify for a complimentary roadside safety kit designed to help you stay prepared wherever you travel.



Secure your kit now while this member benefit is still available.












🧰 Emergency Tools & Essentials















🔦 Safety Equipment for Roadside Situations















🚗 Compact Kit For Your Vehicle















⭐ Trusted By Thousands Of Drivers









style="background:#e21b23;

color:#ffffff;

padding:16px 42px;

text-decoration:none;

border-radius:7px;

font-weight:bold;

font-size:17px;

display:inline-block;">



🚗 GET MY AAA KIT













✔ Simple request process

✔ Limited supply available

✔ One per household




⭐ AAA drivers appreciate the convenience and reliability of this safety kit for everyday travel.




AAA Member Services










style="color:#ffffff;text-decoration:underline;">



Unsubscribe
















AAA Safety kit phish from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 24 Feb 2026 13:17:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuyph-00000000PV5-0jQU

for dave@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 13:16:37 -0700

Resent-From: The Doctor

Resent-Date: Tue, 24 Feb 2026 13:16:37 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-northcentralusazon11020075.outbound.protection.outlook.com ([52.101.193.75]:57203 helo=CH1PR05CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuvVe-0000000016S-0t6w

for doctor@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 09:43:50 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=ZDgGSu30BbFuXv+3NTwgxtOoEhya8/fSVDDtwgjEX/W8KQJ/iUfXNlyrmcGCXsswikyJqa5dvHpMXCeYfdmUh62UX7TrOFIZB0cvq4auRDdlfLJpuxRjJ1r6f8EaH8EYUozvs6cP5mwwpBCEUZaQLrSeuxGGkahhCUWcQD3EOLtGrfJXJBm5fJj2sjn9xcFAT/E61S+qDkb3qC1+ibc6OYACTDFj5GNs1FumBAIfNqU423NZ7o/fNwMxHq4OrDJOzauFw7ZMj/D9Hs/bbqCc+j5Ed189GCo0noDd/StCQXhnSZRnrm95KszMDA4EsgkVguxE6GPumq1g23ZIuX+IWg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=1RpGIMcdiXS2jYoPBWGyl2NGyjcBs7UtIy0HN0alNDA=;

b=rngjxfE8EwTXZwwYO+X4RizV3a++eQr7iD19Dwm720YKfhsCI3S1KExQamUdfiL9ehv2muEK0hjCJO+Z2WbOhMmPzfX6sEZtsQqOM1It8t+/mk62VzPh9kVCkUZtzNAUWH6PExdTdoflSIh7AnX4aXPZhYQX6X+s5MngTscZNu+AKwuawHEk42x4pRUzbEvtLmId5jcXWXb2u5JNKbvsjPlD0fSYaFc6htpEeCcEEx+ZKgEjt+s/C96xP6YzNXz60rYTS571lgwIJfH/ay/3tj041ODAIGE4JVRupk4Bc8u2JG3XLOaTrJjwGmi5B049qwOo3C1H5k6wI881Nh93fA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

185.139.228.109) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=harvardmedical84243.onmicrosoft.com; dmarc=none action=none

header.from=harvardmedical84243.onmicrosoft.com; dkim=none (message not

signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=harvardmedical84243.onmicrosoft.com;

s=selector1-harvardmedical84243-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=1RpGIMcdiXS2jYoPBWGyl2NGyjcBs7UtIy0HN0alNDA=;

b=JpOQ6JJn/pfDyILpfJt+SPs1PoWEQmx9UskiviKJYYukcHMCVnTXWfsOOPtjzYxeerTFZQNguHQ8NDOTKfvdwELfNHRVA5IXejtbsk5B5L6Y8CQ1FGqnde6XPK58uq8b8+vWGLbZwupakRSbXhZsSkX/jOQr6L5rP4SapI+Dex3G+o93e1SyNnltKNNwtaXobqiXgoR+Cr52yMiPvOfhjIe2W24GNmwclADQuJu4jXDB2lta5OzIlZcI76mjCwyTCWJnwy+fpJa1Zl9BtqM32LfPgDaI1MNG+mbtvVRVQKRB+d9rycrDuxcv7klCoy1vTRQx9HWeH/On2/HHLKFtMg==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.139.228.109)

smtp.mailfrom=harvardmedical84243.onmicrosoft.com; dkim=none (message not

signed) header.d=none;dmarc=none action=none

header.from=harvardmedical84243.onmicrosoft.com;

Date: Tue, 24 Feb 2026 17:40:16 +0100

From: AAA Member Notice

To: doctor@doctor.nl2k.ab.ca

Subject: Confirmation Needed For Your AAA Kit

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="_0a435d48-51ac-44dd-ae80-3a94c99c8273_"

Precedence: bulk

X-Feedback-ID: 7748:44291301:campaign:sailthru2dnjisd

X-TM-ID: 20260224052743.44291301.4068652dnjisd

X-Info: Message sent by sailthru.com customer Morning Brew 2dnjisd

X-Info: We do not permit unsolicited commercial email 2dnjisd

X-Info: Please report abuse by forwarding complete headers to 2dnjisd

X-Info: abuse@ linkedin.com

X-Mailer: linkedin.com

X-JMailer: aws-campaign-mailer-4.sailthru.cloud

List-Unsubscribe-Post: List-Unsubscribe=One-Click

X-Unsubscribe-Web: https://link. linkedin.com/oc/r94eejqcrn3ggjvvup1cmhekwqa5begtudfd8y45ei3hvs3ywv1h2lfblfhewxofavew8qthuvcme8.2f7e7/97443e94

List-Unsubscribe: ,

X-rpcampaign: stlma4429132dnjisd

Message-ID:

<8409c410-033a-406d-b536-531fb7cfe4e9@BN1PEPF00006002.namprd05.prod.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: BN1PEPF00006002:EE_|LV5PR17MB7818:EE_

X-MS-Office365-Filtering-Correlation-Id: 875a082a-e759-4358-021f-08de73c3bda8

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam:

BCL:0;ARA:13230040|4022899009|61400799027|376014|36860700013|34070700014|82310400026|85622059|54012099003|8096899003;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?YWxQQTNWUXNuM2l5MENGV1FTWHExbm82NnY3V01sQUJoM0xqemxPQWxwV2M2?=

=?utf-8?B?T2dXUjJhdzcvbk1CNGJXNUh5S0wwQzlOVDBFRnZKL09mckY5cHpoNi9xOWZi?=

=?utf-8?B?bnIxSjhNS2UvdGMwVjF0bzdiV0lXeUlvYmF4OWpJYU03UkkxeGhYaW8rdVNH?=

=?utf-8?B?eVpvTzJLUy9SZ09BN01iY096VGFaZlhsdFByMERNWXluN2prUXdqVzV3cFlY?=

=?utf-8?B?Zm9xWVdYeThpYitCUE9zeFVWRTJNSnRic0E0bnpubEJvZlB6eFRmYjNZMlB4?=

=?utf-8?B?WGdybzkzT1lkWUxTaVlETThtZE1XODMwVmhuNThzb2haUkFFVzc5YlNER2Ra?=

=?utf-8?B?bmRpSjBPWmFiK2p5N3B5cUNYQVRtRnlTYjVOYzJhNnJTTDFocWFhMndTTXE0?=

=?utf-8?B?QmYvcjN6ci9DNmtTMkkzQnIwT2RDc2FKZVpCMnBrU0N4VjVXRVZyNzNTWjZN?=

=?utf-8?B?bDQ5eFJ0aCt2OHpIaXlWdyt0eWszL3B3NEswMXUvYXlSMURBbGRHUmlCZ21w?=

=?utf-8?B?dlVDS0VLRW9xc3ErYlFZS3JxMWpNQjg3UTVIcHJVQ0NDTFFwY0ZpblJJZWRY?=

=?utf-8?B?TXZMMnZGejkraE1mU2VkTXJqUE43VVdrZ0pQeFJHRHlJcTU4bHk2aVpNNDFo?=

=?utf-8?B?S1h0VTdLZm80TFN6NXZMQ3hGZ1Y1bGtUd3liYVllaDJ1bEZWRTNVd1QzclRU?=

=?utf-8?B?QjVUNE1McEthU1F1S3VqSWtQT3BXaUtOTkFkeXR0WGVJd1ZOUmdObFo0aGt0?=

=?utf-8?B?aDB4RDdpUUlUU1VTSmlTVklTNDV1UTRPdHA3ckVyVXhnSGhYdk9Sa2xrb0Yr?=

=?utf-8?B?Uk9ZRXBaWityV01aV3JGdWdxV0pPY2Z1dDh1b3dEcGN1QmVPaXNqYzN2UFFC?=

=?utf-8?B?MVd1cjRldTJRd2t3WXpvSlBtOUIxN0tqQVJCYVh2N094SFNuUE05T2NGZlp6?=

=?utf-8?B?NEpiajRpdS9kZmYraHRBRGtuaVhGQ2xjSmJLS3llbXU4WlRabXE4SW0vNER4?=

=?utf-8?B?VUtwMUZ4eGhFb0Q3ZWdkNHp2cjg2ODl6TThjYWdpWUxEd3BIUzVVejZVTEJN?=

=?utf-8?B?NXNQUGZZd3Z4bi8rSzUxU1VwZDdTejB2VUhZSk5vWERKbXl6TnBqc1ZhYVFp?=

=?utf-8?B?RkM0UlVOLzhtU0c0NWVSLzRaVzlRTUxRU3EzenFlOWlQa3dXeXYwV09nUVli?=

=?utf-8?B?aWpmTk16S0hrRE8xdVFZYzJPblNCaisvdmhiV2VyU1UydGNQcHpWeG91MGU3?=

=?utf-8?B?NlJQcEZoa28yVjJxVHd6c2pHampUK3FEM2hJSDllZmhnY1Z5VmpsTmxIelEx?=

=?utf-8?B?MzhRRG51NUhZVmNqYjdmRHZZbmx4NFpSYnErTHVXcHE2RVNDdzZSclF2VXRQ?=

=?utf-8?B?Z3YxYndKa3JmRDcrZVliYUFLS1ZwQkV5dDlUQkFiL1B4N29yTzR5c2c5VENQ?=

=?utf-8?B?SFFYb2JjT2ZUWlVkSURYbFdKbnZQT0V2Yjg3bW9mdFRxUjVJNkRuN2dnU1lZ?=

=?utf-8?B?MVFVaDR1RlUxTTBibXJGTHhtbnNqSG16MENvWmJ0NlJwS3NIMFlWei9OOFR4?=

=?utf-8?B?OUlsenVocEdhT3hqYXNzTUU5Wit2T2tYME50ZnY4emp1NHNIQ0dFTzdXc3dH?=

=?utf-8?B?VCtBdlA3QjM2WmJ1ZG1Md0xqaDdzWG5UMTBUcitKNjhqc1FMNUxYd29oWndj?=

=?utf-8?B?RzVyV0RyV0hSWnA0Q2p1RHdOeWdKYTNESXRHam5RRDR1T3YvbDlVTDZHa2dr?=

=?utf-8?B?bEZuZmRzbWF6WkJVWHc2SXdRU3g4ODFQVVlRZERPTFErdlhLc2EwQ2lBNUpr?=

=?utf-8?B?MXZkbDllN2hYdzk2N3NkTE5DaGpTWUk0RjRGZ1F6aTFmOXA5RUdQa2R4bUhp?=

=?utf-8?B?VFNVblAzcFozNEJPRmpucThpOUwrdDdjbzlOT013SEthRDhHYmpkS0szT2Jl?=

=?utf-8?B?NC9JWE5YZnJ6ZmZPWCtySG5TMlkrbHdXazBGakJXb3EraGVUd2U1eGFQbHBO?=

=?utf-8?B?cnltdzFPR3RmMFZmSDlpTFcrRDBZT1o3Um95S0xzYXRTYkE0TGk3M0NSeDl0?=

=?utf-8?B?OHhrUDJLQUFZVmlWUFpscVVRR3lpV1NPZnJkbnNjME9pVWw1eXM2SGtqYnVG?=

=?utf-8?B?V1ZjckVEL1lTRjlrQ2V0ZVYwZTFBOFE1c1NSYVBCTkRJMEs0eE1ka3NBSG9S?=

=?utf-8?Q?6LVrc6m0PcgDaqRdDDGxIOs=3D?=

X-Forefront-Antispam-Report:

CIP:185.139.228.109;CTRY:SE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:harvardmedical84243.onmicrosoft.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(4022899009)(61400799027)(376014)(36860700013)(34070700014)(82310400026)(85622059)(54012099003)(8096899003);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

/Uea6cvhnFpbsyo6SlJtQLIKdywj+DjrFlPraY/Wc1JpTj1OscgBKQfjLl1kkM5JD6oHCHbbpxNjNEepzAyJCOYkncYrIw+pN9G12XgHPE7Kls9Ql2jHWeLEnpGldfVEGWVkSe0T9IFTOKkplWII+/EYOUCGNiaGMx4x4P9rxmXDUQpAl69JpfJJfHPYesxEVwSBZ6W/jEqqqMQRE+gOP0AxmVwLVlD7ocWMfCxhziQTA/1gpbGlrrc4qZBWk8fumto9XSl9QAsTfwDEdY7an248rwIn7QzP3gGHlThYq97CHniYRPLa+RC8WJAKl1i/Km/by5OAnmUauCydS9rSSQ8PkpPr/cN0vV60vwGog3GPc2blZ2Kr1E/L5E9L7MQo/NruQDK48aBLAbs0h6P9p5H7RA8mPlh4EtDxHaBGz9I/ykrAuYcIQy98JV7runJl

X-OriginatorOrg: harvardmedical84243.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2026 16:42:46.7836

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 875a082a-e759-4358-021f-08de73c3bda8

X-MS-Exchange-CrossTenant-Id: 387640f3-cfd3-49db-9cf9-c3c38e0301c1

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=387640f3-cfd3-49db-9cf9-c3c38e0301c1;Ip=[185.139.228.109];Helo=[harvardmedical84243.onmicrosoft.com]

X-MS-Exchange-CrossTenant-AuthSource:

BN1PEPF00006002.namprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV5PR17MB7818

X-Spam_score: 16.1

X-Spam_score_int: 161

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Paypal Cryptocurrency phish from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 24 Feb 2026 13:16:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuyov-00000000PSw-0fN6

for dave@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 13:15:49 -0700

Resent-From: The Doctor

Resent-Date: Tue, 24 Feb 2026 13:15:49 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f196.google.com ([209.85.214.196]:41988)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuuim-00000000P8X-41ju

for doctor@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 08:53:23 -0700

Received: by mail-pl1-f196.google.com with SMTP id d9443c01a7336-2ad21f437eeso39498705ad.0

for ; Tue, 24 Feb 2026 07:52:26 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=kb-ac-th.20230601.gappssmtp.com; s=20230601; t=1771948340; x=1772553140; darn=doctor.nl2k.ab.ca;

h=mime-version:subject:from:to:date:message-id:from:to:cc:subject

:date:message-id:reply-to;

bh=D0XUpaHNaNjS5BkxHPnYVtDCV8uAVqfgEi5nVg/IkuM=;

b=bocjgltOgZQq7FYeFS/HTZOxnXrpVCfv/AhrUkiflyrdHTf/VKk63gxoEdN7xjKELL

ls4xoX4XTbAUwbA4WEeDqZ0EBiFDEOm/Lk+HT1BB6dpK/Zwrdke5bsInmMtO5FFnF+bv

wcJmeSiexaMfmnA3nhbQQivDwVdMimfhgp5InDa3Mqr288jJnsm0a38yQsxrZglV95GV

yg6a40s3Oi91r0OcZaQWQGMjISKJbAArx4nj636tWDQ8nEOffzxRtJAeBpv/DiwvbHAV

a+aC/dTxsR/MWJgD946RMSTQ/5qwsmGnf97Ow8HhfZ3xVnb8sKzXCCAgT/Z4WvewTTT0

QucA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1771948340; x=1772553140;

h=mime-version:subject:from:to:date:message-id:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=D0XUpaHNaNjS5BkxHPnYVtDCV8uAVqfgEi5nVg/IkuM=;

b=bv4PsZgFi/7pgUaFWU1rlLmDZ9zd8S18Acd+wDPN/xWI9Txz5ySi4haXuzzwKYc9zb

Jge5x1hg8nanoFNR+HZlJwUWU13vgfnLOahyRcpdZA6IxTv3MWP889BbpwprbBcUnSLA

4oonTERgtLkK5aVFiQvPVXNq9o1yKHtDTq0xbyAYpL0wOr6HP6MNygkFEiafVpkmJ0tt

/18IY0zGSBkW2q4b13Tm5kHd2ANUxD0T2Q7/T26tEo+F8EEHrGzmd1J3AckenKq4C3/I

WZiTP1ArFTF/6E/Fxpx4Reh0A0c7vVpRju5wpOwD3D+wXnCucSTMz+n33F5LwjQg26pw

Hdpg==

X-Gm-Message-State: AOJu0YztwfIiUSVrY62juyDvth3uJ5Tu/xR0boJbWArgo2SqpN09cdzR

xxLalIsEW3ke3Ric2NcGVWTUnEu6GqfNDZ4xTXSie3wA7QS3V9GhnCBf2WIl59jUr0le9RemekU

l/g4zcFRsjmoK

X-Gm-Gg: ATEYQzwiVrGzp1JEE9YcGjjREpEa22Ftf8QiGAmRGMJMC3JYH9P/wKUQrI0n6vFR12T

kFm3YZwrU0kadIuCZFRFTkCRO63pV0WJNfxHzCdraTPWzKaWAPBPuZJTRqchit3BQ+URFATHYBL

qGVzdCGB1mprCvIeMOE26n8La+Xc24LrZJkjA/Bs/Az41TWSQZaByZT014h/LubT0zE5nHgSSuK

gg7c2rH8zD9qjv8ku26EXY5pJEuHXqRfxlNaZ0X/jTwGrPCPxfUBvXT0xumGr+4lKuo3Sa+nV8o

ISE2QheyJUmB1/FnLjwn6RDIXzakFwj2V8bM98kG3HxETx7yW6yMgqdgn9CgTAP9nJeXqECl7Si

BElbCN6BDn+Mvm9pv/4U1/k5kw2OdQSXgPU5TKQ1yWuFslHxDHbkKedsOb/T6IvAfvZC5L/ZhfA

est2vzzeSWfo42TjpVb/dYG7dc6w==

X-Received: by 2002:a17:903:478d:b0:2a0:9934:a3f3 with SMTP id d9443c01a7336-2adbde00864mr2684575ad.24.1771948339658;

Tue, 24 Feb 2026 07:52:19 -0800 (PST)

Received: from pc ([59.153.17.129])

by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ad7500e19fsm114409795ad.59.2026.02.24.07.52.17

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 24 Feb 2026 07:52:19 -0800 (PST)

Message-ID: <699dc933.170a0220.22d14e.f48d@mx.google.com>

Date: Tue, 24 Feb 2026 07:52:19 -0800 (PST)

To:

From: Invoice PayPal

Subject: System Update: NUJ4DZE is Active

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary=ouVax78zTtUVLvLZvM1utJ

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: ppl Invoice



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[59.153.17.129 listed in dnsbl.ahbl.org]

[59.153.17.129 listed in dnsbl.ahbl.org]

[59.153.17.129 listed in dnsbl.ahbl.org]

[59.153.17.129 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[59.153.17.129 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.214.196 listed in list.dnswl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[59.153.17.129 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[59.153.17.129 listed in sbl-xbl.spamhaus.org]

[59.153.17.129 listed in sbl-xbl.spamhaus.org]

0.6 J_CHICKENPOX_23 BODY: 2alpha-pock-3alpha

0.6 J_CHICKENPOX_33 BODY: 3alpha-pock-3alpha

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.214.196 listed in wl.mailspike.net]

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} System Update: NUJ4DZE is Active







Invoice





kPayPals

Invoice Number: RDS73XSE

Date of Issue: February 24,2026

Stripe

2660 Monterey Rd,

San Jose, CA 95111

USA

Billed to



PayPal Stripe User

$657.99 USD due February 24,2026

YOU'VE SENT A PAYMENT OF $657.99 USD TO COINBASE CORPORATION

It may take a few moments for this transaction to appear in your statement.

Issues with this transaction?

If you have any questions about your order, please contact us within 12 hr by calling at +1 803-368-4347.

Description Qty Unit price Amount

Btc Purchased 1 $657.99 USD $657.99 USD

Subtotal $657.99 USD

Total $657.99 USD

Amount due $657.99 USD

Don’t recognize this transaction? Contact PayPal+1 803-368-4347 For dispute/claim

Copyright © 1999-2026 PayPal, Inc. All rights reserved. PayPal is located at 2660 Monterey Rd,San Jose, CA 95111.

Paypal cryptocurrency phish from Google Gmail Part 4

Posted by Dave Yadallee on

/InformAction">
emtype=3D"http://schema.org/EmailMessage">
ntent=3D"Alex Mateer: PayPal Paypal LLC Exchange Confirmation Hi, Your exch=

ange request for Coinbase valued at $547.29 has been verified. Reference Co=

de: 6f161356b3d9 Date & Time: 2026-02-24 23:04:51 Wallet Address: 12606=

0dd-439a-4c0e-8c35-b85918977a4d Qty: 0.019 If this activity was not initiat=

ed by you, please notify us immediately. Customer Service Line: { 1-810- 29=

3-0364 } Paypal Support Team . . . . . . . . . . . . . . . . . . . . . . . =

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .=

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . =

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .=

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . =

. . . . . . . . . . . . ."/>
type=3D"http://schema.org/Event">
http://schema.org/EventScheduled"/>
temtype=3D"http://schema.org/Organization">
=3D"Google Calendar"/>
ent=3D"t8u4aj78hfdb91s5cinmqu4r48"/>
: 1px; color: #fff; line-height: 1px; height: 0; max-height: 0; width: 0; m=

ax-width: 0; opacity: 0; overflow: hidden;" itemprop=3D"name">An arrangemen=

t no. {5cc1743 was made by member
ellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" s=

tyle=3D"width:100%;" class=3D"body-container">=


ss=3D"" align=3D"left">
=

 

=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"c=

enter" style=3D"width:100%;" class=3D"">

" align=3D"left">
">

PayPal
Paypal LLC Exchange Confirmation

=

Hi,

Your exchange request for Coinbase valued at $547.29 has been verifie=

d.

Reference Code: 6f161356b3d9
Date & Time: 2026-02-24 23:04:51
r>Wallet Address: 126060dd-439a-4c0e-8c35-b85918977a4d
Qty: 0.019

If t=

his activity was not initiated by you, please notify us immediately.

Cust=

omer Service Line: { 1-810- 293-0364 }

Paypal Support Team
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.=


.
.
.


lpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" sty=

le=3D"width:100%;" class=3D"">

dce0; border-radius: 8px; direction: rtl; font-size: 0; padding: 24px 32px;=

text-align: left; vertical-align: top;" class=3D"main-container-inner">
-[if mso | IE]>
=3D"presentation">

text-align: left; direction: ltr; display: inline-block; vertical-align: t=

op; width: 100%;overflow: hidden; word-wrap: break-word;">

0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%"=

class=3D"main-column-table-ltr" style=3D"padding-right: 32px; padding-left=

: 0;;table-layout: fixed;">

"padding:0; vertical-align:top;">
spacing=3D"0" role=3D"presentation" width=3D"100%" style=3D"table-layout: f=

ixed;">

eak: break-word;;padding-bottom:2px;">

e Sans', Roboto, sans-serif;font-weight: 400; font-size: 22px; line-hei=

ght: 28px;color: #3c4043; text-decoration: none;" class=3D"primary-text" ro=

le=3D"presentation">An arrangement no. {5cc1743 was=

made by member

g: 0; text-align: left; word-break: break-word;;padding-bottom:24px;">

style=3D"font-family: Roboto, sans-serif;font-style: normal; font-weight: 4=

00; font-size: 14px; line-height: 20px; letter-spacing: 0.2px;color: #3c404=

3; text-decoration: none;" class=3D"primary-text" role=3D"presentation">
an aria-hidden=3D"true">

style=3D"font-size: 0; padding: 0; text-align: left; word-break: break-word=

;;padding-bottom:24px;">

style: normal; font-weight: 400; font-size: 14px; line-height: 20px; letter=

-spacing: 0.2px;color: #3c4043; text-decoration: none;" class=3D"primary-te=

xt" role=3D"presentation">
=3D"0" role=3D"presentation" style=3D"padding-bottom: 4px;">


ss=3D"primary-text" style=3D"font-size: 14px;color: #3c4043; text-decoratio=

n: none;font-weight: 700;-webkit-font-smoothing: antialiased;margin: 0; pad=

ding: 0;">Organizer


pan class=3D"notranslate">
e=3D"display: inline-block;;color: #3c4043; text-decoration: none;" href=3D=

"mailto:supramaikal4@accesskeymf.org">Alex Mateer
=3D"organizer" itemscope itemtype=3D"http://schema.org/Person">
op=3D"name" content=3D"Alex Mateer"/>
pramaikal4@accesskeymf.org"/>

class=3D"secondary-text underline-on-hover" style=3D"display: inline-block=

;;color: #70757a; text-decoration: none;" href=3D"mailto:supramaikal4@acces=

skeymf.org">supramaikal4@accesskeymf.org

tyle=3D"font-size: 0; padding: 0; text-align: left; word-break: break-word;=

;padding-bottom:24px;">

tyle: normal; font-weight: 400; font-size: 14px; line-height: 20px; letter-=

spacing: 0.2px;color: #3c4043; text-decoration: none;" class=3D"primary-tex=

t" role=3D"presentation">
=3D"0" role=3D"presentation" style=3D"padding-bottom: 4px;">


ss=3D"primary-text" style=3D"font-size: 14px;color: #3c4043; text-decoratio=

n: none;font-weight: 700;-webkit-font-smoothing: antialiased;margin: 0; pad=

ding: 0;">Guests

(Guest list has been hidden at organ=

izer's request)


--000000000000f1f978064b93352e--

Paypal cryptocurrency phish from Google Gmail Part 3

Posted by Dave Yadallee on


=20



=20



=20



=20

















Paypal cryptocurrency phish from Google Gmail Part 2

Posted by Dave Yadallee on
--000000000000f1f978064b93352e

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



UGF5UGFsIFBheXBhbCBMTEMgRXhjaGFuZ2UgQ29uZmlybWF0aW9uIEhpLCBZb3VyIGV4Y2hhbmdl

IHJlcXVlc3QgZm9yICANCkNvaW5iYXNlIHZhbHVlZCBhdCAkNTQ3LjI5IGhhcyBiZWVuIHZlcmlm

aWVkLiBSZWZlcmVuY2UgQ29kZTogNmYxNjEzNTZiM2Q5ICANCkRhdGUgJiBUaW1lOiAyMDI2LTAy

LTI0IDIzOjA0OjUxIFdhbGxldCBBZGRyZXNzOiAgDQoxMjYwNjBkZC00MzlhLTRjMGUtOGMzNS1i

ODU5MTg5NzdhNGQgUXR5OiAwLjAxOSBJZiB0aGlzIGFjdGl2aXR5IHdhcyBub3QgIA0KaW5pdGlh

dGVkIGJ5IHlvdSwgcGxlYXNlIG5vdGlmeSB1cyBpbW1lZGlhdGVseS4gQ3VzdG9tZXIgU2Vydmlj

ZSBMaW5lOiB7ICANCjEtODEwLSAyOTMtMDM2NCB9IFBheXBhbCBTdXBwb3J0ICANClRlYW0gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g

LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu

IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4NCg0KQW4gYXJyYW5nZW1lbnQgbm8uIHs1Y2MxNzQz

IHdhcyBtYWRlIGJ5IG1lbWJlcg0KTW9uZGF5IEZlYiAyMyDii4UgMTFwbSDigJMgVHVlc2RheSBG

ZWIgMjQsIDIwMjYg4ouFIDEwOjMwcG0NCkNlbnRyYWwgVGltZSAtIENoaWNhZ28NCg0KDQoNCk9y

Z2FuaXplcg0KQWxleCBNYXRlZXINCnN1cHJhbWFpa2FsNEBhY2Nlc3NrZXltZi5vcmcNCg0K

--000000000000f1f978064b93352e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">