Toronto Dominion Phish
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 13 Jul 2026 16:09:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wjOpC-00000000MB5-26dm
for dave@doctor.nl2k.ab.ca;
Mon, 13 Jul 2026 16:08:30 -0600
Resent-From: The Doctor
Resent-Date: Mon, 13 Jul 2026 16:08:30 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail.mac4boxtek.info ([166.0.192.129]:56179)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wjIxj-000000005G7-2fAg
for root@nl2k.ab.ca;
Mon, 13 Jul 2026 09:53:00 -0600
Received: by mail.mac4boxtek.info for
From: "TD Bank Canada"
To: root@nl2k.ab.ca
Subject: Payment Verification Required: Payment on Hold
Date: 12 Jan 2026 12:51:21 -0300
Message-ID: <20260112125121.B8EDE48451013111@email.ca>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_97055C30.F86430D9"
X-Spam_score: 6.4
X-Spam_score_int: 64
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: You have received a payment of $4,781.22 on July 13, 2026.
For your security, this payment has been placed on hold pending verification.
Please review and approve the payment through your account to c [...]
Content analysis details: (6.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[166.0.192.129 listed in dnsbl.ahbl.org]
[166.0.192.129 listed in dnsbl.ahbl.org]
[166.0.192.129 listed in dnsbl.ahbl.org]
[166.0.192.129 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[166.0.192.129 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[166.0.192.129 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[166.0.192.129 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[166.0.192.129 listed in dnsbl.ahbl.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[166.0.192.129 listed in bl.score.senderscore.com]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
[166.0.192.129 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
1.0 VOWEL_URI_5 URI hostname with 5 consecutive vowels
0.0 LOTS_OF_MONEY Huge... sums of money
Subject: {SPAM?} Payment Verification Required: Payment on Hold
------=_NextPart_000_0012_97055C30.F86430D9
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
k" border=3D"0" alt=3D"TD" src=3D"cid:tdshieldstv1.png" width=3D"67" height=
=3D"60" data-bit=3D"iit">
WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,6=
8,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; B=
ACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligatures=
: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-d=
ecoration-thickness: initial; text-decoration-style: initial; text-decorati=
on-color: initial">
; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(68,=
68,68); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; =
BACKGROUND-COLOR: rgb(253,253,253); TEXT-INDENT: 0px; font-variant-ligature=
s: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-=
decoration-thickness: initial; text-decoration-style: initial; text-decorat=
ion-color: initial" dir=3Dltr align=3Dleft>
You have received a payment of =
$4,781.22 on July 13, =
2026. For your security, this payment =
has been placed on hold pending verification. Please review and approve the=
payment through your account to complete the deposit to your available bal=
ance.
e=3D"CURSOR: pointer; TEXT-DECORATION: none; COLOR: rgb(51,102,153)">
AMILY: helvetica, arial, sans-serif; FONT-WEIGHT: bold; COLOR: rgb(255,255,=
255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 25px; DISPLAY:=
inline-block; PADDING-RIGHT: 25px; BACKGROUND-COLOR: rgb(0,138,0); border-=
radius: 5px" href=3D"https://denall2.nsdns.in/images/yifgtbx/pojmwxd/tk1hug=
n/ink.html" rel=3D"nofollow noopener noreferrer" target=3D_blank>Log In=
Standard message and data rates may apply.
Thank you for choosing TD=
Bank.
This is a servicing message from TD Bank. Please do not reply=
to this email.
Your privacy is our priority. We'll never ask you to=
confirm your account number, PIN, password, or personal information. Learn=
more about our
com_zimbra_url class=3DObject style=3D"CURSOR: pointer; TEXT-DECORATION: no=
ne; COLOR: rgb(51,102,153)">
href=3D"https://www.td.com/privacy-and-security/privacy-and-security/our-p=
rivacy-commitments/td-privacy-code/privacy.jsp" rel=3D"nofollow noopener no=
referrer" target=3D_blank>TD Privacy Code.
------=_NextPart_000_0012_97055C30.F86430D9
Content-Type: image/png; name="tdshieldstv1.png"
Content-Transfer-Encoding: base64
Content-ID:
iVBORw0KGgoAAAANSUhEUgAAAIYAAAB4CAIAAAC4gx2vAAAAA3NCSVQICAjb4U/gAAAEvUlE
QVR4nO2dMWwbVRjHX1BvwD77hlrKNRYMvUpxEcIMJMsxQKu2a9UwtiGZkFKJxQsSA2IrSJ5Q
U5gSXLqVyGuDGhjqStQI4RQJW4pZwsVnyRns2NfhOnSIFKGoNPd97858if6/MbrvPSc/f+/d
++7ey8TF6lsKSOK1//sDgMNAiTigRBxQIg4oEQeUiANKxAEl4oAScUCJOKBEHFAiDigRB5SI
A0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsRxKvqlZXfVTuWT+yjS8ANPKeU/87rBTrvf9AOv
3W+OoV+CEjuVn0xNJfdRpLH/yxbVzMFPRuFgq996sF3d7D3xg52E+iUoAWkjW8zNFHMzSqla
Z2Pt77uN3pPYe8FcwsQ9c6Hsrnz3wY923CMHlGjhWIUfLv00P30zxjahJAbmC0v3Lq3HlS5Q
Eg+TqXzZXY3FCpTERlxWoCROJlP5L2e/0WwESmLGsQpLb3+m08JE9F1Y+utEO5Uvu6vRr7/z
561HnYeanUbENLKmkXGswjmrUDw9M6lXpyjVFhq9Oi+WsFTsaq9XJ9QE6fq9cE+/04h01Y5S
6uDv6FiFOefG5Teu8lqbn75Z6i3wYjFwvZx2v/n175+XagvdwGOEHyzyGRybgoppZBzrfPTr
u8E/+mWoRq9eqi2W3RXGOMZOlGOjxLHOl92V6NdXWsuV5m39fv3AK9UWv/3wvnkqSwrcTxTG
jIKB62j8wPvi108Zge6Zi4woKIlEo1dnfN95dwdQEpVKizwMmkaGMclDSVR4iVLMzVJDoIRA
zSevW4unkSVJ8rizQQ1xrAI1BEoI+IE3fD4ghZhGhrqmgRIajzs/U0OoMzyU0Njq/0UNob5p
BSU0GCUvagUdSmj4dCX268iSJGE8LECWJMsw3KOGmAatXgklZKiJYhoZ0vVQMg5IiQIlZBgz
fJqSKFAiDigRB5SIA0rEASXigBJxQIk4oEQcUEKGWiBRxJI+lJChlhGpQAkZarGdWoCBEhqM
UWtErOdDCQ3GvifqIxYooWEaFjXEf4aBK0kca5oaQn3kBSU0zmXJby9SzyeCEhqMF0pxx5Ug
+1t+qVHIkgRhbBbBxrhkcW3yRrf2gHzQHZQQQJbI4vKbVxlbraEkQT6eXqKGNHr1YUjbj6Kg
JCLXnBuMFHmwXWX0BSVHY6emGCmilNpknWwDJUdgp6bK7mqa/oxkfbvKeC9SQcmr2ffBOwiq
0lzmdXpszlAZM6aRuXZ2fs65zsgPpZEiCkr+jWlk0kb23dzsO7n33rcv8GQopUbhgJ0i6gQr
mTt7/QrlCJMYz27/vrXMThF1gpWkjSz7a67D+nZ1rX1XpwVM73HSDbzlp19pNgIlsdENvFJt
kbFcPwSUxENjt/7JLx/pTCEHnNi5ZJxUWrd1brEOASVaNHbrd57e2or1v/9ACYdROPhj97e1
doV9PvMrgBICo3DwyN/Y7NVrnQ39afy/gJKXMAoHw3A4fD7wg51hOGj3m93A2+o3x3O0N+HM
eTAecBMsDigRB5SIA0rEASXigBJxQIk4oEQcUCIOKBEHlIgDSsQBJeKAEnFAiTigRBxQIg4o
EQeUiANKxAEl4oAScUCJOKBEHFAijhcJGl/TQfHsfQAAAABJRU5ErkJggg==
------=_NextPart_000_0012_97055C30.F86430D9--