NetKnow Corporate Blog

Fedex phish from Microsoft Outlook

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Apr 2025 12:39:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6ZZ8-000000005Nf-1ZqX

for dave@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 12:38:54 -0600

Resent-From: The Doctor

Resent-Date: Sun, 20 Apr 2025 12:38:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cp-smtp-out-2.ac-guyane.fr ([195.98.226.245]:56392)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6ZK1-000000004Wf-0vBO

for doctor@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 12:23:25 -0600

Received: from francais (unknown [98.66.161.195])

by cp-smtp-out-2.ac-guyane.fr (Postfix) with ESMTPA id C0A9E104DD86

for ; Sun, 20 Apr 2025 15:21:17 -0300 (GFT)

DKIM-Filter: OpenDKIM Filter v2.11.0 cp-smtp-out-2.ac-guyane.fr C0A9E104DD86

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ac-guyane.fr; s=mail;

t=1745173278; bh=tsZnUt1iuqc33JHq/+v7k1T/z57AQ4kovLuo02coO/I=;

h=From:Subject:To:Reply-To:Date:From;

b=dQekNxXHyGUAVoMYmPX3Vy1fyyfHcAukopr+0bKS8TBfi5Ock/F3Yn7ke7CDjkuNQ

ZJ4RRqImRWZoeh6TjbJmwjPq/PVFIGHNGki/7jidfFWPDMA9SNti7WhS+J3ZAifCKN

rrzY5p5kZeV4Wx5N55hcwOraNQKNHIt/j38veQzQ=

From: "TrackExpress"

Subject: update your address to let it through 112000115555

To:

Content-Type: multipart/alternative; boundary="Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU"

MIME-Version: 1.0

Reply-To:

Date: Sun, 20 Apr 2025 18:21:18 +0000

Message-Id: <20172025042118A34A514CCE$9107B17224@ac-guyane.fr>

X-Rectorat-Guyane-MailScanner-Information: Rectorat de la Guyane

X-Rectorat-Guyane-MailScanner-ID: C0A9E104DD86.AEB1F

X-Rectorat-Guyane-MailScanner: Clean Message

X-Rectorat-Guyane-MailScanner-SpamCheck: n'est pas un polluriel

X-Rectorat-Guyane-MailScanner-SpamScore: s

X-Rectorat-Guyane-MailScanner-From: odile.antoinette@ac-guyane.fr

X-Rectorat-Guyane-MailScanner-Watermark: 1745778079.08314@z81ttcZskB1nKmxpV0ymCQ

X-Spam-Status: No

X-Spam_score: 12.5

X-Spam_score_int: 125

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FedEx Hello, The delivery address you provided is not sufficiently

precise, which prevented the successful delivery of your parcel.

Content analysis details: (12.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: bigfactspod.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[195.98.226.245 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.0 MIXED_HREF_CASE Has href in mixed case

Subject: {SPAM?} update your address to let it through 112000115555

This is a multi-part message in MIME format

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

FedEx

Hello,

The delivery address you provided is not sufficiently precise, which p=

revented the successful delivery of your parcel.

As a result, your parcel has been returned to our sorting centre.

To allow us to arrange a new delivery as soon as possible, please upda=

te your address by clicking the link below:

CORRECTION FORM https://bigfactspod.com/hdvhbvhdbvhdvbhd.html

Thank you for your understanding. Please don't hesitate to contact us =

if you have any questions.

Kind regards,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

8">

=3D1"> = update your address to let it through 112000115555

NG>Fed
a>Ex

Hello,=

The delivery address you =

provided is not sufficiently precise, which prevented the successful d=

elivery of your parcel.

As a result=

, your parcel has been returned to our sorting centre.

ONT color=3D#000000>To allow us to arrange a new delivery as soon as p=

ossible, please update your address by clicking the link below:=

ctspod.com/hdvhbvhdbvhdvbhd.html" target=3D_blank>
f size=3D6>CORRECTION FORM

r=3D#000000>Thank you for your understanding. Please don't hesitate to=

contact us if you have any questions.

000>Kind regards,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU--

Fedex phish from Microsoft Outlook

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Apr 2025 12:18:00 -0600

Received: from cp-smtp-out-2.ac-guyane.fr ([195.98.226.245]:48792)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6ZE4-000000004Jz-0UqM

for dave@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 12:17:16 -0600

Received: from francais (unknown [98.66.161.195])

by cp-smtp-out-2.ac-guyane.fr (Postfix) with ESMTPA id 57F17102E8F1

for ; Sun, 20 Apr 2025 15:15:10 -0300 (GFT)

DKIM-Filter: OpenDKIM Filter v2.11.0 cp-smtp-out-2.ac-guyane.fr 57F17102E8F1

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ac-guyane.fr; s=mail;

t=1745172911; bh=tsZnUt1iuqc33JHq/+v7k1T/z57AQ4kovLuo02coO/I=;

h=From:Subject:To:Reply-To:Date:From;

b=exTp5Jr9xqHocyJ9olR65V2rtTGnZ4nHNMNK3qF2vH/0JCXXIQ9xS/HtTFPb0rc+0

fDXfr/6/+bTKwu3jtIfuGCxgj5EmVaQCyEShCMqJMZUK3dFLW0M94NPPtIMDTC1zKG

ApWROQy4d55ggv1r4Zj5N9tNuPMmO+ljy475WGeA=

From: "TrackExpress"

Subject: update your address to let it through 112000115555

To:

Content-Type: multipart/alternative; boundary="Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU"

MIME-Version: 1.0

Reply-To:

Date: Sun, 20 Apr 2025 18:15:11 +0000

Message-Id: <202520041815106F3CAC58DE-5AFA7AC780@ac-guyane.fr>

X-Rectorat-Guyane-MailScanner-Information: Rectorat de la Guyane

X-Rectorat-Guyane-MailScanner-ID: 57F17102E8F1.AC76E

X-Rectorat-Guyane-MailScanner: Clean Message

X-Rectorat-Guyane-MailScanner-SpamCheck: n'est pas un polluriel

X-Rectorat-Guyane-MailScanner-SpamScore: s

X-Rectorat-Guyane-MailScanner-From: odile.antoinette@ac-guyane.fr

X-Rectorat-Guyane-MailScanner-Watermark: 1745777712.13408@1Dc+yvA0xufhkMPLHMZlTw

X-Spam-Status: No

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FedEx Hello, The delivery address you provided is not sufficiently

precise, which prevented the successful delivery of your parcel.

Content analysis details: (8.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: bigfactspod.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[195.98.226.245 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[195.98.226.245 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.0 MIXED_HREF_CASE Has href in mixed case

Subject: {SPAM?} update your address to let it through 112000115555

This is a multi-part message in MIME format

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

FedEx

Hello,

The delivery address you provided is not sufficiently precise, which p=

revented the successful delivery of your parcel.

As a result, your parcel has been returned to our sorting centre.

To allow us to arrange a new delivery as soon as possible, please upda=

te your address by clicking the link below:

CORRECTION FORM https://bigfactspod.com/hdvhbvhdbvhdvbhd.html

Thank you for your understanding. Please don't hesitate to contact us =

if you have any questions.

Kind regards,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

8">

=3D1"> = update your address to let it through 112000115555

NG>Fed
a>Ex

Hello,=

The delivery address you =

provided is not sufficiently precise, which prevented the successful d=

elivery of your parcel.

As a result=

, your parcel has been returned to our sorting centre.

ONT color=3D#000000>To allow us to arrange a new delivery as soon as p=

ossible, please update your address by clicking the link below:=

ctspod.com/hdvhbvhdbvhdvbhd.html" target=3D_blank>
f size=3D6>CORRECTION FORM

r=3D#000000>Thank you for your understanding. Please don't hesitate to=

contact us if you have any questions.

000>Kind regards,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU--

DHL Phish from mailgun

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Apr 2025 05:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Syq-000000005Md-2uoX

for dave@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 05:37:00 -0600

Resent-From: The Doctor

Resent-Date: Sun, 20 Apr 2025 05:37:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from m204-229.eu.mailgun.net ([161.38.204.229]:43199)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6PuH-000000009hf-0wBs

for root@nk.ca;

Sun, 20 Apr 2025 02:20:12 -0600

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mail.essawebaraskargo.com; q=dns/txt; s=email; t=1745137078; x=1745144278;

h=Content-Type: Content-Transfer-Encoding: Message-Id: List-Unsubscribe: Reply-To: To: To: From: From: Subject: Subject: Mime-Version: Date: Sender: Sender;

bh=JmR89Lan8K6naw0aQ9JSjT2zcZuR0siNIaHXp1pCLbw=;

b=azZuifY8HZ3GBXUh7NEUPOasFlojfH5/9uv1sE0NLJWevw9hVMa0ewrwEqZsf1WrpXLjjl+JpfZ4sj9DNLzRN1d1PBTK3d4uwl+izDlULtN5PqP1s98rGP45bCk+rPdlg0PWlCGO7/zOr2gMbyXBxksoIXUA8upaAmo4LlXFXWU=

X-Mailgun-Sending-Ip: 161.38.204.229

X-Mailgun-Sending-Ip-Pool-Name:

X-Mailgun-Sending-Ip-Pool:

X-Mailgun-Sid: WyJmOTU5YyIsInJvb3RAbmsuY2EiLCI3Yjc2OCJd

Received: by 7ba6981569be with HTTP id 6804adb6fd3da09468d496eb; Sun, 20 Apr 2025

08:17:58 GMT

Sender: info@mail.essawebaraskargo.com

Date: Sun, 20 Apr 2025 08:17:58 +0000

Mime-Version: 1.0

Subject: =?UTF-8?q?Your_DHL_Shipment_is_Ready_=E2=80=93_Payment_Required_for_Deliv?=

=?UTF-8?q?ery?=

From: DHL Express

To: root@nk.ca

Precedence: bulk

Reply-To: support@mail.essawebaraskargo.com

List-Unsubscribe:

Message-Id: <20250420081758.99ae05aa1ad6c52c@mail.essawebaraskargo.com>

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset="utf-8"

X-Spam_score: 9.1

X-Spam_score_int: 91

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: DHL Delivery Notification Delivery Notification Dear Customer,

Content analysis details: (9.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[161.38.204.229 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[161.38.204.229 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: essawebaraskargo.com]

Subject: {SPAM?} =?UTF-8?q?Your_DHL_Shipment_is_Ready_=E2=80=93_Payment_Required_for_Deliv?=

=?UTF-8?q?ery?=

DHL Delivery Notification

adding: 20px;">

dth: 600px; margin: auto; background-color: #ffffff; border: 1px solid #ddd=

; padding: 20px;">

b3/DHL_Express_logo.svg/2560px-DHL_Express_logo.svg.png" alt=3D"DHL" width=

=3D"160">

Delivery Notification

Dear Customer,

Your shipment is ready for delivery. Please complete the delivery a=

nd service charges by using the payment link below.

Tracking Number: DHL-INTL-00147896524500

Courier Company: DHL Express

lock; padding: 12px 20px; background-color: #ba0c2f; color: #ffffff; text-d=

ecoration: none; font-weight: bold; border-radius: 4px;">

Complete Payment

Your parcel will be delivered to your address within 24 hours of su=

ccessful payment.

Thank you for choosing DHL.

op: 20px;">

=C2=A9 2025 DHL International GmbH. All rights reserved.

DHL Phish from mailgun

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Apr 2025 05:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Syl-000000004zK-0nDP

for dave@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 05:36:55 -0600

Resent-From: The Doctor

Resent-Date: Sun, 20 Apr 2025 05:36:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from m204-229.eu.mailgun.net ([161.38.204.229]:24883)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Prw-000000009dc-0k5M

for root@nk.ca;

Sun, 20 Apr 2025 02:17:47 -0600

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mail.essawebaraskargo.com; q=dns/txt; s=email; t=1745136932; x=1745144132;

h=Content-Type: Content-Transfer-Encoding: Message-Id: List-Unsubscribe: Reply-To: To: To: From: From: Subject: Subject: Mime-Version: Date: Sender: Sender;

bh=qnnoK6CwBEnR78gvkiYsuCsav9TfBPOUXeausSaGRnY=;

b=Zm7M9vpCuCgBY1m7oepVtQc/iq40QkkN/jt8+5XysGSP3SDIsByvctoPl/q8p3+zvFTKDNC+Uu+T7pWYOhpwUoNxTiglGb8bJZzMHWkkOzSJz8cDYlpIEH/BI4b5Ox00y+dtUpjwZgRos2Ms8Y0nP2ONAuRv9/e+e0Vt5rNfHAQ=

X-Mailgun-Sending-Ip: 161.38.204.229

X-Mailgun-Sending-Ip-Pool-Name:

X-Mailgun-Sending-Ip-Pool:

X-Mailgun-Sid: WyJmOTU5YyIsInJvb3RAbmsuY2EiLCI3Yjc2OCJd

Received: by 787413dba16b with HTTP id 6804ad24cd801f93f1cce016; Sun, 20 Apr 2025

08:15:32 GMT

Sender: info@mail.essawebaraskargo.com

Date: Sun, 20 Apr 2025 08:15:32 +0000

Mime-Version: 1.0

Subject: =?UTF-8?q?Your_DHL_Shipment_is_Ready_=E2=80=93_Payment_Required_for_Deliv?=

=?UTF-8?q?ery?=

From: DHL Express

To: root@nk.ca

Reply-To: support@mail.essawebaraskargo.com

List-Unsubscribe:

Precedence: bulk

Message-Id: <20250420081532.9078d60bff593c12@mail.essawebaraskargo.com>

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset="utf-8"

X-Spam_score: 9.1

X-Spam_score_int: 91

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: DHL Delivery Notification Delivery Notification Dear Customer,

Content analysis details: (9.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

[161.38.204.229 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[161.38.204.229 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

[161.38.204.229 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: essawebaraskargo.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[161.38.204.229 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[161.38.204.229 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

Subject: {SPAM?} =?UTF-8?q?Your_DHL_Shipment_is_Ready_=E2=80=93_Payment_Required_for_Deliv?=

=?UTF-8?q?ery?=

DHL Delivery Notification

adding: 20px;">

dth: 600px; margin: auto; background-color: #ffffff; border: 1px solid #ddd=

; padding: 20px;">

b3/DHL_Express_logo.svg/2560px-DHL_Express_logo.svg.png" alt=3D"DHL" width=

=3D"160">

Delivery Notification

Dear Customer,

Your shipment is ready for delivery. Please complete the delivery a=

nd service charges by using the payment link below.

Tracking Number: DHL-INTL-00147896524500

Courier Company: DHL Express

dding: 12px 20px; background-color: #ba0c2f; color: #ffffff; text-decoratio=

n: none; font-weight: bold; border-radius: 4px;">

Complete Payment

Your parcel will be delivered to your address within 24 hours of su=

ccessful payment.

Thank you for choosing DHL.

op: 20px;">

=C2=A9 2025 DHL International GmbH. All rights reserved.

metamask phish

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 20 Apr 2025 05:35:49 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6SxQ-00000000PAr-3fwb

for dave@doctor.nl2k.ab.ca;

Sun, 20 Apr 2025 05:35:32 -0600

Resent-From: The Doctor

Resent-Date: Sun, 20 Apr 2025 05:35:32 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-75284.nl-west-1.nxcli.net ([185.145.13.66]:37736)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Lfm-0000000014D-33yF

for sales@nk.ca;

Sat, 19 Apr 2025 21:48:57 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=0341744a04.nxcli.io;

b=j0uobhjv4dQA4KIL8sJSqtz9rq9OJd7UM7cWN0tv4BgadSRjxZLMlFZuuTJcfBZvTvbQTeYC9/VZXQkOfLV7MEaoMQOdQAFLb1lWgi/hft/Neoux4rzbk3HuHMhl+JVpKW2rAy7JJJFD5c9+/MBP/qavBDmH9MPW+pS9onMvieWC6B/IBV/wGBbWFzSvNz8rbVh7BXFEsIQ3RdRO7SRLDO2mrRu7z+WX+X7+R/U6tGUOJO9OOfN/9t6/1im4V0DgDYwQHgkNS58CNd8zce6Qxmr4KCIY6SGg609V7piZfZMefMuZ2X6OpQF8hnef85Zluk61I2bFFmTJJcujl2axkQ==;

h=Received:Date:To:From:Reply-To:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type:Content-Transfer-Encoding;

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=0341744a04.nxcli.io; h=

date:to:from:reply-to:subject:message-id:list-unsubscribe

:mime-version:content-type:content-transfer-encoding; s=default;

bh=Y0uQPBz2HiDH0+VVAOfZdUnuzWdP6Jb9ARaee/tReOw=; b=D/IqzX51X4Fs

jYdjsy325vj8qoRn8ZrtOl29/mNJSc5fA/2dXHm0GAMyS6D4NNznPga2zgrUDrnQ

+nIFeKGb5ypaj7E+/ZPvUAu2wWTBvqE//SCrfPSQ/MQ2RNvjZVU/vJvtgP+3m9ms

sVmaktMKJr6NItLEJCmZBy1klX9lqf9tYvd3HEXHysc42ce8xuNwz4rQ0x2PosUr

oE89j6w8kOkDSgWyiJQiKAcUSbuw+wRiVefwdDmFWHK3HpBgYVIuOCrYAP9+Q68P

uHYbpW0uuCiPb0g0wpY2Ha7S/3P63YwsZ+IzitI9IyViwohn4YKrlncau+JzQ0Dm

h1kgaxpYzA==

Received: (qmail 29198 invoked by uid 10272); 20 Apr 2025 03:46:19 +0000

Date: Sun, 20 Apr 2025 03:45:54 +0000

To: sales@nk.ca

From: MetaMask Security

Reply-To: info@wallet-support.net

Subject: Security Alert: Verify Your MetaMask Account

Message-ID: <02f841b122a5eaf662932222e9f70de7@wallet-support.net>

List-Unsubscribe: mailto:bounce599-NYkNsIggS8WMBti@wallet-support.net?subject=list-unsubscribe

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1cc0de8118a454803b39f1bb19eb11322"

Content-Transfer-Encoding: 8bit

X-Spam_score: 8.6

X-Spam_score_int: 86

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Verify Your Wallet Access We detected an update to your session

activity. To maintain uninterrupted access, please confirm your identity

below. Activating Two-Factor Authentication (2FA) helps secure your wallet

against unaut [...]

Content analysis details: (8.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[185.145.13.66 listed in dnsbl.ahbl.org]

[185.145.13.66 listed in dnsbl.ahbl.org]

[185.145.13.66 listed in dnsbl.ahbl.org]

[185.145.13.66 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[185.145.13.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[185.145.13.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[185.145.13.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[185.145.13.66 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

[185.145.13.66 listed in will-spam-for-food.eu.org]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 ACCT_PHISHING Possible phishing for account information

0.9 URI_PHISH Phishing using web form

Subject: {SPAM?} Security Alert: Verify Your MetaMask Account

This is a multi-part message in MIME format.

--1cc0de8118a454803b39f1bb19eb11322

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Verify Your Wallet Access

We detected an update to your session activity. To maintain uninterrupted access, please confirm your identity below.

Activating Two-Factor Authentication (2FA) helps secure your wallet against unauthorized accessâ€”even if your password is known.

ðŸ”’ Secure My Wallet Now

For your protection, this session will expire shortly.

If this wasn't initiated by you, please disregard this message.

Regards,Support Team

Â© 2025 Account Services. All rights reserved.

--1cc0de8118a454803b39f1bb19eb11322

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

Verify Your Wallet Access

We detected an update to your session activity. To maintain uninterrupted access, please confirm your identity below.

Activating Two-Factor Authentication (2FA) helps secure your wallet against unauthorized accessâ€”even if your password is known.

ðŸ”’ Secure My Wallet Now

For your protection, this session will expire shortly.

If this wasn't initiated by you, please disregard this message.

Regards,
Support Team

--1cc0de8118a454803b39f1bb19eb11322--

Gambling phish from OVH India

Posted by Dave Yadallee on Sunday, April 20. 2025

List-Id: bf201sc6ltaf8

Feedback-ID: hq158h5vyn887:vx257canm92d7:bf201sc6ltaf8:cv022q3xqt895

X-Spam_score: 16.6

X-Spam_score_int: 166

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Register Now View online here [https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

Content analysis details: (16.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: edufrens.info]

2.3 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: mail.edufrens.info]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: edufrens.info]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[139.99.158.3 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Something BIG just hit your =?utf-8?Q?inbox=E2=80=A6?=

--_=_swift_1745103909_8e7d0b03416a9b08d72ec9e035d5f47d_=_

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

Register Now=20

View online here

[https://mail.edufrens.info/index.php/ca=

mpaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4=

b033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campai=

gns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033=

bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq1=

58h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855=

]

=09=09Hey, have you heard?

=09=09We're giving the first 100 n=

ew players

access to our MOST GENEROUS

welcome package ever:

=09=

=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[=

https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx25=

7canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https:/=

/mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92=

d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.e=

dufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/2307=

29c9f75bba867b68470f42be4b033bb68855]

=09=09WHY 1.5 MILLION PLAYERS=

CHOSE TRUSTDICE

=09=09

[https://mail.edufrens.info/index.php/cam=

paigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b=

033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/=

hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68=

855]

=09=09And remember, just TrustDice!

TrustDice Team

=09=

=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09Term=

s & Conditions

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn=

887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/tra=

ck-url/vx257canm92d7/ae31aab47680b30fc2fa9436a5eb633ab43d7734]

=09=09

=

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx2=

57canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://m=

ail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7=

/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.edufre=

ns.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f=

75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.edufrens.info/in=

dex.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b6=

8470f42be4b033bb68855]

=09=09

[https://mail.edufrens.info/index.php=

/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42=

be4b033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns=

/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb6=

8855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vy=

n887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/trac=

k-url/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855]

=09=09=

=C2=A9 Established in 2018. TrustDice is one of the premier,

leading onli=

ne Bitcoin casinos. All rights reserved.

Unsubscribe Here

[https://m=

ail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7=

/85d1c73fef3010c90af82c6a1bada2bf0dcf0c67]

--_=_swift_1745103909_8e7d0b03416a9b08d72ec9e035d5f47d_=_

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

=3D"IE=3Dedge">
tial-scale=3D1.0">

=09Something BIG just hit your inbox=E2=80=A6

=09

=09
ect" />

=09
0;400;500;600;700;800;900&display=3Dswap" rel=3D"stylesheet" />

dex.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b6=

8470f42be4b033bb68855">View online here

style=3D"border-spacing:0px;margin:auto;font-family: Arial, Helvetica, san=

s-serif" width=3D"600">

=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09

18px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

igns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/logo.png" />

=09=09=09

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

igns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/banner.jpg" />

=09=09=09

50px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

700;font-size: 36px;text-align: center;">Hey, have you heard?

400;font-size: 24px;text-align: center;padding: 15px 0 30px;">We're giving=

the first 100 new players

=09=09=09=09=09=09access to our
.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b6847=

0f42be4b033bb68855" style=3D"text-decoration: none;font-weight: 700;color: =

#FFCF04;">MOST GENEROUS

=09=09=09=09=09=09welcome package ever:

o/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/bonus-card.png" />

=09=09=09

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

igns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/secure-bnx.jpg" />

o/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/amount-section.png" />

o/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/join-btn.png" />

=09=09=09

60px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

700;text-align: center;line-height: 46px;">WHY 1.5 MILLION PLAYERS

=09=09=09=09=09=09CHOSE TRUSTDICE

=3D"https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/=

vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

=3D"https://lynkme360.com/email-templated/trust-dice/trustdice.png" /> =

o/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/secure-bonus.png" />

400;text-align: center;line-height: 35px;">And remember, just TrustDice!
/>

=09=09=09=09=09=09TrustDice Team

=09=09=09

/email-templated/trust-dice/gradient-line.png" />

20px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

il.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/=

230729c9f75bba867b68470f42be4b033bb68855"> 3D""

me360.com/email-templated/trust-dice/footer.png" />

ref=3D"https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/vx257canm92d7/230729c9f75bba867b68470f42be4b033bb68855" style=3D"color: =

#FFFFFF;font-size: 18px;font-weight: 700;text-decoration: none;">Terms & Co=

nditions

=09=09=09=09=09=09
tyle=3D"border-spacing:0px;">

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/ae31aab47680b30fc2fa943=

6a5eb633ab43d7734"> 3D""

ed/trust-dice/social-1.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm9=

2d7/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-2.png" />

php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-3.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm9=

2d7/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-4.png" />

php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-5.png" />

=09=09=09=09=09=09

php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-6.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm9=

2d7/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-7.png" />

php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-8.png" />

ps://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257ca=

nm92d7/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

://lynkme360.com/email-templated/trust-dice/social-9.png" />

=09=09=09=09=09=09

=09=09=09

x;color: #FFFFFF;font-weight: 400;line-height: 28px;border-top: 1px solid #=

FFCF04;padding: 20px 0;">=C2=A9 Established in 2018. TrustDice is one of th=

e premier,

=09=09=09leading online Bitcoin casinos. All rights reserved.

Unsubscribe
frens.info/index.php/campaigns/hq158h5vyn887/track-url/vx257canm92d7/85d1c7=

3fef3010c90af82c6a1bada2bf0dcf0c67">Here

ampaigns/hq158h5vyn887/track-opening/vx257canm92d7" alt=3D"" />

--_=_swift_1745103909_8e7d0b03416a9b08d72ec9e035d5f47d_=_--

French Language Fedex phish from Microsoft Outlook

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 18:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Ib0-00000000J7b-0rm6

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 18:31:42 -0600

Resent-From: The Doctor

Resent-Date: Sat, 19 Apr 2025 18:31:42 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cp-smtp-out-2.ac-guyane.fr ([195.98.226.245]:49976)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6HnQ-00000000HPm-28iw

for doctor@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 17:40:37 -0600

Received: from francais (unknown [98.66.161.195])

by cp-smtp-out-2.ac-guyane.fr (Postfix) with ESMTPA id EAD3B12E40C0

for ; Sat, 19 Apr 2025 20:38:30 -0300 (GFT)

DKIM-Filter: OpenDKIM Filter v2.11.0 cp-smtp-out-2.ac-guyane.fr EAD3B12E40C0

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ac-guyane.fr; s=mail;

t=1745105911; bh=5zX4cSwWU1hpBsRnUABDA+zuz8NlvczjooCtK0ED7U8=;

h=From:Subject:To:Reply-To:Date:From;

b=Chcjap1DTroKmOQgX3g1B9zPdZLhgqr/JaZIHacrmfgEl18qH+OEHP/v+akFFenGA

hbYAmcK3ZAqezMl20sC3A2GSVNHUX8GALnBwJg3Et7XVEZ0cwZs1jPmbS2m/np2/jm

KU6/nuXaRxBdhIszAFioaW/RJZdkZ5D4gDZIH8io=

From: "VotreLIvreur-CA"

Subject: Votre livreur vous informe : CA-1000014254775

To:

Content-Type: multipart/alternative; boundary="Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU"

MIME-Version: 1.0

Reply-To:

Date: Sat, 19 Apr 2025 23:38:31 +0000

Message-Id: <1930202504382362288BCBDE-6561679FB4@ac-guyane.fr>

X-Rectorat-Guyane-MailScanner-Information: Rectorat de la Guyane

X-Rectorat-Guyane-MailScanner-ID: EAD3B12E40C0.AB470

X-Rectorat-Guyane-MailScanner: Clean Message

X-Rectorat-Guyane-MailScanner-SpamCheck: polluriel

X-Rectorat-Guyane-MailScanner-SpamScore: sssssss

X-Rectorat-Guyane-MailScanner-From: samira.raymond@ac-guyane.fr

X-Rectorat-Guyane-MailScanner-Watermark: 1745710711.71022@hrU7waM9MBSk4jUE11QEsw

X-Spam-Status: Yes

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FedEx Madame, Monsieur, Nous vous informons qu'une tentative

de livraison de votre colis a eu lieu ce matin Ã 9h. Cependant, celle-ci

nâ€™a pas pu Ãªtre finalisÃ©e en raison dâ€™informations incomplÃ¨tes dans

lâ€™adresse co [...]

Content analysis details: (8.8 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in sa-accredit.habeas.com]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: bigfactspod.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[195.98.226.245 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[195.98.226.245 listed in bl.score.senderscore.com]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[195.98.226.245 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 MIXED_HREF_CASE Has href in mixed case

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

Subject: {SPAM?} Votre livreur vous informe : CA-1000014254775

This is a multi-part message in MIME format

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

FedEx

Madame, Monsieur,

Nous vous informons qu'une tentative de livraison de votre colis a eu =

lieu ce matin =C3=A0 9h. Cependant, celle-ci n=E2=80=99a pas pu =C3=AA=

tre finalis=C3=A9e en raison d=E2=80=99informations incompl=C3=A8tes d=

ans l=E2=80=99adresse communiqu=C3=A9e, notamment l=E2=80=99absence du=

num=C3=A9ro d=E2=80=99appartement et/ou de l=E2=80=99=C3=A9tage. Cela=

a emp=C3=AAch=C3=A9 notre chauffeur d=E2=80=99acc=C3=A9der au lieu de=

livraison.

Afin de planifier une nouvelle livraison dans les plus brefs d=C3=A9la=

is, nous vous invitons =C3=A0 corriger votre adresse via le lien suiva=

nt :

Compl=C3=A9ter mon adresse pour une nouvelle livraison https://bigfact=

spod.com/shshbhsbhshbshbshb.html

Une fois le formulaire soumis, une nouvelle tentative de livraison ser=

a automatiquement programm=C3=A9e selon vos indications.

Nous vous remercions pour votre compr=C3=A9hension et restons =C3=A0 v=

otre disposition pour toute demande compl=C3=A9mentaire.

Bien cordialement,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

8">

=3D1"> = Votre livreur vous informe : CA-1000014254775

NG>Fed
a>Ex

Madame=

, Monsieur,

Nous vous informons qu'une tentative=

de livraison de votre colis a eu lieu ce matin =C3=A0 9h. Cependant, =

celle-ci n=E2=80=99a pas pu =C3=AAtre finalis=C3=A9e en raison d=E2=80=

=99informations incompl=C3=A8tes dans l=E2=80=99adresse communiqu=C3=A9=

e, notamment l=E2=80=99absence du num=C3=A9ro d=E2=80=99appartement et=

/ou de l=E2=80=99=C3=A9tage. Cela a emp=C3=AAch=C3=A9 notre chauffeur =

d=E2=80=99acc=C3=A9der au lieu de livraison.

Afin de planifier u=

ne nouvelle livraison dans les plus brefs d=C3=A9lais, nous vous invit=

ons =C3=A0 corriger votre adresse via le lien suivant :

=

tml">Compl=C3=A9ter mon adresse pour une nouvelle livra=

ison

Une fois le formulaire soumis, u=

ne nouvelle tentative de livraison sera automatiquement programm=C3=A9=

e selon vos indications.

Nous vous remercions pour votre compr=C3=

=A9hension et restons =C3=A0 votre disposition pour toute demande comp=

l=C3=A9mentaire.

Bien cordialement,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU--

Gambling phish from OVH India

Posted by Dave Yadallee on Sunday, April 20. 2025

List-Id: bf201sc6ltaf8

Feedback-ID: hq158h5vyn887:gp76836gcp6b8:bf201sc6ltaf8:cv022q3xqt895

X-Spam_score: 16.6

X-Spam_score_int: 166

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Register Now View online here [https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

Content analysis details: (16.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

[139.99.158.3 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[139.99.158.3 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

[139.99.158.3 listed in will-spam-for-food.eu.org]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: edufrens.info]

2.3 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: mail.edufrens.info]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: edufrens.info]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[139.99.158.3 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Something BIG just hit your =?utf-8?Q?inbox=E2=80=A6?=

--_=_swift_1745103909_71c4c99a8f63e5e9ccf2ad66a272c8f2_=_

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

Register Now=20

View online here

[https://mail.edufrens.info/index.php/ca=

mpaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4=

b033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campai=

gns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033=

bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq1=

58h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855=

]

=09=09Hey, have you heard?

=09=09We're giving the first 100 n=

ew players

access to our MOST GENEROUS

welcome package ever:

=09=

=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[=

https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76=

836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https:/=

/mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6=

b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.e=

dufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/2307=

29c9f75bba867b68470f42be4b033bb68855]

=09=09WHY 1.5 MILLION PLAYERS=

CHOSE TRUSTDICE

=09=09

[https://mail.edufrens.info/index.php/cam=

paigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b=

033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/=

hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68=

855]

=09=09And remember, just TrustDice!

TrustDice Team

=09=

=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09Term=

s & Conditions

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn=

887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/tra=

ck-url/gp76836gcp6b8/ae31aab47680b30fc2fa9436a5eb633ab43d7734]

=09=09

=

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp7=

6836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://m=

ail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8=

/230729c9f75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.edufre=

ns.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f=

75bba867b68470f42be4b033bb68855]

=09=09

[https://mail.edufrens.info/in=

dex.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b6=

8470f42be4b033bb68855]

=09=09

[https://mail.edufrens.info/index.php=

/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42=

be4b033bb68855]

=09=09

[https://mail.edufrens.info/index.php/campaigns=

/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb6=

8855]

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vy=

n887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=

=09=09

[https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/trac=

k-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855]

=09=09=

=C2=A9 Established in 2018. TrustDice is one of the premier,

leading onli=

ne Bitcoin casinos. All rights reserved.

Unsubscribe Here

[https://m=

ail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8=

/85d1c73fef3010c90af82c6a1bada2bf0dcf0c67]

--_=_swift_1745103909_71c4c99a8f63e5e9ccf2ad66a272c8f2_=_

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

=3D"IE=3Dedge">
tial-scale=3D1.0">

=09Something BIG just hit your inbox=E2=80=A6

=09

=09
ect" />

=09
0;400;500;600;700;800;900&display=3Dswap" rel=3D"stylesheet" />

dex.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b6=

8470f42be4b033bb68855">View online here

18px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

igns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/logo.png" />

=09=09=09

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

igns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/banner.jpg" />

=09=09=09

700;font-size: 36px;text-align: center;">Hey, have you heard?

400;font-size: 24px;text-align: center;padding: 15px 0 30px;">We're giving=

the first 100 new players

=09=09=09=09=09=09access to our
.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b6847=

0f42be4b033bb68855" style=3D"text-decoration: none;font-weight: 700;color: =

#FFCF04;">MOST GENEROUS

=09=09=09=09=09=09welcome package ever:

o/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/bonus-card.png" />

=09=09=09

igns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470f42be4b03=

3bb68855"> 3D""

dice/secure-bnx.jpg" />

o/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/amount-section.png" />

o/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/join-btn.png" />

=09=09=09

700;text-align: center;line-height: 46px;">WHY 1.5 MILLION PLAYERS

=09=09=09=09=09=09CHOSE TRUSTDICE

=3D"https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/=

gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

=3D"https://lynkme360.com/email-templated/trust-dice/trustdice.png" /> =

o/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba8=

67b68470f42be4b033bb68855"> 3D""

-templated/trust-dice/secure-bonus.png" />

400;text-align: center;line-height: 35px;">And remember, just TrustDice!
/>

=09=09=09=09=09=09TrustDice Team

=09=09=09

/email-templated/trust-dice/gradient-line.png" />

il.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/=

230729c9f75bba867b68470f42be4b033bb68855"> 3D""

me360.com/email-templated/trust-dice/footer.png" />

ref=3D"https://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-u=

rl/gp76836gcp6b8/230729c9f75bba867b68470f42be4b033bb68855" style=3D"color: =

#FFFFFF;font-size: 18px;font-weight: 700;text-decoration: none;">Terms & Co=

nditions

php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/ae31aab47680b30fc2fa943=

6a5eb633ab43d7734"> 3D""

ed/trust-dice/social-1.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp=

6b8/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-2.png" />

php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-3.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp=

6b8/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-4.png" />

php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-5.png" />

=09=09=09=09=09=09

php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-6.png" />

//mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp=

6b8/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

lynkme360.com/email-templated/trust-dice/social-7.png" />

php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/230729c9f75bba867b68470=

f42be4b033bb68855"> 3D""

ed/trust-dice/social-8.png" />

ps://mail.edufrens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836=

gcp6b8/230729c9f75bba867b68470f42be4b033bb68855"> 3D""

://lynkme360.com/email-templated/trust-dice/social-9.png" />

=09=09=09=09=09=09

=09=09=09

Unsubscribe
frens.info/index.php/campaigns/hq158h5vyn887/track-url/gp76836gcp6b8/85d1c7=

3fef3010c90af82c6a1bada2bf0dcf0c67">Here

ampaigns/hq158h5vyn887/track-opening/gp76836gcp6b8" alt=3D"" />

--_=_swift_1745103909_71c4c99a8f63e5e9ccf2ad66a272c8f2_=_--

Fedex Phish

Posted by Dave Yadallee on Sunday, April 20. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 17:37:00 -0600

Received: from cp-smtp-out-2.ac-guyane.fr ([195.98.226.245]:43732)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Hjo-00000000HJh-1zQZ

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 17:36:54 -0600

Received: from francais (unknown [98.66.161.195])

by cp-smtp-out-2.ac-guyane.fr (Postfix) with ESMTPA id 0673A104E6E8

for ; Sat, 19 Apr 2025 20:34:41 -0300 (GFT)

DKIM-Filter: OpenDKIM Filter v2.11.0 cp-smtp-out-2.ac-guyane.fr 0673A104E6E8

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ac-guyane.fr; s=mail;

t=1745105683; bh=5zX4cSwWU1hpBsRnUABDA+zuz8NlvczjooCtK0ED7U8=;

h=From:Subject:To:Reply-To:Date:From;

b=BHQjaRq+HpxLkz0VETd+nXKUKKumYEPAgI5RWKif8XyVCU7T/LjqoG6rND7w5Nj6R

XJzq2Fk00of2+qjYor5ZJoQbjdv/x6mXoX6Xt3+rdOio54hutRVt9cv+FxbJpIoEL3

QkvFECiuleXxkwsziliUbroMh/EpgALqVBgnNB8o=

From: "VotreLIvreur-CA"

Subject: Votre livreur vous informe : CA-1000014254775

To:

Content-Type: multipart/alternative; boundary="Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU"

MIME-Version: 1.0

Reply-To:

Date: Sat, 19 Apr 2025 23:34:43 +0000

Message-Id: <194120250434239E47E51FC7-27083BB1CD@ac-guyane.fr>

X-Rectorat-Guyane-MailScanner-Information: Rectorat de la Guyane

X-Rectorat-Guyane-MailScanner-ID: 0673A104E6E8.AA4BE

X-Rectorat-Guyane-MailScanner: Clean Message

X-Rectorat-Guyane-MailScanner-SpamCheck: polluriel

X-Rectorat-Guyane-MailScanner-SpamScore: sssssss

X-Rectorat-Guyane-MailScanner-From: samira.raymond@ac-guyane.fr

X-Rectorat-Guyane-MailScanner-Watermark: 1745710484.08417@NQ1Leca8Ih6VXvL+LP2G9Q

X-Spam-Status: Yes

X-Spam_score: 12.5

X-Spam_score_int: 125

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: FedEx Madame, Monsieur, Nous vous informons qu'une tentative

de livraison de votre colis a eu lieu ce matin Ã 9h. Cependant, celle-ci

nâ€™a pas pu Ãªtre finalisÃ©e en raison dâ€™informations incomplÃ¨tes dans

lâ€™adresse co [...]

Content analysis details: (12.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[98.66.161.195 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

[195.98.226.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[98.66.161.195 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[98.66.161.195 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

[195.98.226.245 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: bigfactspod.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[195.98.226.245 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large

2.0 MIXED_HREF_CASE Has href in mixed case

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Votre livreur vous informe : CA-1000014254775

This is a multi-part message in MIME format

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

FedEx

Madame, Monsieur,

Nous vous informons qu'une tentative de livraison de votre colis a eu =

lieu ce matin =C3=A0 9h. Cependant, celle-ci n=E2=80=99a pas pu =C3=AA=

tre finalis=C3=A9e en raison d=E2=80=99informations incompl=C3=A8tes d=

ans l=E2=80=99adresse communiqu=C3=A9e, notamment l=E2=80=99absence du=

num=C3=A9ro d=E2=80=99appartement et/ou de l=E2=80=99=C3=A9tage. Cela=

a emp=C3=AAch=C3=A9 notre chauffeur d=E2=80=99acc=C3=A9der au lieu de=

livraison.

Afin de planifier une nouvelle livraison dans les plus brefs d=C3=A9la=

is, nous vous invitons =C3=A0 corriger votre adresse via le lien suiva=

nt :

Compl=C3=A9ter mon adresse pour une nouvelle livraison https://bigfact=

spod.com/shshbhsbhshbshbshb.html

Une fois le formulaire soumis, une nouvelle tentative de livraison ser=

a automatiquement programm=C3=A9e selon vos indications.

Nous vous remercions pour votre compr=C3=A9hension et restons =C3=A0 v=

otre disposition pour toute demande compl=C3=A9mentaire.

Bien cordialement,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

8">

=3D1"> = Votre livreur vous informe : CA-1000014254775

NG>Fed
a>Ex

Madame=

, Monsieur,

Afin de planifier u=

ne nouvelle livraison dans les plus brefs d=C3=A9lais, nous vous invit=

ons =C3=A0 corriger votre adresse via le lien suivant :

=

tml">Compl=C3=A9ter mon adresse pour une nouvelle livra=

ison

Une fois le formulaire soumis, u=

ne nouvelle tentative de livraison sera automatiquement programm=C3=A9=

e selon vos indications.

Nous vous remercions pour votre compr=C3=

=A9hension et restons =C3=A0 votre disposition pour toute demande comp=

l=C3=A9mentaire.

Bien cordialement,

--Y24pSxpWV7ft4YgcO2rYtze=_AKUWsBwPU--

Nigerian spam from Google Gmail

Posted by Dave Yadallee on Sunday, April 20. 2025

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 16:55:00 -0600

Received: from mail-qt1-f180.google.com ([209.85.160.180]:56333)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6H5G-00000000FxC-1twR

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 16:54:59 -0600

Received: by mail-qt1-f180.google.com with SMTP id d75a77b69052e-476ac73c76fso30237731cf.0

for ; Sat, 19 Apr 2025 15:52:55 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1745103169; x=1745707969; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=prIcKKUIeqCpjWBy7TdnMbssY3IDv7n9v5yqheRMmq0=;

b=WA2t7HK6WUg/GeYD+UWYLnsqi+GLQM/ta1rTeObL0+l+/LewnFbNCpzl3fFU4Raq/p

Y3aGd11kH99CB+GZH8/j8QWiRkmsaHYMb+k1eIdeBGl29hsqQY7bpvqgNAx4bgMDS/Ug

qrdnGcKhloDTpPlhgJ2e4FzStOTn58i0F7XGvm5t2EFlcIEAI7+hM+iV7oV/xqHvsfRU

0n1z5U53jkFYqmEVy81hTclMdPLkxJiDG02UPFn7mmKDqlsHCtkmydMWvHaa5MdiCMU9

3b8zlqsU/tr16kgZY1a8F7jwv+ijn0OtuHpJ6yT3gsruHncS3SfjkUB72F9uyocu/6o+

gFpQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1745103169; x=1745707969;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=prIcKKUIeqCpjWBy7TdnMbssY3IDv7n9v5yqheRMmq0=;

b=bIJfIYKzNfmrQQxHOF2dfeloxzWduYwfmR+x2UpfkgbJM6tfOk5FeRb9MHu6bbPoIc

NI0va3x2N2w6bC57YUxZi0OG4PfdW5cgaUGURhgaA5negtD+D9jzw65ow7zSRTD4DIOx

jc26MPtvJTl5V34iGKQaq4gbDvo1wfA/DuUO2O+7avYiB0E3CIvpDJQHgeXDBWu3Fr0M

9lCvCN+YSW9cYwopSvs0STWFHikTNmVj9HN3gu/Kz79WlFDYEI3FuE1+I9wWZbPKxUVY

qB6XwkCm6MkHBMFBdL91sVkzXaTNOxBazJVR2Tkjf+3uXAezEiVjhZZTdChJF0kURWIf

1VAg==

X-Forwarded-Encrypted: i=1; AJvYcCUtPbSv53jOi8U/Sd/gjK4wVYbeB2AQxpUFsXDaPCBwSQ9UVNyqOaXHp3IoRURZgdBhWe5l@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YyarPcGI/0PkzH8HLImVB/hdSz+xyb2WLhOEv8wu/Ta3fZ1Of84

ryPo2cWvy9fZeO9SpbSDlJi9JvsUub8Cliz5AYBVYqzM8HSaRaohMA5BA/UcqN5N3Iv85OAtvVC

ecsWezZlCi9deGHd8nNjRQcmKPBI=

X-Gm-Gg: ASbGnctDoTPVb11GYVJ+TYefEAkkj5WxpUv07WoTA9VdqcMZx1HfdzmwC4LRE8vSDZV

UB90Ns8Rc7dVCnFt0nuB9dbs5FYkF5mzzN2E2rsRLsj3ElBDJ84DU4l3jrB6fw3u1PzBYr/ltuT

OU64w/kURm8/Y/AbdgS8zhr5fam8ola3swOKd2mJQ8yjCT2ccSdyKi8g==

X-Google-Smtp-Source: AGHT+IEcDwVpi4sgruA5YdC1pubdb+Iu6neQaOpZCKzx3mUDkXpcGnfl0hivUB0jvAkBU3EfhsJJAf+hxYFma4Rk1U4=

X-Received: by 2002:a05:622a:180d:b0:477:e4e:9186 with SMTP id

d75a77b69052e-47aec350a9dmr149785661cf.11.1745103168903; Sat, 19 Apr 2025

15:52:48 -0700 (PDT)

MIME-Version: 1.0

Reply-To: aishifgad@gmail.com

From: Aisha Gaddafi

Date: Sat, 19 Apr 2025 22:52:39 +0000

X-Gm-Features: ATxdqUGbljVuS_N2uQrz7ZhqvEZ_mmpN2H5tKXEUgUClkwn96qx84c-8tkPHJCE

Message-ID:

Subject: Greetings to you.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000007a9dfc0633297eca"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 17.1

X-Spam_score_int: 171

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: My name is Aisha Gaddafi, the only biological Daughter of

Former President of Libya Muammar Al-Qaddafi. How are you today together with

your family? I hope all it's well? I am Aisha Al-Gaddafi, the only biological

daughter of former Libyan President Muammar Gaddafi. I am interested in your

help with an [...]

Content analysis details: (17.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.180 listed in dnsbl.ahbl.org]

[209.85.160.180 listed in dnsbl.ahbl.org]

[209.85.160.180 listed in dnsbl.ahbl.org]

[209.85.160.180 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.180 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.180 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.180 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.180 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

[209.85.160.180 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.180 listed in list.dnswl.org]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[veronicaochoausarmy(at)gmail.com]

3.6 NA_DOLLARS BODY: Talks about a million North American dollars

0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.180 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Greetings to you.

--0000000000007a9dfc0633297eca

Content-Type: text/plain; charset="UTF-8"

My name is Aisha Gaddafi, the only biological Daughter of Former President

of Libya Muammar Al-Qaddafi.

How are you today together with your family? I hope all it's well? I am

Aisha Al-Gaddafi, the only biological daughter of former Libyan President

Muammar Gaddafi.

I am interested in your help with an investment project in your country. I

have investment funds worth twenty-seven million five hundred thousand US

dollars (27,500,000.00) and I need a trusted investment manager/partner due

to my status of refugee.

Maybe from there we can establish business relations in the near future. I

am willing to negotiate with you an investment/business profit sharing

ratio based on future investment profits. If you are interested, please

respond urgently for more details.

Sincerely Aisha.

--0000000000007a9dfc0633297eca

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

My name is Aisha Gaddafi, the only biological Daughter of =

Former President of Libya Muammar Al-Qaddafi.

How are you today toge=

ther with your family? I hope all it's well? I am Aisha Al-Gaddafi, the=

only biological daughter of former Libyan President Muammar Gaddafi.
I =

am interested in your help with an investment project in your country. I ha=

ve investment funds worth twenty-seven million five hundred thousand US dol=

lars (27,500,000.00) and I need a trusted investment manager/partner due to=

my status of refugee.

Maybe from there we can establish business re=

lations in the near future. I am willing to negotiate with you an investmen=

t/business profit sharing ratio based on future investment profits. If you =

are interested, please respond urgently for more details.

Sincerely =

Aisha.

--0000000000007a9dfc0633297eca--

Web/SEO/App spam from Microsoft Outlook

Posted by Dave Yadallee on Saturday, April 19. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 13:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Djb-00000000IPd-00JQ

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 13:20:15 -0600

Resent-From: The Doctor

Resent-Date: Sat, 19 Apr 2025 13:20:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-southindiaazolkn19010008.outbound.protection.outlook.com ([52.103.67.8]:57138 helo=MA0PR01CU009.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6CZ9-0000000082W-2Oth

for sales@nk.ca;

Sat, 19 Apr 2025 12:05:33 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=qQaiJLgfhnyD3xvVWdvSrUp4dIQ/LSfWRyMjVbfRloFMeChLPNrVoKSaF4Dbbtnjc6JxvL2W6A737GTRjLhNhvXUqpihbJ7ZtdKzOUVhSo8EhvP5d7vitgasDoZFLI9k+GKxkVIdJL/GIXPVp6Uw1nlDamzbzPwcateGkhz0DHsHnVSmEo7TEuMyl7xY+nDm1dReBV8mwPflEZahGCH96gbSbMP1TlPXto/F2jRmO5OIULeww/MzCcJv+zI3bHZF9UOdGPqsCNOUUX0vO95/03O8lhmoXT/BxbDEYJ1Coi4ifxGXLsp6DjEMqiConCOsJiHMHYxPIwGW61V0JqsQRw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=AOdx7KlpjvJUNS4FwVz3zCmcxNWnj6NjyOtVhLBzqpM=;

b=T9ibHQi8Uapp+Z1/pmKvxxcW4Rjudu/Z56/TuwC351MEQ9TMBGKTvyySXLu14j9WiUTIotuxSlC4j9VAL8WF4x557ir8oUfuiS8tiLKnOsvgU86Umpy1Dph6g77jPVGwwDcV5BZHqEJyEi9Cj69eMydQb4jsWBdE8G5+qjI/u8s3++wFgxEOEKg0U67iJgSPFu7qNOkLObk8tannqmf/XxiSb7Z60kWmbYsbY7M3KqRw6xRoM7fnrYEEl8L+aa0NbHsjBuHN8vXDWSqtnlaOvjZjpCrNIgGnHmgM31Eiwn1LKAqaoQhXUkvQ7ifJMsv123BEAZBHDBeAsVoszmWqyA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=AOdx7KlpjvJUNS4FwVz3zCmcxNWnj6NjyOtVhLBzqpM=;

b=BNxBQoICM29hADplrz0OhNCzc62YxoqJwh/XUjAJOPxladiP3RZj88/iO5rLNc9BzXbXMRXMtuCCgt2pT6gVdw2OtAgbZhq3gYgPeC7gaFl2r5AqipahuB/rBE9mSacl3nH5/eEbXDVeNf1yq9n7oJztMHdaEH2h/rNwHdAVhKwCCjXpRNNjAwt39lTOWnEg3nM9bQQYXJJIbdLyPEry/5jjCLZ1oaTuf96NMPhPivNW0NRp/v3yxA+BAExsIYSNCK6aJhDxfM52w7AznKD+EnIYGy6trjrKjn6RhYWopwc5+SINbmdmjSoSvk5vEHoaufHVL6V9nHMhQ+UiVna1uQ==

Received: from PN3PR01MB8692.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:d1::13)

by MAZPR01MB9288.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a01:d6::9) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.31; Sat, 19 Apr

2025 18:02:20 +0000

Received: from PN3PR01MB8692.INDPRD01.PROD.OUTLOOK.COM

([fe80::97b:c240:d8fd:8765]) by PN3PR01MB8692.INDPRD01.PROD.OUTLOOK.COM

([fe80::97b:c240:d8fd:8765%7]) with mapi id 15.20.8655.030; Sat, 19 Apr 2025

18:02:20 +0000

From: Neha Sarma

Subject: Re: Fix Site Problems

Thread-Topic: Fix Site Problems

Thread-Index: AQHbsVUvEZVuw48gpkKtUkxH2t7nHg==

Date: Sat, 19 Apr 2025 18:02:19 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: PN3PR01MB8692:EE_|MAZPR01MB9288:EE_

x-ms-office365-filtering-correlation-id: e30363c9-6a7e-4b16-036a-08dd7f6c53f5

x-microsoft-antispam:

BCL:0;ARA:14566002|8062599003|461199028|8060799006|19110799003|15030799003|7071999006|15080799006|7092599003|3412199025|440099028|102099032;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?QOzprgxy9FKPtsuJAIsTrHk1G7eBhDVwXWwYpmJEoTkEJqOgt2Hb9GDy?=

=?Windows-1252?Q?FaZQDj2z1gXbF6MDFOhxiTekN+kEX4mfedr7LNObHbSJhqmwG9EWT6nJ?=

=?Windows-1252?Q?9vSdO2Wd1euUrF44XQyjOtmAhpzfjKADd4QMzedf/v263bGmqiasE38e?=

=?Windows-1252?Q?thAPIcWghveYO61K5/lC5A4TBUYOjSQo24UyEmAk9o3daX0o5jsz+rLD?=

=?Windows-1252?Q?k+rXkwrjRb0jR7LnI1kZYJVpKyBpFqsOAq0GaX7v0p42xP3ZJOMZqXVn?=

=?Windows-1252?Q?XEgRIzL5/GlYrqiKzRDzIxNJB95gTrhFcUwhY0SomDrXd2Hfh816sJxo?=

=?Windows-1252?Q?3RoR9o9omhdjhnclKX3Ctn3LrLCUcuDusYexVm8vZjeAh9IB0HIazhvs?=

=?Windows-1252?Q?ae5rHAyZSOEe9zMulOXyiG4Y5/Y/JhI68UF4xQDg4XAYxOP0ZhlJlp0M?=

=?Windows-1252?Q?OFiKxZntHCa4PjhTgV9yv6UZYQHkwBgQf7EKrqDmr9uLSf/lK9JsnR56?=

=?Windows-1252?Q?QLY8e4G95RSeyM2ZSBd64+EhV9k5WSlExwHukq/X+dY57uLxWx+TUoTY?=

=?Windows-1252?Q?TEeVaKtRV+kHfZZNEaVQWBfDdmmCQwCGyFagBL0PJ8kg4rN+0bwSL96l?=

=?Windows-1252?Q?kla34Z/EFXdRjw/vp9UcJTSMLbAFN3qNwIb2EcQ8JAOLb/ftypHUk8G6?=

=?Windows-1252?Q?KYQksxx24JQLem2Fws114C354Gw4FYqggixXY9waLuHq71GEaLNrMeC1?=

=?Windows-1252?Q?M+SnglYxUeuEFr29ctjBP41OZXBq220A2JQkS14VgvtqaXGqKEjWPV9Z?=

=?Windows-1252?Q?RvhbcNJ2PyuPKxhBO2q7XEHA1HVQWWEx17DINGjRaMe+c2gycgDW6oRH?=

=?Windows-1252?Q?9/Gv8ytoY/Yr/3RUuEGn7H2IovtUYZfMvKZTtC4uT7d+MI2FyruDpc1d?=

=?Windows-1252?Q?0HpZDNMGovmxGKl2ChacWihkRPYkBkRLOI5kWXtZx7cIvoaAaz9gIGkU?=

=?Windows-1252?Q?tEfUHiyV9Howzkutd0yvIcHHfZj7VTOZRBWPlABB3zPUhsj0Qqzucb1j?=

=?Windows-1252?Q?HYeGd53RXnY4XBFGyGLMmlFtuj5UjVWgrqgnJgC3E5uaIh2J3poKvqz2?=

=?Windows-1252?Q?0Q4KBA3X9iaxt8NddjBuNKEldPUGbIZEIAk/J6/Kc2DyiE1kYdMe/od3?=

=?Windows-1252?Q?OalUuqZhnH6jhWBBbvdQtX/B1wsh2ACW+g0j40BwYzqL+/ZQEg/1Gbbf?=

=?Windows-1252?Q?HiuiVpahpRUS0dIU+/s=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?up2kjshqS1aWVziNietZas3a7tclmGNmrW4EqRGE9n2OYjJjEfH6C+nD?=

=?Windows-1252?Q?w/EjvN8wA5g/haef0AUgPJ79A1J3vL/UnwjE4zKDvJWIerfe2tZPlc7O?=

=?Windows-1252?Q?pSsBfEmv+FCSHH11WCX/dLnAJ+k4CTu9ElFUm4JDJ+fB+uEyueaAVjF1?=

=?Windows-1252?Q?nfH/kfnVCfcIb8Bom7i3ZwH+JWwKITlvoEQSrWVpkU5s/hCcNcUgdk3w?=

=?Windows-1252?Q?GYuWwfEC2bzZ+y9uWz4y2hxV9xqhw254Iac1XZmtoCzoZUUAooLJqUC/?=

=?Windows-1252?Q?SI/bRkksO/PjfxMsedo7sEHfUt/FsR+VqkFfjzNBDTsubhpYdM/RvVhz?=

=?Windows-1252?Q?6TjoZW3Lgwb4FJd7Lhfg9xWkQRCvZgCOauWAEH0UgPEzbfhHC87V/+uX?=

=?Windows-1252?Q?JMp6YYSW/Dp/CGDFC/rPHVTvz4WD9Z7HBgru/oJmVr4oVvT/DSv8ExRa?=

=?Windows-1252?Q?mj2fHNlo0Y78OXCban0MMP7zgh+pPLerdfiZekLkp6wBwPs5ccO9hQCp?=

=?Windows-1252?Q?8KSl0HvoaQj7YKeXRKb5Rd+f/Qaa6zvCy8BBdMCQ52oNmXuhlfafde6b?=

=?Windows-1252?Q?6I8FUx1/5/5wo/QuIG1ROZZO6jIYQfdrE6SvAWMmI5sHq9FGNMVPFeGM?=

=?Windows-1252?Q?CjOLk3JzIc5GP1uVXy8Agecj3dr9F8yZEZQfTTYK6mB8esif7XWgCtJE?=

=?Windows-1252?Q?kkVdp0ES3OL5BrYTQWWhfpZ1/xNlWXYcd/cZqRgONXfguiN8voWYGUUH?=

=?Windows-1252?Q?7CTtUZuhsKKTlURjDvRB9EoJ7du1SQqkum/B9hovht7+s4AOEvLDrAhO?=

=?Windows-1252?Q?SrhctxFcRayY91OJnA8G2A3ZFzMhzhe1y6lPon7eMGtnSKi6QZp14TJK?=

=?Windows-1252?Q?kwlpuG+2Jcy5nVRHp82DCU0BbOkYvxIQ22LmU+lFo/wrPALeUgxMUSLx?=

=?Windows-1252?Q?+KF4rEIJAMn3wINZDwXjLDXIDHoLI+RhVFIbGlkWuIzV52wma6f9mzXo?=

=?Windows-1252?Q?kyjqG//dxFreG7xVqIoSF+chpSDFocpeJYk26JhNJSVfIgzB6a7ScTnN?=

=?Windows-1252?Q?4waoM5N8Jfieups70kczzog9LH6s/cgHUKPhGLF+EtOuSm2z98etNmjK?=

=?Windows-1252?Q?NBlFSbNsSU+MxCBu7mkwwuyMbZ1H0AaMKhvetQCjYOvU2b1QeALWwwAU?=

=?Windows-1252?Q?GGtnVVOUS2Mu6N5PksSDWhmy/MhcFaKGmJBYGb5rhELAaiAtbuBiLrok?=

=?Windows-1252?Q?0QIPdpeDF0KdNu8B0R1pm8r9A3HXkZOR1IIUmG8spB2lBVAQ9DBOo5An?=

=?Windows-1252?Q?QyDuDV1hvvsd0wj4/3kCVipz1afVU0MXJ9n4MwYlyb0rGcFUGtpl1oMw?=

=?Windows-1252?Q?4nM3IiZmJYf18r8B/wI5Si2UD3/hTayX+78=3D?=

Content-Type: multipart/alternative;

boundary="_000_PN3PR01MB869296865D824A7CE5494C6FF9BE2PN3PR01MB8692INDP_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: PN3PR01MB8692.INDPRD01.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: e30363c9-6a7e-4b16-036a-08dd7f6c53f5

X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2025 18:02:19.7962

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MAZPR01MB9288

--_000_PN3PR01MB869296865D824A7CE5494C6FF9BE2PN3PR01MB8692INDP_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

If YES, we can send you our SEO pricing and plans?

Best

________________________________

From: Neha SARMA

Sent: Thursday, April 3, 2025 9:11 PM

Subject: Re: Fix Site Problems

Hi ,

Your site has a few technical SEO issues that may be limiting your traffic =

potential. We=92d be happy to help resolve them.

Shall we send our pricing and a personalized quote?

Thanks,

--_000_PN3PR01MB869296865D824A7CE5494C6FF9BE2PN3PR01MB8692INDP_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

252">

0.0001pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Cal=

ibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

If YES, we can send you our SEO pricing and plans?

0.0001pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Cal=

ibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

0.0001pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Cal=

ibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Best

n-left: 0in; width: 811.45pt;">

5pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri,=

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

From: Neha SARMA

Sent: Thursday, April 3, 2025 9:11 PM

Subject: Re: Fix Site Problems

0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Hi ,

0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Your site has a few technical SEO issues that may be limiting your traffic =

potential. We=92d be happy to help resolve them.

0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Shall we send our pricing and a personalized quote?

0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thanks,

os_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-=

size: 12pt; color: rgb(0, 0, 0);">

nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

--_000_PN3PR01MB869296865D824A7CE5494C6FF9BE2PN3PR01MB8692INDP_--

Indian marketing spam from OVH

Posted by Dave Yadallee on Saturday, April 19. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 13:20:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Dj3-00000000IO3-0xD0

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 13:19:41 -0600

Resent-From: The Doctor

Resent-Date: Sat, 19 Apr 2025 13:19:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from beermedia.net ([51.68.188.8]:57907)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Azi-000000004oM-41mc

for root@nk.ca;

Sat, 19 Apr 2025 10:24:51 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=beermedia.net; s=mail; h=Content-Type:MIME-Version:List-Owner:

List-Subscribe:List-Unsubscribe:List-Help:Message-ID:From:Date:Subject:To:

Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Post:List-Archive;

bh=5TqGxq3hxJz9iuZDAfO8y08VKzVts8D+OZS8QP4bp0g=; b=wHTgo/hKiz6XiB7LsWubRSOXgQ

MzZ+GoxTyb+ceMlGKY+3P9F5hDmR/mU4CgfI9H+aCGkrjjhc8QAFX4r0rxWvQUJkunGSpN8Imu/tY

XKn5yKfpqm+WbyAOONnKxMDUXivfG2OjKPIHMWdc5SWgdvW0z+AV6P8+hREXYAp9Z1dA=;

Received: from admin by beermedia.net with local (Exim 4.96)

(envelope-from )

id 1u6AzV-008Srd-1P

for root@nk.ca;

Sat, 19 Apr 2025 21:54:29 +0530

To: root@nk.ca

Subject: law firm on monthly retainership basis

Received: from ns508284.ip-167-114-64.net [167.114.64.21] by beermedia.net with HTTP; Sat, 19 Apr 2025 16:24:03 +0000

Date: Sat, 19 Apr 2025 16:24:29 +0000

From: Nitin

Message-ID:

X-phpList-version: 3.6.15

X-MessageID: 16

X-ListMember: root@nk.ca

Precedence: bulk

List-Help: =?us-ascii?Q?
=?us-ascii?Q?&uid=3Dce48742c35a921618443da7b7fbaa2b2>?=

List-Unsubscribe: =?us-ascii?Q?
=?us-ascii?Q?&uid=3Dce48742c35a921618443da7b7fbaa2b2&jo=3D1>?=

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Subscribe:

List-Owner:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU"

X-Spam_score: 14.3

X-Spam_score_int: 143

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello We are thrilled to present our tailored legal retainership

plan, designed to deliver comprehensive legal support at an exceptional value.

Priced at just â‚¹20,000 per monthâ€”more cost-effective than [...]

Content analysis details: (14.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[51.68.188.8 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[167.114.64.21 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

[51.68.188.8 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[167.114.64.21 listed in dnsbl.ahbl.org]

[167.114.64.21 listed in dnsbl.ahbl.org]

[167.114.64.21 listed in dnsbl.ahbl.org]

[167.114.64.21 listed in dnsbl.ahbl.org]

[51.68.188.8 listed in dnsbl.ahbl.org]

[51.68.188.8 listed in dnsbl.ahbl.org]

[51.68.188.8 listed in dnsbl.ahbl.org]

[51.68.188.8 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[167.114.64.21 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[167.114.64.21 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[167.114.64.21 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[167.114.64.21 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[51.68.188.8 listed in zen.spamhaus.org]

0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS

blocklist

[URI: beermedia.net/51.68.188.8]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: beermedia.net]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: beermedia.net/51.68.188.8]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: beermedia.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.2 NEW_PRODUCTS No description available.

Subject: {SPAM?} law firm on monthly retainership basis

This is a multi-part message in MIME format.

--b1_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

Hello

We are thrilled to present our tailored legal retainership plan, designed

to deliver comprehensive legal support at an exceptional value. Priced at

just =E2=82=B920,000 per month=E2=80=94more cost-effective than hiring a fr=

esher

full-time legal executive=E2=80=94this plan provides access to our team of

seasoned advocates with 6-13 years of experience, ensuring your legal needs

are handled with unmatched expertise and precision.

Our Monthly Retainership Plan Includes:

2 Legal Notices or Replies: Expertly drafted or responded to, tailored to

your specific requirements.

2 Agreements or Contracts: Professionally prepared and customized to meet

your business needs.

2 Hours of Legal Consultation: Dedicated time for strategic guidance and

personalized advice.

2 Court Appearances: Representation in civil, business, or commercial

matters at any district court in your area.

Crafted to provide consistent and reliable legal assistance, this plan

offers you the confidence that your legal matters are managed by trusted

professionals.

We would be delighted to discuss how this plan can be customized to suit

your unique needs. Please feel free to contact us at your convenience to

share your thoughts or arrange a consultation.

If you are looking for a law firm, kindly fill in the google form below

https://beermedia.net/lists/lt.php?tid=3D4NZ15oVE/sWkxFkG7WXA5EUVKZP/oNhEis=

x4jUThtGnLr4M3Ix1y9ZLs5bk+Mf6h

-- powered by phpList, www.phplist.com --

--b1_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU

Content-Type: multipart/related;

boundary="b2_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU";

type="text/html"

--b2_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

=0A
iv=3D"Content-Type">=0A =0A =

Hello=

n style=3D"font-size:24px;">We are thrilled to present our tailored legal r=

etainership plan, designed to deliver comprehensive legal support at an exc=

eptional value. Priced at just =E2=82=B920,000 per month—more cost-ef=

fective than hiring a fresher full-time legal executive—this plan pro=

vides access to our team of seasoned advocates with 6–13 years of exp=

erience, ensuring your legal needs are handled with unmatched expertise and=

precision.

n style=3D"font-size:24px;">Our Monthly Retainership Plan Includes:=

2 Lega=

l Notices or Replies: Expertly drafted or responded to, tailored t=

o your specific requirements.

2 Agre=

ements or Contracts: Professionally prepared and customized to mee=

t your business needs.

2 Hour=

s of Legal Consultation: Dedicated time for strategic guidance and=

personalized advice.

2 Cour=

t Appearances: Representation in civil, business, or commercial ma=

tters at any district court in your area.

n style=3D"font-size:24px;">Crafted to provide consistent and reliable lega=

l assistance, this plan offers you the confidence that your legal matters a=

re managed by trusted professionals.

n style=3D"font-size:24px;">We would be delighted to discuss how this plan =

can be customized to suit your unique needs. Please feel free to contact us=

at your convenience to share your thoughts or arrange a consultation.
n>

n style=3D"font-size:24px;">If you are looking for a law firm, kindly fill =

in the google form below

daisFPvuduqdNuSV4XmkmZiTug/viewform?usp=3Dheader">https://docs.google.com/f=

orms/d/e/1FAIpQLSdkxPr9vA3DMiEoDES3eyCTdaisFPvuduqdNuSV4XmkmZiTug/viewform?=

usp=3Dheader

=0A

ermedia.net/lists/lt.php?tid=3DK0xUUlFRVgVSVxtWBwZVGwwPAg1OBFdVXEgFD1RSU10G=

CAAFUgBPV1NXA1AMCFcbXl5SBE5RWlJRSFlXVFcbD1sIBwIEUgIBUlAPHlZTBVAACwADTldRVwF=

IVQRRARsBUVUAG1UCUVpVAwVTU1QFBw" title=3D"visit the phpList website" >
src=3D"cid:d8d951f10e432e753a1e549961699192" title=3D"powered by phpList v=

ersion 3.6.15, © phpList ltd" alt=3D"powered by phpList 3.6.15, ©=

phpList ltd" border=3D"0" />

s/ut.php?u=3Dce48742c35a921618443da7b7fbaa2b2&m=3D16" width=3D"1" heigh=

t=3D"1" border=3D"0" alt=3D"" />

--b2_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU

Content-Type: image/png; name=powerphplist.png

Content-Transfer-Encoding: base64

Content-ID:

Content-Disposition: inline; filename=powerphplist.png

iVBORw0KGgoAAAANSUhEUgAAAEsAAAAhCAYAAACRIVbWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz

AAALEgAACxIB0t1+/AAAAB50RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNS4xqx9I6wAA

DmhJREFUaIHtmntw1FWWxz+/Xz/T6aQTQgIkJgR5LGRIFDcPsSAEWEFkZSIisPIcRaTKEkEMwUGX

RRaZWlSylKPrqBDFGCXyUAqiKLUg6ADBhCRAEGQhWU1IIpru9Lt/j/2jkx/ppEOwZmoetX6rurrv

45x77/fec+65t69AN4zOyMgDFgP5gK17+f8D2IG9QPGZmprDqqpqBULnj9EZGTFAMfDrv3Tv/obx

EbC4trq6DTrI6iDqMHDbX69ff7OoBvJqq6vbxI6MYn4hqjfcRpAfhA4f9d9/zd78nWCiHljRW+nw

zPGk507T0g11VZwqLwPAZLEybtbD2PoPxP7DVY59uA2f20lK2hgSBg/jVHkZtviBZE6bzaF3tgIw

fdlv2f9fL/TQC3BoR7DO5AXLtbyuem9WpvaLci6eOtpjLLb4gSH1ju3aTkv9xaD8wuVaO+m50/C6

neF0rBCBvN7IssUHiTj1SRmnPiljRJcOT1/2WwBOfVIWkva6nKTn3gtcJ9tksZKSNgZb/MCwek99

Uoa99Sq2+EGYI61aHsC4WQ/ftEztF+VkTXuQ4Znjw4wltF5nfwFs/QeSPmGatgB8bmc4OvL09BEe

2FubaDhXFfydOw1TpBVb/EBs8YPY/XKwwYZzVfxm03Zs8QNpqb+IuaNOyqgxAIzIHE9U3ACunKlE

kiQURUFVFGRZBqD+bCUAsizjcbbzPzUVAPRPvpUBqSN+lozBbCF55G3UHQ/1LLIso6rBb0WWMVms

SJIEwJGdb/BgwX9gNEdy9fIFTZderw/hOyQVDuMeeJhxDzyskVJ7pJwBqcOxtzb1INUWPwh761Ua

zlUxPHM8KWljOLZrGylpY4juP5CT+9/X6g/+1R3Y4geFDLwz/+nizzSdH/9+Q58y3fvxD1m5Ycts

8YPIvncOAD53O+ZIK16Xk+YrF7lQcYTs6XN4o2Bhr1z0SdaxXds0P9UJr8uJOdIaktfZMEBz/UWy

ps2mpf4iDedOkzVtNiaLlfpz1wdYfXg/J/d/0KO9+rOVHCwuYsG/vUr14f00X7nYp0xIPyxWvOHN

iOYrFyjbXAhA7oNLyMibrun7puKLjsluCisLIIbNVRRt6Ssdv7t+Gi/VYbJYSRs3FUmSSBs3FZPF

SuOlOiRJ4nLtKUwWK+dPHqHxUh1eVzvNVy5qZPYFe2sTnxVvIffBJQxIHX5TMhCcsBHZE3pddV1h

Sxh003o70efK6g0f/34DMx5/jimLV/Qwl+YrF7G3NlF/thK9KFJ75ECwMTE4N6IgMG7WI+Q+uEST

2V64mIDHhd/tRC+KXPr6GMc+fIs7p89l/2sbbyjT1XRPHdjJuS/KtbY60b1ew7kqznap17Xt3iCM

zshQe+QqCpKi/CzyekM3J/l3jfAjEQSNYUEQkCQZj8eNXq8nOjqayMhIVFXF7XZjt9uRZRmLxYJO

p6PrwfPPRfifikAggCAIf/LE9SIdHLAgCnjcHvz+AP+YeQdT7p7CqFGjSEhIQFVVWltbqamp4dCh

Q5w+fRqj0YjZbA4hDIA+SFMUBa/XS4TZjHADM7gRZFnG5/NhiYgAQQjJH5SQgM/vp62tDZ1O16sO

t9uN0WjEYDAEGeiiB3oxQ0FVAAG3243BYGDZsmXMnTuXAQMGhG2ksbGR0tJS3nzzTRRFwWQyoaoq

kqIEZ/MGZCmKgsViITMzk4qKCrxeL0K3TvYFRVGIjY0lLS2NEydOIMsygiAQCARISUlh586dtLS0

MG/ePFwuV1jCVFVl7NixXLlyhe+//x6dXt+DrLDTqKgqfr8fm83GunXrePLJJ0OI8ng8vPLKKzz1

1FPU1dWRmJjIqlWreOaZZ1BVVVv2NwO/38+wYcN47bXXGDp0KD6f7+fwBIDX62Xs2LG8/vrrxMbG

asGmqqrodDrMZjNms7nXPsmyTEREBC+99BL33HMPbrc7bL2wZujz+VBkBZPZRHZ2dkhZIBDgzbfe

4tzZs9xySzKbfvc7Nmx4nsEpg5k/fz6XL1/hjTf/QGxMLBD0eV6fD6VjdXVG4IIgYDQaARA7TE+S

JJxOJ5IkIQgCJpMJg8GALMt4vV5EUeyIxIPG0ElEpz5ZlkP8ktFopL6+nqlTpxIIBHC5XEiShMfj

0eqIooher8fn8xEIBPB6vTidTqxRUT3IDUuWJEnceuutTJo4ibVr17Ju3TpGjhwJgMvlorLya+bO

nsM/3X03CxYspKG+nsEpgxFFkYce+hcOHTrEd9//LyZzBH6/n7vuuouYmBgCgQD3338/UVFRVFdX

U1payrfffhs0WUkiJyeHefPmkZSUREVFBSUlJbS2ttK/f39mzZrFhQsXmDx5Munp6TgcDvbs2cPn

n38ePAqpqvbpCkVRmDFjBk1NTZSVlZGZmcns2bNJTU3l2rVrfPbZZxw/fpw1a9Zgs9mYP38+aWlp

/PvGjfgDgRBdYc1QJ+rIysxi7dq1jL1rLAUFBZw/fx6AqKgoxt45lk8Pfsrb77zNwIEDGDp0mCY7

ZMgQcsePx+/zB1ei309+fj5FRUUUFRXh9Xqprq5m4sSJfPDBB4waNQqPx4MgCKxevZr4+Hhqamq4

7777eP/990lISCA+Pp7169dTWlpKXl4eNTU1eDwetm7dypo1awh0G1QnOonLz88nJyeHkSNHsn37

dpKSkqisrESWZZ5//nlycnI0nc3NzZw/f16zhD5XFoJAeno6AMufWI4syRQWFrJ582ZGjBjB0qWP

MmPGr9lW/DZfHj1KYmLidYV6PWlpaRhNJk1Xpw8pKCjgww8/RBAEtm7dSklJCc899xxbtmxBp9Ox

bds21q9fjyRJvPrqq+zdu5fly5dTXFwMwIkTJ3jkkUdoa2tDVVXmzJnDyy+/zL59+/B6vWGHAkEf

297eTnZ2NhEREaxYsYILFy5gtVoZNmwYLpcLh8PB4sWLOXjwIFu2bGFQYmKPnTn8Pq2qxMXFacmV

K1eSl5dHYWEhly5dYs+evcTFxTHvoYd45513sNvtIeK2WBtGg0FLG41GGhoa+PTTT4mOjiYmJob2

9naKi4u5/fbbSU5ORpIkDh48iF6vp1+/fly7do0DBw5wxx13aH7pvffew+l0EhsbS0xMDAcOHOC7

775j0qRJmi/sDUajkZMnT+Lz+di5cyebNm1i4sSJNDc3Y7fbiY6ORhRFzGYzUWH8Va9kyYqCrIQ2

vnLlSqb/83SWPraU3Xt2s3btWl568UX8AT+rV6/G5XJpdRVZQeW67xBFkZ9++glJkjRnbjAY+PHH

HxEEAavVqm33neV6vV5z9IIgoCgKbW1tmgPvdOjXrl2jX79+NyQKwGQyUVtby6JFi6ipqWHmzJmU

lJSwY8cOEhMT8fv9feoIS5bRaKChvqFHflJiEs3NzbQ72omNjcVsNrPh+Q1YrVaeLnha2/abmq/i

811vXJZlEhMTsVgsmn/xer0MHz4cv99Pa2srer2+x2wKgqD5HVEUSU1N1cwtEAgQGRlJamoqly9f

7nOgnTpOnjzJihUrmDp1KgsWLCA9PZ2FCxdqZPUIqPsiy2QyceLEiZC8uro6it9+m9LS98nLy2Pj

xo2oqorVamXjxo1YIiyseWYNDoeDs2fOIklBUgSCoUh8fDyrVq3CaDTidDrJysriiSeeYN++fTQ3

N6PT6cKS1UmYLMs8/vjjZGdn43Q6MRgMFBQUEBERQXl5OaYOH+nz+fB6vfh8Pi0cEAQBn8/HvHnz

KCwsJDo6GrvdTlVVFQ6HQzu+GQwGRFHE6/WGJa2X445AZWUlx48f58477wSCUTqqyoCEBIaPGE5V

VRV+vx+TyYTZbOaFF15g06ZNLF36GN83fkdkx32XSjAeamtr495772XKlCk4HA6SkpL46quv2Lx5

M2lpaQAhfkdVVQRBwGAwQEeQ7PV62bFjB42NjVitVgwGAytXruTy5ctkZWVhMBgoKSnB7/drxO/a

tUtLe71eFi1axMyZM3E4HMTExOByuXj33Xfx+XwcPXqUpUuXkpmZyaqnn8bXzTSF0RkZbXS7WhZQ

cTpdZGdl8oc33iA6Khq3282zzz5Lyw+tSIEAc+fMJT8/P0RZa2sr+fn5NDY1ER0djT8QwO/3859b

tpCcnMzSRx8ld8IEoqxWvvnmGyoqKpAVhZiYGLKzszl+/DgejwexYwdNHTKEuLg4PB4Pu3fvZsmS

JTgcDtLT03E6nXx57BiNTU2YTCZibDZyJ0wgMjIyZIWePXMGCO6I1TU1DE5JITMri9jYWFpaWvjj

V3+kzR70hWazmcmTJ2PQ6zlQXg6hu6FdGJ2RsZdu/0ILqMiqgqPNzv33z2Tdv64jLq4fHo+H/Qf2

k3xLMjk5OSFE/fDDD2x+8UX27fsYnU6PIEBAkvH7/WwtKmLw4MEs+s1iTOYIVEVBbzBgMpkQRQFF

VvB4PERYIhAFsbMTBAIS9rY2hgwZwq6yMh5btoyvq6ow6PUIooDJZMag14MQXJVutxu6WY/RaERV

VURRxGgyEggE8Pv8KIqCqBMxmczodboOHQoetxsEgcjISK42hdyafqQHirqTBQI6UUd0VDS7d++m

taWVJUseYfLkycx6YFZITVmWOXzkCNu3b+PYsS+DMysK0GHzqqqi1+vR6XToDUYyszK1sj4hCJw+

Xa0lVYJBcTAGVK9n/rxz902jG1lFnX/fh6wuQSA4IEFEUSTaHU5stmgybruN9F+N5pbkZFRVpamx

kZqaGmrPnsHe1kZkpBVRJ3aQIRCQJFRVJXPMGMwREXxx9GjwxH+ztwoqqKpCtM3GpEmTOHz4MD/9

+CPiDa5Z/pzocs78qLa6Oj/sWwdR0PraQVxwl5EkCQQw6A0gCMiShKIqGPQG7VDcFf6AhMFgwOvx

BK9iOnadnwtFUXB7PFgiIrQ47C8I7a3DL69oboyer2i64pf3Wb2/z/o/Z4jQ19LLyeMAAAAASUVO

RK5CYII=

--b2_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU--

--b1_cLlvWXYXz0dcBPIiasEAuQcVPGA6OtNkI3s0vWwFTU--

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Saturday, April 19. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 19 Apr 2025 10:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u6Aiq-00000000L4d-10tg

for dave@doctor.nl2k.ab.ca;

Sat, 19 Apr 2025 10:07:16 -0600

Resent-From: The Doctor

Resent-Date: Sat, 19 Apr 2025 10:07:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f193.google.com ([209.85.214.193]:51516)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u686c-000000001D2-2d4i

for sales@nk.ca;

Sat, 19 Apr 2025 07:19:46 -0600

Received: by mail-pl1-f193.google.com with SMTP id d9443c01a7336-2260c91576aso23813015ad.3

for ; Sat, 19 Apr 2025 06:17:43 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=aiwebproservice-com.20230601.gappssmtp.com; s=20230601; t=1745068657; x=1745673457; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=5GHgoIkDcIVgCtZ+XCrgKPzW4z/ODJk7z5mg3Hzpjj8=;

b=U71To0Tc27HcbbdmIuyQq3NE/5sqw3P3KzPBQVo2lKxNUfam/bbSm7RM6dHhZrLOl1

S77U1/z8OoQxTo1WvniaqiV1sx+p0Uj/TJrKS/ZZ83TLZ/CMVm1nj3ZowrPH1u6l9Dfd

OnbPAlJF9Lg1VC10h+sAaIyGre+tsLGEcoKuNef1dQit6kZR3QUfGJzYpovWF0k6PqZ8

50zgfS9p+pDDgNWuNSnQ8x5tgKup1xB6gjzEHOMbjVN5Qssm9Rik1/0eoUH+/lxNeQjG

0iqvNcUT9fSu6ws/pBous57tpok6Ea2UU7f/ZazTBHpGS6UanGTP0Pc/SSuwERrMJzXE

gPdg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1745068657; x=1745673457;

h=to:subject:message-id:date:from:sender:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=5GHgoIkDcIVgCtZ+XCrgKPzW4z/ODJk7z5mg3Hzpjj8=;

b=NFGp3+KyXTnRBxRXT4G0P/a8KfH6BYwrE4226kphG8rNbVt/ioy4U4W2UrbjqiMkms

EzqxdFNqYYNo0lvwFB7ardt6EJ9BT6dyRpq/UyMvsgIhafZ3Kfs+vjqzkJ+/Xu/70GYD

EiNDzW5Y7QAIhIooJQcktu/ktLOMJEttTf3bve0rqONghkYdUbHVR0eHKwTAfG19bXaq

o95/BC3GkvsRLPM+yXI9l58sVD3fWc5m3NHw5FWGKN92AG2Fzsq1ZQY+GgN5lljhNxdv

TFd/36eNu+sQNAYOtKf7HJUHRIri11mURSaLBq7oWLTo4iFZuKOqKzpgKiWWt6hRr2Dv

GfIA==

X-Gm-Message-State: AOJu0Yzc2BBkFotk94nA1Kl5bTeFn60kQGMhFVtH4xM3ekZ6/zmIyiml

IiAvMr8her+PFIrG4qAEYjelYpFJvJa/KGJlw6EmRqKVEHXrMjjBTbxD7UaR/BaPG6XbFJbL1qV

YBpdDONVUYQmkPIOl47Afcs/REcUxMxD3wFqteDshvB6Zrxg2ZKtrGg==

X-Gm-Gg: ASbGncsNkchhDetLc8wgKVLtVbbljUrgDZq9EDQyvBSlGQB/Rwb6BFA0RJENmaLDdFo

4YARZxuyLHCZGVPxn6bcUKlB8llR3nzH70I6F1x3cguitCJ1vZ+DtHJ6l/dO83xMvz403JMBpE7

zEM26aMtoeWcqw1YBWfnVfBsbmI+kKAHx7U7BIEYjHK5qGIlNz4rxxfmPgwPIzttD73Q==

X-Google-Smtp-Source: AGHT+IH9EA3GzgwwUZMH02d1RsqEwZWO6ybd0wIg5UiSSaeB+nlLyVNTKaP7VMt2RIFZGUqasOGE/CXRw8pTyQIqEyE=

X-Received: by 2002:a17:903:19ed:b0:223:54e5:bf4b with SMTP id

d9443c01a7336-22c535bfe32mr95793965ad.25.1745068657059; Sat, 19 Apr 2025

06:17:37 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Sat, 19 Apr 2025 06:17:36 -0700

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Sat, 19 Apr 2025 06:17:36 -0700

MIME-Version: 1.0

Sender: Lukas

From: Lukas

Date: Sat, 19 Apr 2025 06:17:36 -0700

X-Google-Sender-Auth: fXV8G41ReL68XJdwbiSjj3W_Mzg

X-Gm-Features: ATxdqUEE7FJhfnSBIo0qN9bLenQzZNsCcikGqOmwIeYt8Y9OQcAxiep20n2pz3k

Message-ID:

Subject: Fwd : nk.ca, Can I Send A proposal ,

To: Sales

Content-Type: multipart/alternative; boundary="00000000000069b95b06332175dd"

X-Spam_score: 7.6

X-Spam_score_int: 76

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear nk.ca
[...]

Content analysis details: (7.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.214.193 listed in dnsbl.ahbl.org]

[209.85.214.193 listed in dnsbl.ahbl.org]

[209.85.214.193 listed in dnsbl.ahbl.org]

[209.85.214.193 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.214.193 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.214.193 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.214.193 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.214.193 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

[209.85.214.193 listed in will-spam-for-food.eu.org]

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.214.193 listed in wl.mailspike.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: aiwebproservice-dot-yamm-track.appspot.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.214.193 listed in list.dnswl.org]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} Fwd : nk.ca, Can I Send A proposal ,

--00000000000069b95b06332175dd

Content-Type: text/plain; charset="UTF-8"

Dear nk.ca

,

I wanted to bring to your attention some concerning issues regarding

your nk.ca

, website. It appears that your website has numerous technical errors and

lacks proper optimization for google.

I would be happy to send you errors and the solutions that would help to

improve your nk.ca

, website performance and traffic.

I guarantee, you will see a drastic change in your Google search ranking

once these are fixed.

We can place your website on Google's 1st page (Yahoo, etc.).

If yes please allow me to send you "Estimated timeline to reach first page

and price list "

Waiting for your reply

Kind Regards

Lukas

Digital Marketing Expert

-----------------------------------------------------------------

PS1: -If you are interested* please email me asking "Send me Issue

Report & quote".

Click here to unsubscribe

from future Email.

[image: beacon]

--00000000000069b95b06332175dd

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

9.2pt;background-image:initial;background-position:initial;background-size:=

initial;background-repeat:initial;background-origin:initial;background-clip=

:initial;border-collapse:collapse" border=3D"0" width=3D"386" cellspacing=

=3D"0" cellpadding=3D"0">

dth:289.2pt;padding:0.75pt 0.75pt 0cm;height:13.1pt" valign=3D"bottom" widt=

h=3D"386">

mily:verdana,sans-serif">Dear=C2=A0
n>
=3D"https://aiwebproservice-dot-yamm-track.appspot.com/2FHbLxo522avG3o6oyT7=

Ioymlp0m2lcfvfJoDdbKhwUCThTJOlgF3uJnGICXBmoYxn3ViT3B_xbWhTHFH5y_WER0nyg2OWS=

1Ry33JP1HT5cSuWdvEIs-UQ96Qobk4MOMecGhFfURu48MwgReb63BG_QF8WFGTQggXtvud5yE8N=

0tAcKVz" rel=3D"nofollow">nk.ca
i,sans-serif;font-size:18px">,

n style=3D"font-family:verdana,sans-serif">=C2=A0

l;background-position:initial;background-size:initial;background-repeat:ini=

tial;background-origin:initial;background-clip:initial">
-family:verdana,sans-serif">I wanted to bring t=

o your attention some concerning issues regarding your=C2=A0

://aiwebproservice-dot-yamm-track.appspot.com/2bzf-IdV2_d2C-fVKnnOEHxPAQM5i=

HzcKveb2ImwQri2VhTJOlgEaOgFF2Z8ERQ7ysn2JyzKDqITSJncMNhJM0bYLW2URDWP_JfMt5lV=

gI32Gflz1Uj4YDmmci9QHfps3Oo-bmVsDccg4VDjo2u60QqRq56sR257aRW9tNtY2fOI4PXw0" =

rel=3D"nofollow">nk.ca
;font-size:18px">,=C2=A0=C2=A0
s-serif">=C2=A0website. It appears that your we=

bsite has numerous technical errors and lacks proper optimization for googl=

e.

ackground-position:initial;background-size:initial;background-repeat:initia=

l;background-origin:initial;background-clip:initial">
lack">I would be happy to=C2=

=A0send you errors and the solutions
an>=C2=A0that would help to improve your=C2=A0

://aiwebproservice-dot-yamm-track.appspot.com/2ejnoSHAABoGokoNN7VAKTgFmlKNZ=

73gpeSDd9AIrul2WhTJOlgGgJ8yDdF6qffe8ZYAvAhpqCSvaziVqaZLEgu577QVAgPBefkMSgNi=

GactlBzRBJ9IrVpxdFmPUn1OtctnKqtiwSEAlso5-k8dT9L_NEjekd2Hxz5X2HlJkP2tyYQ6o" =

rel=3D"nofollow">nk.ca
;font-size:18px">,=C2=A0
ont-family:verdana,sans-serif">website performance and traffic.
n>

ackground-position:initial;background-size:initial;background-repeat:initia=

l;background-origin:initial;background-clip:initial">
lack">I guarantee, you will =

see a drastic change in your Google search ranking once these are fixed.
pan>

-height:normal">
t windowtext;padding:0cm">We can place your website on Google's 1st pag=

e (Yahoo, etc.).=C2=A0

e-height:15pt;background-image:initial;background-position:initial;backgrou=

nd-size:initial;background-repeat:initial;background-origin:initial;backgro=

und-clip:initial">

ackground-position:initial;background-size:initial;background-repeat:initia=

l;background-origin:initial;background-clip:initial">
und-color:rgb(255,255,0)">If yes please allow me to send you "Estimate=

d timeline to reach first page and price list "=C2=A0
tyle=3D"color:black">

>

>
dding:0cm">Waiting for your reply=C2=A0

:0cm 0cm 10pt;line-height:15pt;background-image:initial;background-position=

:initial;background-size:initial;background-repeat:initial;background-origi=

n:initial;background-clip:initial">

-family:verdana,sans-serif">Kind Regards

n:0cm 0cm 0.0001pt;line-height:normal">
ans-serif">

r:rgba(0,0,0,0.87);font-family:"Google Sans",Roboto;text-align:ce=

nter;background-color:rgb(233,238,246)">Lukas
>

n style=3D"color:black">Digi=

tal Marketing Expert

ne-height:14.95px">---------=

---------------------=

-----------------------------------

nt-family:verdana,sans-serif">PS1:=C2=A0-If you are=C2=A0interest=

ed=C2=A0please email me asking=C2=A0
an style=3D"font-family:verdana,sans-serif">"Send me=C2=A0Issue Report=

& quote".

ackground-position:initial;background-size:initial;background-repeat:initia=

l;background-origin:initial;background-clip:initial">Click here to=C2=A0=C2=

=A0
GPqYndUxrAwSCokKhYxdOclgLQEAQGmw6-XhTJOlgEywrIHIEWYJWQOQ95qVvV-WOMhpgLGAjnd=

bl4qww-XjnUFyu8WwnMipLT29uCgox6l3lKUSbcOO1rddCVHv9YkqRToG3ZSwxSlOxpZ1IcR0I6=

cuhwUpU3ER74TgkYdvmR3" rel=3D"nofollow" target=3D"_blank" style=3D"color:rg=

b(5,99,193);font-family:verdana,sans-serif;font-size:16px">unsubscribe=

=C2=A0 from future Email.=

=C2=A0

XKEwHoX13oe2hFXhOzL4wTRBGbRU_VvGQhTJOlgHhzT16rtEY9ch63D9cM4M4DnSjox0zW2k305=

vW0HUTHPOxXr3ejeB17X65BksGd1pWgG5bBUEVQn7VNS94iQwi5WcdmUOKzfxLTBHzk0BA4J34g=

EAYzyR4" width=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; dis=

play:none!important;">

--00000000000069b95b06332175dd--

Categories: Google Gmail Spam

0 Comments

gambling spam from OVH
Posted by Dave Yadallee on Saturday, April 19. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 18 Apr 2025 23:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u60Po-000000004iQ-3UyL

for dave@doctor.nl2k.ab.ca;

Fri, 18 Apr 2025 23:06:56 -0600

Resent-From: The Doctor

Resent-Date: Fri, 18 Apr 2025 23:06:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.vitafd.info ([148.113.46.196]:52805)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u60KJ-000000004RC-152d

for doctor@nl2k.ab.ca;

Fri, 18 Apr 2025 23:01:23 -0600

Received: from email.vitafd.info (mail.vitafd.info [148.113.46.196])

by mail.vitafd.info (Postfix) with ESMTPSA id 48C4D89A0B

for ; Sat, 19 Apr 2025 05:01:04 +0000 (UTC)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.vitafd.info;

s=default; t=1745038864;

bh=+ozeycXU3BWtM/KLHMulQ4X/DiteYMkMfagClipZoxU=; h=Subject:From:To;

b=HD7AIwWsVi9uRSAfhLaX+NPHo7LIBlKbwElA20zz9OBkhfanCi4H6icXXPAcDlQNA

bTchofGBojqFJFKHvubX65aFCsEgnmNx8RzB/u+WoFfTu9NSwGpipbrmEXRsKu5k36

bXB2nvDdCPp8vciLF9N1FEZpIL+lzdWwMeJjYFVuZvxtevlx7ZvUmhDlez6+bsCt7m

Gw2Dcn3LI1VitwOu0p9kbfgtzFT/vSH01DcvxRMVVrT7inIfeiq65z5uJdIG2XR/RX

TGZoC4RHcGdrZKwCJ1HqLksDpB2sFH5aYSyxoBCzh+kN6DU5JD2vovX9UmJenbF2kH

eJKkcG3WNdQdw==

Authentication-Results: mail.vitafd.info;

spf=pass (sender IP is 148.113.46.196) smtp.mailfrom=vfdsdfweef@email.vitafd.info smtp.helo=email.vitafd.info

Received-SPF: pass (mail.vitafd.info: connection is authenticated)

Message-ID: <1e2015987b781bb064a8f707e20e02a350307a35@email.vitafd.info>

Date: Sat, 19 Apr 2025 05:01:04 +0000

Subject: Something BIG just hit your =?utf-8?Q?inbox=E2=80=A6?=

From: Trust dice

Reply-To: Trust dice

To: "doctor@nl2k.ab.ca"

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="_=_swift_1745038864_b2e38ed354d974d83d7cc5eb552735ff_=_"

X-Report-Abuse: https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/report-abuse/ds268pvkv8687/cp960lpcmq51e

x-job: wg069s4pb8199

X-EBS: https://email.vitafd.info/index.php/lists/block-address

List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Unsubscribe: ,

List-Id: ds268pvkv8687

Feedback-ID: wg069s4pb8199:cp960lpcmq51e:ds268pvkv8687:nt201ek4wy593

X-Spam_score: 21.9

X-Spam_score_int: 219

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Register Now View online here [https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

[https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

Content analysis details: (21.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[148.113.46.196 listed in dnsbl.ahbl.org]

[148.113.46.196 listed in dnsbl.ahbl.org]

[148.113.46.196 listed in dnsbl.ahbl.org]

[148.113.46.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[148.113.46.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[148.113.46.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[148.113.46.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[148.113.46.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[148.113.46.196 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

[148.113.46.196 listed in will-spam-for-food.eu.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[148.113.46.196 listed in zen.spamhaus.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: vitafd.info]

4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist

[URI: vitafd.info]

2.3 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: email.vitafd.info]

0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS

blocklist

[URI: email.vitafd.info/148.113.46.196]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[148.113.46.196 listed in wl.mailspike.net]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: email.vitafd.info/148.113.46.196]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.3 LONGWORD BODY: Uses overlong words

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Something BIG just hit your =?utf-8?Q?inbox=E2=80=A6?=

--_=_swift_1745038864_b2e38ed354d974d83d7cc5eb552735ff_=_

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

Register Now=20

View online here

[https://email.vitafd.info/index.php/cam=

paigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f=

4ab0a27488]

=09=09

[https://email.vitafd.info/index.php/campaign=

s/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a=

27488]

=09=09

[https://email.vitafd.info/index.php/campaigns/wg069s=

4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]=

=09=09Hey, have you heard?

=09=09We're giving the first 100 ne=

w players

access to our MOST GENEROUS

welcome package ever:

=09=

=09

[https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-ur=

l/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[h=

ttps://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960l=

pcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[https://e=

mail.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/=

0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[https://email.vit=

afd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e7=

9964a145ffe422d2dff07f4ab0a27488]

=09=09WHY 1.5 MILLION PLAYERS

CHO=

SE TRUSTDICE

=09=09

[https://email.vitafd.info/index.php/campaigns/=

wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27=

488]

=09=09

[https://email.vitafd.info/index.php/campaigns/wg069s4p=

b8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=

=09=09And remember, just TrustDice!

TrustDice Team

=09=09

[ht=

tps://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lp=

cmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09Terms & Condit=

ions

[https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-u=

rl/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[=

https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960=

lpcmq51e/74b2121bafce3247d4a5b76c6f788496d77fc2fa]

=09=09

[https://ema=

il.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f=

7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[https://email.vitafd.i=

nfo/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a=

145ffe422d2dff07f4ab0a27488]

=09=09

[https://email.vitafd.info/index.p=

hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2=

dff07f4ab0a27488]

=09=09

[https://email.vitafd.info/index.php/campaign=

s/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a=

27488]

=09=09

[https://email.vitafd.info/index.php/campaigns/wg069s=

4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]=

=09=09

[https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/t=

rack-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09=

[https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/c=

p960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09

[https:/=

/email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51=

e/0f7966e79964a145ffe422d2dff07f4ab0a27488]

=09=09=C2=A9 Established =

in 2018. TrustDice is one of the premier,

leading online Bitcoin casinos.=

All rights reserved.

Unsubscribe Here

[https://email.vitafd.info/in=

dex.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/4d3eda57a440740b7e1=

79c0dbf524c242663295c]

--_=_swift_1745038864_b2e38ed354d974d83d7cc5eb552735ff_=_

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

=3D"IE=3Dedge">
tial-scale=3D1.0">

=09Something BIG just hit your inbox=E2=80=A6

=09

=09
ect" />

=09
0;400;500;600;700;800;900&display=3Dswap" rel=3D"stylesheet" />

l;">Register Now

ex.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe4=

22d2dff07f4ab0a27488">View online here

style=3D"border-spacing:0px;margin:auto;font-family: Arial, Helvetica, san=

s-serif" width=3D"600">

=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09

18px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

gns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab=

0a27488">
ice/logo.png" />

=09=09=09

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

gns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab=

0a27488">
ice/banner.jpg" />

=09=09=09

50px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

700;font-size: 36px;text-align: center;">Hey, have you heard?

400;font-size: 24px;text-align: center;padding: 15px 0 30px;">We're giving=

the first 100 new players

=09=09=09=09=09=09access to our
php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d=

2dff07f4ab0a27488" style=3D"text-decoration: none;font-weight: 700;color: #=

FFCF04;">MOST GENEROUS

=09=09=09=09=09=09welcome package ever:

/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145=

ffe422d2dff07f4ab0a27488">
templated/trust-dice/bonus-card.png" />

=09=09=09

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

gns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab=

0a27488">
ice/secure-bnx.jpg" />

/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145=

ffe422d2dff07f4ab0a27488">
templated/trust-dice/amount-section.png" />

/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145=

ffe422d2dff07f4ab0a27488">
templated/trust-dice/join-btn.png" />

=09=09=09

60px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

700;text-align: center;line-height: 46px;">WHY 1.5 MILLION PLAYERS

=09=09=09=09=09=09CHOSE TRUSTDICE

=3D"https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/c=

p960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488">
"https://lynkme360.com/email-templated/trust-dice/trustdice.png" />
d>

=09=09=09=09=09

/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145=

ffe422d2dff07f4ab0a27488">
templated/trust-dice/secure-bonus.png" />

400;text-align: center;line-height: 35px;">And remember, just TrustDice!
/>

=09=09=09=09=09=09TrustDice Team

=09=09=09

/email-templated/trust-dice/gradient-line.png" />

20px;">

=09=09=09
order-spacing:0px;">

=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09

=09=09=09

ail.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0=

f7966e79964a145ffe422d2dff07f4ab0a27488">
e360.com/email-templated/trust-dice/footer.png" />

ref=3D"https://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-ur=

l/cp960lpcmq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488" style=3D"color: #=

FFFFFF;font-size: 18px;font-weight: 700;text-decoration: none;">Terms & Con=

ditions

=09=09=09=09=09=09
tyle=3D"border-spacing:0px;">

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/74b2121bafce3247d4a5b76c=

6f788496d77fc2fa">
d/trust-dice/social-1.png" />
//email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq5=

1e/0f7966e79964a145ffe422d2dff07f4ab0a27488">
ynkme360.com/email-templated/trust-dice/social-2.png" />
hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2=

dff07f4ab0a27488">
d/trust-dice/social-3.png" />
//email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq5=

1e/0f7966e79964a145ffe422d2dff07f4ab0a27488">
ynkme360.com/email-templated/trust-dice/social-4.png" />
hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2=

dff07f4ab0a27488">
d/trust-dice/social-5.png" />

=09=09=09=09=09=09

=09=09=09=09=09=09
tyle=3D"border-spacing:0px;">

=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09

=09=09=09=09=09=09

hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2=

dff07f4ab0a27488">
d/trust-dice/social-6.png" />
//email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq5=

1e/0f7966e79964a145ffe422d2dff07f4ab0a27488">
ynkme360.com/email-templated/trust-dice/social-7.png" />
hp/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/0f7966e79964a145ffe422d2=

dff07f4ab0a27488">
d/trust-dice/social-8.png" />
ps://email.vitafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpc=

mq51e/0f7966e79964a145ffe422d2dff07f4ab0a27488">
//lynkme360.com/email-templated/trust-dice/social-9.png" />

=09=09=09=09=09=09

=09=09=09

x;color: #FFFFFF;font-weight: 400;line-height: 28px;border-top: 1px solid #=

FFCF04;padding: 20px 0;">=C2=A9 Established in 2018. TrustDice is one of th=

e premier,

=09=09=09leading online Bitcoin casinos. All rights reserved.

Unsubscribe
tafd.info/index.php/campaigns/wg069s4pb8199/track-url/cp960lpcmq51e/4d3eda5=

7a440740b7e179c0dbf524c242663295c">Here

mpaigns/wg069s4pb8199/track-opening/cp960lpcmq51e" alt=3D"" />

--_=_swift_1745038864_b2e38ed354d974d83d7cc5eb552735ff_=_--

Categories: OVH Spam and Phish, Phish

0 Comments

Web/SEO/App spam from Google Gmail
Posted by Dave Yadallee on Saturday, April 19. 2025

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 18 Apr 2025 21:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u5yXp-00000000OVs-1Dsh

for dave@doctor.nl2k.ab.ca;

Fri, 18 Apr 2025 21:07:05 -0600

Resent-From: The Doctor

Resent-Date: Fri, 18 Apr 2025 21:07:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f177.google.com ([209.85.214.177]:57362)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u5ro6-0000000083n-1MAj

for root@nk.ca;

Fri, 18 Apr 2025 13:55:36 -0600

Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-224100e9a5cso26617475ad.2

for ; Fri, 18 Apr 2025 12:53:33 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1745006007; x=1745610807; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=68j5E8QGVxuj+zILLjcdaoKnrCU/VTFKg9iZ59svyxo=;

b=WxmQB00R2wPWeTwkMNFBYJOLK2hKgoq4nR0t+GHvBRNOXLZjoLsoUKsIkfaoU6mzkL

YZ7FOXUGc6TL9Qk5yvkz3auy/camTHJij5D3BarlutijosWkzzzXQzXlQIyrTq8L2yj+

19EId65Do0ZMC0qcQ6uycEyHsmj8s9SaeyZrpfMtsDRl6dLPlEGgcgpJEVCSCyfR4G2Q

ALLoM4GWCMIXsOOa7Xniz3Aek77EzvQUP9ZgB+XnoL64CBxeP07yKlSDMHgFSUnF9z3S

zPcouvUKTpxMb1VaYzl8N4EFhi9g2zc05aGjo6EfNxHDBpaI6kYGNuITCkyGhpLwFNVT

wlpw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1745006007; x=1745610807;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=68j5E8QGVxuj+zILLjcdaoKnrCU/VTFKg9iZ59svyxo=;

b=iibAvEq7B/H0IdFsycO6CWOynSiaLtnyymI9mddYM2CkcUe7ojLWTzKGNZ9/135i4A

lz0F4sA2FA/tDEwvemvLPSeN/U3/AmJy1LKhDSl+XB9IfQn8pq0+haFnYivVkoDvfuep

+3asiQEaw8kSmY52mL/MUlFGhSEutHjyy/fDZ9f912uLxxzZhmHtcz9Vp22K3tXYj7pi

XMm2mpUeNlOa463ZY5t1+G0SWdOOHej8j+lagLz9Nv3qGPImwG49ImwXm396AwnzWINf

0HGJyFwaGYc3nNfehMuaejUMDoaPJGzHZ3VI9yL3kdtUrcuYHiFYGKm/A0dlT3tlA9E9

GBWg==

X-Gm-Message-State: AOJu0Yyj/vY3pkeWK7VtUTqmTEEsmbgVbneHQ3EYi7pGW1bFJivSl0rr

ITyS4Wz1fFtwyrxdx7h5Ik2EnUDZXi3ZcieXVu/Ph2aFRs+dexJeLXnR220B

X-Gm-Gg: ASbGnctEqTLBNMIuGF3x70RB28QH6zu71jcNcqCqveU1BONo3TvR7j4wtXfoEDfPxER

wwFi5A7JsiHdf4va4LFdpKyqKEcA8aWm93C9DT0iD7AOKhofxXoMokxk4Nf1M1YYA0u9miDXu8e

W6Ad4H7J0rNXzck4EVgjOkp03stPEKPrJSTLUblNHEfVj+31Dsg4aG6cxhQ4esXEDcfJ7kTCq4p

AWwFXd0UU6EKnyHPZgSl0M3FA/ZaQWumvAmycN/804oMFhtxBp1KUoAtBQHE/hbj0BFg5e0jYU7

XdrIZ1pwAHJ/5/HlWJTVyc7tfNFmCZRx7ilvEiwWqL+qrkeOPMx9g9wKbWgUCjNCr52SUdI=

X-Google-Smtp-Source: AGHT+IHl1nHh2mhmCWp5RPGHeMymGlTWW2bBqgSjSw0Ho7A4LOIo6X5al3jSV2BIoRX8x8C1QG2hKg==

X-Received: by 2002:a17:902:f541:b0:220:e362:9b1a with SMTP id d9443c01a7336-22c535a9909mr55761185ad.25.1745006007094;

Fri, 18 Apr 2025 12:53:27 -0700 (PDT)

Received: from DESKTOP1B92V7I ([2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25])

by smtp.gmail.com with ESMTPSA id d9443c01a7336-22c50ecec54sm20550755ad.168.2025.04.18.12.53.25

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 18 Apr 2025 12:53:26 -0700 (PDT)

From: Alice

X-Google-Original-From: "Alice"

To:

Subject: Re: Web Impact ?

Date: Sat, 19 Apr 2025 01:23:09 +0530

Message-ID: <315501dbb09b$8c96bcb0$a5c43610$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_3156_01DBB0C9.A64EF8B0"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Aduwm2GmjucTj83mRCCrvNPF0bE68w==

Content-Language: en-us

X-Spam_score: 6.0

X-Spam_score_int: 60

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, root@nk.ca I reach out to see if there is something you

want to repair or redesign on your site. I provide complete, built-from-scratch

site Re-design services like: - New Website Design: Custom Website Design,

Responsive Web Development, E-commerce Development

Content analysis details: (6.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.214.177 listed in dnsbl.ahbl.org]

[209.85.214.177 listed in dnsbl.ahbl.org]

[209.85.214.177 listed in dnsbl.ahbl.org]

[209.85.214.177 listed in dnsbl.ahbl.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in dnsbl.ahbl.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in dnsbl.ahbl.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in dnsbl.ahbl.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.214.177 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.214.177 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.214.177 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.214.177 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[2401:4900:47f4:b17f:d5b1:2179:dc4b:7c25 listed]

[in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

[209.85.214.177 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.214.177 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[alicehjtprintregarry(at)gmail.com]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.214.177 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} Re: Web Impact ?

This is a multi-part message in MIME format.

------=_NextPart_000_3156_01DBB0C9.A64EF8B0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Hi, root@nk.ca

I reach out to see if there is something you want to repair or redesign on

your site.

I provide complete, built-from-scratch site Re-design services like: - New

Website Design: Custom Website Design, Responsive Web Development,

E-commerce Development

I have made several very brilliant websites.

Let's connect for a quick chat! and 10-minute call this week to discuss how

we can support your business goals?

Thanks,

Alice,

P.S. If you are not interested in our services, please write Unsubscribe in

the subject line and send it to us.

------=_NextPart_000_3156_01DBB0C9.A64EF8B0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">
vlink=3Dpurple>
Hi, =

root@nk.ca
I reach out to see if there is =

something you want to repair or redesign on your site.

class=3DMsoNormal>I provide complete, built-from-scratch site =

Re-design services like: - New Website Design: Custom Website =

Design, Responsive Web Development, E-commerce Development

class=3DMsoNormal> I have made several very brilliant websites.

class=3DMsoNormal>Let’s connect for a quick chat! and =

style=3D'font-family:"Calibri","sans-serif";color:#222222'>10-minute =

call this week to discuss how we can support your =

business goals?
Thanks,

class=3DMsoNormal>Alice,
P.S. If you are not =

interested in our services, please write Unsubscribe in the subject line =

and send it to us.

class=3DMsoNormal>

------=_NextPart_000_3156_01DBB0C9.A64EF8B0--

Categories: Google Gmail Spam

0 Comments

Page 754 of 754, totaling 11300 entries

previous page

No entries to print

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '25					Forward →
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30