Nigerian spam from China
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 17 Sep 2023 05:24:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qhppz-0008Vi-1b
for dave@doctor.nl2k.ab.ca;
Sun, 17 Sep 2023 05:21:15 -0600
Resent-From: The Doctor
Resent-Date: Sun, 17 Sep 2023 05:21:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 59-126-158-195.hinet-ip.hinet.net ([59.126.158.195]:49184 helo=localhost)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
id 1qhhic-00008T-0W
for cyrus@nl2k.ab.ca;
Sat, 16 Sep 2023 20:41:09 -0600
Received: from User (unknown [79.110.62.154])
by localhost (Postfix) with ESMTPA id A4CE348621C9;
Sun, 17 Sep 2023 09:58:04 +0800 (CST)
Reply-To:
From: "Mrs. Diana Barbara. Nilsson"<<>>
Subject: Congratulation!!! From World Bank Compensation Fund Program.
Date: Sat, 16 Sep 2023 18:58:16 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 41.6
X-Spam_score_int: 416
X-Spam_bar: +++++++++++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attn: E-mail Owner / Beneficiary. OFFICIAL NOTICE: This is
to inform you that you've been selected by the WORLD BANK COMPENSATION FUND
PROGRAM COMMITTE to receive a compensation funds valued US $6,500,000.00
(Six Million Five Hundred [...]
Content analysis details: (41.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[59.126.158.195 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[59.126.158.195 listed in bb.barracudacentral.org]
2.6 FROM_NO_USER From: has no local-part before @ sign
0.0 NSL_RCVD_FROM_USER Received from User
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
3.6 HELO_LOCALHOST No description available.
0.0 FSL_HELO_NON_FQDN_1 No description available.
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[largemoney01(at)gmail.com]
1.2 MISSING_HEADERS Missing To: header
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[79.110.62.154 listed in zen.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[79.110.62.154 listed in zen.spamhaus.org]
2.5 MILLION_USD BODY: Talks about millions of dollars
1.5 HK_SCAM_N8 BODY: No description available.
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 MONEY_NOHTML Lots of money in plain text
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.7 HK_SCAM No description available.
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 HK_NAME_MR_MRS No description available.
2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 FROM_MISSPACED From: missing whitespace
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 LOTTO_DEPT Claims Department
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
Subject: {SPAM?} Congratulation!!! From World Bank Compensation Fund Program.
Attn: E-mail Owner / Beneficiary.
OFFICIAL NOTICE: This is to inform you that you've been selected by the WORLD BANK COMPENSATION FUND PROGRAM COMMITTE to receive a compensation funds valued US $6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only. You are among the 100 lucky e-mail owner that was selected for this year World Bank Compensation Fund Program. This selection process usually come up every year and luckily for you, your e-mail address is among the 100 e-mail addresses that was selected for the year 2023.
Your compensation funds valued US$6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only from the WORLD BANK COMPENSATION FUND PROGRAM has been signed for immediate pay out to you, but you will have to contact our financial legal officer for further information on how to claim your World Bank Compensation Fund.
Contact details below
Name: Mr. Woodruff Clark. Edmond (Esq).
E-mail: largemoney01@gmail.com
The purpose of this program is to sustain economic growth, and reduce poverty around the world. We have several humanitarian aid programs worldwide, and as we give humanitarian aid to the vulnerable in American's, Africa, Asian and European Countries, we also derive at the conclusion of giving a financial aid to an individual business owner to promote creation of jobs and opportunities worldwide. Note, with this program, we have been able to support a lot of individual to become a Business Owner worldwide.
Kindly contact our financial legal officer on the email address above for your approved World Bank Compensation Fund valued US$6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only.
Congratulations to you.
Yours Faithfully.
Mrs. Diana Barbara. Nilsson
World Bank Compensation Fund Committee.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 17 Sep 2023 05:24:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qhppz-0008Vi-1b
for dave@doctor.nl2k.ab.ca;
Sun, 17 Sep 2023 05:21:15 -0600
Resent-From: The Doctor
Resent-Date: Sun, 17 Sep 2023 05:21:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 59-126-158-195.hinet-ip.hinet.net ([59.126.158.195]:49184 helo=localhost)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
id 1qhhic-00008T-0W
for cyrus@nl2k.ab.ca;
Sat, 16 Sep 2023 20:41:09 -0600
Received: from User (unknown [79.110.62.154])
by localhost (Postfix) with ESMTPA id A4CE348621C9;
Sun, 17 Sep 2023 09:58:04 +0800 (CST)
Reply-To:
From: "Mrs. Diana Barbara. Nilsson"<<>>
Subject: Congratulation!!! From World Bank Compensation Fund Program.
Date: Sat, 16 Sep 2023 18:58:16 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 41.6
X-Spam_score_int: 416
X-Spam_bar: +++++++++++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attn: E-mail Owner / Beneficiary. OFFICIAL NOTICE: This is
to inform you that you've been selected by the WORLD BANK COMPENSATION FUND
PROGRAM COMMITTE to receive a compensation funds valued US $6,500,000.00
(Six Million Five Hundred [...]
Content analysis details: (41.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[59.126.158.195 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[59.126.158.195 listed in bb.barracudacentral.org]
2.6 FROM_NO_USER From: has no local-part before @ sign
0.0 NSL_RCVD_FROM_USER Received from User
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
3.6 HELO_LOCALHOST No description available.
0.0 FSL_HELO_NON_FQDN_1 No description available.
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[largemoney01(at)gmail.com]
1.2 MISSING_HEADERS Missing To: header
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[79.110.62.154 listed in zen.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[79.110.62.154 listed in zen.spamhaus.org]
2.5 MILLION_USD BODY: Talks about millions of dollars
1.5 HK_SCAM_N8 BODY: No description available.
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 MONEY_NOHTML Lots of money in plain text
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.7 HK_SCAM No description available.
1.9 REPLYTO_WITHOUT_TO_CC No description available.
0.0 HK_NAME_MR_MRS No description available.
2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 FROM_MISSPACED From: missing whitespace
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 LOTTO_DEPT Claims Department
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
Subject: {SPAM?} Congratulation!!! From World Bank Compensation Fund Program.
Attn: E-mail Owner / Beneficiary.
OFFICIAL NOTICE: This is to inform you that you've been selected by the WORLD BANK COMPENSATION FUND PROGRAM COMMITTE to receive a compensation funds valued US $6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only. You are among the 100 lucky e-mail owner that was selected for this year World Bank Compensation Fund Program. This selection process usually come up every year and luckily for you, your e-mail address is among the 100 e-mail addresses that was selected for the year 2023.
Your compensation funds valued US$6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only from the WORLD BANK COMPENSATION FUND PROGRAM has been signed for immediate pay out to you, but you will have to contact our financial legal officer for further information on how to claim your World Bank Compensation Fund.
Contact details below
Name: Mr. Woodruff Clark. Edmond (Esq).
E-mail: largemoney01@gmail.com
The purpose of this program is to sustain economic growth, and reduce poverty around the world. We have several humanitarian aid programs worldwide, and as we give humanitarian aid to the vulnerable in American's, Africa, Asian and European Countries, we also derive at the conclusion of giving a financial aid to an individual business owner to promote creation of jobs and opportunities worldwide. Note, with this program, we have been able to support a lot of individual to become a Business Owner worldwide.
Kindly contact our financial legal officer on the email address above for your approved World Bank Compensation Fund valued US$6,500,000.00 (Six Million Five Hundred Thousand United States Dollars) Only.
Congratulations to you.
Yours Faithfully.
Mrs. Diana Barbara. Nilsson
World Bank Compensation Fund Committee.