Ukrainian based Gamil spam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 30 Apr 2022 10:06:01 -0600

Received: from mail-io1-f53.google.com ([209.85.166.53]:46817)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nkpal-000E9r-BV

for dave@doctor.nl2k.ab.ca;

Sat, 30 Apr 2022 10:05:14 -0600

Received: by mail-io1-f53.google.com with SMTP id g21so12474171iom.13

for ; Sat, 30 Apr 2022 09:04:50 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;

b=SJIWq6qQWLbNCwI16vQetYEZ6sqeYKkqAkKSHnttR4PK/nRTSfHc3DFb349A9I78Jb

PVWUajUUp7D0WgsAv2w5/q0fpxYLvh9szXdSB8sROPGfHfViWCCIwrQi/JeIGB04tSjd

/ZLh6uh4MUpgkOuoGoXgaMcq0eMA92av1m4RExIfcmxbKhjoUsCQax4S6aHWsoU4Zqbp

n93SaoZeWW6hne29cqJmhqZ2WSjrj4YME+hcddutfJioN7fQjhlhjdyjhtia5TQmsE9m

7n1ELQKYsSM82O2aYXhD7FgQeY0Svx/hYJEWNjcsYj2w12eysf+wjBZeonbvKfwq8ppA

UWmA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;

b=tJxNd8w0v/U8e2EJqyKCpvAlalkgy3uZToTvmX+x/s+9XkMqYb6JwDN5mWp4xNGNH1

f9sGXRGOa/53rMmvDLjuXDgEaIFRSLdHcQwT1kag/GgNP++pzMXioTxpDSmH/Ti9IvXc

xn2DwHFfuSBXBnYeMyueSUmGmIU08Mjql5K/yaMbwY6A1TmD21/olRKgRatDYPbIwHe+

oxk0H/gnGfO44NQxZXxEocQ5JZjX9v2AlUfCF+igMyYSJxQi3gmXSeJOb+HjvoxDKEl3

suRhTwWZidfPUqhh6YDbFIe0lnGhfvqaSfOHMuALzdsUhG0VbYgm/VoWJOzVt6g9By7C

AWDw==

X-Gm-Message-State: AOAM533lj3ZUYun5FfLgUIBOirSlnE4p1HIbLEnvJSbB+gF4lNRWq4Md

HsCEA2OqZRiueHSTPrgDUI5nWw0weB0Rjr6fvm4=

X-Google-Smtp-Source: ABdhPJy6vvbAgvEbyTnRvbQp+qm+AdZCEvw61S6RRV13SW9ejiitBG98IVvbWXXt5j0aBl3KKmrPjucA+zvtVTwg4E4=

X-Received: by 2002:a5d:81cd:0:b0:64f:cc56:873a with SMTP id

t13-20020a5d81cd000000b0064fcc56873amr1667594iol.156.1651334683514; Sat, 30

Apr 2022 09:04:43 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6e02:178b:0:0:0:0 with HTTP; Sat, 30 Apr 2022 09:04:42

-0700 (PDT)

Reply-To: ninaandriy31@yandex.com

From: NINA ANDRIY

Date: Sat, 30 Apr 2022 09:04:42 -0700

Message-ID:

Subject: READ AND GET BACK TO ME

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 18.1

X-Spam_score_int: 181

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: From. Mrs.Nina Andriy I am Nina Andriy the daughter of Mr.Danilo

Andriy, from (Ukraine sunflower oil & wheat, maize farmer ) my father was

murdered by the Russian Army troop because of the war between Russian& Ukraine

it w [...]



Content analysis details: (18.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.166.53 listed in wl.mailspike.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[alhmed7777[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[ninaandriy31[at]yandex.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[alhmed7777[at]gmail.com]

2.5 MILLION_USD BODY: Talks about millions of dollars

0.9 URG_BIZ BODY: Contains urgent matter

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 LOTS_OF_MONEY Huge... sums of money

2.0 TVD_PH_BODY_META No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

2.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} READ AND GET BACK TO ME



From. Mrs.Nina Andriy



I am Nina Andriy the daughter of Mr.Danilo Andriy, from (Ukraine

sunflower oil & wheat, maize farmer ) my father was murdered by the

Russian Army troop because of the war between Russian& Ukraine it was

so very terrible. .

He was a sunflower oil & wheat and maize farmer who have invested much

in agriculture political opponents.

I acknowledge very well that my father deposited the sum of US$(5M

(FIVE MILLION UNITED STATES DOLLARS) with UNITED BANK FOR AFRICA(

UBA) here in Burkina Faso West -Africa with the intention of using

it for the purchase of new farm machinery and chemical for

Agricultural purpose as well as purchasing hectares of land in Burkina

Faso for his investment. I am now on political asylum. (Refugee)

Burkina Faso, I want you to understand that this is purely family fund

not money laundering affair.

I solicit for your honest assistance as I want this fund to be

transferred to your account in oversea with your partnership, I will

want to invest this fund in your country.

I can invest the fund as a family investment together with you in

your country be assured that deposited document of this fund with

the bank, are with me . Feel free to ask any question regarding this

transaction.

Hoping to hear from you soonest,

I need your urgent and confidential response towards this transaction.



Yours faithfully

Mrs.Nina Andriy

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA