fraudulent spam from Outlook servers
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 04 Sep 2022 13:46:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oUvYT-000EV0-Ix
for dave@doctor.nl2k.ab.ca;
Sun, 04 Sep 2022 13:45:17 -0600
Resent-From: The Doctor
Resent-Date: Sun, 4 Sep 2022 13:45:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sgaapc01rlhn2178.outbound.protection.outlook.com ([40.95.54.178]:6294 helo=APC01-SG2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oUsCF-000Igk-8C
for doctor@nl2k.ab.ca;
Sun, 04 Sep 2022 10:10:12 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=I5dZGxjmFi3gp9sIkxBShAMtLcBhWqTtS5mhH6BT4wBkffzIxDMnfSYv74H+BFasi+1JremDZnSX4ZFvTgguiYCSyWSBfqFGCyJwr1fZW0Q1LSJcofG5/s3A7+LPsHLyQh9GDLdgMp+tq7Ak5RuYTXKVuUDZ8dHrRN274JFebsTpknGm4aOQwLEfkTjBqIH+cYSH/jxw+o+O08xn9W4P7ctPcMOC0ZfoPVhP9a3htTsg5+Tn9pN1pYFyiE1KyLE+SH7mVRvWi4Iao134qXdlPG94UHcitfZFhb1IXNmaNa25YX2ohngEChBo1/smdX0fFXEQbuobohIhWuRhmIMN7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zhjSLwdK445sPHO/q1NSpdCkTIAvL+N4zhMGTXiUhFc=;
b=UKIb1/UqpMy0yKZByZsnf2c0IUA85s0QpExedEacvM1AagugABmZmNinHKPoOJIZsJnzsmVMWE8D3ADabKr2/g5BnbvS6anMPrCSR9EMeKlI/XVw4LGyy6uWDSyll06efnxVOuB5n1Ftu1Ao9Y+sR45trGYf0fot1VGrfO4uCbDjptRlehFmTm+RHFhVJUiwzn7FEX0Jfj6y4oE3kj+EvjfVd8SwjZaQfWj/fGnEfLjfBvsYFdYeOZMKu1Y3Olue7Sr95VurS3KViQ00RxdZtBuCpxrV5q4XFQT32iP1IDoQqZP3+H7sfzr0ijL7w2juSl2Ev/qKAUQC7zNb3OlLXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
172.107.174.74) smtp.rcpttodomain=keypoliceman.com smtp.mailfrom=uaegov.ae;
dmarc=none action=none header.from=uaegov.ae; dkim=none (message not signed);
arc=none (0)
Received: from PS2PR01CA0023.apcprd01.prod.exchangelabs.com
(2603:1096:300:2d::35) by SG2PR04MB5938.apcprd04.prod.outlook.com
(2603:1096:4:1d6::5) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Sun, 4 Sep
2022 16:09:41 +0000
Received: from PSAAPC01FT003.eop-APC01.prod.protection.outlook.com
(2603:1096:300:2d:cafe::4d) by PS2PR01CA0023.outlook.office365.com
(2603:1096:300:2d::35) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.18 via Frontend
Transport; Sun, 4 Sep 2022 16:09:40 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 172.107.174.74)
smtp.mailfrom=uaegov.ae; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=uaegov.ae;
Received-SPF: None (protection.outlook.com: uaegov.ae does not designate
permitted sender hosts)
Received: from mail.prasarana.com.my (58.26.8.158) by
PSAAPC01FT003.mail.protection.outlook.com (10.13.38.82) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 16:09:40 +0000
Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by
MRL-EXH-01.prasarana.com.my (10.128.66.100) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2176.14; Mon, 5 Sep 2022 00:09:23 +0800
Received: from User (172.107.174.74) by MRL-EXH-02.prasarana.com.my
(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend
Transport; Mon, 5 Sep 2022 00:09:10 +0800
Reply-To:
From: Reem A.
Subject: Hello
Date: Sun, 4 Sep 2022 11:09:24 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <02534a3f-fd35-44bb-a360-232178cef530@MRL-EXH-02.prasarana.com.my>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender: ip=[172.107.174.74];domain=User
X-MS-Exchange-ExternalOriginalInternetSender: ip=[172.107.174.74];domain=User
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84
X-MS-TrafficTypeDiagnostic: SG2PR04MB5938:EE_
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?rn1G3TgciEAf3+bl3MjQRF858PMPFJwT60ABul1tyzmSNULvbwUU2IwG?=
=?windows-1251?Q?z6Iu31Fg07/qv+3NWT9fnTWxvWOa5WXM6y9BezJUw9p/cA5BumVWDB3G?=
=?windows-1251?Q?2zLXewFhgDviv4RfX1yDq9IR+oLachxAmyejWMo7ag4YRRhB9mfi98dn?=
=?windows-1251?Q?ggueoHbC5GWCNMtEtWxw7iI9I6IatVfXEfXMlRuowLGgr12aTbfq6gyf?=
=?windows-1251?Q?1v0xz+6i1Q1qRT8p+Cec6DWP4VAvRTl7LoDXbrYSE2oX5y9x/ip20nAp?=
=?windows-1251?Q?epuN3jpFF0ppp8nGg3leyr/PNXg2RPb7Dl/aDJE3ObG2cgCZaBp0vgw8?=
=?windows-1251?Q?We/X+W4EwtYvqt7E2P4owEkX+aiU2IiWcrA1Enxa2AYI/QwF1uCXW9Q6?=
=?windows-1251?Q?FdxthhYm/39M5IfROXznXrr1J2S7l12nrpGAYxTMa1xs/yoNqrhBHSKf?=
=?windows-1251?Q?29/bfwtU6X5d3EwNZUQPIzGq9e4veFgmaqPSH/nGHCtdwCGunzc49uDT?=
=?windows-1251?Q?wxKaOa9dLa+I9dzhp2laatrksEvm8EsonD4Iq17NgbxQSkSmMtHNJtQc?=
=?windows-1251?Q?AUkL5KewMCnPnrLfEU+nb/6RsSwOSE/lwwfVLbfyo1K3QlzSWXLgYjYg?=
=?windows-1251?Q?WbhhhS0kEMW6fikdTv/VVGBYYwnzUCv3DK8cmg6EikmbbwcxtoVXk0hT?=
=?windows-1251?Q?byf6mY01aogYUNYvYqd0N2MS6p01JfyyMMRANW+3sUYg0nBkb+B4mLD0?=
=?windows-1251?Q?1Wl6fFy1cCZasaikLK86FUsRiSJ5IeFFhWcqVGc1NBHmDTvnftsnO5Hf?=
=?windows-1251?Q?C+RyapTe1iJOmwg0olXZgZJs/+vO2JnuF7HSgDeol2LQOTUBzpPtzy7b?=
=?windows-1251?Q?KuUZ8ItByXaGsFIFLMpmIBbtQ+L6Ap0V+HAunImFSQgEZlbz3d0wx2oc?=
=?windows-1251?Q?50Fh1Id4oYYnD+JkRErMj9SL4JXftQE54hHPcnXr0y9B273AgyObDxsy?=
=?windows-1251?Q?Rl8kMEq2r0QMfnfKrOfO6PCUkLRuXP6LRRAXyACjOZHD518hpUo/fH/O?=
=?windows-1251?Q?qlYoDfjo4LHTsBRuXUv4jT3LgxsMJt8zLr7d67W9NFW6pjcZvwTMqcZH?=
=?windows-1251?Q?f/ogVAaqfO431n+Fwh3yVCtjKkNnt0+tDMP02LIY5Ry5/kZu+g8nN2Gp?=
=?windows-1251?Q?QcZCGRLJAfP3e+628fWhEH3chdRvnxqboTi/d/1aVD8c0+Xduxw3W3WS?=
=?windows-1251?Q?uPSfeU8015riJeLsdwZb1LtRI038A75CLOU0oqcUIzDdXhBmv1nIbk5E?=
=?windows-1251?Q?Nqgg0ccAYZyOOcwz37ahZ1NYfk9Q3Cpx7sAjm935NzyXfot7?=
X-Forefront-Antispam-Report:
CIP:58.26.8.158;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoNoRecords;CAT:OSPM;SFS:(13230016)(4636009)(136003)(376002)(346002)(39860400002)(396003)(40470700004)(36906005)(8676002)(26005)(9686003)(82310400005)(31696002)(498600001)(8936002)(41300700001)(156005)(109986005)(6666004)(32850700003)(32650700002)(3480700007)(83380400001)(336012)(81166007)(956004)(35950700001)(40460700003)(82740400003)(7366002)(70206006)(70586007)(7416002)(316002)(7406005)(7116003)(40480700001)(31686004)(2906002)(86362001)(5660300002)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: myprasarana.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 16:09:40.6422
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84
X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.158];Helo=[mail.prasarana.com.my]
X-MS-Exchange-CrossTenant-AuthSource:
PSAAPC01FT003.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB5938
X-Spam_score: 29.1
X-Spam_score_int: 291
X-Spam_bar: +++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, Good day to you. Apparently this email will be
coming to you as a surprise since we have not met before now. My name is
Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation
[...]
Content analysis details: (29.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
0.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector
mailbox
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[reem2018[at]daum.net]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.54.178 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.54.178 listed in psbl.surriel.com]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[40.95.54.178 listed in ix.dnsbl.manitu.net]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.95.54.178 listed in wl.mailspike.net]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.178;r=doctor.nl2k.ab.ca]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 XFER_LOTSA_MONEY Transfer a lot of money
1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
1.5 COMPENSATION "Compensation"
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
Subject: {SPAM?} Hello
Dear Friend,
Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020.
As an Arab women serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.
The amount is however, valued at Euro ?47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment.
REPLY ONLY TO reem.alhashimi@yandex.com
kind Regards,
Reem B. Al Hashimi
PO Box 899
AbuDhabi, United Arab Emirates
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 04 Sep 2022 13:46:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oUvYT-000EV0-Ix
for dave@doctor.nl2k.ab.ca;
Sun, 04 Sep 2022 13:45:17 -0600
Resent-From: The Doctor
Resent-Date: Sun, 4 Sep 2022 13:45:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sgaapc01rlhn2178.outbound.protection.outlook.com ([40.95.54.178]:6294 helo=APC01-SG2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oUsCF-000Igk-8C
for doctor@nl2k.ab.ca;
Sun, 04 Sep 2022 10:10:12 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=I5dZGxjmFi3gp9sIkxBShAMtLcBhWqTtS5mhH6BT4wBkffzIxDMnfSYv74H+BFasi+1JremDZnSX4ZFvTgguiYCSyWSBfqFGCyJwr1fZW0Q1LSJcofG5/s3A7+LPsHLyQh9GDLdgMp+tq7Ak5RuYTXKVuUDZ8dHrRN274JFebsTpknGm4aOQwLEfkTjBqIH+cYSH/jxw+o+O08xn9W4P7ctPcMOC0ZfoPVhP9a3htTsg5+Tn9pN1pYFyiE1KyLE+SH7mVRvWi4Iao134qXdlPG94UHcitfZFhb1IXNmaNa25YX2ohngEChBo1/smdX0fFXEQbuobohIhWuRhmIMN7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zhjSLwdK445sPHO/q1NSpdCkTIAvL+N4zhMGTXiUhFc=;
b=UKIb1/UqpMy0yKZByZsnf2c0IUA85s0QpExedEacvM1AagugABmZmNinHKPoOJIZsJnzsmVMWE8D3ADabKr2/g5BnbvS6anMPrCSR9EMeKlI/XVw4LGyy6uWDSyll06efnxVOuB5n1Ftu1Ao9Y+sR45trGYf0fot1VGrfO4uCbDjptRlehFmTm+RHFhVJUiwzn7FEX0Jfj6y4oE3kj+EvjfVd8SwjZaQfWj/fGnEfLjfBvsYFdYeOZMKu1Y3Olue7Sr95VurS3KViQ00RxdZtBuCpxrV5q4XFQT32iP1IDoQqZP3+H7sfzr0ijL7w2juSl2Ev/qKAUQC7zNb3OlLXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
172.107.174.74) smtp.rcpttodomain=keypoliceman.com smtp.mailfrom=uaegov.ae;
dmarc=none action=none header.from=uaegov.ae; dkim=none (message not signed);
arc=none (0)
Received: from PS2PR01CA0023.apcprd01.prod.exchangelabs.com
(2603:1096:300:2d::35) by SG2PR04MB5938.apcprd04.prod.outlook.com
(2603:1096:4:1d6::5) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Sun, 4 Sep
2022 16:09:41 +0000
Received: from PSAAPC01FT003.eop-APC01.prod.protection.outlook.com
(2603:1096:300:2d:cafe::4d) by PS2PR01CA0023.outlook.office365.com
(2603:1096:300:2d::35) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.18 via Frontend
Transport; Sun, 4 Sep 2022 16:09:40 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 172.107.174.74)
smtp.mailfrom=uaegov.ae; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=uaegov.ae;
Received-SPF: None (protection.outlook.com: uaegov.ae does not designate
permitted sender hosts)
Received: from mail.prasarana.com.my (58.26.8.158) by
PSAAPC01FT003.mail.protection.outlook.com (10.13.38.82) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5588.10 via Frontend Transport; Sun, 4 Sep 2022 16:09:40 +0000
Received: from MRL-EXH-02.prasarana.com.my (10.128.66.101) by
MRL-EXH-01.prasarana.com.my (10.128.66.100) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2176.14; Mon, 5 Sep 2022 00:09:23 +0800
Received: from User (172.107.174.74) by MRL-EXH-02.prasarana.com.my
(10.128.66.101) with Microsoft SMTP Server id 15.1.2176.14 via Frontend
Transport; Mon, 5 Sep 2022 00:09:10 +0800
Reply-To:
From: Reem A.
Subject: Hello
Date: Sun, 4 Sep 2022 11:09:24 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <02534a3f-fd35-44bb-a360-232178cef530@MRL-EXH-02.prasarana.com.my>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender: ip=[172.107.174.74];domain=User
X-MS-Exchange-ExternalOriginalInternetSender: ip=[172.107.174.74];domain=User
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84
X-MS-TrafficTypeDiagnostic: SG2PR04MB5938:EE_
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?rn1G3TgciEAf3+bl3MjQRF858PMPFJwT60ABul1tyzmSNULvbwUU2IwG?=
=?windows-1251?Q?z6Iu31Fg07/qv+3NWT9fnTWxvWOa5WXM6y9BezJUw9p/cA5BumVWDB3G?=
=?windows-1251?Q?2zLXewFhgDviv4RfX1yDq9IR+oLachxAmyejWMo7ag4YRRhB9mfi98dn?=
=?windows-1251?Q?ggueoHbC5GWCNMtEtWxw7iI9I6IatVfXEfXMlRuowLGgr12aTbfq6gyf?=
=?windows-1251?Q?1v0xz+6i1Q1qRT8p+Cec6DWP4VAvRTl7LoDXbrYSE2oX5y9x/ip20nAp?=
=?windows-1251?Q?epuN3jpFF0ppp8nGg3leyr/PNXg2RPb7Dl/aDJE3ObG2cgCZaBp0vgw8?=
=?windows-1251?Q?We/X+W4EwtYvqt7E2P4owEkX+aiU2IiWcrA1Enxa2AYI/QwF1uCXW9Q6?=
=?windows-1251?Q?FdxthhYm/39M5IfROXznXrr1J2S7l12nrpGAYxTMa1xs/yoNqrhBHSKf?=
=?windows-1251?Q?29/bfwtU6X5d3EwNZUQPIzGq9e4veFgmaqPSH/nGHCtdwCGunzc49uDT?=
=?windows-1251?Q?wxKaOa9dLa+I9dzhp2laatrksEvm8EsonD4Iq17NgbxQSkSmMtHNJtQc?=
=?windows-1251?Q?AUkL5KewMCnPnrLfEU+nb/6RsSwOSE/lwwfVLbfyo1K3QlzSWXLgYjYg?=
=?windows-1251?Q?WbhhhS0kEMW6fikdTv/VVGBYYwnzUCv3DK8cmg6EikmbbwcxtoVXk0hT?=
=?windows-1251?Q?byf6mY01aogYUNYvYqd0N2MS6p01JfyyMMRANW+3sUYg0nBkb+B4mLD0?=
=?windows-1251?Q?1Wl6fFy1cCZasaikLK86FUsRiSJ5IeFFhWcqVGc1NBHmDTvnftsnO5Hf?=
=?windows-1251?Q?C+RyapTe1iJOmwg0olXZgZJs/+vO2JnuF7HSgDeol2LQOTUBzpPtzy7b?=
=?windows-1251?Q?KuUZ8ItByXaGsFIFLMpmIBbtQ+L6Ap0V+HAunImFSQgEZlbz3d0wx2oc?=
=?windows-1251?Q?50Fh1Id4oYYnD+JkRErMj9SL4JXftQE54hHPcnXr0y9B273AgyObDxsy?=
=?windows-1251?Q?Rl8kMEq2r0QMfnfKrOfO6PCUkLRuXP6LRRAXyACjOZHD518hpUo/fH/O?=
=?windows-1251?Q?qlYoDfjo4LHTsBRuXUv4jT3LgxsMJt8zLr7d67W9NFW6pjcZvwTMqcZH?=
=?windows-1251?Q?f/ogVAaqfO431n+Fwh3yVCtjKkNnt0+tDMP02LIY5Ry5/kZu+g8nN2Gp?=
=?windows-1251?Q?QcZCGRLJAfP3e+628fWhEH3chdRvnxqboTi/d/1aVD8c0+Xduxw3W3WS?=
=?windows-1251?Q?uPSfeU8015riJeLsdwZb1LtRI038A75CLOU0oqcUIzDdXhBmv1nIbk5E?=
=?windows-1251?Q?Nqgg0ccAYZyOOcwz37ahZ1NYfk9Q3Cpx7sAjm935NzyXfot7?=
X-Forefront-Antispam-Report:
CIP:58.26.8.158;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:User;PTR:InfoNoRecords;CAT:OSPM;SFS:(13230016)(4636009)(136003)(376002)(346002)(39860400002)(396003)(40470700004)(36906005)(8676002)(26005)(9686003)(82310400005)(31696002)(498600001)(8936002)(41300700001)(156005)(109986005)(6666004)(32850700003)(32650700002)(3480700007)(83380400001)(336012)(81166007)(956004)(35950700001)(40460700003)(82740400003)(7366002)(70206006)(70586007)(7416002)(316002)(7406005)(7116003)(40480700001)(31686004)(2906002)(86362001)(5660300002)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: myprasarana.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2022 16:09:40.6422
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 21282ed6-f5c9-4037-ae09-08da8e8fdf84
X-MS-Exchange-CrossTenant-Id: 3cbb2ff2-27fb-4993-aecf-bf16995e64c0
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3cbb2ff2-27fb-4993-aecf-bf16995e64c0;Ip=[58.26.8.158];Helo=[mail.prasarana.com.my]
X-MS-Exchange-CrossTenant-AuthSource:
PSAAPC01FT003.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB5938
X-Spam_score: 29.1
X-Spam_score_int: 291
X-Spam_bar: +++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, Good day to you. Apparently this email will be
coming to you as a surprise since we have not met before now. My name is
Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation
[...]
Content analysis details: (29.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
0.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector
mailbox
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[reem2018[at]daum.net]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.54.178 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.54.178 listed in psbl.surriel.com]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[40.95.54.178 listed in ix.dnsbl.manitu.net]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.95.54.178 listed in wl.mailspike.net]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=APC01-SG2-obe.outbound.protection.outlook.com;ip=40.95.54.178;r=doctor.nl2k.ab.ca]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 LOTS_OF_MONEY Huge... sums of money
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 XFER_LOTSA_MONEY Transfer a lot of money
1.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
1.5 COMPENSATION "Compensation"
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
Subject: {SPAM?} Hello
Dear Friend,
Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020.
As an Arab women serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.
The amount is however, valued at Euro ?47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment.
REPLY ONLY TO reem.alhashimi@yandex.com
kind Regards,
Reem B. Al Hashimi
PO Box 899
AbuDhabi, United Arab Emirates
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments