Nigerian Beneficiary spam from Hotmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Mar 2023 10:31:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pgpk4-000Fvu-0K
for dave@doctor.nl2k.ab.ca;
Mon, 27 Mar 2023 10:30:44 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Mar 2023 10:30:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn8nam11rlhn2140.outbound.protection.outlook.com ([40.95.36.140]:26932 helo=NAM11-BN8-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pgpaB-000FKo-0t
for doctor@doctor.nl2k.ab.ca;
Mon, 27 Mar 2023 10:20:39 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=W/cZbnIShvs94Z+pGtoTLWSwRFlFx0C6atghIor4Iw5Uy93pdOfI24NrqNW6swNKMN2aTRBvKbikQbO2pVbLzVC/AydwuWsepfdYZIxRkltKjjm5Fx9k7t71ic+bG+H9ivNG6am7+539w55ADGBpjcEgNF1Cc7WJLLuV1RUONAJYtzonu/DiiKpgPaifM4P4O4Km/bIvJyQ5jT/ZKRig4BkvaAKlteq51nUkkvNdHftTRzBnwymzQtkvAq/u0c6wBDoEKmYLQJlBwIh1ezOTrU8HFGIKjNz+x2u1n1cohl4KycVBFlLaUcAgXHEpSoVF9LHW8+no/fmyMBHPDfvpEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=789dYlevivqsOU6Ejuhs9d5cpYe+OjNRKQc47MUbiHU=;
b=MBvNX/6sqPftFSZy4DMj+2ZSV2sjYMosKQNxJVTvuNyE045arZ1D7EPrUk6oKCf+H3fmFP4M0j79EymdBEJG56jLwyVORDtn2Kzg6DUC91KA1rVP5kPjP8mfYNVx9aYvKq39ifY2r3Kqj1bvKQ0JccHLtyqtmuBEh1psN+CVN0KX+s+WpFdK14epkhxu0r0hJtfyz88Si+uxQtQgbMr4ujVRsjIatjc+qnclXPxtfkkrxYKKujMhCVdhrM/w+psn0LXoxWVQwCNmVJcXh/5tW5BXTsx8LDg563i51QeMraIRmsORvJek0rbAUQsmUFdcC7hylKWS5RN+zMfCByofKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
8.42.207.81) smtp.rcpttodomain=bosheng.net smtp.mailfrom=kimo.com.tw;
dmarc=fail (p=reject sp=reject pct=100) action=oreject
header.from=kimo.com.tw; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=789dYlevivqsOU6Ejuhs9d5cpYe+OjNRKQc47MUbiHU=;
b=DJx5nI76kHr3uYMV8f6lYrDS4NTienaqhjZ1LSUcT4p7HhIYVmRWgcw0/PO24wzcTZYdzPwJFkavQsYldsfEgJ5sb9pS3NtaLqzzGJN1MCQ2u96mhniObfbhIZMotsqoqDTaYsanduYZd6K7M1WPG31UumQYXhplvZO5zhLvIzg=
Received: from DM6PR06CA0067.namprd06.prod.outlook.com (2603:10b6:5:54::44) by
DM6PR01MB5913.prod.exchangelabs.com (2603:10b6:5:1db::29) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6254.16; Mon, 27 Mar 2023 16:18:23 +0000
Received: from DM6NAM12FT087.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:54:cafe::bf) by DM6PR06CA0067.outlook.office365.com
(2603:10b6:5:54::44) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.42 via Frontend
Transport; Mon, 27 Mar 2023 16:18:21 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 8.42.207.81)
smtp.mailfrom=kimo.com.tw; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=kimo.com.tw;
Received-SPF: None (protection.outlook.com: kimo.com.tw does not designate
permitted sender hosts)
Received: from mail1.jas.com (8.42.207.81) by
DM6NAM12FT087.mail.protection.outlook.com (10.13.179.155) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6254.9 via Frontend Transport; Mon, 27 Mar 2023 16:18:21 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Mon, 27 Mar 2023 12:17:57 -0400
Received: from User (147.78.103.204) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Mon, 27 Mar 2023 12:17:51 -0400
Reply-To:
From: "Mr. Williams Townsend"
Subject: I am Willam Townsend
Date: Mon, 27 Mar 2023 09:17:57 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <1668b5a9-2c07-43f3-bdd4-21f007324f8f@USBCDPSMBX01.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT087:EE_|DM6PR01MB5913:EE_
X-MS-Office365-Filtering-Correlation-Id: a29dca16-28b0-4cc5-5681-08db2edee23f
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?l/M9BYAmw2hRI2a9ySz30qcpaEA+i1fYOfNO47QrWGE8KlWi2mb+6aTJ?=
=?windows-1251?Q?wenFHW5PM4bZGlyoUu8y0FZNbWETW5O4fQa9591KwxMT7LtqS9cbsJWB?=
=?windows-1251?Q?rlCnZtO6cOLBrqvBXDVIoss1VIsYv7bF9p74zKC+jkdvrTiDkxT25ww6?=
=?windows-1251?Q?Mrzfyn9lTEFIehhKf8mYM72dUNG8IR8OtTvIE8Q0USKKIqJJCETXDtqu?=
=?windows-1251?Q?5GUejI96sRTmFM+UQWA861RwE2FFsR1AMu3BG8PY/tKACwfHRk0TGNkl?=
=?windows-1251?Q?3RN5YZZmVOzN7LDd+gEb/9fqIr/MLclkfYe91EgFwWmw/x6fSyG6LZ2I?=
=?windows-1251?Q?8hDAFrsUb4k+HyIEsuxMZnDCHEYOXaNPtQzuRMAS5wS7gsaCQbaTf9yo?=
=?windows-1251?Q?BSzuqmUEA6qy2uYPTAMINz/uKiJTeKws13SArEEU7IQIH82G8V1ofX+f?=
=?windows-1251?Q?/mVP3ngL0Po3GrfnTtBBf+xeoJcCP+iGzQ9C6ik1m7D2VGKF5YvOeJam?=
=?windows-1251?Q?4HT6SoR+EEb8k2UUJ08mxTJE/cD0a6OU7psyhQCF/d6xMno9XPHLQgli?=
=?windows-1251?Q?cEeXmtu3KCvVjGfNCrEZbdzwFMrvu4KYyAlSwY8Y4Hqr+4QQNKsVytIM?=
=?windows-1251?Q?r1NkNhZLgZC00DPiiu/rm7RtGi2Y7JCz3NE372SEzt/EzxMhH9GxM94A?=
=?windows-1251?Q?9D5Da88UQSouwy8viQeIvWw/vUoRJTSgAMiOiDBJGlh2SpnY8b/ihr/0?=
=?windows-1251?Q?vYdBJa9YzjvlcRfrwPx/RnPxA6lYf3y64El/mv7hGIMWs1a/i4BzBiMN?=
=?windows-1251?Q?DVl3sAYvPMX0r+HkK7HuzaX3Y1y53bYNXxmWcCt5MSA1V3tC+tn+KAXT?=
=?windows-1251?Q?rCuZ9VkdBca7aEO4rFJxpS1iTETT6xiu08FD8XTmMMvy3v07kfZdKKaa?=
=?windows-1251?Q?R+Xu5NL90ixnA6GJmFDDACY/rkanBZkJI3EQzT0JCcEYdBQVwgrOExEl?=
=?windows-1251?Q?vAY4YPljGIIoE8tMeQ7Gs3ICAI4vUWGSTcLMMnZ+FT48WrcWqGysOxQN?=
=?windows-1251?Q?MejZ3cqAFav7ikvhAaVF4wVkpfX238d2rCX5ZR3uOhaYFCgZ3E0/+HQz?=
=?windows-1251?Q?AwcJqECovBtvbOG+3OF8Pxmk4QQ4zlPngWq96tB25eCcX+D6BPL3KS8j?=
=?windows-1251?Q?F2EiQMyH/LBAu+RW7zVAuK9T1FFemMK3?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(39860400002)(376002)(346002)(396003)(136003)(451199021)(109986019)(46966006)(40470700004)(316002)(2860700004)(40460700003)(3480700007)(498600001)(356005)(81166007)(82740400003)(8936002)(5660300002)(31696002)(82310400005)(86362001)(7406005)(7416002)(7366002)(2906002)(8676002)(70206006)(70586007)(41300700001)(40480700001)(4743002)(35950700001)(26005)(9686003)(336012)(83380400001)(31686004)(47076005)(956004)(66899021)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2023 16:18:21.5695
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a29dca16-28b0-4cc5-5681-08db2edee23f
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT087.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB5913
X-Spam_score: 21.9
X-Spam_score_int: 219
X-Spam_bar: +++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Senior Officer at Los Angeles International Airport (CA) California,
USA Hello Good Friend First and foremost, I am sorry for reaching out to
you with this medium.
Content analysis details: (21.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[147.78.103.204 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[147.78.103.204 listed in zen.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.95.36.140 listed in list.dnswl.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-BN8-obe.outbound.protection.outlook.com;ip=40.95.36.140;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[godsspower002(at)outlook.com]
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_HK_NAME_MR_MRS No description available.
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_MONEY_PERCENT X% of a lot of money for you
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} I am Willam Townsend
Senior Officer at Los Angeles International Airport
(CA) California, USA
Hello Good Friend
First and foremost, I am sorry for reaching out to you with this medium.
However, I am Willam Townsend by name. A senior officer at Los Angeles International Airport (CA) California. USA
I am contacting you about an abandoned diplomatic consignment box the x-ray scan report revealed an undisclosed sum of money in a metal trunk box approximately 12.5 million dollars. and the box indicates your contact email address the consignment was abandoned because the Contents of the consignment were not properly declared by the consignee as “MONEY” rather it was declared as a personal effect to avoid interrogation. meanwhile, The Diplomat was in transit to your location 3 weeks before the coronavirus pandemic crisis that shook the world started. The Diplomat fails to pay for the United States Non-Inspection and airport clearance fee to the US Customs border and protection he abandoned the consignment and left without notifying the authority anything of his arrival for declaration of clearance. To confirm you as the authentic beneficiary, do send me your full name, your home address, your mobile
Furthermore, I have taken it upon myself to contact you personally about this abandoned box so that we can transact this as a deal and share the total money 70% for you and 30% for me. My primary purpose for contacting you The U.S. Customs Border and Protection is on clearance for the year 2022 for some abandoned beneficiaries' consignments to be listed among the list of consignment boxes that will be confiscated and get transferred to the US Treasury storage facility for the year 2023.
However, I want both of us to transact this as a deal all I want is your trust as the arrangement for the box to be delivered to you which can be concluded within 1-2 working days after confirmation is made and upon your acceptance and willingness to co-operate.
I will appreciate it if we can keep this deal confidential. Please get back to me via this email for further directives: You can not call me on my telephone number, for now, to avoid the authorities raising their eyebrows at me. Please send your response to my private
Thank you.
Mr. Williams Townsend
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Mar 2023 10:31:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pgpk4-000Fvu-0K
for dave@doctor.nl2k.ab.ca;
Mon, 27 Mar 2023 10:30:44 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Mar 2023 10:30:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn8nam11rlhn2140.outbound.protection.outlook.com ([40.95.36.140]:26932 helo=NAM11-BN8-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pgpaB-000FKo-0t
for doctor@doctor.nl2k.ab.ca;
Mon, 27 Mar 2023 10:20:39 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=W/cZbnIShvs94Z+pGtoTLWSwRFlFx0C6atghIor4Iw5Uy93pdOfI24NrqNW6swNKMN2aTRBvKbikQbO2pVbLzVC/AydwuWsepfdYZIxRkltKjjm5Fx9k7t71ic+bG+H9ivNG6am7+539w55ADGBpjcEgNF1Cc7WJLLuV1RUONAJYtzonu/DiiKpgPaifM4P4O4Km/bIvJyQ5jT/ZKRig4BkvaAKlteq51nUkkvNdHftTRzBnwymzQtkvAq/u0c6wBDoEKmYLQJlBwIh1ezOTrU8HFGIKjNz+x2u1n1cohl4KycVBFlLaUcAgXHEpSoVF9LHW8+no/fmyMBHPDfvpEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=789dYlevivqsOU6Ejuhs9d5cpYe+OjNRKQc47MUbiHU=;
b=MBvNX/6sqPftFSZy4DMj+2ZSV2sjYMosKQNxJVTvuNyE045arZ1D7EPrUk6oKCf+H3fmFP4M0j79EymdBEJG56jLwyVORDtn2Kzg6DUC91KA1rVP5kPjP8mfYNVx9aYvKq39ifY2r3Kqj1bvKQ0JccHLtyqtmuBEh1psN+CVN0KX+s+WpFdK14epkhxu0r0hJtfyz88Si+uxQtQgbMr4ujVRsjIatjc+qnclXPxtfkkrxYKKujMhCVdhrM/w+psn0LXoxWVQwCNmVJcXh/5tW5BXTsx8LDg563i51QeMraIRmsORvJek0rbAUQsmUFdcC7hylKWS5RN+zMfCByofKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
8.42.207.81) smtp.rcpttodomain=bosheng.net smtp.mailfrom=kimo.com.tw;
dmarc=fail (p=reject sp=reject pct=100) action=oreject
header.from=kimo.com.tw; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=789dYlevivqsOU6Ejuhs9d5cpYe+OjNRKQc47MUbiHU=;
b=DJx5nI76kHr3uYMV8f6lYrDS4NTienaqhjZ1LSUcT4p7HhIYVmRWgcw0/PO24wzcTZYdzPwJFkavQsYldsfEgJ5sb9pS3NtaLqzzGJN1MCQ2u96mhniObfbhIZMotsqoqDTaYsanduYZd6K7M1WPG31UumQYXhplvZO5zhLvIzg=
Received: from DM6PR06CA0067.namprd06.prod.outlook.com (2603:10b6:5:54::44) by
DM6PR01MB5913.prod.exchangelabs.com (2603:10b6:5:1db::29) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6254.16; Mon, 27 Mar 2023 16:18:23 +0000
Received: from DM6NAM12FT087.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:54:cafe::bf) by DM6PR06CA0067.outlook.office365.com
(2603:10b6:5:54::44) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.42 via Frontend
Transport; Mon, 27 Mar 2023 16:18:21 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 8.42.207.81)
smtp.mailfrom=kimo.com.tw; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=kimo.com.tw;
Received-SPF: None (protection.outlook.com: kimo.com.tw does not designate
permitted sender hosts)
Received: from mail1.jas.com (8.42.207.81) by
DM6NAM12FT087.mail.protection.outlook.com (10.13.179.155) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6254.9 via Frontend Transport; Mon, 27 Mar 2023 16:18:21 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Mon, 27 Mar 2023 12:17:57 -0400
Received: from User (147.78.103.204) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Mon, 27 Mar 2023 12:17:51 -0400
Reply-To:
From: "Mr. Williams Townsend"
Subject: I am Willam Townsend
Date: Mon, 27 Mar 2023 09:17:57 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <1668b5a9-2c07-43f3-bdd4-21f007324f8f@USBCDPSMBX01.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT087:EE_|DM6PR01MB5913:EE_
X-MS-Office365-Filtering-Correlation-Id: a29dca16-28b0-4cc5-5681-08db2edee23f
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?l/M9BYAmw2hRI2a9ySz30qcpaEA+i1fYOfNO47QrWGE8KlWi2mb+6aTJ?=
=?windows-1251?Q?wenFHW5PM4bZGlyoUu8y0FZNbWETW5O4fQa9591KwxMT7LtqS9cbsJWB?=
=?windows-1251?Q?rlCnZtO6cOLBrqvBXDVIoss1VIsYv7bF9p74zKC+jkdvrTiDkxT25ww6?=
=?windows-1251?Q?Mrzfyn9lTEFIehhKf8mYM72dUNG8IR8OtTvIE8Q0USKKIqJJCETXDtqu?=
=?windows-1251?Q?5GUejI96sRTmFM+UQWA861RwE2FFsR1AMu3BG8PY/tKACwfHRk0TGNkl?=
=?windows-1251?Q?3RN5YZZmVOzN7LDd+gEb/9fqIr/MLclkfYe91EgFwWmw/x6fSyG6LZ2I?=
=?windows-1251?Q?8hDAFrsUb4k+HyIEsuxMZnDCHEYOXaNPtQzuRMAS5wS7gsaCQbaTf9yo?=
=?windows-1251?Q?BSzuqmUEA6qy2uYPTAMINz/uKiJTeKws13SArEEU7IQIH82G8V1ofX+f?=
=?windows-1251?Q?/mVP3ngL0Po3GrfnTtBBf+xeoJcCP+iGzQ9C6ik1m7D2VGKF5YvOeJam?=
=?windows-1251?Q?4HT6SoR+EEb8k2UUJ08mxTJE/cD0a6OU7psyhQCF/d6xMno9XPHLQgli?=
=?windows-1251?Q?cEeXmtu3KCvVjGfNCrEZbdzwFMrvu4KYyAlSwY8Y4Hqr+4QQNKsVytIM?=
=?windows-1251?Q?r1NkNhZLgZC00DPiiu/rm7RtGi2Y7JCz3NE372SEzt/EzxMhH9GxM94A?=
=?windows-1251?Q?9D5Da88UQSouwy8viQeIvWw/vUoRJTSgAMiOiDBJGlh2SpnY8b/ihr/0?=
=?windows-1251?Q?vYdBJa9YzjvlcRfrwPx/RnPxA6lYf3y64El/mv7hGIMWs1a/i4BzBiMN?=
=?windows-1251?Q?DVl3sAYvPMX0r+HkK7HuzaX3Y1y53bYNXxmWcCt5MSA1V3tC+tn+KAXT?=
=?windows-1251?Q?rCuZ9VkdBca7aEO4rFJxpS1iTETT6xiu08FD8XTmMMvy3v07kfZdKKaa?=
=?windows-1251?Q?R+Xu5NL90ixnA6GJmFDDACY/rkanBZkJI3EQzT0JCcEYdBQVwgrOExEl?=
=?windows-1251?Q?vAY4YPljGIIoE8tMeQ7Gs3ICAI4vUWGSTcLMMnZ+FT48WrcWqGysOxQN?=
=?windows-1251?Q?MejZ3cqAFav7ikvhAaVF4wVkpfX238d2rCX5ZR3uOhaYFCgZ3E0/+HQz?=
=?windows-1251?Q?AwcJqECovBtvbOG+3OF8Pxmk4QQ4zlPngWq96tB25eCcX+D6BPL3KS8j?=
=?windows-1251?Q?F2EiQMyH/LBAu+RW7zVAuK9T1FFemMK3?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(39860400002)(376002)(346002)(396003)(136003)(451199021)(109986019)(46966006)(40470700004)(316002)(2860700004)(40460700003)(3480700007)(498600001)(356005)(81166007)(82740400003)(8936002)(5660300002)(31696002)(82310400005)(86362001)(7406005)(7416002)(7366002)(2906002)(8676002)(70206006)(70586007)(41300700001)(40480700001)(4743002)(35950700001)(26005)(9686003)(336012)(83380400001)(31686004)(47076005)(956004)(66899021)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2023 16:18:21.5695
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a29dca16-28b0-4cc5-5681-08db2edee23f
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT087.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB5913
X-Spam_score: 21.9
X-Spam_score_int: 219
X-Spam_bar: +++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Senior Officer at Los Angeles International Airport (CA) California,
USA Hello Good Friend First and foremost, I am sorry for reaching out to
you with this medium.
Content analysis details: (21.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[147.78.103.204 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[147.78.103.204 listed in zen.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.95.36.140 listed in list.dnswl.org]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-BN8-obe.outbound.protection.outlook.com;ip=40.95.36.140;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[godsspower002(at)outlook.com]
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_HK_NAME_MR_MRS No description available.
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_MONEY_PERCENT X% of a lot of money for you
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} I am Willam Townsend
Senior Officer at Los Angeles International Airport
(CA) California, USA
Hello Good Friend
First and foremost, I am sorry for reaching out to you with this medium.
However, I am Willam Townsend by name. A senior officer at Los Angeles International Airport (CA) California. USA
I am contacting you about an abandoned diplomatic consignment box the x-ray scan report revealed an undisclosed sum of money in a metal trunk box approximately 12.5 million dollars. and the box indicates your contact email address the consignment was abandoned because the Contents of the consignment were not properly declared by the consignee as “MONEY” rather it was declared as a personal effect to avoid interrogation. meanwhile, The Diplomat was in transit to your location 3 weeks before the coronavirus pandemic crisis that shook the world started. The Diplomat fails to pay for the United States Non-Inspection and airport clearance fee to the US Customs border and protection he abandoned the consignment and left without notifying the authority anything of his arrival for declaration of clearance. To confirm you as the authentic beneficiary, do send me your full name, your home address, your mobile
Furthermore, I have taken it upon myself to contact you personally about this abandoned box so that we can transact this as a deal and share the total money 70% for you and 30% for me. My primary purpose for contacting you The U.S. Customs Border and Protection is on clearance for the year 2022 for some abandoned beneficiaries' consignments to be listed among the list of consignment boxes that will be confiscated and get transferred to the US Treasury storage facility for the year 2023.
However, I want both of us to transact this as a deal all I want is your trust as the arrangement for the box to be delivered to you which can be concluded within 1-2 working days after confirmation is made and upon your acceptance and willingness to co-operate.
I will appreciate it if we can keep this deal confidential. Please get back to me via this email for further directives: You can not call me on my telephone number, for now, to avoid the authorities raising their eyebrows at me. Please send your response to my private
Thank you.
Mr. Williams Townsend
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments