Nigerian funds spam from Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 07 Apr 2023 13:16:09 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pkrYn-0001vu-0f
for dave@doctor.nl2k.ab.ca;
Fri, 07 Apr 2023 13:15:45 -0600
Resent-From: The Doctor
Resent-Date: Fri, 7 Apr 2023 13:15:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-co1nam11rlhn2158.outbound.protection.outlook.com ([40.95.37.158]:8096 helo=NAM11-CO1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pkmat-0004BY-0M
for doctor@nl2k.ab.ca;
Fri, 07 Apr 2023 07:57:43 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=PPqn/RS+8MncTMy5N49AFlolf4ksKcynd4OkfZUflM5QruV1QU4ffFzzge3XBpqEQkCW7pSFYD1N/BoxAcozjh/+/nAUI13c/CnT6L3xz8stC9BZy8w7IrNZUUHOsXHILmRMYnOcLQ+RcvGjmdS+uyLrkE6lJIxdMZszlawVjiX1Ke8UZ84mloQ8OrGu6jUSsHoBiRA1vJJvqcU3EMRRVcs/lOcraEpEsXxk9lQcCQXMmQ+yTkBKjED2M9Ox5fQMAjPgeJwgMjTau1TJcvRYas+NG48p9ISBoodSMmoxp1HCXjYspbsaaK3BVlRGpo7qAIf/VW8pHZchjioBBnu7ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=gFBIxZ9m6DxVKTyw0UrdXmJU5NrGQIStK7XlOELc5z4=;
b=ISsFaUm2Kv3CvKRNBNwMv5ox3edavRvlRSlkLrh44tY72bnUyaqqLrw4IQI3uzhVdkBbch+LW1Dyx9fU1GzNsS2dL4gI2OQgIP6H6juqVu+1ZDHSOl9LBtUxq5hkO9G4KfoOVffj7dQPFY44RVe9soNIm0whqWzBXuXkZ0MLI2AKh9fB2yiHLPm0yE5T7i7NZ27vbQmNmR1kx3EhSVp7nn7UntEwWCYAB4Q6uphd7EpIGwnDw4CwWvdYCKhvwTbL08XO6qdz/Nvl+Qc2Wv6XgT/bTRv9P+dAwOuzFcVp/S619uplMLOcnsb/SfYUSMUmC9iEoSoUMvxDvo7wBrN9Qg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
8.42.207.81) smtp.rcpttodomain=hotmail.com smtp.mailfrom=ari-maj.com;
dmarc=none action=none header.from=ari-maj.com; dkim=none (message not
signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=gFBIxZ9m6DxVKTyw0UrdXmJU5NrGQIStK7XlOELc5z4=;
b=NC9CWFmquSfTCT8l4HRuLQrYeBgcorCqviy0/AIBJOUbofDb+IfNUNMsGKQcEUsunPZCBE7ZI0q7INH0KPsUuvYrs8fITXJs1PB9YLA0Ozn9jGIs6VCVRDfQaZHSEt5W9av/ED6WCB0ZYj4KF+PFn0SNkLcbRfZr9eNCgodaVHs=
Received: from DM6PR12CA0002.namprd12.prod.outlook.com (2603:10b6:5:1c0::15)
by SN6PR01MB4989.prod.exchangelabs.com (2603:10b6:805:bb::27) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.26; Fri, 7 Apr 2023 13:55:28 +0000
Received: from DM6NAM12FT085.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:1c0:cafe::77) by DM6PR12CA0002.outlook.office365.com
(2603:10b6:5:1c0::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.34 via Frontend
Transport; Fri, 7 Apr 2023 13:55:28 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 8.42.207.81)
smtp.mailfrom=ari-maj.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=ari-maj.com;
Received-SPF: None (protection.outlook.com: ari-maj.com does not designate
permitted sender hosts)
Received: from mail1.jas.com (8.42.207.81) by
DM6NAM12FT085.mail.protection.outlook.com (10.13.178.94) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6298.20 via Frontend Transport; Fri, 7 Apr 2023 13:55:28 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Fri, 7 Apr 2023 09:55:04 -0400
Received: from User (45.88.66.148) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Fri, 7 Apr 2023 09:54:59 -0400
Reply-To:
From: Anthony Ray Chavis
Subject: Treat As Urgent..
Date: Fri, 7 Apr 2023 06:55:04 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <1984bca8-3b77-4ce8-8148-42cc6abc23c6@USBCDPSMBX01.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT085:EE_|SN6PR01MB4989:EE_
X-MS-Office365-Filtering-Correlation-Id: 0819dfb8-ac0f-4f03-63aa-08db376fbe94
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?juLDe2xwzUfY+xvpkjjoO23zvITj4NGN5eUh1CjevTNEI775ad/wnsCP?=
=?windows-1251?Q?IVHPRe+nsb9ajgdr/qj/2f4gOhfHlfyOjqxJTl7kfvM7T7dkU92goHUc?=
=?windows-1251?Q?bQSiwtLKjSguBSCF+ZTwP/92B7hnjpqtzH6QYltctIu/BWjJPjhfFdeS?=
=?windows-1251?Q?y8oKRxRzmME0xDS2UXFTlyELoXIQz8ZqJ5jjVmQIvy3BIHsf6wmPsmFj?=
=?windows-1251?Q?THT/M2ablY8aiuBvBuRslMkvnro74Nup9EimfoWVK77izl+FLmiOEUpI?=
=?windows-1251?Q?EC1yxr5X1IHNsl+1rocspmMdUKztd5X6eYEtjGdV6OUTqJ30Hhco0i9/?=
=?windows-1251?Q?52juz65Oy5QXssR28r4r8RA99UkSYa4xgX7DMw3IPkB+0A2Hojyx1v/f?=
=?windows-1251?Q?RJ0z7hiNMeKvvcijRbcA4O2g1Hyc5Xd5Ox9Py5lCMPhnLFoJ0WcQw6zB?=
=?windows-1251?Q?vCTiWyMh7XBpArcaiFdpERxyj1uXE8T3UEwSxVbkczIiC017GBkFeVWu?=
=?windows-1251?Q?JnP4TgT3nRPNhkVYcvTr4GbTt3p9GsksfPw+YoP8JaAWHLp8jP1zSsMq?=
=?windows-1251?Q?XmmWMV/XGUimTb9/5QwC4GXuJgGM3Jo1h9H63wHR84hXxAgdoJkB79ua?=
=?windows-1251?Q?K5AHDcPASXAp2+h/N7DxGu5LHsgi2Szuqcrg/1xGYNDLGcW7oEojtx3i?=
=?windows-1251?Q?gKXGX0wYVxCfxfgiEkB16PtfE9WFSQtUb/830sZGkfRa33zQf1aBgkrw?=
=?windows-1251?Q?6YTgkcdmoV1DL3OC9CCRn2leoeVXUBv1z2VeaeNttkgJ1oqj4MUL+gtA?=
=?windows-1251?Q?cbTS3qYHd5/EEr8yPLAaZvM4iOl6WWOa9TZ4wDJi/k11I1SVGcS56P8m?=
=?windows-1251?Q?i2C0aOHV6XbBy2g2TWlKSxPzmcCsatD5bKnPzqt3G4wOdr+r6Pja7Gjw?=
=?windows-1251?Q?muijmkTS2Pbg+BwtJO8DoH0HQZwpt0eytTLoyZXD1f3KaaS8ec9ZWpLG?=
=?windows-1251?Q?f/jYfe2ag3RL8cYp/Ffwss/PJgszPjMWivLgF/9u1fzPT94t2FgLtJ44?=
=?windows-1251?Q?mrPfl9lOiNIKCiptL6qBU1CEE5Do1o9fiI1d3X6HQWbb+HzC9WwdtmMR?=
=?windows-1251?Q?06zO+oKUn+0wK4YZwackptvwrZikM6P7f9w2oiqvTGywmymprQ5LvHBh?=
=?windows-1251?Q?qa1e5UfUNGhZfwNPfyCU36Vr9SS/xCd5?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(39860400002)(451199021)(109986019)(40470700004)(9686003)(26005)(4744005)(2906002)(6666004)(7366002)(40480700001)(41300700001)(8936002)(70206006)(70586007)(316002)(5660300002)(7406005)(7116003)(8676002)(7416002)(336012)(498600001)(2860700004)(82740400003)(956004)(81166007)(82310400005)(86362001)(40460700003)(31696002)(83380400001)(35950700001)(356005)(3480700007)(32650700002)(31686004)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2023 13:55:28.0413
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0819dfb8-ac0f-4f03-63aa-08db376fbe94
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT085.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4989
X-Spam_score: 23.6
X-Spam_score_int: 236
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DEAR RECIPIENT: I hope this email finds you well. I am writing
to enlighten you that the Board and Directors of the United Nations Compensation
Commission (UNCC) have approved your compensation and winning rites. Con
[...]
Content analysis details: (23.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[45.88.66.148 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[45.88.66.148 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.37.158 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.37.158 listed in bl.score.senderscore.com]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.37.158 listed in psbl.surriel.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-CO1-obe.outbound.protection.outlook.com;ip=40.95.37.158;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[anthonyraychavis1916(at)outlook.com]
1.5 HK_SCAM_N8 BODY: No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
2.0 HK_SCAM No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 FILL_THIS_FORM Fill in a form with personal information
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 FORM_FRAUD Fill a form and a fraud phrase
Subject: {SPAM?} Treat As Urgent..
DEAR RECIPIENT:
I hope this email finds you well. I am writing to enlighten you that the Board and Directors of the United Nations Compensation Commission (UNCC) have approved your compensation and winning rites. Congratulations!
As a recipient of this compensation and winning rites, you are required to fulfill certain requirements before the rites can be released to you. These requirements are in line with the policies and regulations of the Financial Unit
To begin the process of receiving your compensation and winning rites, kindly provide the following details:
1. Full Name:
2. Current Mailing Address:
3. Contact Telephone Number:
4. Occupation:
5. Age:
6. Nationality:
We look onward to your quick response.
Sincerely,
Anthony Ray Chavis,
Treasury Manager,
United Nation Department of Treasury.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 07 Apr 2023 13:16:09 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pkrYn-0001vu-0f
for dave@doctor.nl2k.ab.ca;
Fri, 07 Apr 2023 13:15:45 -0600
Resent-From: The Doctor
Resent-Date: Fri, 7 Apr 2023 13:15:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-co1nam11rlhn2158.outbound.protection.outlook.com ([40.95.37.158]:8096 helo=NAM11-CO1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pkmat-0004BY-0M
for doctor@nl2k.ab.ca;
Fri, 07 Apr 2023 07:57:43 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=PPqn/RS+8MncTMy5N49AFlolf4ksKcynd4OkfZUflM5QruV1QU4ffFzzge3XBpqEQkCW7pSFYD1N/BoxAcozjh/+/nAUI13c/CnT6L3xz8stC9BZy8w7IrNZUUHOsXHILmRMYnOcLQ+RcvGjmdS+uyLrkE6lJIxdMZszlawVjiX1Ke8UZ84mloQ8OrGu6jUSsHoBiRA1vJJvqcU3EMRRVcs/lOcraEpEsXxk9lQcCQXMmQ+yTkBKjED2M9Ox5fQMAjPgeJwgMjTau1TJcvRYas+NG48p9ISBoodSMmoxp1HCXjYspbsaaK3BVlRGpo7qAIf/VW8pHZchjioBBnu7ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=gFBIxZ9m6DxVKTyw0UrdXmJU5NrGQIStK7XlOELc5z4=;
b=ISsFaUm2Kv3CvKRNBNwMv5ox3edavRvlRSlkLrh44tY72bnUyaqqLrw4IQI3uzhVdkBbch+LW1Dyx9fU1GzNsS2dL4gI2OQgIP6H6juqVu+1ZDHSOl9LBtUxq5hkO9G4KfoOVffj7dQPFY44RVe9soNIm0whqWzBXuXkZ0MLI2AKh9fB2yiHLPm0yE5T7i7NZ27vbQmNmR1kx3EhSVp7nn7UntEwWCYAB4Q6uphd7EpIGwnDw4CwWvdYCKhvwTbL08XO6qdz/Nvl+Qc2Wv6XgT/bTRv9P+dAwOuzFcVp/S619uplMLOcnsb/SfYUSMUmC9iEoSoUMvxDvo7wBrN9Qg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
8.42.207.81) smtp.rcpttodomain=hotmail.com smtp.mailfrom=ari-maj.com;
dmarc=none action=none header.from=ari-maj.com; dkim=none (message not
signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=gFBIxZ9m6DxVKTyw0UrdXmJU5NrGQIStK7XlOELc5z4=;
b=NC9CWFmquSfTCT8l4HRuLQrYeBgcorCqviy0/AIBJOUbofDb+IfNUNMsGKQcEUsunPZCBE7ZI0q7INH0KPsUuvYrs8fITXJs1PB9YLA0Ozn9jGIs6VCVRDfQaZHSEt5W9av/ED6WCB0ZYj4KF+PFn0SNkLcbRfZr9eNCgodaVHs=
Received: from DM6PR12CA0002.namprd12.prod.outlook.com (2603:10b6:5:1c0::15)
by SN6PR01MB4989.prod.exchangelabs.com (2603:10b6:805:bb::27) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6277.26; Fri, 7 Apr 2023 13:55:28 +0000
Received: from DM6NAM12FT085.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:1c0:cafe::77) by DM6PR12CA0002.outlook.office365.com
(2603:10b6:5:1c0::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.34 via Frontend
Transport; Fri, 7 Apr 2023 13:55:28 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 8.42.207.81)
smtp.mailfrom=ari-maj.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=ari-maj.com;
Received-SPF: None (protection.outlook.com: ari-maj.com does not designate
permitted sender hosts)
Received: from mail1.jas.com (8.42.207.81) by
DM6NAM12FT085.mail.protection.outlook.com (10.13.178.94) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6298.20 via Frontend Transport; Fri, 7 Apr 2023 13:55:28 +0000
Received: from USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) by
USBCDPSMBX01.jas1.ds.Jas.com (172.29.10.51) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Fri, 7 Apr 2023 09:55:04 -0400
Received: from User (45.88.66.148) by USBCDPSMBX01.jas1.ds.Jas.com
(172.29.10.51) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Fri, 7 Apr 2023 09:54:59 -0400
Reply-To:
From: Anthony Ray Chavis
Subject: Treat As Urgent..
Date: Fri, 7 Apr 2023 06:55:04 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <1984bca8-3b77-4ce8-8148-42cc6abc23c6@USBCDPSMBX01.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT085:EE_|SN6PR01MB4989:EE_
X-MS-Office365-Filtering-Correlation-Id: 0819dfb8-ac0f-4f03-63aa-08db376fbe94
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?juLDe2xwzUfY+xvpkjjoO23zvITj4NGN5eUh1CjevTNEI775ad/wnsCP?=
=?windows-1251?Q?IVHPRe+nsb9ajgdr/qj/2f4gOhfHlfyOjqxJTl7kfvM7T7dkU92goHUc?=
=?windows-1251?Q?bQSiwtLKjSguBSCF+ZTwP/92B7hnjpqtzH6QYltctIu/BWjJPjhfFdeS?=
=?windows-1251?Q?y8oKRxRzmME0xDS2UXFTlyELoXIQz8ZqJ5jjVmQIvy3BIHsf6wmPsmFj?=
=?windows-1251?Q?THT/M2ablY8aiuBvBuRslMkvnro74Nup9EimfoWVK77izl+FLmiOEUpI?=
=?windows-1251?Q?EC1yxr5X1IHNsl+1rocspmMdUKztd5X6eYEtjGdV6OUTqJ30Hhco0i9/?=
=?windows-1251?Q?52juz65Oy5QXssR28r4r8RA99UkSYa4xgX7DMw3IPkB+0A2Hojyx1v/f?=
=?windows-1251?Q?RJ0z7hiNMeKvvcijRbcA4O2g1Hyc5Xd5Ox9Py5lCMPhnLFoJ0WcQw6zB?=
=?windows-1251?Q?vCTiWyMh7XBpArcaiFdpERxyj1uXE8T3UEwSxVbkczIiC017GBkFeVWu?=
=?windows-1251?Q?JnP4TgT3nRPNhkVYcvTr4GbTt3p9GsksfPw+YoP8JaAWHLp8jP1zSsMq?=
=?windows-1251?Q?XmmWMV/XGUimTb9/5QwC4GXuJgGM3Jo1h9H63wHR84hXxAgdoJkB79ua?=
=?windows-1251?Q?K5AHDcPASXAp2+h/N7DxGu5LHsgi2Szuqcrg/1xGYNDLGcW7oEojtx3i?=
=?windows-1251?Q?gKXGX0wYVxCfxfgiEkB16PtfE9WFSQtUb/830sZGkfRa33zQf1aBgkrw?=
=?windows-1251?Q?6YTgkcdmoV1DL3OC9CCRn2leoeVXUBv1z2VeaeNttkgJ1oqj4MUL+gtA?=
=?windows-1251?Q?cbTS3qYHd5/EEr8yPLAaZvM4iOl6WWOa9TZ4wDJi/k11I1SVGcS56P8m?=
=?windows-1251?Q?i2C0aOHV6XbBy2g2TWlKSxPzmcCsatD5bKnPzqt3G4wOdr+r6Pja7Gjw?=
=?windows-1251?Q?muijmkTS2Pbg+BwtJO8DoH0HQZwpt0eytTLoyZXD1f3KaaS8ec9ZWpLG?=
=?windows-1251?Q?f/jYfe2ag3RL8cYp/Ffwss/PJgszPjMWivLgF/9u1fzPT94t2FgLtJ44?=
=?windows-1251?Q?mrPfl9lOiNIKCiptL6qBU1CEE5Do1o9fiI1d3X6HQWbb+HzC9WwdtmMR?=
=?windows-1251?Q?06zO+oKUn+0wK4YZwackptvwrZikM6P7f9w2oiqvTGywmymprQ5LvHBh?=
=?windows-1251?Q?qa1e5UfUNGhZfwNPfyCU36Vr9SS/xCd5?=
X-Forefront-Antispam-Report:
CIP:8.42.207.81;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(39860400002)(451199021)(109986019)(40470700004)(9686003)(26005)(4744005)(2906002)(6666004)(7366002)(40480700001)(41300700001)(8936002)(70206006)(70586007)(316002)(5660300002)(7406005)(7116003)(8676002)(7416002)(336012)(498600001)(2860700004)(82740400003)(956004)(81166007)(82310400005)(86362001)(40460700003)(31696002)(83380400001)(35950700001)(356005)(3480700007)(32650700002)(31686004)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2023 13:55:28.0413
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0819dfb8-ac0f-4f03-63aa-08db376fbe94
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.81];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT085.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4989
X-Spam_score: 23.6
X-Spam_score_int: 236
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: DEAR RECIPIENT: I hope this email finds you well. I am writing
to enlighten you that the Board and Directors of the United Nations Compensation
Commission (UNCC) have approved your compensation and winning rites. Con
[...]
Content analysis details: (23.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[45.88.66.148 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[45.88.66.148 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.37.158 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.37.158 listed in bl.score.senderscore.com]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[40.95.37.158 listed in psbl.surriel.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-CO1-obe.outbound.protection.outlook.com;ip=40.95.37.158;r=doctor.nl2k.ab.ca]
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[anthonyraychavis1916(at)outlook.com]
1.5 HK_SCAM_N8 BODY: No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
1.3 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
2.0 HK_SCAM No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 FILL_THIS_FORM Fill in a form with personal information
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 FORM_FRAUD Fill a form and a fraud phrase
Subject: {SPAM?} Treat As Urgent..
DEAR RECIPIENT:
I hope this email finds you well. I am writing to enlighten you that the Board and Directors of the United Nations Compensation Commission (UNCC) have approved your compensation and winning rites. Congratulations!
As a recipient of this compensation and winning rites, you are required to fulfill certain requirements before the rites can be released to you. These requirements are in line with the policies and regulations of the Financial Unit
To begin the process of receiving your compensation and winning rites, kindly provide the following details:
1. Full Name:
2. Current Mailing Address:
3. Contact Telephone Number:
4. Occupation:
5. Age:
6. Nationality:
We look onward to your quick response.
Sincerely,
Anthony Ray Chavis,
Treasury Manager,
United Nation Department of Treasury.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments