Nigerian spam from outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 13 Jun 2023 08:29:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1q950z-00049R-1s
for dave@doctor.nl2k.ab.ca;
Tue, 13 Jun 2023 08:28:57 -0600
Resent-From: The Doctor
Resent-Date: Tue, 13 Jun 2023 08:28:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ct2zaf01hn2241.outbound.protection.outlook.com ([52.100.180.241]:28139 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1q94u1-0002RQ-0b
for root@nk.ca;
Tue, 13 Jun 2023 08:21:50 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=jH7e62unarJAwstf3yUGhvHu2IPjg1IkjFmGFFnZi2dat7aBnz1nfN4VhSXryjQVy67/qXToZP/PMXy0wZZlrtxkwper2ZKqMTztKx2/+7dV2kL6eoirBPjFXm+fbjU7YO229SsxEeynXWx1IXcqNjcOp1w6Mfxx3RG/PMVzlaAWY+SKA0JGkWngNPy2XuSQ0VmeLzeZECMY6t2KJuBrsM9lTSgkN2ltDAuKvw83s6Xu/YKIBsNwco5pY+PjVFjbvfVEMqTuqkvv8Ypzkx3r5fgaQqsFk/HdlQeil9T78BE8jfkILX4CeRgAlr2gwKOEHUCVQleankf1vKJ3jHRGZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=TeYa6dO3SrQ2pn8tlNffCTr0EJEceD8wDfEBbnf2HPw=;
b=WwxRth5qUHRKmOVG3q1bsWLrYCRDttjGZKAA4rimM5XpQyRnQR8PmwOA7GYNc/eJzximIekaF9J6toRE40m2qrLS1KJl97BfS1pZ8nX7XlBp5xiSSS9G4LCVobcUIlskHAELbkOU+YdMQSAZkmlP4sPvG7QaEJ7ugoJbOGls4zk519w/G/zLYIB0KpjAKmS3Kv6wXMidPwoZw+l+xoMw/7MexuWrqeiWUxUgWBDNuacvFtAZDpa6ru3pj1XqKsQA8/tr0iXUt/zUogZHIVZszCBtnODV+U4jfoAFWxUxrZxzTelI3kHvonpXnIVl4BVXSAnuaPJOygvfaabfRcC61Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
196.37.118.239) smtp.rcpttodomain=hotmail.com smtp.mailfrom=anztravel.com.ar;
dmarc=fail (p=none sp=none pct=100) action=none header.from=anztravel.com.ar;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mutualandfederal.onmicrosoft.com;
s=selector1-mutualandfederal-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=TeYa6dO3SrQ2pn8tlNffCTr0EJEceD8wDfEBbnf2HPw=;
b=NF+y0cwKbut3TCvuewUCdmZsb4Yz6y9ioDJf2K2xyUeudsZbjfXBkCmFcwKbrF93N/6TW+7PlnZ5/jm3zc2gA2aiKjlTsaqT6zI0eamDy2EDC8PZ5/KRtNCS8cl4YJG/6SNoHjptudRkcYeyMUMLNGrvir3gYR+sJEztEBpmb8szAcQZY//sTNTDZnonxKuzAXq225zFvphoqM2Vl6awWMweg8PYyVT3F6oKijeZ+BYp3idwvWYtqIesPBFZYH448qXa4et3ig3KcFZAoEy5EL9ekXeeRHUNEwRQ5mY1mIQhDLUuWpipm1mUaYoZPFDKSaN/r55aotjFyWGbkGQElg==
Received: from GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) by
CT2P275MB0675.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:15::6) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6477.29; Tue, 13 Jun 2023 14:19:34 +0000
Received: from HE1EUR01FT027.eop-EUR01.prod.protection.outlook.com
(2603:10a6:150:a:cafe::a) by GV3P280CA0085.outlook.office365.com
(2603:10a6:150:a::8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.35 via Frontend
Transport; Tue, 13 Jun 2023 14:19:34 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 196.37.118.239)
smtp.mailfrom=anztravel.com.ar; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=anztravel.com.ar;
Received-SPF: Fail (protection.outlook.com: domain of anztravel.com.ar does
not designate 196.37.118.239 as permitted sender)
receiver=protection.outlook.com; client-ip=196.37.118.239;
helo=mail.ominsure.co.za;
Received: from mail.ominsure.co.za (196.37.118.239) by
HE1EUR01FT027.mail.protection.outlook.com (10.152.0.161) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6500.23 via Frontend Transport; Tue, 13 Jun 2023 14:19:33 +0000
Received: from OMIPRIETS01AP.mufep.net (10.91.31.35) by
OMIPRIETN01AP.mufep.net (10.91.31.36) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.2.1258.12; Tue, 13 Jun 2023 13:55:59 +0200
Received: from OMIPRIETN01AP.mufep.net (10.91.31.36) by
OMIPRIETS01AP.mufep.net (10.91.31.35) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.23; Tue, 13 Jun 2023 13:55:55 +0200
Received: from User (86.38.225.240) by OMIPRIETN01AP.mufep.net (10.91.31.36)
with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 13
Jun 2023 13:55:40 +0200
Reply-To:
From: "DR BROWN PETERS, Director UN DEBT RECONCILIATION"
Subject: THE IMMEDIATE RELEASE OF YOUR PAYMENT OF USD5.5MILLION
Date: Tue, 13 Jun 2023 04:55:54 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: HE1EUR01FT027:EE_|CT2P275MB0675:EE_
X-MS-Office365-Filtering-Correlation-Id: db547958-f2f7-42a8-54c1-08db6c193612
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?txGll3Pfegy0DfOC3uzP6Smyryh9syp/+sPfgfCETuH9BRfg2oU0gRJe?=
=?windows-1251?Q?LEWMCE4Qdy4hUXHr9rM3RlXTvV7FOWyAd6Yjw9xDEJVearup8eMp7Fg1?=
=?windows-1251?Q?ealqc1rOgfAyFpBqPaGIZxD62rtivy9JHCw+i+2M586d1DzSNVGacBSK?=
=?windows-1251?Q?dWYZMHfWr+QrtxAq9EHwon+htxyQMAmur6m1HohvFcAAsv/7Yr4763aP?=
=?windows-1251?Q?7HxaaaHGn+lDJ7QWuOw+pxHUwKWhGmnBVDBnZq2tosThND0kcFzoNsEv?=
=?windows-1251?Q?5kDiH0SJFDgAD6vDKJ13IophDkEr81BXhPn8oUzHTpGGOkWBaWsdOcuo?=
=?windows-1251?Q?l60uXMbbuQugtixGbBqD4tc3J6wk44Oeixsxp3BsVWWlaFz8tYz5Fsqc?=
=?windows-1251?Q?AEDIlsnVND7hvaFPThJGQ/8hIaCi5uOMFNDtolxy6iPzAD+/3o5ZfeA+?=
=?windows-1251?Q?VrfvcynA0vwbXy4gbVaInUWR1klOC/t41faFKNtI3fsBdCgfxDC10Kgt?=
=?windows-1251?Q?FoIiR4DyD+1HDF5o+W2RQD7VHURzP+Q7x0ev7pwE1YjBESN0W3R6P+2a?=
=?windows-1251?Q?Z4RfBOQ5HH6s0e6q460S2nbnp7DAGV6GN8r5A7Ve8BCd70o2RCMizNT5?=
=?windows-1251?Q?gwXi4+niGta35UkqFc0hT7yRClSUf3OaL6mTzVXtAk+VDLW6F6JehO6y?=
=?windows-1251?Q?X/SJA/g6xKirVKmv8m/a1ZhdDmD0Aj49OF9vGrvCgw/K+LkZsCCWU74j?=
=?windows-1251?Q?6TfogtLKDLdeBirIWcw9e/7ao+OhWcms/hL3bqQn8zPyRTWqXGnZmhhl?=
=?windows-1251?Q?s1MRs6ZFmmPOcFA9DZ0GUYp1s2PMu8K1PobuDKRxQiPr+9EQ4klqZdPk?=
=?windows-1251?Q?zSrhbe8WPx2x0ft2AP/8itNZPWdHs9Cgh5hgSzDHdYcNSIpEeAF0/HvX?=
=?windows-1251?Q?eGAIsud/ZL+CjGk+g6BNcxx8h6y0pIxuuRmLhwWsLaO3zkZiSJXNHjWo?=
=?windows-1251?Q?nQ41fXNEjFT91PQnaVK9PopwtmxN2XZ6BWz5aZgYtuIAJ57SRWsSKZ/4?=
=?windows-1251?Q?oWXuAZAXFbqf+O4IDEgnJzyxklkdwa8rnCJrYlSewmlxDSZvnKvdGfXr?=
=?windows-1251?Q?dhr5k0h177iIt7cpdbf2EwwyAuiWpFQgoLPyteifcIOAky1HPletIJ/2?=
=?windows-1251?Q?/G5BW1Y5VFI9L6sVui/18w2VbMW99hYe4cQhTYupFwZaM6kf4WobBnXN?=
=?windows-1251?Q?8pXsqDGYu5HX4PHAoY4=3D?=
X-Forefront-Antispam-Report:
CIP:196.37.118.239;CTRY:ZA;LANG:en;SCL:5;SRV:;IPV:CAL;SFV:SPM;H:mail.ominsure.co.za;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(39860400002)(346002)(136003)(376002)(396003)(109986019)(451199021)(40470700004)(70206006)(70586007)(2860700004)(5660300002)(8676002)(8936002)(6666004)(508600001)(31686004)(316002)(40460700003)(336012)(41300700001)(82740400003)(356005)(81166007)(40480700001)(83380400001)(7416002)(86362001)(956004)(7366002)(2906002)(7406005)(26005)(82310400005)(35950700001)(9686003)(31696002)(5001810100001)(32650700002)(15650500001)(2700400008);DIR:OUT;SFP:1501;
X-OriginatorOrg: mf.co.za
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jun 2023 14:19:33.5991
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: db547958-f2f7-42a8-54c1-08db6c193612
X-MS-Exchange-CrossTenant-Id: 9cea85f3-a573-4c2a-8071-9288b3c683b5
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9cea85f3-a573-4c2a-8071-9288b3c683b5;Ip=[196.37.118.239];Helo=[mail.ominsure.co.za]
X-MS-Exchange-CrossTenant-AuthSource:
HE1EUR01FT027.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CT2P275MB0675
X-Spam_score: 23.2
X-Spam_score_int: 232
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attn; Sir, You are receiving this notification because your
name was among the list of beneficiary listed for compensation payment due
to your inability to receive your approved contract/Winning payment. In this
[...]
Content analysis details: (23.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.100.180.241 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[jerrycole451(at)aol.com]
3.6 NA_DOLLARS BODY: Talks about a million North American dollars
1.1 MILLION_HUNDRED BODY: Million "One to Nine" Hundred
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_HK_NAME_DR No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.0 XPRIO Has X-Priority header
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.5 MONEY_ATM_CARD Lots of money on an ATM card
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} THE IMMEDIATE RELEASE OF YOUR PAYMENT OF USD5.5MILLION
X-Antivirus: AVG (VPS 230613-2, 6/13/2023), Inbound message
X-Antivirus-Status: Clean
Attn; Sir,
You are receiving this notification because your name was among the
list of beneficiary listed for compensation payment due to your
inability to receive your approved contract/Winning payment. In this regard
the sum of USD5.5M Five million five hundred Thousand US Dollars only]
has been approved in your favor and your fund has been programmed to
be paid you via ATM CARD delivery to your address to avoid much tax. It has
been packaged in a parcel and registered UN Diplomatic Courier which will deliver your
ATM CARD to your address. You are requested to contact my
secretary and forward all your details to him to enable him submit it
to the delivery company for immediate delivery of your package to your
address as am now in Madrid Spain for a UN Project. YOU CAN REACH MY
SECRETARY WITH BELOW DETAILS
JERRY COLE
EMAIL; jerrycole0112@gmail.com
Forward your the below derails to him
YOUR FULL NAME====
HOME ADDRESS====
CELL PHONE=====
Once he confirm the receipt of the above your package will be
sent.Immediately you receive it and confirm your fund endeavor to
inform me. HAVE A NICE DAY
Regards
DR BROWN PETERS Director UN DEBT RECONCILIATION
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 13 Jun 2023 08:29:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1q950z-00049R-1s
for dave@doctor.nl2k.ab.ca;
Tue, 13 Jun 2023 08:28:57 -0600
Resent-From: The Doctor
Resent-Date: Tue, 13 Jun 2023 08:28:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ct2zaf01hn2241.outbound.protection.outlook.com ([52.100.180.241]:28139 helo=ZAF01-CT2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from
id 1q94u1-0002RQ-0b
for root@nk.ca;
Tue, 13 Jun 2023 08:21:50 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=jH7e62unarJAwstf3yUGhvHu2IPjg1IkjFmGFFnZi2dat7aBnz1nfN4VhSXryjQVy67/qXToZP/PMXy0wZZlrtxkwper2ZKqMTztKx2/+7dV2kL6eoirBPjFXm+fbjU7YO229SsxEeynXWx1IXcqNjcOp1w6Mfxx3RG/PMVzlaAWY+SKA0JGkWngNPy2XuSQ0VmeLzeZECMY6t2KJuBrsM9lTSgkN2ltDAuKvw83s6Xu/YKIBsNwco5pY+PjVFjbvfVEMqTuqkvv8Ypzkx3r5fgaQqsFk/HdlQeil9T78BE8jfkILX4CeRgAlr2gwKOEHUCVQleankf1vKJ3jHRGZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=TeYa6dO3SrQ2pn8tlNffCTr0EJEceD8wDfEBbnf2HPw=;
b=WwxRth5qUHRKmOVG3q1bsWLrYCRDttjGZKAA4rimM5XpQyRnQR8PmwOA7GYNc/eJzximIekaF9J6toRE40m2qrLS1KJl97BfS1pZ8nX7XlBp5xiSSS9G4LCVobcUIlskHAELbkOU+YdMQSAZkmlP4sPvG7QaEJ7ugoJbOGls4zk519w/G/zLYIB0KpjAKmS3Kv6wXMidPwoZw+l+xoMw/7MexuWrqeiWUxUgWBDNuacvFtAZDpa6ru3pj1XqKsQA8/tr0iXUt/zUogZHIVZszCBtnODV+U4jfoAFWxUxrZxzTelI3kHvonpXnIVl4BVXSAnuaPJOygvfaabfRcC61Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
196.37.118.239) smtp.rcpttodomain=hotmail.com smtp.mailfrom=anztravel.com.ar;
dmarc=fail (p=none sp=none pct=100) action=none header.from=anztravel.com.ar;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mutualandfederal.onmicrosoft.com;
s=selector1-mutualandfederal-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=TeYa6dO3SrQ2pn8tlNffCTr0EJEceD8wDfEBbnf2HPw=;
b=NF+y0cwKbut3TCvuewUCdmZsb4Yz6y9ioDJf2K2xyUeudsZbjfXBkCmFcwKbrF93N/6TW+7PlnZ5/jm3zc2gA2aiKjlTsaqT6zI0eamDy2EDC8PZ5/KRtNCS8cl4YJG/6SNoHjptudRkcYeyMUMLNGrvir3gYR+sJEztEBpmb8szAcQZY//sTNTDZnonxKuzAXq225zFvphoqM2Vl6awWMweg8PYyVT3F6oKijeZ+BYp3idwvWYtqIesPBFZYH448qXa4et3ig3KcFZAoEy5EL9ekXeeRHUNEwRQ5mY1mIQhDLUuWpipm1mUaYoZPFDKSaN/r55aotjFyWGbkGQElg==
Received: from GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) by
CT2P275MB0675.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:15::6) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6477.29; Tue, 13 Jun 2023 14:19:34 +0000
Received: from HE1EUR01FT027.eop-EUR01.prod.protection.outlook.com
(2603:10a6:150:a:cafe::a) by GV3P280CA0085.outlook.office365.com
(2603:10a6:150:a::8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.35 via Frontend
Transport; Tue, 13 Jun 2023 14:19:34 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 196.37.118.239)
smtp.mailfrom=anztravel.com.ar; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=anztravel.com.ar;
Received-SPF: Fail (protection.outlook.com: domain of anztravel.com.ar does
not designate 196.37.118.239 as permitted sender)
receiver=protection.outlook.com; client-ip=196.37.118.239;
helo=mail.ominsure.co.za;
Received: from mail.ominsure.co.za (196.37.118.239) by
HE1EUR01FT027.mail.protection.outlook.com (10.152.0.161) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6500.23 via Frontend Transport; Tue, 13 Jun 2023 14:19:33 +0000
Received: from OMIPRIETS01AP.mufep.net (10.91.31.35) by
OMIPRIETN01AP.mufep.net (10.91.31.36) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.2.1258.12; Tue, 13 Jun 2023 13:55:59 +0200
Received: from OMIPRIETN01AP.mufep.net (10.91.31.36) by
OMIPRIETS01AP.mufep.net (10.91.31.35) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.23; Tue, 13 Jun 2023 13:55:55 +0200
Received: from User (86.38.225.240) by OMIPRIETN01AP.mufep.net (10.91.31.36)
with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 13
Jun 2023 13:55:40 +0200
Reply-To:
From: "DR BROWN PETERS, Director UN DEBT RECONCILIATION"
Subject: THE IMMEDIATE RELEASE OF YOUR PAYMENT OF USD5.5MILLION
Date: Tue, 13 Jun 2023 04:55:54 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: HE1EUR01FT027:EE_|CT2P275MB0675:EE_
X-MS-Office365-Filtering-Correlation-Id: db547958-f2f7-42a8-54c1-08db6c193612
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?txGll3Pfegy0DfOC3uzP6Smyryh9syp/+sPfgfCETuH9BRfg2oU0gRJe?=
=?windows-1251?Q?LEWMCE4Qdy4hUXHr9rM3RlXTvV7FOWyAd6Yjw9xDEJVearup8eMp7Fg1?=
=?windows-1251?Q?ealqc1rOgfAyFpBqPaGIZxD62rtivy9JHCw+i+2M586d1DzSNVGacBSK?=
=?windows-1251?Q?dWYZMHfWr+QrtxAq9EHwon+htxyQMAmur6m1HohvFcAAsv/7Yr4763aP?=
=?windows-1251?Q?7HxaaaHGn+lDJ7QWuOw+pxHUwKWhGmnBVDBnZq2tosThND0kcFzoNsEv?=
=?windows-1251?Q?5kDiH0SJFDgAD6vDKJ13IophDkEr81BXhPn8oUzHTpGGOkWBaWsdOcuo?=
=?windows-1251?Q?l60uXMbbuQugtixGbBqD4tc3J6wk44Oeixsxp3BsVWWlaFz8tYz5Fsqc?=
=?windows-1251?Q?AEDIlsnVND7hvaFPThJGQ/8hIaCi5uOMFNDtolxy6iPzAD+/3o5ZfeA+?=
=?windows-1251?Q?VrfvcynA0vwbXy4gbVaInUWR1klOC/t41faFKNtI3fsBdCgfxDC10Kgt?=
=?windows-1251?Q?FoIiR4DyD+1HDF5o+W2RQD7VHURzP+Q7x0ev7pwE1YjBESN0W3R6P+2a?=
=?windows-1251?Q?Z4RfBOQ5HH6s0e6q460S2nbnp7DAGV6GN8r5A7Ve8BCd70o2RCMizNT5?=
=?windows-1251?Q?gwXi4+niGta35UkqFc0hT7yRClSUf3OaL6mTzVXtAk+VDLW6F6JehO6y?=
=?windows-1251?Q?X/SJA/g6xKirVKmv8m/a1ZhdDmD0Aj49OF9vGrvCgw/K+LkZsCCWU74j?=
=?windows-1251?Q?6TfogtLKDLdeBirIWcw9e/7ao+OhWcms/hL3bqQn8zPyRTWqXGnZmhhl?=
=?windows-1251?Q?s1MRs6ZFmmPOcFA9DZ0GUYp1s2PMu8K1PobuDKRxQiPr+9EQ4klqZdPk?=
=?windows-1251?Q?zSrhbe8WPx2x0ft2AP/8itNZPWdHs9Cgh5hgSzDHdYcNSIpEeAF0/HvX?=
=?windows-1251?Q?eGAIsud/ZL+CjGk+g6BNcxx8h6y0pIxuuRmLhwWsLaO3zkZiSJXNHjWo?=
=?windows-1251?Q?nQ41fXNEjFT91PQnaVK9PopwtmxN2XZ6BWz5aZgYtuIAJ57SRWsSKZ/4?=
=?windows-1251?Q?oWXuAZAXFbqf+O4IDEgnJzyxklkdwa8rnCJrYlSewmlxDSZvnKvdGfXr?=
=?windows-1251?Q?dhr5k0h177iIt7cpdbf2EwwyAuiWpFQgoLPyteifcIOAky1HPletIJ/2?=
=?windows-1251?Q?/G5BW1Y5VFI9L6sVui/18w2VbMW99hYe4cQhTYupFwZaM6kf4WobBnXN?=
=?windows-1251?Q?8pXsqDGYu5HX4PHAoY4=3D?=
X-Forefront-Antispam-Report:
CIP:196.37.118.239;CTRY:ZA;LANG:en;SCL:5;SRV:;IPV:CAL;SFV:SPM;H:mail.ominsure.co.za;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(39860400002)(346002)(136003)(376002)(396003)(109986019)(451199021)(40470700004)(70206006)(70586007)(2860700004)(5660300002)(8676002)(8936002)(6666004)(508600001)(31686004)(316002)(40460700003)(336012)(41300700001)(82740400003)(356005)(81166007)(40480700001)(83380400001)(7416002)(86362001)(956004)(7366002)(2906002)(7406005)(26005)(82310400005)(35950700001)(9686003)(31696002)(5001810100001)(32650700002)(15650500001)(2700400008);DIR:OUT;SFP:1501;
X-OriginatorOrg: mf.co.za
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jun 2023 14:19:33.5991
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: db547958-f2f7-42a8-54c1-08db6c193612
X-MS-Exchange-CrossTenant-Id: 9cea85f3-a573-4c2a-8071-9288b3c683b5
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9cea85f3-a573-4c2a-8071-9288b3c683b5;Ip=[196.37.118.239];Helo=[mail.ominsure.co.za]
X-MS-Exchange-CrossTenant-AuthSource:
HE1EUR01FT027.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CT2P275MB0675
X-Spam_score: 23.2
X-Spam_score_int: 232
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attn; Sir, You are receiving this notification because your
name was among the list of beneficiary listed for compensation payment due
to your inability to receive your approved contract/Winning payment. In this
[...]
Content analysis details: (23.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.100.180.241 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[jerrycole451(at)aol.com]
3.6 NA_DOLLARS BODY: Talks about a million North American dollars
1.1 MILLION_HUNDRED BODY: Million "One to Nine" Hundred
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_HK_NAME_DR No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.0 XPRIO Has X-Priority header
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.5 MONEY_ATM_CARD Lots of money on an ATM card
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} THE IMMEDIATE RELEASE OF YOUR PAYMENT OF USD5.5MILLION
X-Antivirus: AVG (VPS 230613-2, 6/13/2023), Inbound message
X-Antivirus-Status: Clean
Attn; Sir,
You are receiving this notification because your name was among the
list of beneficiary listed for compensation payment due to your
inability to receive your approved contract/Winning payment. In this regard
the sum of USD5.5M Five million five hundred Thousand US Dollars only]
has been approved in your favor and your fund has been programmed to
be paid you via ATM CARD delivery to your address to avoid much tax. It has
been packaged in a parcel and registered UN Diplomatic Courier which will deliver your
ATM CARD to your address. You are requested to contact my
secretary and forward all your details to him to enable him submit it
to the delivery company for immediate delivery of your package to your
address as am now in Madrid Spain for a UN Project. YOU CAN REACH MY
SECRETARY WITH BELOW DETAILS
JERRY COLE
EMAIL; jerrycole0112@gmail.com
Forward your the below derails to him
YOUR FULL NAME====
HOME ADDRESS====
CELL PHONE=====
Once he confirm the receipt of the above your package will be
sent.Immediately you receive it and confirm your fund endeavor to
inform me. HAVE A NICE DAY
Regards
DR BROWN PETERS Director UN DEBT RECONCILIATION
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments