Nigerian Spam from Microsoft outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Feb 2024 14:55:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rajgQ-000000001HA-2cBq
for dave@doctor.nl2k.ab.ca;
Thu, 15 Feb 2024 14:54:18 -0700
Resent-From: The Doctor
Resent-Date: Thu, 15 Feb 2024 14:54:18 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam11rlhn2179.outbound.protection.outlook.com ([40.95.38.179]:40806 helo=NAM11-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rah9N-000000005Hz-06Hm
for doctor@netknow.ca;
Thu, 15 Feb 2024 12:12:05 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YXzd8ANrru8MQFlKvyg2vWI1n5H3mOLh9g697z3uFeF6/pv5tRZK5rTKX8AevhzwFHkGLkguMPg/b6vWlK93f4SDC8iBtCfORJix7JTEcUUccmRa0awQB5GsuoecQ7wACOT1VEjDUJLufLxrdvMOoXz9vfB6ctK/u9JBZUdU68b4bqF+on3NotPes0qcb3a0LwmYhsz7TOlmCp/yhmBdNaQ2TmJqHfXx0j49pKKiqCSQWgE2rS9rA5nI0mhdBarVuLZgV5JV4lztgwXdpaX96up82J2taXFkiabot1T5/ArSkf19OO8EUTNxpAcjvqVVWlZF/E5N/e700C3eEuxhUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=R8vtwsSaj1RrLYJn91vbtaad47a9fHjHyrWLPIhr9n0=;
b=NUfCwnnt0AgPDrMup3DfSVNXRj8XpMoerL+G5wKq8AS/3plImLHi2WjqtrHlXIJkhTZRRpVaKqviC06hxnw1QC2J6BjN3BnPqIiLfJ1g13V2hgyEX+wDGy0nj2fRd4q+KfY+1YrSCIsGTguWidaj4Muj6pm63g4Z1uvPaiWZPA/EyOqjEfC779y99ZLX4nhcBt7lFOj1lMZaM7U6iLDAJDRh03mtCbLJNT3ZoIWtz3ZZDDURzHrj1q8MDt9WaPmlwGZLZumg3RG6bjHTTPhvrzJ7D2KibD1GyK2e0q6foZqsBSdam7F0Yadu4rCBNVZIFHNa4HELs0WGpbmfsFXBKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=neutral (sender ip is
3.128.60.215) smtp.rcpttodomain=sinamail.com smtp.mailfrom=usa.net;
dmarc=fail (p=none sp=none pct=100) action=none header.from=usa.net;
dkim=none (message not signed); arc=none (0)
Received: from CY5PR16CA0023.namprd16.prod.outlook.com (2603:10b6:930:10::33)
by SN7PR07MB9459.namprd07.prod.outlook.com (2603:10b6:806:2a2::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.38; Thu, 15 Feb
2024 19:09:58 +0000
Received: from CY4PEPF0000E9DC.namprd05.prod.outlook.com
(2603:10b6:930:10:cafe::ee) by CY5PR16CA0023.outlook.office365.com
(2603:10b6:930:10::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.39 via Frontend
Transport; Thu, 15 Feb 2024 19:09:58 +0000
X-MS-Exchange-Authentication-Results: spf=neutral (sender IP is 3.128.60.215)
smtp.mailfrom=usa.net; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=usa.net;
Received-SPF: Neutral (protection.outlook.com: 3.128.60.215 is neither
permitted nor denied by domain of usa.net)
Received: from RCAUEMGTEXCPR01.us.int.rci.com (3.128.60.215) by
CY4PEPF0000E9DC.mail.protection.outlook.com (10.167.241.82) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.7292.25 via Frontend Transport; Thu, 15 Feb 2024 19:09:58 +0000
Received: from RCAUEMGTEXCPR02.us.int.rci.com (10.172.136.246) by
RCAUEMGTEXCPR01.us.int.rci.com (10.172.136.133) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.6; Thu, 15 Feb 2024 14:08:53 -0500
Received: from User (194.48.251.59) by RCAUEMGTEXCPR02.us.int.rci.com
(10.172.136.246) with Microsoft SMTP Server id 15.1.2507.6 via Frontend
Transport; Thu, 15 Feb 2024 14:08:47 -0500
Reply-To:
From: MR RICHARD MARK
Subject: your package registered code no ovx950.
Date: Thu, 15 Feb 2024 11:09:47 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <78e3cd79-58bc-4a9b-81e8-855553238335@RCAUEMGTEXCPR02.us.int.rci.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9DC:EE_|SN7PR07MB9459:EE_
X-MS-Office365-Filtering-Correlation-Id: f5ef4815-25e4-4f25-4ea0-08dc2e59b40b
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?2fB0uGL5yIbAGh8OlInva9hbqti4mOM2SRJjcivN6EwxNzXUatfpIrX+?=
=?windows-1251?Q?FVnQ3uEidX6kHYWCcgVgmKVuTl4LiyE1ThUiGeHyhyQFoKloEgjx4AJs?=
=?windows-1251?Q?BUcDZh55p/jI1Sbo/37om/oW1gPvEcCKxlT/cocTC/fa+Xr9XPSawTmq?=
=?windows-1251?Q?TS+6vj4J/dNc26oZQ7H5cuGPpb0Urs48q1VtBcCc1VC2i8gfMUDCX4oI?=
=?windows-1251?Q?Ex8Ju1ouIFDfHxHwtqkkWZhVdzuOTACQ+/cHsePLV7hsXccT/A9SOw0B?=
=?windows-1251?Q?URxEdpI/5izYYZQkCsWaPt3TXNBPKajwhXXyf+jYgJgjWr2J2FDKnmst?=
=?windows-1251?Q?TEJySV3Yuh0Q5x9egaE67WZQphiaiwPbTAWKTf/eSejOHRj6SN7DHxPa?=
=?windows-1251?Q?y/i1G6cfms4KNoM3YCNXSug3WhlsRWLBu77AzCWv/bB6sICwk4b3/oxN?=
=?windows-1251?Q?lFcoB0/QyC8fhuQrCavumObrH5WdiZCS9y5ibrxDfS4nrN3Y9kb2AysM?=
=?windows-1251?Q?qlPB7uiMHKwBYvk4dm6zPQc21i12zbpKMQcuqhX27OzJvlgWnNuznzFn?=
=?windows-1251?Q?MTyC8HW8pJY6qusC0k0YYZrOO+dsEYUo+6CaewciSeFSmbQGam7iq36a?=
=?windows-1251?Q?RrJyBAiD9HTF3RiRX5VKhJ858yDmA06EJrHydG63VNzGtEh0Ep0Z3n7N?=
=?windows-1251?Q?BO7M1KBzGrjsIDfnDDd89hhciUrRa2hPf7Xpv2JCQg4mh04ZTMNZ4NJN?=
=?windows-1251?Q?qmeLb5GPEIRYffmjwmRGJQqzuko+wsHyQ3kLdaP17joLit2HIG62/dFz?=
=?windows-1251?Q?7q1/WhhcU2DLoE01WyiqxPkCMlIxYwN3SC9yUDOWp+FISHKpLM950bhv?=
=?windows-1251?Q?PkNwz1Ii0HqPQmXXJOy9lAxTsutpYaxMmG4G8Y55xEkrrCI5E/vLjaC9?=
=?windows-1251?Q?fqSIAXtYh9QviXwlLblR/6QFt+XBWAv3oy8dPlwZYI8HCFNYw37ks2YC?=
=?windows-1251?Q?NZxaFKXAO8YKcOU2WFJ+aDd90KGCxU8y1wb+VVRxnZBdSckxeGupaBJe?=
=?windows-1251?Q?07+b28rOVLOJx/FI9lObNmCGQwbl92pOKXDECkdPvjP7lllbAV7Ivh15?=
=?windows-1251?Q?IZsBugKiP48x6PAXa9ibK9ENjas2eQP9abcQfFXje9XNqdK3EFG6EsuI?=
=?windows-1251?Q?2EkYthhLqK3Csyeeej8SXntAw/xoNZIZSyHNIHA/6R7dwpV7/bh1x+oH?=
=?windows-1251?Q?SMIeQc+vkyjQV6vQyxpo6bVlnxJ/sqs07v/coE8auDGxIrN+yh2K5z/R?=
=?windows-1251?Q?wCxcnnIYTXB/auMVVq0pAFc/cxsER5yshwFIMV+xn6b97bzy4DoUoheF?=
=?windows-1251?Q?1yCbFO+9yc+tgAgvQCkVqz3BqoanCKLK8NzRaJ66POlGl6EVKwMWcCpa?=
=?windows-1251?Q?W/wU6hopQMUwQ+ZN3kN5/u/lo+TCCRc95wNzfvDT3Wt0ZWQMlC6Vdo8g?=
=?windows-1251?Q?hISxKE7bgfM5cddeOei4InDALYBcIRuvtBM5/L+AlSB0Ra8hwc/+2y2w?=
=?windows-1251?Q?0cmWqPxfGQmVc/9d3tVQqr+XGBU7iS1TCY1grjndHVO/6DV70sDRsvE4?=
=?windows-1251?Q?3e5fvgJoCZ1bXSq4LX+L/Xw2aEcGSXnoidIF+it8IZ5T9zsVbr9dn9Yj?=
=?windows-1251?Q?K3M+ycFrhBZdq86uuUPcnQvT51fODElLH1Do3WvPKExJG4iW0e3aqzhp?=
=?windows-1251?Q?plwmYYkzseJcakDmIx6sP/TvJuBNULd0GQSi7s9tj/29cRTF1IiR5XVa?=
=?windows-1251?Q?mTkfvbiq6Op/ylaD0C0q0AhT0s1DP5tSSV/z5DgDUgd8UaiLflHvG+rj?=
=?windows-1251?Q?dgHcmoI7zSjV5GoKhHBcLobK86ba317X8pKpjlDte11/lGl5kf0lWOyr?=
X-Forefront-Antispam-Report:
CIP:3.128.60.215;CTRY:US;LANG:en;SCL:8;SRV:;IPV:CAL;SFV:SPM;H:RCAUEMGTEXCPR01.us.int.rci.com;PTR:ec2-3-128-60-215.us-east-2.compute.amazonaws.com;CAT:OSPM;SFS:(13230031)(4636009)(39860400002)(396003)(136003)(376002)(346002)(84050400002)(230922051799003)(35950700004)(82310400011)(109986022)(61400799015)(48200799006)(32650700005)(64100799003)(451199024)(40470700004)(86362001)(31686004)(31696002)(8936002)(7406005)(70586007)(41300700001)(7416002)(7366002)(2906002)(66899024)(4000180100002)(82202003)(26005)(356005)(82740400003)(83380400001)(81166007)(956004)(336012)(508600001)(70206006)(8676002)(5660300002)(316002)(9686003)(2860700004)(2700400011);DIR:OUT;SFP:1023;
X-OriginatorOrg: WYN365.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 19:09:58.6281
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f5ef4815-25e4-4f25-4ea0-08dc2e59b40b
X-MS-Exchange-CrossTenant-Id: 4c3362a3-a8cd-440b-95d7-db0544135012
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4c3362a3-a8cd-440b-95d7-db0544135012;Ip=[3.128.60.215];Helo=[RCAUEMGTEXCPR01.us.int.rci.com]
X-MS-Exchange-CrossTenant-AuthSource:
CY4PEPF0000E9DC.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR07MB9459
X-Spam_score: 21.5
X-Spam_score_int: 215
X-Spam_bar: +++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please I will like to inform you regarding the delivering
of your funds with the dhl company Uganda agent, he will need your information
to complete the delivery of your package ( consignment box ) wi [...]
Content analysis details: (21.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[194.48.251.59 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.38.179 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.38.179 listed in bl.score.senderscore.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-DM6-obe.outbound.protection.outlook.com;ip=40.95.38.179;r=doctor.nl2k.ab.ca]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.1 TW_DW BODY: Odd Letter Triples with DW
0.1 TW_GJ BODY: Odd Letter Triples with GJ
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 MONEY_NOHTML Lots of money in plain text
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FORM_FRAUD Fill a form and a fraud phrase
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} your package registered code no ovx950.
Please I will like to inform you regarding the delivering of your funds with the dhl company Uganda agent,
he will need your information to complete the delivery of your package ( consignment box ) with,
him worth's of $69,849 million dollars your to provide him your name address nearest airport
and telephone no is due to our agreement with the DHL delivering company and noted that you have to
provide him the information correctly for the smooth delivery of your package he at Diego international
airport California please make sure your take care of him and know is not American citizen thank agent name jerry Kevin
1)shipment code gjk72dwq
2)package registered code no ovx950.
3)security code eytu/3055wez/263/
4)transaction code 7126/jlfs/7138/17305/
5)certificate deposit code mcbs/pqle/2-6/41
Your full name =============
Your mobile phone number ========
Your city ==================
Your nearest airport ===========
Your country=================
Your current home address ========
Email him now ( diplomaticagentud@gmail.com )
Thank you so much my name is
Rev. Dr. Douglas Morrison
The director of DHL courier company
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Feb 2024 14:55:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rajgQ-000000001HA-2cBq
for dave@doctor.nl2k.ab.ca;
Thu, 15 Feb 2024 14:54:18 -0700
Resent-From: The Doctor
Resent-Date: Thu, 15 Feb 2024 14:54:18 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam11rlhn2179.outbound.protection.outlook.com ([40.95.38.179]:40806 helo=NAM11-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rah9N-000000005Hz-06Hm
for doctor@netknow.ca;
Thu, 15 Feb 2024 12:12:05 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YXzd8ANrru8MQFlKvyg2vWI1n5H3mOLh9g697z3uFeF6/pv5tRZK5rTKX8AevhzwFHkGLkguMPg/b6vWlK93f4SDC8iBtCfORJix7JTEcUUccmRa0awQB5GsuoecQ7wACOT1VEjDUJLufLxrdvMOoXz9vfB6ctK/u9JBZUdU68b4bqF+on3NotPes0qcb3a0LwmYhsz7TOlmCp/yhmBdNaQ2TmJqHfXx0j49pKKiqCSQWgE2rS9rA5nI0mhdBarVuLZgV5JV4lztgwXdpaX96up82J2taXFkiabot1T5/ArSkf19OO8EUTNxpAcjvqVVWlZF/E5N/e700C3eEuxhUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=R8vtwsSaj1RrLYJn91vbtaad47a9fHjHyrWLPIhr9n0=;
b=NUfCwnnt0AgPDrMup3DfSVNXRj8XpMoerL+G5wKq8AS/3plImLHi2WjqtrHlXIJkhTZRRpVaKqviC06hxnw1QC2J6BjN3BnPqIiLfJ1g13V2hgyEX+wDGy0nj2fRd4q+KfY+1YrSCIsGTguWidaj4Muj6pm63g4Z1uvPaiWZPA/EyOqjEfC779y99ZLX4nhcBt7lFOj1lMZaM7U6iLDAJDRh03mtCbLJNT3ZoIWtz3ZZDDURzHrj1q8MDt9WaPmlwGZLZumg3RG6bjHTTPhvrzJ7D2KibD1GyK2e0q6foZqsBSdam7F0Yadu4rCBNVZIFHNa4HELs0WGpbmfsFXBKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=neutral (sender ip is
3.128.60.215) smtp.rcpttodomain=sinamail.com smtp.mailfrom=usa.net;
dmarc=fail (p=none sp=none pct=100) action=none header.from=usa.net;
dkim=none (message not signed); arc=none (0)
Received: from CY5PR16CA0023.namprd16.prod.outlook.com (2603:10b6:930:10::33)
by SN7PR07MB9459.namprd07.prod.outlook.com (2603:10b6:806:2a2::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.38; Thu, 15 Feb
2024 19:09:58 +0000
Received: from CY4PEPF0000E9DC.namprd05.prod.outlook.com
(2603:10b6:930:10:cafe::ee) by CY5PR16CA0023.outlook.office365.com
(2603:10b6:930:10::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.39 via Frontend
Transport; Thu, 15 Feb 2024 19:09:58 +0000
X-MS-Exchange-Authentication-Results: spf=neutral (sender IP is 3.128.60.215)
smtp.mailfrom=usa.net; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=usa.net;
Received-SPF: Neutral (protection.outlook.com: 3.128.60.215 is neither
permitted nor denied by domain of usa.net)
Received: from RCAUEMGTEXCPR01.us.int.rci.com (3.128.60.215) by
CY4PEPF0000E9DC.mail.protection.outlook.com (10.167.241.82) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.7292.25 via Frontend Transport; Thu, 15 Feb 2024 19:09:58 +0000
Received: from RCAUEMGTEXCPR02.us.int.rci.com (10.172.136.246) by
RCAUEMGTEXCPR01.us.int.rci.com (10.172.136.133) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.6; Thu, 15 Feb 2024 14:08:53 -0500
Received: from User (194.48.251.59) by RCAUEMGTEXCPR02.us.int.rci.com
(10.172.136.246) with Microsoft SMTP Server id 15.1.2507.6 via Frontend
Transport; Thu, 15 Feb 2024 14:08:47 -0500
Reply-To:
From: MR RICHARD MARK
Subject: your package registered code no ovx950.
Date: Thu, 15 Feb 2024 11:09:47 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <78e3cd79-58bc-4a9b-81e8-855553238335@RCAUEMGTEXCPR02.us.int.rci.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9DC:EE_|SN7PR07MB9459:EE_
X-MS-Office365-Filtering-Correlation-Id: f5ef4815-25e4-4f25-4ea0-08dc2e59b40b
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?2fB0uGL5yIbAGh8OlInva9hbqti4mOM2SRJjcivN6EwxNzXUatfpIrX+?=
=?windows-1251?Q?FVnQ3uEidX6kHYWCcgVgmKVuTl4LiyE1ThUiGeHyhyQFoKloEgjx4AJs?=
=?windows-1251?Q?BUcDZh55p/jI1Sbo/37om/oW1gPvEcCKxlT/cocTC/fa+Xr9XPSawTmq?=
=?windows-1251?Q?TS+6vj4J/dNc26oZQ7H5cuGPpb0Urs48q1VtBcCc1VC2i8gfMUDCX4oI?=
=?windows-1251?Q?Ex8Ju1ouIFDfHxHwtqkkWZhVdzuOTACQ+/cHsePLV7hsXccT/A9SOw0B?=
=?windows-1251?Q?URxEdpI/5izYYZQkCsWaPt3TXNBPKajwhXXyf+jYgJgjWr2J2FDKnmst?=
=?windows-1251?Q?TEJySV3Yuh0Q5x9egaE67WZQphiaiwPbTAWKTf/eSejOHRj6SN7DHxPa?=
=?windows-1251?Q?y/i1G6cfms4KNoM3YCNXSug3WhlsRWLBu77AzCWv/bB6sICwk4b3/oxN?=
=?windows-1251?Q?lFcoB0/QyC8fhuQrCavumObrH5WdiZCS9y5ibrxDfS4nrN3Y9kb2AysM?=
=?windows-1251?Q?qlPB7uiMHKwBYvk4dm6zPQc21i12zbpKMQcuqhX27OzJvlgWnNuznzFn?=
=?windows-1251?Q?MTyC8HW8pJY6qusC0k0YYZrOO+dsEYUo+6CaewciSeFSmbQGam7iq36a?=
=?windows-1251?Q?RrJyBAiD9HTF3RiRX5VKhJ858yDmA06EJrHydG63VNzGtEh0Ep0Z3n7N?=
=?windows-1251?Q?BO7M1KBzGrjsIDfnDDd89hhciUrRa2hPf7Xpv2JCQg4mh04ZTMNZ4NJN?=
=?windows-1251?Q?qmeLb5GPEIRYffmjwmRGJQqzuko+wsHyQ3kLdaP17joLit2HIG62/dFz?=
=?windows-1251?Q?7q1/WhhcU2DLoE01WyiqxPkCMlIxYwN3SC9yUDOWp+FISHKpLM950bhv?=
=?windows-1251?Q?PkNwz1Ii0HqPQmXXJOy9lAxTsutpYaxMmG4G8Y55xEkrrCI5E/vLjaC9?=
=?windows-1251?Q?fqSIAXtYh9QviXwlLblR/6QFt+XBWAv3oy8dPlwZYI8HCFNYw37ks2YC?=
=?windows-1251?Q?NZxaFKXAO8YKcOU2WFJ+aDd90KGCxU8y1wb+VVRxnZBdSckxeGupaBJe?=
=?windows-1251?Q?07+b28rOVLOJx/FI9lObNmCGQwbl92pOKXDECkdPvjP7lllbAV7Ivh15?=
=?windows-1251?Q?IZsBugKiP48x6PAXa9ibK9ENjas2eQP9abcQfFXje9XNqdK3EFG6EsuI?=
=?windows-1251?Q?2EkYthhLqK3Csyeeej8SXntAw/xoNZIZSyHNIHA/6R7dwpV7/bh1x+oH?=
=?windows-1251?Q?SMIeQc+vkyjQV6vQyxpo6bVlnxJ/sqs07v/coE8auDGxIrN+yh2K5z/R?=
=?windows-1251?Q?wCxcnnIYTXB/auMVVq0pAFc/cxsER5yshwFIMV+xn6b97bzy4DoUoheF?=
=?windows-1251?Q?1yCbFO+9yc+tgAgvQCkVqz3BqoanCKLK8NzRaJ66POlGl6EVKwMWcCpa?=
=?windows-1251?Q?W/wU6hopQMUwQ+ZN3kN5/u/lo+TCCRc95wNzfvDT3Wt0ZWQMlC6Vdo8g?=
=?windows-1251?Q?hISxKE7bgfM5cddeOei4InDALYBcIRuvtBM5/L+AlSB0Ra8hwc/+2y2w?=
=?windows-1251?Q?0cmWqPxfGQmVc/9d3tVQqr+XGBU7iS1TCY1grjndHVO/6DV70sDRsvE4?=
=?windows-1251?Q?3e5fvgJoCZ1bXSq4LX+L/Xw2aEcGSXnoidIF+it8IZ5T9zsVbr9dn9Yj?=
=?windows-1251?Q?K3M+ycFrhBZdq86uuUPcnQvT51fODElLH1Do3WvPKExJG4iW0e3aqzhp?=
=?windows-1251?Q?plwmYYkzseJcakDmIx6sP/TvJuBNULd0GQSi7s9tj/29cRTF1IiR5XVa?=
=?windows-1251?Q?mTkfvbiq6Op/ylaD0C0q0AhT0s1DP5tSSV/z5DgDUgd8UaiLflHvG+rj?=
=?windows-1251?Q?dgHcmoI7zSjV5GoKhHBcLobK86ba317X8pKpjlDte11/lGl5kf0lWOyr?=
X-Forefront-Antispam-Report:
CIP:3.128.60.215;CTRY:US;LANG:en;SCL:8;SRV:;IPV:CAL;SFV:SPM;H:RCAUEMGTEXCPR01.us.int.rci.com;PTR:ec2-3-128-60-215.us-east-2.compute.amazonaws.com;CAT:OSPM;SFS:(13230031)(4636009)(39860400002)(396003)(136003)(376002)(346002)(84050400002)(230922051799003)(35950700004)(82310400011)(109986022)(61400799015)(48200799006)(32650700005)(64100799003)(451199024)(40470700004)(86362001)(31686004)(31696002)(8936002)(7406005)(70586007)(41300700001)(7416002)(7366002)(2906002)(66899024)(4000180100002)(82202003)(26005)(356005)(82740400003)(83380400001)(81166007)(956004)(336012)(508600001)(70206006)(8676002)(5660300002)(316002)(9686003)(2860700004)(2700400011);DIR:OUT;SFP:1023;
X-OriginatorOrg: WYN365.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 19:09:58.6281
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f5ef4815-25e4-4f25-4ea0-08dc2e59b40b
X-MS-Exchange-CrossTenant-Id: 4c3362a3-a8cd-440b-95d7-db0544135012
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4c3362a3-a8cd-440b-95d7-db0544135012;Ip=[3.128.60.215];Helo=[RCAUEMGTEXCPR01.us.int.rci.com]
X-MS-Exchange-CrossTenant-AuthSource:
CY4PEPF0000E9DC.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR07MB9459
X-Spam_score: 21.5
X-Spam_score_int: 215
X-Spam_bar: +++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please I will like to inform you regarding the delivering
of your funds with the dhl company Uganda agent, he will need your information
to complete the delivery of your package ( consignment box ) wi [...]
Content analysis details: (21.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[194.48.251.59 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.38.179 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.38.179 listed in bl.score.senderscore.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-DM6-obe.outbound.protection.outlook.com;ip=40.95.38.179;r=doctor.nl2k.ab.ca]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.0 ARC_VALID Message has a valid ARC signature
0.0 ARC_SIGNED Message has a ARC signature
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.1 TW_DW BODY: Odd Letter Triples with DW
0.1 TW_GJ BODY: Odd Letter Triples with GJ
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 HK_NAME_MR_MRS No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.5 MONEY_NOHTML Lots of money in plain text
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FORM_FRAUD Fill a form and a fraud phrase
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} your package registered code no ovx950.
Please I will like to inform you regarding the delivering of your funds with the dhl company Uganda agent,
he will need your information to complete the delivery of your package ( consignment box ) with,
him worth's of $69,849 million dollars your to provide him your name address nearest airport
and telephone no is due to our agreement with the DHL delivering company and noted that you have to
provide him the information correctly for the smooth delivery of your package he at Diego international
airport California please make sure your take care of him and know is not American citizen thank agent name jerry Kevin
1)shipment code gjk72dwq
2)package registered code no ovx950.
3)security code eytu/3055wez/263/
4)transaction code 7126/jlfs/7138/17305/
5)certificate deposit code mcbs/pqle/2-6/41
Your full name =============
Your mobile phone number ========
Your city ==================
Your nearest airport ===========
Your country=================
Your current home address ========
Email him now ( diplomaticagentud@gmail.com )
Thank you so much my name is
Rev. Dr. Douglas Morrison
The director of DHL courier company
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments