UBS phish from Megamailservers

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 06 Apr 2025 12:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u1UuX-000000004tm-18Io

for dave@doctor.nl2k.ab.ca;

Sun, 06 Apr 2025 12:40:01 -0600

Resent-From: The Doctor

Resent-Date: Sun, 6 Apr 2025 12:40:01 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [202.131.82.139] (port=39433 helo=traiteurapropos.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1u1Uh6-000000003Lq-3nkE

for root@nk.ca;

Sun, 06 Apr 2025 12:26:18 -0600

X-Spam-Flag: NO

DMARC-Filter: OpenDMARC Filter v1.3.2 mail111c60.megamailservers.eu 50P0uKgM034308

Authentication-Results: mail111c60.megamailservers.eu; dmarc=pass (p=reject dis=none) header.from=skinbiotherapeutics.com

Authentication-Results: mail111c60.megamailservers.eu; spf=none smtp.helo=LO0P265CU003.outbound.protection.outlook.com

Authentication-Results: mail111c60.megamailservers.eu;

dkim=pass (1024-bit key) header.d=skinbiotherapeutics.com header.i=@skinbiotherapeutics.com header.b="gYaFqdfj"

Received: from LO0P265CU003.outbound.protection.outlook.com (mail-uksouthazhn15012043.outbound.protection.outlook.com [52.102.164.43])

by mail111c60.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 50P0uKgM034308

(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)

for ; Sat, 25 Jan 2025 00:56:23 +0000

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=dV5YqjYz7/Yxbs/O2bhPNN4hfnYn8Ae2oC45po4sIBelNWUOLSz9ocHyIFXBRtJAApMNmmr4pVAG0HtbG6vnnKlT/P3LcoKMiF1mODq7QfgPFSK2xNqQ68RV/FYsWePJPLtnNM/2w5X9DKLw9RPjDlyVvc9iGRG59VIfJrPblitLnHwZv8QqHyYG5LRxuvM5IHjijRsX17av5hR0kCZ09l5+4/c3nEvMhMve2jIYJws91gBHE2JQHOsX4WHM/0xkb6BruLD8JH+ikWms9Fqe0zluSY889GllmBVL1tQNwsPdLcAymTtwDo6GAsViU/WMlFnv0Pco/M75odMGjMR78w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=/LJX26Z9TLSqOnf5yBeE5JzfScEYx1YwYJMjhE1xQnc=;

b=u0STFc88BtQo2goteAuSROU1+j71g/6jIo+l5rHi00mKJDBthrWCFKOPjLPBdixssczKokkJgncG4LGaUbAB5c+syMQe+JqdRFbNNjc7QnbLOAQVhf5E8Z2xFNKbzXLUt9BqBIv3xBf42m/Xn0gJpc6Wl9Pp4FFx9bqatssqqB4coM8bvaDwnxTC93JERUUiRbQo6A4KC39dT2Kowg5Xs+YNGdm+GNMJbWnQzHcA70moOsSV9aZeGhcLwB/tFJF5yhnn1Th/EDxHx7ks3LSRarePmevzB7jwqPXcIuO1IYhdBvBsxAANKM2LRmSzsNEhvvuZ+fOn/uAhaQRZZfuhXg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=pass

action=none header.from=skinbiotherapeutics.com; dkim=pass

header.d=skinbiotherapeutics.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=skinbiotherapeutics.com; s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=/LJX26Z9TLSqOnf5yBeE5JzfScEYx1YwYJMjhE1xQnc=;

b=gYaFqdfjld5qKs7ejiLDonBTamcuNjxUjhH9zumueryim7kq+bEuZUIYkeZ552NKmRhz0jJwHVVVj3xBPSqxMXDAtYUOHDo9zU26nNwM9XdhnvRaBzkLEah/G6QiNtBzp5LVfLVw5KbC4JdmKgPZHrdBRQQl6OX2sj0CHfkiIHI=

Received: from LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:270::7)

by LO0P123MB4028.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:184::7) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.20; Sat, 25 Jan

2025 00:56:14 +0000

Received: from LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM ([::1]) by

LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM ([fe80::7ea4:e4e6:7cfb:9c4%4]) with

Microsoft SMTP Server id 15.20.8377.009; Sat, 25 Jan 2025 00:56:14 +0000

From: Shipping details

To: root@nk.ca

Subject: Important delivery note: (1) package is waiting for you

Thread-Topic: =?Windows-1252?Q?

Thread-Index: AQHbbsPqya6B0uQt1kiVEe+R8ge3orMmqlXm

Date: Sun, 06 Apr 2025 12:50:49 -0500

Message-ID: <6222218347b4a59904525f4b7eb2e7006ce4d1c031@LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM>

References:



<6322873704D5FAD98D-F2FD-4304-9223-F69C466B64ED@online.no>

In-Reply-To: <6322873704D5FAD98D-F2FD-4304-9223-F69C466B64ED@online.no>

X-MS-Has-Attach:

X-Auto-Response-Suppress: All

X-MS-Exchange-Inbox-Rules-Loop: info@skinbiotherapeutics.com

X-MS-TNEF-Correlator:

authentication-results: dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=skinbiotherapeutics.com;

x-ms-exchange-parent-message-id:

<6322873704D5FAD98D-F2FD-4304-9223-F69C466B64ED@online.no>

auto-submitted: auto-generated

x-ms-exchange-generated-message-source: Mailbox Rules Agent

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: LO2P123MB6229:EE_|LO0P123MB4028:EE_

x-ms-office365-filtering-correlation-id: 347ffd58-5b4a-410b-4ef0-08dd3cdb112f

x-ms-exchange-senderadcheck: 1

x-ms-exchange-antispam-relay: 0

x-microsoft-antispam:

BCL:0;ARA:13230040|50650200027|1800799024|376014|10070799003|366016|8096899003|80100003;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?suP1jkVyZ2QYJkSNRn7p99k2JlXFyzLwpNhXLLQMovhMgdlYYEa71s0h?=

=?Windows-1252?Q?YY8VLUqRLzqzxB4YcAj11g=3D=3D?=

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(50650200027)(1800799024)(376014)(10070799003)(366016)(8096899003)(80100003);DIR:OUT;SFP:1501;

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

zarqpog22lFHucS+uDYuC1+U4IyRSLGHOYya8O6lkb/OuuBbbxbPxFPjv6H/YKsiRzlH31tMEKDHQepAgdBS1Jh7OfYkLwNU92x1E5+l9AKEeP5AKxYULA9Su8rz1oqOuIxPyVHDTLF1W3vp8F8coChjiliNfZkuhlMcpsEcVi5Glt1hS+6ashLesj6xv86eDM4HneswACKk5o1Icf7jHJ3pBXYUs9CEd4+IoDegAxgZrSVuigqtC6JAG9K69yI++cwkS+3XgayISLUaP7F+sObbtCzVsskkxE3rVu/W0RIp33xbicxKTS2YW6s3HRJP

Content-Type: multipart/alternative;

boundary="_000_b4a59904525f4b7eb2e7006ce4d1c031LO2P123MB6229GBRP123PRO_"

MIME-Version: 1.0

X-OriginatorOrg: skinbiotherapeutics.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: LO2P123MB6229.GBRP123.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-Network-Message-Id: 347ffd58-5b4a-410b-4ef0-08dd3cdb112f

X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2025 00:56:14.0168

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: d1d4ec5d-ad4f-4fd9-8f4c-4d22b1336216

X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO0P123MB4028

X-VADE-SPAMSTATE: clean

X-VADE-SPAMSCORE: 0

X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefuddrudejgedgiedttdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfjqffuvffqrffktedpgffpggdqveeitdenuceurghilhhouhhtmecufedtudenucenucfjughrpefhvffuthffkfhfjggtggesrgdttdertddtheenucfhrhhomhepihhnfhhouceoihhnfhhosehskhhinhgsihhothhhvghrrghpvghuthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpeefjeefueelkeetudeileduvedvheegteegteeiieeikeevgedvjefffeduvdeuffenucffohhmrghinheprgigihhssghiohhtihigrdgtohhmnecukfhppeehvddruddtvddrudeigedrgeefpddviedtfeemuddtrgeimeeitddtmedvjedtmeemjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeehvddruddtvddrudeigedrgeefpdhhvghlohepnffqtdfrvdeiheevfgdttdefrdhouhhtsghouhhnugdrphhrohhtvggtthhiohhnrdhouhhtlhhoohhkrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepkhgrrghnuggvrhdvsehonhhlihhnvgdrnhho

X-Rspamd-Status: No, score=-1.80

X-Rspamd-Result: default: False [-1.80 / 6.00];

ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1];

DMARC_POLICY_ALLOW(-0.50)[skinbiotherapeutics.com,reject];

R_DKIM_ALLOW(-0.20)[skinbiotherapeutics.com:s=selector1];

MIME_GOOD(-0.10)[multipart/alternative,text/plain];

MIME_TRACE(0.00)[0:+,1:+,2:~];

MISSING_XM_UA(0.00)[];

SUBJECT_HAS_EXCLAIM(0.00)[];

RCPT_COUNT_ONE(0.00)[1];

ASN(0.00)[asn:8075, ipnet:52.96.0.0/12, country:US];

R_SPF_NA(0.00)[no SPF record];

TO_DN_ALL(0.00)[];

FROM_HAS_DN(0.00)[];

RCVD_TLS_LAST(0.00)[];

RCVD_COUNT_TWO(0.00)[2];

TO_MATCH_ENVRCPT_ALL(0.00)[];

DKIM_TRACE(0.00)[skinbiotherapeutics.com:+]

X-Origin-Country: GB

X-Origin-ASN: 8075

X-WHL: LR

X-Spam_score: 18.2

X-Spam_score_int: 182

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi there, Thank you for reaching out to us! We’ve received

your email and will get back to you as soon as possible. In the meantime,

you might find our FAQ section helpful for quick answers to common queries:

AxisBiotix FAQs.



Content analysis details: (18.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[202.131.82.139 listed in sbl-xbl.spamhaus.org]

[202.131.82.139 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[52.102.164.43 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

[202.131.82.139 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[52.102.164.43 listed in dnsbl.ahbl.org]

[52.102.164.43 listed in dnsbl.ahbl.org]

[52.102.164.43 listed in dnsbl.ahbl.org]

[52.102.164.43 listed in dnsbl.ahbl.org]

[202.131.82.139 listed in dnsbl.ahbl.org]

[202.131.82.139 listed in dnsbl.ahbl.org]

[202.131.82.139 listed in dnsbl.ahbl.org]

[202.131.82.139 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[2603:10a6:600:270:0:0:0:7 listed in]

[dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[202.131.82.139 listed in zen.spamhaus.org]

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[202.131.82.139 listed in zen.spamhaus.org]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[202.131.82.139 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[202.131.82.139 listed in sa-accredit.habeas.com]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[202.131.82.139 listed in psbl.surriel.com]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: axisbiotix.com]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 BAD_ENC_HEADER Message has bad MIME encoding in the header

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[202.131.82.139 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[202.131.82.139 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[202.131.82.139 listed in bl.score.senderscore.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 AC_BR_BONANZA RAW: Too many newlines in a row... spammy template

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 WINDOWS_7BITS Windows charset announced as 7 bit

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Important delivery note: (1) package is waiting for you



--_000_b4a59904525f4b7eb2e7006ce4d1c031LO2P123MB6229GBRP123PRO_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi there,







Thank you for reaching out to us! We=92ve received your email and will get =

back to you as soon as possible.







In the meantime, you might find our FAQ section helpful for quick answers t=

o common queries: AxisBiotix FAQs.







Our customer care team is available Monday to Friday, from 9:00 AM to 5:00 =

PM. Please note that we=92re closed on weekends and bank holidays. You can =

also call us within these times on +44 (0) 191 495 7325.







Warmest Wishes,



AxisBiotix Customer Care





--_000_b4a59904525f4b7eb2e7006ce4d1c031LO2P123MB6229GBRP123PRO_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: 7bit



















Email Template


























































































































































































































































































































































































































252">









--_000_b4a59904525f4b7eb2e7006ce4d1c031LO2P123MB6229GBRP123PRO_--

Nigerian Mega Mail Spam

Posted by Dave Yadallee on
From - Fri Jul 19 11:01:57 2013

X-Account-Key: account1

X-UIDL: 00001f3a4f5d9180

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 19 Jul 2013 10:59:51 -0600

Received: from mail129c7.megamailservers.com ([69.49.98.229])

by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)

(Exim 4.80.1)

(envelope-from )

id 1V0E20-0003ok-Oj

for dave@doctor.nl2k.ab.ca; Fri, 19 Jul 2013 10:59:51 -0600

X-Authenticated-User: miccar.sasktel.net

Received: from User (168.137.133.79.chtts.ru [79.133.137.168] (may be forged))

(authenticated bits=0)

by mail129c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r6JGZ9YV003777;

Fri, 19 Jul 2013 12:35:13 -0400

Message-Id: <201307191635.r6JGZ9YV003777@mail129c7.megamailservers.com>

Reply-To:

From: "Thompson Cole"

Subject: Final Notification

Date: Fri, 19 Jul 2013 12:47:59 -0400

MIME-Version: 1.0

Content-Type: text/html; charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

To: undisclosed-recipients:;

X-CSC: 0

X-CHA: v=1.1 cv=gw6Y0abNDDQKA+66x1jkyLCb3mi00/0N5zQZAsj13tI= c=1 sm=1

a=Dyoqhi_TatcA:10 a=gOl7o-AIzkUA:10 a=Cfj4BQAnxiAA:10

a=NFwRBw4i4gVah/RB5UNkQA==:17 a=IrQKmZrqHbOSPAMp8ekA:9 a=Ft8UYL4EG9YA:10

a=_W_S_7VecoQA:10 a=UQSFz8eJPHsA:10 a=we3dpwOOPLHS1Jlk:21

a=a_5YVC6AuXPxSqoY:21 a=yhyzl75f92KVrZhW:21 a=NFwRBw4i4gVah/RB5UNkQA==:117

X-CTCH-Spam: Suspect

X-CTCH-RefID: str=0001.0A020204.51E96CF3.002C,ss=2,re=0.000,recu=0.000,reip=0.000,cl=2,cld=1,fgs=64

X-WHL: SLR

X-Antivirus: AVG for E-mail 10.0.1432 [3204/6003]

X-AVG-ID: ID15480A98-2C8ADACB













Memo From The Terminal,




 




Hi,




 




I am Thompson Cole Director Inspection Unit United Nations Inspection Agent in JFK Airport New York. During our investigation, I discovered An abandoned shipment through a Diplomat from United Kingdom under iship forwarder which was transferred to our facility here in JF Kennedy Airport and when scanned it revealed an undisclosed sum of money in a Metal Trunk Box weighing approximately 55kg each. The consignment was abandoned because the Content was not properly declared by the consignee as money rather it was declared as personal effect to avoid diversion by the Shipping Agent also the Diplomat inability to pay for Non Inspection Fees.




On my assumption, each of the boxes will contain more that $4M or above in each and the consignment is still left in storage house till today through a registered shipping Company, Courier Dispatch Service Limited a division of Tran guard LTD. The Consignment are two metal box with weight of about 55kg each (Internal dimension: W61 x H156 x D73 (cm). Effective capacity: 680 L.)Approximately.




 




The details of the consignment including your name the official document from United Nation office in London are tagged on the Metal Trunk box.




 




If you want us to transact the delivery for mutual benefit, you should provide your Phone Number, full address, to cross check if it corresponds with the information on the official document, also you should provide the name of nearest Airport around you and other details to me for onward delivery.




 




All communication must be held extremely confidential. I can get everything concluded within 24 to 48 hours upon your acceptance and proceed to your address for delivery.  But it must be on the condition that you will give me 30% of the amount contained in the boxes




 




I want us to transact this business and share the money, since the shipper have abandoned it and ran away.I will pay for the Non inspection fee and arrange for the boxes to be moved out of this Airport to your address, Once we are through i will deploy the services of a secured shipping Company geared to provide the security it needs to your doorstep or i can bring it by myself to avoid any more trouble. But we will share it 70% for you and 30% for me. But you have to assure me of my 30%.




 




Do respond to my through my direct private email : thompsoncole21@e-mail.ua  for more details




 




Best Regards,




 




Thompson Cole




INSPECTION OFFICER




No virus found in this message.


Checked by AVG - www.avg.com


Version: 10.0.1432 / Virus Database: 3204/6003 - Release Date: 07/19/13