Ukrainian based Gamil spam
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 30 Apr 2022 10:06:01 -0600
Received: from mail-io1-f53.google.com ([209.85.166.53]:46817)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1nkpal-000E9r-BV
for dave@doctor.nl2k.ab.ca;
Sat, 30 Apr 2022 10:05:14 -0600
Received: by mail-io1-f53.google.com with SMTP id g21so12474171iom.13
for; Sat, 30 Apr 2022 09:04:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;
b=SJIWq6qQWLbNCwI16vQetYEZ6sqeYKkqAkKSHnttR4PK/nRTSfHc3DFb349A9I78Jb
PVWUajUUp7D0WgsAv2w5/q0fpxYLvh9szXdSB8sROPGfHfViWCCIwrQi/JeIGB04tSjd
/ZLh6uh4MUpgkOuoGoXgaMcq0eMA92av1m4RExIfcmxbKhjoUsCQax4S6aHWsoU4Zqbp
n93SaoZeWW6hne29cqJmhqZ2WSjrj4YME+hcddutfJioN7fQjhlhjdyjhtia5TQmsE9m
7n1ELQKYsSM82O2aYXhD7FgQeY0Svx/hYJEWNjcsYj2w12eysf+wjBZeonbvKfwq8ppA
UWmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;
b=tJxNd8w0v/U8e2EJqyKCpvAlalkgy3uZToTvmX+x/s+9XkMqYb6JwDN5mWp4xNGNH1
f9sGXRGOa/53rMmvDLjuXDgEaIFRSLdHcQwT1kag/GgNP++pzMXioTxpDSmH/Ti9IvXc
xn2DwHFfuSBXBnYeMyueSUmGmIU08Mjql5K/yaMbwY6A1TmD21/olRKgRatDYPbIwHe+
oxk0H/gnGfO44NQxZXxEocQ5JZjX9v2AlUfCF+igMyYSJxQi3gmXSeJOb+HjvoxDKEl3
suRhTwWZidfPUqhh6YDbFIe0lnGhfvqaSfOHMuALzdsUhG0VbYgm/VoWJOzVt6g9By7C
AWDw==
X-Gm-Message-State: AOAM533lj3ZUYun5FfLgUIBOirSlnE4p1HIbLEnvJSbB+gF4lNRWq4Md
HsCEA2OqZRiueHSTPrgDUI5nWw0weB0Rjr6fvm4=
X-Google-Smtp-Source: ABdhPJy6vvbAgvEbyTnRvbQp+qm+AdZCEvw61S6RRV13SW9ejiitBG98IVvbWXXt5j0aBl3KKmrPjucA+zvtVTwg4E4=
X-Received: by 2002:a5d:81cd:0:b0:64f:cc56:873a with SMTP id
t13-20020a5d81cd000000b0064fcc56873amr1667594iol.156.1651334683514; Sat, 30
Apr 2022 09:04:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6e02:178b:0:0:0:0 with HTTP; Sat, 30 Apr 2022 09:04:42
-0700 (PDT)
Reply-To: ninaandriy31@yandex.com
From: NINA ANDRIY
Date: Sat, 30 Apr 2022 09:04:42 -0700
Message-ID:
Subject: READ AND GET BACK TO ME
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 18.1
X-Spam_score_int: 181
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: From. Mrs.Nina Andriy I am Nina Andriy the daughter of Mr.Danilo
Andriy, from (Ukraine sunflower oil & wheat, maize farmer ) my father was
murdered by the Russian Army troop because of the war between Russian& Ukraine
it w [...]
Content analysis details: (18.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.53 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[alhmed7777[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[ninaandriy31[at]yandex.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[alhmed7777[at]gmail.com]
2.5 MILLION_USD BODY: Talks about millions of dollars
0.9 URG_BIZ BODY: Contains urgent matter
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 TVD_PH_BODY_META No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
2.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} READ AND GET BACK TO ME
From. Mrs.Nina Andriy
I am Nina Andriy the daughter of Mr.Danilo Andriy, from (Ukraine
sunflower oil & wheat, maize farmer ) my father was murdered by the
Russian Army troop because of the war between Russian& Ukraine it was
so very terrible. .
He was a sunflower oil & wheat and maize farmer who have invested much
in agriculture political opponents.
I acknowledge very well that my father deposited the sum of US$(5M
(FIVE MILLION UNITED STATES DOLLARS) with UNITED BANK FOR AFRICA(
UBA) here in Burkina Faso West -Africa with the intention of using
it for the purchase of new farm machinery and chemical for
Agricultural purpose as well as purchasing hectares of land in Burkina
Faso for his investment. I am now on political asylum. (Refugee)
Burkina Faso, I want you to understand that this is purely family fund
not money laundering affair.
I solicit for your honest assistance as I want this fund to be
transferred to your account in oversea with your partnership, I will
want to invest this fund in your country.
I can invest the fund as a family investment together with you in
your country be assured that deposited document of this fund with
the bank, are with me . Feel free to ask any question regarding this
transaction.
Hoping to hear from you soonest,
I need your urgent and confidential response towards this transaction.
Yours faithfully
Mrs.Nina Andriy
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 30 Apr 2022 10:06:01 -0600
Received: from mail-io1-f53.google.com ([209.85.166.53]:46817)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1nkpal-000E9r-BV
for dave@doctor.nl2k.ab.ca;
Sat, 30 Apr 2022 10:05:14 -0600
Received: by mail-io1-f53.google.com with SMTP id g21so12474171iom.13
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;
b=SJIWq6qQWLbNCwI16vQetYEZ6sqeYKkqAkKSHnttR4PK/nRTSfHc3DFb349A9I78Jb
PVWUajUUp7D0WgsAv2w5/q0fpxYLvh9szXdSB8sROPGfHfViWCCIwrQi/JeIGB04tSjd
/ZLh6uh4MUpgkOuoGoXgaMcq0eMA92av1m4RExIfcmxbKhjoUsCQax4S6aHWsoU4Zqbp
n93SaoZeWW6hne29cqJmhqZ2WSjrj4YME+hcddutfJioN7fQjhlhjdyjhtia5TQmsE9m
7n1ELQKYsSM82O2aYXhD7FgQeY0Svx/hYJEWNjcsYj2w12eysf+wjBZeonbvKfwq8ppA
UWmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=5nz9IYr/b3ptowBm6fnmwl2eH3zQonSUHTy0MVJcR9I=;
b=tJxNd8w0v/U8e2EJqyKCpvAlalkgy3uZToTvmX+x/s+9XkMqYb6JwDN5mWp4xNGNH1
f9sGXRGOa/53rMmvDLjuXDgEaIFRSLdHcQwT1kag/GgNP++pzMXioTxpDSmH/Ti9IvXc
xn2DwHFfuSBXBnYeMyueSUmGmIU08Mjql5K/yaMbwY6A1TmD21/olRKgRatDYPbIwHe+
oxk0H/gnGfO44NQxZXxEocQ5JZjX9v2AlUfCF+igMyYSJxQi3gmXSeJOb+HjvoxDKEl3
suRhTwWZidfPUqhh6YDbFIe0lnGhfvqaSfOHMuALzdsUhG0VbYgm/VoWJOzVt6g9By7C
AWDw==
X-Gm-Message-State: AOAM533lj3ZUYun5FfLgUIBOirSlnE4p1HIbLEnvJSbB+gF4lNRWq4Md
HsCEA2OqZRiueHSTPrgDUI5nWw0weB0Rjr6fvm4=
X-Google-Smtp-Source: ABdhPJy6vvbAgvEbyTnRvbQp+qm+AdZCEvw61S6RRV13SW9ejiitBG98IVvbWXXt5j0aBl3KKmrPjucA+zvtVTwg4E4=
X-Received: by 2002:a5d:81cd:0:b0:64f:cc56:873a with SMTP id
t13-20020a5d81cd000000b0064fcc56873amr1667594iol.156.1651334683514; Sat, 30
Apr 2022 09:04:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6e02:178b:0:0:0:0 with HTTP; Sat, 30 Apr 2022 09:04:42
-0700 (PDT)
Reply-To: ninaandriy31@yandex.com
From: NINA ANDRIY
Date: Sat, 30 Apr 2022 09:04:42 -0700
Message-ID:
Subject: READ AND GET BACK TO ME
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 18.1
X-Spam_score_int: 181
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: From. Mrs.Nina Andriy I am Nina Andriy the daughter of Mr.Danilo
Andriy, from (Ukraine sunflower oil & wheat, maize farmer ) my father was
murdered by the Russian Army troop because of the war between Russian& Ukraine
it w [...]
Content analysis details: (18.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.53 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[alhmed7777[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[ninaandriy31[at]yandex.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[alhmed7777[at]gmail.com]
2.5 MILLION_USD BODY: Talks about millions of dollars
0.9 URG_BIZ BODY: Contains urgent matter
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 TVD_PH_BODY_META No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
2.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} READ AND GET BACK TO ME
From. Mrs.Nina Andriy
I am Nina Andriy the daughter of Mr.Danilo Andriy, from (Ukraine
sunflower oil & wheat, maize farmer ) my father was murdered by the
Russian Army troop because of the war between Russian& Ukraine it was
so very terrible. .
He was a sunflower oil & wheat and maize farmer who have invested much
in agriculture political opponents.
I acknowledge very well that my father deposited the sum of US$(5M
(FIVE MILLION UNITED STATES DOLLARS) with UNITED BANK FOR AFRICA(
UBA) here in Burkina Faso West -Africa with the intention of using
it for the purchase of new farm machinery and chemical for
Agricultural purpose as well as purchasing hectares of land in Burkina
Faso for his investment. I am now on political asylum. (Refugee)
Burkina Faso, I want you to understand that this is purely family fund
not money laundering affair.
I solicit for your honest assistance as I want this fund to be
transferred to your account in oversea with your partnership, I will
want to invest this fund in your country.
I can invest the fund as a family investment together with you in
your country be assured that deposited document of this fund with
the bank, are with me . Feel free to ask any question regarding this
transaction.
Hoping to hear from you soonest,
I need your urgent and confidential response towards this transaction.
Yours faithfully
Mrs.Nina Andriy
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments